Authentication and authorisation method for a cloud side static IoT application

IoT applications are increasingly common, yet they often rely on expensive, externally managed authentication services. This paper introduces a novel, self-contained authentication method for IoT applications which leverages fog computing principles to lower operational costs and infrastructure complexity. The proposed system, fogauth, combines device serial numbers with cryptographically generated UUIDs to establish secure identification without third-party services. A static cloud-side architecture coupled with a lightweight, locally hosted API enables secure authentication through object-storage operations. Performance testing demonstrates comparable security performance to commercial cloud-based authentication while reducing long-term operational costs and maintaining latency at below 2 minutes in production conditions. fogauth provides a scalable and economically viable alternative for companies seeking to reduce cloud dependency and minimize long-term costs associated with IoT application security. To support reproducibility, a complete open-source implementation and validation dataset are provided, allowing independent replication and extension of the system.