CIDVV - Caller-ID Vouching and Vetting
CIDVV: Caller-ID Vouching and Vetting
A Practical, Lightweight Solution to Caller-ID Spoofing
Version 1.0
May 2026
Sponsored by Jolly Roger Telephone Company
Roger Anderson – Jolly Roger Telephone Company
Steven Berkson – Jolly Roger Telephone Company
Phillip Askew – Jolly Roger Telephone Company
Executive Summary
Caller-ID spoofing continues to erode trust in telephony. Despite years of effort and significant investment in STIR/SHAKEN, spoofed calls remain common — especially across international borders and legacy TDM networks.
CIDVV (Caller-ID Vouching and Vetting) offers a simple, immediately deployable complement that verifies reachability (vouching) and pre-established trust (vetting). It requires no new protocol extensions, works on both SIP and SS7/TDM networks, and can be rolled out incrementally.
By using short-lived signaling exchanges encoded in the existing Calling Party Number field, CIDVV raises the cost of spoofing dramatically while creating new opportunities for verified calling services, branded numbers, and trust programs.
The Problem
- Robocalls and spoofing scams cost billions annually.
- International and TDM calls often lack reliable identity.
- STIR/SHAKEN provides strong attestation where fully deployed, but coverage remains incomplete globally.
- Sophisticated scammers and robocallers often intentionally route calls through TDM/SS7 segments to strip or downgrade STIR/SHAKEN attestation, exploiting legacy infrastructure.
- Legitimate callers (enterprises, banks, healthcare providers) struggle to reach customers because their numbers are frequently blocked or labeled as spam.
The CIDVV Solution
CIDVV is a lightweight network-native challenge-response mechanism that verifies reachability and control of an asserted Caller-ID using the existing telephone network.
In CIDVV, “vouching” means that the called party can confirm that the owner of the asserted Caller-ID is reachable and has effectively endorsed the call by responding to a verification signal.
In CIDVV, “vetting” is a pre-arranged verification process between two parties that share a secret. Unlike vouching, which confirms reachability during a live call, vetting establishes in advance that a specific telephone number is controlled by a trusted party.
Vetting is performed using a shared hashing algorithm. Both parties compute a short-lived numeric token derived from a shared secret and call-specific information (such as the calling and called numbers). The first vetting call causes the called party to generate and store this token for a brief period. The second call presents the expected token, allowing the called party to confirm that both sides possess the shared secret without transmitting it directly.
CIDVV does not replace STIR/SHAKEN, but complements it by providing verification where attestation is unavailable, unreliable, or intentionally circumvented.
Figure 1: Enhanced vouching using dual “100/101” verification calls, producing a 486/404 response combination that signals success.
In this flow, the called party initiates verification by placing two short-lived validation calls using the “100” and “101” prefixes. The originating CIDVV platform responds with distinct failure signals (486 and 404), confirming that the asserted Caller-ID is reachable and actively participating in the exchange.
The combination of these responses provides a strong signal that the calling party controls the presented number and is able to vouch for the call without requiring call completion.
Figure 2: First Vetting Call using 101 prefix to create token and return 404 (success).
The first vetting call uses the “101” prefix and is recognized as the start of a vetting procedure. Upon receipt, the called party’s CIDVV platform derives a token based on the shared secret and call parameters, stores it for the Validity Window, and returns a 404 Not Found response.
This step establishes a temporary verification state without revealing the shared secret or requiring persistent identity infrastructure.
Figure 3: Second Vetting Call using 101 prefix to confirm token with 486 (success).
The second vetting call also uses the “101” prefix, but includes the expected token derived from the shared secret. The called party’s CIDVV platform compares this value against recently stored state and, upon a match, returns a 486 Busy Here response.
This confirms that both parties possess the shared secret and that the asserted Caller-ID corresponds to the expected number. It provides strong evidence that the intended party controls that number, as a third party cannot successfully complete the exchange without knowledge of the shared secret.
Technical Highlights
- Fully compatible with SIP and legacy SS7/TDM
- No new headers or signaling extensions required
- Survives intermediate network normalization and truncation
- Short validity window (on the order of seconds) limits replay risk
Key Benefits
| Stakeholder | Benefit |
|---|---|
| Carriers | Reduced robocalls, lower complaint volume, new revenue from verified calling tiers |
| Enterprises | Reliable delivery of customer-service calls, protected brand reputation |
| Number Owners | Visibility into who is spoofing their number and the ability to prove legitimacy |
| Vendors | New service offerings and competitive differentiation |
Business & Ecosystem Opportunities
Tier-1 Vendors
Large identity and analytics providers such as TNS, TransUnion (Neustar), First Orion, and Hiya can quickly integrate CIDVV into their existing platforms.
Opportunities for Tier-2 and Emerging Vendors
CIDVV is especially attractive to secondary and emerging vendors (such as Numeracle, NumHub, and other specialized reputation, KYC, and remediation providers) who want to expand their capabilities or enter the market. Its low deployment barriers allow Tier-2 companies to rapidly enter the market and differentiate through niche verticals or more agile offerings.
International Opportunities
STIR/SHAKEN has seen very limited adoption outside North America. CIDVV is uniquely positioned for global use because it is TDM/SS7-native and incrementally deployable.
High-potential regions include Europe (Vodafone, Orange, Telefónica), Canada, India, and Latin America. Carriers and vendors in these markets can offer “Verified International Calling” services that are not possible with STIR/SHAKEN alone.
Call for Sponsors & Partners
Jolly Roger Telephone Company is actively seeking partners to help drive CIDVV adoption:
- Carriers and Service Providers interested in piloting CIDVV
- Tier-1 and Tier-2 vendors looking to expand their caller identity and anti-fraud offerings
- Industry organizations (GSMA, INCOMPAS, etc.) interested in standardization support
- Enterprise users and vertical organizations (finance, healthcare, government) that want verified calling
We offer technical collaboration, early access to reference implementations, and co-marketing opportunities.
Next Steps
- Review the full specification: draft-anderson-askew-cidvv
- Contact us to discuss a pilot or collaboration
- Explore the open-source reference implementation (coming soon)
Contact
Roger Anderson
roger@jollyrogertelephone.com
Jolly Roger Telephone Company
About the Sponsor
Jolly Roger Telephone Company is an independent U.S. carrier focused on innovative, practical solutions to combat telephony fraud while protecting legitimate calling. We developed CIDVV to solve real operational problems we face every day in mixed SIP and TDM environments.
CIDVV provides a practical path to improving trust in telephony, starting today, across both SIP and TDM environments.