April 26, 2023

How Out-of-Band SHAKEN Bridges the Technology Gap

How Out-of-Band SHAKEN Bridges the Technology Gap

The reputation of STIR/SHAKEN is mixed among those in the industry and members of the general public. However, this framework did revolutionize how call authentication works. The overall goal was to stop call spoofing and implement call authentication solutions that restored consumer trust.

The technology has been partially successful. However, it has some limitations for PSTN networks that don’t relay SIP information. In short, too many robocalls and other illegitimate calls are getting through.

Problems with STIR/SHAKEN Integration

The STIR/SHAKEN framework works to authenticate wireless and VoIP calls, but it has difficulty applying the same technology to landline calls and smaller voice service providers. When wireless and VoIP calls relay information digitally, a SIP header is used to transmit authentication certificate information. Unfortunately, these headers do not exist in landline technology. Full STIR/SHAKEN implementation can only take place once the industry finds a way to authenticate traditional landline calls.

Smaller voice service providers also face the challenges of upgrading their software and equipment to verify and generate SHAKEN tokens. The cost of doing so is often prohibitive, but these providers face other difficulties. Their tokens are sometimes blocked by soft switches within the provider network or simply lost en route to the terminating carrier. Also, small rural service providers have to count on TDM interconnects that are not able to relay identity tokens. 

The FCC can set regulations and deadlines, but not every company or provider is able to meet them under current conditions. 

How Does Out-of-Band Call Authentication Work?

Out-of-Band SHAKEN bridges are one answer to these problems. Instead of using SIP headers, Out-of-Band call authentication implements identity tokens stored in a centralized database. This process allows for the authentication of parts of a call’s path that do not relay SIP information. In this way, more carriers and providers can use SHAKEN technology, which, in turn, makes it more effective. 

Integrating Out-of-Band solutions with STIR/SHAKEN’s current frameworks means that the original goals for the framework can be better met. Those carriers with all-SIP networks and interconnects would continue to use the original SHAKEN system. Those providers that must send or receive calls that travel across non-SIP segments would adopt Out-of-Band SHAKEN. 

The transition will not be abrupt, as service providers will be given enough time to transition to the Out-of-Band bridges properly.

3 Primary Components of Out-of-Band SHAKEN

The transition process to Out-of-Band SHAKEN solutions will require an update to the architecture of the current system. It will still rely on the existing STIR/SHAKEN framework but will extend the coverage to non-SIP portions of calls. The three primary components of Out-of-Band SHAKEN are: 

  • STI-CPS (Call Placement Service) – This service can receive a PASSporT from one service provider and allow another service provider to retrieve it. Usually, an STI-CPS will exist outside of the service provider’s own network, but it can exist anywhere.
  • STI-OOBS (Out-of-Band Service) – This service publishes PASSporTs to an STI-CPS, allowing providers to retrieve PASSporTs from the STI-CPS.
  • STI-IWF (Interworking Function) – An STI-IWF is a TDM-to-SIP gateway and is an optional service component. It translates TDM signaling into SIP signaling and SIP signaling into TDM signaling. This way the TDM switch can communicate with all STI-OOB, STI-AS, and STI-VS.

International Provisions

Currently, STIR/SHAKEN technology is only adopted by the U.S. and Canada. As a result, countries often rely on their own call placement service (CPS) when routing calls into the U.S. With these new bridges, an intermediate provider could use Out-of-Band SHAKEN standards to verify international calls. For instance, they would complete a call by retrieving the PASSporT from an STI-CPS in the U.S. national network and publish it to an STI-CPS on the terminating country’s national network.

Benefits of Adopting Out-of-Band Solutions

Currently, smaller carriers and voice service providers lose out when it comes to STIR/SHAKEN technology. In order to adopt this framework, many have to overhaul their current infrastructure and software, a complicated and expensive proposition. Not all calls on the PSTN relay SIP information, leaving some carriers and providers unable to relay call authentication information.

SHAKEN has allowed many robocalls, spam calls, and scam calls to continue to reach consumers. The industry has not reached full implementation of the existing framework and, without changes, full implementation will still allow bad actors to operate. Integrating an Out-of-Band SHAKEN solution will extend the coverage of call authentication, making the system more accurate and secure. Consumers will then be able to answer most calls with confidence. 

Improving Call Authentication

STIR/SHAKEN is nothing new, and while it has been somewhat effective in battling robocalls and other nuisance calls, too many still get through. In large part, these lapses are due to technology gaps with landline calls and small service providers. Out-of-Band SHAKEN promises to bridge those gaps and make call authentication more widespread and effective. It can help fulfill the promise of the original legislation.