0

Express Proxy Service

 

The Sansay STIR/SHAKEN Express is a complete service for STIR/SHAKEN compliance. It enables Service Providers to implement STIR/SHAKEN with minimal disruption to existing voice infrastructure (e.g. PBX, switch) by handling all aspects of call signing and SIP transit. This solution is particularly valuable for providers without SBCs, or for those with legacy systems where integrating STIR/SHAKEN would be challenging.

Call Flow

The Express Proxy is an optional software component. This proxy is a Sansay VSXi SBC purposely used to streamline compliance with any voice infrastructure (e.g. PBX, switch). It is different in that it solves the compliance problem and unlike other solutions it simplifies management.

 

Call signing happens on any "outbound call" made by your subscriber(s). The call flow would look like this:

  1. Subscriber makes call (i.e. outbound call). This can come in the form of SIP or analog/TDM.

  2. PBX relays the call to its destination. Sansay Express replaces the Underlying Carrier as the PBX's next hop.

  3. Sansay Express receives the INVITE. While it will usually arrive without an ID header it can handle either scenario. Any unsigned calls will be signed. The additional treatments can take place as part of Express call processing:

    1. Do Not Originate, to block the origination of illegitimate clals.

    2. Optional LNP dipping for routing optimization.

    3. Optional LCR for cost reduction.

    4. Optional real-time fraud protection with live call disconnect.

  4. Sansay Express relays signed call to the Underlying Carrier(s) to achieve compliance.

The Express Proxy enhances the flexibility and ease of deployment in complex or legacy environments

Configuration

The initial configuration consists of five steps:

  1. STIR/SHAKEN certificate/keystore.  The configuration supports manually obtained certificates. Customers using Sansay STI-CA can opt for automatic certificate renewals.
    1. Manual import require a private key in PEM format and an HTTPS STI-CR (Certificate Repository) URL.
  2. STIR/SHAKEN attestation. This steps consists in defining your attestation policies to determine which calls receive A, B or C level attestation as applicable. We can assist in integrating with your DID provider(s) to retrieve your DIDs for A-level signing.
  3. Originating trunk.  This step consists in whitelisting your devices (e.g. PBXs, switch) in the form of single hosts (/32) or subnet IP addresses.  By default all originating trunks will have the call signing service enabled (STI-AS).
  4. Termination trunks. Define your underlying carriers trunks. Participating carriers trunks will be built already. The trunk definition consists in defining the hosts or FQDNs domains of the provider. By default all termination trunks will come with STIR/SHAKEN Identity Header pass-thru enabled. 

Optional steps include: LNP dipping, LCR and fraud-protection. 

Certificate/Keystore

 After submission the certificate will be displayed including any issues fetching the certificate URL and its expiration date.

 Attestation Policies

 

 Originating Trunk(s)

Originating Trunks are defined as "Customer Trunks". This can be one or more as you see fit. Many IPs are supported in a single trunk. 

 Termination Trunk(s)

Termination Trunks are called "Vendors" 

 That's it as far as configuration goes. ✅

Reply

null
Login to reply

Content aside

Related Articles
Express Proxy Service
Complete Guide to Deploy STIR/SHAKEN
Rich Call Data
Diversion ("div") PASSporT
Canadian CST-GA, STI-PA and STI-CA on-boarding steps
Delegate Certificates
STIR/SHAKEN Quick Start Guide
NSS AWS EC2 Deployment Guide
NSS User Guide
How to Obtain, Renew and Manage your STIR/SHAKEN Certificate
Creating an NSS VM Instance
Working with the STI-PA
STIR/SHAKEN Standards List