Identity Management and Identification Systems

1
Identity Management andIdentification Systems

• TIA DEL

2
Overview (1)

• TIAs standards work that relates to managing the
  identity of a user of a system, includes such
  things as the assignment functions of unique
  identifiers, such as ESNs, UIMs, MEIDs, E-UIMs,
  and other identifiers.
• It also includes building security into the
  standards to make sure that when using systems,
  such as cdma2000 technology for mobile
  communications, so that handsets and users can be
  uniquely identified and authenticated, as part of
  ID Mgmt and toll fraud prevention on such
  systems.
• Other systems standardized at TIA have similar ID
  Mgmt or authentication requirements including,
  for example, TR-8 P25 Systems used by Public
  Safety Users and authentication will be added to
  TIA-1039,"QoS Signaling for IP QoS Support," by
  TIA TR-34 also.

3
Overview (2)

• TIA is considering possible work on Equipment
  Numbering Identifier security (e.g., MEID (IMEI),
  UIM, ESN) to help manage Identity more securely
• Consider an International regulatory adoption of
  common Equipment Numbering Identifier security
  requirements
• For information on TIA Numbering Resources see
  www.tiaonline.org/standards/resources
• Electronic Serial Number (ESN) Assignment
• Includes links to Information on UIM and E-UIM
• Mobile Equipment Identifier (MEID)
• System Operator Code (SOC)
• SS7 Translation Type and SubSystem Numbers
  Assignment Notification Information Repository

4
Strategic Direction

• In the USA much of Strategic Direction for ID
  Mgmt work is driven by increasing concerns over
  Identity Theft, loss of Personal Information,
  Privacy Concerns, Data Breaches, toll fraud
  prevention, Cyber Crime, etc.
• Thus, public policy drives the need for technical
  solutions and then standards to help solve the
  problems.
• The Office of Science and Technology Policy
  (OSTP) of the Executive Office of the President
  (EOP) has been working on a Federal Vision for
  Identity Management, for some time, under the
  National Science Technology Council (NSTC).
• tinyurl.com/EOP-Fed-Vision-ID-MGMT-Jan09
• www.biometrics.gov/nstc/Default.aspx

5
NSTC ID Management TF Report

• NSTC issued a Report on ID MGMT in September
  2008, after GSC-13.
• Available at
• www.ostp.gov/nstc
• www.biometrics.gov
• www.idmanagement.gov
• www.ostp.gov/cs/nstc/documents_reports
• www.biometrics.gov/NSTC/Publications.aspx

6
Key Recommendations from the NSTC Report on ID
Mgmt
7
Key Findings
8
Strategic Direction

• In May 2009 the Presidents National Security
  Telecommunications Advisory Committee (NSTAC)
  approved a report to President Obama on an
  Identity Management Strategy.
• www.ncs.gov/nstac/may2009/nstac_meetings.html
• Will be posted at
• www.ncs.gov/nstac/nstac_publications.html

9
Domestic and international activities

• As noted in the NSTC report, many groups are
  dealing with issues involved in ID MGMT,
  domestically and internationally

10
Next Steps/Actions

• Should the President act on NSTACs
  recommendations or should any of numerous
  legislative or regulatory actions that are
  pending impact TIAs areas of standards
  expertise, we will respond accordingly.

11
Proposed Resolution

• Will determine based on HIS Panel Discussions

12
Supplemental Slides
13
Acronyms

• ESN Electronic Serial Numbers.
• The ESN is a number which uniquely identifies the
  mobile station. Each ESN is a 32-bit number
  consisting of two components a manufacturer ID
  Code field and a mobile serial number field. The
  MFR Code range is 000-255.
• UIM User Identification Module
• R-UIM Removable UIM
• Removable User Identification Module, often
  called the Subscriber Identity Module (SIM) card.
• MEID Mobile Equipment Identifier
• Mobile Equipment Identifier, uniquely identifies
  the mobile station. Each MEID is a 56-bit number
  encoded in Hexadecimal (base 16) format
• E-UIM Expanded UIM
• IMEI International Mobile Equipment Identity
• Administered by GSMA

14
National Science Technology Council

• The National Science and Technology Council
  (NSTC) Subcommittee on Biometrics and Identity
  Management serves as part of the internal
  deliberative process of the NSTC. Reporting to
  and directed by the Committee on Technology, the
  Subcommittees tasking is to
• For Biometrics
• Provide technical leadership in the development
  and implementation of interoperable federal
  biometric systems
• Develop and implement multi-agency investment
  strategies that advance biometric sciences to
  meet public and private needs
• Develop and adopt biometric standards as
  specified in the NSTC Policy for Enabling the
  Development, Adoption and Use of Biometric
  Standards
• Develop consensus strategic outreach plans for
  biometrics, including collaboration on
  www.biometrics.gov, the annual Biometric
  Consortium Conference and other events
• For Identity Management (of which biometrics is a
  subset)
• Identify cross-sector IdM issues, and develop and
  implement plans to address the federal
  governments priority ST needs
• Facilitate the inclusion of privacy-protecting
  principles in IdM system design
• Promote a scientifically educated and aware
  public that properly understands IdM
  technologies, federal programs and issues
• Strengthen international and public sector
  partnerships to foster the advancement of IdM
  technologies.

15
Architectural Model from NSTC
16
TIA published Documents related to ID Mgmt via
ESN, UIM and MEID number assignments

• MEID Global Hexadecimal Assignment Guidelines and
  Procedures, v5.0
• ANSI/J-STD-025-B-1, Lawfully Authorized
  Electronic Surveillance, support for MEID
• TIA-928, TIA 41 (MAP) support for MEID
• TIA-1074, OTA support for MEID
• TIA-881-1 E, MAP Location Services Enhancements
  for support of MEID
• TIA-1137.102, Multiple Authentication and 2G RUIM
  Support
• ANSI/J-STD-036-B, E911 Phase 2, support for MEID
• TIA-943, MEID (TDMA)
• TIA-2001-D-1, MEID for cdma2000

17
TIA published Standards related to ID Mgmt via
ESN, UIM and MEID number assignments

• TIA-2000-D, cdma2000 air interface support for
  MEID
• TIA-1084-A, Signaling Test Specification for MEID
  support of cdma2000 Spread Spectrum Systems
• TIA-835-B-1, cdma2000 packet data network
  support for MEID
• TIA-820-C-1, RUIM for Spread Spectrum Systems
• Electronic Serial Number Manufacturers Code
  Assignment Guidelines and Procedures, v2.0

18
TR-8 Security, Encryption, Identity

• Engineering Committee TR-8 has a subcommittee
  focused on Encryption Standards, TR-8.3
• A block encryption Protocol document,
  TIA-102.AAAD-A has been approved for ballot in
  2009
• TR-8 has standards for Advanced Encryption, Data
  Encryption, and OTAR
• For overviews of these areas see
  ANSI/TIA-102.AAAB-A, ANSI/TIA-102.AAAB-A, and
  TIA-102.AACB

18
Geneva, 13-16 July 2009
19
Example of TIA P25 Standard for Authentication

• TIA-102.AACE Project 25 Digital Land Mobile
  Radio - Link Layer Authentication
• The authentication service described in this
  document is applicable to FDMA and TDMA trunking
  systems using an FDMA trunking control channel.
  Authentication is a standard option for trunked
  radio systems. This document describes two forms
  of authentication unit authentication and mutual
  authentication. If the authentication standard is
  implemented in a Subscriber Unit, then unit
  authentication is mandatory and mutual
  authentication is optional. When the mutual
  authentication option is chosen, it must be
  implemented as specified herein. If the
  authentication standard is implemented in the
  FNE, both unit and mutual authentication are
  mandatory and must be implemented as specified
  herein.