STIR/SHAKEN, acronyms for the Secure Telephone Identity Revisited (STIR), and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) is an industry-wide framework of standards to help ensure caller ID information is accurate. STIR/SHAKEN requires telecom providers to digitally validate all calls crossing their interconnected networks to verify that they are, in fact, originating from the number displayed on caller ID. STIR/SHAKEN makes it significantly more difficult for scammers to illegally spoof a caller ID and gives Americans confidence their call is coming from a legitimate source before they answer the phone.
How Does STIR/SHAKEN Work?
STIR/SHAKEN uses digital certificates from a trusted certificate authority to determine the validity of the calling number and assign an attestation level:
- A) – Full Attestation: The service provider has authenticated the calling party, and they are authorized to use the calling number.
Example: Telephone numbers verified and registered with the originating service provider.
- (B) – Partial Attestation: The service provider has authenticated the call origination but can’t verify they are authorized to use the calling number
Example: Telephone numbers behind an enterprise PBX that are not registered with the provider.
- (C) – Gateway Attestation: The service provider has authenticated from where it received the call but can’t authenticate the call source
Example: Calls received from an international gateway.
When a call is originated, an encrypted identity header containing the attestation level is created and added to the SIP invite. The terminating service provider decodes the header and decides how to handle the call based on the attestation level. For example, they could add a notification to the caller ID indicating the number has been validated or that this call is possible spam, or drop the call altogether, depending on the attestation level.
Preparing for STIR/SHAKEN
The FCC is requiring all providers across the US to implement STIR/SHAKEN by the end of June 2021. It is your responsibility to make sure your DID numbers are signed, and outgoing calls are being sent correctly to reduce the chances they will be treated like spam after that date. Strategies for preparing for STIR/SHAKEN include:
- Evaluate your environment’s capacity for supporting STIR/SHAKEN requirements. Ensure it is up to date from both a hardware and software standpoint and is able to generate and transmit attestation tokens.
- Inventory the phone numbers you use to make outgoing calls to determine which numbers are associated with each of your SIP trunks.
- Verify which carriers own your numbers and confirm the numbers go out/come in on circuits owned by that carrier.
- Assess your outbound calling for scenarios STIR/SHAKEN might impact. For example, substituting extension/DID numbers with a generic call-back number to hide the caller’s identity and prevent recipients from calling them directly.
- Contact your carriers and service providers before the end of June 2021 to get their take on how STIR/SHAKEN will affect your services.
- Working with a trusted technology provider with signing authority to ensure your calls will be more likely to receive an “A” attestation rating.
- Test outbound calls on particular trunk groups with particular Caller IDs to confirm they are assigned the proper attestation. Validate your phone numbers with multiple carriers and their analytics partners.
Are You Ready for STIR/SHAKEN?
Reach out to a trusted partner now instead of waiting until it’s too late. Cerium Networks can help you overcome the challenges and risks of implementing STIR/SHAKEN. We work with you and your carriers to help you achieve the highest attestation levels and ensure your outbound phone calls continue working normally after June 2021.