Methodology for massive configuration of OAuth 2.0 tokens in large IoT scenarios

摘要

The evolution of technologies in the sensors/actuators field, together with the improvement in mobile communications, has allowed the growth and consolidation of the Internet of Things concept. Among the current challenges in the scenarios based on this paradigm, it is possible to highlight those related to security and access control to information generated or managed by the devices in the environment. This work is focused on designing architecture elements and the accompanying methodology needed to use the OAuth 2.0 authorization framework in large Internet of Things scenarios. OAuth 2.0 is a de facto standard in Internet-based Web applications. To achieve this, we propose using a Resource Service able to manage requests from devices and an encryption scheme based on public-key cryptography that would allow the massive secure distribution of OAuth access tokens. The proposed method would also enable easy and secure interactions between the resource owners and their devices. We have validated our proposal through its implementation, deployment, and testing in various devices with different processing resources.