ATIS report on centralized signing and signature validation for SHAKEN

Discover SHAKEN

ATIS published a technical report that describes a proposed architecture for a centralized signing and signature validation services used in a SHAKEN/STIR deployment. This blog post summarizes the rationale for this architecture.

Why centralize?

Sometimes a picture can be worth a thousand words. Here’s an illustration that helps explain the rationale:

ATIS 82 SHAKEN/STIR Reference Architecture

This illustration shows the path a call would take when authenticated and signed by the originating carrier and verified by the terminating carrier.

The ATIS report addresses a potential issue: what if a carrier has many call session controllers (switches, SBCs) in their network? Do you have to set up separate authentication, signing, verification and signature validation servers for each call session controller? Or could you set up just one centralized set of shared servers?

The ATIS report assumes that a carrier with many network devices performing authentication and verification would want to centralize the service. The report describes in detail how communication should take place between the authentication server and a centralized signing server and also between the verification server and a centralized signature validation server.

TransNexus SHAKEN architecture

We have developed SHAKEN/STIR functionality in our ClearIP and NexOSS software products. We also designed a centralized architecture for these products, but in a different way. Here’s an illustration:

TransNexus SHAKEN/STIR Reference Architecture

This arrangement also provides a centralized service that can be shared by many switches and SBCs throughout your network. The difference is that we have combined the logical functions into one centralized service within our ClearIP and NexOSS software. The software performs the authentication, signing, verification and signature validation services described in the ATIS document. The software handles all communications between these services internally.

In addition to caller ID authentication and verification, the software can provide many other services at the same time, such as routing, fraud and robocall prevention, LRN lookup, etc., all in the same dip.

TransNexus SHAKEN/STIR support

We have developed SHAKEN/STIR functionality in our ClearIP and NexOSS software products. These are ready for testing and production deployment today.

We also offer a Discover SHAKEN Workshop to help carriers learn about the framework and review their options for deploying it within the context of your specific business scenarios and network technologies. Contact us today to learn how we can help you get ready for SHAKEN quickly.