How PKI and SHAKEN/STIR Will Fix the Global Robocall Problem

How PKI and SHAKEN/STIR Will Fix the Global Robocall Problem – Mark B Cooper


There is a new global technology standard underway that will impact everyone with a phone. This new ecosystem will put an end to fraudulent robocalls calls — the number of robocalls grew 325% worldwide last year, with 48 billion robocalls in the U.S. alone. The Federal Communications Commission (FCC) estimates that more than half of all phone calls placed in the U.S. this year will be robocalls. The FCC and major telecommunications companies including Comcast, AT&T, and T-Mobile are behind a new standard called SHAKEN/STIR (Signature-based Handling of Asserted Information using ToKENs and Secure Telephony Identity Revisited) to combat robocalls and caller ID spoofing. Public key infrastructure (PKI) is the backbone of the SHAKEN/STIR global technology standard. PKI will be used to identify and verify each phone call. SHAKEN/STIR will shift the identity details from the call originator to the trusted telephone company routing the call. The way it works is each telephone service provider obtains its digital certificate from a certificate authority that is trusted by other telephone service providers. The certificate technology enables the called party to verify that the calling number is accurate and has not been spoofed. In order for the entire ecosystem to work, it needs to be created with a trusted PKI system as the base, using digital signatures in every single call, which are verified and authenticated. SHAKEN/STIR uses digital certificates, based on common public key cryptography techniques, to ensure the calling number of a telephone call is secure. The industry – technology infrastructure, telecommunications, and government entities – needs to work together to ensure call identities are trusted globally. As this technology standard evolves and deployed, security will be required at every level of SHAKEN/STIR implementation.


Mark B. Cooper, president & founder, PKI Solutions Mark B. Cooper, president and founder of PKI Solutions, is known as “The PKI Guy” since his early days at Microsoft. He has deep knowledge and experience in all things Public Key Infrastructure (PKI). PKI Solutions Inc. provides consulting, training — including online training — and implements software solutions for Microsoft PKI and related technologies at enterprises, many of them Fortune 500 companies. PKI Solutions has led hundreds of PKI trainings, including private trainings, across the country and around the world. Prior to founding PKI Solutions, Cooper was a senior engineer at Microsoft, where he was a PKI and identity management subject matter expert who designed, implemented, and supported Active Directory Certificate Services (ADCS) environments for Microsoft’s largest customers.