Other than to note how pathetically useless Caller ID is for screening my personal calls, I never gave it a lot of thought, despite staring my technology career in telephony at AT&T Bell Labs.
Recently, I was engaged to do some work on a project that hoped to use the calling party's phone number as one component of a multi-factor identification/authentication mechanism. It didn't take long to discover that confusion and deception are rampant when discussing the issue with service providers.
These are my notes on the subject.
- Automatic Number Announcement Circuit (ANAC)
- An ANAC is a special telephone number that is meant to be used by phone company technicians and other telecommunications technicians to determine the phone number of a particular line.
- Automatic Number Identification (ANI)
- ANI permits subscribers to display or capture the billing telephone number (also known as the Charge Number) of the calling party. ANI was invented by AT&T as a component of their inbound WATS (Wide Area Telephone Service). ANI is completely unrelated to Caller ID and actually pre-dates Caller ID.
- Billing Telephone Number (BTN)
- The billing number associated with a telephone line; it is akin to an 'account number', the number that is billed for the use of the line. Note that BTN is not necessarily the 'phone number' or 'subscriber line number' associated with the line in question. ANI delivers BTN, while CID delivers the subscriber line number.
- Caller Identification (CID)
A telephone service, available in analog and digital phone systems and most voice over Internet Protocol (VoIP) applications, that transmits a caller's number to the called party's telephone equipment during the ringing signal, or when the call is being set up but before the call is answered. Where available, caller ID (via a database lookup) can also provide a name associated with the calling telephone number. The information made available to the called party may be displayed on a telephone's display, on a separately attached device, or be processed by an attached computer with appropriate interface hardware.
The idea of CNID as a service for POTS subscribers originated from automatic number identification (ANI) as a part of toll free number service in the United States.
- Calling Number Identification (CNID)
- See Caller Identification
- Calling Number Delivery (CND)
- See Caller Identification
- Caller ID (CID)
- See Caller Identification
- Calling Line Identification (CLI)
- See Caller Identification
- Calling Line Identification Presentation (CLIP)
See Caller Identification
NOTE: I have seen documentation describing CLIP as a completely different animal, namely, on an INWATS, the delivery of the phone number that the caller actually dialed.
- Calling Party Number (CPN)
- The term Calling Party Number refers to the subscriber line number or the directory number contained in the calling party number parameter of the call set-up message associated with an interstate call on a Signaling System 7 network.
- Central Office (CO)
- The "Central Office", most often referred to as "the CO", or just "CO", is a facility run by your telephone service provider which has the means to directly connect to your telephone. Historically, the CO was the windowless brick building that the telephone line from your home connected to. Again, historically, the wire from your home eventually terminated at a "switch", which had the ability to connect your wire to any of many others. With the advent of cell phones, the concept of wires from your phone to a CO is becoming a bit dated, but the principal is the same.
- Charge Number (CN)
- The term "charge number" come from SS7 documentation. It refers to the delivery of the calling party's billing number in a Signaling System 7 environment by a local exchange carrier to any interconnecting carrier for billing or routing purposes, and to the subsequent delivery of such number to end users.
- Plain Old Telephone Service (POTS)
- POTS is the standard residential voice-grade telephone service that most residences in the US use. POTS is delivered to a residence over a pair of wires which connect the residence to the CO. This connection is called a subscriber loop.
- Primary Rate Interface (PRI)
- The Primary Rate Interface (PRI) is a standardized telecommunications service level within the Integrated Services Digital Network (ISDN) specification for carrying multiple DS0 voice and data transmissions between a network and a user.
- Privacy Indicator
- The term Privacy Indicator refers to information, contained in the calling party number parameter of the call set-up message associated with an interstate call on an Signaling System 7 network, that indicates whether the calling party authorizes presentation of the calling party number to the called party.
- Signaling System 7 (SS7)
- The term Signaling System 7 (SS7) refers to a carrier to carrier out-of-band signaling network used for call routing, billing and management.
- T1 is another name for DS1 or DS-1 (where DS means Digital Signal) full-duplex circuit. A DS1 is made up of 24 8-bit channels, also known as DS0 channels. In a gross oversimplification (acceptable for this document), the reader can simply view the T1 as a special telephone line that can carry up to 24 simultaneous voice conversations (phone numbers) concurrently.
ANI != Caller ID
The number provided via Caller ID (CID) and the number provided by Automatic Number Identification (ANI) are not the same thing. Period. In fact, for a single call, it is quite possible to have one number delivered via CID and a completely different number to be delivered via ANI. It is also possible for either or both numbers to be missing.
The balance of this note explains the differences between CID and ANI.
Caller ID is delivered from the CO that originates the call, delivered to the receiving CO as a message on the SS7 (Signaling System 7) network that controls all the voice calls made in the US. It's up to the originating CO/phone company to send the number to the receiving CO - this explains why CID name/number on long distance phone calls you get may be absent - the originating CO simply may not care.
Within a LATA (local area usually served by a real phone company), both name and number are usually delivered, if the caller didn't block the call and the recipient is paying for Caller ID number/name.
Outside a LATA, or on calls within a LATA from some VoIP providers or CLECs, you may see only the number (even if you pay for name). In such cases, the name isn't sent with the number from the originating CO. Instead, the name is added by the receiving phone company, who does a lookup in a database. Sometimes, these database lookups cost your phone company money, so they simply skip them and display "Out of Area".
There are two types of CID: Standard CID and Call Waiting CID.
Standard Caller ID
When you receive a telephone call on a POTS line, the CID information is sent to you from the switch in your phone company's CO.
CID information comprises, the date and time (based on the CO's clock), the calling party's number, and (optionally) the calling party's name. Typically the name is provided only if you pay an extra fee for the feature.
If the call originates on a POTS line (a standard loop start line) Caller ID information is provided by the originating service provider's local switch. Since the network does not connect the caller to the callee until the phone is answered generally the caller ID signal cannot be altered by the caller. Most service providers however, allow the caller to block caller ID presentation through the vertical service code *67.
A call placed from a private branch exchange (PBX) has more options. In the typical telephony environment, a PBX connects to the local service provider through Primary Rate Interface (PRI) trunks. Generally, although not absolutely, the service provider simply passes whatever Calling Line ID appears on those PRI access trunks transparently across the Public Switched Telephone Network (PSTN). This opens up the opportunity for the PBX administrator to program whatever number they choose in their external phone number fields. This or similar mechanisms can be used for so-called Caller ID Spoofing.
If the number or name isn't known, it is replaced with an O (if the number is Out of Area) or a P (if the number is Private / blocked).
In the US, CID data is placed on the line in the interval between the first and second rings. CID data is simply 1200 baud modem data. The information can be formatted in one of two ways: with the calling party's name (called MDMF -- Multiple Data Message Format) and without the calling party's name (SDMF - Single Data Message Format).
The data also contains a checksum (the CO adds up the ASCII value of all the digits transmitted and sends it as the checksum), which the Caller ID device calculates when it receives the message. If the calculated checksum is different than the checksum transmitted with the Caller ID, the box knows something is wrong with the data it received but it doesn't care (but it's available for special applications). It usually displays whatever data it has. If there's essentially nothing, or the line was answered on the first ring before the Caller ID data was delivered, the box will usually say "No Caller ID."
If someone or an Automated Attendant answers a phone line on the first ring, the Caller ID that would have come between the first and second rings is lost forever. There's no way to get it back.
Call Waiting Caller ID
Like Standard CID, this is delivered as 1200 baud data when the line is inuse, and a new call comes in. It can only be decoded by special phones and Caller ID boxes that can hear the Call Waiting signal followed by Caller ID data during a call. When the phone or box hears the Call Waiting signal it's supposed to split the line so the user doesn't hear the burst of data, and then display the number of the new caller (after which the user can hookflash to answer the new call like regular Call Waiting).
When you forward a phone line, the Caller ID that shows up on the line the call has been forwarded to is normally the caller's number, not the number of the line that's forwarded. However, some phone companies screw this up and deliver the number of the line that has been forwarded.
800-437-7950 (800-MCI-ANAC) is MCI's ANAC. It will read out both calling and charge numbers.
Automatic Number Identification (ANI)
Larger companies, certainly those with call centers, processing many calls per hour, typically obtain their telphone lines in one or more T1 lines. These are completely different than POTS residential service.
When someone dials an 800 (i.e. "inward WATS" or free) number and that call terminates on a T1, ANI, not CID, information is delivered to the called party.
A second crucial difference between ANI and CID is that the calling party is unable to block ANI, where *67 can be used by the calling party to prevent their number from appearing in CID information. The FCC ruled that because the called party was paying for the call on the inbound WATS service, it was acceptable to preclude the calling party from blocking their number.
Until now, we've been looking at ANI and CID from the perspective of one that is receiving an incoming call.
Interestingly, if one's phone system is connected to a PRI line, your phone system is what determines what is delivered as CID. Going back to the beginning of this document -- it means that your phone system determines the information that the originating CO delivers via SS7 to the called party's CO. This is how services that spoof CID work.
OK, that's a lot of material, mostly interesting. Why do I care? I care because I am currently working on a system design that perform authentication (partial) based on the number of the person placing the phone call. Therefore, we must have a good handle on where "caller id" (in the generic sense) comes from. If the number we are using for authentication is absent or garbage, then the authentication is no better.
As it turns out, CID is completely unsuitable for authentication. One reason is that it can be easily be blocked by a number of mechanisms. The second reason is that it is the easiest to forge.
ANI can be forged as well, but it is much more difficult to forge than CID. Either some sort of facility with a PRI is required or a VOIP PBX with a lax SIP trunking provider is needed.
My estimate is that ANI is orders of magnitude more reliable for authentication than is CID. It is important to note that neither is foolproof. Thus, any authentication performed with any telephone number should only be one component of a complete authentication process.