An Architecture for Authentication and Authorization of Mobile Agents in E-Commerce

An Architecture for Authentication and Authorization of Mobile Agents in E-Commerce

Wee Chye Yeo (National University of Singapore, Singapore), Sheng-Uei Guan (National University of Singapore, Singapore), and Fangming Zhu (National University of Singapore, Singapore)
Copyright: © 2003 |Pages: 14
DOI: 10.4018/978-1-59140-049-3.ch023
OnDemand PDF Download:
No Current Special Offers


Agent-based e-commerce is a new technology being researched extensively by many academic and industrial organizations. The mobility and autonomy properties of agents have offered a new approach of doing business online. To fully exploit the advantages of this new technology, a secure system to authenticate and authorize mobile agents must be in place. In this chapter, an architecture to ensure a proper authentication and authorization of agents has been proposed. The Public Key Infrastructure (PKI) is used as the underlying cryptographic scheme. An agent is digitally signed by the Agent Factory and its signature is authenticated at hosts using the corresponding public key. Agents can also authenticate the hosts to make sure that they are not heading to a wrong place. When an agent visits a host, agent’s expiry date, host trace, and the factory’s trustworthiness are checked during the authentication process. According to the level of authentication that the incoming agent has passed, the agent will be categorized and associated with a relevant security policy during the authorization phase. The corresponding security policy will be enforced on the agent to restrict its operations at the host. The prototype has been implemented with Java.

Complete Chapter List

Search this Book: