In the age of digital communication, ensuring call authenticity is paramount. To address issues of caller ID spoofing and robocalls, the telecommunications industry has embraced the STIR/SHAKEN framework. In this article, we will delve deep into the heart of STIR/SHAKEN: token attestations.
Understanding STIR/SHAKEN
Secure Telephony Identity Revisited (STIR) and Signature-based Handling of Asserted Information Using toKENs (SHAKEN) form a suite of protocols designed to certify the authenticity of a call. They provide a level of trust in the caller ID information displayed, curbing issues such as caller ID spoofing.
At the core of STIR/SHAKEN lies the principle of token attestations. These are digital signatures added by the originating service provider to the SIP INVITE, the initial step in creating a telephone call over IP networks.
The Role of Token Attestations
The attestation level determines the trustworthiness of the call originator’s assertion of caller ID information. There are three levels of attestation:
- Full Attestation (A-Level): This is the highest level of trust, given when the service provider has authenticated the caller and can confirm that they are authorized to use the calling number.
- Partial Attestation (B-Level): This level is given when the service provider has authenticated the caller but can’t verify if they are authorized to use the calling number.
- Gateway Attestation (C-Level): This is the lowest level, given when the service provider has only confirmed that the call entered their network, but the caller’s identity and authorization to use the calling number are unknown.
How Does Token Attestation Work?
Here’s a simplified step-by-step process of how token attestation works in STIR/SHAKEN:
- When a call is placed, the originating service provider creates a SIP INVITE that includes caller ID information.
- The service provider authenticates the caller and determines the appropriate attestation level. They then sign the SIP INVITE with their private key to create a token.
- The signed call is then sent through the network to the terminating service provider.
- The terminating service provider verifies the digital signature using the originating service provider’s public key. They then decide how to handle the call based on the attestation level and verification status.
- The call is delivered to the recipient, potentially with information about the verification status.
Conclusion
Token attestations are integral to STIR/SHAKEN, providing a mechanism to gauge the trustworthiness of a call. They are a crucial tool in the ongoing battle against robocalls and caller ID spoofing.
In our next posts, we’ll delve deeper into how businesses can implement STIR/SHAKEN and what these changes mean for the future of telecommunications.