The ever increasing dependence on electronic communication in the world today has placed greater importance on the need for security in such communication. Many people are familiar with the idea of electronic mail or email and readily recognize the need for security when sending such emails, but rarely see the need for securing electronic data communications between computers, servers, applications, etc. In this situation the parties are not people, but computer software applications, and their communications are not emails, but a series of electronic messages. Such transfer of messages or “messaging” is a core element of modern transaction processing servers, an example of which is the series of BEA Weblogic and BEA Tuxedo products from BEA Systems, Inc., San Jose, Calif.
All of these systems share the common need for secure transmission of messages. Security in this context may also extend to the following features:                Authentication: the ability for one party, for example a client-based software or server-based software to be assured of the identity of another party it is communicating with.        Confidentiality: the ability to prevent disclosure of information to unauthorized parties during the communication process.        Integrity: the ability to detect either malicious or accidental tampering with an electronic communication or a message transmission.        Non-repudiation: the ability to prevent one party from sending a message and later denying that it originated the communicated message.        
Traditionally, these security services have only been partially met by the use of either a transitive trust model, a real-time direct security relationship, or a direct authentication model.
In a transitive trust model, a client authenticates itself to a transaction processing system gateway process, and then the gateway process “vouches” for the user by confirming to other system processes the user's identity. This is similar to the “single sign-on” type of system such as is found in Windows NT, that uses trusts to allow users and services be distributed and yet easily accessible throughout the network. The implementation of authentication, confidentiality, and integrity security services depend on cooperation between intermediate system processes.
In the real-time direct authentication model, most commonly encountered in older type client-server systems, a client establishes a direct connection and security relationship with every server-side process. This particular authentication model is very resource-intensive, and does not scale up well for large configurations.
Neither of these models described above fully answer the modern demands for increased messaging security, particularly the desire for a non-repudiation feature. Clearly, an alternative method must be found to satisfy the demands of modern transaction processing.