NSS Query Record Specification
NSS generates two different files per record. STI records provide detailed information contained in the SHAKEN PASSporT. QDR records provide details about the transaction with important fields that are also present in the STI record.
STI and QDRs can be downloaded via SSH, SCP or SFTP from each of your NSS systems.
STI-File Field Description
Parameter |
Max ASCII Characters |
Description (JSON Format) |
QDR File |
STI File |
Included in Version |
PASSPorT Header |
1024 |
alg, ppt,typ,x5u claims |
✓ |
N1.4 |
|
PASSPorT Payload |
1024 |
attest, dest tn, iat, orig tn, origid claims |
✓ |
N |
|
STI Identity Header |
2048 |
base64url string, alg, ppt claims |
✓ |
N |
|
Status for Verification |
20 |
“verstat”=”TN-Validation-Passed” | “No-TN-Validation” | “TN-Validation-Failed” |
✓ |
N |
|
Verification Status |
20 |
Response of the verification process |
✓ |
N |
|
Reason Header |
40 |
“SIP;cause=302;text=\”no-fraud-detected\”” |
✓ |
N |
STI Record Example
{
"sequence-id": "000000002",
"version": "N1.4",
"record-type": "R",
"session-id": "08742-01331234",
"date": "2019-05-09 16:56:00",
"passport-header":
{"alg":"RS256","ppt":"shaken","typ":"passport","x5u":"https://ca-auth1.sansay.com/sansay.crt"},
"passport-payload":
{"attest":"A","dest":{"tn":["8587542213"]},"iat":1557446160,"orig":{"tn":"3022002001"},"origid":"730014cd-0900-11e0-b5dd-001e67086918"},
"identity-header":
"eyJhbGciOiJSUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jYS1hdXRoMS5zYW5zYXkuY29tL3NhbnNheS5jcnQifQ.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI4NTg3NTQyMjEzIl19LCJpYXQiOjE1NTc0NDYxNjAsIm9yaWciOnsidG4iOiIzMDIyMDAyMDAxIn0sIm9yaWdpZCI6IjczMDAxNGNkLTA5MDAtMTFlMC1iNWRkLTAwMWU2NzA4NjkxOCJ9.p-PZsls5DD2xUtuOiw24_avxSSeQnJWuWEjyJxSp2qmaWN0YACxBVF8WFSuPjTSSfGg-AfbBzl6DabsTxbzfX3A6ks3MabneO0cf9-nJIym7b9EoY66VcGW4wymWoK4RlkG_WS2Im5VWs0fBzCBEpD4-o25v9_Y5Midal4yvJRAsG6WEDjgf0BRdCl09RizzgY1EEkJACqQSWGFHq1_Y57UhRQPJN_rTG4ORvyF9u6-3EYHNTp4UY-VbinWp7EPPuIOq_qIUaCJpPW6cDqd76ni_GZAmnRqQubzF6XPZFko7UM3EyR19XrmrymZ3HCxUr5MD5MmL8prjSQvlx0eaNQ;info=<https://ca-auth1.sansay.com/sansay.crt>;alg=RS256;ppt=\"shaken\""
}
{
"sequence-num": "117408960",
"version": "N1.4",
"record-type": "R",
"session-id": "4-277",
"date": "2020-12-24 06:48:59",
"passport-header":
{"alg":"ES256","ppt":"shaken","typ":"passport","x5u":"https://cr.sansay.com/r2_es256_1127.crt"},
"passport-payload":
{"attest":"A","dest": {"tn":["1777"]}, "iat":1608792539,"orig": {"tn":"166223"},"origid":"564dd3e6-2d18-f79c-343c-2aa5bf476e81"},
"identity-header":
"eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jci5zYW5zYXkuY29tL3IyX2VzMjU2XzExMjcuY3J0In0.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxNzc3Il19LCJpYXQiOjE2MDg3OTI1MzksIm9yaWciOnsidG4iOiIxNjYyMjMifSwib3JpZ2lkIjoiNTY0ZGQzZTYtMmQxOC1mNzljLTM0M2MtMmFhNWJmNDc2ZTgxIn0.pFuBXO0fsqR3VkBWyRndVQNmtp59Khna4lvXkOOv2yUY9LVepmKABVzj0SnozEM7YsI3tKzoH-TsB0uV1Bfkmw;info=<https://cr.sansay.com/r2_es256_1127.crt>;alg=ES256;ppt=\"shaken\"",
"verstat": "TN-Validation-Passed",
"verify-response": "SVMP_OK",
"reason-header": "SIP;cause=302;text=\"no-fraud-detected\"" }
QDR File Field Description
QDR Body for NSS-A/V (Version N1.7)
New fields MUST BE added to the end of the list.
Field Number |
Parameter |
Max ASCII Characters |
Description |
NSS-A/V qdr file |
NSS-A/V sti file (JSON) |
Included in Version |
4 |
SessionID |
32 |
Unique ID assigned to the query by the ROME system. |
✓ |
✓ |
N1.4 |
5 |
Start Date Time |
32 |
Date and Time when the query entered the system in MySQL format. This is the local date and time. |
✓ |
✓ |
|
6 |
Process time in msecs |
6 |
Process time in milliseconds |
✓ |
||
7 |
Minutes West of Greenwich Mean Time (String) |
4 |
Used to calculate the absolute time (0-1440). |
✓ |
||
8 |
Origination Query Mode (String) |
6 |
“STI-AS” or “STI-VS” |
✓ |
Added in version N1.4 |
|
9 |
Origination Query Protocol (String) |
6 |
“SIP” or “REST” |
✓ |
||
10 |
Origination Source Host Name |
128 |
FQDN or IP address for source SBC |
✓ |
||
11 |
Origination Trunk ID String |
6 |
Trunk ID of the origination SBC |
✓ |
Added in version N1.4 |
|
12 |
Origination Service Port |
6 |
Service Port Number of the source SBC |
✓ |
||
13 |
Reserved |
1 |
Reserved A |
✓ |
Added in version N1.4 |
|
14 |
Origination Source Number (see ANI input selection) |
41 |
‘0-9’,’+’, “none” |
✓ |
||
15 |
Input Selection (ANI input selection) |
10 |
‘PCHARGEINFO’: P-Charge-Info was used ‘RPID’: Remote Party Identification was used ‘PAI’: P-Asserted-Identity was used ‘JIP’: Jurisdiction Information Parameter was used ‘ANI’: ANI was used |
✓ |
||
16 |
Origination Destination Number (DNIS) |
41 |
‘0-9’,’+’, “none” |
✓ |
||
17 |
Reserved |
1 |
Reserved B |
✓ |
Added in version N1.4 |
|
18 |
Origination Query ID |
128 |
Unique ID for the query from the SBC |
✓ |
||
19 |
Release Cause Description |
32 |
Release cause string |
✓ |
||
20 |
Release Cause Value |
4 |
Value of release cause (decimal) |
✓ |
||
21 |
Epoch Time |
16 |
Number of seconds elapsed since 1970-01-01 |
✓ |
||
22 |
Reserved (used to be Algorithm Used) |
1 |
Reserved C |
✓ |
Added in version N1.4 |
|
23 |
Reserved |
1 |
Reserved D |
✓ |
Added in version N1.4 |
|
24 |
Reserved |
1 |
Reserved E |
✓ |
Added in version N1.4 |
|
25 |
Reserved |
1 |
Reserved F |
✓ |
Added in version N1.4 |
|
26 |
Reserved |
1 |
Reserved G |
✓ |
Added in version N1.4 |
|
27 |
Reserved |
1 |
Reserved H |
✓ |
Added in version N1.4 |
|
28 |
Reserved |
1 |
Reserved I |
✓ |
Added in version N1.4 |
|
22 |
Status |
20 |
authstat= [0 | 1] Or verstat=TN-Validation-Success(0), No-TN-Validation(1), TN-Validation-Failed(2) |
✓ |
||
23 |
Delegate CA Indicator |
1 |
‘’ (null): not applicable ‘B’: signed BASE PASSporT ‘V’: verified BASE PASSporT ‘R’: received BASE PASSporT, parent CA re-signed successfully with SHAKEN PASSporT ‘S’: received BASE PASSporT, verified failed, but signed with SHAKEN PASSporT regardless ‘F’: received BASE PASSporT, verified failed, and sign with SHAKEN PASSporT failed also |
✓ |
Added in N1.5 |
|
24 |
Diversion Header Number |
1 |
0: not applicable 1-2: number of SIP Diversion header received (3 and above is currently not supported) |
✓ |
Added in N1.6 |
|
25 |
RCD ProfileID |
6 |
STI-AS (empty): if no RCD profile id 1-999999: RCD profile id STI-VS (empty): if no RCD PASSporT present ‘R’: if RCD identity header present ‘S’: if RCD PASSporT is in SHAKEN |
✓ |
✓ |
Added in N1.7 |
26 |
RCD nam |
128 |
STI-VS only |
✓ |
✓ |
Added in N1.7 |
QDR Record Example
185407447;N1.4;R;0-9;2019-04-26 04:57:39;40;0;STI_AS;10.10.2.91;1;1;;3022002002;ANI;8323456781;;1-4795@10.10.2.91;Moved Temporarily;0302;;;;;;;;1556254659;1; 185407447;N1.4;R;0-9;2019-04-26 04:57:39;40;0;STI_VS;10.10.2.91;1;1;;3022002002;ANI;8323456781;;1-4795@10.10.2.91;Moved Temporarily;0302;;;;;;;;1556254659;TN-Validation-Passed;
QDR Download
QDRs can be downloaded via SSH, SCP and SFTP. QDRs are accessed using the 'qdr' username. The QDR user password is configured via GUI:
Only whitelisted IPs (System > Trusted Hosts) will be able to establish a SSH/SFTP connection.
Optional: SSH keys setup
If you wish to use ssh keys to access the system you would also need to do the following:
Create a .ssh directory in /home/qdr/:
mkdir /home/qdr/.ssh
Add an authorized_keys file to the .ssh directory with permissons of 600:
touch /home/qdr/.ssh/authorized_keys
chmod 600 /home/qdr/.ssh/authorized_keys
Then you need to generate a key on the remote system (below is linux example):
ssh-keygen -t rsa
ssh-copy-id qdr@1.2.3.4 (replace 1.2.3.4 with IP of the Sansay)