Personal OAuth authorization server and push OAuth for Internet of Things

摘要

Internet of Things will connect millions of things to the Internet to make our lives more convenient. However, Internet of Things security is an essential factor. OAuth is one of the most successful authentication and authorization protocols on the Internet. This article proposes push OAuth and personal OAuth authorization server by expanding OAuth for a secure access to the information on Internet of Things devices. In personal OAuth, the smartphones that communicate with remote servers to deliver information on Internet of Things devices can be the OAuth authorization server. Hospitals (OAuth client) that intend to access the information on Internet of Things devices cannot know millions of OAuth authorization server when the smartphone becomes the OAuth authorization server. This article proposes the push OAuth that changes the OAuth protocol and issues the OAuth token when the OAuth authorization server registers to the OAuth client first. Personal OAuth authorization server is far more trustworthy than using a third-party OAuth authorization server to authenticate because users directly control access to the information generated by Internet of Things devices. The personal OAuth authorization server and push OAuth suggested here are expected to create a more secure Internet of Things environment as users can directly authenticate the OAuth client that can access the information on their Internet of Things devices.