Secure Agent - Semantic Scholar

INTERNATIONAL JOURNAL OF INFORMATION TECHNOLOGY

Vol 7, No 1

Secure Agent-mediated Online Auction Framework Xun Yi and Chee Kheong Siew Information Communication Institute of Singapore School of Electrical and Electronic Engineering Nanyang Technological University Nanyang Ave., Singapore 639798 E-mail: {exyi,ecksiew}@ntu.edu.sg

Abstract In recent years, online auctions have gone from nothing to an activity measured in hundreds of millions of dollars. Although there is an “auction fever” which tends to take auction as a panacea for shopping and selling, a closer look at its characteristics, however, reveals its hostility towards online retail commerce, e.g., low performance. This paper intends to apply software agent technology along with cryptographic technology to automate and secure online auction and presents a new secure agent-mediated online auction framework. Key words: Software agent, Cryptography, Online auction.

1. Introduction Electronic commerce has explosive growth recent years and trends to the major rhythm of future markets because it provides customers with more convenient and more money-saving services than conventional commerce. Forecasts predict U.S. electronic commerce revenue will grow from $8 billion in 1997 to $327 billion in the year 2002. The automation of commerce activities is a major step in the evolution of the economy. Negotiation, an important commerce activity, is expected to be automated. If automated negotiation could be implemented, the changes in the business landscape are potentially immense. However, negotiation is difficult and automated negotiation from an electronic catalog is even more so. With a compact disc, it may be relatively easy. But specifying an automobile, or a food product, or a delivery schedule can be very difficult. Despite these difficulties, however, there is one subset of negotiation processes which is admirably well-suited to the current terrain of electronic commerce. That is online auction. To borrow a definition for McAfee and McMillan [1], an auction is “a market institute with an explicit set of rules determining resource allocation and prices on the basis of bids from the market participants”. The most attracting character of online auction is its open and simple framework. In the offline world, holding an open outcry auction means getting all the participants together in the same place and time. Online auction can avoid the need to collocate. In recent years, online auctions have rapidly achieved enormous popularity in Internet retail commerce. So far, some online auction houses have been already established on the web, such as, Amazon [2], BargainFinder [3], eBay [4], Jango [5], Michigan Internet AuctionBot [6], Onsale [7], Ubid [8] and etc.. They post on-sale goods on the web page every day, customers can bid for them via the web browsers freely. 1


Vol 7, No 1

Although there is an “auction fever” which tends to take auction as a panacea for shopping and selling, a closer look at its characteristics, however, reveals its hostility towards retail commerce. Guttman [9] pointed out problems with current onlin e auctions such as low performance. The development of software agent technology may provide some opportunities to improve auction performance. Some researchers [10] suggested dispatching agents to a centralized salesroom to conduct the auction locally. However, this causes security concerns. In order for an agent to run, it must expose its data and code to the host resources. Therefore, if the auctioneer conspires with the owner of the salesroom, the auctioneer can manipulate the auction to his advantage. If the agent’s auction strategy is known to the host, it may be at a significant disadvantage. In order to overcome the low performance and security vulnerability of online auction, we apply software agent technology along with cryptographic technology to simulate the auction in the real life and propose a secure agent-mediated online auction framework in this paper. The following sections are arranged as follows: firstly, both software agent technology and cryptographic technology are briefly introduced; secondly, the agent -mediated online auction framework is described; thirdly, the security of the framework is analyzed. Conclusion is drawn in the last section.

2. Software Agent Technology Software agents are one of the fastest growing areas of information technology. Currently, agents are being used in an increasingly wide variety of applications, ranging from comparatively small systems such as Email filters to large, open, complex, mission critical systems such as Internet trading. 2.1. General Concept of Software Agent An agent’s role is of one action on behalf of others. In the field of artificial intelligence this term is used to refer to an entity that functions autonomously in a particular environment and provides service to its owner. This agent is autonomous in the sense that its activities do not need human intervention. People have long dreamed of intelligent system which can let them “input less and output more” to replace traditional ordinary applications with little flexibility that depend on step by step instructions to be input. Intelligent software agent research is trying to narrow the gap between the dream and the reality. The hope is that agents will provide services to people without requiring them to explicitly indicate the procedures required, make appropriate decisions in unexpected or novel environments, plan their action in advance and tackle problems independently. The term “agent” has its background in the early artificial intelligent approach to the humanoid entities. During the long period of development of artificial intelligence, the term was applied to a wide range of fields and attracted different definitions. An agent can be thought of as a computer program that simulates a human relationship by doing something that another person could do for you [11]. An agent is a self-contained

2


Vol 7, No 1

program capable of controlling its own decision-making and acting, based on its perception of its environment, in pursuit of one or more objectives. 2.2. Type of Agent More than one type of agent is possible. In its simplest form, it is a software object that sifts through large amounts of data and presents a subset of this data as useful information to another agent, user or system. An example of this is an agent that reads and analyzes all incoming e-mail, and routes it to an appropriate department or another agent for a reply [12]. These types of agents are called static agents. Mobile agents owned by a user or another software element are capable of migrating from one computer to another to execute a set of tasks on behalf of their owner. Such agents would typically gather and analyze data from a multitude of nodes on the network, and present a subset of this data as information to a user, agent or system. For example, a company which needs to order additional paper supplies could have agents monitoring the quantity and usage patterns of paper within the company and launching buying agents when supplies are becoming low. Those buying agents automatically collect information about vendors and products that may fit the needs of the company, evaluate the different offerings, make a decision about which merchants and products to pursue, negotiate the terms of transactions with these merchants and finally place orders and make automated payments. Mobile agents can also act as brokers for users. For example, a single sign-on agent can signon to many different systems relieving the user from typing in his/her password for every system [12]. Mobile agents are said to be autonomous, in the sense that they can make their own decisions while away from their host. This implies that a mobile agent is not just a piece of data being transferred between systems, but may also carry some logic (i.e., code) and state, which enables it to perform some part of its tasks in one system, migrate to another and continue its work there.

3. Cryptographic Technology Cryptographic technology is used to ensure the privacy and authentication of data on a network. In order to secure agent-mediated online auction, we need public key cryptosystem for data confidentiality and digital signature scheme for non-repudiation. This section briefly reviews these cryptographic principles. 3.1. Public-Key Cryptosystem The concept of public-key cryptography was invented by W. Diffie and M. Hellman [13] in 1976. This contribution was the notion that keys could come in pairs – a public key and a private key. Named after R. Rivest, A. Shamir and L. Adleman, RSA [14] is the first publickey cryptosystem. RSA gets its security from the difficulty of factoring large numbers. To

3


Vol 7, No 1

generate the two keys, choose two large prime numbers p and q. Compute the product: n = p × q. Then randomly choose the public key e such that e and (p-1) × (q-1) are relatively prime and compute the private key d such that e× d = 1 (mod (p-1) × (q-1))

(1)

The numbers e and n are public; the number d is kept secret. To encrypt a message m, first divide it into numerical blocks mi such that each block has a unique representation modulo n (with binary data, choose the largest power of 2 less than n). The encrypted message c will be made up of similarly sized message blocks ci of about the same length. The encryption formula is simply: ci = mie (mod n)

(2)

To decrypt a message, take each encrypted block ci and compute: mi = cid (mod n)

(3)

Because cid = (mie)d = mied = mik(p-1)(q-1)+1 = mik(p-1)(q-1) mi= 1k × mi = mi (mod n) the formula recovers the message. In the above deduction, mi(p-1)(q-1) = 1 (mod n) is due to Fermat’s Theorem [14]. 3.2. Digital Signature and Hash Function RSA can be used for digital signature. By encrypting a document using your private key you have a secure digital signature. The basic protocol is simply: (1) Alice generates her signature on a document by encrypting it with her private key. (2) Alice sends the document with her signature to Bob. (3) Bob uses Alice's public key to verify the signature. In practical implementations, public-key algorithms are often inefficient to encrypt long documents. To save time, digital signature protocols are often implemented using a one-way hash function. A one-way hash function, denoted as H(m) , operates on an arbitrary-length message m. It returns a fixed-length hash value h, where h = H(m). There are many functions that take an arbitrary-length input and return an output of fixed length, but one -way hash functions have additional characteristics: (1) Given m, it is easy to compute h. (2) Given h, it is hard to compute m. (3) Given m, it is hard to find another message m' such that H(m’)=H(m). Instead of signing a document, Alice signs the hash of the document. (1) Alice produces a one-way hash of a document.

4


Vol 7, No 1

(2) Alice signs the hash with her private key, thereby signing the document. (3) Alice sends the document and the signed hash to Bob. (4) Bob produces a one-way hash of the document that Alice sent. He then decrypts the signed hash with Alice's public key and compares it with the hash he generated. If they match, the signature is valid. In this protocol, both the one-way function and the digital signature scheme are agreed upon beforehand. 3.3. Authentication and Certificates Authentication gives assurance of identity. It is the means of gaining confidence that people or things are who or what they claim to be. In other words, authentication relates to a scenario where some party has presented its identity and claims to be that party. Authentication enables some other party to gain confidence that the claim is legitimate. In the ISO authentication framework, each user has a distinct name. A trusted certification authority (CA) assigns a unique name to each user and issues a certificate containing the user’s name and public key. An X.509 certificate [15] looks like: Certificate :: = SIGNED SEQUENCE ( signature AlgorithmIdentifier, Issuer Name, validity Validity :: = SEQUENCE ( notBefore UTCTime, not After UTCTime) subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo :: = SEQUENCE( algorithm AlgorithmIdentifier, subjectPublicKey, BIT STRING)) The certification authority (CA) signs all certificates with its private key. If Alice and Bob want to communicate, each of them has to verify the signature of the other person’s certificate.

4. Agent-Mediated Online Auction Framework Many different types of auctions exist. Most people who have attended or seen an auction on television have only experienced one type of auction, the English auction, in which bidders publicly announce their successively higher bids until no higher bid is forthcoming. At that point, the auctioneer pronounces the item sold to the highest bidder at that bidder’s price. This type of auction is also called an ascending-price auction. An English auction is an open (or open-outcry) auction because the bids are publicly announced. In this section, we simulate English auction on the Internet and design an online auction by using software agent technology. In addition, cryptographic technology is applied to ensure security of the agent-mediated online auction.

5


Vol 7, No 1

4.1. Overview The proposed agent-mediated online auction framework can be illustrated in figure 1. Bidder ( B1 ) Bidder (B2 ) Agent

Agent Agent

Bidder (B i)

Auctioneer (A)

Agent Bidder (B n-1)

Agent Bidder ( Bn ) Agent

Figure 1. Illustration of the Agent-mediated Online Auction Framework This framework comprises the following components: •

Online auctioneer (A) - generates an auction agent and launches it to traverse a list of online bidders to sell goods or service.

•

Auction agent (Agent) - acts as a mobile auctioneer traversing a list of online bidders, requesting bidding and brings all bids of each round auction to the online auctioneer.

•

Online bidder (Bi) - each offers his bid to the auction agent to buy the goods or service.

When selling an article through online auctioneer, an online auctioneer (A) generates and launches an auction agent (Agent). According to a route specified by A, Agent traverses a list of online bidders B1, B2, …, Bn on the Internet, informs them a minimum bid and bid increment unit, collects bids from them and finally brings these bids back to A. On basis of these bids, A specifies a new minimum bid and resend Agent out. Agent carries out the same procedure again. The procedure is repeated again and again until a minimum bid does not increase for three times. Finally, A broadcasts that the article has been sold to the highest bidder at that bidder’s price. 4.2. Assumption Throughout the following discussion, we assume that RSA public key cryptosystem is available in each participant’s computer and each participant x in this framework has a pair of keys associated with it: the public key of x denoted by ex and the private key of x denoted by

6


Vol 7, No 1

dx. x’s public key is used to encrypt data meant to be read by x. x decrypts the result using its private key, i.e., for any message m, dx ( e x (m) ) = m

(4)

where ex (m) represents encrypting m by using x’s public key ex on basis of formula (2), i.e., for each subblock mi of m, e x (mi) = mie x (mod n) , and d x(ex (m)) denotes decrypting ciphertext e x (m) by using x’s private key d x on basis of formula (3), i.e., for each subblock ex (mi) of ex (m), dx ( e x (mi) ) = ( miex ) dx = mi (mod n). x’s private key d x is used to create x’s digital signature on any message m, which can be verified by any party using ex, i.e., ex ( d x (m) ) = m

(5)

In addition, we assume the existence of a certification authority (CA) which issues certificate containing user’s name, user’s public key and the signature of CA on the certified content for all participants in this architecture. The public key of the certification authority (eCA) is known to every entity. x’s certificate is denoted with Certx. 4.3. Structure of Auction Agent The auction agent possesses the same structure as that of a general mobile agent. Since the goal of an auction agent is auction, each component of the auction agent has a specific significance. The structure of the auction agent can be illustrated in figure 2. Mi Agent Passport

Code Data (CDC)

Field for Bidder B1

.....

Field for Bidder Bn

Time Stamp

Certificate &Signature of Bidder

NRC i

Figure 2. Structure of Auction Agent The meaning of each component in the auction agent is explained as follows: •

Agent Passport - comprises the certificate of the auctioneer.

•

Code & Data Component (CDC)- consists of the code executed on each bidder’s server, the minimum bid (bk ) of the k-round auction and the bid increment unit (u). This component are encrypted with the private key of the auctioneer, i.e., CDC = dA (Code & Data)

(6)

The minimum bid of the first round auction is called initial minimum bid (denoted as b1). Each minimum bid is specified by the auctioneer on basis of bids from bidders and bid increment unit (u).

7


•

Vol 7, No 1

Field for Bidder Bi - contains the bid b i(k) offered by the bidder Bi in the k-round auction. b i(k) along with the current time ti(k) is firstly encrypted with the private key dBi of the bidder Bi and then encrypted with the auctioneer’s public key eA, i.e., Field for Bidder B i = eA (dBi (bi(k), ti(k)) )

(7)

Notice that Field for Bidder Bi is filled with the minimum bid b 1 when the auction agent is launched from the auctioneer server in the first round auction. •

Agent Body (M i) - comprises Agent Passport, CDC, Fields for bidders and the time stamp. M i represents the agent body when Agent gets into the server of bidder Bi+1 .

•

Non-Repudiation Component (NRCi ) - includes the time stamp t(k) , the certificate and signature of the auctioneer or a bidder on the agent body (M i) (shown in figure 2). For simplicity of description, the auctioneer is also thought as bidder B0 or bidder Bn+1. In this way, NRCi has an uniform representation as follows: NRCi ={CertBi , dBi (H(Mi))}

(8)

where H(Mi) denotes the hash value of M i. Same as M i, NRCi denotes the nonrepudiation component when Agent gets into the server of bidder Bi+1 . Notice that NRC0 contains the auctioneer’s certificate and signature on the agent body each time when the auction agent leaves the auctioneer’s server. 4.4. Procedure of Agent-mediated Online Auction 4.4.1. Advertising Auction Simulating to the auction in the real life, the auctioneer advertises for the coming auction on the Internet. For example, he posts an advertisement informing the exact date and the web site of the coming auction on a popular bulletin board. 4.4.2. Registration of Auction All audiences of the advertisement who want to buy the goods or service in the auction way have to register this coming auction by sending the auctioneer the following message: (1) Bidder’s certificate (2) Bidder’s IP address (3) Auction in which the bidder intends to participate (4) Current time (5) Signature of the bidder on the above information. After receiving the registration information for the bidder, the auctioneer verifies the signature and includes the bidder’s IP address in the route of the coming auction agent if the signature is true.

8


Vol 7, No 1

4.4.3. Process of Auction The agent -mediated online auction is illustrated in figure 1. The detailed process is described as follows: Generation of Auction Agent When the auction day comes, the auctioneer creates an auction agent according to the structure of the auction agent shown in figure 2. In this case, we suppose there are n bidders (B1, B 2, …, Bn) registering this auction. Therefore, the auction agent contains n different fields for the n different registered bidders and the route of the auction agent lists n different IP addresses. Formation of Virtual Auction House Although the auctioneer and all the registered bidders are not in a same place, they are connected together by the Internet. A virtual auction house has been formed. Rounds of Online Auction After establishment of the virtual auction house, the auctioneer launches the auction agent to traverse the list of registered bidders based on its route as shown in figure 1. When the auction agent (Agent) enters a bidder's server Bi in the k-round auction (k=1,2,…), it hands Bi the following information for authentication: (1) Auctioneer’s certificate contained in Agent Passport (2) dA(Code & Data) contained in CDC (3) NRCi-1 Bi verifies the auctioneer’s certificate with the public key of CA and then decrypts d A(Code & Data) with the auctioneer’s public key extracted from the auctioneer’s certificate. Then Bi verifies the certificate and the signature of bidder Bi-1 in NRCi -1. The signature of Bi-1 on the agent body is verified by checking if eBi-1 (dBi-1 (H(Mi-1)) )=H(M i-1)

(9)

If equation (9) holds, Agent is allowed to reside in Bi and run its code. It tells Bi the current minimum bid b k and the bid increment unit u and asks Bi to bid based on b k and u. Responding to the bidding request, Bi has three options: (1) Offering a new bid bi(k) which should be more than the minimum bid b k for the k-round auction. b i(k) - b k should be a multiple of u. (2) Waiting for next round auction by retaining b i(k-1) offered by Bi in the last round auction, i.e., letting bi(k) = b i(k-1). (3) Quitting this auction completely by letting b i(k) =0

9


Vol 7, No 1

No matter which decision the bidder makes, he must update Field for Bidder Bi Component in Agent on basis of formula (7). With this update, the agent body has been changed into M i from M i-1. In addition, Agent asks Bi to update the Non-Repudiation Component (NRCi) as formulae (8) and send it to the server of next bidder Bi+1 . In order to reserve a non-repudiation evidence of receipt, Bi requests Bi+1 to acknowledge Agent. This acknowledgement of receipt consists of the certificate and the signature of Bi+1 on Agent body M i. Bi verifies the signature in the same way as formula (9). When the k-round of auction ends, Agent brings all the bids to the auctioneer. The auctioneer A can check the authenticity of each bid by the corresponding public key known in the registration stage. For Field for Bidder Bi Component, A decrypts this component with his private key and then decrypt the result with the public key of bidder Bi, i.e., eBi (dA (eA (dBi (bi(k), ti(k)) ) ) )= (bi(k), ti(k))

(10)

bi(k) is valid only if (bi(k), ti(k)) is significant message and ti(k) is fresh. Among these valid bids, A selects the maximum bid of the k-round auction as the minimum bid of the k+1-round auction and updates CDC of Agent. In addition, A removes those bidders with b i( k) =0 from the route of Agent. Finally, A launches Agent containing the new minimum bid to traverse the new list of bidders again. The procedure of k+1-round auction is the same as the k-round auction. Termination of the Online Auction Simulating to the auction in the real life, if the minimum bid has not risen after the auction agent traverses the list of bidders three times, the auction terminates. The final winner of the auction is the bidder who offers the highest bid.

5. Security of Agent-Mediated Online Auction Framework Mobile agent security can be split into two broad areas [16]. The first involves the protection of host nodes from destructive mobile agents while the second involves the protection of mobile agents from destructive hosts. 5.1. Protection of Bidder Servers from Malicious Agents In the agent-mediated online auction framework, the code and data component in the auction agent is signed by the online auctioneer. Other parties cannot forge this signature on the basis of cryptography. Therefore, the auction agent provides not only the code and data executed by all bidders to achieve the auction mission, but also non-repudiation evidence. The online auctioneer cannot deny having generated the code and data. Once any problems such a virus altering other local agents, propagating viruses, worms and Trojan horses occur when a bidder runs his code on its agent execution environment, the online auctioneer is probably malicious and will be accused. Therefore, if the online auctioneer is a trusted party, malicious action agents will not be generated.

10


Vol 7, No 1

5.2. Protection of Auction Agents from Malicious Bidders In order to protect the auction agent against malicious bidder, each bidder needs to set up a non-repudiation database to record some data from the passing auction agent. The structure of the database for bidder Bi is shown in figure 3.

Agent Passport

Content of Field for

Previous Bidder's NRCi-1

Bidder Bi

Next Bidder's Signature on Mi

Figure 3. Structure of Non-repudiation Database Simulating Express Mail Service system, when a bidder receives an auction agent, he replies the previous bidder server with a signature on the agent. In this way, once the auctioneer detects any malicious action, he can perform a check procedure to dig out the peace-breaker after collecting all non-repudiation evidences from all bidders. The agent-mediated online auction framework can provide protection for agents against malicious bidders in the following way: (1) In the agent -mediated online auction framework, each field of bidder is protected by firstly encrypting it with the private key of the bidder and then encrypting the result with the public key of the auctioneer. Except for the bidder, others cannot do like this because they do not know the private key of the bidder. In addition, except for the auctioneer, others cannot recover the field for the bidder because they do not know the private key of the auctioneer. In this way, we can prevent a malicious bidder from scanning or modifying a field of bidder belonging to others. (2) Although each bidder is permitted to put his bid and Non-Repudiation Component (NRCi ) into an agent, any malicious manipulation (such as cutting or manipulating another bidder’s field) will be detected by the auctioneer. The auctioneer is conscious of any malicious action if an agent has taken a error action, or if any field of bidder cannot be recovered into significant information or even completely disappears. In this case, the auctioneer can carry out the following check procedure to identify the malicious bidders. (i)

The auctioneer asks each bidder Bi on the routing list to submit his record (denoted as RecBi (i=1,2,…,n)) about the agent. The motivation to prove themselves to be innocent drives all bidders except malicious bidders to provide true records about the agent.

(ii)

On basis of the initial auction agent and Rec Bi (i=1, 2, …, n), the auctioneer is able to reconstruct all states of the auction agent in all stages in a recursive way. If there is not any malicious bidder, the following equation holds for any i (i=1, 2, …, n).

11


eBi+1 (Signature of Bi+1 on Agent Body Mi) = H(Mi)

Vol 7, No 1

(11)

where M i denotes the body of Agent when it leaves the server of bidder Bi. Signature of Bi+1 on Agent Body Mi is obtained from RecBi. M i can be reconstructed with M i-1 and the content of Field for Bidder Bi from RecBi. (iii) For any bidder Bi, the auctioneer checks that equation (11) holds. If so, the bidder Bi has no problem. If not, Bi will be identified as malicious because it cannot provide the non-repudiation of receipt from Bi+1 which states Bi+1 has correctly received the auction agent. Bi should repeatedly have transmitted the auction agent to the bidder Bi+1 until equation (11) holds or delivered an error notification to the auctioneer. (3) If the auction agent is killed by a malicious bidder, the check procedure (i)-(iii) can be also used to uncover the culprit. The first bidder who cannot provide a correct record about the auction agent and after whom the auction agent disappears will be identified as the malicious bidder who kills the auction agent.

6. Conclusion In order to automate and secure online auction, we have proposed a secure agent-mediated online auction framework above. The security of the framework is ensured by a nonrepudiation approach. Different from the existing online auction, our framework makes use of mobile agents to simulate auction in the real life. The main feature of our framework is its real-time property. In our framework, online bidders are not required to monitor auction Web sites for long time in order to win auctions. Auction agents will bring auction information to each bidder and remind him of bidding. Auction results can come out soon. In addition, all bids from bidders are protected against scanning, modifying, cutting or manipulating. Once these malicious actions arise, all malicious bidder on the routing list of the auction agent can be dug out with the non-repudiation approach. In the real life, auction cannot prevent some bidders from colluding to obstruct the minimum bid rising. This threat also exists in our framework. In our future work, we will explore more secure agent-mediated online auction solution to overcome this threat. We are implementing the agent-mediated online auction framework with the Aglets Software Development Kit [17] – an environment for programming mobile Internet agents in Java TM. After implementation, we will carry out performance analysis of this framework to obtain some experiment results. Interested parties are welcome to analyze both performance and security of our framework.

12


Vol 7, No 1

7. Acknowledgement We would like to take the opportunity to appreciate valuable comments from anonymous reviewers.

References [1] R.P.McAfee and J.McMillan, “Analyzing the airwave auction”, Journal of Economic Theory, 10(1): 159-175. [2] Amazon.com, http://www.amazon.com. [3] BargainFinder, http://bf.cstar.ac.com. [4] eBay, http://ebay.com. [5] Jango, http://www.jango.com. [6] Michigan Internet AuctionBot, http://auction.eecs.umich.edu. [7] Onsale, http://www.onsale.com. [8] Ubid, http://www.ubid.com. [9] R. H. Guttman and P. Maes, “Agent-mediated integrative negotiation for retail electronic commerce”, Proceedings of Workshop on Agent Mediated Electronic Trading, Minneapolis, Minnesota, USA, May 1998. [10] P. Maes, R. H. Guttman and A. G. Moukas, “Agent that buy and sell: Transforming commerce as we know it”, Communication of ACM, 42(3), March 1999. [11] T. Selker, “A teaching agent that learns”, Communication of ACM, 37(7), 1994. [12] L. Wirthman, “Gradient DCE has sign-on feature”, PC Week, March 1996. [13] W. Diffie and M. E. Hellman, “New direction in cryptography”, IEEE Trans. Information Theory, vol. IT-22, no.6, pp.644-654, Nov.1976. [14] R. Rivest, A. Shamir and L. Adleman, “A method for obtaining digital structures and public -key cryptosystem”, Communication of ACM, 21(2), Feb. 1978. [15] ISO/IEC 9594-8: Information technology – open systems interconnection – the directory: authentication framework (Also published as ITU-T Recommenda tion X.509 )

13


Vol 7, No 1

[16] D. Chess, B. Grosof, C. Harrison, D. Levine, C. Parris and G. Tsudik, “Itinerant agents for mobile computing”, IEEE Personal Communications, 2(3), 34-49,1995. [17] D. B. Lange and M. Oshima, “Programming and deploying JavaTM mobile agents with agletsTM”, Addison Wesley Longman, Inc.

14