基于Shamir(k,n)秘密分割门限方案提出了一种密钥托管体制,用户将其密钥拆为n个子密钥,并将每一子密钥分别交于一个委托人托管,其中任意大个委托人可恢复用户的密钥,少于k个委托人则不能恢复。文章同时给出了该体制的两种推广。第一种推广是将每一委托人推广为一个托管机构,每一托管机构中又有若干委托人。第二种推广是在用户的密钥被恢复后,用户可重新选取一新密钥,但不改变托管人所托管的内容;而且委托人在恢复用户的密钥时,不诚实的委托人也可被检查出。 Based on the Shamir (k, n) secret segmentation threshold scheme, a key escrow system is proposed, in which a user splits its key into n subkeys and each subkey is entrusted to one principal, whichever is greater A client can recover the user’s key, less than k clients can not be restored. The article also gives two kinds of promotion of the system. The first promotion is to promote each client as a trustee, and there are several trustees in each trustee. The second promotion is that after the user’s key is recovered, the user can re-select a new key, but does not change the content hosted by the custodian. Moreover, when the principal recovers the user’s key, the dishonest principal Can be checked out.