Illegal robocalling continues to plague consumers, more than interrupting with nuisance calls about automotive extended warranties, they have become the point of entry for scammers who prey on consumers.
“Unwanted calls – including illegal and spoofed robocalls – are the FCC’s top consumer complaint and our top consumer protection priority” – Former FCC Chairman Ajit Pai
Falsification of a caller’s identity, or caller ID spoofing, is a favorite deception used by illegal robocallers and scammers to get their victims to answer the call. Whether the call appears to be from a neighbor, a bank, a utility or a government agency, consumers often fall for the deception, costing millions of dollars per year in fraud.
Regulators worldwide are strengthening efforts to combat fraud and unwanted calls through caller ID authentication frameworks. In the United States, the FCC and FTC enforce the TRACED Act, which mandates STIR/SHAKEN to verify caller identity, while countries such as France and Brazil have introduced similar authentication requirements.
While complicated in implementation, the simple objective of STIR/SHAKEN is to secure the identity of the calling party, allowing the called party to know with relative certainty who initiated the call. For the subscriber, this should re-establish trust in the caller ID displayed on their telephone, presenting an icon or text that indicates that the caller-ID information is valid.
A second objective of implementing STIR/SHAKEN is to improve the analytics used to detect and block illegal robocallers, allowing legal robocallers (reverse 9-1-1, doctor’s appointment reminders, etc.) to reliably reach their intended recipients.
A third objective is to provide tools for law enforcement, enabling them to identify the source of phone calls, maintain a record of potentially illegal activity, and provide a strong deterrent.
The design of STIR/SHAKEN is centered around creating an encrypted identity token at the originating service provider, passing it through the network to the terminating service provider, who verifies its authenticity. Using well-understood public key infrastructure (PKI), STIR/SHAKEN relies on certificates managed by a Certificate Authority (CA) that closely manages issuance and revocation, limiting issuance to vetted and credentialed telephony service providers.
Figure 1: STIR/SHAKEN Architecture
As shown in Figure 1, a simplified STIR/SHAKEN architecture encompasses a number of key elements:
Calling Party – the initiator of the call, a known customer of the originating telephone service provider (TSP).
Called Party – the intended recipient of the call, likely a subscriber on a different TSP.
Originating TSP – the service provider that first handles the call from the calling to the called party, is responsible for attesting to the authenticity of the caller, using an Authentication Service to create a secure telephone identity token. The identity is embedded in the SIP signaling before passing the call to the Terminating TSP.
Authentication Service – using the call information and attestation, creates an encoded identity token, returning the token to the Originating TSP.
Terminating TSP – the service provider that services the called party, validates the identity token using a caller ID Verification Service, and relays the results of the verification to the Called Party.
Verification Service – decodes the identity token, verifies the token with the certificate public key, and relays the verification status (true/false) back to the Terminating TSP.
Certificate Repository – a shared service that hosts the certificates for each of the trusted service providers.
TelcoBridges and TransNexus have teamed to deliver a complete STIR/SHAKEN solution for service providers that is easy to integrate into existing systems, scales easily, works for both SIP and TDM networks, and has a business model that scales with adoption.
Figure 2: STIR/SHAKEN for SIP Networks
For SIP-based telecom service providers, the use of TelcoBridges ProSBC and TransNexus ClearIP is integrated together as shown in Figure 2.
At the Originating TSP, the architecture puts an SBC instance at the egress of their network, capturing call details as they leave their network, and passing the calling party information to ClearIP. The ClearIP service assigns an attestation letter, generates an Identity header, and returns the SIP identity header to ProSBC. That SIP INVITE with the Identity header is then passed on to the destination Terminating TSP.
At the Terminating TSP, the architecture puts an SBC at the point of ingress, passing the SIP INVITE with the SIP Identity header to ClearIP for verification. ClearIP retrieves the certificate found in the Identity header, verifies its authenticity, and returns a “verstat” status in the P-Asserted Identity field of the SIP INVITE. At this point, the softswitch at the Terminating TSP can use the verstat results to:
However, not all service providers have completed their migration to SIP, leaving part or all of their network using TDM equipment. To help bridge this gap, a TelcoBridges/TransNexus STIR/SHAKEN solution offers the flexibility to work in both SIP and TDM networks, or hybrid networks and any combination of service providers.
Figure 3: STIR/SHAKEN for TDM Networks
For TDM-based telecom service providers, use of TelcoBridges TMG Media Gateways with TransNexus ClearIP integrates as shown in Figure 3.
At the Originating TSP, the architecture puts a media gateway instance at the egress of their network, capturing call details as they leave their network, and passing the calling party information to ClearIP. The ClearIP service assigns an attestation letter, authenticates the call and posts the identity header at the destination TSP’s designated Call Placement Service.
At the Terminating TSP, the architecture puts a media gateway at the point of ingress. Upon arrival of a call, the media gateway converts the call to SIP, passing the INVITE to ClearIP, where the SIP Identity header is retrieved from the Call Placement Service. Once retrieved, the Identity header is verified for authenticity, and ClearIP returns a “verstat” status to the media gateway. At this point, the media gateway or TDM switch at the Terminating TSP can use the verstat results to:
Learn how TelcoBridges helped Wabash Communications implement STIR/SHAKEN to help eliminate illegal robocalls and improve subscriber answer rates.
Read Case Study
The benefits of the TelcoBridges/Transnexus includes:
Inserting ProSBC into the call flow eliminates the need for major system upgrades.
TelcoBridges’ STIR/SHAKEN solution supports both SIP and TDM networks or hybrid networks.
Based on ATIS standard interfaces, our STIR/SHAKEN solution is compatible with standard STIR/SHAKEN solutions.
The TelcoBridges STIR/SHAKEN solution can be deployed in existing data centers or as a software-as-a-service subscription.
Service providers can “ramp up” their support for STIR/SHAKEN as they migrate and grow.
The TelcoBridges’ STIR/SHAKEN solution is based on reliable carrier-class software and hardware systems.
From the TelcoBridges Video Library:
More on TelcoBridges’ ProSBC and TMG media gateways: www.prosbc.com & VoIP media gateways
More on TransNexus’ ClearIP: https://transnexus.com/clearip/
Complete the form below to request a consultation with our experts who can evaluate and make recommendations on your specific situation:
STIR/SHAKEN is a framework used by phone carriers to authenticate caller ID information.
Together, STIR/SHAKEN create a secure “digital signature” for calls as they move through phone networks, helping verify that the caller ID hasn’t been spoofed and preventing unwanted robocalls.
STIR/SHAKEN is important because it helps prevent call spoofing, a tactic often used in phone scams and robocalls. By authenticating caller ID, carriers can verify who is placing a call, flag or block suspicious traffic, and give consumers more confidence when answering. It also helps communications service providers and call centers improve call answer rates because their outbound, legitimate calls appear trustworthy, ultimately restoring accountability and trust in voice communications.
Indicators vary by phone and carrier, but common signs include:
There is no universal display, so not every phone will display a verification badge. However, carriers are steadily expanding visual indicators to help people recognize authenticated calls and avoid illegal spoofing.
STIR/SHAKEN does not affect call quality because it works at the signaling level rather than touching the audio stream. The framework adds a cryptographic signature to the caller ID, allowing carriers to verify identity before connecting a call, without introducing latency or altering the media.