Network communication technologies have been quickly maturing in recent years. As a result, Voice over Internet Protocol (VoIP) in which digital voice packets are transmitted via the Internet, short message service (SMS) for transmitting messages, video communication, and multimedia streaming are presently being used to a great extent on the Internet.
For VoIP, Session Initiation Protocol (SIP) is, at present, the typical signaling protocol standard. In a VoIP system, each SIP-based mobile phone registers with a specific SIP domain registrar and belongs to a specific SIP domain, where security management of the domain is usually controlled by a key management center (KMC) or key distribution center (KDC). Since these mobile phones use the same authentication protocol, mutual authentication can be easily realized between mobile phones and the server, and among mobile phones in the same domain to achieve a secure communication link.
However, when the communication link between two mobile phones spans different domains, it is necessary to use another common authentication method in order to realize the secure communication because each domain may use a different authentication protocol. Consequently, the problem of inter-domain trust operations arises.
In order to solve the above problem, U.S. Pat. No. 6,839,761, entitled “Method and System For Authentication Through Multiple Proxy Servers That Require Different Authentication Data,” allowed a SIP request to append respective authentication data for successive proxies (servers) so as to solve the problem of authentication between a client and successive proxies in SIP, thereby realizing successive authentication validation for different security domains. However, this patent is not directed to solving inter-domain problems.
Another US Patent Application Publication No. 20050108575, entitled “Apparatus, System and Method For Facilitating Authenticated Communication Between Authentication Realms,” disclosed an authentication gateway to realize authentication among different authentication protocols. However, a fixed authentication gateway easily encounters the problem of service availability as a result of being subjected to network attacks.
Therefore, there exists a need for providing a mechanism capable of enabling electronic devices involved in communication spanning different security domains to acquire credentials for mutual authentication without requiring the use of complicated inter-domain trust operations on both security domain servers.