If no encryption key necessary for performing encrypted communication to opposite communication terminal 6 exists, subscriber terminal 5 transmits key exchange proxy request message to service control unit 1. The service control unit 1 transfer the key exchange proxy request to key exchange proxy server 2 based on service profile transmitted from authentication server 3. The key exchange proxy server 2 decides key by transmitting/receiving key exchange message to/from the opposite communication terminal 6. A message including the decided key is transmitted to the service control unit 1. The service control unit transfer the message from the key exchange proxy server 2 with the key to the subscriber terminal 5 based on the service profile. Then, encrypted communication between the subscriber terminal 5 and the opposite communication terminal 6 is performed.