Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Certificates

Published byえりか とりこし Modified over 5 years ago

Similar presentations

Presentation on theme: "Enterprise Certificates"— Presentation transcript:

1 Enterprise Certificates
Presented by Ramon Torres © TELNYX 2019 |

2 Agenda Workflows: Delegate Certificates
Overview of Enterprise Certificates Scenarios Advantages of Enterprise Certificates © TELNYX 2019 |

3 Workflows: Delegate Certificates
© TELNYX 2019 |

4 Workflows: Delegate Certificates
Telnyx originates a call from a number belonging to a Telnyx owned block Internal Service to add OSP PASSporT Terminates to the PTN Originating Subscriber Authorization from the PA, Certificate received from CA © TELNYX 2019 |

5 Telnyx originates a call from a number belonging to 3rd party provider
Workflows: Delegate Certificates Telnyx originates a call from a number belonging to 3rd party provider TN Provider A Delegate Certificate Key Management System TN Provider B TN Provider C TN Provider D Originating Subscriber Internal System to check DID for correct PASSporT assignment Terminates to the PTN © TELNYX 2019 |

6 Overview of Enterprise Certificates
© TELNYX 2019 |

7 Enterprise Certificates are an alternative to Delegate Certificates.
Overview of Enterprise Certificates Enterprise Certificates are an alternative to Delegate Certificates. Main features of this proposal: Expand the range of entities that can obtain STI certificates. Include entities without SPIDs (enterprises, resellers, etc.). Avoid delegation. PA directly authorizes these entities to obtain certificates and participate in the SHAKEN framework; alternatively CAs can be delegated this authority. CAs issue certificates to these entities. © TELNYX 2019 |

8 Overview of Enterprise Certificates
Participants within the Enterprise Certificates framework. Enterprise TN Provider Policy and management Authorized by PA. Certificate obtained from CA. Has SPID and numbering ranges. Use of Certificate SP fully attests if Caller ID is authorized for use. SP can fully attest if caller is known and trusted. Policy and management Authorized by PA. Certificate obtained from CA. Does not necessarily have a SPID or numbering ranges, but is authorized to use some pool of numbers Use of Certificate Enterprise asserts that Caller ID is authorized for use. Originating SP can pass enterprise PASSporT instead of adding its own PASSporT. © TELNYX 2019 |

9 Workflows: Enterprise Certificates
Telnyx originates a call from a number belonging to a Telnyx owned block or a 3rd party provider, and an enterprise passes along their certificate. Internal Service to add OSP PASSporT Originating Subscriber: Passes enterprise certificate PASSporT Terminates to the PTN Authorization from the PA, Certificate received from CA © TELNYX 2019 |

10 Workflows: Enterprise Certificates
Telnyx originates a call from a number belonging to a Telnyx owned block or a 3rd party provider and the enterprise has previously loaded their PASSporT into their Telnyx portal. Internal Service to add the Enterprise PASSporT and the OSP PASSporT (optional). Originating Subscriber: Passes enterprise certificate PASSporT Terminates to the PTN Authorization from the PA, Certificate received from CA © TELNYX 2019 |

11 Scenarios © TELNYX 2019 |

12 TN Association Verified? Final PASSporT(s) / Attestation Level
Scenarios Scenario Enterprise Caller PASSporT Provided? Originating SP TN Association Verified? Final PASSporT(s) / Attestation Level A Absent Not verified OSP PASSporT – Partial B Verified OSP PASSporT – Full C1 Present Enterprise PASSporT – Partial or Full C2 + OSP PASSporT – Partial D1 D2 + OSP PASSporT – Full D3 Definition of OSP follows that in the Delegate Certificate proposal. In each of the above scenarios, the OSP has a direct relationship with the Enterprise. There could be multiple layers: There is a possibility that the Enterprise’s customer, in turn, has a certificate that could be passed along. The same matrix above would work for sub-layers. The TSP is only responsible for unpacking the furthest upstream PASSporT. An OSP or a TN Provider could also act as a Enterprise; they would still only have 1 certificate.

13 Enterprise Certificates: No upstream enterprises
Scenarios Plain STIR/SHAKEN Mandatory PASSporT PTN Enterprise A Enterprise B OSP Mandatory PASSporT Enterprise Certificates: No upstream enterprises A PASSporT should be attached by the farthest upstream entity with a certificate. However, in this case no upstream entity has a certificate. Depending on customer information and use case, the OSP can do one of the following: attach its own PASSporT, with partial attestation (A) attach its own PASSporT, with full attestation (B) © TELNYX 2019 |

14 Enterprise Certificates: One upstream enterprise
Scenarios Plain STIR/SHAKEN Mandatory PASSporT PTN Enterprise A Enterprise B OSP Optional PASSporT PASSporT Required PASSporT Enterprise Certificates: One upstream enterprise A PASSporT should be attached by the farthest upstream entity with a certificate. Depending on customer information and use case, the upstream provider prior to PTN origination has the following options: pass along the received upstream PASSporT (C1, D1) pass along its own PASSporT in addition to the received upstream PASSporT (C2, D2) replace the received upstream PASSporT with its own PASSporT (D3) © TELNYX 2019 |

15 Enterprise Certificates: Multiple upstream enterprises
Scenarios Plain STIR/SHAKEN Mandatory PASSporT PTN Enterprise A Enterprise B OSP Optional PASSporT PASSporT PASSporT PASSporT Optional PASSporT PASSporT Required Enterprise Certificates: Multiple upstream enterprises A PASSporT should be attached by the farthest upstream entity with a certificate. Depending on customer information and use case, each upstream provider prior to PTN origination has the following options: pass along just the received upstream PASSporTs (C1, D1) pass along its own PASSporT in addition to the received upstream PASSporTs (C2, D2) replace the received upstream PASSporTs with its own PASSporT (D3) © TELNYX 2019 |

16 Advantages of Enterprise Certificates
© TELNYX 2019 |

17 Trust depends on entity reputation, not TN authorization lists.
Advantages of Enterprise Certificates Implications of Enterprise Certificates: Responsibility is decentralized and put closer to the actual callers. Trust depends on entity reputation, not TN authorization lists. Entities have incentive to use their certificates appropriately. Certificates and authorization can be revoked by the PA. Obtaining certificates has a cost. Define some set of criteria for eligibility. Include non-negligible fees for authorization. Certificates are connected to contact information: director names and contacts. Simpler traceback: The same enterprise caller is identified by its PASSporTs, regardless of which service providers are used. It is more difficult to create multiple entities and obtain PA authorization. © TELNYX 2019 |

Download ppt "Enterprise Certificates"

Similar presentations

Manual transitions in Open Switching plans in Advisor Moving from Advisor to Open.

Manual transitions in Open Switching plans in Advisor Moving from Advisor to Open.
Binder: A logic-based security language John DeTreville, Microsoft What has this to do with building secure software? I think we need many collaborating.

Binder: A logic-based security language John DeTreville, Microsoft What has this to do with building secure software? I think we need many collaborating.
Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn

Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn
A responsibility based model EDG CA Managers Meeting June 13, 2003.

A responsibility based model EDG CA Managers Meeting June 13, 2003.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Proposed Workflow IDESG Self-Assessment and Attestation Program For TFP’s Discussion Deck TFTM Committee 09/23/14 17-16-2014.

Proposed Workflow IDESG Self-Assessment and Attestation Program For TFP’s Discussion Deck TFTM Committee 09/23/
ETravel Authorization / Reimbursement Overview SOLAR Financials x 6685 July 8, 2014.

ETravel Authorization / Reimbursement Overview SOLAR Financials x 6685 July 8, 2014.
Methodology Logical Database Design for the Relational Model

Methodology Logical Database Design for the Relational Model
Adjustment & COCP Barbara Kwok Licensing Operations Specialist.

Adjustment & COCP Barbara Kwok Licensing Operations Specialist.
PURPOSE OF PAYROLL CERTIFICATION 1 The Payroll Certification is an important tool for Fiscal Officers and/or Delegates. It’s purpose is to allow Fiscal.

PURPOSE OF PAYROLL CERTIFICATION 1 The Payroll Certification is an important tool for Fiscal Officers and/or Delegates. It’s purpose is to allow Fiscal.
REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.

REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.
IBM Software Business Partners 1 © 2011 IBM CorporationMikkel Norsk – Channel Sales Support Up to Double (2X) SVI Competitive Incentive Business Partner.

IBM Software Business Partners 1 © 2011 IBM CorporationMikkel Norsk – Channel Sales Support Up to Double (2X) SVI Competitive Incentive Business Partner.
Random Survey Methodology Using A Random Number Generator Michael V. Jacobs Southern Georgia Regional Commission.

Random Survey Methodology Using A Random Number Generator Michael V. Jacobs Southern Georgia Regional Commission.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Module 3 Configuring File Access and Printers on Windows 7 Clients.

Module 3 Configuring File Access and Printers on Windows 7 Clients.
Statewide Financial System Program 1 Commitment Control (KK): Refresher Training Key Points Commitment Control (KK): Refresher Training Key Points Welcome.

Statewide Financial System Program 1 Commitment Control (KK): Refresher Training Key Points Commitment Control (KK): Refresher Training Key Points Welcome.
Visual Signature Profile OASIS - DSS-X Session 2.

Visual Signature Profile OASIS - DSS-X Session 2.

Similar presentations

Ads by Google