The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel The pixel

Restoring Confidence in Caller ID with STIR/SHAKEN

STIR/SHAKEN, acronyms for the Secure Telephone Identity Revisited (STIR), and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) is an industry-wide framework of standards to help ensure caller ID information is accurate. STIR/SHAKEN requires telecom providers to digitally validate all calls crossing their interconnected networks to verify that they are, in fact, originating from the number displayed on caller ID. STIR/SHAKEN makes it significantly more difficult for scammers to illegally spoof a caller ID and gives Americans confidence their call is coming from a legitimate source before they answer the phone.

How Does STIR/SHAKEN Work?

STIR/SHAKEN uses digital certificates from a trusted certificate authority to determine the validity of the calling number and assign an attestation level:

  • A) – Full Attestation: The service provider has authenticated the calling party, and they are authorized to use the calling number.
    Example: Telephone numbers verified and registered with the originating service provider.
  • (B) – Partial Attestation: The service provider has authenticated the call origination but can’t verify they are authorized to use the calling number
    Example: Telephone numbers behind an enterprise PBX that are not registered with the provider.
  • (C) – Gateway Attestation: The service provider has authenticated from where it received the call but can’t authenticate the call source
    Example: Calls received from an international gateway.


When a call is originated, an encrypted identity header containing the attestation level is created and added to the SIP invite. The terminating service provider decodes the header and decides how to handle the call based on the attestation level. For example, they could add a notification to the caller ID indicating the number has been validated or that this call is possible spam, or drop the call altogether, depending on the attestation level.

Preparing for STIR/SHAKEN

The FCC is requiring all providers across the US to implement STIR/SHAKEN by the end of June 2021. It is your responsibility to make sure your DID numbers are signed, and outgoing calls are being sent correctly to reduce the chances they will be treated like spam after that date. Strategies for preparing for STIR/SHAKEN include:

  • Evaluate your environment’s capacity for supporting STIR/SHAKEN requirements. Ensure it is up to date from both a hardware and software standpoint and is able to generate and transmit attestation tokens.
  • Inventory the phone numbers you use to make outgoing calls to determine which numbers are associated with each of your SIP trunks.
  • Verify which carriers own your numbers and confirm the numbers go out/come in on circuits owned by that carrier.
  • Assess your outbound calling for scenarios STIR/SHAKEN might impact. For example, substituting extension/DID numbers with a generic call-back number to hide the caller’s identity and prevent recipients from calling them directly.
  • Contact your carriers and service providers before the end of June 2021 to get their take on how STIR/SHAKEN will affect your services.
  • Working with a trusted technology provider with signing authority to ensure your calls will be more likely to receive an “A” attestation rating.
  • Test outbound calls on particular trunk groups with particular Caller IDs to confirm they are assigned the proper attestation. Validate your phone numbers with multiple carriers and their analytics partners.


Are You Ready for STIR/SHAKEN?

Reach out to a trusted partner now instead of waiting until it’s too late. Cerium Networks can help you overcome the challenges and risks of implementing STIR/SHAKEN. We work with you and your carriers to help you achieve the highest attestation levels and ensure your outbound phone calls continue working normally after June 2021.

Recent Posts

PuTTY SSH Client Flaw

CVE-2024-31497 is a vulnerability in PuTTY versions 0.68 through 0.80. PuTTY is a popular open-source terminal emulator, serial console, and network file transfer application that

Read More »


“Darcula” represents a new breed of Phishing-as-a-Service (PaaS) posing a serious threat to both Apple and Android users. This sophisticated attack leverages encrypted text messages

Read More »
For Emergency Support call: (877) 423-7486
For other support requests or to access your Cerium 1463° portal click here
Stay in the Know

Stay in the Know

Don't miss out on critical security advisories, industry news, and technology insights from our experts. Sign up today!

You have Successfully Subscribed!