WCF-wshttp port to PHP WSO2 service.

I am working with a vendor to pass secure messages to a WSO2 secure web
service using wshttpbinding and certificates with a WCF-WSHttp send. We have
been succesful sending the message to the PHP service and he is able to
decrypt the message and succesfully get the payload of the message. Our
problem is that BizTalk is throwing an error for the response message. We
are not using Negotiate service credential nor are we using Establish
security context.

When the service/server encrypts the message, what key should he use: My
public key or his private key? What it is the BizTalk port expecting?

The Error is:
Cannot read the token from the 'DerivedKeyToken' element with the
'http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512' namespace for
BinarySecretSecurityToken, with a '' ValueType. If this element is expected
to be valid, ensure that security is configured to consume tokens with the
name, namespace and value type specified.