SIP INVITE (initial) and MWI message in a session can be challenged by the endpoint. The
purpose of this challenge is to restrict the SIP servers that are permitted to interact with the
devices on the service provider network, which significantly increases the security of the VoIP
network by preventing malicious attacks against the device.

In addition, the Auth INVITE option for Lines 1 and 2 enables the challenging of incoming initial
SIP INVITE requests.

SIP Over TLS

Transport layer security (TLS) is a standard protocol for securing and authenticating
communications over the Internet.

SIP Over TLS eliminates the possibility of malicious activity by encrypting the SIP messages by
the SIP proxy of the service provider and the end user. SIP Over TLS relies on the widely-
deployed and standardized Transport Layer Security (TLS) protocol. Note that SIP Over TLS
encrypts only the signaling messages and not the media. A separate secure protocol such as
Secure Real-Time Transport Protocol (SRTP) (see below) can be used to encrypt voice packets.

The TLS protocol has two layers: