本文關(guān)鍵詞： 物聯(lián)網(wǎng) OAuth2.0 唯一授權(quán) 插入式鑒權(quán)　出處：《華南理工大學(xué)》2014年碩士論文　論文類(lèi)型：學(xué)位論文

【摘要】：當(dāng)前，物聯(lián)網(wǎng)技術(shù)在能源、醫(yī)療、安保、交通、智能家居等各個(gè)領(lǐng)域發(fā)揮著重大作用，為人類(lèi)提供了方便、快捷、可靠的生活方式。物聯(lián)網(wǎng)開(kāi)放平臺(tái)的出現(xiàn)解決了傳統(tǒng)物聯(lián)網(wǎng)封閉、高開(kāi)發(fā)門(mén)檻的特點(diǎn)，將用戶(hù)納入到物聯(lián)網(wǎng)的構(gòu)建中，提高用戶(hù)參與度。但，當(dāng)前物聯(lián)網(wǎng)開(kāi)放平臺(tái)的認(rèn)證授權(quán)機(jī)制存在著過(guò)度授權(quán)等方面的缺陷，而物聯(lián)設(shè)備具有較高的安全性需求，因此在開(kāi)放平臺(tái)中良好的認(rèn)證授權(quán)機(jī)制是保護(hù)用戶(hù)私密設(shè)備信息的重要環(huán)節(jié)。針對(duì)這一事實(shí)，本文針對(duì)物聯(lián)網(wǎng)開(kāi)放平臺(tái)的認(rèn)證授權(quán)機(jī)制的特殊需求進(jìn)行研究，設(shè)計(jì)并實(shí)現(xiàn)了一種符合物聯(lián)網(wǎng)開(kāi)放平臺(tái)特性的認(rèn)證授權(quán)機(jī)制，從而達(dá)到用戶(hù)授權(quán)的可控，保護(hù)用戶(hù)信息安全的目的。 首先，本文對(duì)當(dāng)前物聯(lián)網(wǎng)開(kāi)放平臺(tái)的認(rèn)證授權(quán)機(jī)制進(jìn)行了調(diào)研，其中包括當(dāng)前物聯(lián)網(wǎng)開(kāi)放平臺(tái)的現(xiàn)狀、當(dāng)前開(kāi)放平臺(tái)主流的認(rèn)證授權(quán)模型，從而分析出物聯(lián)網(wǎng)開(kāi)放平臺(tái)認(rèn)證授權(quán)機(jī)制的特殊需求。 其次，，針對(duì)物聯(lián)網(wǎng)開(kāi)放平臺(tái)中認(rèn)證授權(quán)機(jī)制的需求，基于OAuth2.0開(kāi)放授權(quán)協(xié)議設(shè)計(jì)并實(shí)現(xiàn)了以終端設(shè)備+客戶(hù)端為授權(quán)客體的唯一授權(quán)機(jī)制，并在此基礎(chǔ)上實(shí)現(xiàn)可配置授權(quán)管理模式，供用戶(hù)實(shí)現(xiàn)個(gè)性化的授權(quán)管理回收機(jī)制。 再則，為了實(shí)現(xiàn)對(duì)既有數(shù)據(jù)平臺(tái)的開(kāi)放化改造，設(shè)計(jì)實(shí)現(xiàn)了插入式鑒權(quán)服務(wù)，該服務(wù)具有平臺(tái)無(wú)關(guān)性，不具有代碼侵入性，能夠以較小的代價(jià)實(shí)現(xiàn)對(duì)既有數(shù)據(jù)平臺(tái)的改造，同時(shí)保證鑒權(quán)的安全可靠，最終實(shí)現(xiàn)可拔插式的鑒權(quán)服務(wù)。 最后，使用本文設(shè)計(jì)實(shí)現(xiàn)的認(rèn)證授權(quán)框架，針對(duì)華南理工大學(xué)節(jié)能云平臺(tái)進(jìn)行開(kāi)放化改造，并對(duì)改造后的數(shù)據(jù)平臺(tái)進(jìn)行測(cè)試，驗(yàn)證了認(rèn)證授權(quán)框架的安全性和可靠性，并且能夠方便快捷的實(shí)現(xiàn)平臺(tái)的開(kāi)放化改造，保證用戶(hù)的授權(quán)安全性及可控性。
[Abstract]:At present, Internet of things technology plays an important role in energy, medical, security, transportation, smart home and other fields, providing convenience and speed for human beings. Reliable way of life. The emergence of the Internet of things open platform to solve the traditional Internet of things closed, high barriers to development characteristics, the integration of users into the construction of the Internet of things, increased user participation. At present, the authentication and authorization mechanism of the open platform of the Internet of things has some defects, such as excessive authorization, etc. Therefore, a good authentication and authorization mechanism in open platform is an important link to protect users' private equipment information. In view of this fact, this paper studies the special requirements of authentication and authorization mechanism of open platform of the Internet of things. This paper designs and implements a authentication and authorization mechanism that conforms to the characteristics of the open platform of the Internet of things, so that the user authorization can be controlled and the user information security can be protected. First of all, this paper investigates the authentication authorization mechanism of the current open platform of the Internet of things, including the current status of the open platform of the Internet of things, the current mainstream authentication authorization model of the open platform of the Internet of things. The special requirement of authentication and authorization mechanism of open platform of Internet of things is analyzed. Secondly, according to the requirement of authentication and authorization mechanism in the open platform of the Internet of things, a unique authorization mechanism based on OAuth2.0 open authorization protocol is designed and implemented, which takes the terminal equipment client as the authorization object. On this basis, the configurable authorization management mode is realized, and the individual authorization management recovery mechanism is realized for users. Furthermore, in order to realize the open transformation of the existing data platform, the plug-in authentication service is designed and implemented. The service is platform-independent and not code intrusive, and it can realize the transformation of the existing data platform at a lower cost. At the same time, to ensure the safety and reliability of authentication, and finally to achieve a pluggable authentication service. Finally, the authentication authorization framework designed in this paper is used to open up and transform the energy-saving cloud platform of South China University of Science and Technology, and the data platform after the transformation is tested to verify the security and reliability of the authentication authorization framework. And the platform can be easily and quickly open to the transformation, to ensure the user's authorization security and controllability.
【學(xué)位授予單位】：華南理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP391.44;TN929.5

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 孫其博;劉杰;黎

本文編號(hào)：1512834