STIR/SHAKEN authentication and verification of secure caller ID
Unwanted robocalls have infected the telephone network. An estimated 26.3 billion robocalls were made to mobile phones in the U.S. in 2018. Many of these unwanted calls are intended to defraud those who answer these calls.
Unwanted robocalls are the leading consumer complaint to the FCC in the U.S. and the CRTC in Canada.
Because of this flood of unwanted robocalls:
- Customers are reluctant to answer their phones
- Businesses struggle to reach their customers
- Telephone service providers see lower call completion rates
- Wholesale service providers must invest in more network capacity to handle the flood of robocalls—many are not answered
Robocalls perpetrators use fake caller ID to trick subscribers into answering calls:
- Sometimes they use a number from a government agency or utility company to con people into sending money to the fraudster.
- Others use a number that resembles the called party’s number, a technique called neighbor spoofing, to make people think a neighbor is calling.
Solution: secure caller ID with STIR/SHAKEN
To give customers relief, the telecom industry has developed a way to secure the caller ID information so that people will know if the caller ID is either spoofed or legitimate. It’s called STIR/SHAKEN.
Fans of James Bond movies may recognize “stir” and “shaken” as alternative ways to mix a martini. STIR/SHAKEN advocates borrowed the idea to come up with memorable acronyms to describe the framework:
- STIR: Secure Telephony Identity Revisited. A framework for authenticating and verifying caller ID.
- SHAKEN: Secure Handling of Asserted information using toKENs. A specific framework built on top of the STIR framework that details how tokens should be used.
The initiative to design, agree, promote and adopt STIR/SHAKEN is called Secure Telephone Identity (STI).
How STIR/SHAKEN works
Free STIR/SHAKEN offer!
Process up to a million calls for no charge until the PA and CAs are live.
Although the STIR/SHAKEN technical details are involved, the general idea is simple:
- An originating service provider puts the call on the network. Using STIR/SHAKEN, that provider also authenticates the caller ID information. They know their customers, so they’re well-positioned to do that. And they secure their authentication by signing the call using public key infrastructure, which is also widely used with the internet.
- A terminating service provider delivers the call to their customer. Using STIR/SHAKEN, that provider also verifies the caller ID information in the call using the public key infrastructure to confirm the information and signature still match, that is, they were not tampered with or replayed in transmission.
Frequently asked questions
Network engineers often have technical questions about implementing STIR/SHAKEN in their network. Here are a few questions we often hear:
- How would STIR/SHAKEN affect my network? It depends upon how you implement it. Different providers are taking different approaches. TransNexus STIR/SHAKEN solutions can perform authentication and verification services at any point in the call flow to minimize network impact. We also offer a SHAKEN Proxy to minimize deployment effort.
- Would STIR/SHAKEN services disrupt call flow through the network? Setup options enable you to define actions to be taken in response to service outcomes. Unless you set up call blocking in certain scenarios, which is a policy option you can choose, your calls will continue to flow through your network. We will work with you to tailor the implementation to your network requirements.
- What about certificates? Our STIR/SHAKEN solutions provide complete certificate management capabilities.
- Can we start now, before the Policy Administrator is in place? Yes, absolutely. You can begin authenticating and signing outbound calls now, and verifying any calls you receive that were signed. You can make arrangements with other carriers that are beginning SHAKEN. Some have already announced plans to implement STIR/SHAKEN this year, and T-Mobile has already started.
- If we start now, will we have to redo things when the Policy Administrator comes online? No, not at all. We have set up a TransNexus Certificate Authority for our customers to use now, just like you will do when the Policy Administrator comes online. When that happens, you will establish trust relationships with new Certificate Authorities, but otherwise your STIR/SHAKEN setup will continue to work seamlessly.
- Why implement STIR/SHAKEN now? Be among the first to help subscribers identify verified calls and spoofed calls. Customers are desperate for robocall relief. Show them they can get the latest solutions from you!
A better STIR/SHAKEN solution
TransNexus was an early frontrunner in developing STIR/SHAKEN solutions in our ClearIP and NexOSS software products. We created code in these products and successfully tested it with the ATIS test bed, an industry-sponsored method to check basic functionality.
Our solutions perform the requisite authentication, verification and digital signature functions. And we have created a Certificate Authority structure for our customers to use until the STI Policy Administrator comes online later this year, to support realistic STIR/SHAKEN processing now.
TransNexus STIR/SHAKEN solutions also provide capabilities not found in other STIR/SHAKEN solutions, such as:
- Policy management
- An integrated portfolio of services in one package
- Both in-band and out-of-band transmission of the Identity token
- Rich Call Data
These additional capabilities give TransNexus solutions unique advantages over other STIR/SHAKEN solutions.
Imagine flexible, precise controls that let you to enable/disable STIR/SHAKEN by service provider, trunk group, inbound-or-outbound call, subscriber, or telephone number.
Have you been wondering how you’re going to manage attestation levels for calls you authorize? Our STIR/SHAKEN solutions give you the controls you need to set attestation levels appropriate to the circumstances.
TransNexus STIR/SHAKEN solutions:
- Provide flexible, precise controls
- Include authentication, verification and certificate management
- Enable/disable STIR/SHAKEN by service provider, trunk group, inbound-or-outbound call, subscriber, telephone number
- For example, you could set up one customer to block calls with invalid signatures, another customer to divert such calls to CAPTCHA gateway or voicemail, and another customer to accept these calls.
- Establish attestation levels with flexibility and precision by the same call groups (service provider, trunk group, etc.)
No other STIR/SHAKEN solution comes with this level of policy management capabilities out-of-the-box.
Portfolio of services
Our STIR/SHAKEN solutions are delivered in software products that provide a wide array of other services, such as:
- Fraud prevention
- Unwanted robocall blocking
- Detection of invalid and high-risk calling numbers and flexible call handling
- Call diversion to CAPTCHA for IVR screening or to voice mail
- Intelligent least cost routing
- Location Routing Number (LRN) dip service (U.S. only)
- CNAM (caller ID name) identification
- Flexible blacklists, including call forward blacklisting, for calling/called numbers, countries and user agents
No other STIR/SHAKEN solution offers such extensive service capabilities from just one dip.
Both in-band and out-of-band transmission of Identity token
The standard STIR/SHAKEN design puts the Identity token in the SIP header, which accompanies the call on its journey through the SIP network. This is in-band transmission of the token. But their are several reasons why the token will not survive transit across the network. In these instances, the benefits of STIR/SHAKEN are lost.
One promising remedy is to send the Identity token to the terminating service provider across the internet. This is called Out-of-Band STIR. TransNexus software products are the only STIR/SHAKEN solutions that we know of that support this method today.
Rich Call Data
Rich Call Data describes a technique of placing additional information about the caller in the SHAKEN Identity token. This gives the called party more information about the incoming call to help persuade them to answer the phone.
The Rich Call Data is managed by the calling party and their originating service provider who signs their calls. This is especially attractive to enterprises that make lots of outbound calls because it gives them greater control over the presentation of their brand to the people they call.
Rich Call Data is part of the STIR/SHAKEN framework, which makes it a more accurate and trusted means of presenting caller information.
TransNexus software products are the only STIR/SHAKEN solutions that we know of that support the use of Rich Call Data.
Let us show you
Our STIR/SHAKEN software products give you a complete end-to-end solution with policy management and an integrated portfolio of services.
Contact us today to learn how we can help you deploy STIR/SHAKEN in your network.
This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.
More on TransNexus.com
December 5, 2019
December 2, 2019
November 18, 2019
October 1, 2019
October 1, 2019
August 22, 2019
August 16, 2019
August 15, 2019
June 20, 2019
April 29, 2019
TransNexus whitepapers on STIR/SHAKEN:
- STIR/SHAKEN overview. Basic introduction
- Understanding STIR/SHAKEN. Slightly more technical overview
- Certificate management for STIR/SHAKEN. In-depth coverage of how digital signatures and certificate management systems are used to sign calls in STIR/SHAKEN
- STIR/SHAKEN authentication service. Detailed overview of the STIR/SHAKEN authentication service performed by the originating service provider or authentication gateway service
- STIR/SHAKEN verification service. Detailed overview of the STIR/SHAKEN verification service performed by the terminating service provider
- Out-of-Band STIR. Explains how Identity tokens can be lost in transit through the PSTN and how Out-of-Band STIR avoids these issues.
- Rich Call Data and STIR/SHAKEN. Describes the benefits to enterprise callers and consumers of including additional information about the caller in the SHAKEN Identity token.