Features
Messaging
SMS Campaigns SMS-VOICE Gateway RCS Messaging WhatsApp API SMS Firewall
Voice & VoIP
VoIP Routing SBC Ringless Voicemail PBX Services TTS
Signalling & Core
SS7 Gateway Diameter OCS Mobile Core
Compliance
ENUM/NAPTR 10DLC STIR/SHAKEN MNP/LNP
Security
Firewall DDoS Mitigation IPSec VPN
Sector Antennas Massive MIMO Remote Radio Units Baseband Units eNodeB / gNodeB Outdoor Small Cells Indoor Small Cells Tower Masts Site Power
Plans About Blog Contact
Compliance

STIR/SHAKEN Authentication

Protect your customers and your reputation with full RFC 8224/8225 compliant caller ID attestation. Sign every outbound call with a cryptographic Identity header, verify inbound attestation tokens, and meet FCC robocall mitigation mandates across your entire VoIP infrastructure — all automated within the MOBITELSMS billing and routing platform.

Get Started Talk to Sales
What Is STIR/SHAKEN

The FCC Mandate for Authenticated Caller ID

STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted information using toKENs) are the IETF and ATIS standards that authenticate caller ID information on VoIP calls using public-key cryptography. Originating carriers sign calls with an attestation level (A, B, or C) and a digitally signed JSON Web Token (JWT) embedded in the SIP Identity header. Terminating carriers and analytics platforms verify the signature against the originating carrier's certificate retrieved from the public STI-CR certificate repository. The TRACED Act and subsequent FCC orders require all US voice providers to implement STIR/SHAKEN — non-compliant traffic faces call labelling and blocking by downstream providers.

Features

Full-Stack STIR/SHAKEN

Outbound Call Signing
Automatically signs every outbound SIP INVITE with a PASSporT JSON Web Token at attestation level A (full), B (partial), or C (gateway), based on your origination policy and the calling number's verification status. The signed Identity header is injected by Kamailio's Call hook before forwarding to the next-hop carrier.
Inbound Token Verification
Parses and cryptographically verifies the Identity header on inbound calls. Fetches the originating carrier's X.509 certificate from the STI-CR certificate repository (x5u URL in the PASSporT header), validates the JWS signature, checks claim fields (origtn, desttn, iat freshness), and records the attestation result in the call CDR for downstream analytics and dispute resolution.
Certificate Lifecycle Management
Manages your Secure Telephone Identity (STI) certificates from issuance through renewal and revocation. Supports multiple active certificates for different origination OAs (Originating Authorities). Certificate private keys are stored encrypted at rest; public certificates are hosted on an HTTPS STI-CR endpoint with configurable TTL and automatic renewal alerts 30 days before expiry.
Attestation Analytics Dashboard
Real-time and historical reports on attestation levels for all traffic — outbound signing success rate, inbound verification pass/fail breakdown, attestation level distribution (A/B/C/unsigned), and per-carrier attestation quality scoring. Identify misbehaving upstream carriers sending spoofed or unsigned traffic before it reaches your customers.
Robocall Risk Scoring
Integrates with STIR/SHAKEN verification results to produce a composite risk score per call. Unsigned calls, failed verifications, expired PASSporTs, or mismatched origination numbers increase the score. Configurable thresholds trigger call blocking, challenge prompts, or caller ID warning flags appended to the SIP display name for downstream termination partners.
Multi-Carrier Interoperability
Tested against AT&T, Lumen, Comcast, and Twilio STIR/SHAKEN implementations. Handles edge cases including calls transiting non-SHAKEN intermediate carriers (OOB STIR via SHAKEN B-level re-attestation), international calls with SIP-I/ISUP interworking, and TDM gateway interop where Identity headers cannot be preserved across TDM hops.
Technical Specifications

Specifications

StandardsRFC 8224, RFC 8225, RFC 8226 (PASSporT)
Industry SpecATIS-1000074 (SHAKEN), ATIS-1000082
Signature AlgorithmES256 (ECDSA P-256 + SHA-256)
Certificate FormatX.509 v3, TNAuthList extension (RFC 8226)
Attestation LevelsA (Full), B (Partial), C (Gateway)
Certificate RetrievalHTTPS STI-CR (x5u URL, sub-second cache)
PASSporT Freshnessiat ±60 seconds (configurable)
Processing Latency<5ms (cached cert), <80ms (first fetch)

Get FCC-Compliant Today

STIR/SHAKEN compliance is mandatory for US voice providers. Our implementation is RFC 8224/8225 production-grade, battle-tested against major US carriers. Activate signing and verification in minutes from the admin portal.

Get Started Talk to Sales

MOBITELSMS Assistant

Hi! I'm the MOBITELSMS assistant. How can I help you today?