| As I linked further down, this is probably based on Adi Shamir's (of RSA) threshold sharing scheme [1] [2]. Essentially, this approach splits any "secret" into n parts, requiring that k of them are necessary to reconstruct the original secret. It relies on the fact that k points are necessary to reconstruct a k-1 order polynomial. So if you hand out n points, with n > k, then any k of these points can be used to reconstruct the polynomial, whose y-intercept is the "secret". The coefficients of the polynomial are random. There are other [3] sharing schemes, and for the trivial k = n case, Shamir's scheme is probably overkill. [1] http://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing [2, PDF] http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.80.... [3] http://en.wikipedia.org/wiki/Secret_sharing UPDATE:
Here are some links to RSA's "Distributed Credential Protection" offering [4] and the white paper [5] describing it. [4] http://www.emc.com/security/rsa-distributed-credential-prote... [5, PDF] http://www.emc.com/collateral/software/white-papers/h11013-r... |