java32位、64位及js的代码:http://pan.baidu.com/s/1cqnwuE

一、云链接为中心的软件及需要互联网规模物联网设备

二、利用双线性密码学分发加密操作和分裂的加密参数

三、上图原理

Milagro Introduction
Apache Milagro (incubating) establishes a new internet security framework purpose-built for cloud-connected app-centric software and IoT devices that require Internet scale. Milagro's purpose is to provide a secure, free, and positive open source alternative to centralised and proprietary monolithic trust providers such as commercial certificate authorities and the certificate backed cryptosystems that rely on them.

Pairing-based Cryptography

Milagro leverages pairing-based cryptography to distribute cryptographic operations and split cryptographic parameters, providing a level of security and functionality that is a step forward in when compared to the certificate backed cryptosystems in service today. With pairing cryptography, security systems such as multi-factor authentication using zero knowledge protocols and certificate-less authenticated key agreement with perfect forward secrecy can be deployed in real world scenarios.

Distributed Cryptosystem and Architecture

Consider BitCoin's Blockchain, which provides an alternative distributed approach to managing a currency without the need for a central bank. With BitCoin, the ledger is distributed, not centralised. Milagro's distributed cryptosystem is decentralised to create the same advantages as a distributed ledger. While architecturally different to the Blockchain, Milagro's distributed cryptosystem is compatible with Blockchain technology, sharing many of the same cryptographic building blocks.

Distributed vs. Monolithic Trust Authorities

Milagro envisions a new class of cryptographic service providers called Distributed Trust Authorities, or D-TAs for short. The purpose of a D-TA is to independently issue shares, or fractions, of cryptographic keys to Milagro clients and servers and application endpoints which have embedded Milagro cryptographic libraries. D-TAs operate independently from each other, are isolated in totality, and completely unaware of the existence of other D-TAs.

No Single Points of Comprosmise

Milagro clients and servers receive the issued shares cryptographic keys and combine them to create the whole completed key, thus becoming the only audience who possess knowledge of the entire key. Since key generation services are under separate organisational controls, current root key compromises and key escrow threats inherent in PKI systems are an order of magnitude harder to exploit. An attacker would need to subvert all three (or more) independent parties, as a compromise of one D-TA in a three D-TA framework does not yield an attacker any cryptographic advantage.

In other words, all D-TAs used to generate shares, or fractions, of keys for Milagro clients and servers must be compromised to create the equivalent of a PKI root key compromise.

No Mandated Authority

In practice, a Distributed Trust Authority (D-TA) framework would split the functions of a pairing-based key generation server into three services, each D-TA issuing thirds of private keys to distinct identities. The shares of the three cryptographic keys, as an example, could be generated by cloud computing providers, their customers, and dedicated trust providers. In this way, trust distribution can be more aligned to the participants with stakes in protecting the framework vs. the implicit trust model in use today with monolithic trust authorities such as PKI. Anyone actor can become a Distributed Trust Authority.
Distributed Trust Authorities

Initially started as a joint development effort by MIRACL, NTTi3 and NTT Labs, the results of this joint development are contributed to Apache Milagro (incubating).
Components
Milagro Crypto Library

These contributions consist of the baseline Milagro Crypto Library (MCL) that enables developers to build distributed trust systems and select from a choice of secure, proven, pairing based protocols that deliver certificate-less key encapsulation, zero knowledge proof authentication, authenticated key agreement and digital signing functionality.

Using MCL, application developers can embed multi-factor authentication, secure communications, and data protection methods that are robust enough to meet most requirements required by distributed ledger services, general on-line financial services, government and healthcare industries.

Milagro TLS

Apache Milagro (incubating) also contains a pairing-based TLS library, Milagro TLS, that enables encrypted connections with perfect forward secrecy between mobile applications or IoT devices and backend service infrastructures, without the need for certificates or PKI.

Milagro TLS delivers two new cipher suites that provides perfectly forward secure authenticated key agreement, without the need for certificate processing, for each session between client and server or peer to peer. Milagro TLS is a standalone library that uses MCL as its cryptographic service provider, resulting in an implementation that is lean, yet performant enough to run in constrained environments found in many IoT devices.

Milagro MFA

Also included is Milagro MFA, a higher level 'Crypto App' ready for the cloud, mobile or enterprise deployments. Milagro MFA is a complete multi-factor authentication platform that uses zero-knowledge proof protocols to eliminate the password and hence the threat of password database breach. Milagro MFA includes client SDKs in JavaScript, C, iOS, Android and Windows Phone, as well as the Authentication Server for Linux. Delivering 128-bit security but lean enough to even run in JavaScript, Milagro MFA allows developers and security engineers to integrate easy-to-use multi-factor authentication capabilities into their mobile and web properties and applications in hours or less.

Check the Milagro Roadmap section for details on documentation release schedule.

160812、apache milagro分布式安全认证系统的更多相关文章

  1. 在spring boot中三分钟上手apache顶级分布式链路追踪系统skywalking

    原文:https://juejin.im/post/5cd10e81e51d453b560f2d53 skywalking在apache里全票通过成为了apache顶级链路追踪系统 项目地址:gith ...

  2. Apache shiro集群实现 (七)分布式集群系统下---cache共享

    Apache shiro集群实现 (一) shiro入门介绍 Apache shiro集群实现 (二) shiro 的INI配置 Apache shiro集群实现 (三)shiro身份认证(Shiro ...

  3. Apache shiro集群实现 (六)分布式集群系统下的高可用session解决方案---Session共享

    Apache shiro集群实现 (一) shiro入门介绍 Apache shiro集群实现 (二) shiro 的INI配置 Apache shiro集群实现 (三)shiro身份认证(Shiro ...

  4. Apache shiro集群实现 (五)分布式集群系统下的高可用session解决方案

    Apache shiro集群实现 (一) shiro入门介绍 Apache shiro集群实现 (二) shiro 的INI配置 Apache shiro集群实现 (三)shiro身份认证(Shiro ...

  5. 分布式日志收集系统Apache Flume的设计详细介绍

    问题导读: 1.Flume传输的数据的基本单位是是什么? 2.Event是什么,流向是怎么样的? 3.Source:完成对日志数据的收集,分成什么打入Channel中? 4.Channel的作用是什么 ...

  6. Beanstalkd 一个高性能分布式内存队列系统

    需要一个分布式内存队列,能支持这些特性:任务不重不漏的分发给消费者(最基础的).分布式多点部署.任务持久化.批量处理.错误重试..... 转载:http://rdc.taobao.com/blog/c ...

  7. 基于zipkin分布式链路追踪系统预研第一篇

    本文为博主原创文章,未经博主允许不得转载. 分布式服务追踪系统起源于Google的论文“Dapper, a Large-Scale Distributed Systems Tracing Infras ...

  8. 转: 透过CAT,来看分布式实时监控系统的设计与实现

    评注: 开源的分布式监控系统 转:http://www.infoq.com/cn/articles/distributed-real-time-monitoring-and-control-syste ...

  9. zipkin分布式链路追踪系统

    基于zipkin分布式链路追踪系统预研第一篇   分布式服务追踪系统起源于Google的论文“Dapper, a Large-Scale Distributed Systems Tracing Inf ...

随机推荐

  1. 转:微软分布式云计算框架Orleans

    http://www.cnblogs.com/ants/p/5122068.html 一种构建分布式. 高规模(伸缩)的应用程序 微软对奥尔良计划(Project Orleans)云计算框架开源.奥尔 ...

  2. MYSQL手工注入某日本网站

    作者:ice   团队:www.anying.org 转载必须注明. E-mail:1c30day@gmail.com 经过一天的辛苦劳动下班了,实在无聊,QQ上的基友基本都挂机睡觉了.找点乐子打发时 ...

  3. HR问“预期薪资是多少”,这么说能加薪zz

    每年过完节,收好上一年的年终奖,身边人就开始蠢蠢欲动,招聘市场也异常火爆,节前各种裁员的新闻,过了个节都变成了“我们还要继续招人”. 年景不好,人才更是成了紧俏货.可现实中,我却发现,优质的人才未必能 ...

  4. Atitit.php  nginx页面空白 并返回500的解决

    Atitit.php  nginx页面空白 并返回500的解决 1.1. 空白问题起源1 1.2. Php.ini 开启display_err1 1.3. 修改www.conf ,并重启动.重启php ...

  5. atitit.基于  Commons CLI 的命令行原理与 开发

    atitit.基于  Commons CLI 的命令行原理与 开发 1. 命令行支持的格式有以下几种: 1 2. json化,map化的命令行参数内部表示 1 3. Ati cli 2 4. CLI库 ...

  6. wxpy学习

    准备工作 安装 pip install -U wxpy -i "https://pypi.doubanio.com/simple/" 通过python脚本来发送消息给好友 from ...

  7. 一个简单题,引发的思索 + nyoj 1189

    题目描述:第一行:给你两个数m和n,m表示有m个数,然后下一行输入m个数,每个数只能选择一次,统计共有多少种情况使得所选数的和大于等于n: 解决本题我想到了两种方法,(题目自己想的,先不考虑超时),第 ...

  8. Practial Vim 学习笔记一

    . 号作用是重复上一个动作. >+G  缩进 j 光标下移 u 撤销操作 $ 光标移到行尾 x 删除光标下的字符 dd 删除整行 i 切换到Insert模式 Esc 返回 f 将光标移到下个字符 ...

  9. 如何在线制作gif图片?

    最近想做个gif在线制作的网站,所以研究下了imagemagick和graphicsmagick制作gif图片站已经做出来了:有兴趣的朋友可以先看看http://www.sosogif.com/mak ...

  10. 结构体sockadrr、sockaddr_in、in_addr的定义

    /* Internet address.  */typedef uint32_t in_addr_t;struct in_addr  {    in_addr_t s_addr;  };  typed ...