Basic Methodology

Agent-based PKI lays a foundation so that public keys of agents can be distributed and managed among agent society in a trusted way. The confidentiality of communications can be provided easily by encryption with public keys, which are included in public key certificates publicly distributed. And the authentication, integrity, and nonrepudiation can be provided by digital signature signed on the different objects:

1. Authentication verification can be obtained in such a way that the verifying agent generates a fresh nonce and the proving agent signing a digital signature on the nonce. With the public key included in the certificate of the proving agent, the verifying agent can verify the authenticity of the identity of the proving agent.
   If the prover is a mobile agent visiting a site of the Internet (or node on a network), it can prove its identity to the site by signing a signature on whole code of the mobile agent. The mobile agent travels with the signature and the certificate, so that the site can verify the authenticity of the mobile using the public key in the attached certificate. If the mobile agent is authorized, then it can be added in an access control list (ACL) of the site.
   Agent running as an applet may be signed up with a URL[23][24] and it will be able to do more work (create a socket, read/write file etc.) locally, if its identity has been authenticated and it is in the ACL.
   A systematic study on authentication can be found in [25].

2. To provide integrity of a message, the sender signs a signature on the message and attaches the signature and its public certificate with the message, then sends it to the receiver. The receiver can verify the integrity of the message by checking the signature with the public key in the certificate.
3. A message with a signature lets the receiver be able to verify authenticity of the message. On the other hand, this function of public key cryptosystem provides a way for nonrepudiation, in that the principle who signs the message can not deny that it sent the signed message because only the one who holds the corresponding private key can sign a correct signature on the message. To prevent a signed message from being replayed, a fresh nonce, such as timestamp, is generally included in the data to be signed.

It is suggested that if the identity of a principal (agent) is essential to the meaning of a message, it is prudent to include the principal's identity explicitly as a part of data to be signed[27].
An application in electronic commerce may involve various security problems for which more than one security mechanisms must be comprehensively used. For instance, if we want that an information agent just serves authorized query agents, then, all of authentication, integrity and confidentiality mechanism would be needed:

1. Information agent needs to authenticate the identity of the querying agent.
2. Information agent needs to check the integrity of the query.
3. Information agent needs to encrypt the reply in order for only the intended agent who sent the query can get the information.

From the simple example, we see that given a task, an agent needs to know:

1. security policy: what security rules can satisfy the security requirements. (e.g. do we want only authorized agents access to the information?)
2. security protocol: how to put the policy into effect.
3. security operation: in each step, what operation should be carried out on what object. (e.g. verify signature on query for checking the integrity of query, etc.)