Key management for secure communication

摘要

A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary.

主权项

1. A method for establishing secure communication between communication devices in a communications network, the method comprising:
a first communication device transmitting a request to a first key management server (KMS) apparatus, wherein the first KMS apparatus is configured such that, in response to the request, the first KMS apparatus transmits keying information and a voucher comprising information for retrieving the keying infoithation from the first KMS apparatus; the first communication device receiving the keying information and voucher transmitted by the first KMS apparatus; and after receiving the transmitted keying information and voucher, transmitting, by the first communication device, a session invitation message for creating a session with a second communication device, the session invitation message comprises the voucher, and the second communication device is separate and distinct from the first KMS apparatus.