October 23, 2019

One Year Later, and SHAKEN/STIR is at Your Doorstep

| |

Shaken/Stir Call Authentication

In November 2018, the FCC announced new plans to tackle robocalls — SHAKEN/STIR. This framework validates phone calls that pass through American phone networks and enables carriers to verify calls. This, in theory, should limit nuisance callers. So far, so good, right? But, one year on, what are the latest developments? And how will SHAKEN/STIR impact YOUR business? Read on to find out.

The Story So Far

Ajit Pai, the FCC Chairman, requested carriers to complete arrangements for the SHAKEN/STIR framework by 2020.

“American consumers are sick and tired of unwanted robocalls, this consumer among them,” he said at the time. “Caller ID authentication will be a significant step towards ending the scourge of spoofed robocalls. It’s time for carriers to implement robust caller ID authentication.”

By the end of 2018, most carriers had submitted outlines for implementation.

AT&T, for example, conducted field and lab tests at the end of last year and completed the first two phases of network build out in early 2019. The company plans to fully implement SHAKEN/STIR at some point in 2020.

Other carriers that submitted plans to the FCC in November of last year include:

  • Bandwidth Inc.
  • CenturyLink
  • Charter Communications
  • Comcast Corporation
  • Cox Communications
  • Frontier Communications
  • Google LLC
  • Sprint
  • TDS Telecommunications LLC
  • T-Mobile USA, Inc.
  • U.S. Cellular Corp
  • Verizon
  • Vonage Holdings Corp.


At the Robocall Summit in July, industry leaders provided updates on the challenges surrounding this new technology.

The standard will not be foolproof, and it could still flag genuine callers as scammers. Plus, this technology won’t put an end to robocalls for good but, instead, it will help deter scammers and other nuisance callers.

Network Capabilities

Then there are problems associated with the rollout. SHAKEN/STIR requires modern phone systems like 4G to work properly, which means some landline users won’t benefit from this technology.

Still, the framework is definitely a step in the right direction:

“Robocalls are the No. 1 consumer complaint to the FCC. Americans received 4.5 million robocalls per day just in the first half of July, according to the Federal Trade Commission,” says Phys.org. “Robocall software is cheap and easy to operate, making it a simple way to scam people out of thousands of dollars.”

Safe Harbor Clause

Industry leaders at the Robocall Summit also deliberated whether voice service providers that currently use call blocking programs deserve safe harbor.

“The safe harbor is seen as an incentive for voice service providers to implement the SHAKEN/STIR call authentication framework by the FCC’s deadline of the end of this year without enacting further rule making to require them to do so,” says ACA International.

How Will It Work?

SHAKEN/STIR will verify calls with a certificate that proves the call is originating from a genuine and authentic source. This will help to identify potential call spoofing and block it before the call connects.

Caller ID Authentication

The process begins with a SIP invite from the outbound call, the service provide then determines the attestation level of the call and generates a SIP Identity header through the authentication service. The SIP Identity header is then passed to the terminating phone service provider along with an identity token. Authentication of the Identity header is checked against the certificate’s public key on the verification service. Once the verification is confirmed the call will be connected to the intended party.

Of course, this technology won’t block all robocallers from contacting people, but it will prevent caller ID spoofing which many scammers use to appear more legitimate. The framework also tracks where calls originate, which will help carriers identify scammers.

SHAKEN/STIR Authentication Process

SHAKEN/STIR Authentication

1. Call source (Telephone or VoIP system) sends A SIP INVITE to originating service provider.

2. Originating service provider checks the phone number and call source to determine an Attestation level. The SIP INVITE is sent to the Authentication service.

  • Full Attestation: The service provider has authenticated that the caller is authorized to use the calling number. (EX: Provider’s Softswitch)
  • Partial Attestation: The service provide has authenticated the origination of the caller from their service but is unable to verify their authorization to use the calling number. (EX: PBX Systems)
  • Gateway Attestation: The service provide has authenticated the call origin, but is unable to verify the call source. (EX: International Gateways)

3. Authentication service generates a SIP Identity Header and passes this back to the originating service provider.

SIP Identity Header contains:

  • Calling and receiving phone numbers
  • Timestamp of call
  • Attestation level
  • Origin location of call
  • Authentication signature
  • Location of certificate repository
  • Encryption algorithm

4. SIP INVITE and SIP Identity Header are passed to the terminating service provider.

5. Terminating provider passes the SIP INVITE and Identity Header to their Verification service.

6. The verification service gets the digital certificate’s public key from the originating service provider. This is used to decode the encryption algorthim to analyze the SIP Identity Header in a multi-step verification.

7. Verification service passes their results to the terminating provider.

8. Call is completed passed from the terminating service provider to the destination number.

Latest Developments on SHAKEN/STIR

FCC Chairman Pai responded to the current SHAKEN/STIR developments in August and highlighted the progress made by AT&T, T-Mobile, and Comcast:

“I’m pleased with the progress being made to implement SHAKEN/STIR, and I thank the technical teams at AT&T, T-Mobile, and Comcast for helping to advance this important consumer protection effort,” he said.

“Implementation of SHAKEN/STIR is a crucial step in improving the accuracy of the caller ID information that consumers receive.”

Experts predict that other carriers will catch-up by the end of the year. However, since AT&T and T-Mobile alone make up around 51 percent of carriers in the United States (data from Q3, 2018), SHAKEN/STIR is likely to impact your business soon.

It’s important to check the reputation of your current outbound phone numbers before SHAKEN/STIR goes “live.” Using a service like Caller ID Reputation helps you scan your numbers to determine if they have already been flagged as “scam likely” and will make sure your business is ready for the new framework.

Timeline of FCC’s SHAKEN/STIR Announcements

May 14, 2018
Chairman Pai Welcomes Call Authentication Framework
November 5, 2018
Chairman Pai Demands Industry Adopt Protocols to End Illegal Spoofing
November 19, 2018
Carrier Responses to FCC Protocols
February 13, 2019
Chairman Pai: Caller ID Authentication Necessary for Consumers in 2019
May 13, 2019
Chairman Pai Announces SHAKEN/STIR Robocall Summit for July
June 6, 2019
FCC Includes Conditional SHAKEN/STIR Mandate in Proposed Rules
Aug 14, 2019
Chairman Pai Statement on Progress by Major Phone Companies in Implementing Caller ID Authentication
Dec 31, 2019
TRACED Act signed into law to implement SHAKEN/STIR framework

See how Caller ID Reputation® can support your business!