Modern telecommunications systems feature the routing of media information signals, such as audio or video, over one or more packet-based networks, such as the Internet. In Voice over Internet Protocol (or “VoIP”), for example, voice signals from the voice conversations to be routed are digitized and formatted into data packets, which are then transmitted through the network. A telecommunications network that is based on VoIP is able to transmit voice conversations between telecommunications endpoints that are able to access the network.
Each telecommunications endpoint, whether voice-capable or not, is a packet-based device that is capable of exchanging information with other devices; the endpoint exchanges information in a manner similar to how a personal computer is able to exchange information with other computers throughout the Internet. Consequently, the endpoint is vulnerable to many of the same or similar packet attacks as is a personal computer, such as “Denial-of-Service” (DoS) attacks. In fact, there are many sources of potential packet attacks that can be directed at an endpoint from within any of a variety of networks that are interconnected to the network used by the endpoint.
To improve the ability of the endpoint to withstand packet attacks, some type of authentication is necessary. Authentication enables the endpoint to decide which of the arriving packets are legitimate and which should be discarded. A standard protocol known as Secure Real-time Transport Protocol (SRTP) describes the procedures for performing one method of authentication. However, there is a drawback to this protocol. In order to authenticate a packet, it is necessary to compute a message digest over the header and the payload of the packet. This computation requires a significant amount of processing at the endpoint and can possibly overload the endpoint's processor.
Simpler schemes for authenticating each packet are available that require fewer processing resources. However, because of restrictions specified by SRTP and firewall behavior in the networks, it is typically not possible to append the additional information needed by the simpler schemes. Additionally, other applications unrelated to authentication can require the transmission of supplemental information, such as bits to convey additional control information for a particular feature. The problem is that unused bit positions in existing messages often do not exist and appended bits often cannot be transmitted, in order to convey the supplemental information.
What is needed is a technique to free up additional bit positions in each packet in a packet stream, for sending digital messages that contain supplemental information related to authentication or other purposes, without some of the disadvantages in the prior art.