Fostering worldwide interoperability Identity Management and Identification Systems TIA DEL DOCUMENT #:GSC14-PLEN-009 FOR:Presentation GSC-14 SOURCE:TIA AGENDA ITEM:OPEN PLEN 6.4 CONTACT(S):Dan Bart / Mark Epstein

Fostering worldwide interoperability 2 Overview (1) TIAs standards work that relates to managing the identity of a user of a system, includes such things as the assignment functions of unique identifiers, such as ESNs, UIMs, MEIDs, E-UIMs, and other identifiers. It also includes building security into the standards to make sure that when using systems, such as cdma2000 ® technology for mobile communications, so that handsets and users can be uniquely identified and authenticated, as part of ID Mgmt and toll fraud prevention on such systems. Other systems standardized at TIA have similar ID Mgmt or authentication requirements including, for example, TR-8 P25 Systems used by Public Safety Users and authentication will be added to TIA-1039,"QoS Signaling for IP QoS Support," by TIA TR-34 also.

Fostering worldwide interoperability 3 Overview (2) TIA is considering possible work on Equipment Numbering Identifier security (e.g., MEID (IMEI), UIM, ESN) to help manage Identity more securely Consider an International regulatory adoption of common Equipment Numbering Identifier security requirements For information on TIA Numbering Resources see Electronic Serial Number (ESN) Assignment Includes links to Information on UIM and E-UIM Mobile Equipment Identifier (MEID) System Operator Code (SOC) SS7 Translation Type and SubSystem Numbers Assignment Notification Information Repository

Fostering worldwide interoperability 4 Strategic Direction In the USA much of Strategic Direction for ID Mgmt work is driven by increasing concerns over Identity Theft, loss of Personal Information, Privacy Concerns, Data Breaches, toll fraud prevention, Cyber Crime, etc. Thus, public policy drives the need for technical solutions and then standards to help solve the problems. The Office of Science and Technology Policy (OSTP) of the Executive Office of the President (EOP) has been working on a Federal Vision for Identity Management, for some time, under the National Science Technology Council (NSTC). tinyurl.com/EOP-Fed-Vision-ID-MGMT-Jan09

Fostering worldwide interoperability 5 NSTC ID Management TF Report NSTC issued a Report on ID MGMT in September 2008, after GSC-13. Available at:

Fostering worldwide interoperability 6 Key Recommendations from the NSTC Report on ID Mgmt

Fostering worldwide interoperability 7 Key Findings

Fostering worldwide interoperability 8 Strategic Direction In May 2009 the Presidents National Security Telecommunications Advisory Committee (NSTAC) approved a report to President Obama on an Identity Management Strategy. ml Will be posted at:

Fostering worldwide interoperability 9 As noted in the NSTC report, many groups are dealing with issues involved in ID MGMT, domestically and internationally: Domestic and international activities

Fostering worldwide interoperability 10 Next Steps/Actions Should the President act on NSTACs recommendations or should any of numerous legislative or regulatory actions that are pending impact TIAs areas of standards expertise, we will respond accordingly.

Fostering worldwide interoperability 11 Proposed Resolution Will determine based on HIS Panel Discussions

Fostering worldwide interoperability 12 Supplemental Slides

Fostering worldwide interoperability 13 Acronyms ESN – Electronic Serial Numbers. The ESN is a number which uniquely identifies the mobile station. Each ESN is a 32-bit number consisting of two components: a manufacturer ID Code field and a mobile serial number field. The MFR Code range is UIM – User Identification Module R-UIM Removable UIM Removable User Identification Module, often called the Subscriber Identity Module (SIM) card. MEID – Mobile Equipment Identifier Mobile Equipment Identifier, uniquely identifies the mobile station. Each MEID is a 56-bit number encoded in Hexadecimal (base 16) format E-UIM – Expanded UIM IMEI – International Mobile Equipment Identity Administered by GSMA

Fostering worldwide interoperability 14 National Science Technology Council The National Science and Technology Council (NSTC) Subcommittee on Biometrics and Identity Management serves as part of the internal deliberative process of the NSTC. Reporting to and directed by the Committee on Technology, the Subcommittees tasking is to:National Science and Technology Council Subcommittee on Biometrics and Identity Management For Biometrics: Provide technical leadership in the development and implementation of interoperable federal biometric systems; Develop and implement multi-agency investment strategies that advance biometric sciences to meet public and private needs; Develop and adopt biometric standards as specified in the NSTC Policy for Enabling the Development, Adoption and Use of Biometric Standards;NSTC Policy for Enabling the Development, Adoption and Use of Biometric Standards Develop consensus strategic outreach plans for biometrics, including collaboration on the annual Biometric Consortium Conference and other events; For Identity Management (of which biometrics is a subset): Identify cross-sector IdM issues, and develop and implement plans to address the federal governments priority S&T needs Facilitate the inclusion of privacy-protecting principles in IdM system design; Promote a scientifically educated and aware public that properly understands IdM technologies, federal programs and issues; Strengthen international and public sector partnerships to foster the advancement of IdM technologies.

Fostering worldwide interoperability 15 Architectural Model from NSTC

Fostering worldwide interoperability 16 TIA published Documents related to ID Mgmt via ESN, UIM and MEID number assignments MEID Global Hexadecimal Assignment Guidelines and Procedures, v5.0 ANSI/J-STD-025-B-1, Lawfully Authorized Electronic Surveillance, support for MEID TIA-928, TIA 41 (MAP) support for MEID TIA-1074, OTA support for MEID TIA [E], MAP Location Services Enhancements for support of MEID TIA , Multiple Authentication and 2G RUIM Support ANSI/J-STD-036-B, E911 Phase 2, support for MEID TIA-943, MEID (TDMA) TIA-2001-D-1, MEID for cdma2000 ®

Fostering worldwide interoperability 17 TIA published Standards related to ID Mgmt via ESN, UIM and MEID number assignments TIA-2000-D, cdma2000 ® air interface support for MEID TIA-1084-A, Signaling Test Specification for MEID support of cdma2000 ® Spread Spectrum Systems TIA-835-B-1, cdma2000 ® packet data network support for MEID TIA-820-C-1, RUIM for Spread Spectrum Systems Electronic Serial Number Manufacturers Code Assignment Guidelines and Procedures, v2.0

Fostering worldwide interoperability 18 Geneva, July 2009 Engineering Committee TR-8 has a subcommittee focused on Encryption Standards, TR-8.3 A block encryption Protocol document, TIA-102.AAAD-A has been approved for ballot in 2009 TR-8 has standards for Advanced Encryption, Data Encryption, and OTAR For overviews of these areas see ANSI/TIA- 102.AAAB-A, ANSI/TIA-102.AAAB-A, and TIA- 102.AACB TR-8 Security, Encryption, Identity

Fostering worldwide interoperability 19 Example of TIA P25 Standard for Authentication TIA-102.AACE Project 25 Digital Land Mobile Radio - Link Layer Authentication The authentication service described in this document is applicable to FDMA and TDMA trunking systems using an FDMA trunking control channel. Authentication is a standard option for trunked radio systems. This document describes two forms of authentication: unit authentication and mutual authentication. If the authentication standard is implemented in a Subscriber Unit, then unit authentication is mandatory and mutual authentication is optional. When the mutual authentication option is chosen, it must be implemented as specified herein. If the authentication standard is implemented in the FNE, both unit and mutual authentication are mandatory and must be implemented as specified herein.