This article originally appeared in the January issue of INTERNET TELEPHONY magazine.

The most promising aspect of the VIPR technology is not just the ability to automatically and securely provision SIP routes between VoIP islands, but to also automatically update and remove these routes when a user changes its phone number.

The traditional way of bridging VoIP islands is to use SIP peering. Establishing peering between two VoIP domains generally requires engineers from each side talking to each other and doing some interoperability tests (although the reality is that these tests are more about negotiating a minimal common denominator than to try to offer advanced features to their customers. The resulting common denominator is rarely better for the end user than what the PSTN provided before the peering). The next step is to exchange in some form the list of phone numbers that can be directly reached via this peering. The difficulty here is to be sure that this list is up to date, and will stay up to date.

VIPR works differently. All the VIPR domains willing to participate store their list of phone numbers in a unique distributed database (using IETF's RELOAD protocol). Nobody owns this distributed database, as it is composed of servers that are contributed by each VIPR domain. VIPR domains that do not want to reveal too much about their phones numbers to competitors can use a strategy where they also store phone numbers that they do not own – this does not prevent the VIPR protocol from working, and will add enough noise to the database to make any data mining difficult.

Because it is supposed to be maintained by the real owners of a phone number, ENUM, another technology designed to bridge VoIP islands, shares the same agility as VIPR to maintain a correct mapping between a phone number and a SIP route. What ENUM does not have is a way to reduce the possibility of VoIP SPAM to reach this phone number. Instead of publishing the SIP route for a specific phone number directly inside the distributed database, VIPR indirectly publishes the IP address and port of a PSTN Verification Protocol (PVP) server, a server managed by the VIPR domain that registers the phone number. This PVP server will use a previous PSTN call to this phone number to assert that the VIPR domain requesting a SIP route is really the originator of the call, and will return back a unique SIP route that can be used only by this VIPR domain. This is guaranteed by a cryptological token associated with the SIP route without which the call will be rejected, preventing VoIP phones to call this phone number without making at least one PSTN call before.

One difficulty is to prove to the VIPR domain that registered a phone number that the other VIPR domain knows the details of this call without revealing those details. To solve this problem VIPR uses a clever cryptographic algorithm called a zero-knowledge proof. Because of this algorithm a VIPR domain cannot guess the details of a phone call made by another domain, and this is why it does not matter if domains fill the distributed database with phone numbers that they do not own.

One area where innovation will take place in the coming years is about the information exchanged to validate the PSTN call. VIPR defines two basic sets of data (also known as PVP methods) which use the called number, the caller ID (if available), and the date and time of the beginning and end of the phone call. These two methods will cover a large percentage of the calls to verify, but not phone calls made from an analog line (this is because there is no indication of when the called party picked up the handset). New methods will not only work for analog lines but will also permit this verification faster and more securely. Examples of new methods could be to exchange the unique characteristics of the voices participating on the call, or to inject a unique and not audible sound pattern into the call (a technique known as fingerprinting), and so on.

Marc Petit-Huguenin (News - Alert) is CTO and co-Founder of Stonyfish Inc. (http://stonyfish.com). He also blogs at http://blog.marc.petit-huguenin.org.<authorbio>