DOI QR코드

DOI QR Code

An Extensional Client Authorization Scheme for IoT Scenarios by Using OAuth 2.0 and PoP Token

  • Xiaonan, Xing (Mobile and Network Convergence Laboratory Dept. of Computer Science, Hanyang University) ;
  • Jang, Sunggyun (Mobile and Network Convergence Laboratory Dept. of Computer Science, Hanyang University) ;
  • Joe, Inwhee (Mobile and Network Convergence Laboratory Dept. of Computer Science, Hanyang University)
  • Published : 2017.11.01

Abstract

To improve the security of OAuth 2.0 access token transportation and satisfy the challenge of resources constraint caused by the bearer token access mechanism of the OAuth 2.0, we proposed an extensional client authentication scheme that is based on the Proof-of-Possession (PoP) token mechanism. By improving the integrity of PoP token, we bind a PoP key of a public/private key pair to the PoP token. The authorization server and the resource server can authenticate the identity of the client by verifying whether the client has the possession of the PoP token. If the client can prove that it has a PoP key that matches the PoP token, then the identity of the client can be authenticated. This experimental evaluation can confirm that this scheme effectively dealing with the issue of client identity authentication and reduce resources consumption.

Keywords