Internet DRAFT - draft-atarius-dispatch-meid-urn
draft-atarius-dispatch-meid-urn
Network Working Group R. Atarius
Internet-Draft June 10, 2018
Intended status: Informational
Expires: December 12, 2018
A Uniform Resource Name Namespace for the Device Identity and the Mobile
Equipment Identity (MEID)
draft-atarius-dispatch-meid-urn-18
Abstract
This document defines a Uniform Resource Name (URN) namespace for the
Third Generation Partnership Project 2 (3GPP2) and a Namespace
Specific String (NSS) for the Mobile Equipment Identity (MEID). The
structure of an MEID is 15 hexadecimal digits long and is defined in
the Third Generation Partnership Project 2 (3GPP2) (see [S.R0048-A])
to uniquely identify each individual mobile equipment (e.g., a
handset or mobile phone). The 3GPP2 has a requirement to be able to
use an MEID as a URN. This document fulfills that requirement.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 12, 2018.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Atarius Expires December 12, 2018 [Page 1]
�
Internet-Draft MEID Based URN June 2018
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Namespace Registration Template . . . . . . . . . . . . . . . 4
3.1. Namespace ID . . . . . . . . . . . . . . . . . . . . . . 4
3.2. Version . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.3. Date . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.4. Registrant . . . . . . . . . . . . . . . . . . . . . . . 4
3.5. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.6. Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.7. Assignment . . . . . . . . . . . . . . . . . . . . . . . 5
3.8. Security and Privacy . . . . . . . . . . . . . . . . . . 5
3.9. Interoperability . . . . . . . . . . . . . . . . . . . . 5
3.10. Resolution . . . . . . . . . . . . . . . . . . . . . . . 6
3.11. Documentation . . . . . . . . . . . . . . . . . . . . . . 6
3.12. Additional Information: . . . . . . . . . . . . . . . . . 6
4. Specification . . . . . . . . . . . . . . . . . . . . . . . . 6
4.1. MEID Parameters . . . . . . . . . . . . . . . . . . . . . 6
4.2. MEID Format . . . . . . . . . . . . . . . . . . . . . . . 7
4.2.1. Overview . . . . . . . . . . . . . . . . . . . . . . 7
4.2.2. Manufacturer Code . . . . . . . . . . . . . . . . . . 7
4.2.3. Serial Number . . . . . . . . . . . . . . . . . . . . 7
4.2.4. Check Digit . . . . . . . . . . . . . . . . . . . . . 7
4.2.5. Hexadecimal Encoding . . . . . . . . . . . . . . . . 7
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
6. Security and Privacy Considerations . . . . . . . . . . . . . 8
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
8.1. Normative References . . . . . . . . . . . . . . . . . . 9
8.2. Informative References . . . . . . . . . . . . . . . . . 10
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction
A single mode 3GPP mobile equipment which uses only 3GPP technology
to transmit and receive voice or data, or a dual mode 3GPP/3GPP2
mobile equipment which uses either 3GPP or 3GPP2 technology to
transmit and receive voice or data has an International Mobile
station Equipment Identity (IMEI) to identify the mobile equipment.
A URN Namespace and an NSS for the IMEI are defined in [RFC7254].
For cases where the mobile equipment uses IMEI as an identity for
Atarius Expires December 12, 2018 [Page 2]
�
Internet-Draft MEID Based URN June 2018
dual mode 3GPP/3GPP2 access the IMEI urn as defined in [RFC7254] can
be used to identify the mobile equipment.
However, single mode 3GPP2 mobile equipment which supports only 3GPP2
access technology to transmit and receive voice or data has a
hexadecimal MEID. Since there are fundamental differences between
MEID and IMEI, i.e. in encoding, format and the ownership, [RFC7254]
cannot be employed to represent the hexadecimal MEID.
This document specifies a URN namespace for 3GPP2 and an NSS for the
MEID as per the namespace registration requirement in [RFC8141]. The
structure of an MEID is 15 hexadecimal encoded digits long and is
defined by 3GPP2 (see [S.R0048-A]) to uniquely identify each
individual mobile equipment (e.g., a handset or mobile phone). The
3GPP2 has a requirement to be able to use an MEID as a URN. This
document fulfills that requirement. The Namespace Identifier (NID)
'3gpp2' is for identities used in 3GPP2 networks. The MEID is
managed by the 3GPP2, so this NID is managed by the 3GPP2. This
specification defines only NSSs constructed from MEIDs under the
'3gpp2' NID. These NSSs start with "meid:" in order to identify them
as such. Additional types of NSS under the '3gpp2' NID may be
specified in the future by the 3GPP2 via additional specifications.
The MEID is 15 hexadecimal digits long and includes a manufacturer
code of 8 hexadecimal digits and the serial number of 6 hexadecimal
digits plus a hexadecimal digit as a check digit.
The manufacturer code identifies the mobile equipment manufacturer.
A manufacturer can be assigned more than one manufacturer code. The
serial number uniquely identifies each mobile equipment within the
manufacturer code. The check digit is used as assurance of integrity
in error-prone operations, e.g. when used with certain types of
readers during inventory management operations. The check digit is
not transmitted. Therefore the first 14 of the 15 dexadecimal digits
are used for defining the MEID as a URN.
The information here is meant to be a concise guide for those wishing
to use the hexadecimal MEID as a URN. Nothing in this document
should be construed to override [S.R0048-A] that defines the MEID.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Atarius Expires December 12, 2018 [Page 3]
�
Internet-Draft MEID Based URN June 2018
3. Namespace Registration Template
A completed namespace registration follows.
3.1. Namespace ID
'3gpp2' requested
3.2. Version
1
3.3. Date
2018-06-10
3.4. Registrant
Standards Organization: Third Generation Partnership Project 2
(3GPP2)
Contact:
John Derr, MEID Global Hexadecimal Administrator, JDerr@tiaonline.org
Gary Pellegrino, TIA TR-45 EUMAG Chair, gary@commflowresources.com
c/o Telecommunications Industry Association
1320 N. Courthouse Rd., Suite 200
Arlington, Virginia 22201 USA
3.5. Purpose
The '3gpp2' namespace is used to identify mobile equipment which uses
technologies defined by the Third Generation Partnership Project 2
((3GPP2); initially such equipment is identified by a URN that embeds
a Mobile Equipment Identity (MEID) that is 15 hexadecimal digits long
and unique to each individual mobile equipment (e.g., a handset or
mobile phone).
3.6. Syntax
The identifier is expressed in American Standard Code for Information
Interchange (ASCII) characters and has a hierarchical expression
using the Augmented Backus-Naur Form (ABNF) defined in [RFC5234], as
follows:
Atarius Expires December 12, 2018 [Page 4]
�
Internet-Draft MEID Based URN June 2018
pp2-urn = "urn:" pp2-NID ":" pp2-NSS
pp2-NID = "3gpp2"
pp2-NSS = meid-specifier / future-pp2-specifier
meid-specifier = "meid:" meidval
future-pp2-specifier = future-specifier *[ ":" 1*( pchar / "/" ]
future-specifier = 1*pp2-char
pp2-char = ALPHA / DIGIT / "-" / "." / "_" / pct-encoded
where 'pchar' and 'pct-encoded' are defined in [RFC3986]. An NSS for
the MEID is defined under the '3gpp2' NID.
The representation of the MEID is a specific number of hexadecimal
digits, as described in [S.R0048-A].
The formal definition of a URN with 'meid' NSS contains one meidval
with the formal definition according to the following ABNF [RFC5234]:
meidval = Manufacturer-Code "-" Serial-Number
Manufacturer-Code = 8HEX
Serial-Number = 6HEX
HEX = DIGIT / "A" / "B" / "C" / "D" / "E" / "F"
3.7. Assignment
The Manufacturer Code and Serial Number portions of the MEID are
permanently stored in the mobile equipment so they remain persistent
as long as the mobile equipment exists. The process for Manufacturer
Code and Serial Number assignment is documented in [SC.R4002-0] and
the Manufacturer Code and Serial Number values once assigned are not
re-assigned to other mobile equipments.
Identifiers in the '3gpp2' namespace are defined and assigned by the
3GPP2 or an agency appointed by 3GPP2 after ensuring that the URNs to
be assigned are unique. Procedures are in place to ensure that each
MEID is uniquely assigned by the mobile equipment manufacturer so
that it is guaranteed to uniquely identify that particular mobile
equipment.
3.8. Security and Privacy
See Section 8 of RFC XXXX.
3.9. Interoperability
Although both the 3GPP2 Mobile Equipment Identity (MEID) and the 3GPP
International Mobile station Equipment Identity (IMEI) are used to
identity mobile equipment, they are separate identifiers and are not
to be confused.
Atarius Expires December 12, 2018 [Page 5]
�
Internet-Draft MEID Based URN June 2018
Internet implementations will not generally possess MEID identifiers.
The identifiers generated by such implementations will typically be
URNs within namespaces other than '3gpp2', and may, depending on
context, even be non-URN URIs. Implementations are advised to be
ready to process URIs other than '3gpp2' namespaced URNs, so as to
aid in interoperability.
3.10. Resolution
No resolution is envisioned.
3.11. Documentation
Documentation can be found in the following specifications:
o A Uniform Resource Name Namespace for the Device Identity and the
Mobile Equipment Identity (MEID)" [RFC XXXX].
o 3G Mobile Equipment Identifier [S.R0048-A].
o GHA (Global Hexadecimal Administrator) Assignment Guidelines and
Procedures for Mobile Equipment Identifier (MEID) and Short Form
Expanded UIM Identifier (SF_EUIMID) [SC.R4002-0].
3.12. Additional Information:
Because the syntax of a 3GPP2 Mobile Equipment Identity (MEID)
differs from that of a 3GPP International Mobile station Equipment
Identity (IMEI), reuse of the URN specified in RFC 7254 is not
possible.
4. Specification
4.1. MEID Parameters
Any future change to the format of the 'meid' NSS requires the use of
the procedure for URN NSS changes (currently through the publication
of a future Informational RFCs approved by IETF consensus).
[draft-atarius-dispatch-meid-urn-as-instanceid] specifies how the
MEID URN can be used as an instance ID as specified in [RFC5626].
Any change to the instance ID, will require an update to
[draft-atarius-dispatch-meid-urn-as-instanceid]. An example of 3GPP2
MEID URN is:
urn:3gpp2:meid:A04B0D56-02A7E3
Atarius Expires December 12, 2018 [Page 6]
�
Internet-Draft MEID Based URN June 2018
4.2. MEID Format
4.2.1. Overview
The MEID format is 15 hexadecimal digits encoded in 8 octets as
defined in [S.R0048-A]. The first eight hexadecimal digits
constitute the manufacturer code, the next six hexadecimal digits the
serial number within the manufacturer code. The last hexadecimal
digit is a check digit. For more details on the hexadecimal encoding
c.f. 4.2.5.
4.2.2. Manufacturer Code
The manufacturer code is an 8 hexadecimal digit value. The
manufacturer code identifies the mobile equipment manufacturer. The
manufacturer code is chosen from a range of values allocated to the
mobile equipment manufacturer in order to uniquely identify the
mobile equipment.
4.2.3. Serial Number
The serial number is a 6 hexadecimal digit value. The serial number
identifies equipment within the manufacturer code.
4.2.4. Check Digit
This is a single hexadecimal digit (bits 1-4 of octet 8) and is used
as assurance of integrity in error-prone operations, e.g. when used
with certain types of readers during inventory management operations.
The check digit is not transmitted by the mobile equipment and are
not used in the MEID URN.
4.2.5. Hexadecimal Encoding
The MEID format is 15 hexadecimal digits encoded in 8 octets as
defined in [S.R0048-A]. The following figure is an abstract
representation of a hexadecimal encoded MEID stored in memory (the
actual storage format in memory is implementation specific). In this
figure, the most significant digit of the Manufacturer Code is
encoded in the bits 1-4 of octet 1. Bits 5-8 of octet 8 are zero-
padded, since the bits 1-4 are only needed to encode the Check Digit.
The most significant digit of the Serial Number is encoded in the
bits 1-4 of octet 5. When MEID is included in a cellular signaling
message, the Check Digit is omitted and the first 7 Octets in the
following figure are only transmitted, [X.S0008-A].
Atarius Expires December 12, 2018 [Page 7]
�
Internet-Draft MEID Based URN June 2018
14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 Hexadecimal
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ Digits
| | | |
| | | |
| Manufacturer Code | Serial Number |CD|
| | | |
| | | |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
1 2 3 4 5 6 7 8 Octets
5. IANA Considerations
In accordance with BCP 66 [RFC8141], IANA is asked to register the
Formal URN namespace '3gpp2' in the "Uniform Resource Name (URN)
Namespaces" registry, using the registration template presented in
Section 3 of this document.
6. Security and Privacy Considerations
An MEID is usually printed outside of the box, a mobile device ships
in. The MEID may also be printed under the battery on a mobile
device, however very few devices have removable batteries today. One
can retrieve the MEID via either settings or by dialing *#06#.
Anyone with brief physical access to the mobile device or its box can
therefore easily obtain the MEID. Therefore MEIDs MUST NOT be used
as security capabilities (identifiers whose mere possession grants
access). Unfortunately there are currently examples of some
applications which are using the MEID for authorization. Also some
service providers' customer service departments have been known to
use knowledge of the MEID as "proof" that the caller is the
legitimate owner of the mobile device. Both of these are
inappropriate uses of the MEID.
Since the MEID is permanently assigned to the mobile equipment and is
not modified when the ownership of the mobile equipment changes,
(even upon a complete software reload of the mobile equipment), the
MEID URN MUST NOT be used as a user identifier or user address by an
application. Using the MEID to identify a user or as a user address
could result in communications destined for a previous owner of a
device being received by the new device owner or could allow the new
device owner to access information or services owned by the previous
device owner.
Additionally, since the MEID identifies the mobile equipment, it
potentially could be used to identify and track users for the
purposes of surveillance and call data mining if sent in the clear.
Atarius Expires December 12, 2018 [Page 8]
�
Internet-Draft MEID Based URN June 2018
Since the MEID is personally identifiable information, uses of the
MEID URN with IETF protocols require a specification and IETF expert
review [RFC5226] in order to ensure that the privacy concerns are
appropriately addressed. Protocols carrying the MEID URN SHOULD at a
minimum use strongly hop-by-hop encrypted channels and that it is
RECOMMENDED that end-to-end encryption is used.
7. Acknowledgements
This document draws heavily on the 3GPP2 work on Numbering,
Addressing and Identification in [S.R0048-A] and also on the style
and structure used in [RFC7254] and [RFC4122].
The author thanks for the detailed comments, provided by Ramachandran
Subramanian, Alex Gogic, Randall Gellens, and Peter Saint-Andre.
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>.
[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally
Unique IDentifier (UUID) URN Namespace", RFC 4122,
DOI 10.17487/RFC4122, July 2005,
<https://www.rfc-editor.org/info/rfc4122>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", RFC 5226,
DOI 10.17487/RFC5226, May 2008,
<https://www.rfc-editor.org/info/rfc5226>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/info/rfc5234>.
Atarius Expires December 12, 2018 [Page 9]
�
Internet-Draft MEID Based URN June 2018
[RFC5626] Jennings, C., Ed., Mahy, R., Ed., and F. Audet, Ed.,
"Managing Client-Initiated Connections in the Session
Initiation Protocol (SIP)", RFC 5626,
DOI 10.17487/RFC5626, October 2009,
<https://www.rfc-editor.org/info/rfc5626>.
[RFC8141] Saint-Andre, P. and J. Klensin, "Uniform Resource Names
(URNs)", RFC 8141, DOI 10.17487/RFC8141, April 2017,
<https://www.rfc-editor.org/info/rfc8141>.
[S.R0048-A]
3GPP2, "S.R0048-A: 3G Mobile Equipment Identifier (MEID) -
Stage 1, Version 4.0", 3GPP2 TS S.R0048-A 4.0, June 2005,
<http://www.3gpp2.org/Public_html/Specs/
S.R0048-A_v4.0_050630.pdf>.
[SC.R4002-0]
3GPP2, "SC.R4002-0: GHA (Global Hexadecimal Administrator)
Assignment Guidelines and Procedures for Mobile Equipment
Identifier (MEID) and Short Form Expanded UIM Identifier
(SF_EUIMID), Version 12.0", 3GPP2 TS SC.R4002-0 10.0,
December 2013, <http://www.3gpp2.org/Public_html/Specs/SC.
R4002-0_v12.0_GHA_%20Guidelines_for_MEID_December_2016.pdf
>.
[X.S0008-A]
3GPP2, "X.S0008-A: MAP Support for the Mobile Equipment
Identity (MEID), Version 2.0", 3GPP2 TS X.S0008-A 2.0,
March 2014, <http://www.3gpp2.org/Public_html/Specs/
X.S0008-A_v2.0_20140321.PDF>.
8.2. Informative References
[draft-atarius-dispatch-meid-urn-as-instanceid]
Atarius, R., "Using the Mobile Equipment Identity (MEID)
Uniform Resource Name (URN) as an Instance ID", Internet
Draft draft-atarius-dispatch-meid-urn-as-instanceid, March
2018.
[RFC7254] Montemurro, M., Allen, A., McDonald, D., Gosden, P., "A
Uniform Resource Name Namespace for the Global System for
Mobile Communications Association (GSMA) and the
International Mobile station Equipment Identity (IMEI)",
Internet Draft RFC7254, May 2014.
Atarius Expires December 12, 2018 [Page 10]
�
Internet-Draft MEID Based URN June 2018
Author's Address
Roozbeh Atarius
Email: ratarius@motorola.com
Atarius Expires December 12, 2018 [Page 11]
