STIR/SHAKEN Compliance
Full implementation of STIR/SHAKEN protocols for caller ID authentication. Supports all attestation levels (A, B, C) with integrated verification systems.
Understanding STIR/SHAKEN
STIR
Secure Telephone Identity Revisited (STIR) creates a digital signature that certifies the calling number's authenticity. This signature proves the originating carrier authorized this calling number for this call.
- • Digital identity certificate for each call
- • Cryptographic signing of caller identity
- • Originating carrier verification
- • Non-repudiation of call origin
SHAKEN
Signature Handling Authenticated idenTity (SHAKEN) is the technology that delivers and validates the STIR signature tokens. It enables verification of caller identity across network boundaries.
- • Token delivery mechanism
- • Signature validation protocol
- • Network interoperability
- • Call routing with attestation
Why STIR/SHAKEN Matters
The FCC mandates STIR/SHAKEN implementation as part of a comprehensive robocall mitigation framework. By implementing STIR/SHAKEN, carriers can:
- Prevent caller ID spoofing - the primary vector for robocalls and fraud
- Authenticate legitimate callers - building customer trust
- Meet FCC regulatory requirements - avoid penalties and maintain operating authority
Attestation Levels
Full Attestation
Highest level of verification
The originating carrier has comprehensive knowledge of the calling number's ownership and authorization. The carrier can verify the customer's identity and confirm proper authorization for the call.
Use cases: Calls originating from known customers on the originating carrier's network
Requirements: Direct customer relationship and identity verification
Partial Attestation
Intermediate verification level
The carrier has partial knowledge of the calling number but cannot establish the complete chain of custody. This occurs when calls pass through intermediate carriers or when partial verification is possible.
Use cases: Calls from known upstream providers or partners
Requirements: Trust relationships with intermediate providers
Gateway Attestation
Network gateway verification
The call originated from outside the carrier's network, often from international sources or unknown providers. The carrier can only attest to receiving the call from a particular gateway.
Use cases: International calls, calls from unknown sources
Requirements: Gateway trust relationships and source verification
Implementation Framework
Originating Side
- • Generate STIR tokens for outgoing calls
- • Sign with originating network certificate
- • Attach identity header to SIP messages
- • Manage certificate lifecycle
Terminating Side
- • Validate STIR signatures on incoming calls
- • Verify identity header authenticity
- • Store attestation level for analytics
- • Block or flag invalid signatures
Certificate Management
Proper certificate management is critical for STIR/SHAKEN implementation:
- • Obtain certificates from FCC-approved Certificate Authorities
- • Maintain secure key storage and management
- • Implement regular certificate rotation
- • Monitor certificate expiration and renewal
- • Support revocation and emergency procedures
Technical Specifications
RFC Standards
- • RFC 8224: Authenticated Identity Management in the Session Initiation Protocol (SIP) Identity Header
- • RFC 8225: Session Initiation Protocol (SIP) Identity and Proxy Authentication Service URI
- • RFC 8226: Session Initiation Protocol (SIP) Secure Telephone Identity Credentials
SIP Header Modifications
STIR/SHAKEN adds new SIP headers to every call:
- • Identity: Contains signed identity token
- • Identity-Info: URI pointing to the certificate used for signing
Cryptographic Standards
- • Algorithm: RS256 (RSA with SHA-256)
- • Key Size: 2048-bit minimum RSA keys
- • Token Format: JSON Web Token (JWT)
- • Encoding: Base64URL encoding for tokens