A compact secure data communication method is disclosed. In one embodiment, a compact security protocol provides cryptographic services on IP, UDP, and TCP packets with minimal bandwidth degradation due to encapsulation overhead. The disclosed protocol may be used, for example, in converged networks that carry both voice-over-IP and data traffic in and wireless networks, in which it is imperative to minimize per-packet overhead. The disclosed protocol provides as much security as possible, by authenticating the uncompressed headers rather than the compressed headers.