TBAS: Token-based authorization service architecture in Internet of things scenarios

• Main Authors: Shih-Hsiung Lee, Ko-Wei Huang, Chu-Sing Yang
• Format: Article
• Language: English
• Published: SAGE Publishing 2017-07-01
• Series: International Journal of Distributed Sensor Networks
• Online Access: https://doi.org/10.1177/1550147717718496

Internet of things refers to billions of interconnected devices that are generally equipped with sensors and communication devices. How to make Internet of things become a smart terminal is an important topic. By connecting cloud services, the devices can receive more accurate information so as to be applied in people’s daily life. However, the smart terminal devices access the cloud services via Representational State Transfer (RESTful) application programming interfaces, and how the cloud server authenticates and authorizes billions of devices is an immense challenge. Additionally, individual use of smart terminal devices is accompanied by such problems as privacy data or security. This article presents a token-based authorization service framework. The devices can have a safer access to cloud services through the token. Token is released by a third-party authentication center to improve its reliability and security and is featured by a high degree of privacy that sensitive data are not easily leaked. Furthermore, the token is valid only within a period of time or it will not work after the token count exceeds the threshold defined by the system, thereby lowering the devices’ risk of being hacked. The framework proposed in this article is applied to medical wearable devices. The advantages of this framework are practical and secure which are explained in the experimental chapter.