Key Management Service

Features

• Easy-to-use API
• Provides strong, mutual authentication
• Enables secure communication
• Can be used to secure any type of communication
• Standardized in 3GPP and IETF

What You Get

With the Key Management Service, two parties can establish a shared secret key via an easy-to-use API. The service provides strong, mutual authentication and the shared key can be used to secure any type of communication including voice calls, conferencing, video, chat, immediate messaging, file transfer, and so forth.

The key management message can be incorporated into any type of application signaling and the shared key can be used in any security protocol that uses a pre-shared key (e.g. SRTP, TLS, DTLS, etc.).

Since the Key Management Service API relies on the Mobile Web Security Bootstrap API for bootstrapping, no new information needs to be distributed or configured.

How it works

The Key Management Service has been implemented following the 3rd Generation Partnership Project (3GPP) standard TS 33.328 "IP Multimedia Subsystem (IMS) media plane security" and the Internet Engineering Task Force (IETF) standard RFC 6043 "MIKEY-TICKET: Ticket-Based Modes of Key Distribution in Multimedia Internet KEYing (MIKEY)".

Using the Mobile Web Security Bootstrap API, the two parties (Initiator and Responder) establish trust relations with the Key Management Service (KMS). The trust relations are used to securely transfer keying material over HTTP from the KMS.

Based on the keying material received from the KMS, key management messages are generated and incorporated into the normal application signaling. After the signaling has completed, the parties have authenticated each other and can start using the shared key to secure any type of communication.

A short tutorial to help you get started: