Abstract. This work defines a security scheme, based on SPKI/SDSI chains of trust, for protecting mobile agent platforms in large-scale distributed systems. The scheme is composed by a protocol of mutual authentication, a mobile agent authenticator and a mechanism for the generation of protection domain. Due to the flexibility of the SPKI/SDSI certificate delegation infrastructures used, the proposed scheme provides a decentralized control for authorization and authentication.