Network Working Group M. Montemurro, Ed. Internet-Draft A. Allen Intended status: Informational Blackberry Expires: January 6, 2014 D. McDonald Eircom P. Gosden GSM Association July 5, 2013 A Uniform Resource Name Namespace for the GSM Association (GSMA) and the International Mobile station Equipment Identity (IMEI) draft-montemurro-gsma-imei-urn-15 Abstract This specification defines a Uniform Resource Name namespace for the GSMA (GSM Association)and a sub-namespace for the IMEI (International Mobile station Equipment Identity), and an associated parameter for the IMEISV (International Mobile station Equipment Identity and Software Version number). The IMEI is 15 decimal digits long and the IMEISV is 16 decimal digits long and both are encoded using Binary Encoded Decimal (BCD). The IMEI and IMEISV were introduced as part of the specification for Global System for Mobile communications(GSM) and are also now incorporated by the 3rd Generation Partnership Project (3GPP) as part of the 3GPP specification for GSM, the Universal Mobile Telecommunications System (UMTS) and 3GPP LTE (Long Term Evolution). The IMEI and IMEISV are used to uniquely identify Mobile Equipment within these systems and are managed by the GSMA. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on January 6, 2014. Copyright Notice Montemurro, et al. Expires January 6, 2014 [Page 1] Internet-Draft The GSMA and IMEI URN July 2013 Copyright (c) 2013 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. Montemurro, et al. Expires January 6, 2014 [Page 2] Internet-Draft The GSMA and IMEI URN July 2013 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Namespace Registration Template . . . . . . . . . . . . . . . 5 3.1. GSMA . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Specification . . . . . . . . . . . . . . . . . . . . . . . . 9 4.1. IMEI Format . . . . . . . . . . . . . . . . . . . . . . . 9 4.1.1. Type Allocation Code (TAC) . . . . . . . . . . . . . . 9 4.1.2. Serial Number (SNR) . . . . . . . . . . . . . . . . . 9 4.1.3. Spare . . . . . . . . . . . . . . . . . . . . . . . . 9 4.1.4. Binary Encoding . . . . . . . . . . . . . . . . . . . 10 4.2. IMEISV Format . . . . . . . . . . . . . . . . . . . . . . 10 4.2.1. Type Allocation Code (TAC) . . . . . . . . . . . . . . 10 4.2.2. Serial Number (SNR) . . . . . . . . . . . . . . . . . 10 4.2.3. Software Version Number (SVN) . . . . . . . . . . . . 10 4.2.4. Binary Encoding . . . . . . . . . . . . . . . . . . . 10 5. Community considerations . . . . . . . . . . . . . . . . . . . 11 6. Namespace considerations . . . . . . . . . . . . . . . . . . . 12 7. IANA considerations . . . . . . . . . . . . . . . . . . . . . 12 8. Security considerations . . . . . . . . . . . . . . . . . . . 12 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 10.1. Normative references . . . . . . . . . . . . . . . . . . . 13 10.2. Informative references . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 14 Montemurro, et al. Expires January 6, 2014 [Page 3] Internet-Draft The GSMA and IMEI URN July 2013 1. Introduction This specification defines a Uniform Resource Name namespace for the GSMA (GSM Association) and a sub-namespace for the IMEI (International Mobile station Equipment Identity), and associated parameter for the Software Version number from the IMEISV (International Mobile station Equipment Identity and Software Version number) as per the namespace registration requirement found in [1]. The namespace gsma is a namespace for identities used in GSM, UMTS and LTE networks. The IMEI and the IMEISV are managed by the GSMA, so this namespace would be managed by the GSMA. Whilst this specification currently specifies only the IMEI sub-namespace under the GSMA URN namespace additional sub-namespaces under the GSMA namespace may be specified in the future by the GSMA through the publication of future Informational RFCs. The IMEI is 15 decimal digits long and includes a Type Allocation Code (TAC) of 8 decimal digits and a Serial Number (SNR) of 6 decimal digits plus a Spare decimal digit. The TAC identifies the type of the Mobile Equipment and is chosen from a range of values allocated to the Mobile Equipment manufacturer in order to uniquely identify the model of the Mobile Equipment. The SNR is an individual serial number that uniquely identifies each Mobile Equipment within the TAC. The Spare digit is used as a check digit to validate the IMEI and is always set to the value 0 when transmitted by the Mobile Equipment. The IMEISV is 16 decimal digits long and includes the TAC and SNR same as for the IMEI but also a 2 decimal digit Software Version Number (SVN) which is allocated by the Mobile Equipment manufacturer to identify the software version of the Mobile Equipment. The information here is meant to be a concise guide for those wishing to use the IMEI and IMEISV as URNs. Nothing in this document should be construed to override 3GPP TS 23.003 [2] that defines the IMEI and IMEISV. The GSM Association (GSMA) is a global trade association representing nearly 800 mobile phone operators across 220 territories and countries of the world. The primary goals of the GSMA are to ensure mobile phones and wireless services work globally and are easily accessible. Further details about the GSMA role in allocating the IMEI and the IMEISV and the IMEI and IMEISV allocation guidelines can be found in GSMA PRD TS.06 [3]. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", Montemurro, et al. Expires January 6, 2014 [Page 4] Internet-Draft The GSMA and IMEI URN July 2013 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [4]. 3. Namespace Registration Template 3.1. GSMA Namespace ID: "gsma" requested Registration Information: Registration version number: 1 Registration date: 2013-07-02 Declared registrant of the namespace: Registering organization: Name: GSM Association Address: 1st Floor, Mid City Place, 71 High Holborn, London, England Designated contact person: Name: Paul Gosden Coordinates: pgosden@gsma.com Declaration of syntactic structure: The identifier is expressed in ASCII characters and has a hierarchical structure expressed using the augmented Backus-Naur Form (ABNF) defined in [8] as follows: gsma-urn = "urn:gsma:" gsma-specifier *(":" gsma-specifier-defined-substring) *(";" gsma-specifier-param) gsma-specifier = "imei" / gsma-specifier-defined-string gsma-specifier-defined-string = gsma-approved-nonempty-string gsma-specifier-defined-substring = imeival / gsma-approved-nonempty-string gsma-specifier-defined-param-name = gsma-approved-nonempty-string gsma-specifier-defined-param-val = gsma-approved-nonempty-string gsma-specifier-param = "svn=" software-version-string / "vers=" gsma-format-version-string / gsma-specifier-defined-param-name ["=" gsma-specifier-defined-param-val] software-version-string = 2DIGIT gsma-format-version-string = DIGIT gsma-approved-nonempty-string = 1*unreserved Montemurro, et al. Expires January 6, 2014 [Page 5] Internet-Draft The GSMA and IMEI URN July 2013 unreserved = ALPHA / DIGIT / "-" / "." / "_" A sub-namespace for the IMEI is defined under the GSMA namespace. Other sub-namespaces may be defined in the future to include other identifiers in the GSM, UMTS or LTE networks or future networks deployed by members of the GSMA. An IMEI is an identifier under the GSMA namespace that uniquely identifies the mobile devices used in the GSM, UMTS and LTE networks. The representation of the IMEI is defined in 3GPP TS 23.003 [2]. To accurately represent an IMEI received in a cellular signaling message (see 3GPP TS 24.008 [5]) as a URN, it is necessary to convert the received binary (Binary Coded Decimal (BCD)encoded) bit sequence to a decimal digit string representation. Each field has its value printed as a decimal digit string with the most significant digit first. The following augmented Backus-Naur Form (ABNF) includes the set of core rules in RFC 5234 [8], and are not repeated here. A URN with the "imei" gsma-specifier contains exactly one gsma- specifier-defined-substring, and its formal definition is provided by the following ABNF [8]: imeival = tac "-" snr "-" spare tac = 8DIGIT snr = 6DIGIT spare = DIGIT For example: urn:gsma:imei:90420156-025763-0;vers=0 The optional "vers" parameter is included for extensibility of the namespace, for example if the IMEI format is extended in the future (such as with additional digits or using hex digits). A value of "vers" equal to 0 or the absence of the "vers" parameter means the URN format is compliant with the format specified here. Any change to the format specified here requires the publication of a future Informational RFC. Montemurro, et al. Expires January 6, 2014 [Page 6] Internet-Draft The GSMA and IMEI URN July 2013 draft-allen-dispatch-imei-urn-as-instanceid-10 [9] defines how the GSMA IMEI URN can be used as an instance ID as specified in RFC 5626 [10]. Any future value of the "vers" parameter other than equal to 0 or the definition of additional parameters that are intended to be used as part of an instance ID will require an update to draft-allen-dispatch-imei-urn-as-instanceid-10 [9]. The IMEISV is an identifier that uniquely identifies mobile devices and their associated software versions used in the GSM, UMTS and LTE networks. The representation of the IMEISV is defined in 3GPP TS 23.003 [2]. To represent the IMEISV the URN parameter "svn" is appended to the GSMA IMEI URN and set equal to the decimal string representation of the two software version number (svn) digits in the IMEISV and the spare digit in the IMEI gsma-specifier-defined-substring is set to zero. For example: urn:gsma:imei:90420156-025763-0;svn=42 The , , , and can comprise any ASCII characters compliant with the above ABNF. The exclusion of the colon from the list of other characters means that the colon can only occur as a delimiter between string values. The exclusion of the semicolon from the list of other characters means that the semicolon can only occur as a delimiter for parameter values. The exclusion of the "=" character from the list of other characters means that the "=" character can only occur as an operator for parameter values. The GSMA will take responsibility for the gsma-specifier "imei" and manage the URNs in its sub-namespace. Additional gsma-specifiers may be added in the future through Informational RFCs. Relevant ancillary documentation: See IMEI Allocation and Approval Guidelines [3] and 3GPP TS 23.003 [2]. Identifier uniqueness considerations: Identifiers in the "gsma" namespace are defined and assigned in the requested namespace by the GSMA after ensuring that the URNs to be assigned are unique. Uniqueness is achieved by checking against the registry of previously assigned names. Montemurro, et al. Expires January 6, 2014 [Page 7] Internet-Draft The GSMA and IMEI URN July 2013 Procedures are in place to ensure that each IMEI is uniquely assigned by the Mobile Equipment manufacturer so that it is guaranteed to uniquely identify that particular Mobile Equipment. Procedures are in place to ensure that each IMEISV is uniquely assigned by the Mobile Equipment manufacturer so that it is guaranteed to uniquely identify that particular Mobile Equipment and the specific software version installed. Identifier persistence considerations: The GSMA is committed to maintaining uniqueness and persistence of all resources identified by assigned URNs. As the NID sought is "gsma" and GSMA is the long standing acronym for the trade association that represents the mobile phone operators the URN should also persist indefinitely (at least as long as there is a need for its use). The assignment process guarantees that names are not reassigned. The binding between the name and its resource is permanent. The TAC and SNR portions of IMEISVs are stored in the Mobile Equipment so they remain persistent. The SVN may be modified by software when new versions are installed but should be persistent for the duration of the installation of that specific version of software. Process of identifier assignment: GSMA will manage the (including "imei"), , , , and identifier resources to maintain uniqueness. The process for IMEI and IMEISV assignment is documented in GSMA TS 06[3] Process for identifier resolution: Since the GSMA namespace is not currently globally resolvable, this is not applicable. Rules for Lexical Equivalence: Two GSMA IMEI URNs are equivalent if they have the same "imeival" value, and the same gsma-specifier-params values in the same sequential order, with the exception that the gsma-specifier-param "vers=0" is to be ignored for the purposes of comparison. All of these comparisons are to be case-insensitive. Montemurro, et al. Expires January 6, 2014 [Page 8] Internet-Draft The GSMA and IMEI URN July 2013 Any identifier in GSMA namespaces can be compared using the normal mechanisms for percent-encoded UTF-8 strings. Conformance with URN Syntax: The string representation of the GSMA URN and of the IMEI sub- namespace is fully compatible with the URN syntax. Validation Mechanism: The IMEI can be validated using the mechanism defined in Annex B of 3GPP TS 23.003 [2]. There is no mechanism defined to validate the SVN field of the IMEISV. Scope: GSMA URN is global in scope. 4. Specification 4.1. IMEI Format 4.1.1. Type Allocation Code (TAC) The TAC is an 8 decimal digit value. The TAC identifies the type of the Mobile Equipment and is chosen from a range of values allocated to the Mobile Equipment manufacturer in order to uniquely identify the model of the Mobile Equipment. 4.1.2. Serial Number (SNR) The SNR is a 6 decimal digit value. The SNR is an individual serial number that uniquely identifies each Mobile Equipment within the TAC. 4.1.3. Spare The Spare is a single decimal digit. When the IMEI is stored on the Mobile Equipment and network equipment it contains a value that is used as a Check Digit and is intended to avoid manual reporting errors, (e.g. when customers register stolen mobiles at the operator's customer care desk) and also to help guard against the possibility of incorrect entries being provisioned in the network equipment. The Spare is always set to zero when transmitted by the Mobile Equipment, (including when in the IMEI URN format). Annex B of 3GPP TS 23.003 [2] defines a mechanism for computing the actual check digit in order to validate the TAC and SNR. Montemurro, et al. Expires January 6, 2014 [Page 9] Internet-Draft The GSMA and IMEI URN July 2013 4.1.4. Binary Encoding When included in a cellular signaling message the IMEI format is 15 decimal digits encoded in 8 octets using BCD as defined in 3GPP TS 24.008 [5]. Figure 1 is an abstract representation of a BCD encoded IMEI stored in memory (the actual storage format in memory is implementation specific). In Figire 1 the most significant digit of the TAC is coded in the least significant bits of octet 1. The most significant digit of the SNR is coded in the least significant bits of octet 5. The Spare digit is coded in the least significant bits of octet 8. When included in an identity element in a cellular signaling message the most significant digit of the TAC is included in digit 1 of the identity element in Figure 10.5.4 of 3GPP TS 24.008 [5]. 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 Decimal Digits +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | | S| | T | S | p| | A | N | a| | C | R | r| | | | e| +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 1 2 3 4 5 6 7 8 Octets Figure 1. IMEI Format 4.2. IMEISV Format 4.2.1. Type Allocation Code (TAC) The TAC is the same as the TAC in the IMEI in Section 4.1.1. 4.2.2. Serial Number (SNR) The SNR is the same as the SNR in the IMEI in Section 4.1.2. 4.2.3. Software Version Number (SVN) The Software Version Number is allocated by the mobile device manufacturer to identify the software version of the mobile device. 4.2.4. Binary Encoding When included in a cellular signaling message the IMEISV format is 16 decimal digits encoded in 8 octets using BCD as defined in 3GPP TS 24.008 [5]. Figure 2 is an abstract representation of a BCD encoded IMEISV stored in memory (the actual storage format in memory is Montemurro, et al. Expires January 6, 2014 [Page 10] Internet-Draft The GSMA and IMEI URN July 2013 implementation specific). In Figire 2 the most significant digit of the TAC is coded in the most significant bits of octet 1. The most significant digit of the SNR is coded in the most significant bits of octet 5. The most significant digit of the SVN is coded in the most significant bits of octet 8. When included in an identity element in a cellular signaling message the most significant digit of the TAC is included in digit 1 of the identity element in Figure 10.5.4 of 3GPP TS 24.008 [5]. 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 Decimal Digits +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | | | | T | S | S | | A | N | V | | C | R | N | | | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 1 2 3 4 5 6 7 8 Octets Figure 2. IMEISV Format 5. Community considerations GSM, UMTS and LTE mobile devices will be interoperating with Internet devices for a variety of voice and data services. To do this, they need to make use of Internet protocols that will operate end to end between devices in GSM/UMTS/LTE networks and those in the general internet. Some of these protocols require the use of URN's as identifiers. Within the GSM/UMTS/LTE networks, mobile devices are identified by their IMEI or IMEISV. Internet users will need to be able to receive and include the GSMA URN in various Internet protocol elements to facilitate communication between pure internet based devices and GSM/UMTS/LTE mobile devices. Thus the existence and syntax of these namespaces needs to be available to the general internet community and the namespace needs to be reserved with IANA in order to guarantee uniqueness and prevent potential namespace conflicts both within the internet and within GSM/UMTS/LTE networks. Conversely, Internet implementations will not generally possess IMEI identifiers. The identifiers generated by such implementations will typically be URNs within namespaces other than "gsma," and may, depending on context, even be non-URN URIs. Implementations are advised to be ready to process URIs other than "gsma"-namespaced URNs, so as to aid in interoperability. Montemurro, et al. Expires January 6, 2014 [Page 11] Internet-Draft The GSMA and IMEI URN July 2013 6. Namespace considerations A URN was considered the most appropriate URI to represent the IMEI and IMEISV as these identifiers may be used and transported similarly to the Universally Unique Identifier (UUID)which is defined as a URN in [11]. Since specifications for protocols that are used to transport device identifiers often require the device identifier to be globally unique and in the URN format it is necessary that the URN formats are defined to represent the IMEI and IMEISV. 7. IANA considerations In accordance with BCP 66 [1], IANA is asked to register the Formal URN Namespace 'GSMA' in the Registry of URN Namespaces, using the registration template presented in Section 3 of this document. 8. Security considerations IMEIs (but with the Spare value set to the value of the Check Digit) are displayable on most mobile devices and in many cases is printed on the case within the battery compartment. Anyone with brief physical access to the mobile device can therefore easily obtain the IMEI. Therefore the IMEI MUST NOT be used as security capabilities (identifiers whose mere possession grants access). Unfortuantely there are currently examples of some applications which are using the IMEI for authorisation. Also some service providers customer service departments have been known to use knowledge of the IMEI as proof that the caller is the legitimate owner of the mobile device. Both of these are inappropriate uses of the IMEI. Whilst the specific software version of the mobile device only identifies the lower layer software that has undergone and passed certification testing and not the operating system or application software there is still a possibility that the software version could identify software that is vulnerable to attacks or is known to contain security holes. Therfore care SHOULD be taken regarding use of the IMEISV as it could help a malicious device identify mobile device running software that is known to be vulnerable to certain attacks. This is a similar concern to the use of the User-Agent header in SIP as specified in RFC 3261 [12]. Therefore the IMEISV (that is, the IMEI URN with svn parameter) MUST NOT be delivered to devices that are not trusted. Further, because IMEIs can be loosely correlated to a user, they need to be treated as any other personally identifiable information. In particular, the IMEI URN MUST NOT be included in messages intended to convey any level of anonymity. Montemurro, et al. Expires January 6, 2014 [Page 12] Internet-Draft The GSMA and IMEI URN July 2013 Additional security considerations are specified in 3GPP TS 22.016 [6]. Specifically the IMEI is to be incorporated in a module which is contained within the terminal. The IMEI SHALL NOT be changed after the terminal's production process. It SHALL resist tampering, i.e. manipulation and change, by any means (e.g. physical, electrical and software). 9. Acknowledgements This document draws heavily on the 3GPP work on Numbering, Addressing and Identification in 3GPP TS 23.003 [2] and also on the style and structure used in RFC 4122 [11]. The authors would like to thank Cullen Jennings, Lisa Dusseault, Dale Worley, Ivo Sedlacek, Atle Monrad, James Yu and Mary Barnes for their help and comments. 10. References 10.1. Normative references [1] Daigle, L., van Gulik, D., Iannella, R., and P. Faltstrom, "Uniform Resource Names (URN) Namespace Definition Mechanisms", BCP 66, RFC 3406, October 2002. [2] 3GPP, "TS 23.003: Numbering, addressing and identification (Release 8)", 3GPP 23.003, December 2012, . [3] GSMA Association, "IMEI Allocation and Approval Guidelines", PRD TS.06 (DG06) version 6.0, July 2011, . [4] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [5] 3GPP, "TS 24.008: Mobile radio interface Layer 3 specification; Core network protocols; Stage 3 (Release 8)", 3GPP 24.008, June 2013, . [6] 3GPP, "TS 22.016: International Mobile station Equipment Identities (IMEI)(Release 7)", 3GPP 22.016, December 2009, . [7] Moats, R., "URN Syntax", RFC 2141, May 1997. Montemurro, et al. Expires January 6, 2014 [Page 13] Internet-Draft The GSMA and IMEI URN July 2013 10.2. Informative references [8] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008. [9] Allen, A., "Using the International Mobile station Equipment Identity(IMEI)URN as an Instance ID, work in progress", Internet Draft draft-allen-dispatch-imei-urn-as-instanceid-10, July 2013. [10] Jennings, C., Mahy, R., and F. Audet, "Managing Client- Initiated Connections in the Session Initiation Protocol (SIP)", RFC 5626, October 2009. [11] Leach, P., Mealling, M., and R. Salz, "A Universally Unique IDentifier (UUID) URN Namespace", RFC 4122, July 2005. [12] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002. Authors' Addresses Michael Montemurro (editor) Blackberry 4701 Tahoe Dr Mississauga, Ontario L4W 0B4 Canada Phone: unlisted Fax: unlisted Email: mmontemurro@blackberry.com Andrew Allen Blackberry 1200 Sawgrass Corporate Parkway Sunrise, Florida 33323 USA Phone: unlisted Fax: unlisted Email: aallen@blackberry.com Montemurro, et al. Expires January 6, 2014 [Page 14] Internet-Draft The GSMA and IMEI URN July 2013 David McDonald Eircom Phone: unlisted Fax: unlisted Email: David.McDonald@meteor.ie Paul Gosden GSM Association 1st Floor, Mid City Place, 71 High Holborn, London England Phone: unlisted Fax: unlisted Email: pgosden@gsma.com Montemurro, et al. Expires January 6, 2014 [Page 15]