Guaranteed Caller Service Provider

The Challenge

American consumers receive over 200K unwanted and/or fraudulent calls every minute, many using spoofed caller IDs to increase the likelihood that the called party will answer the call. Both the FCC in the USA, through the TRACED Act and the CRTC in Canada, have mandated service provider implementation of the STIR/SHAKEN set of standards as a solution to the widespread use of CLI spoofing in fraudulent calls.

The NetNumber Solution

Guaranteed Caller™ is NetNumber’s family of STIR/SHAKEN solutions, providing proactive and IETF/ATIS compliant CLI validation solutions for all common calling scenarios.

Guaranteed Caller™ Service Provider is using credentials and certificates from the national level to sign and verify consumer calls within an operator network. It fully meets all current FCC/CRTC mandates for IP STIR/SHAKEN. Includes STI-AS, STI-VS (with included CRc certificate cache), SP-KMS, SKS and STI-CR. An optional CVT capability is available.

Guaranteed Caller Service Provider provides three unique functional sets:

  • Service Provider Certificate Management (SPCM) generates new public/private keys sets on a regular basis and then interacts with the STI-CA to request and receive STI-CA signed certificates. SPCM requests fixed duration certificates that have a minimum lifetime of 24 hours and a maximum lifetime of 365 days. Signed certificates received from the STI-CA are pushed to the Guaranteed Caller STI-CR. The associated private key is pushed to the Guaranteed Caller SKS. At the end of their lifetime, certificates are automatically refreshed by SPCM until Guaranteed Caller Service Provider service is cancelled by the service provider.
  • Service Provider Call Signing (SPCS) is used to sign calls on behalf of customers. Access SPCS is via the ATIS 1000082 HTTPS/JSON API (or other technically feasible API approved by NetNumber, including SIP Redirect) using a NetNumber generated security token and/or customer source IP address(es). API queries received by SPCS with a valid authorization receive back a cryptographically signed SHAKEN PASSporT.
  • Service Provider Signature Verification (SPSV) is used to verify call signatures on behalf of Customers. Access to SPSV is via the ATIS 1000082 HTTPS/JSON API (or other technically feasible API approved by NetNumber, including SIP Redirect) using a NetNumber generated security token and/or customer source IP address(es). API queries received by SPSV include a valid authorization and a cryptographically signed SHAKEN PASSporT. Received SHAKEN PASSporTs are verified by SPSV and the results of that verification are returned via the ATIS 1000082 HTTPS/JSON API to the query source.
Key Features

IETF/ATIS Compliant
The Guaranteed CallerTM family is fully compliant with all relevant IETF/ATIS standards for STIR/SHAKEN.


FIPS 140-2 Level 1, Level 2 Compliant
All key-related elements of Guaranteed CallerTM are FIPS 140-2 Level 1 compliant. Level 2 compliance is an available option.


Fully Cloud Native, Containerized Implementation
Guaranteed CallerTM is fully cloud native and containerized, providing effectively unlimited capacity via a highly elastic dynamic scaling capability.


Support for TDM-SHAKEN
Guaranteed CallerTM Service Provider includes full support for TDM-SHAKEN. The in-network Cloud Connect node optionally supports TDM/SS7 physical interfaces.


Configurable Selection of Calls to be Signed
Not all calls need to be signed to be known free from CLI spoofing. Unnecessary call signing may equate to unnecessary OPEX. The Guaranteed CallerTM in-network Cloud Connect node provides configurable call signing selection rules, saving service providers unnecessary spend by selecting for signature only those calls that need to be signed.


Configurable Call Attestation Rules
STIR/SHAKEN relies on accurate call attestation. The Guaranteed CallerTM in-network Cloud Connect node provides configurable rules for setting attestation levels, ensuring that this critical value is set in compliance with local network policy.


Configurable OrigID Values
The STIR/SHAKEN OrigID value supports traceback of calls that incorrectly received an “A” attestation. The Guaranteed CallerTM in-network Cloud Connect node provides configurable rules for setting OrigID as local network policy dictates.

Benefits
  • Fully comply with FCC and CRTC mandates for STIR/SHAKEN
  • Increase customer satisfaction by ending fraudulent CLI spoofing
  • Minimize spend to implement STIR/SHAKEN in the network
  • Minimize network impact from STIR/SHAKEN compliance
  • Control CAPEX expenditure necessary to comply