Skip to main content
Learn more about the STIR-SHAKEN authentication framework
April 20, 2022 at 4:00 AM
An old woman making a phone call.

There’s nothing more important for your customers than the security of your telecom services. In an era where robocalls are a common nuisance and scams are more prevalent than ever, callers need assurance that they can make calls and accept them without having to worry about the security of their personal information. The federal government has taken steps to ensure that this security is maintained across all networks.

Thanks to the TRACED Act being signed into law, the STIR-SHAKEN authentication framework is now a legally-required implementation for all major telecom service providers.

Essentially, its purpose is to prevent robocalls and other fraudulent calls from reaching consumers, or for any calls that can’t be verified to be labeled as potential scams. This prevents the kinds of disruptions and potential breaches that scam calls can introduce without severely disrupting the ability of callers to reach one another across different networks.

If you’re a telecom service provider operating in the United States, you must implement STIR-SHAKEN as part of your network. But how does this framework function? We’ll break it all down in this blog post, including the functionality of STIR-SHAKEN tokens, call attestation, and integrating the framework into your services.

Understanding STIR-SHAKEN tokens

As we’ve written in a prior blog post, STIR-SHAKEN tokens are generated at the moment that a call is made, and the token generation process occurs across a matter of seconds. A certificate is produced that verifies your number as a legitimate member of a major telecom provider’s network, allowing it to appear as an authenticated call to the person receiving the call.

Tokens can be generated in a few different ways, but all of them involve adding the verification certificate (or token) to your SIP header, displaying your status as a verified caller and assuring the person on the other end that they can safely pick up the phone.

How does call attestation work?

Call attestation is also an integral part of the token-based authenticatication functionality of STIR-SHAKEN. There are three attestation levels, and the one given to your number at the time of your call reflects whether the network is able to verify your identity and the point of origin of your call. In this way, it isn’t as simple as just blocking your number or labeling you as a scam caller if you can’t be fully verified.

If both your caller identity and the origin of your call on a verified network can be determined, you’re given A-level, or “full,” attestation. If your identity can be verified, but not the source of the call, you’re given B-level, or “partial” attestation. If neither of these can be verified, you’re given C-level, or “gateway” attestation, which means your call is much more likely to be indicated as a potential scam.

Implementing STIR-SHAKEN at your company

There are a few different ways in which you can implement STIR-SHAKEN at your company, specifically if you’re working with a service provider like Prescott-Martini. You can forward your calls for authentication, send verification requests via MySQL, request stand-by service which grants you access to millions of tokens per month at a flat rate, or remotely-managed authentication services on your platform at a flat rate.

Remember: implementing STIR-SHAKEN on your network is a legal requirement. Neither you nor your customers can afford to wait for the additional security offered by this framework, and adding it to your services as soon as possible ensures smooth, secure call services on your platform. Let us work with you to implement this framework in a way that works for you. Contact us now to learn more or to get started.