Existing multimedia applications offered in conventional multimedia communication systems do not adequately support security in the media plane. Existing security proposals in a conventional multimedia communication system such as the Internet Protocol (IP) Multimedia Subsystem (IMS) are based on token-based symmetric key methodologies; managed using a key management service that potentially creates and distributes keys. 3GPP (3rd Generation Partnership Project) Technical Specifications (TS) 33.328 and 33.828, the disclosures of which are incorporated by reference herein, discuss existing proposals for IMS media plane encryption.
Multimedia Internet Keying (MIKEY), as disclosed in RFC 3830, the disclosure of which is incorporated by reference herein, is an example of a media security protocol that is based on pre-shared keys.
An attempted improvement of the MIKEY protocol is referred to as MIKEY-TICKET, and is disclosed in International Patent Publication No. WO2009/070075, the disclosure of which is incorporated by reference herein. MIKEY-TICKET is part of Rel-9 IMS Media Plane Security as disclosed in TS 33.328 and TS 33.828. The MIKEY-TICKET approach uses one or more key management services (KMSs) that issue a voucher (ticket) and key generating information to a user device for use in establishing a session key with another user device. The session key is then used by the user devices to communicate with one another. When, two KMSs are employed (one KMS for each user device), the two KMSs must not only establish a security association with the user devices they are servicing, but the two KMSs must also have a pre-existing one-to-one security association between them in order for the MIKEY-TICKET protocol to work. This may not always be preferable or possible, particularly when each KMS belongs to a different administrative domain.
Thus, a need exists for an improved key management solution for use in securing communications in environments such as a media plane of a multimedia communication system.