appliedbits
LIBRARY LIBRARY TOPIC
Last updated 2026-05-08 0 entries

Glossary — cross-topic terminology reference

This is the cross-topic terminology reference for the library. Each entry is a one-or-two-sentence definition; for terms that have their own library page, the entry is a stub that hands off to that page. Alphabetical order is the only structure — there is no taxonomy to navigate, just useful definitions for terms that earn their place by being looked up.

The first build covers the core STIR/SHAKEN, number-administration, and US trust-governance vocabulary that recurs most often. New entries get added as they’re needed.

ATIS

Alliance for Telecommunications Industry Solutions — the North American standards body that produces operational specifications for the US telecommunications industry, including the ATIS-1000xxx series of SHAKEN documents. ATIS specifications are how the IETF protocol work gets translated into deployable industry rules.

Attestation A, B, C

The three attestation levels defined in the SHAKEN PASSporT model, ranging from full provider authentication of caller and right-to-use (A), through partial verification of one but not the other (B), to gateway-only attestation where the provider can vouch for the call’s entry into the network but not its origination (C).

See Attestation levels for the full description.

CFCA

Communications Fraud Control Association — an industry association focused on fraud in voice and messaging networks. CFCA convenes the Telecom Trust Working Group (TTWG), where cross-industry voice and messaging trust frameworks are developed.

See also: TTWG.

Certificate Transparency (CT)

A mechanism for making certificate issuance publicly auditable through append-only logs, originally developed for WebPKI. STIR-CT is the in-progress IETF analog for STIR certificates.

See draft-ietf-stir-certificate-transparency for the protocol work.

DNO — Do Not Originate

A default-deny mechanism on calling-number provenance: numbers declared ineligible to originate calls are blocked at network entry. Two tiers compose the eligibility model — numbers that structurally cannot originate (invalid, unallocated, unassigned), and numbers that can but whose holders have declared they will not.

See Do Not Originate for the full description.

ITG

Industry Traceback Group — the cross-industry consortium operated by USTelecom that coordinates traceback investigations of suspicious or illegal traffic on the US telephone network. The ITG also operates the ITG DNO Registry, a major source of Tier 2 DNO data.

NPA-NXX

North American Numbering Plan area-code-and-prefix designation: NPA is the three-digit area code, NXX is the next three digits identifying a specific exchange within that area code. Number assignment in the NANP happens at the NPA-NXX-block level, with thousand-blocks and individual numbers as sub-allocations beneath.

NPAC

Number Portability Administration Center — the central database that operates number portability in the United States and Canada, currently administered under contract by iconectiv. When a subscriber ports a number from one carrier to another, NPAC is what records the change and propagates it to the rest of the network.

OCN — Operating Company Number

The four-character identifier assigned to a US or Canadian telecommunications carrier and used to identify that carrier across NANP industry systems, including STIR/SHAKEN. In a SHAKEN PASSporT, the originating carrier’s OCN is one of the values (alongside RespOrgID for toll-free Resp Orgs) that populates the SPC entry of the certificate’s TNAuthList.

See also: SPC, SPID, RespOrgID.

OSP — Originating Service Provider

The voice service provider that hands a call into the SS7 or SIP interconnection network on its way to a terminating carrier. In the STIR/SHAKEN model, the OSP is the entity responsible for signing the call and asserting an attestation level.

See also: Attestation A, B, C.

PASSporT

Personal Assertion Token — the JWT structure defined by RFC 8225 that carries the cryptographically-signed identity assertion in a STIR-signed call.

See STIR and RFC 8225.

RespOrg

Responsible Organization — under US toll-free number administration, the entity registered with the Toll-Free Numbering Registry as having the right to manage a particular toll-free number. RespOrgs are identified by a five-character RespOrgID, are authenticated through the registry, and are the natural right-to-use authority for the toll-free numbers in their inventory.

See also: RespOrgID, SPC, TFNRegistry, RTU.

RespOrgID

The five-character identifier assigned to a Resp Org by the Toll-Free Numbering Registry. RespOrgIDs serve as valid SPC values in STIR certificates’ TNAuthList for toll-free call signing, alongside OCNs for voice service providers.

See also: RespOrg, SPC, OCN.

RMD — Robocall Mitigation Database

The FCC registry where US voice service providers file caller-authentication and robocall-mitigation certifications. Ejection from the RMD effectively removes a provider from the network, since intermediate and terminating providers are forbidden from accepting traffic from a delisted source.

See Robocall Mitigation Database for the full description.

RTU — Right-to-Use

The recognized authority of a specific entity to control how a telephone number is used: to receive calls on it, to assign it to a subscriber, to authorize originating providers to sign on its behalf. RTU is established through the underlying number-administration regimes — NPAC for ported numbers, the Toll-Free Numbering Registry for toll-free numbers, OCN-block assignments for ranges — and is distinct from physical possession of the number.

Section 64.1200(o)

The section of FCC rules at 47 CFR § 64.1200(o) that authorizes voice service providers to block calls based on a “reasonable” Do Not Originate list — the codification of DNO as a regulatory mechanism. The eligibility categories enumerated in the rule (invalid, unallocated, unassigned, subscriber-requested) define what may go on a “reasonable” list.

See also: DNO.

SHAKEN

Signature-based Handling of Asserted information using toKENs — the operational profile of STIR developed for the North American telecommunications industry, specified primarily through the ATIS-1000xxx series of documents. SHAKEN governs how STIR is deployed in production: certificate hierarchy, attestation levels, service-provider identifiers, and the policy framework binding the technical mechanism to industry obligations.

See STIR/SHAKEN and SHAKEN.

SPC — Service Provider Code

The abstract identifier defined by RFC 8226 as one of the choice entries permitted in a STIR certificate’s TNAuthList extension. In the SHAKEN profile, the SPC entry is populated with a service-provider identifier — an OCN for voice service providers, or a RespOrgID for toll-free Resp Orgs.

See also: OCN, RespOrgID, RespOrg, TNAuthList.

SPID — Service Provider Identifier

A four-character identifier used in NPAC-administered number-portability operations to identify the carrier serving a particular number. SPID is closely related to but distinct from OCN; carriers typically have an OCN for SHAKEN purposes and a SPID (often the same characters) for NPAC purposes.

See also: OCN, NPAC.

STIR

Secure Telephone Identity Revisited — the IETF working group and the family of specifications it produces for cryptographically authenticating caller identity. STIR is the protocol layer; SHAKEN is the operational profile that deploys STIR in the North American industry.

See STIR and STIR/SHAKEN.

TFNRegistry

The US Toll-Free Numbering Registry — the authoritative database of toll-free number assignments and RespOrg associations, operated by Somos, Inc. as the FCC-tariffed registry administrator. Toll-free right-to-use runs through the TFNRegistry.

See also: RespOrg, RTU.

TNAuthList

Telephone Number Authority List — the X.509 certificate extension defined by RFC 8226 that binds a STIR certificate to a set of telephone numbers, number ranges, or service-provider codes the certificate holder is authorized to sign for.

See RFC 8226.

TTWG

Telecom Trust Working Group — the standing working group within the Communications Fraud Control Association where cross-industry voice and messaging trust frameworks are discussed. The DNO+ proposal is being developed inside TTWG.

See also: CFCA.