Enterprise Certificates

Slides:



Advertisements
Similar presentations
Manual transitions in Open Switching plans in Advisor Moving from Advisor to Open.
Advertisements

Binder: A logic-based security language John DeTreville, Microsoft What has this to do with building secure software? I think we need many collaborating.
Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn
A responsibility based model EDG CA Managers Meeting June 13, 2003.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Proposed Workflow IDESG Self-Assessment and Attestation Program For TFP’s Discussion Deck TFTM Committee 09/23/
ETravel Authorization / Reimbursement Overview SOLAR Financials x 6685 July 8, 2014.
Methodology Logical Database Design for the Relational Model
Adjustment & COCP Barbara Kwok Licensing Operations Specialist.
PURPOSE OF PAYROLL CERTIFICATION 1 The Payroll Certification is an important tool for Fiscal Officers and/or Delegates. It’s purpose is to allow Fiscal.
REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.
IBM Software Business Partners 1 © 2011 IBM CorporationMikkel Norsk – Channel Sales Support Up to Double (2X) SVI Competitive Incentive Business Partner.
Random Survey Methodology Using A Random Number Generator Michael V. Jacobs Southern Georgia Regional Commission.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Statewide Financial System Program 1 Commitment Control (KK): Refresher Training Key Points Commitment Control (KK): Refresher Training Key Points Welcome.
Visual Signature Profile OASIS - DSS-X Session 2.
Data modeling Process. Copyright © CIST 2 Definition What is data modeling? –Identify the real world data that must be stored on the database –Design.
Collaboration IVT Program Overview April Why Participate in IVT? Participation in upper program tiers: IVT is required for members to participate.
Timeline – Standards & Requirements
Ian Deakin, iconectiv 3rd July 2017
STI Interworking with SIP-PBXs
Program Management Portal (PgMP): What’s New in R8 for the Client
Methodology Logical Database Design for the Relational Model
TN Proof-of-Possession and Number Portability
Timeline - ATIS Involvement
EPA CONTRACT TEMPLATE Overview
Goals of soBGP Verify the origin of advertisements
EPA SUBCONTRACT TEMPLATE Overview September 2017
SHAKEN Governance Authority Criteria
Absence Management (formerly AESOP) Training for Staff Members
Electronic Transactions Workshop
Chris Wendt, David Hancock (Comcast)
Timeline - ATIS Involvement
Windows Server 2012 Standard Additional License After Point of Sale (APOS) version for OEM What is the new Windows Server 2012 Standard Additional License.
Electronic Transactions Workshop
Verstat Related Best Practices
(Includes setup) FAQ ON DOCUMENTS (Includes setup)
SHAKEN Jim McEachern Senior Technology Consultant ATIS December 2017.
RFC PASSporT Construction 6.2 Verifier Behavior
Doug Bellows – Inteliquent 10/4/2018
Enterprise Scenarios August 2018.
HIA Presentation August 2018.
Digital Certificates and X.509
B-Tree.
SIP RPH and TN Signing Cross Relationship
SHAKEN & Know Your Customer
2018 SMU Staff Performance Review Training
TN-PoP Scenarios Jim McEachern Principal Technologist ATIS August 2018.
Review Service Request
SHAKEN Jim McEachern Senior Technology Consultant ATIS December 2017.
Issuing delegate certs to Customer AF using Cross-Certification
IPNNI SHAKEN Enterprise Models: LEMON TWIST
Scheme for Growth Pilot
Doug Bellows – Inteliquent 3/18/2019
Robocalling Blocking Cause and Effect
New Enhancements to Brightlink CPaaS Platform
Enterprise Structure For Use Case Application of Various Token/Cert Proposals Presented by: Rebekah Johnson.
Calling Party Identity
Enterprise Use Cases and A-Level Attestation
Enterprise Certificates DRAFT
Enterprise Use Cases and A-Level Attestation
Proposed Changes to STI-VS "iat" freshness check
STIR / SHAKEN for 911 use of SHAKEN 8/7/2019
Calling Party Identity
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Toll-Free Number Assignment and Administration – SHAKEN/STIR Delegate Certificates Enterprise Origination Julio Armenta
Presentation transcript:

Enterprise Certificates Presented by Ramon Torres © TELNYX 2019 |

Agenda Workflows: Delegate Certificates Overview of Enterprise Certificates Scenarios Advantages of Enterprise Certificates © TELNYX 2019 |

Workflows: Delegate Certificates © TELNYX 2019 |

Workflows: Delegate Certificates Telnyx originates a call from a number belonging to a Telnyx owned block Internal Service to add OSP PASSporT Terminates to the PTN Originating Subscriber Authorization from the PA, Certificate received from CA © TELNYX 2019 |

Telnyx originates a call from a number belonging to 3rd party provider Workflows: Delegate Certificates Telnyx originates a call from a number belonging to 3rd party provider TN Provider A Delegate Certificate Key Management System TN Provider B TN Provider C TN Provider D Originating Subscriber Internal System to check DID for correct PASSporT assignment Terminates to the PTN © TELNYX 2019 |

Overview of Enterprise Certificates © TELNYX 2019 |

Enterprise Certificates are an alternative to Delegate Certificates. Overview of Enterprise Certificates Enterprise Certificates are an alternative to Delegate Certificates. Main features of this proposal: Expand the range of entities that can obtain STI certificates. Include entities without SPIDs (enterprises, resellers, etc.). Avoid delegation. PA directly authorizes these entities to obtain certificates and participate in the SHAKEN framework; alternatively CAs can be delegated this authority. CAs issue certificates to these entities. © TELNYX 2019 |

Overview of Enterprise Certificates Participants within the Enterprise Certificates framework. Enterprise TN Provider Policy and management Authorized by PA. Certificate obtained from CA. Has SPID and numbering ranges. Use of Certificate SP fully attests if Caller ID is authorized for use. SP can fully attest if caller is known and trusted. Policy and management Authorized by PA. Certificate obtained from CA. Does not necessarily have a SPID or numbering ranges, but is authorized to use some pool of numbers Use of Certificate Enterprise asserts that Caller ID is authorized for use. Originating SP can pass enterprise PASSporT instead of adding its own PASSporT. © TELNYX 2019 |

Workflows: Enterprise Certificates Telnyx originates a call from a number belonging to a Telnyx owned block or a 3rd party provider, and an enterprise passes along their certificate. Internal Service to add OSP PASSporT Originating Subscriber: Passes enterprise certificate PASSporT Terminates to the PTN Authorization from the PA, Certificate received from CA © TELNYX 2019 |

Workflows: Enterprise Certificates Telnyx originates a call from a number belonging to a Telnyx owned block or a 3rd party provider and the enterprise has previously loaded their PASSporT into their Telnyx portal. Internal Service to add the Enterprise PASSporT and the OSP PASSporT (optional). Originating Subscriber: Passes enterprise certificate PASSporT Terminates to the PTN Authorization from the PA, Certificate received from CA © TELNYX 2019 |

Scenarios © TELNYX 2019 |

TN Association Verified? Final PASSporT(s) / Attestation Level Scenarios Scenario Enterprise Caller PASSporT Provided? Originating SP TN Association Verified? Final PASSporT(s) / Attestation Level A Absent Not verified OSP PASSporT – Partial B Verified OSP PASSporT – Full C1 Present Enterprise PASSporT – Partial or Full C2 + OSP PASSporT – Partial D1 D2 + OSP PASSporT – Full D3 Definition of OSP follows that in the Delegate Certificate proposal. In each of the above scenarios, the OSP has a direct relationship with the Enterprise. There could be multiple layers: There is a possibility that the Enterprise’s customer, in turn, has a certificate that could be passed along. The same matrix above would work for sub-layers. The TSP is only responsible for unpacking the furthest upstream PASSporT. An OSP or a TN Provider could also act as a Enterprise; they would still only have 1 certificate.

Enterprise Certificates: No upstream enterprises Scenarios Plain STIR/SHAKEN Mandatory PASSporT PTN Enterprise A Enterprise B OSP Mandatory PASSporT Enterprise Certificates: No upstream enterprises A PASSporT should be attached by the farthest upstream entity with a certificate. However, in this case no upstream entity has a certificate. Depending on customer information and use case, the OSP can do one of the following: attach its own PASSporT, with partial attestation (A) attach its own PASSporT, with full attestation (B) © TELNYX 2019 |

Enterprise Certificates: One upstream enterprise Scenarios Plain STIR/SHAKEN Mandatory PASSporT PTN Enterprise A Enterprise B OSP Optional PASSporT PASSporT Required PASSporT Enterprise Certificates: One upstream enterprise A PASSporT should be attached by the farthest upstream entity with a certificate. Depending on customer information and use case, the upstream provider prior to PTN origination has the following options: pass along the received upstream PASSporT (C1, D1) pass along its own PASSporT in addition to the received upstream PASSporT (C2, D2) replace the received upstream PASSporT with its own PASSporT (D3) © TELNYX 2019 |

Enterprise Certificates: Multiple upstream enterprises Scenarios Plain STIR/SHAKEN Mandatory PASSporT PTN Enterprise A Enterprise B OSP Optional PASSporT PASSporT PASSporT PASSporT Optional PASSporT PASSporT Required Enterprise Certificates: Multiple upstream enterprises A PASSporT should be attached by the farthest upstream entity with a certificate. Depending on customer information and use case, each upstream provider prior to PTN origination has the following options: pass along just the received upstream PASSporTs (C1, D1) pass along its own PASSporT in addition to the received upstream PASSporTs (C2, D2) replace the received upstream PASSporTs with its own PASSporT (D3) © TELNYX 2019 |

Advantages of Enterprise Certificates © TELNYX 2019 |

Trust depends on entity reputation, not TN authorization lists. Advantages of Enterprise Certificates Implications of Enterprise Certificates: Responsibility is decentralized and put closer to the actual callers. Trust depends on entity reputation, not TN authorization lists. Entities have incentive to use their certificates appropriately. Certificates and authorization can be revoked by the PA. Obtaining certificates has a cost. Define some set of criteria for eligibility. Include non-negligible fees for authorization. Certificates are connected to contact information: director names and contacts. Simpler traceback: The same enterprise caller is identified by its PASSporTs, regardless of which service providers are used. It is more difficult to create multiple entities and obtain PA authorization. © TELNYX 2019 |

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.