[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits] [IPR]

Versions: 00 01 02 03 04 05 06 08 09 10 11 12 13 RFC 7255

Dispatch Working Group                                     A. Allen, Ed.
Internet-Draft                                  Research in Motion (RIM)
Intended status: Informational                          October 12, 2012
Expires: April 15, 2013


Using the International Mobile station Equipment Identity(IMEI)URN as an
                              Instance ID
             draft-allen-dispatch-imei-urn-as-instanceid-06

Abstract

   This specification defines how the Uniform Resource Name namespace
   reserved for GSMA (Global Sstandard for Mobiles Association)
   identities and its sub namespace for the IMEI (International Mobile
   station Equipment Identity) can be used as an instance-id as
   specified in RFC 5626 [1] and also as used by RFC 5627 [2].  Its
   purpose is to fulfil the requirements in RFC 5626 [1] that state "If
   a URN scheme other than UUID is used, the UA MUST only use URNs for
   which an RFC (from the IETF stream) defines how the specific URN
   needs to be constructed and used in the "+sip.instance" Contact
   header field parameter for outbound behavior."

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 15, 2013.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of



Allen                    Expires April 15, 2013                 [Page 1]


Internet-Draft      Using IMEI URN as an Instance ID        October 2012


   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3

   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3

   3.  Background  . . . . . . . . . . . . . . . . . . . . . . . . . . 4

   4.  3GPP Use Cases  . . . . . . . . . . . . . . . . . . . . . . . . 5

   5.  User Agent Client Procedures  . . . . . . . . . . . . . . . . . 5

   6.  User Agent Server Procedures  . . . . . . . . . . . . . . . . . 6

   7.  3GPP Registrar Procedures . . . . . . . . . . . . . . . . . . . 7

   8.  Security considerations . . . . . . . . . . . . . . . . . . . . 7

   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 7

   10. References  . . . . . . . . . . . . . . . . . . . . . . . . . . 8
     10.1.  Normative references . . . . . . . . . . . . . . . . . . . 8
     10.2.  Informative references . . . . . . . . . . . . . . . . . . 8

   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 9


















Allen                    Expires April 15, 2013                 [Page 2]


Internet-Draft      Using IMEI URN as an Instance ID        October 2012


1.  Introduction

   This specification defines how the Uniform Resource Name namespace
   reserved for GSMA identities and its sub namespace for the IMEI
   (International Mobile station Equipment Identity) as defined in
   draft-montemurro-gsma-imei-urn-11 [3] can be used as an instance-id
   as specified in RFC 5626 [1] and also as used by RFC 5627 [2].

   RFC 5626 [1] defines the "+sip.instance" Contact header field
   parameter which contains a URN as per RFC 2141 [4] defined as an
   instance-id that uniquely identifies a specific UA instance.  This
   instance-id is used as defined in RFC 5626 [1] so that registrar can
   recognize that the contacts from multiple registrations correspond to
   the same UA.  The instance-ID is also used as defined by RFC 5627 [2]
   to create Globally Routable User Agent URIs (GRUUs) that can be used
   to uniquely address a UA when multiple UAs are registered with the
   same Address of Record (AoR).

   RFC 5626 [1] defines that a UA SHOULD create a Universally Unique
   Identifier (UUID) URN as defined in RFC 4122 [7] as its instance-id
   but allows for the possibility of other URN schemes to be used.  "If
   a URN scheme other than UUID is used, the UA MUST only use URNs for
   which an RFC (from the IETF stream) defines how the specific URN
   needs to be constructed and used in the "+sip.instance" Contact
   header field parameter for outbound behavior."  This specification
   meets this requirement by specifying how the GSMA IEMEI URN is used
   in the "+sip.instance" Contact header field parameter for outbound
   behavior and draft-montemurro-gsma-imei-urn-11 [3] defines how the
   GSMA IMEI URN is constructed

   The GSMA IMEI is an identifier for a namespace for the IMEI a
   globally unique identifier that identifies Mobile Equipment used in
   Global System for Mobile (GSM), Universal Mobile Telecommunications
   System (UMTS) and 3GPP LTE (Long Term Evolution)networks.  The IMEI
   allocation is managed by the GSMA to ensure that the IMEI values are
   globally unique.  Details of the formatting of the IMEI as a URN are
   defined in draft-montemurro-gsma-imei-urn-11 [3] and the definition
   of the IMEI is contained in 3GPP TS 23.003 [8].  Further details
   about the GSMA role in allocating the IMEI and the IMEI allocation
   guidelines can be found in GSMA PRD DG.06 [9]


2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [5].




Allen                    Expires April 15, 2013                 [Page 3]


Internet-Draft      Using IMEI URN as an Instance ID        October 2012


3.  Background

   GSM and UMTS capable mobile devices represent 90% of the mobile
   devices in use worldwide.  GSM and UMTS mobile devices each have an
   IMEI allocated which uniquely identifies the mobile device from all
   other GSM/UMTS mobile devices deployed.  Amongst other things in some
   regulatory jurisdictions the IMEI is used to identify a stolen mobile
   is being used and help to identify the subscription that is using it
   and to prevent its use.  Whilst GSM was originally a circuit switched
   system enhancements such as GPRS (General Packet Radio Service) and
   UMTS have added IP data capabilities which along with the definition
   of the IP Multimedia Subsystem (IMS) has made SIP based calls and IP
   multimedia sessions from mobile devices possible.  The latest
   enhancment known as LTE will introduce even higher data rates and
   dispenses with the circuit switched domain completely meaning that
   with LTE voice calls will need to be conducted using IP and IMS.
   However, the transition to all IP, SIP based IMS networks worldwide
   will take a great many years and mobile devices being mobile will
   need to operate in both IP/SIP/IMS mode and circuit switched mode.
   In fact calls and sessions will need to be handed over between IP/
   SIP/IMS mode and circuit switched mode during a call.  Also as many
   existing GSM and UMTS radio access networks are unable to support IP/
   SIP/IMS based voice services in a commercially acceptable manner some
   sessions can have some media types delivered via IP/IMS
   simultaneously with voice media delivered via circuit switched with
   the same mobile device simultaneously attached via both the IP/SIP/
   IMS domain and the circuit switched domain.  To meet this need 3GPP
   has specified how to maintain session continuity between the IP/SIP/
   IMS domain and the circuit switched domain in 3GPP TS 24.237 [10] and
   how to access IMS hosted services via both the IP/SIP/IMS domain and
   the circuit switched domain in 3GPP TS 24.292 [11].

   In order for the the mobile device to access SIP/IMS services via the
   circuit switched domain 3GPP has defined a MSC (Mobile Switching
   Center) server enhanced for ICS which controls mobile voice call
   setup over the circuit switched radio access while establishing the
   corresponding voice session in the core network using SIP/IMS.  To
   enable this the MSC server enhanced for ICS (IMS centralized
   services) performs SIP registration on behalf of the mobile device
   which can be simultaneously also directly registered with the IP/SIP/
   IMS domain.  The only mobile device identifier that is transportable
   using GSM/UMTS/LTE signaling is the IMEI therefore the instance-id
   included by the MSC server enhanced for ICS when on behalf of the
   mobile device and the instance-id used by the mobile device directly
   needs to be based on the IMEI.

   Additionally in order to meet the regulatory requirements to use the
   IMEI to identify a stolen mobile is being used and help to identify



Allen                    Expires April 15, 2013                 [Page 4]


Internet-Draft      Using IMEI URN as an Instance ID        October 2012


   the subscription that is using it and to prevent its use the same
   IMEI that is obtained from the circuit switched signaling needs to be
   obtainable from SIP signaling.

   3GPP TS 24.237 [10] and 3GPP TS 24.292 [11] already define the use of
   the URN namespace for the GSMA and IMEI as defined in
   draft-montemurro-gsma-imei-urn-11 [3] as the instance-id used by
   mobile devices and the MSC server enhanced for ICS for SIP/IMS
   registrations for these reasons.



4.  3GPP Use Cases

   1.  The mobile device includes its IMEI in the SIP REGISTER request
   so that the registrar can perform a check of the Equipment Identity
   Registry (EIR) to verify if the mobile device is allowed or barred
   from using the network (e.g because it has been stolen).  If the
   mobile device is not allowed to use the network the registrar can
   reject the registration.  Thus a barred device is prevented from
   using the network.


   2.  The mobile device includes its IMEI in SIP INVITE requests used
   to establish emergency sessions.  This so that the PSAP (Public
   Safety Answering Point) can obtain the IMEI of the mobile device for
   identification purposes if required by regulations.


   3.  The inclusion by the mobile device of its IMEI in SIP INVITE
   requests used to establish emergency sessions is also used in the
   cases of unauthenticated emergency sessions to enable the network to
   identify the mobile device.  This is especially important if the
   unauthenticated emergency session is handed over from the packet
   switched domain to circuit switched domain as in this scenario the
   IMEI is the only common means for identifying the circuit switched
   call as from the same mobile device that was in the emergency session
   in the packet switched domain.



5.  User Agent Client Procedures

   A UAC that has an IMEI as defined in 3GPP TS 23.003 [8] that is
   registering with a 3GPP IMS network MUST include in the
   "sip.instance" media feature tag the GSMA IMEI URN according to the
   syntax defined in draft-montemurro-gsma-imei-urn-11 [3] when
   performing the registration procedures defined in RFC 5626 [1] or RFC



Allen                    Expires April 15, 2013                 [Page 5]


Internet-Draft      Using IMEI URN as an Instance ID        October 2012


   5627 [2] or any other procedure requiring including the
   "sip.instance" media feature tag.  The UAC SHOULD NOT include the
   optional "svn" parameter in the GSMA IMEI URN in the "sip.instance"
   media feature tag, since the software version can change as a result
   of upgrades to the device firmware which would create a new instance
   ID.  The UAC MUST provide lexically equivalent URNs in each
   registration [1].  Hence, any optional or variable components of the
   URN (e.g., the "vers" parameter) MUST be presented with the same
   values and in the same order in every registration as in the first
   registration.

   A UAC MUST only use the GSMA IMEI URN as an Instance ID when
   registering with a 3GPP IMS network.  When registering with a non
   3GPP IMS network a UAC SHOULD use a UUID as an Instance ID as defined
   in RFC 5626 [1].

   A UAC MUST NOT include its "sip.instance" media feature tag
   containing the GSMA IMEI URN in the Contact header field of non-
   register requests unless the UAC is certain that the request will be
   sent via a trusted intermediary that will remove the "sip.instance"
   media feature tag prior to forwarding the request towards the
   destination.  In order to ensure that all requests containing the
   "sip.instance" media feature tag are forwarded via the trusted
   intermediary the UAC MUST first have verified that the trusted
   intermediary is present (e.g. first contacted via a registration or
   configuration procedure).  The exception to this is when the request
   is related to an emergency session when regulatory requirements can
   require the IMEI to be provided to the Public Safety Answering Point
   (PSAP).


6.  User Agent Server Procedures

   A UAS MUST NOT include its "sip.instance" media feature tag
   containing the GSMA IMEI URN in the Contact header field of responses
   unless the UAS is certain that the response will be sent via a
   trusted intermediary that will remove the "sip.instance" media
   feature tag prior to forwarding the response towards the destination.
   In order to ensure that all responses containing the "sip.instance"
   media feature tag are forwarded via the trusted intermediary the UAS
   MUST first have verified that the trusted intermediary is present
   (e.g. first contacted via a registration or configuration procedure).
   The exception to this is when the response is related to an emergency
   session when regulatory requirements can require the IMEI to be
   provided to the Public Safety Answering Point(PSAP).






Allen                    Expires April 15, 2013                 [Page 6]


Internet-Draft      Using IMEI URN as an Instance ID        October 2012


7.  3GPP Registrar Procedures

   In 3GPP IMS when the Registrar receives in the Contact header field a
   "sip.instance" media feature tag containing the GSMA IMEI URN
   according to the syntax defined in draft-montemurro-gsma-imei-urn-11
   [3] the registrar follows the procedures defined in RFC 5626 [1] and
   RFC 5627 [2] if those extensions are supported and indicated as
   supported by the UA.  If the Registrar allocates a public GRUU
   according to the procedures defined in RFC 5627 [2] the instance-id
   MUST be obfuscated when creating the "gr" parameter in order not to
   reveal the IMEI to other UAs when the public GRUU is included in non
   register requests. 3GPP TS 24.229 [6] subclause 5.4.7A.2 defines the
   mechanism for obfuscating the IMEI when creating the "gr" parameter.


8.  Security considerations

   Because IMEIs like other formats of instance IDs can be loosely
   correlated to a user, they need to be treated as any other personally
   identifiable information.  In particular, the "sip.instance" media
   feature tag containing the GSMA IMEI URN MUST NOT be included in
   requests or responses intended to convey any level of anonymity.  RFC
   5626 [1] states "One case where a UA could prefer to omit the
   "sip.instance" media feature tag is when it is making an anonymous
   request or some other privacy concern requires that the UA not reveal
   its identity".  The same concerns apply when using the GSMA IMEI URN
   as an instance ID.  Publication of the GSMA IMEI URN to networks that
   the UA is not attached to or the UA does not have a service
   relationship with is a security breach and the "sip.instance" media
   feature tag MUST NOT be forwarded by the service provider's network
   elements when forwarding requests or responses towards the
   destination UA.

   In order to protect from tampering the REGISTER requests containing
   the GSMA IMEI URN MUST be sent using a security mechanism such as TLS
   [12] (or another security mechanism that provides equivalent levels
   of protection).


9.  Acknowledgements

   The author would like to thank Paul Kyzivat, Dale Worley, Cullen
   Jennings, Adam Roach, and Keith Drage for reviewing this draft and
   providing their comments.


10.  References




Allen                    Expires April 15, 2013                 [Page 7]


Internet-Draft      Using IMEI URN as an Instance ID        October 2012


10.1.  Normative references

   [1]   Jennings, C., Mahy, R., and F. Audet, "Managing Client-
         Initiated Connections in the Session Initiation Protocol
         (SIP)", RFC 5626, October 2009.

   [2]   Rosenberg, J., "Obtaining and Using Globally Routable User
         Agent URIs (GRUUs) in the Session Initiation Protocol (SIP)",
         RFC 5627, October 2009.

   [3]   Montemurro, M., "A Uniform Resource Name Namespace For The GSM
         Association (GSMA) and the International Mobile  station
         Equipment Identity(IMEI), work in progress", Internet
         Draft draft-montemurro-gsma-imei-urn-11, October 2012.

   [4]   Moats, R., "URN Syntax", RFC 2141, May 1997.

   [5]   Bradner, S., "Key words for use in RFCs to Indicate Requirement
         Levels", BCP 14, RFC 2119, March 1997.

   [6]   3GPP, "TS 24.229: IP multimedia call control protocol based on
         Session Initiation Protocol (SIP) and Session Description
         Protocol (SDP); Stage 3 (Release 8)", 3GPP 24.229, March 2012,
         <ftp://ftp.3gpp.org/Specs/archive/24_series/24.229/>.

10.2.  Informative references

   [7]   Leach, P., Mealling, M., and R. Salz, "A Universally Unique
         IDentifier (UUID) URN Namespace", RFC 4122, July 2005.

   [8]   3GPP, "TS 23.003: Numbering, addressing and identification
         (Release 8)", 3GPP 23.003, September 2008,
         <ftp://ftp.3gpp.org/Specs/archive/23_series/23.003/>.

   [9]   GSMA Association, "IMEI Allocation and Approval Guidelines",
         PRD TS.06 (DG06) version 6.0, July 2011, <http://www.gsma.com/
         newsroom/wp-content/uploads/2012/06/
         ts0660tacallocationprocessapproved.pdf>.

   [10]  3GPP, "TS 24.237: Mobile radio interface Layer 3 specification;
         Core network protocols; Stage 3 (Release 8)", 3GPP 24.237,
         March 2009,
         <ftp://ftp.3gpp.org/Specs/archive/24_series/24.237/>.

   [11]  3GPP, "TS 24.292: IP Multimedia (IM) Core Network (CN)
         subsystem Centralized Services (ICS); Stage 3 (Release 8)",
         3GPP 24.292, March 2009,
         <ftp://ftp.3gpp.org/Specs/archive/24_series/24.292/>.



Allen                    Expires April 15, 2013                 [Page 8]


Internet-Draft      Using IMEI URN as an Instance ID        October 2012


   [12]  Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
         RFC 2246, January 1999.


Author's Address

   Andrew Allen (editor)
   Research in Motion (RIM)
   1200 Sawgrass Corporate Parkway
   Sunrise, Florida  33323
   USA

   Phone: unlisted
   Fax:   unlisted
   Email: aallen@rim.com




































Allen                    Expires April 15, 2013                 [Page 9]


Html markup produced by rfcmarkup 1.124, available from https://tools.ietf.org/tools/rfcmarkup/