Why you might use a Centralized SHAKEN Server, and how

ATIS published a technical report that describes a Centralized Signing and Signature Validation Services architecture than can be used in a STIR/SHAKEN deployment. Let’s look at why you might use that, and how.

Why centralize?

The ATIS report addresses a potential issue: what if a carrier has many call session controllers (switches, SBCs) in their network? Do you have to set up separate authentication, signing, verification and signature validation servers for each call session controller? Or could you set up just one centralized set of shared servers?

The ATIS report assumes that a carrier with many network devices performing authentication and verification would want to centralize the service. The report describes in detail how communication should take place between the authentication server and a centralized signing server and also between the verification server and a centralized signature validation server.

This illustration shows the path a call would take when authenticated and signed by the originating carrier and verified by the terminating carrier.

ATIS 82 SHAKEN/STIR Reference Architecture

The Authentication Service and Verification Service are lightweight applications that send requests to the centralized Signing Service and Signature Validation Service via HTTP. The Signing Service and Signature Validation Service could be combined into a single centralized server.

Centralized SHAKEN Server

TransNexus STIR/SHAKEN architecture

We have developed STIR/SHAKEN functionality in our ClearIP and NexOSS software products. The authentication and verification services receive signing and verification requests as SIP messages (per ATIS-1000074).

In addition, NexOSS can be configured as a centralized SHAKEN server using HTTP per ATIS-1000082 on a call-by-call basis.

The NexOSS Centralized SHAKEN Server can be integrated with a softswitch or policy engine at the center of a network or with Session Border Controllers (SBCs) at the network edge.

Centralized deployment

Centralized deployment

Deployed at the network edge

Deployed at the network edge

This architecture provides plug-and-play interoperability with any network equipment:

  • Ribbon PSX
  • Metaswitch Perimeta
  • Oracle Acme Packet
  • And any other system that supports ATIS-1000082.

TransNexus solutions

We offer STIR/SHAKEN and robocall prevention solutions in our ClearIP and NexOSS software platforms.

In addition, we help service providers with all aspects of STIR/SHAKEN deployment, including registering with the Policy Administrator and filing their Robocall Mitigation certification with the FCC.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.