STIR/SHAKEN, a framework of interconnected call authentication standards and protocols that provides a secure way to authenticate and validate caller identity. It works effectively for calls that are carried over Internet Protocol (IP) networks. These interconnected standards are based on universal public key cryptography techniques that help to stop illegal caller ID spoofing. This ensures the authenticity of an IP phone call. A large number of telecommunications companies throughout the world have already started implementing this framework to enhance their brand trust among their customers.
What is caller ID spoofing?
Caller ID spoofing is an illegal practice used by robocalls to hide their identity. It usually shows that the call comes from an authentic source, usually a nearby phone number with the same area code and exchange or from a well-renowned company. Caller ID spoofing can become a common activity, especially for calls originating from voice-over-IP (VoIP) systems, which can be placed anywhere globally.
With the use of caller ID authentication technology, organizations can easily overcome caller ID spoofing. The technology helps subscribers to trust the authentication or genuineness of callers. Thus, it helps to reduce the effectiveness of deceptively spoofed calls. The STIR/SHAKEN framework is one such industry-standard caller ID authentication technology that plays an important role in protecting people from scams via spoofed robocalls. It confines the ability of spammers to illegitimately spoof a caller ID, which they use to trap people into answering their phones. Besides this, the caller ID authentication technology allows consumers and legal entities to identify and determine the source of unlawful robocalls easily. This further lets them reduce the occurrence and impact of such illegal calls.
With the help of STIR/SHAKEN, phone calls can be verified and signed using digital certificates. This helps to detect spoofed calls by identifying and displaying them on caller ID so that spoofed calls can be stopped before they reach customers. As more and more people implement this caller ID authentication technology, it helps increase people’s confidence that the information they receive about the caller ID is accurate. Also, allowing voice service providers to offer supportive information to their consumers about which calls they should answer.
Let’s look at STIR and SHAKEN in detail.
What is STIR?
STIR is a short form of Secure Telephony Identity Revisited. It is simply a protocol that provides information about the calling party within a digital signature. A number of telephone service providers use this protocol to provide a certificate of legitimacy to every phone call. It largely emphasizes the end device and permits the digital signature to be produced and verified in various locations.
What is SHAKEN?
SHAKEN is a short form of Secure Handling of Asserted information using Tokens. It mainly emphasizes how STIR can be executed within a carrier’s networks.
When used together, STIR/SHAKEN acts as a blockchain for phone calls. They produce a unique digital signature attached to the user’s device that’s more difficult to trick than caller ID. When the user initiates a call, their number automatically gets a certificate. When the call passes via the user’s phone carrier, it verifies the certificate for authenticity. This certificate ensures that the call is coming from the verified phone number.
Key Benefits of STIR/SHAKEN
Some of the key benefits of STIR/SHAKEN for consumers and brands can be summarized as:
- Helps to Stop and block spam calls: The framework helps to alert users regarding a fraudulent phone call. Thus, it helps in protecting their important information as well as time.
- Allow brands to win customer’s trust: Customers can easily verify a brand’s number via STIR/SHAKEN, which builds trust between the brand and customers. Thus allowing customers to receive authenticated communication from a particular brand.
- Generate improved information: With STIR/SHAKEN in place, users can easily determine where the calls start. This allows them to prevent answering calls from spammers worldwide.
How does STIR/SHAKEN work?
Here is a step-wise overview of how STIR/SHAKEN work. Have a look:
- When a call is placed, a SIP invite is received by the originating service provider.
- The originating service provider then authenticates the call source and number to decide how to validate legitimacy. This is done in diverse ways, such as:
- Full Attestation: In the case of full attestation, the service provider validates the calling party and verifies they are certified to use this number.
- Partial Attestation: In the case of partial attestation, the service provider confirms the origin of the call but cannot validate that the call source is authorized to use the calling number.
- Gateway Attestation: Here, the service provider confirms the call’s origin but cannot verify the source.
- In the next step, the originating service provider creates a SIP identity header comprising details about the calling number, number dialed, attestation level, and call origination, together with the certificate.
- All these things, including the SIP invite, the SIP identity header, and the certificate, are sent to the destination service provider.
- The destination service provider thoroughly authenticates the identity of the header and certificate.
In all, STIR/SHAKEN is an excellent caller ID authentication technology that digitally authorizes the origination of phone calls passing through the complex web of networks. The phone service providers can use this technology to let their customers know that the call comes from the number shown on the caller ID.