Welcome to the InfoSci Platform
An Architecture for Authentication and Authorization of Mobile Agents in E-Commerce

An Architecture for Authentication and Authorization of Mobile Agents in E-Commerce

Wee Chye Yeo, Sheng-Uei Guan, Fangming Zhu
Copyright: © 2003 |Pages: 14
ISBN13: 9781591400493|ISBN10: 159140049X|EISBN13: 9781591400813
DOI: 10.4018/978-1-59140-049-3.ch023
Cite Chapter Cite Chapter

MLA

Yeo, Wee Chye, et al. "An Architecture for Authentication and Authorization of Mobile Agents in E-Commerce." Architectural Issues of Web-Enabled Electronic Business, edited by V.K. Murthy and Nansi Shi, IGI Global, 2003, pp. 342-355. https://doi.org/10.4018/978-1-59140-049-3.ch023

APA

Yeo, W. C., Guan, S., & Zhu, F. (2003). An Architecture for Authentication and Authorization of Mobile Agents in E-Commerce. In V. Murthy & N. Shi (Eds.), Architectural Issues of Web-Enabled Electronic Business (pp. 342-355). IGI Global. https://doi.org/10.4018/978-1-59140-049-3.ch023

Chicago

Yeo, Wee Chye, Sheng-Uei Guan, and Fangming Zhu. "An Architecture for Authentication and Authorization of Mobile Agents in E-Commerce." In Architectural Issues of Web-Enabled Electronic Business, edited by V.K. Murthy and Nansi Shi, 342-355. Hershey, PA: IGI Global, 2003. https://doi.org/10.4018/978-1-59140-049-3.ch023

Export Reference

Mendeley
Favorite

Abstract

Agent-based e-commerce is a new technology being researched extensively by many academic and industrial organizations. The mobility and autonomy properties of agents have offered a new approach of doing business online. To fully exploit the advantages of this new technology, a secure system to authenticate and authorize mobile agents must be in place. In this chapter, an architecture to ensure a proper authentication and authorization of agents has been proposed. The Public Key Infrastructure (PKI) is used as the underlying cryptographic scheme. An agent is digitally signed by the Agent Factory and its signature is authenticated at hosts using the corresponding public key. Agents can also authenticate the hosts to make sure that they are not heading to a wrong place. When an agent visits a host, agent’s expiry date, host trace, and the factory’s trustworthiness are checked during the authentication process. According to the level of authentication that the incoming agent has passed, the agent will be categorized and associated with a relevant security policy during the authorization phase. The corresponding security policy will be enforced on the agent to restrict its operations at the host. The prototype has been implemented with Java.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.