Personal OAuth authorization server and push OAuth for Internet of Things

Internet of Things will connect millions of things to the Internet to make our lives more convenient. However, Internet of Things security is an essential factor. OAuth is one of the most successful authentication and authorization protocols on the Internet. This article proposes push OAuth and personal OAuth authorization server by expanding OAuth for a secure access to the information on Internet of Things devices. In personal OAuth, the smartphones that communicate with remote servers to deliver information on Internet of Things devices can be the OAuth authorization server. Hospitals (OAuth client) that intend to access the information on Internet of Things devices cannot know millions of OAuth authorization server when the smartphone becomes the OAuth authorization server. This article proposes the push OAuth that changes the OAuth protocol and issues the OAuth token when the OAuth authorization server registers to the OAuth client first. Personal OAuth authorization server is far more trustworthy than using a third-party OAuth authorization server to authenticate because users directly control access to the information generated by Internet of Things devices. The personal OAuth authorization server and push OAuth suggested here are expected to create a more secure Internet of Things environment as users can directly authenticate the OAuth client that can access the information on their Internet of Things devices.

[1]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[2]  Xinghuo Yu,et al.  Smart Electricity Meter Data Intelligence for Future Energy Systems: A Survey , 2016, IEEE Transactions on Industrial Informatics.

[3]  Hongming Cai,et al.  Ubiquitous Data Accessing Method in IoT-Based Information System for Emergency Medical Services , 2014, IEEE Transactions on Industrial Informatics.

[4]  Ki-Hyung Kim,et al.  An OAuth based authentication mechanism for IoT networks , 2015, 2015 International Conference on Information and Communication Technology Convergence (ICTC).

[5]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[6]  Ilias Maglogiannis,et al.  Bringing IoT and Cloud Computing towards Pervasive Healthcare , 2012, 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[7]  Barry Leiba,et al.  OAuth Web Authorization Protocol , 2012, IEEE Internet Computing.

[8]  Lida Xu,et al.  A Continuous Biomedical Signal Acquisition System Based on Compressed Sensing in Body Sensor Networks , 2013, IEEE Transactions on Industrial Informatics.

[9]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[10]  Oscar Garcia-Morchon,et al.  Security Considerations in the IP-based Internet of Things , 2013 .