STIR/SHAKEN, The Technology Fighting Robocalls

Last week we did a blog post on robocalls and what telecom companies and now the Federal Government is doing to combat them. Since our blog post, the bill passed the Senate and is expected to be signed into law. As a follow up we want to go more in depth on the technology named in the bill and how it is helping to end robocalls.

The big issue with robocalls is number “spoofing.” This is the technology criminals use to make the number they are calling from appear as if it is closely related to your phone number, or at least from your same area code. Criminals can also spoof known numbers, like the phone number of your bank, or the IRS. This technology makes it harder for users to identify a scam, and makes them more susceptible to giving the criminal personal information.

The technology named in the Senate bill is STIR/SHAKEN. STIR (Secure Telephone Identity Revisited) is an internet-based process that verifies a calling party’s authorization to use a particular phone number. SHAKEN (Secure Handling of Asserted information using toKENs) is a framework to verify the calling number and how it will be transported. These two technologies work together to authenticate a phone call, and pass that information on to the service provider of the person receiving the call.

When a phone call is made the call first goes to the service provider of the person making the call. This originating service provider now assigns the call an authentication token based on what they know about the number and the caller. The easiest token is, “this person owns this phone number, we assigned it to them.” The second level of authorized calls are, “this person has permission to use this phone number.” This second category could be from a business call center who wants all of their outbound calls to come from one phone number. This type of call should also pass through without issue. The third level of authorization is, “minimal or questionable knowledge about the authorization of this call.” These are the calls the technology is trying to put an end to.

Each call is assigned a token from the originating service provider, and then this token is passed from service provider to service provider until the call reaches the terminating service provider. Then, the terminating service provider has to make a decision on what they want to do with the third level of authenticated calls. The terminating service provider can forward the call with a messaged attached for the user. This is where some cell phone users are noticing calls come through as “Fraud Risk” or “Telemarketer.” The terminating service provider could also choose not to deliver the call at all, or dump it to a voice mail box. Telecom companies are still experimenting with what users would like done with these calls at this point.

All of the major telecom companies have already implemented some version of this technology, but the new law should help to push the technology forward and make sure all of the telecom companies are working together in this fight.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright