1. Rev.21 UIM, ESN and Equipment Identifiers Source: Bob Plunkett Chair, UIM AdHoc, TSG-S 3GPP2 Fujitsu Network Communications (972) 479-2084 bobplunkett@sprintmail.com Copyright Statement The contributor grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner's name any Organizational Partner's standards publication even though it may include portions of the contribution; and at the Organizational Partner's sole discretion to permit others to reproduce in whole or in part such contributions or the resulting Organizational Partner's standards publication. The contributor must also be willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions, as appropriate. Notice Permission is granted to 3GPP2 participants to copy any portion of this contribution for the legitimate purpose of the 3GPP2. Copying this contribution for monetary gain or other non-3GPP2 purpose is prohibited.

2. Rev.22 Definitions zUser Identify Module (UIM) - The removable or logical device that contains the subscription parameters associated with Mobile Station operation. zMobile Equipment (ME) – The Mobile Station without the UIM. This device on its own may have some limited functionality including the ability to initiate emergency calls. zMobile Station (MS) – The combination of the UIM and the Mobile Equipment, fully capable of all normal functions associated with normal wireless operation. zUIM_ID - A unique hardware identifier for the UIM. It is anticipated that it will be 32 bits or larger in size and may be associated with ICC-ID.

3. Rev.23 What is ESN Used For? Standardized Uses zRegistration yOptionally used in most air interface standards as part of registration messages. zFraud Control yMany existing systems use ESN - MIN/IMSI matching for purposes of fraud control. zAuthentication yUsed in the generation of SSD and Authentication Calculations. zCDMA Forward and Reverse Traffic Channel Encoding yProvides MS specific channel separation/isolation based on a unique ESN.

4. Rev.24 What is ESN Used For? Non-Standardized Uses zTerminal Inventory Management - Used by operators to track Mobile Station hardware for inventory/ownership/theft management purposes. zManufacturer ID - Used in Operator Customer Service Operations. yThe manufacturer ID portion of the ESN can be used for quality control purposes and to identify MSs that may require retrofit or upgrading. zRF Fingerprinting - MSs are identified by ESN typically captured off of the air. zA-Key Repositories - A-keys are paired with ESNs when delivering pre- loaded terminals to operators from manufacturers and for inventory management prior to shipment to the end customer.

5. Rev.25 ESN Treatment Scenarios zScenario 1 - Substituting UIM_ID for ESN (32 bit). yA 32 bit subset of the UIM_ID would be used wherever the ESN is used today. zScenario 2 - Continue to use the ESN of the Mobile Equipment. yThe 32 bit ESN of the Mobile Equipment would continue to be used in all existing procedures. zScenario 3 - ESN is used for all purposes other than Authentication. A 32 bit subset of the UIM_ID would be used for authentication calculations. zNotes: All three scenarios assume Authentication routines are executed in the UIM (A-Key is stored in the UIM).

6. Rev.26 Scenario #1: Substituting UIM_ID for ESN (32 bit) zUIM_ID is substituted for the Mobile Station ESN in all procedures. zTransparent to IS-41 procedures and permits UIM roaming on legacy networks without impact. zNew networks could be upgraded to support separate UIM and Mobile Equipment identifiers. zMay require a regulatory change. yIt needs to be clarified if this scenario requires a regulatory change. One possible interpretation is that the ESN would continue to exist in the Mobile Equipment. It would simply no longer be used.

7. Rev.27 #1 - Issues zSize of ME_ID yA ME_ID would be required for procedures that require unique identification of the Mobile Equipment. Note that this could be the existing MS ESN but could also be larger to accommodate future growth. zSize of UIM_ID yThe UIM_ID could remain the same size as the existing ESN or it could be increased to some larger number for example the ICC-ID (80 bits). If a larger size was chosen, existing procedures would use a 32 bit subset of the number. yBy using a subset number there are some issues with ESN uniqueness. zNew or Modified Messages to Query Full Size ME_ID and UIM_IDs. yNew or modified messages would be needed to extract both the ME_ID and the UIM_ID over the air Interface since the ESN would no longer be used in existing procedures and only a subset of the UIM_ID would be used in the procedures.

8. Rev.28 #1 - Some more issues zCould create a commercial grade cloning platform. yWithout security procedures between the UIM and the Mobile Equipment, it would be possible to build an interface to the Mobile Equipment that permitted easy cloning of MIN/ESNs. yThis is not a concern in authentication enabled networks. yA requirement that a UIM phone could only access the network after completing authentication routines would mitigate this issue but would prevent access in non-authenticating networks. zRF Fingerprinting based on ESN would be lost. yA mobile station in an AMPS network using RF fingerprinting could be denied service if the UIM was to be moved to another Mobile Equipment. yRF Fingerprinting networks would need access to the new ME_ID. yDepending on the matching technique a mobile may not work at all in a RF fingerprinting network without access to the ME_ID - further investigation required.

9. Rev.29 #1 - UIM_ID Subsetting Issues zOn occasion you may get two subscribers with the same 32 bit subset. yNon-unique in the network - 2 subscribers - 1 ESN. xTypical cloned phone scenario. yMay require some changes to existing networks to prevent service denial. zCould cause problems on the CDMA reverse channel. yCould be mitigated by some small changes to the Air Interface. zIt is not expected that either of the two above identified cases would have significant customer or network impact. zProblems can be mitigated by ESN assignment management and/or network procedures.

10. Rev.210 Scenario #2: Continue to use the ME ESN zThe Mobile Equipment ESN would continue to be used in all procedures. zRelies upon the fact that the ESN is transferred from the phone to the network as part of the Authentication procedures. zThe network Authentication procedures would then have to take into account the current ESN identified and discard any previously stored values. zNew or modified messages would be required to extract UIM_ID if required.

11. Rev.211 #2 - Issues zWhenever an UIM is moved between ME’s a MIN/ESN mismatch will occur. yMitigated by Authentication procedures. yWhen in a non-authenticating network there is a policy decision for the home operator as to whether or not to permit a new MIN/ESN combination. xIn the case where an operator chooses to deny a change, UIM transfers would not be permitted while the UIM was in non-authentication capable networks. xRequires a manual update of MIN/ESN for non-authenticating networks where the UIM transfer between terminals occurred between networks or in the non-authenticating network. Or xNo MIN ESN matching is performed for that particular subscriber or for all subscribers associated with the home system - any phone with a valid MIN would be permitted to make calls. yMay not be an unusual scenario when different terminals are required because of air interface or band considerations.

12. Rev.212 #2 - More Issues zStill a limited number space if the 32 bit ESN continues to be used. zNetwork Authentication implementations may assume MIN/ESN binding. yMay require changes to Home networks where removable UIM is implemented. zWhen a UIM is moved from one Mobile Equipment to another, the TMSI must be invalidated and the Mobile Station must register using IMSI.

13. Rev.213 #3 - UIM_ID Hybrid Solution zESN stays in the MS and uses the UIM_ID for authentication procedures. zDecouples ESN from Authentication procedures. zUIM_ID is known only to the UIM manufacturer and the operator.

14. Rev.214 #3 - Issues zRequires changes to Home networks where removable UIM is implemented. zThe approach would not permit SSD sharing without IS-41 and Authentication Procedure changes. zNew messages are still required for UIM_ID.