METHOD FOR AUTHORIZING ACCESS TO RESOURCE IN M2M COMMUNICATIONS

摘要

Disclosed is a method for authorizing access to a resource in M2M communications. The method for authoring access to a resource in M2M communications according to one embodiment of the present invention comprises a client registration step, an authorization request step, a client verification step, an authentication approval step, and an access token issue step. In the client registration step, if one object among a terminal, a gateway, and an end-user (hereinafter referred to as a 'client') included in a first M2M service provider domain intends to access a resource located on a terminal or gateway in a second M2M service provider domain, the client registers at an M2M authentication server (MAS) included in the first M2M service provider domain (hereinafter referred to as 'MAS1') and client credentials are allocated to the client. In the authorization request step, the client request the owner of the resource to authorize access to the resource based on the universal resource identifier (URI) of the resource. In the client verification step, the resource owner verifies the client through the MAS1. In the authentication approval step, the resource owner approves that the client is authorized to access an MAS included in the second M2M service provider domain (hereinafter referred to as 'MAS2'). In the access token issue step, the MAS2 issues an access token to the client. [Reference numerals] (AA) M2M service provider #1 domain;(BB) M2M service provider #2 domain;(HH) Select the resource owner corresponding to a resource URI;(KK) Generate/update an access right;(LL) Generate/update an access right resource;(NN) Generate an authorization code;(OO) Issue the authorization code;(PP) Request an access token;(QQ) Generate an access token (check the authorization code);(S310,CC,DD) Register a client;(S320,EE,FF) Search for a service/resource;(S330,GG,II) Request authorization;(S340,JJ) Verify a client;(S350,MM) Approve authorization;(S360) (Optional step) Issue an authorization code and request an access token;(S370,RR,SS,UU) Issue an access token;(S380) Access the resource;(TT) Mapping (an access right, an access token);(VV) Access the protected resource based on the access token