一种物联网开放平台认证授权机制的设计与实现

发布时间：2018-02-15 08:16

本文关键词： 物联网 OAuth2.0 唯一授权插入式鉴权　出处：《华南理工大学》2014年硕士论文　论文类型：学位论文

【摘要】：当前，物联网技术在能源、医疗、安保、交通、智能家居等各个领域发挥着重大作用，为人类提供了方便、快捷、可靠的生活方式。物联网开放平台的出现解决了传统物联网封闭、高开发门槛的特点，将用户纳入到物联网的构建中，提高用户参与度。但，当前物联网开放平台的认证授权机制存在着过度授权等方面的缺陷，而物联设备具有较高的安全性需求，因此在开放平台中良好的认证授权机制是保护用户私密设备信息的重要环节。针对这一事实，本文针对物联网开放平台的认证授权机制的特殊需求进行研究，设计并实现了一种符合物联网开放平台特性的认证授权机制，从而达到用户授权的可控，保护用户信息安全的目的。首先，本文对当前物联网开放平台的认证授权机制进行了调研，其中包括当前物联网开放平台的现状、当前开放平台主流的认证授权模型，从而分析出物联网开放平台认证授权机制的特殊需求。其次，，针对物联网开放平台中认证授权机制的需求，基于OAuth2.0开放授权协议设计并实现了以终端设备+客户端为授权客体的唯一授权机制，并在此基础上实现可配置授权管理模式，供用户实现个性化的授权管理回收机制。再则，为了实现对既有数据平台的开放化改造，设计实现了插入式鉴权服务，该服务具有平台无关性，不具有代码侵入性，能够以较小的代价实现对既有数据平台的改造，同时保证鉴权的安全可靠，最终实现可拔插式的鉴权服务。最后，使用本文设计实现的认证授权框架，针对华南理工大学节能云平台进行开放化改造，并对改造后的数据平台进行测试，验证了认证授权框架的安全性和可靠性，并且能够方便快捷的实现平台的开放化改造，保证用户的授权安全性及可控性。
[Abstract]:At present, Internet of things technology plays an important role in energy, medical, security, transportation, smart home and other fields, providing convenience and speed for human beings. Reliable way of life. The emergence of the Internet of things open platform to solve the traditional Internet of things closed, high barriers to development characteristics, the integration of users into the construction of the Internet of things, increased user participation. At present, the authentication and authorization mechanism of the open platform of the Internet of things has some defects, such as excessive authorization, etc. Therefore, a good authentication and authorization mechanism in open platform is an important link to protect users' private equipment information. In view of this fact, this paper studies the special requirements of authentication and authorization mechanism of open platform of the Internet of things. This paper designs and implements a authentication and authorization mechanism that conforms to the characteristics of the open platform of the Internet of things, so that the user authorization can be controlled and the user information security can be protected. First of all, this paper investigates the authentication authorization mechanism of the current open platform of the Internet of things, including the current status of the open platform of the Internet of things, the current mainstream authentication authorization model of the open platform of the Internet of things. The special requirement of authentication and authorization mechanism of open platform of Internet of things is analyzed. Secondly, according to the requirement of authentication and authorization mechanism in the open platform of the Internet of things, a unique authorization mechanism based on OAuth2.0 open authorization protocol is designed and implemented, which takes the terminal equipment client as the authorization object. On this basis, the configurable authorization management mode is realized, and the individual authorization management recovery mechanism is realized for users. Furthermore, in order to realize the open transformation of the existing data platform, the plug-in authentication service is designed and implemented. The service is platform-independent and not code intrusive, and it can realize the transformation of the existing data platform at a lower cost. At the same time, to ensure the safety and reliability of authentication, and finally to achieve a pluggable authentication service. Finally, the authentication authorization framework designed in this paper is used to open up and transform the energy-saving cloud platform of South China University of Science and Technology, and the data platform after the transformation is tested to verify the security and reliability of the authentication authorization framework. And the platform can be easily and quickly open to the transformation, to ensure the user's authorization security and controllability.
【学位授予单位】：华南理工大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP391.44;TN929.5

【参考文献】