Skip to main content
SpringerLink
Log in

Secure Mobile Agent Digital Signatures with Proxy Certificates

  • Chapter
  • First Online:
E-Commerce Agents

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 2033))

Abstract

Security issues related to the usage of mobile agents in performing operations to which their owners have to be bound, such as payments, are of utmost importance if this kind of agents are to be used in electronic commerce. If this binding is achieved by means of digital signature techniques, this means agents have to carry the owner’s private key to the host where they sign documents. This exposes the key to attacks because it is copied outside a protected environment. In this paper, we present a mechanism, called proxy certificates, that avoids the need for the agent to have access to the user’s private key for digitally signing documents, but still binds the owner to the contents of those documents. In order to support our claims, we apply the mechanism to SET/A, an agent-based payment system we proposed in previous work. We also analyze the emerging technology of attribute certificates and argue that it is appropriate to implement proxy certificates.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. American National Standards Institute. ANSI X9.57: Public-Key Cryptog-raphy for the Financial Services Industry: Certificate Management, 1997.

    Google Scholar 

  2. C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI Certi-cate Theory. Internet Request for Comments 2693, September 1999.

    Google Scholar 

  3. European Computer Manufacturers Association. Authentication and Privilege Attribute Security Application with Related Key Distribution Functions, March 1996. Standard ECMA-219, 2nd Edition.

    Google Scholar 

  4. W. Ford and M. Baum. Secure Electronic Commerce. Prentice Hall, New Jersey, USA, 1997.

    Google Scholar 

  5. S. Haber and W. S. Stornetta. How to Time-Stamp a Digital Document. Journal of Cryptology, 3(2), 1991.

    Google Scholar 

  6. F. Hohl. Time Limited Blackbox Security: Protecting Mobile Agents from Malicious Hosts. In G. Vigna, editor, Mobile Agents and Security. Springer-Verlag, November 1997.

    Google Scholar 

  7. International Telecommunications Union. ITU-T Recommendation X.509: Information Technology—Open Systems Interconnection—The Directory: Authentication Framework, June 1997.

    Google Scholar 

  8. S. Laing. Attribute Certificates—A New Initiative in PKI Technology. White Paper, Baltimore Technologies, Inc., Dublin, Ireland, 1999.

    Google Scholar 

  9. M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams. X.509 Internet Public Key Infrastructure Online Certi-cate Status Protocol-OCSP. Internet Request for Comments 2560, June 1999.

    Google Scholar 

  10. R. Rivest and B. Lampson. A Simple Distributed Security Infrastructure. http://theory.lcs.mit.edu/cis/sdsi.html.

  11. A. Romão and M. Mira da silva. An Agent-Based Secure Internet Payment System for Mobile Computing. In Proceedings of the International Conference on “Trends in Distributed Systems for Electronic Commerce,” Hamburg, Germany, June 1998. Springer LNCS 1402.

    Chapter  Google Scholar 

  12. A. Romão, M. Mira da silva, and A. Silva. Secure Payments with Mobile Agents. To appear in Journal of Distributed and Parallel Databases, 8(4), Kluwer Academic Publishers, October 2000.

    Google Scholar 

  13. T. Sander and C. Tschudin. Protecting Mobile Agents Against Malicious Hosts. In G. Vigna, editor, Mobile Agents and Security. Springer-Verlag, November 1997.

    Google Scholar 

  14. Set Secure Electronic Transactions, LLC. Approved Extensions. http://www.setco.org/extensions.html.

  15. Surety Technologies, Inc. Digital Notary Service. http://www.surety.com/dns.html.

  16. Veri Sign, Inc. Secure Wireless E-Commerce with PKI from VeriSign. White Paper, January 2000. http://www.verisign.com/.

  17. Visa International and Mastercard International. Secure Electronic Transaction (SET) Specification, May 1997. Version 1.0.

    Google Scholar 

  18. M. Wahl, T. Howes, and S. Kille. Lightweight Directory Access Protocol (v3). Internet Request for Comments 2251, December 1997.

    Google Scholar 

  19. The Wap Forum. Wireless Transport Layer Security (WTLS) Specification. November 1999. http://www.wapforum.org/what/technical.htm

  20. U. Wilhelm and X. Defago. Objets Prot-eg-es Cryptographiquement. In Proceedings of RenPar’9, Lausanne, Switzerland, May 1997.

    Google Scholar 

  21. B. Yee. A Sanctuary for Mobile Agents. In Proceedings of the DARPA Workshop on Foundations for Secure Mobile Code, Monterey, USA, March 1997.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Departamento de Informática, Universidade de Évora, Rua Romão Ramalho, 59 - 7000-671, Évora, Portugal

    Artur Romão

  2. Departamento de Engenharia Informática, Instituto Superior Técnico, Av. Rovisco Pais, 1049-001, Lisboa, Portugal

    Miguel Mira da Silva

Authors
  1. Artur Romão
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Miguel Mira da Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Hong Kong, China

    Jiming Liu

  2. IBM T.J.Watson Research Center, 30 Saw Mill River Road (Route 9A), Hawthorne, NY, 10532, USA

    Yiming Ye

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Romão, A., da Silva, M.M. (2001). Secure Mobile Agent Digital Signatures with Proxy Certificates. In: Liu, J., Ye, Y. (eds) E-Commerce Agents. Lecture Notes in Computer Science, vol 2033. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45370-9_13

Download citation

  • DOI: https://doi.org/10.1007/3-540-45370-9_13

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-41934-1

  • Online ISBN: 978-3-540-45370-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation