Generally, a media stream, which might be an audio media stream, video media stream or the like, is transmitted based on Real-time Transport Protocol (RTP).
In order to enhance security of the media stream in the progress of transmission, a lot of methods for generating and distributing keys, i.e., key negotiation methods, are proposed at present. Hence, terminals may implement the transmission of the media stream by using the distributed key, and achieve safe transmission of the media stream.
In the prior art, there are two typical methods for the key negotiation methods: Multimedia Internet Key (MIKEY) public key mode and Multimedia Internet Key Diffie-Hellman (MIKEY DH) mode.
The basic principle of MIKEY public key mode lies in that a key and an envelop key are generated and by a calling terminal, the key is encrypted with the envelop key, and the envelop key is then encrypted by use of a public key of a certification of a called terminal, then the encrypted key is transmitted to the called terminal through the MIKEY protocol, the progress of key negotiation is completed when the called terminal obtains the key after decrypting.
In the MIKEY public key mode, to ensure the key negotiating progress being safe and successful, it requires clock synchronization between the calling terminal and the called terminal, and support of a system that has a Public Key Infrastructure (PKI).
The basic principle of MIKEY DH mode lies in that the calling terminal and the called terminal generate DH values, respectively, which are exchanged through the MIKEY protocol, and then generate keys according to the DH values of both sides.
The MIKEY DH mode also requires clock synchronization, and the implementation of the MIKEY DH mode are very complex, with high calculation cost and high requirement on performance of the terminals.
Additionally, in practice, operators need to obtain keys in media stream for safety mechanism to meet requirements of lawful interception. According to prior art, only the terminals participating the interaction are allowed to obtain the keys, which herein might be the calling terminal and the called terminal, or might be a plurality of terminals, and any third party outside the interaction is not allowed to obtain the keys, i.e., it cannot meet the requirements of lawful interception.