Initial STIR/SHAKEN functionality is introduced in the most recent versions of Sippy 2020.  In Sippy 2020 we allow for calls to be signed with one of our technology Partners 1 Call Connect who will sign calls on your behalf.  Customers needing their calls signed will need to subscribe with their service at this URL: http://1callconnect.net/sippy-stir-shaken-request-form/.


1 Call Connect - Configuration Settings

Once subscribed you will need to ensure that your system is configured correctly.


For authentication you will need to configure a specific connector in order to enable the signing of your calls.  The value you should specify in Sippy 2020 should be 1callconnect_sip.  You will also need to specify a hostname or IP address of 1CallConnect's authentication server.  They have a few setup and you may want to select the one located closest to your data center.  Our Support can help configure your system through the database to get you up and running on signing calls right away if you need additional assistance.


Principle of Operation


Before sending an outgoing INVITE the b2bua sends a special INVITE message to 1CallConnect authentication server.  In response the 1CallConnect server sends a response with code 302 and a signature for the call.  The b2bua collects that signature and puts it in X-Identity header along with Date header into the outgoing INVITE which goes to vendor connection or trunk or registered UA.

  • Requests are sent to 5060 port only
  • requests are sent from b2bua's port, not OpenSIPS
  • requests are sent with random call-id generated on our side
  • 1callconnect/sip_hosts would be tried within 10 seconds.


Long term Outlook (Sippy 2021 and beyond)


In future versions of our software we will also be adding a few more ways for both signing for calls as well as verification. We'll be looking at adding functionality to be able to sign or verify calls locally on your softswitch.  We have also received requests for other devices to work on other integrations for other third party signing and verification services.  We will be adding additional services where we can.


FAQ


> Please let know how Sippy decides for which call needs to be enabled AS and for which VS.
1. Any incoming call with Identity and Date will be sent to the VS service to verify if signature is correct. 
2. Any outgoing call before termination will be sent to the AS to receive the signature (Identity), and then sent to the INVITE vendor with the signature, if the AS provided it.

> Does Sippy can do AS by itself, using a private key?
Starting from Sippy2021 it's possible to use your own certificate, key and other parameters to perform either call signing or verification.