Professional Documents
Culture Documents
Ribbon Call Trust - MIC
Ribbon Call Trust - MIC
Andrew Yeo
ayeo@rbbn.com
30
1
April 2022 Ribbon Communications Confidential and Proprietary
Disclaimer
• The purpose of this presentation is to make available to Ribbon's existing and prospective
customers on a confidential basis certain information with respect to Ribbon's current product &
service development plans, schedule and strategy.
• Except as specifically authorized in writing by Ribbon, the holder of this document shall keep the
information contained herein confidential and shall protect same in whole or in part from disclosure
and dissemination to third parties and use same for evaluation, operation and maintenance
purposes only.
• Please note that these plans are provided for discussion purposes only and that information
concerning Ribbon's plans and schedules to develop, make available and release any of the
products, services, features and functionality described herein is subject to change from time to time
by Ribbon.
• This presentation neither commits nor obligates Ribbon or any of its affiliates to pursue or undertake
the development or release of any product, service, feature or functionality in accordance with any
timetable. Also, it does not constitute a license or any other right to use or acquire any product,
service, feature or functionality described herein and should not be relied on in making a purchase
decision. Ribbon undertakes no obligation to update this presentation or any information contained
herein.
• STIR/SHAKEN
• Summary
• VoIP technology enables fraudsters to “easily change both physical locations and
numbers they spoof”
31 March 29 September
FCC 20-42 Report and Order & FCC 20-136 Second Report and Order
2020 Further Notice of Proposed • 2-yr extension on STIR/SHAKEN for small, rural providers with
Rulemaking less than 100,000 subscriber lines
• Mandates all voice service providers • Respond to traceback requests in a timely manner
implement STIR/SHAKEN by June • Take affirmative, effective measures to prevent new and renewing
30, 2021 customers from using its network to originate illegal calls
Canada
– CRTC on same path as FCC to implement STIR-SHAKEN. Ruling 2019-402 proposed
implementation by June 30, 2021. Ruling 2021-123 just extended deadline to November
30.
Australia (ACMA)
– Focus on robocalls and fraud with Do Not Originate (DNO) and Wangiri as Phase 1 trials
Singapore
– Robocall mitigation requirements being specified
Governance/Policy
Service Provider Validations
REG STI-GA STI-PA STI-CA
REG: Regulator
STI-GA: STI-Governance Authority External STI-
STI Public Key
STI-PA: STI-Policy Administrator Service Provider Certificate VS Verification
Code Token Requests Requests
STI-CA: STI-Certification Authority Requests
SIP Header
STIR/SHAKEN STIR/SHAKEN
Authentication Service Verification Service w/Verification
Status
Authentication, Verification,
Attestation Treatment
Originating Terminating
Transit Carriers
Carrier Carrier
Attestation/Trust Indicator=“A, B or C”
Cloud
(Ribbon
SaaS)
Reputation Scoring
Real-time actionable
information for call treatment
Identity Assurance
SP Analytics
network
Analysis of call traffic to identify potential
bad actors (trust context)
SP network or cloud
(Ribbon SaaS) STIR/SHAKEN
Caller ID authentication, signing, verification
SP
network Session Border Control, Policy & Routing, Gateways, Call Control
Call attestation/verification requests, call validation treatment
16 Ribbon Communications Confidential and Proprietary
Ribbon Call TrustTM - Complete Identity Assurance Solution
3rd Party
STI
CNAM
Caller National
Service
Identity analytics data
rd
SBC/GSX/3 Party
Originating
Identity STIR/SHAKEN
Context Client as a Service
requests &
Policy & Routing responses
Cloud Ribbon
Originating Reputation Identity DB
Carrier Scoring MNOC
Call Processing 3rd party policy
Real-time
Transit Non-real time
Carrier Behavioral (potential bad actor) information
Customer
analytics
Network Operators
Reject; Deflect; Inform
Real-time
Network Operators
Signing
request/responses
OR
3rd party
STI-AS/VS
Authentication
requests/responses
INVITE INVITE
no Identity Header w/Identity Header
“Spam Indicator”
in the CDR
Attestation/Trust Indicator=“A, B or C”
20 Ribbon Communications Confidential and Proprietary
Ribbon - Call Verification In Service Provider Network
Verification
request/responses
OR
3rd party
STI-AS/VS
Verification
requests/responses
INVITE INVITE
w/Identity Header w/Identity Header
Called Party
“Spam Indicator”
in the CDR
Attestation/Trust Indicator=“A, B or C”
21 Ribbon Communications Confidential and Proprietary
Ribbon – Secure Telephone Identity In Service Provider Network
STI-A
Our customers:
• Support all STI authentication and
verification functions
• Public/private public key management
• Interworking with STI-CA and STI-CR
functions
Standards supported:
• RFC 8224, 8225, 8226, 8443, 8588
• ATIS 1000074-E, 1000080 1000082,
1000084,1000085 for “div” PassporT
• 3GPP TS 24.229 (ISC and verstat)
Calling Party
Verification
Status
Attestation/Trust Indicator=“A”
• Ribbon STI-CA performs following functions to maintain the integrity of the SHAKEN
framework:
a) Acceptance of SHAKEN Certificate Signing Requests (CSR) for new certificates
b) Automated validation of Service Provider Code (SPC) Tokens
c) Issuance of standards-compliant SHAKEN signing certificates, including the required
Telephone Number Authorization List extension
d) Revoking certificates if needed and notifying the STI-PA
e) Processing of Certificate Signing Requests to renew certificates before they expire
AS/VS AS/VS
(Secondary)
(Primary) (Secondary)
AS/VS
AS/VS
* *
AS/VS AS/VS
STI-AS/VS MONGO DB
Number of VMs 2 3
vCPU for each VM 4 2
vMem for each VM 16G 8G
vHDD for each VM 80G 500G
vNIC for each VM Min - 1 Min - 1
Recommended - 3 Recommended - 2
• STI-AS/VS - 3 vNICs recommended to segregate the traffic between management, signaling
and internet (for CR and fetching certificates)
• MongoDB 2 vNICs are recommended separate management and data traffic
CNAM
Service National
analytics data
SBC/GSX/3rd Party
STIR/SHAKEN
as a Service
Client
requests &
Policy & Routing responses
Cloud Ribbon
Reputation Identity DB
Scoring MNOC
Call Processing 3rd party policy
Trust
Context
Real-time
Non-real time
Behavioral (potential bad actor) information
Customer
analytics
Network Operators
• Identity Hub is Ribbon’s cloud-native SaaS platform for identity assurance. Runs on AWS
• Flexible ecosystem with open APIs for client requests and 3rd party data integration
34 Ribbon Communications Confidential and Proprietary
In-network STI Deployment Interworking with Ribbon Identity Hub
STIR/
STI-CR
SHAKEN
STI-CA
2 3 Service
SBC/GSX/3rd
Party 1 3
Session
Control
4 Cloud
Identity DB
Service Graph Reputation
Policy & Routing Scoring
STIR/
SHAKEN
Service
3
SBC/GSX/3rd Party
1 2
Session
Control
4 Cloud
Identity DB
Service Graph Reputation
Policy & Routing Scoring
STIR/
SHAKEN
Service
4 3
SBC/GSX/3rd Party
1 2 5
Session 7 6 Cloud
Control Identity DB
Service Graph
Reputation
Policy & Routing Scoring
Ribbon’s STI provides STI-AS (Authentication), STI-VS (Verification), STI-CR (certificate repository) and
STI-CA (Certification Authority) for secure management of certificates and digital keys
Vendor-agnostic interworking work with 3rd party network elements per ATIS 1000082-compliant REST
interface
Deploy Ribbon’s STI in a service provider network or purchase Ribbon’s STIR/SHAKEN as a Service
Ribbon S/SaaS leverages Ribbon Identity Hub, our cloud native SaaS platform, to ensure a scalable,
active-active, geo redundant architecture
Deploy Ribbon’s STI alongside Ribbon PSX for a complete turnkey solution with flexible origination /
termination policies and robust Call Validation Treatment (CVT)
38 Ribbon Communications Confidential and Proprietary
Ribbon Reputation Scoring Solutions
Trust
Identity Reputation
Context
SIP CallerID
xxx-yyy-zzzz
?
Known
Subscribers
STIR/SHAKEN
Analytics
(anomaly detection)
+ +
Analytics Digital Fingerprint Open Ecosystem
Network level
Call Blocking
Defend Call blocking for
Identification feature phone
Subscriber
Report Spam B/W List users
REST API
Self Care
(Rep Score, CNAM)
AI/ML Speech REST API
Analytics * (Sub List)
2
3
Defend Mobile Allow
(Android, iOS)
Incoming 1 4
Block
call Call Treatment
Voicemail
Rule Based
call treatment
Detect & display the spam / robocall Detect & display the fraud call using Display the caller’s name for
using reputation score reputation score unknown numbers using CNAM
Automatic call blocking or send to User reporting of the spam caller Maintain personal block and allow
voicemail per user’s choice from the mobile app list in addition to global list
Find out if the number is spam or Manage other defend application Detect fraud calls using AI/ML
fraud caller by entering digits features from mobile app speech analytics on mobile app
(Feature Phone)
Reputation DB Robo DB DB
(Whisper)
Receiving call
from potential
spam Number
2
Allow
Defend Block 4
1
Subscriber
B/W List Voicemail
Whisper
Network level Call
blocking or whisper for
Rule Based
feature phone users call treatment
Allow subscribers to manage their Allow subscribers to manage their Network level allow/block per
own personal block list own personal allow list subscriber without ringing phone
Framework to add other defend Support for multi-network call Virtualized deployment in on-prem
applications handling (Legacy, IMS, NGN) or public cloud
S1-MME
MME
S11
LTE eNodeB
SGW PGW
S1-U (Gm/RTP)
S2a/S2b
TWAG/
WiFi AP WLC
ePDG SWm
LTE eNodeB
SGW PGW
S1-U (Gm/RTP)
SWx
S2a/S2b
TWAG/
WiFi AP WLC AAA
ePDG SWm
2
Edge Compute
Massive Machine • Edge Analytics in MEC
• Security & Protection
Type Comm. • Traffic Management &
Massive IOT Smart City Smart Home E - Health Policy Control
3
Ultra Low Latency 5G SA
• 5GC NWDAF exposure
Applications • 5GC NEF source data
Industrial 4.0 Autonomous Robotics integration
Vehicle
Source: GSMA, ITU
NF NF
Delivery of
NF Delivery of NF
analytics NF
NF activity
NWDAF data NF
NF data and
NF local analytics NF
AF AF
OAM
source 3GPP TR 23.791