中文摘要：

基于新的（t，n）秘密共享机制将CA私钥进行分存，使用其身份作为私钥份额的标识，提供私钥保护的容侵性。该协议不是从保护系统或检测入侵出发来保证CA的安全，而是确保当少数部件被攻击或占领后，CA系统的机密信息并没有暴露；能根据攻击的类型，动态调节密码协议的运行，以容忍、阻止一部分攻击行为，更好地保护密码协议的运行安全。协议采用系统整体安全策略，综合多种安全措施，实现了系统关键功能的安全性和健壮性。

英文摘要：

CA private key is shared based on the new （t, n） secret sharing mechanism. It uses its identification as a share of the private key. Rather than prevent intrusions or detect them after the fact, the project ensures that the compromise of a few system components does not compromise the private key of the CA. These policies of intrusion tolerance, by adjusting the use of crypto- graphic protocol, and tolerating or preventing part of attacks, protect the safety of cryptographic protocol performance. The approach has realized the security and robustness for the key functions of a database system by using the integration security strategy and multiple security measures.