Identity Assurance in Real-Time
The good news is there is a tremendous amount of information available that can be used to sanity check identity. These include sources such as:
- Known subscriber numbers - identified by the originating network operator
- Do Not Originate Lists – known numbers that will never originate calls
- Un-assigned numbers - from industry databases and from individual network operator databases
- Invalid calling numbers – based on national/international telephone numbering plans, these are numbers that can be screened out in call processing
- STIR/SHAKEN attestation – information provided by the originating network provider signing the identity of originating caller
The bad news is caller identity does not address caller intent, so it is possible to have legitimate numbers with a valid identity, but still have calls with malicious intent.
In the United States, everyone with a US-issued credit card has likely heard of a FICO score, a measure of consumer credit risk that is a fixture of consumer lending. Imagine a reputation score that measures caller intent, that would be the equivalent of a FICO score. The better the score, the more reputable the call is likely to be.
To use a reputation as part of identity assurance, it is paramount to be accurate. If you get the reputation of caller wrong, the value of the score might be worthless. This applies in both directions – too good and too bad. What happens when the reputation is too good, but it should be worse, you might not know when to reject calls from that source? Or what happens when the reputation is too bad, but it should be better, so the terminating end knows they want to accept calls.
Simply put, trust context is a measure of the match between the call origination information how the call enters the terminating service provider’s network. To understand trust context you need to know about the originator’s location, where the call enters your network, and what information you have about the originating caller.
For example, is the call coming from:
- A known subscriber on a local network interface? These should always be verified as trusted
- A known subscriber from a peering partner? These might be trusted or they might be spoofed
- An unknown subscriber from an international carrier? This will not be verified and could be spoofed
Addressing Caller ID Spoofing
Ribbon Call Trust® Overview
Ribbon Call Trust
Ribbon Call Trust® Overview
- Functions on our core network products: session border controllers; gateways; centralized policy server; and our call controllers, that interwork with STIR/SHAKEN and/or Reputation Scoring
- A complete Ribbon Secure Telephone Identity (STI) solution for caller identity authentication, signing, verification and certificate management that can be deployed within a service provider’s network
- Ribbon Identity Hub, our cloud-native SaaS platform that delivers Ribbon’s STIR/SHAKEN as a Service and Reputation Scoring service.
- STIR/SHAKEN as a Service. The same complete solution for caller identity authentication, signing, verification and certificate management, only offered as a subscription service
- Reputation Scoring service. Provides multi-dimensional reputation scores and guidance for call treatment on a real-time, per-call basis for originating and terminating robocall mitigation. Reputation scoring can be provided for IP and TDM networks