Delegate certificate updates in ATIS standards

The ATIS STIR/SHAKEN standards have been updated for support of delegate certificates. This article reviews the changes. Let’s have a look.

Delegate certificate refresher

Delegate certificates are an optional method that a non-SHAKEN VoIP entity, e.g., an enterprise or Business Process Outsourcing agency calling on behalf of enterprise customers, can use to sign a base or RCD PASSporT to demonstrate that they are authorized to use a specific calling telephone number or numbers.

An STI Participant, e.g., a SHAKEN-authorized Originating Service Provider (OSP), may use the base/RCD PASSporT, signed with a delegate certificate, to justify signing the call with full A-level attestation.

Delegate Certificates Bring Information into the SHAKEN Ecosystem

Delegate certificate call flow

Figure 1. Delegate Certificate Call Flow

Updated standards document

The updated standards document is ATIS-1000084.v003, the ATIS Technical Report on Operational and Management Considerations for SHAKEN STI Certification Authorities and Policy Administrators.

The updates extend the standards to include use cases involving delegate certificates.

  • The trust model now includes entities involved in delegate certificate use as described in ATIS-1000092 (ZIP file), the standard on delegate certificates, including:
    • Subordinate Certificate Authorities (STI-SCAs) that issue delegate certificates to VoIP entities. For example, these might be telephone number providers that issue numbers to VoIP entities.
    • VoIP entities that receive delegate certificates from STI-SCAs.
  • The Certificate Policy defined by the Policy Administrator must now include policies and requirements for the operation of an STI-SCA.
    • If a Certification Authority issues CA certificates, then it must explain how it abides by the Certificate Policy in its Certification Practice Statement.

Further edits were made to tighten up the technical requirements to be followed by STI participants.

Delegate certificate use is optional. Just because a non-SHAKEN VoIP entity obtains a delegate certificate and uses it to sign base/RCD PASSporTs does not mean that a SHAKEN-authorized OSP will verify it and elevate attestation to a full A-level.

VoIP entities that wish to use delegate certificates and base/RCD PASSporTs must check with their OSPs to determine if they will support delegate certificates and base/RCD PASSporTs.

handwriting the word delegate on a pane of glass

TransNexus solutions

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificate services.

Contact us today to learn more.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.