STIR/SHAKEN overview

Your guide to everything STIR and SHAKEN

STIR (Secure Telephony Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) are the frameworks that promise to prevent the completion of illegally spoofed calls.

Overview

STIR/SHAKEN uses digital certificates, based on common public key cryptography techniques, to ensure the calling number of a telephone call is secure. Each telephone service provider obtains their digital certificate from a certificate authority who is a trusted authority. The certificate technology enables the called party to verify that the calling number is accurate and has not been spoofed.

STIR/SHAKEN work flow

How STIR/SHAKEN work in a network
  1. A SIP INVITE is received by the originating telephone service provider.
  2. The originating telephone service provider checks the call source and calling number to determine how to attest for the validity of the calling number.
    • Full Attestation. The service provider has authenticated the calling party and attest that they are authorized to the use the calling number. An example of this case is a subscriber registered with the originating telephone service provider’s softswitch.
    • Partial Attestation. The service provider has authenticated the call origination but cannot verify the call source is authorized to use the calling number. An example of this use case is a telephone number behind an enterprise PBX.
    • Gateway Attestation. The service provider has authenticated from where it received the call but cannot authenticate the call source. An example of this case would be a call received from an international gateway.
  3. The originating telephone service provider uses the authentication service to create a SIP Identity header. The authentication service could be a third party service hosted in the cloud, or a software application integrated with the telephone service provider’s Session Border Controller (SBC) or a softswitch. The SIP Identity header contains the following encrypted data:
    • Calling number
    • Called number
    • Date and time
    • Attestation
    • Unique originating identifier
  4. The SIP INVITE with the SIP Identity header is sent to the terminating telephone service provider. In addition, the Identity token may be sent across the internet, around non-SIP call segments, using Out-of-Band SHAKEN.
  5. The SIP INVITE with Identity header is passed to the verification service.
  6. The verification service obtains the digital certificate of the originating telephone service provider from the public certificate repository. The two step process of verification commences. Verification is a two-step process. First, the SIP Identity header is base-64 decoded and the details are compared to the SIP INVITE message. If they match, the next step is to use the public key of the certificate to verify the SIP identity header signature. If both verification steps are successful, then the calling number has not been spoofed.
  7. The verification service returns the results to the terminating service provider’s softswitch or SBC.
  8. The call is completed to the called party.

For more information on STIR/SHAKEN, see our STIR/SHAKEN software solution overview.

Contact us today to learn more about STIR/SHAKEN.

Request information

* required

This information will only be used to respond to your inquiry. TransNexus will not share your data with any third parties. We will retain your information for as long as needed to retain a record of your inquiry. For more information about how we use personal data, please see our privacy statement.


More on TransNexus.com

Sep 29, 2022

Proposed updates to delegate certificate standards

Sep 19, 2022

Reply comments on proposed SHAKEN and robocall mitigation rules

Sep 7, 2022

Robocalls rebound in August

Sep 2, 2022

STIR/SHAKEN statistics from August 2022

Aug 29, 2022

Updated SHAKEN standard improves security

Aug 22, 2022

Comments on proposed SHAKEN and robocall mitigation rules

Aug 1, 2022

STIR/SHAKEN statistics from July 2022

Jul 18, 2022

Final gateway provider SHAKEN rules published

Jul 13, 2022

Third-party signing undermines SHAKEN

Jul 5, 2022

STIR/SHAKEN statistics from June 2022

Jun 29, 2022

Service providers prepare for imminent SHAKEN deadline

Jun 20, 2022

Authorized SHAKEN providers growing fast

Jun 15, 2022

SHAKEN deadline reminder for small non-facilities-based providers

Jun 1, 2022

STIR/SHAKEN statistics from May 2022

May 31, 2022

Best practices for terminating providers using STIR/SHAKEN

May 25, 2022

More rules proposed for STIR/SHAKEN and robocall mitigation

May 23, 2022

New SHAKEN and robocall rules for gateway providers

May 16, 2022

Pending robocall rules raise concern

May 11, 2022

Highlights from the FCC robocalls and SHAKEN draft order

May 4, 2022

STIR/SHAKEN statistics from April 2022

Apr 27, 2022

FCC to vote on new robocall rules for gateway providers

Apr 14, 2022

Webinar recording — Prepare for the FCC SHAKEN deadline

Apr 4, 2022

STIR/SHAKEN statistics from March 2022

Mar 30, 2022

Delegate certificate roles and benefits

Mar 28, 2022

No SHAKEN claims surge in March

Mar 9, 2022

SHAKEN implementation claims among non-U.S. service providers

Mar 7, 2022

The evolution of SHAKEN implementation claims

Feb 21, 2022

Impact of FCC challenges to robocall mitigation filings

Feb 14, 2022

FCC questions some SHAKEN implementation claims

Dec 13, 2021

FCC order accelerates SHAKEN deadline for some small providers

Nov 1, 2021

Canadian SHAKEN token access policy revised

Oct 25, 2021

Enforcement action against robocallers in the SHAKEN era

Oct 20, 2021

STI-GA announces support for enhanced SHAKEN functionality

August 16, 2021

Canadian regulator changes service provider SHAKEN qualifications

July 15, 2021

SHAKEN for TDM standards approved