This document is proposed for the configurations on the endpoint clients to access Identity Hub services (both scoring and stir/shaken) through the SIP Interface solution.

In this section...


Overview

Ribbon Identity Hub is a cloud-native SaaS platform that provides real-time Identity and reputation services. These services target service providers and enterprises that want to mitigate telephony fraud and nuisance calls in their networks. Identity Hub services are grouped into the two categories below. Ribbon offers flexible subscription licenses for one or more of these services.

  • Reputation Scoring Services (North America only)
    o    Fraud Scoring Standard Service
    o    Fraud Scoring Advanced Service
    o    Nuisance Scoring Standard Services
    o    Nuisance Scoring Advanced Services 
  • STIR/SHAKEN Services 
    o    Secure Telephone Identity - Authentication Server (STI-AS)
    o    Secure Telephone Identity - Verification Server (STI-VS)
    o    Secure Telephone Identity - Certificate Repository (STI-CR) Services (North America only)
    o    Secure Telephone Identity - Certification Authority (STI-CA) Service (USA only)

Ribbon Identity Hub Manager provides dashboard and report capabilities to provide visual insights into network traffic, trends, and anomalies. Customers can launch the Identity Hub Manager from the Ribbon Insight EMS or the Ribbon OnePortal.

Ribbon Identity Hub services can be invoked using a REST interface or (North America only) SIP interface. For this particular use case, we assume that the Ribbon SBC Core is using ERE and not a PSX for call routing. In this situation, the Identity Hub can be accessed using a SIP Redirect interface. The SBC core sends a SIP INVITE to the service and will receive:

  • For a scoring request: 503 for a non-suspect call, 603 for a suspect call
  • For a signing request: 300 with contact embedded Identity header on success; 300 without contact embedded Identity header on failure
  • For a verification request: 300 with embedded From/PAI containing verstat result on success; 300 without embedded From/PAI on failure

Based on the response, the SBC can either terminate or continue with the call. For continuing with the call based on a 300 response, the embedded headers in the contact address must be copied into the egress INVITE (i.e. RFC defined 3xx handling).

An example configuration of the SBC Core to interface with the Identity Hub is given in the next section. This configuration will not be used as is in most customer environments. However, it demonstrates the basic facets of an SBC Core configuration that must be incorporated to effect call routing to the Identity Hub service and adequately respond to the responses.

For additional requirements on the SIP interfacing requirements, especially for situations where scoring is combined with STIR/SHAKEN services, consult the Identity Hub SIP Interface documentation.