fostering worldwide interoperability identity management and identification systems tia del document...
TRANSCRIPT
Fostering worldwide interoperability
Identity Management andIdentification Systems
TIA DEL
DOCUMENT #: GSC14-PLEN-009
FOR: Presentation GSC-14
SOURCE: TIA
AGENDA ITEM: OPEN PLEN 6.4
CONTACT(S): Dan Bart / Mark Epstein
2Fostering worldwide interoperability
Overview (1)
TIA’s standards work that relates to managing the identity of a user of a system, includes such things as the assignment functions of unique identifiers, such as ESNs, UIMs, MEIDs, E-UIMs, and other identifiers.It also includes building security into the standards to make sure that when using systems, such as cdma2000® technology for mobile communications, so that handsets and users can be uniquely identified and authenticated, as part of ID Mgmt and toll fraud prevention on such systems.Other systems standardized at TIA have similar ID Mgmt or authentication requirements including, for example, TR-8 P25 Systems used by Public Safety Users and authentication will be added to TIA-1039,"QoS Signaling for IP QoS Support," by TIA TR-34 also.
3Fostering worldwide interoperability
Overview (2)
TIA is considering possible work on Equipment Numbering Identifier security (e.g., MEID (IMEI), UIM, ESN) to help manage Identity more securely
Consider an International regulatory adoption of common Equipment Numbering Identifier security requirements
For information on TIA Numbering Resources see www.tiaonline.org/standards/resources
Electronic Serial Number (ESN) Assignment
Includes links to Information on UIM and E-UIM
Mobile Equipment Identifier (MEID)
System Operator Code (SOC)
SS7 Translation Type and SubSystem Numbers Assignment Notification Information Repository
4Fostering worldwide interoperability
Strategic Direction
In the USA much of Strategic Direction for ID Mgmt work is driven by increasing concerns over Identity Theft, loss of Personal Information, Privacy Concerns, Data Breaches, toll fraud prevention, Cyber Crime, etc.Thus, public policy drives the need for technical solutions and then standards to help solve the problems.The Office of Science and Technology Policy (“OSTP”) of the Executive Office of the President (“EOP”) has been working on a “Federal Vision for Identity Management,” for some time, under the National Science Technology Council (NSTC).
tinyurl.com/EOP-Fed-Vision-ID-MGMT-Jan09 www.biometrics.gov/nstc/Default.aspx
5Fostering worldwide interoperability
NSTC ID Management TF Report
NSTC issued a Report on ID MGMT in September 2008, after GSC-13.Available at:
www.ostp.gov/nstcwww.biometrics.govwww.idmanagement.govwww.ostp.gov/cs/nstc/documents_reports www.biometrics.gov/NSTC/Publications.aspx
6Fostering worldwide interoperability
Key Recommendations from the NSTC Report on ID Mgmt
7Fostering worldwide interoperability
Key Findings
8Fostering worldwide interoperability
Strategic Direction
In May 2009 the President’s National Security Telecommunications Advisory Committee (“NSTAC”) approved a report to President Obama on an “Identity Management Strategy.”
www.ncs.gov/nstac/may2009/nstac_meetings.html
Will be posted at:www.ncs.gov/nstac/nstac_publications.html
9Fostering worldwide interoperability
As noted in the NSTC report, many groups are dealing with issues involved in ID MGMT, domestically and internationally:
Domestic and international activities
10Fostering worldwide interoperability
Next Steps/Actions
Should the President act on NSTAC’s recommendations or should any of numerous legislative or regulatory actions that are pending impact TIA’s areas of standards expertise, we will respond accordingly.
11Fostering worldwide interoperability
Proposed Resolution
Will determine based on HIS Panel Discussions
12Fostering worldwide interoperability
Supplemental Slides
13Fostering worldwide interoperability
AcronymsESN – Electronic Serial Numbers.
The ESN is a number which uniquely identifies the mobile station. Each ESN is a 32-bit number consisting of two components: a manufacturer ID Code field and a mobile serial number field. The MFR Code range is 000-255.
UIM – User Identification ModuleR-UIM Removable UIM
Removable User Identification Module, often called the Subscriber Identity Module (SIM) card.
MEID – Mobile Equipment IdentifierMobile Equipment Identifier, uniquely identifies the mobile station. Each MEID is a 56-bit number encoded in Hexadecimal (base 16) format
E-UIM – Expanded UIMIMEI – International Mobile Equipment Identity
Administered by GSMA
14Fostering worldwide interoperability
National Science Technology CouncilThe National Science and Technology Council (NSTC) Subcommittee on Biometrics and Identity Management serves as part of the internal deliberative process of the NSTC. Reporting to and directed by the Committee on Technology, the Subcommittee’s tasking is to: For Biometrics:
Provide technical leadership in the development and implementation of interoperable federal biometric systems; Develop and implement multi-agency investment strategies that advance biometric sciences to meet public and private needs; Develop and adopt biometric standards as specified in the NSTC Policy for Enabling the Development, Adoption and Use of Biometric Standards; Develop consensus strategic outreach plans for biometrics, including collaboration on www.biometrics.gov, the annual Biometric Consortium Conference and other events;
For Identity Management (of which biometrics is a subset): Identify cross-sector IdM issues, and develop and implement plans to address the federal government’s priority S&T needs Facilitate the inclusion of privacy-protecting principles in IdM system design; Promote a scientifically educated and aware public that properly understands IdM technologies, federal programs and issues; Strengthen international and public sector partnerships to foster the advancement of IdM technologies.
15Fostering worldwide interoperability
Architectural Model from NSTC
16Fostering worldwide interoperability
TIA published Documents related to ID Mgmt via ESN, UIM and MEID number assignments
MEID Global Hexadecimal Assignment Guidelines and Procedures, v5.0ANSI/J-STD-025-B-1, Lawfully Authorized Electronic Surveillance, support for MEIDTIA-928, TIA 41 (MAP) support for MEIDTIA-1074, OTA support for MEIDTIA-881-1 [E], MAP Location Services Enhancements for support of MEIDTIA-1137.102, Multiple Authentication and 2G RUIM SupportANSI/J-STD-036-B, E911 Phase 2, support for MEIDTIA-943, MEID (TDMA) TIA-2001-D-1, MEID for cdma2000®
17Fostering worldwide interoperability
TIA published Standards related to ID Mgmt via ESN, UIM and MEID number assignments
TIA-2000-D, cdma2000® air interface support for MEIDTIA-1084-A, Signaling Test Specification for MEID support of cdma2000® Spread Spectrum SystemsTIA-835-B-1, cdma2000® packet data network support for MEIDTIA-820-C-1, RUIM for Spread Spectrum SystemsElectronic Serial Number Manufacturer’s Code Assignment Guidelines and Procedures, v2.0
18Fostering worldwide interoperability 18Geneva, 13-16 July 2009
Engineering Committee TR-8 has a subcommittee focused on Encryption Standards, TR-8.3
A block encryption Protocol document, TIA-102.AAAD-A has been approved for ballot in 2009TR-8 has standards for Advanced Encryption, Data Encryption, and OTAR
For overviews of these areas see ANSI/TIA-102.AAAB-A, ANSI/TIA-102.AAAB-A, and TIA-102.AACB
TR-8 Security, Encryption, Identity
19Fostering worldwide interoperability
Example of TIA P25 Standard for Authentication
TIA-102.AACE “Project 25 Digital Land Mobile Radio - Link Layer Authentication”
The authentication service described in this document is applicable to FDMA and TDMA trunking systems using an FDMA trunking control channel. Authentication is a standard option for trunked radio systems. This document describes two forms of authentication: unit authentication and mutual authentication. If the authentication standard is implemented in a Subscriber Unit, then unit authentication is mandatory and mutual authentication is optional. When the mutual authentication option is chosen, it must be implemented as specified herein. If the authentication standard is implemented in the FNE, both unit and mutual authentication are mandatory and must be implemented as specified herein.