Voice telecommunication infrastructures have traditionally been implemented with technologies very different from the technologies that are at the foundation of Internet-based communication systems. However, most telecommunications equipment providers and service providers are rapidly migrating their voice telecommunication applications to use IP networks for the transport of voice in the form of data. Such migrated applications are broadly referred to as Voice over Internet Protocol (VoIP). In particular, technologies supporting VoIP applications merge the transport of voice telephony data with the data transport for other IP-enabled applications on IP networks.
Adoption of IP telephony services by corporations and other large organizations is also accelerating. Many new VoIP deployments are targeted for internal use by corporations on their private local area networks (LANs). Additionally, VoIP technology also enables commercial telephony service providers to offer IP-based telephony for their commercial market customers. In particular, various Internet/IP telephony solutions are commercially available that provide communication services via the Internet (e.g., Vonage 2147 Route 27 Edison, N.J., USA 08817, Packet88x8, Inc. 2445 Mission College Blvd, Santa Clara, Calif. 95054, etc). As such IP telephony services gain popularity and interoperate with traditional Internet-based services (e.g., e-mail, instant messaging, display of graphics, video, music, popup advertising, corporate directory, accounting, expense management, package tracking, etc.), the communication appliances (e.g., IP telephones) utilizing such services will be subject to security attacks similar to those that Internet-connected personal computers (PCs) have experienced. The IP-based applications providing telephony services are often referred to as CTI Applications or “computer telephony interface applications” because these applications provide substantial interaction or communication between a communication appliance and an Internet (or Intranet) computer server (e.g., an email server) which may be also providing one or more telephony services. Moreover, such communication appliances enabled for CTI application access can experience particularly troublesome security attacks since they simultaneously connect to: (a) telephony networks for traditional telephony services (switched or otherwise) which have historically not exposed to hackers, and (b) data networks (which are frequently the target of hacking attempts, network storms, or malware, as one skilled in the art will understand). For example, in the current state of the art, the firmware for a CTI-enabled IP telephone must continuously monitor one or more IP ports thereby listening for network broadcast requests from the CTI applications that the phone's current user is authorized to use. Upon receiving an initial network broadcast request from substantially any CTI application, the IP telephone may, with minimal or no authentication and/or authorization checks, respond with information sufficient for a requesting CTI application to carry out unauthorized and/or damaging attacks, e.g., via the IP telephone. In particular, during an initial handshake exchange of information between the IP telephone and the CTI application, the IP telephone may provide the phone's IP address or its telephone number (also referred to as its “extension”). With an IP telephone's IP address or its telephone number captured, a rogue CTI application may impersonate (a.k.a. spoof) the IP telephone's identity for unintended and/or destructive purposes. These types of vulnerabilities can provide the opportunity for a number of network attacks, including:                (a) Denial of service (DOS) attacks, wherein an illicitly registered application floods an IP telephone with a sufficiently high volume of requests so that the telephone is effectively non-responsive to one or more legitimate network requests. Thus, e.g., the telephone may appear to a user of the telephone to be fully operative while in fact it is: (i) unresponsive to a legitimate network call (via the traditional telephony switched network or the packetized non-switched IP network), and/or (ii) prevented from timely incorporating a new firmware upgrade; and/or        (b) “Man-in-the-middle” attacks, wherein a non-registered or illicitly registered application monitors communications at an IP telephone (via either or both of the traditional telephony switched network or the packetized non-switched IP network), and intercepts a registration request by a legitimate application for spoofing a reply to the IP telephone or to the legitimate application. In particular, the illicit application could provide the legitimate application with a false IP address for sending login information so that the illicit application can then login to the legitimate application.        
Thus, it would be desirable to have IP telephones that are more secure from at least denial of services attacks, and man-in-the-middle attacks as well as other security compromising attacks from, e.g., hackers and/or illicit network applications. More particularly, it would be desirable to ensure that IP telephones do not blindly follow directions received from a network application without better determining that the application is a trusted information source.