1. Technical Field
The present invention relates generally to communication between subscriber modules in an IP Multimedia Subsystem (IMS), and in particular to providing end-to-end security between subscriber modules using IMS.
2. Description of the Related Art
IMS generally refers to a reference architecture for the delivery of mobile and fixed IP-based services promulgated by the 3GPP (3rd Generation Partnership Project) consortium. IMS utilizes standard Internet Protocol (IP), and thus may be used by telecommunications carriers and other service providers to offer their subscribers most IP-based services, such as voice over IP (VoIP), videoconferencing, and rich messaging services such as multimedia messaging service (MMS), as well as more widespread messaging services such as instant messaging (IM) and electronic mail, deliverable to subscriber modules that are capable of supporting these services, such as smartphones and other mobile devices. IMS also provides service providers with the opportunity to control and meter individual subscriber services.
Currently, security in an IMS architecture enables service providers to provide secure messaging services to their subscribers by providing a secured communication channel between the service provider's IMS domain and the subscriber module: if a first subscriber module communicates with a second subscriber module through an IMS system, then each subscriber module establishes a security relationship with the service provider's IMS system, and not directly with each other. Thus, if a subscriber using a subscriber-owned mobile device communicates with a subscriber-owned server, each of the mobile device and the server establishes a security relationship with the IMS system. If the subscriber wishes to establish end-to-end security in communication between the subscriber's mobile device and the subscriber's server, then the IMS system must act as a trusted intermediary between the mobile device and server so that the subscriber's server and mobile device can share cryptographic credentials.