The STIR/SHAKEN framework requires the originating voice service provider to attest to a subscriber’s identity using digital “certificates” that can only be issued through a neutral governance system (“iConnective”). Every time an originating voice service provider originates an authenticated call, it transmits the location of its certificate in the Identity header, allowing the Called Party carrier, the verification service, to acquire the public key and verify the caller ID information. Ultimately providing certainty that the public key is truly associated with the voice service provider that originated the call.

Modern VoIP telephone networks utilizes Session Internet Protocol (”SIP”) to transmit and receive voice calls. Unlike Legacy telephone networks which rely upon the last mile (“an actual wire point to point”) to deliver or originate voice services, modern voice networks only need access to the internet, from anywhere. IP addresses can be spoofed or hidden behind proxies’. As a result, it is extremely difficult for regulators to track criminals who break existing telemarketing and Caller ID laws attempting to commit a fraud. SHAKEN is a new SIP framework that expands the meta data contained in every voice call to allow regulators to identify a call originator

Once an originating voice service provide becomes an authorized STIR/SHAKEN provider, they’ll receive a certificate that contains a unique public key, among other components. The certificate states, in essence, that (i) the voice service provider is that which it claims to be; (ii) the voice service provider is authorized to authenticate the caller ID information; and (iii) the voice service provider’s claims about the caller ID information it is authenticating can thus be trusted. Additionally, the SHAKEN specification allows an originating voice service provider to provide different “levels” of attestation.

Called party carriers will block calls, at an end-users request, that are not signed (Attested). Most wireless and cable providers are already passing Attestations between themselves. Verizon and AT&T wireless both have ‘check marks” next to recent calls on their customer devices. Look at your cell phone and you will see some of your incoming calls are already marked as verified (Attested to). As the number of Attested calls traversing the network increase, carriers will start to increase block and label decisions based on SHAKEN. On January 6, 2020 the Traced Act was signed into law and states: “The FCC must require voice service providers to implement the STIR/SHAKEN authentication framework on all IP networks and to take reasonable measures to implement an effective call authentication framework on all non-IP networks by June 2021. To be clear the extended timeline is to accommodate old wireline networks – the wireless community is for the most part, SHAKEN. The FCC has publicly released major carriers commitments and time lines. Over the next year and half as full adoption by the wireline carriers is realized, order will be restored to the telecom infrastructure and cell phone users will once again answer calls in confidence. The guiding principle behind this new framework requires authorized SHAKEN Service Providers (aka Telephone Companies) to digitally sign their customers’ calls and most importantly, know who their customers are. Regulators will have easy access identifying the origin of any call because the SHAKEN digital signature will provide the required information. Any carrier, who fails to identify who their customer is, would be subject to losing their ability to sign future calls.

Specifically, the voice service provider can indicate that (i) it can confirm the identity of the subscriber making the call, and that the subscriber is using its associated telephone number (“full” or “A” attestation); (ii) it can confirm the identity of the subscriber but not the telephone number (“partial” or “B” attestation); or merely that (iii) it is the point of entry to the IP network for a call that originated elsewhere, such as a call that originated abroad or on a domestic network that is not STIR/SHAKEN-enabled (“gateway” or “C” attestation). To maintain trust in the voice service providers that vouch (“TrustedCaller™”) for caller ID information, the STIR/SHAKEN framework uses digital “certificates” issued through a neutral governance system (“iConnective”). The framework requires that each voice service provider receive its own certificate that contains, among other components, that voice service provider’s public key, and states, in essence, that (i) the voice service provider is that which it claims to be; (ii) the voice service provider is authorized to authenticate the caller ID information; and (iii) the voice service provider’s claims about the caller ID information it is authenticating can thus be trusted.