Identity Assurance

What do your customers do when they receive a phone call from someone they do not know or a number they do not recognize? Perhaps they answer it, but far more likely they reject it, send it to voice mail, or just ignore it. In our current telecommunications world, everyone does this, because they are barraged by spam and robocalls and assume the worst – someone wants to pitch something I do not need or want, or this will be an attempt to defraud me.

It would be way more useful, if your customers knew, in real-time, on a per call-basis, that the incoming call was from a legitimate source, for legitimate purpose, and had no malicious intent? Accomplishing this is what we call Identity Assurance.

To properly provide identity assurance on a real-time, per-call basis, three attributes need to be known:

  • Identity – who is the originator?
  • Reputation – is this someone I want to talk to?
  • Trust context – where did the call originate and where will it terminate?

Identity Assurance in Real-Time

Identity

The good news is there is a tremendous amount of information available that can be used to determine identity. These include sources such as:

  • Known subscriber numbers - identified by the originating network operator
  • Do Not Originate Lists – known numbers that will never originate calls
  • Un-assigned numbers - from industry databases and from individual network operator databases
  • Invalid calling numbers – based on national/international telephone numbering plans, these are numbers that can be screened out in call processing
  • Known fraud and spam numbers - from 3rd party databases and from individual network operator databases (blocked numbers)
  • STIR/SHAKEN attestation – information provided by the originating network provider signing the identity of originating caller

The bad news is caller identity does not address caller intent, so it is possible to have legitimate numbers with a valid identity, but still have calls with malicious intent.

Reputation

In the United States, everyone with a US-issued credit card has likely heard of a FICO score, a measure of consumer credit risk that is a fixture of consumer lending. Imagine a reputation score that measures caller intent, that would be the equivalent of a FICO score. The better the score, the more reputable the call is likely to be.

To use a reputation as part of identity assurance, it is paramount to be accurate. If you get the reputation of caller wrong, the value of the score might be worthless. This applies in both directions – too good and too bad. What happens when the reputation is too good, but it should be worse, you might not know when to reject calls from that source? Or what happens when the reputation is too bad, but it should be better, so the terminating end knows they want to accept calls.

stir-shaken-reputation-phone

Trust Context

Simply put, trust context is a measure of the match between the call origination information how the call enters the terminating service provider’s network. To understand trust context you need to know about the originator’s location, where the call enters your network, and what information you have about the originating caller.

For example, is the call coming from:

  • A known subscriber on a local network interface? These should always be verified as trusted
  • A known subscriber from a peering partner? These might be trusted or they might be spoofed
  • An unknown subscriber from an international carrier? This will not be verified and could be spoofed

Ribbon Call Trust Video

Ribbon Call Trust

As part of Ribbon Call Trust, our session border controllers, gateways, centralized policy server, and our call controllers have additional features to support STIR/SHAKEN. In addition, one new product and two new Ribbon hosted services have been introduced:

  • Ribbon Secure Telephone Identity (STI) This is a complete call authentication, signing, and verification solution to prevent caller ID spoofing in real-time. It is compliant with ATIS-1000082 and RFC8224/8225/8226 that can be deployed in a service provider’s network
  • Ribbon hosted services for STIR/SHAKEN and Reputation Scoring. Both of these services are enabled by Ribbon Identity Hub, our cloud-native SaaS platform.
    • STIR/SHAKEN as a Service. A complete call authentication, signing, and verification solution to prevent caller ID spoofing in real-time. It is compliant with ATIS-1000082 and RFC8224/8225/8226
    • Reputation Scoring. Provides multi-dimensional reputation scores and guidance for call treatment in real-time, on a per-call, basis to mitigate telephony fraud, nuisance, and robocalls. Reputation scoring can be provided for call termination in both IP and TDM networks
    • These hosted services are offered by Ribbon in a standard SaaS model where the service is consumed on a usage basis