Why It is Important To Have a Switch that Support Stir Shaken

  Robox and telemarketing calls are currently the biggest source of consumer complaints. What was once a nuisance has become a plague for American consumers, with an estimated 16.3 billion robots received in the first five months of 2018. In May 2018, the American people received about 4 per person. Receive 4.1 billion robots or 12 calls. 

The FCC is encouraging service providers to offer call-blocking solutions that give users maximum control over the types of calls they receive. Call blocking is part of the RoboCall solution. Another section identifies bad actors who use robots to take advantage of unsuspecting users by using assigned numbers (forgery) to others. They use affordable and accessible technologies to identify their caller IDs and scam victims by offering IRS threats and loans or forging free travel.

Although many providers and third parties offer call blocking and caller identification authentication products, there is no one-size-fits-all solution that extends over wireless and wireless communication networks. To address these concerns, service providers are focusing their efforts on three key areas: source authentication as well as network and consumer deterrence tools. These solutions aim to protect users from unwanted calls and give them more control over incoming calls and text.

What is STIR/SHAKEN?

STIR / SHAKEN, or SHAKEN / STIR, is a protocol and procedure aimed at combating caller ID forgery on public telephone networks. Caller ID spoofing is used by robots to mask their identities or to show that the phone is from a legitimate source, often the same area code and the nearest phone number to be exchanged, or the Internal Revenue Service or Provincial police by well-known companies such as Ontario. This type of forgery is common for calls starting with Voice over-IP (VoIP) systems, which can occur anywhere in the world.

In short, Steer has been described by the Internet Engineering Task Force Working Group as a series of RFC standard documents for reviewing secure telephony identities. It works by adding a digital certificate to the Session Initiation Protocol information used to initiate and route calls to the VoIP system. The first public contact on the system, usually the VoIP service provider, checks the caller ID and compares it with the known list of IDs that they provide to the user. The provider then associates the SIP header with an encrypted certificate identifying the service provider and the trust value.

For non-VoIP systems like cell phones and landlines, call routing information is provided through SS7. In these cases, the SIP header is not directly useful because it cannot be sent to users unless they are on a VoIP connection. The purpose of the SHAKEN system is to minimize the information involved in signature-based handling with tokens. Shaken is a collection of guidelines for telephone networks with public switches that indicate how to deal with calls that contain incorrect or missing STR information. This may be in the form of additional information in the CNAM indicating caller ID information that the number has been declared fake, but the details have not been finalized.

By 2019, Chichen / STIR is a major ongoing effort in the United States, suffering from the "epidemic" of robots. Both the Canadian Radio and Television and Telecommunications Commission and the Federal Communications Commission are required to use the protocol by June 30, 2021.

The name is inspired by Ian Fleming's character James Bond, who famously prefers his Martins to "No Shake, No Shake". It already existed, Shakin's creators tortured the English language until they abbreviated it.

What is STIR?

The purpose of the STR system is to include information in SIP headers that allow the system as well as the endpoints to positively identify the origin of the data. This does not directly impede RoboColler's ability to forge caller IDs, but it does allow upstream points to decide whether to trust that ID.

For example, a business system using VOIP-based PBX can connect to a wider telephone network through a SIP service provider. When receiving SIP packets from these providers, they will add additional information to the header, indicating whether they believe the call started with a reputable customer and whether their provider The caller ID is the one that is familiar with their system. In this example, the internal phone number may not be known by the provider, but they may agree that all numbers starting with 555-555 actually belong to this user indeed.

The STR system generates a JSON web token, which, among other things, provides the actual phone number, number, and authentication level provided by the provider, provided by the original SIP. This information is then encrypted with the provider's private key, encoded using Base64, and linked to the original SIP header in a new identification field. Now the new information travels along with the original SIP application until it reaches its destination, another VoIP system or provider that will route the call to an external telephone.

At the reception, the STIR information is decoded using the provider's public key. If this fails, the STIR information may be misinterpreted. If it is decoded correctly, it can extract the information and check to see if the decision is allowed to continue. For example, in the case of a VoIP endpoint on a smartphone, the display may indicate that the call is of unknown origin ("C") or that it has failed to fully verify.

What is SHAKEN

STRS is based on IP and is designed to work with calls via a VoIP network. It does not work within the "original" telephone network, which relies on standards such as SS7 for root calls. VoIP calls enter the network "onshore" through a variety of telephone gateways from VoIP, and they can receive STR information at this location or anywhere during the VoIP section of the call. But once inside the telephone network, there is no standard for passing this standard information to the end-user.

Additionally, STIR does not specify how authentication failures in the network should be handled. In a system where most of the calls do not have Steer information, at least during the time the system is being set up, failed STIR checks cannot stop the call alone. Some kind of information has to be sent to the user, but the exact nature of that information is not part of itself.

By 2019, the true nature of messages sent to end-users is still being discussed. The Secure Telephone Identity Governance Authority, or STI-GA, is organizing these discussions, as well as demanding certification authorities who will handle most of the key protocols. In addition, the Secure Telephone Identification Policy Administrator, or STI-PA, has the task of actually performing key policy decisions, such as cancellation. On May 30, 2019, GA announced that Iconic has won the role of PA.

STIR/SHAKEN Definitions

Steer (Secure Telephone Identity Revisited) is a proposed standard developed by the IETF that specifies a signature to verify the calling number, and explains how to transfer "over the wire" to the SIP. Will be done. Checking (handling of token-signed asset information) The ATIS / SIP Forum is a framework document developed by the IP-NNI Task Force to implement for service providers. Provides profile. Steer/wrinkles will be the basis for facilitating call verification, call classification, and the ability to trust caller identification information.

STIR vs SHAKEN

Secure is a protocol for providing call information to the party in a short, digitally signed form for reconsideration of telephone identification. It focuses more or less on end devices and allows digital signatures to be generated and validated in multiple locations.

Checkin means secure handling of information asserted using tokens and focuses on how STR can be implemented within the carrier network. While STIR emphasizes end tools, SHAKEN addresses imitation.

How does STIR / SHAKEN work?

1. When a call is initiated, a SIP INVITE is received from the starter service provider.

2. The startup service provider verifies the call source and number to verify authentication. 

Complete Verification (A) - The service provider verifies the calling party and confirms that they are authorized to use this number. An example would be a registered subscriber.

Partial Verification (B) - The service provider confirms the start of the call but cannot confirm that the source of the call is authorized to use the calling number. An example would be a caller number from behind an enterprise PBX.

Gateway Check (C) - The service provider verifies the authenticity of the call but cannot verify the source. An example would be a call received from an international gateway. 

3. The startup service provider will now create a SIP ID header that will contain the calling number, called the number, the certificate level, and the information along with the call origination, along with the certificate.

4. The certificate is sent to the SIP Invite destination service provider with the SIP ID header.

The destination service provider verifies the identity of the header and certificate.

STIR/SHAKEN Testing

The current "governing" body for STR / Shakin testing is ATIS RoboCalling Tesbd and it removes solutions developed for the Shakin framework provided by communications service providers, equipment manufacturers, and software providers. Use to test from Organized by the Newstar Trust Lab, the Virtualized Testing Facility supports a joint effort by the Internet Engineering Task Force (IETF) and the Alliance for the Telecommunications Industry Solutions (ATIS).

This test was used to verify REDCOM's successful telephone identification revision (STIR) criteria and signature handling of assisted information using the token (SHAKEN) framework within Redcom's personalized call screening. 

Caller Authentication

The idea behind STIR / SHAKEN is to reduce unwanted robots and bad actors who use caller ID spoofing to increase their chances of talking to a user. STRs are used to provide a mechanism for service providers to extend the SIP protocol to verify that the SIP call initiation is most likely to be valid. (Ie not a party inviting any fraud/fraud). 

The purpose of these additions is to make it significantly harder for bad actors to identify calls for immorality or other purposes. An example of such activity is the use of voice messaging or credit card verification services to gain access to voice messages or credit from victims. In search of information or cash is to participate in trust schemes through cash trusts as legitimate businesses.

How Will Caller ID Authentication Help Consumers?

Caller ID authentication technology enables users to trust that callers are the ones who say they reduce the effectiveness of fraudulent calls by fraud. This technology is very important to protect Americans from scams using fake robots because it eliminates the ability of callers to illegally forge the identity of a caller, which allows scammers to steal Americans from their phones. Use to deceive in responding when they should not do so. Caller ID authentication technology also allows users and law enforcement agencies to easily identify the source of illegal robots and reduce their frequency and impact.

The Steer / Shaken Framework is an industry-standard caller ID validation technology, set of technical standards and protocols that validate and validate caller ID information for calls running over Internet Protocol (IP) networks. Allows. As implementation continues, it will give Americans greater confidence that the caller ID information they receive is accurate and will allow voice service providers to provide helpful information to their customers about which phone call answers.

STIR/SHAKEN is for Businesses

Regulators and members legislate to ensure that service providers implement effective ways to combat illegal robots. In response, phone companies are verifying caller IDs with the STIR / SHAKEN standard. But what does this mean for businesses and how do they communicate with customers through calls?

In a recent webinar for businesses, STIR / SHAKEN, we shared how businesses are being affected by illegal robot business today, what STIR / SHAKEN addresses (and does not do), calls in networks. The complexities of implementing authentication, and what it means for business. Calls

Below we have questions from webinar participants from many different industries who are facing challenges with their outbound calling programs. Newstar is a call authentication pioneer, co-author of the STIR / SHAKEN standards, and a market leader and neutral trusted provider of caller ID services in the United States.

What types of calls does STIR/SHAKEN address?

STIR / SHAKEN was developed to prevent illegal call spoofing. Call spoofing occurs when the call manager makes changes to hide or change the calling number that is displayed on the calling display. An example of the legal use of counterfeiting is to provide an important callback number for customer support or to keep the calling number private, such as when a doctor contacts a patient on his private phone. Used to detect illegal number forgery or to prevent users from making unwanted calls. Illegal counterfeit calls are a huge problem in the United States, often a combination of automated dialing with counterfeit intent to deceive consumers.

How will consumers be impacted by STIR/SHAKEN?

As more carriers terminate the STIR / SHAKEN, the phone number and call source will be confirmed. Carriers are experimenting with different alerts, but to date, there is no standard way to notify users of verified calls. If the call can be verified, the user can be notified with the confirmation keyword or symbol on the incoming call display. If the call cannot be verified, the call may be blocked or the user has been alerted to a possible scam call on their caller ID screen.

The purpose of notifications is to allow users to decide whether they want to reply, ignore or block the number. With Stryer / Wrinkle and other anti-robotic concerns to prevent scam calls, consumers should feel more confident and empowered about answering the calls they want to receive.

Conclusion

Although many providers and third parties offer call blocking and caller identification authentication products, there is no one-size-fits-all solution that extends over wireless and wireless communication networks. To address these concerns, service providers are focusing their efforts on three key areas: source authentication as well as network and consumer deterrence tools. The ribbon is moving forward with innovative solutions to protect users from unwanted calls and give them more control over incoming calls and text.

Share on Google Plus

About M.IMRAN