STIR/SHAKEN

Illegal robocalls are currently the number one source of consumer complaints at the FCC. What was once an annoyance has become a plague to U.S consumers receiving billion of robocalls every month. Both the FCC, through rule-making, and Congress, through legislative initiatives, have been active to address this problem.

In 2019, the FCC issued a Declaratory Ruling clarifying that voice service providers may:

  • As the default, block calls based on call analytics that target unwanted calls, as long as their customers are informed and have the opportunity to opt out of the blocking.
  • Offer customers the option to block calls from any number that does not appear on a customer’s “white list” or contacts list, on an opt-in basis.

In conjunction with the Declaratory Ruling, the FCC issued a Third Further Notice that:

  • Proposes to create a safe harbor for voice service providers that block calls for which Caller ID authentication fails and seek comment on extending the safe harbor to the blocking of calls that are unsigned.
  • Proposes to require voice service providers that block calls to ensure that emergency calls reach consumers.
  • Seeks comment on protections and remedies for callers whose calls are erroneously blocked.

On December 31, 2019, the TRACED Act which was signed into law to specifically address the robocall problem. The law:

  • Gives the Federal Communications Commission (FCC) more authority to go after the scammers responsible for unwanted robocalls. It allows the FCC to go after scammers the first time they break the law and extends the statute of limitations by up to four years in some cases. It also ups the financial penalties against robocallers.

  • Encourages stronger Justice Department criminal prosecution of unlawful robocalls by requiring the FCC to provide the DOJ with evidence of criminal robocall violations.

  • Requires all carriers to eventually implement new technologies to authenticate caller-ID information, preventing call spoofing -- at no additional line-item cost to consumer.

As the industry moves forward to implement STIR/SHAKEN, it is with the goal of ensuring callers can be properly authenticated and verified, in order to return trust to phone calls we all receive. 

STIR/SHAKEN Standards

To overcome the influx of unwanted calls in the service providers network, the industry has created two new standards: STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs) standards.  Together, these two standards, create the framework to ensure every SIP-signaled call has a certificate of authenticity attached to it — a digital signature — that allows service providers verify caller ID to mitigate unwanted robocalls and prevents bad actors from using Caller ID spoofing.  With STIR/SHAKEN, service providers can restore their end customer’s trust in validity of caller ID.

Ribbon Support for STIR/SHAKEN

Service providers can choose between two Ribbon STIR/SHAKEN solutions:

 
  • Service provider owned and deployed within the service provider’s network
  • Ribbon hosted STIR/SHAKEN as a Service (S/SaaS)
 

Ribbon STIR/SHAKEN

Ribbon STIR/SHAKEN Solution Deployed By Service Provider

Ribbon SBCs, PSX, and GSX have been validated on their compliance with the caller authentication standards (“Secure Telephone Identity (STI) Test Plan” (TLT-2018-00010), and Authentication and Verification Services) developed by the Internet Engineering Task Force (IETF) and ATIS.

In an originating service provider's network Ribbon’s Call Controllers can attest to the originator’s identity and provide a tag the call accordingly before it sends a SIP invite to the SBC or GSX.  The SBC or GSX will generate and pass an authorization request to the PSX.  In turn, the PSX routes the authentication request to the STI function, whether that is provided by Ribbon or any certified 3rd party.  Following STI authentication and signing, the PSX will receive signature information and pass that back to the SBC or GSX to be forward to the next network hop. 

In the terminating service provider's network the SBC or GSX will generate a verification request and send it to the PSX to be forwarded to the STI function.  Following STI signature verification, the PSX will receive the verification information and pass it back to the SBC or GSX.  If the call terminates with a Ribbon Call Controller, it can do verification status reporting.

Both the SBC and the GSX  have flexible handling of error conditions, e.g.  “reject the call”, “continue with the call”, “continue with the call and remove Identity header” if signature verification fails.  

Ribbon Identity Hub

Ribbon Call Trust

Ribbon STIR/SHAKEN as a Service

Select Ribbon’s S/SaaS solution to take advantage of an “all operations expense” model. With this solution, Ribbon takes care of all the Authentication and Verification functions as a managed service.  The service provider’s only obligation is to have a Session Border Controller (SBC) for interworking.  S/SaaS is purchased as a monthly subscription.

STIR/SHAKEN as a Service Solution Brief

 

Ribbon-hosted-STIR-SHAKEN-Service