It is now possible to establish various forms of connection over the Internet including data connections as well as voice and video telephony connections. As the speed and extent of the Internet increases, the use of voice and video telephony can be expected to grow. Whilst current technology tends to restrict IP multimedia sessions to computer terminals coupled to the Internet, tomorrow's technology will provide for IP multimedia sessions between small dedicated telephony terminals, and other mobile devices such as PDAs, palmtop computers etc.
In order to allow such devices to gain widespread acceptance, a key issue which must be addressed is that of security. The two main security concerns are the avoidance of unauthorised eavesdropping, and the need to authenticate terminals involved in a communication (i.e. to ensure that the terminal which a “subscriber” connects to is the terminal which the subscriber intends to connect to and vice versa). However, these concerns are not unique to IP multimedia, and are common to many different forms of IP communication. Several protocols exist for securing data traffic using encryption and/or authentication.
One such security protocol is known as IPsec (IETF RFC2401). In order to allow IPsec packets to be properly encapsulated and decapsulated it is necessary to associate security services and a key between the traffic being transmitted and the remote node which is the intended recipient of the traffic. The construct used for this purpose is a “Security Association” (SA). A second security protocol is known as SRTP (Secure Real-Time Protocol)—see draft-ietf-avt-srtp-02.txt. It is expected that the third generation mobile network architecture known as 3GPP will adopt SRTP as the protocol for securing IP Multimedia traffic. Of course, other protocols such as IPsec may be used in other mobile network architectures.
In the Internet draft “draft-ietf-msec-mikey-00.txt”, a key management scheme known as Multimedia Internet KEYing (MIKEY) is described for use in real-time applications. The scheme provides for the creation of a Security Association (SA) and the distribution of a Pre-Master Key (PMK). (Actually, MIKEY denotes these keys “TEK Generating Keys”, but PMK is a more common term and will be used throughout as the invention's use is not restricted to MIKEY.) The PMK is used to derive a Traffic-Encrypting Key (TEK) for each crypto session. More specifically, the TEK is used as the key input to the chosen security protocol, i.e. SRTP.