Methods and systems for communication-session arrangement on behalf of cryptographic endpoints

The invention claimed is: 1. A method comprising: receiving, at a communication device from an accessory, a request to establish an audio-based encrypted media session between the accessory and a remote device wherein, (i) the accessory to the communication device is a first cryptographic endpoint of the requested audio-based encrypted media session, and (ii) the remote device is a second cryptographic endpoint of the requested audio-based encrypted media session, wherein the communication device is communicatively connected to a remote device as a second cryptographic endpoint of the requested audio-based encrypted audio-based media session, wherein the communication device is communicatively connected to, (i) the accessory via a Personal Area Network (PAN) communication link, and (ii) the remote device via a communication link separate from the PAN communication link; in response to receiving the request, the communication device exchanging control data with the remote device on behalf of the accessory to establish the requested encrypted media session between the accessory and the remote device; during the established encrypted audio based media session, the communication device relaying, (i) inbound encrypted-media-session payload data from the remote device to the accessory, the inbound encrypted-media-session payload data being encrypted such that decryption of the inbound encrypted-media-session payload data requires a first payload-data cryptographic key that is accessible to the accessory and that is not accessible to the communication device, and (ii) outbound encrypted-media-session payload data from the accessory to the remote device, the outbound encrypted-media-session payload data being encrypted such that decryption of the outbound encrypted-media-session payload data requires a second payload-data cryptographic key that is accessible to the remote device and that is not accessible to the communication device. 2. The method of claim 1 , wherein exchanging control data comprises receiving control data from the remote device. 3. The method of claim 1 , wherein the control data comprises metadata associated with the requested audio-based encrypted media session. 4. The method of claim 1 , wherein the control data comprises a public cryptographic key that is associated with the first payload-data cryptographic key. 5. The method of claim 1 , wherein the control data comprises a public cryptographic key that is associated with the second payload-data cryptographic key. 6. The method of claim 1 , wherein the control data comprises key-exchange data. 7. , The method of claim 6 , wherein the key-exchange data comprises components of a Diffie-Hellman key exchange, based on which the first payload-data cryptographic key and the second payload-data are established as a shared cryptographic key between the accessory and the remote device. 8. The method of claim 1 , wherein the control data comprises a digital signature. 9. The method of claim 8 , wherein the digital signature comprises a digital signature generated by the remote device based on a private cryptographic key that is associated with the remote device. 10. The method of claim 8 , wherein the digital signature comprises a digital signature generated by a trusted third party. 11. The method of claim 8 , wherein the control data further comprises a public cryptographic key, wherein the digital signature is based on the public cryptographic key. 12. The method of claim 11 , wherein the digital signature comprises a digital signature generated by a trusted third party based on the public cryptographic key. 13. The method of claim 1 , wherein the control data comprises Session Initial Protocol (SIP) data. 14. The method of claim 1 , wherein the control data comprises ZRTP data. 15. The method of claim 1 , wherein the control data comprises Secure Real-time Transport Protocol (SRTP) data. 16. The method of claim 1 , wherein the control data comprises Session Description Protocol (SDP) data. 17. The method of claim 1 , wherein relaying the inbound encrypted-media-session audio payload data comprises relaying media-session audio payload data that includes both the inbound encrypted-media-session audio payload data and a digital signature that is based on the inbound encrypted-media-session audio, payload data. 18. The method of claim 17 , wherein the digital signature comprises a digital signature generated by the remote device based on the inbound encrypted-media-session audio payload data. 19. The method of claim 1 , wherein the PAN communication link comprises a Bluetooth communication link. 20. The method of claim 1 , wherein the accessory is a headset. 21. The method of claim 1 , wherein the first payload-data cryptographic key and the second payload-data cryptographic key are symmetric keys. 22. The method of claim 1 , wherein the first payload-data cryptographic key is part of a first asymmetric key pair and the second payload-data cryptographic key is part of a second asymmetric key pair. 23. The method as claimed in claim 1 , wherein the audio-based encrypted media session comprises an encrypted video conference session. 24. The method as claimed in claim 1 , wherein the communication device comprises a phone. 25. The method as claimed in claim 1 , wherein the communication device comprises a handheld computer. 26. The method of claim 24 , wherein the PAN communication link comprises a Bluetooth communication link. 27. A communication device comprising: a Personal Area Network (PAN) communication link: a communication interface link separate from the PAN communication link; a processor; and data storage containing instructions executable by the processor for causing the communication device to carry out a set of functions, the set of functions comprising: receiving, via the communication link, a request to establish an audio-based encrypted media session between (i) an accessory to the communication device as a first cryptographic endpoint of the encrypted audio-based media session and (ii) a remote device as a second cryptographic endpoint of the encrypted audio-based media session in response to the communication device receiving the request, exchanging, via the communication link, control data with the remote device on behalf of the accessory to establish the requested encrypted audio-based media session between the accessory' and the remote device; and during the established encrypted audio-based media session, relaying (i) inbound encrypted-media-session audio payload data from the remote device to the accessory', the inbound encrypted-media-session audio payload data being encrypted such that decryption of the inbound encrypted-media-session audio payload data requires a first payload-data cryptographic key that is accessible to the accessory and is not accessible to the communication device and (ii) outbound encrypted-media-session audio payload data from the accessory to the remote device, the outbound encrypted-media-session audio payload data being encrypted such that decryption of the outbound encrypted-media-session audio payload data requires a second payload-data cryptographic key that is accessible to the remote device and is not accessible to the communication device.