Working with the STI-PA
Registration Phase
In the United States, the first step to become part of the STIR/SHAKEN ecosystem is to apply to the STI-PA (iconectiv). Registration is done via this link: https://authenticate.iconectiv.com/service-provider-authenticate
What you will need:
Current 499A
Line 105 file type must show that you are either
CAP/CLEC
Integrated VoIP Provider
Cellular/PCS/SMR wireless telephone provider
Notes: If your 499A identifies you as an Integrated VoIP provider and you do not currently have an OCN, you must file with the FCC for the IPES designation. You will need:
CPCN for each state where you operate
You must file a Docket for Application for Authorization to Obtain Numbering Resources through the FCC ECFS online filing system. The Docket must include:
A confidential redacted copy or copies of your Inter-Connect Agreement (ICA) with ILECs or your PSTN Terminating providers in your operating territories).If you use a carrier partner to connect with the terminating provider, you must provide a confidential redacted copy of that agreement plus a confidential redacted copy of the carrier partners’ agreements with the ILECs or PSTN Terminating providers in your operating territories.
You must also request the FCC Secretary approve Confidentiality of any record posted to the ECFS prior to filing the Docket. All ECFS documents are Public Records.
Upon approval of your Docket and Application you must file a 30-day notice with PUC/PSC in all states where you operate
OCN (Operating Company Number)
Only one is required.
If you don’t have an OCN, you must obtain one from NECA. You will need:
CLEC Certification or CPCN
Or FCC granted license if you are applying for a “WIRE” designation
Or if you are applying for a single national OCN because you are an Integrated VoIP provider, a copy of the approved FCC order granting an IPES designation
Articles of Incorporation
Cost is $425/OCN
All requirements are based on Line 105 of your 499A
Proof of numbering resources via CPCN (Certificate of public Convenience and Necessity, your CLEC certificate, or proof of direct access to numbers from NANPA/NPA
If you buy your DIDs from another provider, you must include a copy of your agreement. Confidential information can be redacted.
Cost $825/OCN/Yr + $0.0001821 * 499A revenue lines
Approval Phase
Once your token request is approved, the Service Provider will receive an email containing a temporary password and link to the STI-PA login page. Proceed as follows:
Using the SP Admin User ID created on the registration form as login ID and the password provided in the email, fill in the login fields and click the Log In button. Change the password.
Following password change the SP Admin user will be required to accept both the Account Level Agreement, and Service Provider Annual Fee Agreement to activate their account in the PA.
Once the account is activated, the account portal allows an SP to update any contact information, add users as well as to notify the PA of any revoked certificates
Once the STI-PA has vetted your application, they will send you a request for additional information similar to the illustration. A key part of this step is to inform the STI-PA that you are working with Sansay as your vendor. This will allow you to move to production environment and bypass the staging and evaluation test plan: Sansay has already completed this for our customers.
Production Environment Form
Here are some of the questions the STI-PA asks that you may need guidance with:
- Are you planning to use any other OCNs when requesting SPC Tokens? While only one OCN is required to obtain one SPC token, if your organization has more than one OCN we recommend the following approaches:
- Applying for a second SPC with an alternate OCN to serve as a backup SPC token. The SPC token is what ultimately gets you a certificate. In this case, the backup OCN can be viewed as a backup certificate.
- Use your OCN for different types of traffic. You may have different types of traffic in your network with varying trust. You could take advantage of your multiple-OCNs and obtain SPC tokens that will be used to sign different types of traffic (e.g. retail uses one OCN, SIP trunking uses a different OCN, etc). Please note that telephone numbers/ANIs are not tied to a specific OCN in the STIR/SHAKEN ecosystem.
- SPC Token Expiry timer value. We recommend 14 days.
- Are you working with an approved STI-PA software vendor? Yes, tell them that you are working with Sansay.
- Please provide your IP addresses for whitelisting in both the Staging and Production environments.
- The Web Portal access sections will be used to access the GUI. The GUI is used for registration, user management, and uploading revoked certificates. At a bare minimum, you will want to have the IP Addresses of your administrator(s) and any billing personal whitelisted. Please also include Sansay's HQ IPs 74.62.23.98 and 45.31.45.35.
- The API section is for the IP’s of the machine(s) that you will be calling into the STI-PA with in order to request tokens and other functions of the system. This will be the IP of your on-prem NSS IP address(es) or your STIR/SHAKEN as a Service (SS/aaS) hosted solution provided by Sansay. If you do not have this yet will you need to start this step ASAP.
iconectiv/STI-PA can accommodate multiple IP addresses, ranges, and subnets to fit your business needs. Also, if your network has any IPv6 active, please include those address(es) as well.
STI-CA Account Creation
To setup your STI-CA account with us, Sansay will need you to create an API user from the iconectiv STI-PA portal. From the STI-Portal, login as SP and click User Management
Click Add User:
Select API as the user role when you are adding the user. Please use the name of your organization@sansay-ca.com (e.g. mycompany@sansay-ca.com) in the e-mail associated with this user. This user will give Sansay access to verify your status with the PA.
Please proceed with this step during normal business hours (7AM to 5PM PT). Creating an API user is time sensitive and requires 2FA (Two Factor Authentication) approval. We use the e-mail account to verify the account code when we first login and during future logins.