ATIS report on centralized signing and signature validation for SHAKEN

ATIS published a technical report that describes a proposed architecture for a centralized signing and signature validation services used in a STIR/SHAKEN deployment. This blog post summarizes the rationale for this architecture.

Why centralize?

Sometimes a picture can be worth a thousand words. Here’s an illustration that helps explain the rationale:

ATIS 82 SHAKEN/STIR Reference Architecture

This illustration shows the path a call would take when authenticated and signed by the originating carrier and verified by the terminating carrier.

The ATIS report addresses a potential issue: what if a carrier has many call session controllers (switches, SBCs) in their network? Do you have to set up separate authentication, signing, verification and signature validation servers for each call session controller? Or could you set up just one centralized set of shared servers?

The ATIS report assumes that a carrier with many network devices performing authentication and verification would want to centralize the service. The report describes in detail how communication should take place between the authentication server and a centralized signing server and also between the verification server and a centralized signature validation server.

TransNexus STIR/SHAKEN architecture

We have developed STIR/SHAKEN functionality in our ClearIP and NexOSS software products. We also designed a centralized architecture for these products, but in a different way. Here’s an illustration:

TransNexus SHAKEN/STIR Reference Architecture

This arrangement also provides a centralized service that can be shared by many switches and SBCs throughout your network. The difference is that we have combined the logical functions into one centralized service within our ClearIP and NexOSS software. The software performs the authentication, signing, verification and signature validation services described in the ATIS document. The software handles all communications between these services internally.

In addition to caller ID authentication and verification, the software can provide many other services at the same time, such as routing, fraud and robocall prevention, LRN lookup, etc., all in the same dip.

Contact us today to learn how we can help you get ready for SHAKEN/STIR quickly.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.

Discover SHAKEN