Delivering Trust and Added Value to Consumers Part Two: A Q&A with Comcast
As we learned inDelivering Trust and Added Value to Consumers Part One: Supporting a Framework of Trust with RealNumber®, navigating the digital transformation while establishing consumer trust is no easy feat. However, with the right solutions, such as RealNumber®, in your arsenal as well as trusted, experienced partners like Somos, there is light – and success! – at the end of the tunnel.
For Part Two of the blog series Delivering Trust and Added Value to Consumers, we spoke withChris Wendt, Director, IP Comms & RTC Solutions, Comcast and Co-Chair, SIP Forum/ATIS IP-NNI Joint Task Force. A 25-year telecommunications veteran, Chris has been an industry tour-de-force in evolving security telephone identities and combating illegitimate robocalling. From the mechanics of the STIR/SHAKEN framework to understanding attestation categorization standardization and beyond, Chris provided insight, from a technical perspective, into how to enhance consumer trust and confidence.
For those readers who may not be familiar with Comcast’s connection to STIR/SHAKEN, we’d love to kick off the discussion with a brief overview of your organization’s relationship with the framework.
I have been a leader in working in standards for much of my career. In fact, part of my role at Comcast has been leading our telecom and network standards’ efforts and advocating for how standards can play a role in enhancing our products and services for the Comcast customer. My role aside, Comcast has been one of the leading companies driving technical implementation, interoperability, regulatory input and feedback-driven solutions into the STIR/SHAKEN ecosystem. Our truly great cross-discipline team, which brings years of experience and knowledge to the table, is a key part of our success. We recognize that security, privacy and protecting our customers are primary reasons for being at the forefront of STIR/SHAKEN, investing in advancement and investigating other standards’ initiatives around internet and communications.
We know that you personally were a co-author of many of the primary specifications around STIR/SHAKEN. Can you tell us more about why you got involved and why this framework is so valuable to the industry?
The STIR/SHAKEN progression over the last five or so years really has been an almost perfect alignment of industry standards, regulatory needs and consumer interests. Starting with the STIR working group in IETF and continuing with the well-timed formation of the ATIS/SIP Forum IPNNI Joint Task Force (about two years before it became a US-based forum for the birth of SHAKEN), the Robocall Strike Force from the FCC brought everyone together with a focus on industry standards and solutions.
And as luck would have it, I was opportunely positioned to be a leader/author in most of those initiatives and forums from the on-set of the effort. Obviously, being involved to help solve one of the most complained about issues in the communications space was a big motivator for why I wanted to be involved and participate. There is a small – but dedicated – set of participants in many of the forums focused on STIR/SHAKEN that were working on integral components of the framework: the specifications, the governance frameworks and ultimately, the implementation for the industry. If ever there was a true cross-industry collaboration to achieve a worthy goal, this was it.
As we inch closer and closer to the June 30, 2021 STIR/SHAKEN implementation deadline, we’re seeing and hearing increased conversation around enterprise attestation and their complex uses cases. We’d love to learn more about Comcast’s strategy around attestation and your approach to providing your customers with authentication and verification.
SHAKEN fundamentally started with the idea of attestation, most commonly recognized as the categorization of calls into three simple buckets represented by “A”, “B”, and “C”.
We knew, from the beginning, that this concept was a catalyst for more detailed and granular techniques that built on the foundation of STIR/SHAKEN, better identified the legitimate use of specific telephone numbers and provided a called party with absolute confidence of who the caller – beyond the basic attestation – was. David Hancock, Jon Peterson (Neustar) and I collaborated in the build of a comprehensive framework that centered around an idea in the core IETF specs called “certificate delegation.”
Recently, Comcast has collaborated with industry partners, including Somos, on implementation and interoperability as well as the demonstration of the use of certificate delegation and Rich Call Data (RCD). These new concepts address many of the call scenarios that are most important to enterprises. Enterprises utilize various telephone and Toll-Free telephone numbers and business identities which are used for many complex call scenarios for communicating externally to their customers. These very often involve many platforms and providers that today – without call authentication via STIR/SHAKEN protocol – is loosely coupled in terms of the security of the telephone identity.
Delegate certificates solve this problem end-to-end: they provide a secure token as well as a special type of certificate that can be delegated to the telephone number assignee, all while providing credentials that they have the legitimate right-to-use to a telephone number. This delegate certificate and delegated responsibility can be used to sign the call at its true origin with a uniquely identifiable signature. This signature can be passed ubiquitously to any number of value-added providers or cloud providers and then on to the (often many) originating service providers (OSPs) to originate the call. The call can then reach its destination provider and end-customer with the signature and a verifiable end-to-end trust for both the telephone number as well as other information – such as RCD – built into the call.
Speaking of attestation, we’ve heard from a lot of folks in the industry about challenges they’ve faced when elevating from B-level attestation to A-level. What do you think some of the reasons for this are? Any specific roadblocks you’ve seen or like to share?
Getting “A” attestation – AKA the highest level of confidence about the identity of the caller – is the ultimate goal of STIR/SHAKEN. “B” and “C” represent levels that demonstrate that the OSP does not have a direct or trusted way of absolute proof of the right-to-use (RTU) a particular telephone number for a call. As mentioned above, especially in the case of many enterprise call scenarios, there are multiple players and moving parts involved in the acquisition and use of the telephone number: Service Providers and Responsible Organizations (Resp Orgs), how the call was initiated, what platforms the call was routed through, etc.
Delegate certificates represent a great way where, depending on the participants in the call path, trust can be maintained end-to-end while at the same time, avoiding complex coordination between multiple providers. It’s all real-time and immediately verifiable at each hop of the call, including potentially the most last, and most important, stop in the call journey – the end-customer you are trying to reach and want to answer the call.
Any final nuggets of information or words of wisdom you wish to share about A-level attestation, STIR/SHAKEN or your future plans as it relates to the previous?
STIR/SHAKEN is a framework of trust in the telephone network that is continually evolving. We are actively working on new ways of extending how we utilize STIR/SHAKEN trust in the network to enable new capabilities and services. What we have accomplished as an industry, in building the STIR/SHAKEN eco-system of trusted identity, is INCREDIBLE. But we’re only at the beginning of gaining back consumer trust in telephone calls, and we have some runway before we fully get to that point.
As we transform how B2B and B2C conversations happen and put back trust into the system, we want to provide added value for both the enterprises and consumers who are investing in STIR/SHAKEN. We want to move away from using tricks to get people to pick up calls and instead, create branded experiences based on trusted identities and valuable conversations. If we can pull it off, it’s going to be a truly new world of how, when and why we connect with each other.
Even more – we want to be able to accomplish this all hopefully with smiles on our faces whenever we hear the phone ring!
Interested in learning more about Delivering Trust and Added Value to Consumers? If so, stay tuned for the next article in our series featuring a Q&A with Anis Jaffer, Chief Product Officer at Numeracle!