STIR/SHAKEN

Signed calls.
Real callers.

A Dials outbound call carries a STIR/SHAKEN attestation that says, cryptographically, who is calling. Full A-level when the originator owns the number. We don't sign what we can't verify.

Trust centerTelecom compliance

At a glance

What attestation levels mean.

A
Full
Originator authenticated and authorized to use the calling number.
B
Partial
Originator authenticated; number ownership not verified end-to-end.
C
Gateway
Call passed through this carrier; identity not authenticated.
None
Blocked
Unsigned calls fail the egress policy on Dials by default.

Sign by default

Every outbound,
every time.

When a seat dials, Dials looks up number ownership, mints a SHAKEN PASSporT, and signs the SIP INVITE. The signing layer is part of the egress path. There's no opt-out — only escalation.

  • Per-call PASSporT
  • Per-tenant SP-Code
  • Hardware-isolated keys
  • Per-call signing event
dials · stir/shaken
AttestationA · full
Originator+1 512 555 0199
Recipient+1 415 555 0144
SP-Code1234
Cert chainVerified · 30d valid
PASSporTeyJhbGciOiJFUzI1NiIs…

Trace and verify

Hand it to a regulator.
Hand it to a carrier.

The signed PASSporT, the SIP INVITE, the attestation level, the certificate chain, and the carrier acknowledgement all land in the usage ledger. Pull the trace by call ID and reproduce the signing decision.

  • Per-call certificate chain
  • Carrier acknowledgement recorded
  • Trace ID per call
  • Exportable bundle
dials · trace
Egress signing
Signed · 14 ms
ok
Trunk handoff
200 OK · trunk-east-01
ok
Carrier acknowledgement
Identity-OK · A
ok
Recipient carrier
Recv'd · A · displayed
ok

Verify a signature.

Place a mock outbound call and pull the trace. The PASSporT renders as JWT alongside the signing chain.

Open the consoleTalk to us