AT&T and Comcast announced today that they've successfully tested what they believe to be the first SHAKEN/STIR-authenticated call between two different telecom networks.
SHAKEN/STIR[1] stands for Signature-based Handling of Asserted Information Using toKENs (SHAKEN) and the Secure Telephone Identity Revisited (STIR), and is a protocol for authenticating phone calls with the help of cryptographic certificates.
The protocol was created to address the problem of call spoofing --calls that claim to come from a number or network, but they don't.
SHAKEN/STIR works by the network operator where the call has originated "signining" the call using a certificate. The telecom operator on the receiving end of the call can verify it came from the network the call claims it originated by looking at its certificate and making a few cryptographic checks.
Work on the SHAKEN/STIR protocol has been underway for a while, and until now, several telecom operators have tested it already, but with calls inside their respective networks, where they could verify that everything was working as intended and calls were getting signed correctly when made, and verified the right way when received.
Today, AT&T and Comcast said they carried out the first SHAKEN/STIR call made between two different networks.
"The test used phones on the companies' consumer networks - not in a lab or restricted to special equipment," AT&T said in a press release. "It was conducted March 5, between AT&T Phone digital home service and Comcast's Xfinity Voice home phone service."
"The calls