Using the International Mobile station Equipment Identity (IMEI) Uniform Resource Name (URN) as an Instance ID
draft-allen-dispatch-imei-urn-as-instanceid-11
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 7255.
|
|
|---|---|---|---|
| Author | Andrew Allen | ||
| Last updated | 2013-10-30 (Latest revision 2013-10-18) | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews |
GENART Last Call review
(of
-10)
by Roni Even
Almost ready
|
||
| Stream | WG state | (None) | |
| Document shepherd | Mary Barnes | ||
| Shepherd write-up | Show Last changed 2013-07-11 | ||
| IESG | IESG state | Became RFC 7255 (Informational) | |
| Consensus boilerplate | Yes | ||
| Telechat date | (None) | ||
| Responsible AD | Gonzalo Camarillo | ||
| Send notices to | aallen@blackberry.com, draft-allen-dispatch-imei-urn-as-instanceid@tools.ietf.org | ||
| IANA | IANA review state | Version Changed - Review Needed |
draft-allen-dispatch-imei-urn-as-instanceid-11
Dispatch Working Group A. Allen, Ed.
Internet-Draft Blackberry
Intended status: Informational October 18, 2013
Expires: April 21, 2014
Using the International Mobile station Equipment Identity (IMEI)
Uniform Resource Name (URN) as an Instance ID
draft-allen-dispatch-imei-urn-as-instanceid-11
Abstract
This specification specifies how the Uniform Resource Name (URN)
reserved for the GSMA (GSM Association) identities and its sub-
namespace for the IMEI (International Mobile station Equipment
Identity) can be used as an instance-id. Its purpose is to fulfil
the requirements in RFC 5626 [1] that state "If a URN scheme other
than UUID (Universally unique identifier) is used, the UA (User
Agent) MUST only use URNs for which an RFC (from the IETF stream)
defines how the specific URN needs to be constructed and used in the
"+sip.instance" Contact header field parameter for outbound
behavior."
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 21, 2014.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
Allen Expires April 21, 2014 [Page 1]
Internet-Draft Using IMEI URN as an Instance ID October 2013
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. 3GPP Use Cases . . . . . . . . . . . . . . . . . . . . . . . . 5
5. User Agent Client Procedures . . . . . . . . . . . . . . . . . 6
6. User Agent Server Procedures . . . . . . . . . . . . . . . . . 6
7. 3GPP SIP Registrar Procedures . . . . . . . . . . . . . . . . . 7
8. IANA considerations . . . . . . . . . . . . . . . . . . . . . . 7
9. Security considerations . . . . . . . . . . . . . . . . . . . . 7
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8
11.1. Normative references . . . . . . . . . . . . . . . . . . . 8
11.2. Informative references . . . . . . . . . . . . . . . . . . 9
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9
Allen Expires April 21, 2014 [Page 2]
Internet-Draft Using IMEI URN as an Instance ID October 2013
1. Introduction
This specification specifies how the Uniform Resource Name reserved
for GSMA identities and its sub-namespace for the IMEI (International
Mobile station Equipment Identity) as specified in
draft-montemurro-gsma-imei-urn-17 [2] can be used as an instance-id
as specified in RFC 5626 [1] and also as used by RFC 5627 [3].
RFC 5626 [1] specifies the "+sip.instance" Contact header field
parameter that contains a URN as specified in RFC 2141 [4]. The
instance-id uniquely identifies a specific UA instance. This
instance-id is used as specified in RFC 5626 [1] so that the SIP
(Session Initiation Protocol) registrar (as specified in RFC 3261
[5]) can recognize that the contacts from multiple registrations
correspond to the same UA. The instance-id is also used as specified
by RFC 5627 [3] to create Globally Routable User Agent URIs (GRUUs)
that can be used to uniquely address a UA when multiple UAs are
registered with the same Address of Record (AoR).
RFC 5626 [1] requires that a UA SHOULD create a Universally Unique
Identifier (UUID) URN as specified in RFC 4122 [6] as its instance-id
but allows for the possibility to use other URN schemes. "If a URN
scheme other than UUID is used, the UA MUST only use URNs for which
an RFC (from the IETF stream) defines how the specific URN needs to
be constructed and used in the "+sip.instance" Contact header field
parameter for outbound behavior." This specification meets this
requirement by specifying how the GSMA IMEI URN is used in the
"+sip.instance" Contact header field parameter for outbound behavior,
and draft-montemurro-gsma-imei-urn-17 [2] specifies how the GSMA IMEI
URN is constructed.
The GSMA IMEI is a URN for the IMEI a globally unique identifier that
identifies mobile devices used in the Global System for Mobile
communications(GSM), Universal Mobile Telecommunications System
(UMTS) and 3GPP LTE (Long Term Evolution)networks. The IMEI
allocation is managed by the GSMA to ensure that the IMEI values are
globally unique. Details of the formatting of the IMEI as a URN are
specified in draft-montemurro-gsma-imei-urn-17 [2] and the definition
of the IMEI is contained in 3GPP TS 23.003 [10]. Further details
about the GSMA role in allocating the IMEI and the IMEI allocation
guidelines can be found in GSMA PRD TS.06 [11].
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [7].
Allen Expires April 21, 2014 [Page 3]
Internet-Draft Using IMEI URN as an Instance ID October 2013
3. Background
GSM, UMTS and LTE capable mobile devices represent 90% of the mobile
devices in use worldwide. Every manufactured GSM, UMTS or LTE mobile
device has an allocated IMEI that uniquely identifies this specific
mobile device. Amongst other things in some regulatory jurisdictions
the IMEI is used to identify that a stolen mobile device is being
used, to help to identify the subscription that is using it and to
prevent use of the mobile device. Whilst GSM was originally a
circuit switched system, enhancements such as GPRS (General Packet
Radio Service) and UMTS have added IP data capabilities which along
with the definition of the IP (Internet Protocol) Multimedia
Subsystem (IMS) have made SIP based calls and IP multimedia sessions
from mobile devices possible.
The latest enhancement known as LTE introduces even higher data rates
and dispenses with the circuit switched infrastructure completely.
This means that with LTE networks, voice calls will need to be
conducted using IP and IMS. However, the transition to all IP, SIP
based IMS networks worldwide will take a great many years and mobile
devices being mobile will need to operate in both IP/SIP/IMS mode and
circuit switched mode. This means that calls and sessions will need
to be handed over between IP/SIP/IMS mode and circuit switched mode
mid-call or mid-session. Also since many existing GSM and UMTS radio
access networks are unable to support IP/SIP/IMS based voice services
in a commercially acceptable manner, some sessions could have some
media types delivered via IP/IMS simultaneously with voice media
delivered via the circuit switched domain to the same mobile device.
To achieve this the mobile device is needs to be simultaneously
attached via both the IP/SIP/IMS domain and the circuit switched
domain.
To meet this need 3GPP has specified how to maintain session
continuity between the IP/SIP/IMS domain and the circuit switched
domain in 3GPP TS 24.237 [12] and how to access IMS hosted services
via both the IP/SIP/IMS domain and the circuit switched domain in
3GPP TS 24.292 [13].
In order for the mobile device to access SIP/IMS services via the
circuit switched domain 3GPP has specified a MSC (Mobile Switching
Center) server enhanced for ICS (IMS centralized services) and a MSC
server enhanced for SR-VCC (Single Radio Voice Call Continuity) that
control mobile voice call setup over the circuit switched radio
access while establishing the corresponding voice session in the core
network using SIP/IMS. To enable this, the MSC server enhanced for
ICS or MSC server enhanced for SR-VCC, perform SIP registration on
behalf of the mobile device which is also simultaneously directly
registered with the IP/SIP/IMS domain. The only mobile device
Allen Expires April 21, 2014 [Page 4]
Internet-Draft Using IMEI URN as an Instance ID October 2013
identifier that is transportable using GSM/UMTS/LTE signaling is the
IMEI therefore the instance-id included by the MSC server enhanced
for ICS or the MSC server enhanced for SR-VCC when acting on behalf
of the mobile device, and the instance-id directly included by the
mobile device both need to be based on the IMEI.
Additionally in order to meet the above requirements, the same IMEI
that is obtained from the circuit switched signaling by the MSC
server needs to be obtainable from SIP signaling so that that it can
be determined that both the SIP signaling and circuit switched
signaling originate from the same mobile device.
3GPP TS 24.237 [12] and 3GPP TS 24.292 [13] already specify the use
of the URN namespace for the GSMA IMEI URN as specified in
draft-montemurro-gsma-imei-urn-17 [2] as the instance-id used by GSM/
UMTS/LTE mobile devices, the MSC server enhanced for SR-VCC and the
MSC server enhanced for ICS, for SIP/IMS registrations and emergency
related SIP requests for these reasons.
4. 3GPP Use Cases
1. The mobile device includes its IMEI in the SIP REGISTER request
so that the SIP registrar can perform a check of the Equipment
Identity Register (EIR) to verify if this mobile device is allowed or
barred from accessing the network for non-emergency services (e.g.,
because it has been stolen). If the mobile device is not allowed to
access the network for non-emergency services the SIP registrar can
reject the registration. Thus a barred mobile device is prevented
from accesssing the network for non-emergency services.
2. The mobile device includes its IMEI in SIP INVITE requests used
to establish emergency sessions. This is so that the PSAP (Public
Safety Answering Point) can obtain the IMEI of the mobile device for
identification purposes if required by regulations.
3. The inclusion by the mobile device of its IMEI in SIP INVITE
requests used to establish emergency sessions is also used in the
cases of unauthenticated emergency sessions to enable the network to
identify the mobile device. This is especially important if the
unauthenticated emergency session is handed over from the packet
switched domain to circuit switched domain as in this scenario the
IMEI is the only common means for identifying the circuit switched
call is from the same mobile device that was in the emergency session
in the packet switched domain.
Allen Expires April 21, 2014 [Page 5]
Internet-Draft Using IMEI URN as an Instance ID October 2013
5. User Agent Client Procedures
A UAC that has an IMEI as specified in 3GPP TS 23.003 [10] that is
registering with a 3GPP IMS network MUST include in the
"sip.instance" media feature tag the GSMA IMEI URN according to the
syntax specified in draft-montemurro-gsma-imei-urn-17 [2] when
performing the registration procedures specified in RFC 5626 [1] or
RFC 5627 [3] or any other procedure requiring the inclusion of the
"sip.instance" media feature tag. The UAC SHOULD NOT include the
optional "svn" parameter in the GSMA IMEI URN in the "sip.instance"
media feature tag, since the software version can change as a result
of upgrades to the device firmware which would create a new
instance-id. Any future non zero values of the "vers" parameter, or
the future definition of additional parameters for the GSMA IMEI URN
that are intended to be used as part of an instance-id will require
an update to be made to this RFC. The UAC MUST provide character-by-
character identical URNs in each registration according to RFC 5626
[1]. Hence, any optional or variable components of the URN (e.g.,
the "vers" parameter) MUST be presented with the same values and in
the same order in every registration as in the first registration.
A UAC MUST only use the GSMA IMEI URN as an instance-id when
registering with a 3GPP IMS network. When registering with a non-
3GPP IMS network a UAC SHOULD use a UUID as an instance-id as
specified in RFC 5626 [1].
A UAC MUST NOT include the "sip.instance" media feature tag
containing the GSMA IMEI URN in the Contact header field of non-
REGISTER requests except when the request is related to an emergency
session. Regulatory requirements can require the IMEI to be provided
to the Public Safety Answering Point (PSAP). Any future exceptions
to this prohibition require a RFC that addresses how privacy is not
violated by such a usage.
6. User Agent Server Procedures
A UAS MUST NOT include its "sip.instance" media feature tag
containing the GSMA IMEI URN in the Contact header field of responses
except when the response is related to an emergency session.
Regulatory requirements can require the IMEI to be provided to the
Public Safety Answering Point(PSAP). Any future exceptions to this
prohibition require a RFC that addresses how privacy is not violated
by such a usage.
Allen Expires April 21, 2014 [Page 6]
Internet-Draft Using IMEI URN as an Instance ID October 2013
7. 3GPP SIP Registrar Procedures
In 3GPP IMS when the SIP Registrar receives in the Contact header
field a "sip.instance" media feature tag containing the GSMA IMEI URN
according to the syntax specified in
draft-montemurro-gsma-imei-urn-17 [2] the SIP registrar follows the
procedures specified in RFC 5626 [1]. If the UA indicates that it
supports the extension in RFC 5627 [3] and the SIP Registrar
allocates a public GRUU according to the procedures specified in RFC
5627 [3] the instance-id MUST be obfuscated when creating the "gr"
parameter in order not to reveal the IMEI to other UAs when the
public GRUU is included in non-REGISTER requests and responses. 3GPP
TS 24.229 [8] subclause 5.4.7A.2 specifies the mechanism for
obfuscating the IMEI when creating the "gr" parameter.
8. IANA considerations
This document defines no items requiring action by IANA.
9. Security considerations
Because IMEIs like other formats of instance-ids can be loosely
correlated to a user, they need to be treated as any other personally
identifiable information. In particular, the "sip.instance" media
feature tag containing the GSMA IMEI URN MUST NOT be included in
requests or responses intended to convey any level of anonymity, as
this could violate the users privacy. RFC 5626 [1] states "One case
where a UA could prefer to omit the "sip.instance" media feature tag
is when it is making an anonymous request or some other privacy
concern requires that the UA not reveal its identity". The same
concerns apply when using the GSMA IMEI URN as an instance-id.
Publication of the GSMA IMEI URN to networks that the UA is not
attached to or the UA does not have a service relationship with is a
security breach and the "sip.instance" media feature tag MUST NOT be
forwarded by the service provider's network elements when forwarding
requests or responses towards the destination UA. Additionally, an
instance-id containing the GSMA IMEI URN identifies a mobile device
and not a user. The instance-id containing the GSMA IMEI URN MUST
NOT be used alone as an address for a user or as an identification
credential for a user. The GRUU mechanism specified in RFC 5627 [3]
provides a means to create URIs that address the user at a specific
device or User Agent.
In order to protect the "sip.instance" media feature tag containing
the GSMA IMEI URN from being tampered with, those REGISTER requests
containing the GSMA IMEI URN MUST be sent using a security mechanism
Allen Expires April 21, 2014 [Page 7]
Internet-Draft Using IMEI URN as an Instance ID October 2013
such as TLS (RFC 4346 [5]) or another security mechanism that
provides equivalent levels of protection.
10. Acknowledgements
The author would like to thank Paul Kyzivat, Dale Worley, Cullen
Jennings, Adam Roach, Keith Drage, Mary Barnes, Peter Leis, James Yu,
S. Moonesamy, Roni Even, and Tim Bray for reviewing this draft and
providing their comments.
11. References
11.1. Normative references
[1] Jennings, C., Mahy, R., and F. Audet, "Managing Client-
Initiated Connections in the Session Initiation Protocol
(SIP)", RFC 5626, October 2009.
[2] Montemurro, M., "A Uniform Resource Name Namespace For The GSM
Association (GSMA) and the International Mobile station
Equipment Identity(IMEI), work in progress", Internet
Draft draft-montemurro-gsma-imei-urn-17, October 2013.
[3] Rosenberg, J., "Obtaining and Using Globally Routable User
Agent URIs (GRUUs) in the Session Initiation Protocol (SIP)",
RFC 5627, October 2009.
[4] Moats, R., "URN Syntax", RFC 2141, May 1997.
[5] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS)
Protocol Version 1.1", RFC 4346, April 2006.
[6] Leach, P., Mealling, M., and R. Salz, "A Universally Unique
IDentifier (UUID) URN Namespace", RFC 4122, July 2005.
[7] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[8] 3GPP, "TS 24.229: IP multimedia call control protocol based on
Session Initiation Protocol (SIP) and Session Description
Protocol (SDP); Stage 3 (Release 8)", 3GPP 24.229,
September 2013,
<ftp://ftp.3gpp.org/Specs/archive/24_series/24.229/>.
[9] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.,
Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP:
Allen Expires April 21, 2014 [Page 8]
Internet-Draft Using IMEI URN as an Instance ID October 2013
Session Initiation Protocol", RFC 3261, June 2002.
11.2. Informative references
[10] 3GPP, "TS 23.003: Numbering, addressing and identification
(Release 8)", 3GPP 23.003, September 2013,
<ftp://ftp.3gpp.org/Specs/archive/23_series/23.003/>.
[11] GSMA Association, "IMEI Allocation and Approval Guidelines",
PRD TS.06 (DG06) version 6.0, July 2011, <http://www.gsma.com/
newsroom/wp-content/uploads/2012/06/
ts0660tacallocationprocessapproved.pdf>.
[12] 3GPP, "TS 24.237: Mobile radio interface Layer 3 specification;
Core network protocols; Stage 3 (Release 8)", 3GPP 24.237,
September 2013,
<ftp://ftp.3gpp.org/Specs/archive/24_series/24.237/>.
[13] 3GPP, "TS 24.292: IP Multimedia (IM) Core Network (CN)
subsystem Centralized Services (ICS); Stage 3 (Release 8)",
3GPP 24.292, June 2013,
<ftp://ftp.3gpp.org/Specs/archive/24_series/24.292/>.
Author's Address
Andrew Allen (editor)
Blackberry
1200 Sawgrass Corporate Parkway
Sunrise, Florida 33323
USA
Email: aallen@blackberry.com
Allen Expires April 21, 2014 [Page 9]