Authentication Model Based on JWT and Local PKI for Communication Security in Multi-agent Systems

Abstract

This paper aims to present a new model based on JSON Web Token (JWT) and Public Key Infrastructure (PKI) for communication security as part of a Multi-Agent System Middleware for massively distributed systems. The proposed model aims to provide secure communications between agents to ensure the integrity of the exchanged messages, the authentication of agents, and the no-repudiation, articulated on an approach based on a Registration Authority (RA) and a Certification Authority (CA) that are managed by a Public Key Infrastructure (PKI). This architecture is based on the Stateless JWT security technology based on the asymmetric cryptographic algorithm used for validation of subsequent client requests for making frequent remote calls to the target server resources. The proposed solution uses a digital signature claim using a KeyStore.p12 generated periodically by the local PKI, to ensure message integrity, transmitter authentication, and non-repudiation based on asymmetric cryptographic technology. The article presents an approach based on digital trust micro-agent for better security.