METHOD AND APPARATUS FOR TRANSITION OF ENCRYPTION KEY DURING AN ONGOING MEDIA COMMUNICATION SESSION

摘要

A method for transitioning encryption keys during an ongoing media communication session between a caller communication device and at least one target communication device, the method comprising: the target communication device receiving media (412) packets encrypted using a current media key (MEK); the target communication device decrypting (418) the encrypted media packets using the current MEK; the target communication device requesting (432) a new MEK from a secure key server (SKS) upon expiration of a first timer indicating that the current MEK is about to expire, the first timer having been set based on a time-to-live (TTL) value assigned by the SKS for the current MEK; the target communication device receiving (434) the new MEK from the SKS; characterized in that transitioning (436) from the current MEK to the new MEK during a key transition period (KTP) initialized upon expiration of second timer which is after the expiration of the first timer, wherein the target communication device; receives, from the caller communication device, encrypted media packets and a MEK indicator flag (MIF) for each media packet that indicates whether the media packet is encrypted using the current MEK or the new MEK; and decrypts the encrypted media packets using the current MEK or the new MEK selected based on the MIF for each media packet; after an end of the KTP upon expiration of a fourth timer; the target communication device receiving, from the caller communication device, media packets encrypted using only the new MEK; and decrypting (440) the encrypted media packets using only the new MEK without regard to the MIF.