From IPitomy Wiki
Jump to navigation Jump to search

Please visit The Federal Communications Commission's STIR/SHAKEN website for additional information, documents and resources



STIR/SHAKEN, or SHAKEN/STIR, is a suite of protocols and procedures intended to combat caller ID spoofing on public telephone networks. Caller ID spoofing is used by robocallers to mask their identity or to make it appear the call is from a legitimate source, often a nearby phone number with the same area code and exchange, or from well-known agencies like the Internal Revenue Service or Ontario Provincial Police. This sort of spoofing is common for calls originating from voice-over-IP (VoIP) systems, which can be located anywhere in the world.

STIR, short for Secure Telephony Identity Revisited, has been defined as a series of RFC standards documents by a Working Group of the Internet Engineering Task Force. It works by adding a digital certificate to the Session Initiation Protocol information used to initiate and route calls in VoIP systems. The first public connection on the system, typically the VoIP service provider, examines the caller ID and compares it to a known list of IDs they provide to that customer. The provider then attaches an encrypted certificate to the SIP header with the service provider's identity and a trust value. VoIP software on the receiving end can check the authenticity of the message by decrypting STIR using the provider's public key.

The FCC is requiring use and compliance of these protocols by June 30, 2021.