A security management method in multimedia middleware of a terminal that can download a multimedia service provided from an external entity. The security management method includes if there is an access request for a particular multimedia service, determining whether there is a corresponding multimedia service; if the access-requested multimedia service does not exist in middleware of the terminal, performing negotiation for secure session setup with the external entity; setting up a secure session to the external entity using a security parameter selected as a result of the negotiation; and receiving information for the download from the external entity through the secure session, and determining whether to execute the download.