Solving the Illegal Robocalling Problem

Illegal robocalling continues to plague consumers, more than interrupting with nuisance calls about automotive extended warranties, they have become the point of entry for scammers that prey on consumers.

“4.3 Billion robocalls were placed in October 2020 – that’s 13 per person in the US” – YouMail Robocall Index

“Nearly 50% of IC Mobile Traffic will be scam calls…” – First Orion

“Unwanted calls – including illegal and spoofed robocalls – are the FCC’s top consumer complaint and our top consumer protection priority”  – FCC Chairman Ajit Pai

Falsification (or spoofing) of caller-ID information is a favorite deception used by illegal robocallers and scammers to get their victims to answer the call. Whether the call appears to be from a neighbor, a bank, utility or government agency, consumers often fall for the deception, costing millions of dollars per year in fraud.

Responding to this, the Federal Communications Commission and Federal Trade Commission have enacted a number of rulings, including the TRACED (Telephone Robocall Abuse Criminal Enforcement and Deterrence) Act.

The TRACED Act mandates: “18 months after the date of enactment, the Federal Communications Commission shall require a provider of voice services to implement the STIR/SHAKEN authentication framework in the internet protocol networks of voice service providers”

STIR/SHAKEN – The Objectives

While complicated in implementation, the simple objective of STIR/SHAKEN is to secure the identity of the calling party, allowing the called party to know with relative certainty who initiated the call.    For the subscriber, this should re-establish trust in the caller-ID displayed on their telephone, presenting an icon or text that indicates that the caller-ID information is valid.

A second objective of implementing STIR/SHAKEN is to improve the analytics used to detect and block illegal robocallers, allowing legal robocallers (reverse 9-1-1, doctor’s appointment reminders, etc.) to reliably reach their intended recipients.

A third objective is to provide tools for law enforcement, allowing them to identify the source of calls, keep a record of potentially illegal activity, and provide a strong deterrent.

STIR/SHAKEN Theory of Operation

The design of STIR/SHAKEN is centered around creating an encrypted identity token at the originating service provider, passing it through the network to the terminating service provider, who verify its authenticity.   Using well-understood public key infrastructure (PKI), STIR/SHAKEN relies on certificates managed by a Certificate Authority (CA) that closely manages issuance and revocation, limiting issuance to vetted and credentialed telephony service providers.

Figure 1: STIR/SHAKEN Architecture

As shown in Figure 1, a simplified STIR/SHAKEN architecture encompasses a number of key elements:

Calling Party – the initiator of the call, a known customer of originating telephone service provider (TSP).

Called Party – the intended recipient of the call, likely a subscriber on a different TSP

Originating TSP – the service provider that first handles the call from the calling to the called party, is responsible for attesting to the authenticity of the caller, using an Authentication Service to create an identity token.  The identity is embedded in the SIP signaling before passing the call to the Terminating TSP.

Authentication Service – using the call information and attestation, creates an encoded identity token, returning the token to the Originating TSP.

Terminating TSP – the service provider that services the called party, validates the identity token using a Verification Service, and relays the results of the verification to the Called Party.

Verification Service – decodes the identity token, verifies the token with the certificate public key, and relays the verification status (true/false) back to the Terminating TSP.

Certificate Repository – shared service that hosts the certificates for each of the trusted service providers.


TelcoBridges and TransNexus have teamed to deliver a complete STIR/SHAKEN solution for service providers that is easy to integrate into existing systems, scales easily, works for both SIP and TDM networks, and has a business model that scales with adoption.

STIR/SHAKEN for SIP Service Providers

Figure 2: STIR/SHAKEN for SIP Networks

For SIP-based telecom service providers, use of TelcoBridges ProSBC and TransNexus ClearIP are integrated together as shown in Figure 2.

At the Originating TSP the architecture puts an SBC instance at the egress of their network, capturing call details as they leave their network, and passing the calling party information to ClearIP.  The ClearIP service ClearIP service assigns an attestation letter, generates an Identity header, returning the header to ProSBC.   That SIP INVITE with the Identity header is then passed on to the destination Terminating TSP.

At the Terminating TSP, the architecture puts an SBC at the point of ingress, passing the SIP INVITE with SIP Identity header to ClearIP for verification.  ClearIP retrieves the certificate found in the Identity header, verifies its authenticity, and returns a “verstat” status in the P-Asserted Identity field of the SIP INVITE.  At this point, the softswitch at the Terminating TSP can use the verstat results to:

  • Perform additional reputation analytics
  • Redirect the call to screening services
  • Insert “[V]” in the caller name field
  • Or display the call validation status as is appropriate.

STIR/SHAKEN for TDM Service Providers

However, not all service providers have completed their migration to SIP, leaving part or all of their network using TDM equipment.  To help bridge this gap, a TelcoBridges/TransNexus solution offers the flexibility to work in both SIP and TDM networks, or hybrid networks and any combination between service providers.

Figure 3: STIR/SHAKEN for TDM Networks

For TDP-based telecom service providers, use of TelcoBridges TMG Media Gateways with TransNexus ClearIP integrates as shown in Figure 3.

At the Originating TSP the architecture puts media gateway instance at the egress of their network, capturing call details as they leave their network, and passing the calling party information to ClearIP.  The ClearIP service assigns an attestation letter, authenticates the call and, posting the Identity header at the destination TSP’s designated Call Placement Service.

At the Terminating TSP, the architecture puts a media gateway at the point of ingress.  Upon arrival of a call, the media gateway converts the call to SIP, passing the INVITE to ClearIP, where the Identity header is retrieved from the Call Placement Service. Once retrieved, the Identity header is verified for authenticity, and ClearIP returns a “verstat” status to the media gateway.  At this point, the media gateway or TDM switch at the Terminating TSP can use the verstat results to:

  • Redirect the call to screening services
  • Insert “[V]” in the caller name field
  • Or display the call validation status as is appropriate.

OOB STIR/SHAKEN Case Study at Wabash Communications: 


The benefits of the TelcoBridges/Transnexus includes:

  • Ease of Implementation – Inserting ProSBC into the call flow eliminates the need for major upgrades to existing systems
  • Flexible Deployment Options – supports both SIP and TDM networks or hybrid networks
  • Interoperable – based on ATIS standard interfaces, is compatible with standard STIR/SHAKEN solutions
  • Cloud-ready – can be deployed in existing data centers or as a software-as-a-service subscription
  • Scalable Business Model – allowing service providers to “ramp up” their support for STIR/SHAKEN as they migrate and grow
  • Highly reliable – based on carrier-class reliable software and hardware systems

Learn More:

From the TelcoBridges Video Library:

More on TelcoBridges’ ProSBC and TMG media gateways: & VoIP media gateways

More on TransNexus’ ClearIP:

Next Steps:

Complete the form below to request a consultation with our experts who can evaluate and make recommendations on your specific situation: