The asymmetric token is a signed data structure used to convey security-related information from an originator to a recipient. The attributes comprising the token include:
The asymmetric token provides three forms of cryptographic protection. First, it ensures that only the recipient can view the plaintext information in the encrypted-data. This is because the token originator encrypts the encrypted-data using the recipient's public key. Thus, only the recipient's private key can be used to decrypt the information. Second, it ensures that the token has not been modified. Since the originator signs the token, the recipient can validate the signature and confirm the token's integrity. Third, it authenticates the identity of the token originator. This is because the originator signs the token using its private key. If the recipient validates the signature using the originator's public key certificate, only the originator's corresponding private key could have generated the signature.
X.400 defines two purposes for asymmetric tokens. They can be transferred as credentials when an MHS entity initiates a connection to a peer, and wants to provide strong authentication information. For this purpose the token is referenced as a bind token. Tokens can also be transferred in MHS messages, such that a distinct token can be generated for each message recipient. For this purpose the token is referenced as a message token.