Application programs are not responsible for any of the processing needed to implement session-level verification. However, application programs must be defined to use session-level verification and an external security management product must be available to provide the security related services.