To overcome the influx of unwanted calls in the service providers network, the industry has created two new standards: STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs) standards. Together, these two standards, create the framework to ensure every SIP-signaled call has a certificate of authenticity attached to it — a digital signature — that allows service providers verify caller ID to mitigate unwanted robocalls and prevents bad actors from using Caller ID spoofing. With STIR/SHAKEN, service providers can restoretheir end customer’s trust in validity of caller ID.
Ribbon Support for STIR/SHAKEN
Service providers can choose between two Ribbon STIR/SHAKEN solutions:
Ribbon STIR/SHAKEN Solution Deployed By Service Provider
Ribbon SBCs, PSX, and GSX have been validated on their compliance with the caller authentication standards developed by the Internet Engineering Task Force (IETF) and the Alliance for Telecommunications Industry Solutions (ATIS).
In an originating service provider's network Ribbon’s Call Controllers can attest to the originator’s identity and provide a tag the call accordingly before it sends a SIP invite to the SBC or GSX. The SBC or GSX will generate and pass an authorization request to the PSX. In turn, the PSX routes the authentication request to the STI function, whether that is provided by Ribbon or any certified 3rd party. Following STI authentication and signing, the PSX will receive signature information and pass that back to the SBC or GSX to be forward to the next network hop.
In the terminating service provider's network the SBC or GSX will generate a verification request and send it to the PSX to be forwarded to the STI function. Following STI signature verification, the PSX will receive the verification information and pass it back to the SBC or GSX. In addition, the PSX can instruct the SBC or the GSX to perform a specific call validation treatment, based on the verification information.
Both the SBC and the GSX have flexible handling of error conditions, e.g. “reject the call”, “continue with the call”, or “continue with the call and remove Identity header” if signature verification fails. And if the call terminates with a Ribbon Call Controller, it too will provide verification status reporting.
Ribbon STIR/SHAKEN as a Service
Select Ribbon’s S/SaaS solution to take advantage of a cloud-hosted managed service instead of implementing a STIR/SHAKEN-compliant Secure Telephone Identity product within your own network. With this solution, Ribbon takes care of all the STIR/SHAKEN authentication, signing, verification, and certificate repository services. The service provider’s only obligation is to have a Session Border Controller (SBC) for interworking with the Ribbon hosted service. As part of the response to the SBC, Ribbon’s S/SaaS can instruct the SBC to perform a specific call validation treatment, based on the verification information.
This hosted service is offered by Ribbon in a standard SaaS model where the service is consumed on a usage basis.