STIR/SHAKEN overview

Your guide to everything STIR and SHAKEN

STIR (Secure Telephony Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) are the frameworks that promise to prevent the completion of illegally spoofed calls.

Overview

STIR/SHAKEN uses digital certificates, based on common public key cryptography techniques, to ensure the calling number of a telephone call is secure. Each telephone service provider obtains their digital certificate from a certificate authority who is a trusted authority. The certificate technology enables the called party to verify that the calling number is accurate and has not been spoofed.

STIR/SHAKEN work flow

How STIR/SHAKEN work in a network
  1. A SIP INVITE is received by the originating telephone service provider.
  2. The originating telephone service provider checks the call source and calling number to determine how to attest for the validity of the calling number.
    • Full Attestation. The service provider has authenticated the calling party and attest that they are authorized to the use the calling number. An example of this case is a subscriber registered with the originating telephone service provider’s softswitch.
    • Partial Attestation. The service provider has authenticated the call origination but cannot verify the call source is authorized to use the calling number. An example of this use case is a telephone number behind an enterprise PBX.
    • Gateway Attestation. The service provider has authenticated from where it received the call but cannot authenticate the call source. An example of this case would be a call received from an international gateway.
  3. The originating telephone service provider uses the authentication service to create a SIP Identity header. The authentication service could be a third party service hosted in the cloud, or a software application integrated with the telephone service provider’s Session Border Controller (SBC) or a softswitch. The SIP Identity header contains the following encrypted data:
    • Calling number
    • Called number
    • Date and time
    • Attestation
    • Unique originating identifier
  4. The SIP INVITE with the SIP Identity header is sent to the terminating telephone service provider. In addition, the Identity token may be sent across the internet, around non-SIP call segments, using Out-of-Band SHAKEN.
  5. The SIP INVITE with Identity header is passed to the verification service.
  6. The verification service obtains the digital certificate of the originating telephone service provider from the public certificate repository. The two step process of verification commences. Verification is a two-step process. First, the SIP Identity header is base-64 decoded and the details are compared to the SIP INVITE message. If they match, the next step is to use the public key of the certificate to verify the SIP identity header signature. If both verification steps are successful, then the calling number has not been spoofed.
  7. The verification service returns the results to the terminating service provider’s softswitch or SBC.
  8. The call is completed to the called party.

For more information on STIR/SHAKEN, see our STIR/SHAKEN software solution overview.

Contact us today to learn more about STIR/SHAKEN.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.


More on TransNexus.com

July 15, 2021

SHAKEN for TDM standards approved

July 14, 2021

SHAKEN attestation statistics for early July 2021

July 2, 2021

June 2021 STIR/SHAKEN statistics

July 1, 2021

Webinar—Out-of-Band SHAKEN deployment—everything you need to know

July 1, 2021

Robocall Mitigation Database filing statistics

June 29, 2021

Robocaller tried to hack SHAKEN

June 23, 2021

FCC issues public notice on SHAKEN and robocall mitigation June 30 deadline

June 16, 2021

TransNexus at ITEXPO 2021

June 15, 2021

May 2021 STIR/SHAKEN statistics

June 11, 2021

Webinar recording — Preparing for SHAKEN in Canada

June 9, 2021

Robocall Mitigation Database filing statistics

June 7, 2021

U.S. — Canada cross-border SHAKEN

June 2, 2021

Webinar — TDM to SIP network transformation best practices

June 1, 2021

Webinar — Robocall mitigation filing essentials

May 26, 2021

Webinar — Preparing for SHAKEN in Canada

May 25, 2021

Press release — New Out-of-Band SHAKEN whitepaper available

May 13, 2021

FCC — Service providers must now diligently pursue SHAKEN certificates

May 11, 2021

STI Governance Authority changes effective date of new SPC token access policy

May 3, 2021

Out-of-Band SHAKEN goes to letter ballot

April 30, 2021

Webinar recording — Robocall mitigation filing essentials

April 26, 2021

Robocall mitigation certification filing begins

April 7, 2021

Canadian regulator postpones STIR/SHAKEN deadline

March 31, 2021

FCC STIR/SHAKEN deadline extension petitions denied or withdrawn

March 29, 2021

Robocall mitigation compliance strategy

March 26, 2021

Webinar recording — Prepare for the FCC robocall deadline

March 3, 2021

Why you might use a Centralized SHAKEN Server, and how

February 23, 2021

Webinar — What is STIR/SHAKEN, and how to comply

February 23, 2021

TransNexus works with DigiCert to provide SHAKEN certificates

February 17, 2021

ClearIP Out-of-Band SHAKEN enhancements

February 8, 2021

FCC to telcos—You cannot be dumb pipes for robocalls

February 4, 2021

U.S. SHAKEN Governance Authority issues year-end report for 2020

February 1, 2021

Webinar — TRACED Act compliance — everything you need to know

January 27, 2021

Service provider STI fee changes for 2021

January 18, 2021

Webinar recording — Complying with the TRACED Act made simple

January 15, 2021

FCC proposes rules on SHAKEN certificate revocation for noncompliance

January 4, 2021

FCC issues further restrictions on robocalls