Using the Mobile Equipment Identity (MEID)
Uniform Resource Name (URN) as an Instance ID
r_atarius@motorola.com
RAI
Dispatch Working Group
This specification specifies how the Uniform Resource Name (URN) namespace
reserved for
the Third Generation Partnership Project 2 (3GPP2) identities and its Namespace
Specific String (NSS)
for the Mobile Equipment Identity (MEID) can be used as an instance-id. Its
purpose is to fulfill
the requirements for defining how a specific URN needs to be constructed and
used in the
"+sip.instance" Contact header field parameter for outbound behavior.
This specification specifies how the Uniform Resource Name (URN) namespace reserved
for Third Generation Partnership Project 2 (3GPP2) identities
and its Namespace Specific String (NSS) for the Mobile Equipment Identity (MEID)
as specified in draft-atarius-dispatch-meid-urn
can be used
as an instance-id as specified in RFC 5626 and also as
used by RFC 5627 .
RFC 5626 specifies the "+sip.instance" Contact header field
parameter that contains a URN as specified in RFC 8141 . The
instance-id uniquely identifies a specific User Agent (UA) instance. This instance-id is
used as specified
in RFC 5626 so that the Session Initiation Protocol (SIP) registrar
(as specified in RFC 3261 ) can recognize that the contacts from multiple
registrations correspond to the same UA. The instance-id is also used as specified by RFC 5627
to create Globally Routable User Agent URIs (GRUUs) that can
be used to uniquely address a UA when multiple UAs are registered with the same Address
of Record (AoR).
RFC 5626 requires that a UA SHOULD create a Universally Unique
Identifier (UUID) URN as specified in RFC 4122 as its instance-id
but allows for the possibility to use other URN schemes.
RFC 5626 states:
This specification
meets this requirement by specifying how the 3GPP2 MEID URN is used in the "+sip.instance" Contact
header field parameter for outbound behavior and draft-atarius-dispatch-meid-urn
specifies how the 3GPP2 MEID URN is constructed.
The 3GPP2 MEID URN is a URN for the MEID a globally unique identifier
that identifies mobile devices used in the 3GPP2 networks.
The MEID allocation is managed by the 3GPP2
to ensure that the MEID values are globally unique. Details of the
formatting of the MEID as a URN are specified in
draft-atarius-dispatch-meid-urn
and the definition of the MEID is contained
in 3GPP2 S.R0048-A .
The key words "MUST", "MUST NOT",
"REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT",
"RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as
described in RFC 8174 .
Mobile communication has been rapidly improved from low bit rate circuit
switched system to the higher data rate
packet switched system. The packet switched system has added mobile capability
of Internet Protocol (IP)
connectivity and thereby the IP Multimedia Subsystem (IMS) have made SIP based
calls and IP multimedia
sessions from mobile devices possible.
3GPP2 defines High Rate Packet Data (HRPD) with high data rates and it dispenses with the
1x Circuit Switched (1xCS) infrastructure.
This means that with HRPD networks, voice calls will need to be conducted using IP and IMS.
However,
the transition to all IP, SIP based IMS networks worldwide will take a great
many years from the time of this writing and mobile devices
will need to operate in both IP/SIP/IMS mode and circuit switched mode. This
means that calls and sessions
will need to be handed over between IP/SIP/IMS mode and circuit switched mode
mid-call or mid-session.
To achieve this the mobile
device needs to simultaneously communicate via both the IP/SIP/IMS domain and
the circuit switched domain.
To meet this need 3GPP2 has specified how to maintain voice session continuity
between the IP/SIP/IMS domain and the
circuit switched domain in 3GPP2 S.X0042-B .
In order for the mobile device to access SIP/IMS voice service via the circuit switched
domain 3GPP2 has specified
that Mobile Switching Center (MSC) server either via IMS Media Gateway Control Function
(MGCF) or directly, if enhanced
by SIP interface, controls mobile voice call setup over the circuit switched radio access
while establishing the
corresponding voice session in the core network using SIP/IMS. To enable this, the mobile
device MUST be identified in
both 1xCS and IP/SIP/IMS domains. The only mobile device identifier that is transportable
using 1xCS signaling is
the MEID therefore the instance-id included by the MGCF or the MSC server, and the
instance-id directly included
by the mobile device both need to be based on the MEID.
Additionally in order to meet the above requirements, the same MEID that is obtained from the circuit switched
signaling by the MSC server needs to be obtainable from SIP signaling so that it can be determined that both
the SIP signaling and circuit switched signaling originate from the same mobile device.
1. The mobile device includes its MEID in the SIP REGISTER request so that the SIP registrar can perform a check
of the Equipment
Identity Register (EIR) to verify if this mobile device is allowed or barred from accessing the network for
non-emergency services
(e.g., because it has been stolen). If the mobile device is not allowed to access the network
for non-emergency services the
SIP registrar can reject the registration. Thus a barred mobile device is prevented from accessing
the network for non-emergency
services.
2. The mobile device includes its MEID in SIP INVITE requests used to establish emergency sessions.
This is so that the Public
Safety Answering Point (PSAP) can obtain the MEID of the mobile device for identification purposes
if required by regulations.
3. The inclusion by the mobile device of its MEID in SIP INVITE requests used to
establish emergency sessions is also used in the
cases of unauthenticated emergency sessions to enable the network to identify the mobile device.
This is especially important if
the unauthenticated emergency session is handed over from the packet switched domain to
the circuit switched domain. In this
scenario the MEID is the only identifier that is common to both domains. The
Emergency Access Transfer Function (EATF) which coordinates the call transfer between the domains,
can thus use the MEID to identify that
the circuit switched call is from the same mobile
device that was in the emergency session in the packet switched domain.
A single mode 3GPP2 User Agent Client (UAC) which uses only 3GPP2
technology to transmit and receive voice or data has an MEID as specified in
3GPP2 S.R0048-A . The single mode
3GPP2 UAC that is registering with a 3GPP2 IMS network
includes in the "sip.instance" media feature tag the 3GPP2 MEID URN according to
the syntax specified in
draft-atarius-dispatch-meid-urn
when performing the registration procedures
specified in RFC 5626 or RFC 5627 or
any other procedure requiring the inclusion
of the "sip.instance" media feature tag.
A UAC MUST NOT use the 3GPP2 MEID URN as an instance-id except when registering
with a 3GPP2 IMS network. When a UAC is operating in
IMS mode it will obtain the domain of the carrier's IMS network to register with,
from the Universal
Integrated Circuit Card (UICC), pre-configuration, or the network at the time of
establishing the Packet Data Protocol (PDP) context. These three methods are carrier
specific and are only performed by the carrier IMS networks.
The UAC will also obtain the address of the IMS edge
proxy to send the REGISTER request containing
the MEID using information elements in the Attach response when it attempts to
connect to the carriers packet data network. When
registering with a non-3GPP or non-3GPP2 IMS network a UAC SHOULD use a
Universally Unique Identifier (UUID) as an instance-id as
specified in RFC 5626 .
A UAC MUST NOT include the "sip.instance" media feature tag containing the 3GPP2
MEID URN in the Contact header field of non-REGISTER
requests except when the request is related to an emergency session. Regulatory
requirements can require the MEID to be provided to
the PSAP. Any future exceptions to this prohibition require an RFC that addresses
how privacy is not violated by such a usage.
A User Agent Server (UAS) MUST NOT include its "sip.instance" media feature tag containing the 3GPP2
MEID URN in the Contact header field of responses
except when the response is related to an emergency session. Regulatory requirements
can require the MEID to be provided to the PSAP.
Any future exceptions to this prohibition require an RFC that addresses how privacy
is not violated by such a usage.
In 3GPP/3GPP2 IMS when the SIP Registrar receives in the Contact header field
a "sip.instance" media feature tag containing the 3GPP2 MEID
URN according to the syntax specified in draft-atarius-dispatch-meid-urn
the SIP
registrar follows the procedures specified in RFC 5626 .
The MEID URN MAY be validated as described in the
draft-atarius-dispatch-meid-urn .
If the UA indicates that it supports the
extension in RFC 5627 and the SIP Registrar allocates a GRUU
according to the procedures specified in RFC 5627 the
instance-id MUST be obfuscated when creating the "gr"
parameter in order not to reveal the MEID to other UAs when the public GRUU is
included in non-REGISTER requests and responses.
3GPP TS 24.229 subclause 5.4.7A.2 specifies the
mechanism for obfuscating the MEID when creating
the "gr" parameter.
This document defines no items requiring action by IANA.
Since MEIDs like other formats of instance-ids can be correlated to a user,
they are personally identifiable information and MUST
be treated as such. In particular, the "sip.instance" media feature tag containing the
3GPP2 MEID URN MUST NOT be included in
requests or responses intended to convey any level of anonymity, as this could
violate the users privacy. RFC 5626
states "One case where a UA could prefer to omit the
"sip.instance" media feature tag is when it is making
an anonymous request or some other privacy concern requires that the UA not
reveal its identity". The same concerns apply when using
the 3GPP2 MEID URN as an instance-id. Publication of the 3GPP2 MEID URN to networks
that the UA is not attached to or the UA does not
have a service relationship with is a security breach and the "sip.instance" media
feature tag MUST NOT be forwarded by the service
provider's network elements when forwarding requests or responses towards the destination
UA. The 3GPP2 MEID URN MUST NOT accidentally leak in other contexts, such as and in
particular when application servers subscribe to user registration state using
the event package defined in RFC 3680 . Additionally, an instance-id containing
the 3GPP2 MEID URN identifies a mobile device and not a user. The instance-id containing
the 3GPP2 MEID URN MUST NOT be used alone
as an address for a user or as an identification credential for a user. The GRUU mechanism
specified in RFC 5627
provides a means to create URIs that address the user at a
specific device or User Agent.
Entities that log the instance-id need to protect them as personally identifiable
information. Regulatory requirements can require
carriers to log SIP MEIDs.
In order to protect the "sip.instance" media feature tag containing the 3GPP2 MEID URN
from being tampered with, those REGISTER
requests containing the 3GPP2 MEID URN MUST be sent using a security mechanism such as
Transport Layer Security (TLS) as specified
in RFC 4346 or any other security mechanism that provides
equivalent levels of protection such as
hop-by-hop security based upon IP Security (IPsec).
This document draws heavily on draft-atarius-dispatch-meid-urn
and also on
the style and structure used in RFC 7255 .
The author thanks for the detailed comments, provided by Andrew Allen.
A Uniform Resource Name Namespace for the Device Identity and the Mobile Equipment Identity (MEID)
Atarius, R.
TS 24.229: IP multimedia call control protocol based on Session Initiation Protocol (SIP) and Session Description Protocol (SDP);
Stage 3 (Release 10)
3GPP
S.R0048-A: 3G Mobile Equipment Identifier (MEID) - Stage 1, Version 4.0
3GPP2
S.X0042-B: Voice Call Continuity between IMS and Circuit Switched Systems - Version 1.0
3GPP2