Mobile agents often travel in a hostile environment where their security and privacy could be compromised by any party including remote hosts in which agents visit and get services. It is believed that the host visited by an agent should jointly sign a service agreement with the agent’s owner; hence a proxy-signing model was proposed in the literature, allowing every host in the agent system to sign a service agreement. We observe that this actually poses a serious problem whereby a host that should be excluded from an
underlying agent network could also send a signed service agreement. In order to solve this problem, we propose two schemes achieving host authentication with controlled resources, where only selected hosts can be included in the agent network. We provide two schemes in this paper. The second scheme offers a smaller data size. We also define security models and provide rigorous security proofs to our schemes.