STIR/SHAKEN overview
Your guide to everything STIR and SHAKEN
STIR (Secure Telephony Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) are the frameworks that promise to prevent the completion of illegally spoofed calls.
Overview
STIR/SHAKEN uses digital certificates, based on common public key cryptography techniques, to ensure the calling number of a telephone call is secure. Each telephone service provider obtains their digital certificate from a certificate authority who is a trusted authority. The certificate technology enables the called party to verify that the calling number is accurate and has not been spoofed.
STIR/SHAKEN work flow

- A SIP INVITE is received by the originating telephone service provider.
- The originating telephone service provider checks the call source and calling number to determine how to attest for the validity of the calling number.
- Full Attestation. The service provider has authenticated the calling party and attest that they are authorized to the use the calling number. An example of this case is a subscriber registered with the originating telephone service provider’s softswitch.
- Partial Attestation. The service provider has authenticated the call origination but cannot verify the call source is authorized to use the calling number. An example of this use case is a telephone number behind an enterprise PBX.
- Gateway Attestation. The service provider has authenticated from where it received the call but cannot authenticate the call source. An example of this case would be a call received from an international gateway.
- The originating telephone service provider uses the authentication service to create a SIP Identity header. The authentication service could be a third party service hosted in the cloud, or a software application integrated with the telephone service provider’s Session Border Controller (SBC) or a softswitch. The SIP Identity header contains the following encrypted data:
- Calling number
- Called number
- Date and time
- Attestation
- Unique originating identifier
- The SIP INVITE with the SIP Identity header is sent to the terminating telephone service provider. In addition, the Identity token may be sent across the internet, around non-SIP call segments, using Out-of-Band SHAKEN.
- The SIP INVITE with Identity header is passed to the verification service.
- The verification service obtains the digital certificate of the originating telephone service provider from the public certificate repository. The two step process of verification commences. Verification is a two-step process. First, the SIP Identity header is base-64 decoded and the details are compared to the SIP INVITE message. If they match, the next step is to use the public key of the certificate to verify the SIP identity header signature. If both verification steps are successful, then the calling number has not been spoofed.
- The verification service returns the results to the terminating service provider’s softswitch or SBC.
- The call is completed to the called party.
For more information on STIR/SHAKEN, see our STIR/SHAKEN software solution overview.
Contact us today to learn more about STIR/SHAKEN.
More on TransNexus.com
Feb 1, 2023
STIR/SHAKEN statistics from January 2023
Jan 25, 2023
Reply comments on FCC inquiry into non-IP call authentication
Jan 11, 2023
FCC sends STIR/SHAKEN report to U.S. Congress
Dec 21, 2022
Verizon seeks gateway provider deadline extensions
Dec 19, 2022
FCC decides on the small provider STIR/SHAKEN extension
Dec 14, 2022
Comments on the FCC inquiry into non-IP call authentication
Dec 14, 2022
Webinar recording — Get ready for STIR/SHAKEN
Nov 28, 2022
Webinar — Get ready for STIR/SHAKEN
Nov 21, 2022
ATIS Robocalling Testbed adds features
Nov 9, 2022
Legal Entity Identifiers and call authentication
Oct 26, 2022
Reply comments on SHAKEN extensions and effectiveness
Oct 19, 2022
NTCA suggestions for FCC non-IP SHAKEN inquiry
Oct 17, 2022
Proposed updates to SHAKEN governance standards
Oct 10, 2022
FCC to consider SHAKEN for TDM
Oct 5, 2022
Comments on SHAKEN extensions and effectiveness
Sep 29, 2022
Proposed updates to delegate certificate standards
Sep 19, 2022
Reply comments on proposed SHAKEN and robocall mitigation rules
Aug 29, 2022
Updated SHAKEN standard improves security
Aug 22, 2022
Comments on proposed SHAKEN and robocall mitigation rules
Jul 18, 2022
Final gateway provider SHAKEN rules published
Jul 13, 2022
Third-party signing undermines SHAKEN
May 31, 2022
Best practices for terminating providers using STIR/SHAKEN
May 23, 2022
New SHAKEN and robocall rules for gateway providers
Mar 30, 2022
Delegate certificate roles and benefits
Mar 7, 2022
The evolution of SHAKEN implementation claims
Feb 21, 2022
Impact of FCC challenges to robocall mitigation filings
Feb 14, 2022
FCC questions some SHAKEN implementation claims
Dec 13, 2021
FCC order accelerates SHAKEN deadline for some small providers
Nov 1, 2021
Canadian SHAKEN token access policy revised
Oct 20, 2021
STI-GA announces support for enhanced SHAKEN functionality
August 16, 2021
Canadian regulator changes service provider SHAKEN qualifications
July 15, 2021
Our STIR/SHAKEN products:
- Work with your existing network
- Support SIP and TDM
- Affordable, easy to deploy