Abstract: Nowadays the problem how to authenticate mutually and then agree on a session key has not efficiently been solved in SIP communications. An identity-based cryptosystem key agreement protocol between different domains is therefore designed and based on it, an authentication and key agreement mechanism are proposed for SIP communications. The mechanism proposed rises above the difficulties of unilateral authentication and pre-sharing key under conditions of HTTP digest authentication, thus eliminating the deficiencies due to S/MIME protocol that is a certificate-based authentication without key agreement function provided. Moreover, it enables the SIP entities in different domains to use different system parameters. The security analysis and its implementation reveal that this mechanism can implement the transdomain bilateral authentication between SIP entities and provide the key agreement function for confidential transmission of subsequent media streaming and, simultaneously, meet the performance requirements of SIP communications.