Current and Future Applications of STIR/SHAKEN

[tanjimajuha20]

he Secure Key Store (SKS): Since every private key used in STIR/SHAKEN verification is a secret known only to the carrier signing the call, it’s important to safeguard these assets. The SKS serves as a safe repository for this purpose. It also provisions the private keys as they are used by the STI-AS in signing requests.

The STI Certificate Repository (STI-CR): This secure web server hosts public certificates, and can be accessed by service providers over the public internet. Each service provider with SHAKEN private keys in a Secure Key Store should have a corresponding STI-CR where its public certificates are published.

The Key Management kuwait telegram Server (SP-KMS): This provides automated certificate and key management, and serves a number of functions. The SP-KMS requests and receives a token from the STI-PA over an HTTP interface, in addition to requesting an STI certificate from the STI-CA. It also generates a private and public key pair for signing and verification, storing them respectively in the SKS and the STI-CR.

As STIR / SHAKEN becomes more widespread, real-time analytics systems will gain greater ability to differentiate between spoofed and genuine calls, and greater power to filter out the bad communications that can sour the telephony experience for network subscribers.

STIR/SHAKEN also has the potential to provide a standardized methodology for tracing back the origin of calls. This has been difficult to achieve to date, given the number of disparate networks and connections that are typically involved. However, STIR/SHAKEN includes a standardized tracing function that represents the originating point of a call in each network. This opens up the possibility of streamlining the trace back process.

In future, adoption of STIR/SHAKEN may also make it possible to create some form of standardized display, which confirms to call recipients that the caller ID of the party initiating an incoming call has been fully verified. This might for example be a Caller Name and Call Purpose display.

Stir/Shaken as of November 2024
Here are some of the latest updates on STIR/SHAKEN as of November 2024:

FCC Regulatory Updates:
The FCC is refining STIR/SHAKEN regulations to enhance the framework’s integrity, particularly when service providers rely on third parties for implementation. This aims to curb improperly authenticated calls and bolster accountability in the caller ID authentication process.
Expanded obligations now require all providers, including intermediate and non-gateway providers, to participate in the robocall mitigation database, detailing practices to block illegal robocalls and describing “know-your-upstream provider” procedures. These measures enhance traceability and enforcement.
Participation and Effectiveness:
Participation in STIR/SHAKEN continues to grow. In October 2024, there was a 2.3% increase in the number of providers authorized under the framework, and the percentage of signed calls remained steady at just under 50% at termination.
While the percentage of calls with full A-level attestation slightly decreased, B- and C-level attestations saw marginal increases, reflecting a shift in how calls are signed.
Robocall Trends:
Despite increased participation, robocalls signed with A-level attestation by prolific robocall signers remain high, accounting for 58.3% of such calls in October 2024.
The FCC has introduced stricter enforcement tools, including per-call penalties and expedited removal from the robocall mitigation database for non-compliance.
These updates underscore ongoing efforts to improve call authentication, reduce robocalls, and ensure compliance across the telecommunications industry. For further details, you can explore resources like the FCC’s open meeting summaries and reports from industry leaders such as TransNexus.

To get started in using STIR/SHAKEN to authenticate calls on your network right now, you can access our free tool here at IDT.