基于物联网的智能家居平台采用开放平台架构，实现不同智能家居产品厂家产品的互联，为用户提供选择不同产品和应用组合的可能。由于智能家居平台涉及用户、设备、第三方应用以及服务器对互联网中各类服务资源的使用，因此需要一套认证和授权机制进行访问控制管理，从而解决资源访问时受访资源的安全性、完整性与可用性。本文研究了当前开放平台中流行的OAuth 2.0认证授权协议，在该协议的基础上，设计并实现了一个基于物联网的智能家居平台的认证授权系统。论文的主要工作如下：（1）研究了OAuth 2.0认证授权协议，详细介绍了协议的系统角色、工作流程和访问许可类型，并分析了协议的威胁模型和安全考虑。（2）分析了认证授权系统的需求，在智能家居平台功能和体系结构概要分析的基础上，阐述了该平台中认证和授权的功能需求。（3）针对智能家居平台中用户、设备、第三方应用以及服务器对认证和授权的具体要求和特点，给出了将平台和OAuth 2.0协议进行整合的实施方案，并在实施方案中根据系统需求对OAuth 2.0协议进行了扩展。然后，对认证授权系统的体系结构、开发框架以及数据库进行了设计，并根据体系结构的模块划分，分别设计与实现了系统的存储模块、身份认证模块、授权模块、客户端模块以及客户端API接口模块。（4）部署了认证授权系统，通过用例测试了系统的功能，并使用测试工具进行了性能测试，对系统的安全性进行了分析。测试结果表明，该认证授权系统的可行性和有效性达到了设计要求。

The smart home platform based on Internet of Things applies the open platform architecture implementing the interconnection of the products from different smart home manufacturers, which provides consumers various choices of different products and applications. As it involves the useage of Internet services resources for consumers, devices, the third-party applications and servers, the smart home platform urgely needs an authentication and authorization mechanism for the access management. When accessing to the protected resources, the mechanism could provide the available resolutions to assure its security, integrity, and availability.The popular OAuth 2.0 protocol for authentication and authorization is studied in the present open platforms. In addition, an authentication and authorization system of the smart home platform based on Internet of Things is designed and implemented on the basis of the protocol. The main work is as follows:(1) The OAuth 2.0 protocol for authentication and authorization is researched. The system roles, workflows and authorization types of the protocol are introduced in detail, and also the threat model and security considerations of the protocol are analyzed.(2) The requirement of the authentication and authorization system is analyzed. On the basis of the thorough analysis of the smart home platform architecture and functions, the functional requirements of the platform’s authentication and authorization are introduced.(3) A scheme is given, providing the interoperation between the smart home platform and the OAuth 2.0 protocol, which fulfills the requirements and characteristics of authentication and authorization for consumers, devices, third-party applications as well as servers in the platform. In this scheme, the OAuth 2.0 protocol is also extended according to the requirements of the system. Then, the authentication and authorization system architecture, development framework and database are designed. According to the module division of the system architecture, the storage module, authentication module, authorization module, client module and client API interface module are separately devised and implemented.(4) The authentication and authorization system is deployed, which functions are verified by designed test cases, and performance is tested using testing tools. Moreover, an analysis of the system security is following. The testing results indicate that the feasibility and effectiveness of the system for authentication and authorization fulfills the design requirements.