Securing the Emergency Call Chain: A Cloud-Native CPaaS Framework for Next-Generation Public Safety Networks

Abstract

The migration from circuit-switched emergency service networks to IP multimedia systems presents significant challenges for maintaining security, reliability, and location accuracy in public safety applications. This article presents a cloud-native Communications-Platform-as-a-Service (CPaaS) architecture designed specifically for Next Generation 9-1-1 (NG911) services integration. The proposed framework operates on dedicated, carrier-grade infrastructure segregated from commercial traffic, abstracting traditional PSTN, SIP, and WebRTC protocols into standardized RESTful endpoints while implementing multi-tiered gateways for location validation and Public Safety Answering Point (PSAP) routing. Security mechanisms include Demonstrating Proof-of-Possession (DPoP) and mutual TLS (mTLS) bound access tokens for sender-constrained authentication, STIR/SHAKEN integration, and scoped JSON Web Tokens to prevent spoofing while enforcing least-privilege access controls. The architecture targets 99.999% availability through dual-region, active-active deployment. Edge computing keeps sub-500 ms (P95) call setup times, while an event-streaming layer manages disaster-driven surges without sacrificing location fidelity or breaching data-sovereignty mandates. Complete mapping to NENA i3 interface specifications and compliance with FCC Part 9, Kari's Law, and RAY BAUM'S Act ensures compatibility with current regulatory requirements and next-generation emergency service standards.