Dispatch Working Group A. Allen, Ed.
Internet-Draft Blackberry
Intended status: Informational July 6, 2013
Expires: January 7, 2014
Using the International Mobile station Equipment Identity(IMEI)URN as an
Instance ID
draft-allen-dispatch-imei-urn-as-instanceid-10
Abstract
This specification defines how the Uniform Resource Name namespace
reserved for the GSMA (GSM Association) identities and its sub-
namespace for the IMEI (International Mobile station Equipment
Identity) can be used as an instance-id as specified in RFC 5626 [1]
and also as used by RFC 5627 [2]. Its purpose is to fulfil the
requirements in RFC 5626 [1] that state "If a URN scheme other than
UUID is used, the UA MUST only use URNs for which an RFC (from the
IETF stream) defines how the specific URN needs to be constructed and
used in the "+sip.instance" Contact header field parameter for
outbound behavior."
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 7, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
Allen Expires January 7, 2014 [Page 1]
Internet-Draft Using IMEI URN as an Instance ID July 2013
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. 3GPP Use Cases . . . . . . . . . . . . . . . . . . . . . . . . 5
5. User Agent Client Procedures . . . . . . . . . . . . . . . . . 5
6. User Agent Server Procedures . . . . . . . . . . . . . . . . . 6
7. 3GPP Registrar Procedures . . . . . . . . . . . . . . . . . . . 6
8. IANA considerations . . . . . . . . . . . . . . . . . . . . . . 7
9. Security considerations . . . . . . . . . . . . . . . . . . . . 7
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
11.1. Normative references . . . . . . . . . . . . . . . . . . . 8
11.2. Informative references . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9
Allen Expires January 7, 2014 [Page 2]
Internet-Draft Using IMEI URN as an Instance ID July 2013
1. Introduction
This specification defines how the Uniform Resource Name namespace
reserved for GSMA identities and its sub namespace for the IMEI
(International Mobile station Equipment Identity) as defined in
draft-montemurro-gsma-imei-urn-15 [3] can be used as an instance-id
as specified in RFC 5626 [1] and also as used by RFC 5627 [2].
RFC 5626 [1] defines the "+sip.instance" Contact header field
parameter which contains a URN as per RFC 2141 [4] defined as an
instance-id that uniquely identifies a specific UA instance. This
instance-id is used as defined in RFC 5626 [1] so that registrar can
recognize that the contacts from multiple registrations correspond to
the same UA. The instance-id is also used as defined by RFC 5627 [2]
to create Globally Routable User Agent URIs (GRUUs) that can be used
to uniquely address a UA when multiple UAs are registered with the
same Address of Record (AoR).
RFC 5626 [1] defines that a UA SHOULD create a Universally Unique
Identifier (UUID) URN as defined in RFC 4122 [7] as its instance-id
but allows for the possibility of other URN schemes to be used. "If
a URN scheme other than UUID is used, the UA MUST only use URNs for
which an RFC (from the IETF stream) defines how the specific URN
needs to be constructed and used in the "+sip.instance" Contact
header field parameter for outbound behavior." This specification
meets this requirement by specifying how the GSMA IMEI URN is used in
the "+sip.instance" Contact header field parameter for outbound
behavior and draft-montemurro-gsma-imei-urn-15 [3] defines how the
GSMA IMEI URN is constructed.
The GSMA IMEI URN is a namespace for the IMEI a globally unique
identifier that identifies mobile devices used in the Global System
for Mobile communications(GSM), Universal Mobile Telecommunications
System (UMTS) and 3GPP LTE (Long Term Evolution)networks. The IMEI
allocation is managed by the GSMA to ensure that the IMEI values are
globally unique. Details of the formatting of the IMEI as a URN are
defined in draft-montemurro-gsma-imei-urn-15 [3] and the definition
of the IMEI is contained in 3GPP TS 23.003 [8]. Further details
about the GSMA role in allocating the IMEI and the IMEI allocation
guidelines can be found in GSMA PRD TS.06 [9].
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [5].
Allen Expires January 7, 2014 [Page 3]
Internet-Draft Using IMEI URN as an Instance ID July 2013
3. Background
GSM, UMTS and LTE capable mobile devices represent 90% of the mobile
devices in use worldwide. Every manufactured GSM, UMTS or LTE mobile
device has an allocated IMEI which uniquely identifies this specific
mobile device. Amongst other things in some regulatory jurisdictions
the IMEI is used to identify that a stolen mobile is being used to
help to identify the subscription that is using it and to prevent its
use. Whilst GSM was originally a circuit switched system,
enhancements such as GPRS (General Packet Radio Service) and UMTS
have added IP data capabilities which along with the definition of
the IP Multimedia Subsystem (IMS) have made SIP based calls and IP
multimedia sessions from mobile devices possible. The latest
enhancement known as LTE will introduce even higher data rates and
dispenses with the circuit switched infrastructure completely meaning
that with LTE voice calls will need to be conducted using IP and IMS.
However, the transition to all IP, SIP based IMS networks worldwide
will take a great many years and mobile devices being mobile will
need to operate in both IP/SIP/IMS mode and circuit switched mode.
In fact calls and sessions will need to be handed over between IP/
SIP/IMS mode and circuit switched mode during a call. Also as many
existing GSM and UMTS radio access networks are unable to support IP/
SIP/IMS based voice services in a commercially acceptable manner some
sessions can have some media types delivered via IP/IMS
simultaneously with voice media delivered via the circuit switched
domain with the same mobile device simultaneously attached via both
the IP/SIP/IMS domain and the circuit switched domain. To meet this
need 3GPP has specified how to maintain session continuity between
the IP/SIP/IMS domain and the circuit switched domain in 3GPP TS
24.237 [10] and how to access IMS hosted services via both the IP/
SIP/IMS domain and the circuit switched domain in 3GPP TS 24.292
[11].
In order for the mobile device to access SIP/IMS services via the
circuit switched domain 3GPP has defined a MSC (Mobile Switching
Center) server enhanced for ICS (IMS centralized services) and a MSC
server enhanced for SR-VCC (Single Radio Voice Call Continuity) which
control mobile voice call setup over the circuit switched radio
access while establishing the corresponding voice session in the core
network using SIP/IMS. To enable this, the MSC server enhanced for
ICS or MSC server enhanced for SR-VCC perform SIP registration on
behalf of the mobile device which can also be simultaneously directly
registered with the IP/SIP/IMS domain. The only mobile device
identifier that is transportable using GSM/UMTS/LTE signaling is the
IMEI therefore the instance-id included by the MSC server enhanced
for ICS or the MSC server enhanced for SR-VCC when acting on behalf
of the mobile device and the instance-id included by the mobile
device directly both need to be based on the IMEI.
Allen Expires January 7, 2014 [Page 4]
Internet-Draft Using IMEI URN as an Instance ID July 2013
Additionally in order to meet the above requirements, the same IMEI
that is obtained from the circuit switched signaling by the MSC
server needs to be obtainable from SIP signaling so that that it can
be determined that both the SIP signaling and circuit switched
signaling originate from the same mobile device.
3GPP TS 24.237 [10] and 3GPP TS 24.292 [11] already define the use of
the URN namespace for the GSMA IMEI URN as defined in
draft-montemurro-gsma-imei-urn-15 [3] as the instance-id used by GSM/
UMTS/LTE mobile devices, the MSC server enhanced for SR-VCC and the
MSC server enhanced for ICS for SIP/IMS registrations and emergency
related SIP requests for these reasons.
4. 3GPP Use Cases
1. The mobile device includes its IMEI in the SIP REGISTER request
so that the registrar can perform a check of the Equipment Identity
Register (EIR) to verify if this mobile device is allowed or barred
from accessing the network for non-emergency services (e.g., because
it has been stolen). If the mobile device is not allowed to access
the network for non-emergency services the registrar can reject the
registration. Thus a barred mobile device is prevented from
accesssing the network for non-emergency services.
2. The mobile device includes its IMEI in SIP INVITE requests used
to establish emergency sessions. This is so that the PSAP (Public
Safety Answering Point) can obtain the IMEI of the mobile device for
identification purposes if required by regulations.
3. The inclusion by the mobile device of its IMEI in SIP INVITE
requests used to establish emergency sessions is also used in the
cases of unauthenticated emergency sessions to enable the network to
identify the mobile device. This is especially important if the
unauthenticated emergency session is handed over from the packet
switched domain to circuit switched domain as in this scenario the
IMEI is the only common means for identifying the circuit switched
call is from the same mobile device that was in the emergency session
in the packet switched domain.
5. User Agent Client Procedures
A UAC that has an IMEI as defined in 3GPP TS 23.003 [8] that is
Allen Expires January 7, 2014 [Page 5]
Internet-Draft Using IMEI URN as an Instance ID July 2013
registering with a 3GPP IMS network MUST include in the
"sip.instance" media feature tag the GSMA IMEI URN according to the
syntax defined in draft-montemurro-gsma-imei-urn-15 [3] when
performing the registration procedures defined in RFC 5626 [1] or RFC
5627 [2] or any other procedure requiring the inclusion of the
"sip.instance" media feature tag. The UAC SHOULD NOT include the
optional "svn" parameter in the GSMA IMEI URN in the "sip.instance"
media feature tag, since the software version can change as a result
of upgrades to the device firmware which would create a new
instance-id. Any future value of the "vers" parameter other than
equal to 0 or the future definition of additional parameters for the
GSMA IMEI URN that are intended to be used as part of an instance-id
will require an update to be made to this RFC. The UAC MUST provide
lexically equivalent URNs in each registration [1]. Hence, any
optional or variable components of the URN (e.g., the "vers"
parameter) MUST be presented with the same values and in the same
order in every registration as in the first registration.
A UAC MUST only use the GSMA IMEI URN as an instance-id when
registering with a 3GPP IMS network. When registering with a non-
3GPP IMS network a UAC SHOULD use a UUID as an instance-id as defined
in RFC 5626 [1].
A UAC MUST NOT include the "sip.instance" media feature tag
containing the GSMA IMEI URN in the Contact header field of non-
REGISTER requests except when the request is related to an emergency
session. Regulatory requirements can require the IMEI to be provided
to the Public Safety Answering Point (PSAP). Any future exceptions
to this prohibition require a RFC that addresses how privacy is not
violated by such a usage.
6. User Agent Server Procedures
A UAS MUST NOT include its "sip.instance" media feature tag
containing the GSMA IMEI URN in the Contact header field of responses
except when the response is related to an emergency session.
Regulatory requirements can require the IMEI to be provided to the
Public Safety Answering Point(PSAP). Any future exceptions to this
prohibition require a RFC that addresses how privacy is not violated
by such a usage.
7. 3GPP Registrar Procedures
In 3GPP IMS when the Registrar receives in the Contact header field a
"sip.instance" media feature tag containing the GSMA IMEI URN
according to the syntax defined in draft-montemurro-gsma-imei-urn-15
Allen Expires January 7, 2014 [Page 6]
Internet-Draft Using IMEI URN as an Instance ID July 2013
[3] the registrar follows the procedures defined in RFC 5626 [1]. If
the UA indicates that it supports the extension in RFC 5627 [2] and
the Registrar allocates a public GRUU according to the procedures
defined in RFC 5627 [2] the instance-id MUST be obfuscated when
creating the "gr" parameter in order not to reveal the IMEI to other
UAs when the public GRUU is included in non-REGISTER requests and
responses. 3GPP TS 24.229 [6] subclause 5.4.7A.2 defines the
mechanism for obfuscating the IMEI when creating the "gr" parameter.
8. IANA considerations
This document defines no items requiring action by IANA.
9. Security considerations
Because IMEIs like other formats of instance-ids can be loosely
correlated to a user, they need to be treated as any other personally
identifiable information. In particular, the "sip.instance" media
feature tag containing the GSMA IMEI URN MUST NOT be included in
requests or responses intended to convey any level of anonymity. RFC
5626 [1] states "One case where a UA could prefer to omit the
"sip.instance" media feature tag is when it is making an anonymous
request or some other privacy concern requires that the UA not reveal
its identity". The same concerns apply when using the GSMA IMEI URN
as an instance-id. Publication of the GSMA IMEI URN to networks that
the UA is not attached to or the UA does not have a service
relationship with is a security breach and the "sip.instance" media
feature tag MUST NOT be forwarded by the service provider's network
elements when forwarding requests or responses towards the
destination UA.
In order to protect the "sip.instance" media feature tag containing
the GSMA IMEI URN from being tampered with, those REGISTER requests
containing the GSMA IMEI URN MUST be sent using a security mechanism
such as TLS [12] (or another security mechanism that provides
equivalent levels of protection).
10. Acknowledgements
The author would like to thank Paul Kyzivat, Dale Worley, Cullen
Jennings, Adam Roach, Keith Drage, Mary Barnes, Peter Leis and James
Yu for reviewing this draft and providing their comments.
11. References
Allen Expires January 7, 2014 [Page 7]
Internet-Draft Using IMEI URN as an Instance ID July 2013
11.1. Normative references
[1] Jennings, C., Mahy, R., and F. Audet, "Managing Client-
Initiated Connections in the Session Initiation Protocol
(SIP)", RFC 5626, October 2009.
[2] Rosenberg, J., "Obtaining and Using Globally Routable User
Agent URIs (GRUUs) in the Session Initiation Protocol (SIP)",
RFC 5627, October 2009.
[3] Montemurro, M., "A Uniform Resource Name Namespace For The GSM
Association (GSMA) and the International Mobile station
Equipment Identity(IMEI), work in progress", Internet
Draft draft-montemurro-gsma-imei-urn-15, July 2013.
[4] Moats, R., "URN Syntax", RFC 2141, May 1997.
[5] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[6] 3GPP, "TS 24.229: IP multimedia call control protocol based on
Session Initiation Protocol (SIP) and Session Description
Protocol (SDP); Stage 3 (Release 8)", 3GPP 24.229, June 2013,
.
11.2. Informative references
[7] Leach, P., Mealling, M., and R. Salz, "A Universally Unique
IDentifier (UUID) URN Namespace", RFC 4122, July 2005.
[8] 3GPP, "TS 23.003: Numbering, addressing and identification
(Release 8)", 3GPP 23.003, December 2012,
.
[9] GSMA Association, "IMEI Allocation and Approval Guidelines",
PRD TS.06 (DG06) version 6.0, July 2011, .
[10] 3GPP, "TS 24.237: Mobile radio interface Layer 3 specification;
Core network protocols; Stage 3 (Release 8)", 3GPP 24.237,
June 2013,
.
[11] 3GPP, "TS 24.292: IP Multimedia (IM) Core Network (CN)
subsystem Centralized Services (ICS); Stage 3 (Release 8)",
3GPP 24.292, June 2013,
.
Allen Expires January 7, 2014 [Page 8]
Internet-Draft Using IMEI URN as an Instance ID July 2013
[12] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS)
Protocol Version 1.1", RFC 4346, April 2006.
Author's Address
Andrew Allen (editor)
Blackberry
1200 Sawgrass Corporate Parkway
Sunrise, Florida 33323
USA
Phone: unlisted
Fax: unlisted
Email: aallen@blackberry.com
Allen Expires January 7, 2014 [Page 9]