NSS Query Record Specification
NSS generates two different files per record. STI records provide detailed information contained in the SHAKEN PASSporT. QDR records provide details about the transaction with important fields that are also present in the STI record.
STI and QDRs can be downloaded via SSH, SCP or SFTP from each of your NSS systems.
STI-File Field Description
| Parameter |
Max ASCII Characters |
Description (JSON Format) |
QDR File |
STI File |
Included in Version |
| PASSPorT Header |
1024 |
alg, ppt,typ,x5u claims |
✓ |
N1.4 |
|
| PASSPorT Payload |
1024 |
attest, dest tn, iat, orig tn, origid claims |
✓ |
N |
|
| STI Identity Header |
2048 |
base64url string, alg, ppt claims |
✓ |
N |
|
| Status for Verification |
20 |
“verstat”=”TN-Validation-Passed” | “No-TN-Validation” | “TN-Validation-Failed” |
✓ |
N |
|
| Verification Status |
20 |
Response of the verification process |
✓ |
N |
|
| Reason Header |
40 |
“SIP;cause=302;text=\”no-fraud-detected\”” |
✓ |
N |
STI Record Example
{
"sequence-id": "000000002",
"version": "N1.4",
"record-type": "R",
"session-id": "08742-01331234",
"date": "2019-05-09 16:56:00",
"passport-header":
{"alg":"RS256","ppt":"shaken","typ":"passport","x5u":"https://ca-auth1.sansay.com/sansay.crt"},
"passport-payload":
{"attest":"A","dest":{"tn":["8587542213"]},"iat":1557446160,"orig":{"tn":"3022002001"},"origid":"730014cd-0900-11e0-b5dd-001e67086918"},
"identity-header":
"eyJhbGciOiJSUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jYS1hdXRoMS5zYW5zYXkuY29tL3NhbnNheS5jcnQifQ.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI4NTg3NTQyMjEzIl19LCJpYXQiOjE1NTc0NDYxNjAsIm9yaWciOnsidG4iOiIzMDIyMDAyMDAxIn0sIm9yaWdpZCI6IjczMDAxNGNkLTA5MDAtMTFlMC1iNWRkLTAwMWU2NzA4NjkxOCJ9.p-PZsls5DD2xUtuOiw24_avxSSeQnJWuWEjyJxSp2qmaWN0YACxBVF8WFSuPjTSSfGg-AfbBzl6DabsTxbzfX3A6ks3MabneO0cf9-nJIym7b9EoY66VcGW4wymWoK4RlkG_WS2Im5VWs0fBzCBEpD4-o25v9_Y5Midal4yvJRAsG6WEDjgf0BRdCl09RizzgY1EEkJACqQSWGFHq1_Y57UhRQPJN_rTG4ORvyF9u6-3EYHNTp4UY-VbinWp7EPPuIOq_qIUaCJpPW6cDqd76ni_GZAmnRqQubzF6XPZFko7UM3EyR19XrmrymZ3HCxUr5MD5MmL8prjSQvlx0eaNQ;info=<https://ca-auth1.sansay.com/sansay.crt>;alg=RS256;ppt=\"shaken\""
}
{
"sequence-num": "117408960",
"version": "N1.4",
"record-type": "R",
"session-id": "4-277",
"date": "2020-12-24 06:48:59",
"passport-header":
{"alg":"ES256","ppt":"shaken","typ":"passport","x5u":"https://cr.sansay.com/r2_es256_1127.crt"},
"passport-payload":
{"attest":"A","dest": {"tn":["1777"]}, "iat":1608792539,"orig": {"tn":"166223"},"origid":"564dd3e6-2d18-f79c-343c-2aa5bf476e81"},
"identity-header":
"eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jci5zYW5zYXkuY29tL3IyX2VzMjU2XzExMjcuY3J0In0.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxNzc3Il19LCJpYXQiOjE2MDg3OTI1MzksIm9yaWciOnsidG4iOiIxNjYyMjMifSwib3JpZ2lkIjoiNTY0ZGQzZTYtMmQxOC1mNzljLTM0M2MtMmFhNWJmNDc2ZTgxIn0.pFuBXO0fsqR3VkBWyRndVQNmtp59Khna4lvXkOOv2yUY9LVepmKABVzj0SnozEM7YsI3tKzoH-TsB0uV1Bfkmw;info=<https://cr.sansay.com/r2_es256_1127.crt>;alg=ES256;ppt=\"shaken\"",
"verstat": "TN-Validation-Passed",
"verify-response": "SVMP_OK",
"reason-header": "SIP;cause=302;text=\"no-fraud-detected\"" }
QDR File Field Description
QDR Header
| Parameter |
Max ASCII Characters |
Description |
Notes |
| Record Sequence Number |
9 |
Unique identification of this record |
|
| Version Number |
5 |
Format version number of records to follow |
|
| Record Type |
1 |
Type of QDR being generated. |
|
| Record Data |
Variable |
Parameters as defined in the body. |
|
- QDR fields without any data will be blank.
- The character semi-colon (;) is used as the field delimiter to separate the fields of a QDR record.
- Each QDR record in the file is separated by line feed “\n”.
QDR Body
| Parameter |
Max ASCII Characters |
Description |
QDR File |
STI File |
Included in Version |
| SessionID |
32 |
Unique ID assigned to the query by the ROME system. |
✓ |
✓ |
|
| Start Date Time |
32 |
Date and Time when the query entered the system in MySQL format. This is the local date and time. |
✓ |
✓ |
|
| Process time in msecs |
6 |
Process time in milliseconds |
✓ |
||
| Minutes West of Greenwich Mean Time (String) |
4 |
Used to calculate the absolute time (0-1440). |
✓ |
||
| Origination Query Mode (String) |
6 |
“STI-AS” or “STI-VS” |
✓ |
N1.4 |
|
| Origination Query Protocol (String) |
6 |
“SIP” or “REST” |
✓ |
N1.4 | |
| Origination Source Host Name |
128 |
FQDN or IP address for source SBC |
✓ |
||
| Origination Trunk ID String |
6 |
Trunk ID of the origination SBC |
✓ |
|
|
| Origination Service Port |
6 |
Service Port Number of the source SBC |
✓ |
||
| Reserved |
1 |
Reserved A |
✓ |
|
|
| Origination Source Number (see ANI input selection) |
41 |
‘0-9’,’+’, “none” |
✓ |
||
| Input Selection (ANI input selection) |
10 |
‘PCHARGEINFO’: P-Charge-Info was used ‘RPID’: Remote Party Identification was used ‘PAI’: P-Asserted-Identity was used ‘JIP’: Jurisdiction Information Parameter was used ‘ANI’: ANI was used |
✓ |
||
| Origination Destination Number (DNIS) |
41 |
‘0-9’,’+’, “none” |
✓ |
||
| Reserved |
1 |
Reserved B |
✓ |
|
|
| Origination Query ID |
128 |
Unique ID for the query from the SBC |
✓ |
||
| Release Cause Description |
32 |
Release cause string |
✓ |
||
| Release Cause Value |
4 |
Value of release cause (decimal) |
✓ |
||
| Epoch Time |
16 |
Number of seconds elapsed since 1970-01-01 |
✓ |
||
| Reserved (used to be Algorithm Used) |
1 |
Reserved C |
✓ |
|
|
| Reserved |
1 |
Reserved D |
✓ |
|
|
| Reserved |
1 |
Reserved E |
✓ |
|
|
| Reserved |
1 |
Reserved F |
✓ |
|
|
| Reserved |
1 |
Reserved G |
✓ |
|
|
| Reserved |
1 |
Reserved H |
✓ |
|
|
| Reserved |
1 |
Reserved I |
✓ |
|
|
| Status |
20 |
authstat= [0 | 1] Or verstat=TN-Validation-Success(0), No-TN-Validation(1), TN-Validation-Failed(2) |
✓ |
N1.4 |
QDR Record Example
185407447;N1.4;R;0-9;2019-04-26 04:57:39;40;0;STI_AS;10.10.2.91;1;1;;3022002002;ANI;8323456781;;1-4795@10.10.2.91;Moved Temporarily;0302;;;;;;;;1556254659;1; 185407447;N1.4;R;0-9;2019-04-26 04:57:39;40;0;STI_VS;10.10.2.91;1;1;;3022002002;ANI;8323456781;;1-4795@10.10.2.91;Moved Temporarily;0302;;;;;;;;1556254659;TN-Validation-Passed;
QDR Download
QDRs can be downloaded via SSH, SCP and SFTP. QDRs are accessed using the 'qdr' username. The QDR user password is configured via GUI:
Only whitelisted IPs (System > Trusted Hosts) will be able to establish a SSH/SFTP connection.
Optional: SSH keys setup
If you wish to use ssh keys to access the system you would also need to do the following:
Create a .ssh directory in /home/qdr/:
mkdir /home/qdr/.ssh
Add an authorized_keys file to the .ssh directory with permissons of 600:
touch /home/qdr/.ssh/authorized_keys
chmod 600 /home/qdr/.ssh/authorized_keys
Then you need to generate a key on the remote system (below is linux example):
ssh-keygen -t rsa
ssh-copy-id qdr@1.2.3.4 (replace 1.2.3.4 with IP of the Sansay)