STIR/SHAKEN overview
Your guide to everything STIR and SHAKEN
STIR (Secure Telephony Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) are the frameworks that promise to prevent the completion of illegally spoofed calls.
Overview
STIR/SHAKEN uses digital certificates, based on common public key cryptography techniques, to ensure the calling number of a telephone call is secure. Each telephone service provider obtains their digital certificate from a certificate authority who is a trusted authority. The certificate technology enables the called party to verify that the calling number is accurate and has not been spoofed.
STIR/SHAKEN work flow

- A SIP INVITE is received by the originating telephone service provider.
- The originating telephone service provider checks the call source and calling number to determine how to attest for the validity of the calling number.
- Full Attestation. The service provider has authenticated the calling party and attest that they are authorized to the use the calling number. An example of this case is a subscriber registered with the originating telephone service provider’s softswitch.
- Partial Attestation. The service provider has authenticated the call origination but cannot verify the call source is authorized to use the calling number. An example of this use case is a telephone number behind an enterprise PBX.
- Gateway Attestation. The service provider has authenticated from where it received the call but cannot authenticate the call source. An example of this case would be a call received from an international gateway.
- The originating telephone service provider uses the authentication service to create a SIP Identity header. The authentication service could be a third party service hosted in the cloud, or a software application integrated with the telephone service provider’s Session Border Controller (SBC) or a softswitch. The SIP Identity header contains the following encrypted data:
- Calling number
- Called number
- Date and time
- Attestation
- Unique originating identifier
- The SIP INVITE with the SIP Identity header is sent to the terminating telephone service provider. In addition, the Identity token may be sent across the internet, out-of-band, to the terminating provider’s Call Placement Service
- The SIP INVITE with Identity header is passed to the verification service.
- The verification service obtains the digital certificate of the originating telephone service provider from the public certificate repository. The two step process of verification commences. Verification is a two-step process. First, the SIP Identity header is base-64 decoded and the details are compared to the SIP INVITE message. If they match, the next step is to use the public key of the certificate to verify the SIP identity header signature. If both verification steps are successful, then the calling number has not been spoofed.
- The verification service returns the results to the terminating service provider’s softswitch or SBC.
- The call is completed to the called party.
For more information on STIR/SHAKEN, see our STIR/SHAKEN software solution overview.
Contact us today to learn more about STIR/SHAKEN.
More on TransNexus.com
March 3, 2021
Why you might use a Centralized SHAKEN Server, and how
March 2, 2021
February 23, 2021
Webinar — What is STIR/SHAKEN, and how to comply
February 23, 2021
TransNexus works with DigiCert to provide SHAKEN certificates
February 17, 2021
ClearIP Out-of-Band SHAKEN enhancements
February 8, 2021
FCC to telcos—You cannot be dumb pipes for robocalls
February 4, 2021
U.S. SHAKEN Governance Authority issues year-end report for 2020
February 1, 2021
Webinar — TRACED Act compliance — everything you need to know
January 27, 2021
Service provider STI fee changes for 2021
January 18, 2021
Webinar recording — Complying with the TRACED Act made simple
January 15, 2021
FCC proposes rules on SHAKEN certificate revocation for noncompliance
January 4, 2021
FCC issues further restrictions on robocalls
December 18, 2020
SIPNOC webinar recording available—Rich Call Data and Out-of-Band SHAKEN
November 30, 2020
Service providers request SHAKEN extensions
November 20, 2020
FCC SHAKEN Second Report and Order deadlines
November 18, 2020
U.S. STI-GA to update the Service Provider Code token access policy for STIR/SHAKEN
November 3, 2020
Comments on caller ID authentication best practices
November 2, 2020
STIR/SHAKEN, least cost routing and attestation
October 28, 2020
Reply comments on caller ID authentication progress
October 26, 2020
October 21, 2020
SHAKEN benefits for enterprise callers
October 19, 2020
PASSporTs used with STIR/SHAKEN
October 19, 2020
How to register with the STI Policy Administrator to authenticate calls with STIR/SHAKEN
October 14, 2020
October 14, 2020
International SHAKEN — how that might work
October 7, 2020
Best practices for call authentication – first proposal
October 5, 2020
Three requirements from the FCC SHAKEN orders that will apply to most U.S. providers
September 30, 2020
FCC approves second order on SHAKEN
September 28, 2020
SHAKEN, robocall mitigation, or both?
September 16, 2020
Robocall mitigation program mandate
June 25, 2020
Open source Call Placement Service advances SHAKEN call authentication for all
Our STIR/SHAKEN products:
- Most affordable commercial solutions
- Work with any TDM and/or SIP network
- Include support with all aspects of deployment.