The present invention relates to securing information in open systems and more particularly to a method and a system for providing authentication, confidentiality and integrity protection of arbitrary communication services. A client that wishes to communicate with a particular service downloads a signed program code from that service containing code necessary for doing authenticated key exchange with that service. The client is assumed to support only two basic cryptographic functions: signing of arbitrary data by using a public key algorithm together with a one way hash function, and verifying a public key signature of arbitrary data. By allowing the security protocol needed for key exchange and data communication protection to be downloaded the number of predefined security functions that a client or server needs to support is limited. This also makes it much easier to update the communication protection since only the server program needs to be updated.