With the increasing usage of the Internet, electronic commerce (e-commerce) has been catching on fast in a lot of business areas. As e-commerce booms, there comes a demand for a better system to manage and carry out transactions. This leads to the development of agent-based e-commerce. In this new approach, agents are employed on behalf of users to carry out various e-commerce activities. Although the tradeoff of employing mobile agents is still under debate (Milojicic, 1999), using mobile agents in e-commerce attracts much research effort, as it may improve the potential of their applications in e-commerce (Guan & Yang, 1999, 2004). One advantage of using agents is that communication cost can be reduced. Agents traveling and transferring only necessary information saves network bandwidth and reduces the chances of network congestion. Also, users can schedule their agents to travel asynchronously to the destinations and collect information or execute other applications, while they can disconnect from the network (Wong, Paciorek, & Moore, 1999). Although agent-based technology offers such advantages, the major factor holding people back from employing agents is still the security issues involved. On one hand, hosts cannot trust incoming agents belonging to unknown owners, because malicious agents may launch attacks on the hosts and other agents. On the other hand, agents may also have concerns on the reliability of hosts and will be reluctant to expose their secrets to distrustful hosts. To build bilateral trust in an e-commerce environment, the authorization and authentication schemes for mobile agents should be designed well. Authentication checks the credentials of an agent before processing an agent’s requests. If the agent is found to be suspicious, the host may decide to deny its service requests. Authorization refers to the permissions granted for the agent to access whichever resources it requested.