Modern telecommunications systems feature the routing of media information signals, such as audio or video, over one or more packet-based networks, such as the Internet. In Voice over Internet Protocol (or “VoIP”), for example, voice signals from the voice conversations to be routed are digitized and formatted into data packets, which are then transmitted through the network. A telecommunications network that is based on VoIP is able to transmit voice conversations between telecommunications endpoints that are able to access the network.
Each telecommunications endpoint, whether voice-capable or not, is a packet-based device that is capable of exchanging information with other devices; the endpoint exchanges information in a manner similar to how a personal computer is able to exchange information with other computers throughout the Internet. Consequently, the endpoint is vulnerable to many of the same or similar packet attacks as is a personal computer, such as “Denial-of-Service” (DoS) attacks. In fact, there are many sources of potential packet attacks that can be directed at an endpoint from within any of a variety of networks that are interconnected to the network used by the endpoint.
To improve the ability of the endpoint to withstand packet attacks, some type of authentication is necessary. Authentication enables the endpoint to decide which of the arriving packets are legitimate and which should be discarded. A standard protocol known as Secure Real-time Transport Protocol (SRTP) describes the procedures for performing one method of authentication. However, there is a drawback to this protocol. In order to authenticate a packet, it is necessary to compute a message digest over the header and the payload of the packet. This computation requires a significant amount of processing at the endpoint and can possibly overload the endpoint's processor.
Simpler schemes for authenticating each packet are available that require fewer processing resources. However, because of restrictions specified by SRTP and firewall behavior in the networks, it is typically not possible to append the additional information needed by the simpler schemes. Additionally, other applications unrelated to authentication can require the transmission of supplemental information, such as bits to convey additional control information for a particular feature. The problem is that unused bit positions in existing messages often do not exist and appended bits often cannot be transmitted, in order to convey the supplemental information.
Furthermore, due to processing path complexity, knowing where in the processing path to consider introducing the supplemental information to be sent can be challenging. As depicted in FIG. 1, transmit processing path 100 comprises information compression, as performed by compressor 111; encryption of the compressed signal, as performed by encryptor 112; and channel coding of the encrypted signal, as performed by channel coder 113. With respect to the encryption processing, a block of data to be encrypted is typically sent through many stages of encryption operations that involve secret keys. In this case, every bit of the output data is affected by every bit of the input data. Care must be taken as to where supplemental information is added to the processed signal, as tampering with encrypted data can lead to disastrous results during the decryption of the processed signal at the receive node.
What is needed is a technique to free up additional bit positions in each packet in a packet stream, for sending digital messages that contain supplemental information related to authentication or other purposes, while maintaining the integrity of the processed signal and without some of the disadvantages in the prior art.