Webinar recording—Prepare for the FCC SHAKEN deadline

April 14, 2022

This webinar will help you understand the regulatory requirements and processes to register for and deploy STIR/SHAKEN in your network.

Here are the slides used in the webinar presentation.

We’ve summarized and consolidated questions we received during the webinar and provided answers here. Contact us if you have further questions.

Please clarify current situation wih attestation of diverted calls (call come from another operator): When a call is diverted, the called number in the SHAKEN PASSporT will not match the called number. SHAKEN verification will fail. The DIV PASSporT solves this problem by adding another PASSporT with the new called number at the point where the diversion takes place.
Do you have a list of the SBCs and PBX that you are certified with?: We’ve listed 17 brands in this platform selector that are often used by our customers and with which we’ve set up integrations. Any equipment that sends/receives SIP INVITEs and will route advance, decline or redirect should work.
Are most companies using the REST API or are they using the SIP INVITE to add the Identity Header?: Most are adding the Identity header to the SIP INVITE.
TDM?: SHAKEN for TDM standards have been approved.
So if I am a facilities-based small provider (I have 700 phone lines all connected by copper or fiber) I am still free until June 2023?: Yes.
What happens on call forwarding off net where number presented is calling party and not a number owned by service provider?: With basic STIR/SHAKEN, the call would fail verification by the terminating service provider because the called numbers don’t match. There’s a method to deal with these situations, however, where the service provider that forwards the call adds a DIV (diversion) PASSporT to account for the forwarding from the initial called number to the forwarded number.
How do TDM service providers implement full SHAKEN integration?: There are two approved techncial standards for SHAKEN for TDM. One involves inserting SHAKEN information into TDM signaling, and the other uses Out-of-Band SHAKEN to send the SHAKEN information over the internet, around non-IP segments along the call path.
Is the 302 redirect (internal to the Originating Service Provider) explicitly required? Our routing infrastructure is slightly different than the flow shown in the slides. There are no issues adding the header to the SIP Invite that gets sent to a SIP provider.: No, SIP 302 is not explicitly required. We mentioned it as a common example because it works well with many brands of network equipment. However, any technique that puts a properly-formatted Identity header in the SIP INVITE is fine.
Authentication occurs before the first ring on the other end of the recipient?: Yes.
If the SHAKEN Authentication Service node goes down, will that cause calls to fail, or is there some kind of fallback (in which case the call won’t get signed) but still go out?: The SHAKEN Authentication Service is typically set up with redundant failover and status pings, so it’s unlikely that they would not be available. However, if they are all unavailable, then your switch would route advance to the next SIP trunk and the call would go out unsigned.
Are facilities-based small service providers, under 100,000 lines, required to be STIR/SHAKEN compliant by June 30,2022?: No. Facilities-based voice service providers with fewer than 100,000 subscriber lines are required to implement STIR/SHAKEN by June 30, 2023.
Does this deadline also apply to government institutions i.e. DISA ?: It applies to any voice service provider. There are no exceptions for government institutions.
What is the expectation for a reduction of spoofed calls?: Spoofing is expected to decline as STIR/SHAKEN participation increases. At this time, we observe that only 25% of calls are signed, which leaves lots of opportunity for undetected spoofing. When STIR/SHAKEN is everywhere, illegal spoofing will be caught quickly.
What if a customer has a contact centre and the agents select a CLID for each call? Ex: 5 calls could use 5 different #s.: The calling numbers would be set up in the authentication policy system so the Originating Service Provider would sign the calls with an appropriate attestation.
Is the deadline for small facilities-based providers still June 2023?: Yes. Small facilities-based providers can claim an extension until June 2023 in their Robocall Mitigation Database certification. This extension allows a small facilities-based provider to implement robocall mitigation instead of SHAKEN until June 2023, at which point SHAKEN must be implemented.
Do you have configuration where authenticated calls are provided by a transit network acting as a STIR/SHAKEN service provider, with verification service of signature by the transit network?: We recommend that you register to be authorized for SHAKEN. Then you can sign your own calls or have a signing service do it for you. Either way, it would be with your SHAKEN certificate.
What are the minimum requiriments for PBX or softsware to support SHAKEN?: Any equipment that sends/receives SIP INVITEs and will route advance, decline or redirect should work. Contact us to set up a quick call so we can review your situation and give you a specific answer.
We have PRI T1 circuits for inbound/outbound calling provided by Lumens. As a Lumens customer, are we affected by this deadline? As a customer, what do we need to do?: If you’re providing voice service to end users using your switch and someone elses facilities, then it seems likely that you are subject to the June 30, 2022 implementation deadline. Contact us to set up a quick call to discuss your situation and explore your options.
What happens if our switch loses connection to ClearIP and cannot authenticate calls? Do the calls fail?: No, the calls would not fail. Your switch would route advance and send the call to the next SIP trunk in your routing table. The call would go out unsigned.
Another configuration I suppose is where you have signature service provision by TransNexus as STIR/SHAKEN service provider?: We recommend that you register to be authorized for SHAKEN. Then you can sign your own calls or have a signing service do it for you. Either way, it would be with your SHAKEN certificate.

If you sign the calls yourself, you should be able to give a higher attestation level because you have a direct, authenticated relationship with your customers and their numbers, which a downstream signer does not have. This is how you overcome the attestation gap and remain competitive.
Any regulatory aspect with data privacy for data of CSP customers?: The STIR/SHAKEN regulations do not stipulate additional data privacy requirements. The additional data in STIR/SHAKEN involve things like attestation levels, origination IDs, and cryptographic signatures. Calling and called numbers and caller display name are involved, as with any other call. Of course privacy laws must be followed, but we haven’t seen discussion of privacy concerns with STIR/SHAKEN.

Agenda

Review of STIR/SHAKEN regulations
Registration process and guidance
Deployment options and guidance
Questions and answers

Presenters

Jim Dalton
Chief Executive Officer
TransNexus

Alec Fenichel
Chief Technology Officer
TransNexus

About TransNexus

TransNexus is a leader in developing innovative software to manage and protect telecommunications networks. The company has over 20 years’ experience in providing telecom software solutions including toll fraud prevention, robocall mitigation and prevention, TDoS prevention, analytics, routing, billing support, STIR/SHAKEN and SHAKEN certificates. For more information, visit transnexus.com.

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.