org.cumulus4j.keymanager.api.internal.remote.RemoteSession#lock() should not immediately lock the underlying real session. It should instead defer this and have a separate thread perform the lock (e.g. via a timer). This would improve performance when quickly unlocking, locking, unlocking, locking etc. as typically happens with a transparent session management in an EJB proxy.
For the LocalSession, this is not required as the unlock/lock is a very fast operation, as long as there is no communication with a remote key server involved.