Identity Assurance

What do your customers do when they receive a phone call from someone they do not know or a number they do not recognize? Perhaps they answer it, but far more likely they reject it, send it to voice mail, or just ignore it. In our current telecommunications world, everyone does this, because they are barraged by spam and robocalls and assume the worst – someone wants to pitch something I do not need or want, or this will be an attempt to defraud me.

It would be way more useful, if your customers knew, in real-time, on a per call-basis, that the incoming call was from a legitimate source, for legitimate purpose, and had no malicious intent? Accomplishing this is what we call Identity Assurance.

To properly provide identity assurance on a real-time, per-call basis, three attributes need to be known:

  • Identity – who is the originator?
  • Reputation – is this someone I want to talk to?
  • Trust context – where did the call originate and where will it terminate?

Identity Assurance in Real-Time

Identity

The good news is there is a tremendous amount of information available that can be used to sanity check identity. These include sources such as:

  • Known subscriber numbers - identified by the originating network operator
  • Do Not Originate Lists – known numbers that will never originate calls
  • Un-assigned numbers - from industry databases and from individual network operator databases
  • Invalid calling numbers – based on national/international telephone numbering plans, these are numbers that can be screened out in call processing
  • STIR/SHAKEN attestation – information provided by the originating network provider signing the identity of originating caller

The bad news is caller identity does not address caller intent, so it is possible to have legitimate numbers with a valid identity, but still have calls with malicious intent.

Reputation

In the United States, everyone with a US-issued credit card has likely heard of a FICO score, a measure of consumer credit risk that is a fixture of consumer lending. Imagine a reputation score that measures caller intent, that would be the equivalent of a FICO score. The better the score, the more reputable the call is likely to be.

To use a reputation as part of identity assurance, it is paramount to be accurate. If you get the reputation of caller wrong, the value of the score might be worthless. This applies in both directions – too good and too bad. What happens when the reputation is too good, but it should be worse, you might not know when to reject calls from that source? Or what happens when the reputation is too bad, but it should be better, so the terminating end knows they want to accept calls.

stir-shaken-reputation-phone

Trust Context

Simply put, trust context is a measure of the match between the call origination information how the call enters the terminating service provider’s network. To understand trust context you need to know about the originator’s location, where the call enters your network, and what information you have about the originating caller.

For example, is the call coming from:

  • A known subscriber on a local network interface? These should always be verified as trusted
  • A known subscriber from a peering partner? These might be trusted or they might be spoofed
  • An unknown subscriber from an international carrier? This will not be verified and could be spoofed

Ribbon Call Trust® Overview

Ribbon Call Trust® Overview

Ribbon Call Trust® is a complete solution for the implementation of STIR/SHAKEN and Reputation Scoring for Robocall Mitigation.  It encompasses the following:

  • Functions on our core network products: session border controllers; gateways; centralized policy server; and our call controllers, that interwork with STIR/SHAKEN and/or Reputation Scoring
  • A complete Ribbon Secure Telephone Identity (STI) solution for caller identity authentication, signing, verification and certificate management that can be deployed within a service provider’s network
  • Ribbon Identity Hub, our cloud-native SaaS platform that delivers Ribbon’s STIR/SHAKEN as a Service and Reputation Scoring service.
    • STIR/SHAKEN as a Service. The same complete solution for caller identity authentication, signing, verification and certificate management, only offered as a subscription service
    • Reputation Scoring service. Provides multi-dimensional reputation scores and guidance for call treatment on a real-time, per-call basis for originating and terminating robocall mitigation. Reputation scoring can be provided for IP and TDM networks