Systems and methods for conducting secure VOIP multi-party calls

What is claimed is: 1. A method comprising: receiving, by a conference-call server, a plurality of data packets sent from each of a plurality of remote endpoints, each of the plurality of data packets being in a conference-call session; relaying each of the received data packets over a physical-connection port to a respective secure hardware element of a plurality of secure hardware elements associated with the conference-call server; and establishing respective cryptographic relationships between each of the plurality of respective secure hardware elements and each of the plurality of respective remote endpoints at least in part by negotiating, using the each of the plurality of respective secure hardware elements, respective endpoint-specific cryptographic key information for the conference call session with the each of the plurality of respective remote endpoints. 2. The method of claim 1 , further comprising: decrypting an encrypted packet payload of each relayed data packet; and mixing decrypted audio from each decrypted packet payload to generate unencrypted mixed audio. 3. The method of claim 1 , further comprising: encrypting unencrypted mixed audio; and outputting the encrypted mixed audio for transmission to the respective remote endpoint. 4. The method of claim 1 , further comprising: receiving, by the conference-call server, a secure communication connection initiation request from each remote endpoint of the plurality of remote endpoints, wherein establishing the respective cryptographic relationships includes relaying key information from the respective remote endpoint to the corresponding secure hardware element of the plurality of secure hardware elements and is in response to receiving the respective secure communication connection initiation request. 5. The method of claim 4 , wherein establishing the respective cryptographic relationships comprises performing a key exchange to generate, for each secure hardware element of the plurality of secure hardware elements, a server decryption key for decrypting an encrypted packet payload and a server encryption key for encrypting the mixed audio. 6. The method of claim 1 , further comprising: receiving a global key from each remote endpoint of the plurality of remote endpoints; and authenticating the global key at least in part by determining whether the global key is valid for use to participate in the conference-call session. 7. The method of claim 6 , wherein authenticating the global key further comprises determining whether the global key is valid for a time and day on which a request for the global key is received. 8. The method of claim 6 , further comprising: receiving, at the conference-call server, a request for the global key from one of the remote endpoints for participation in the conference-call session; retrieving the global key from a key-management database; and sending the global key to the requesting remote endpoint. 9. The method of claim 1 , further comprising: receiving a segment key indicative of a group to which a user of the corresponding remote endpoint belongs; and authenticating the segment key by determining whether the segment key is valid for use to participate in the conference-call session. 10. The method of claim 1 , further comprising: receiving a segment-key request for a segment key from one of the remote endpoints corresponding to a group to which a user of at least one other remote endpoint belongs; retrieving the segment key from a key-management database; and sending the segment key to the requesting remote endpoint. 11. The method of claim 1 , wherein each of the respective cryptographic relationships is associated with security parameters that include the cryptographic key information, and are inaccessible to a communication interface. 12. A conference-call server comprising: a communication interface configured to communicate, during a conference-call session, a plurality of data packets to a plurality of remote endpoints of the conference-call session; and a cryptographic interface coupled to the communication interface, the cryptographic interface comprising a plurality of individual physical-connection ports, each connected to a secure hardware element of a plurality of secure hardware elements associated with the conference-call server, the cryptographic interface configured to receive the respective data packets sent from the respective remote endpoints and to relay the respective data packets to the respective secure hardware elements, wherein each secure hardware element is configured to establish respective cryptographic relationships between each of the plurality of respective secure hardware elements and the respective remote endpoint at least in part by negotiating, using the each of the plurality of respective secure hardware elements, respective endpoint-specific cryptographic key information for the conference call session with the each of the plurality of respective remote endpoints. 13. The conference-call server of claim 12 , further comprising an audio mixer, wherein each secure hardware element is further configured to decrypt an encrypted packet payload of each relayed data packet, and the audio mixer is configured to mix decrypted audio from each decrypted packet payload to generate unencrypted mixed audio. 14. The conference-call server of claim 12 , wherein each secure hardware element is further configured to encrypt unencrypted mixed audio, and the cryptographic interface is further configured to output the encrypted mixed audio for transmission to the respective remote endpoint. 15. The conference-call server of claim 12 , wherein the respective secure hardware elements of the plurality of secure hardware elements comprise respective microSD cards. 16. The conference-call server of claim 12 , wherein the cryptographic interface is a hardware interface to the plurality of secure hardware elements selected from the group consisting of: a smart card interface, a ball grid array (“BGA”) interface, a surface mount device (“SMD”) interface, and a printed circuit board (“PCB”) interface. 17. The conference-call server of claim 12 , wherein the cryptographic key information of each secure hardware element of the plurality of secure hardware elements comprises a server encryption key and a server decryption key, each respective key being generated using a key-exchange performed during establishment of the respective cryptographic relationship using key information received from the respective remote endpoint, wherein the server decryption key is used to decrypt an encrypted packet payload and the server encryption key is used to encrypt the mixed audio. 18. The conference-call server of claim 12 , further comprising a remote-endpoint-authentication module configured to authenticate a global key provided by a given remote endpoint of the plurality of remote endpoints during initiation of secure media session with the conference-call server, and validate a date and time associated with the global key. 19. The conference-call server of claim 18 , wherein the remote-endpoint-authentication module is further configured to validate a segment key provided by a given remote endpoint in the plurality of remote endpoints during initiation of the corresponding secure media session with the conference-call server, the segment key being indicative of a group identity of a user of the given remote endpoint. 20. The conference-call server of claim 18 , further compri