Legal Entity Identifiers and call authentication
Could a standardized “Legal Entity Identifier” (LEI) help with call authentication? Some organizations believe it could. They’ve encouraged the FCC to incorporate LEI provisions into the Commission’s call authentication rules. Let’s have a look.
Global Legal Entity Identifier
The LEI initiative was established by the Financial Stability Board (FSB) in 2014. They wanted to find a better way to identify the parties behind financial transactions, especially securities trading. Regulators agreed that the 2008 financial crisis demonstrated the benefits that a standardized LEI could provide.
The FSB established the Global Legal Entity Identifier Foundation (GLEIF) as a non-profit organization to support the implementation and use of the LEI.
LEI creation is done by a network of approved vetting organizations that review and approve LEI applications and add entity-identifying information to a centralized database.
The LEI is a 20-character unique identifier. The LEI holder uses this number to identify itself with other organizations, who then look up identifying information about the LEI holder in the database.
Although its initial use was for participants in securities markets, the LEI framework could be useful in other Know-Your-Customer (KYC) situations, including call authentication.
LEI potential uses in call authentication
We can think of several call authentication use cases in which the LEI would add value:
- STI Policy Administrator (STI-PA) vetting of STI Certification Authority (STI-CA) applicants
- STI-PA vetting of SHAKEN-authorized service provider applicants for an SPC token
- STI-PA vetting of telephone number provider applicants for an SPC CA token
- STI-CA vetting of STI certificate applicants
- STI-CA vetting of telephone number provider applicants for a Subordinate CA certificate
- Subordinate CA vetting of delegate certificate applicants
In these situations, the reviewing entity needs identifying information from the applicant. The LEI framework could provide some of the information needed in a standardized format. This would speed up the vetting process.
What prevents a bad actor from impersonating another organization and spoofing its LEI?
The GLEIF thought of that and came up with a solution: Verifiable LEI. Of course, we’ll need an acronym, so they dubbed this the vLEI.
The vLEI is packaged in a digitally signed Verifiable Credential (VC). The vLEI holder presents its VC to a relying party, who then verifies it using Public Key Infrastructure (PKI) techniques.
Does this ring a bell? That’s right—it’s like the PKI techniques used with STI certificates in STIR/SHAKEN.
In the use case scenarios listed above, reviewers would leverage LEIs or vLEIs during the vetting process, not during call processing. Reviewers would have quick access to information in a standard format to support their vetting decisions.
For more information, see this ex parte notice submitted to the FCC by Numeracle and GLEIF to advocate for LEI use with STIR/SHAKEN.
TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.
Contact us today to learn more.
This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.
Our STIR/SHAKEN products:
- Work with your existing network
- Support SIP and TDM
- Affordable, easy to deploy