STIR/SHAKEN

Illegal robocalls are currently the number one source of consumer complaints at the FCC. What was once an annoyance has become a plague to U.S consumers receiving billion of robocalls every month. In the United States, both the FCC, through rule-making, and Congress, through legislative initiatives, have been active to address this problem.  Below is a timeline and the highlights of these efforts.

Download Brochure

In 2019, the FCC issued a Declaratory Ruling clarifying that voice service providers may:

  • As the default, block calls based on call analytics that target unwanted calls, as long as their customers are informed and have the opportunity to opt out of the blocking.
  • Offer customers the option to block calls from any number that does not appear on a customer’s “white list” or contacts list, on an opt-in basis.

In conjunction with the Declaratory Ruling, the FCC issued a Third Further Notice that:

  • Proposes to create a safe harbor for voice service providers that block calls for which Caller ID authentication fails and seek comment on extending the safe harbor to the blocking of calls that are unsigned.
  • Proposes to require voice service providers that block calls to ensure that emergency calls reach consumers.
  • Seeks comment on protections and remedies for callers whose calls are erroneously blocked.

On December 31, 2019, the TRACED Act which was signed into law to specifically address the robocall problem. The law:

  • Gives the Federal Communications Commission (FCC) more authority to go after the scammers responsible for unwanted robocalls. It allows the FCC to go after scammers the first time they break the law and extends the statute of limitations by up to four years in some cases. It also ups the financial penalties against robocallers.
  • Encourages stronger Justice Department criminal prosecution of unlawful robocalls by requiring the FCC to provide the DOJ with evidence of criminal robocall violations.
  • Requires all carriers to eventually implement new technologies to authenticate caller-ID information, preventing call spoofing -- at no additional line-item cost to consumer.

On March 31, 2020, the FCC adopted rules requiring the implementation of STIR/SHAKEN:

  • All originating and terminating voice service providers to implement STIR/SHAKEN in the Internet Protocol (IP) portions of their networks by June 30, 2021
  • Take public comment on expanding the STIR/SHAKEN implementation mandate to cover intermediate voice service providers, extending the implementation deadline by one year for small voice service providers, and adopting requirements to promote caller ID authentication on voice networks that do not rely on IP technology

On September 29, 2020, the FCC issued their second order on STIR/SHAKEN that:

  • Expanded the STIR/SHAKEN requirements to include all voice service providers, including those considered as over-the-top providers
  • Granted a two-year for small operators (< 100,000 lines) to implement STIR/SHAKEN
  • Did not mandate a specific solution for applying STIR/SHAKEN to TDM networks, but rather continued to encourage the industry to solve this problem
  • Required service providers who do not implement STIR/SHAKEN to still implement an appropriate robocall mitigation program to prevent unlawful robocalls from originating on the network of the provider
  • Required intermediate carriers to pass STIR/SHAKEN information and to agree to participate in the traceback program

As the industry moves forward to implement STIR/SHAKEN, it is with the goal of ensuring calls can be properly authenticated, signed, and verified, in order to return trust to phone calls we all receive.

STIR/SHAKEN Standards

To overcome the influx of unwanted calls in the service providers network, the industry has created two new standards: STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs) standards. Together, these two standards, create the framework to ensure every SIP-signaled call has a certificate of authenticity attached to it — a digital signature — that allows service providers verify caller ID to mitigate unwanted robocalls and prevents bad actors from using Caller ID spoofing. With STIR/SHAKEN, service providers can restoretheir end customer’s trust in validity of caller ID.

stir-shaken-sam-phones

Ribbon Support for STIR/SHAKEN

Service providers can choose between two Ribbon STIR/SHAKEN solutions:

settings_input_antenna

Service provider owned and deployed within the service provider’s network

cloud

Ribbon hosted STIR/SHAKEN
as a Service (S/SaaS)

Ribbon STIR/SHAKEN

Ribbon STIR/SHAKEN Solution Deployed By Service Provider

Ribbon SBCs, PSX, and GSX have been validated on their compliance with the caller authentication standards (“Secure Telephone Identity (STI) Test Plan” (TLT-2018-00010), and Authentication and Verification Services) developed by the Internet Engineering Task Force (IETF) and ATIS.

In an originating service provider's network Ribbon’s Call Controllers can attest to the originator’s identity and provide a tag the call accordingly before it sends a SIP invite to the SBC or GSX. The SBC or GSX will generate and pass an authorization request to the PSX. In turn, the PSX routes the authentication request to the STI function, whether that is provided by Ribbon or any certified 3rd party. Following STI authentication and signing, the PSX will receive signature information and pass that back to the SBC or GSX to be forward to the next network hop.

In the terminating service provider's network the SBC or GSX will generate a verification request and send it to the PSX to be forwarded to the STI function. Following STI signature verification, the PSX will receive the verification information and pass it back to the SBC or GSX. If the call terminates with a Ribbon Call Controller, it can do verification status reporting.

Both the SBC and the GSX have flexible handling of error conditions, e.g. “reject the call”, “continue with the call”, “continue with the call and remove Identity header” if signature verification fails.

call-trust-diagram

Ribbon STIR/SHAKEN as a Service

Select Ribbon’s S/SaaS solution to take advantage of a cloud-hosted managed service instead of implementing a STIR/SHAKEN-compliant Secure Telephone Identity product within your own network. With this solution, Ribbon takes care of all the STIR/SHAKEN authentication, signing, verification, and certificate repository services. The service provider’s only obligation is to have a Session Border Controller (SBC) for interworking with the Ribbon hosted service. This hosted service is offered by Ribbon in a standard SaaS model where the service is consumed on a usage basis.

Download Solution Brief

Ribbon-hosted-STIR-SHAKEN-Service

Controlled Networks chooses Ribbon STIR/SHAKEN