1、 TIA-4999 February 2014Security Framework for Binding of Access Subscription with Devices NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improv
2、ement of products, and assisting the purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not con
3、forming to such Standards and Publications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institu
4、te (ANSI) patent policy. By such action, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable regulato
5、ry requirements. It is the responsibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. Any use of trademarks in this document are for information purposes and do not constitute an endors
6、ement by TIA or this committee of the products or services of the company. (From Project No. TIA-PN-4999, formulated under the cognizance of the TIA TR-45 Mobile (b) there is no assurance that the Document will be approved by any Committee of TIA or any other body in its present or any other form; (
7、c) the Document may be amended, modified or changed in the standards development or any editing process. The use or practice of contents of this Document may involve the use of intellectual property rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA
8、 makes no search or investigation for IPR. When IPR consisting of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the holder thereof is requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims an
9、y obligation to investigate or inquire into, the scope or validity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are instead left to the parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are rea
10、sonable or non-discriminatory. TIA does not warrant or represent that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or its contents. If the Document contains one or more Normative References to a document published by another organizatio
11、n (“other SSO”) engaged in the formulation, development or publication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such reference consists of mandatory, alternate or optional elements (as defined in the TIA Engineering Manual, 4thedition) then
12、 (i) TIA disclaims any duty or obligation to search or investigate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIAs policy of encouragement of voluntary disclosure (see Engineering Manual Section 6.5.1) of Essential Patent(s) and publis
13、hed pending patent applications shall apply; and (iii) Information as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA of a claim of Essential Patent(s) or published pending patent applications. TIA does not enforce or monitor compliance wit
14、h the contents of the Document. TIA does not certify, inspect, test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNIN
15、G THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTAT
16、IONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY APPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTENTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAM
17、AGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREAC
18、H OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT S
19、UCH LIMITATIONS. 3GPP2 S.S0152-0 v1.0 Editor Anand Palanigounder, Qualcomm Technologies Inc., Revision History Revision Description of Changes Date Rev 0 v1.0 Publication December 2013 3GPP2 S.S0152-0 v1.0 i Table of Contents 1 Foreword ii 2 1 Introduction . 1 3 1.1 Scope 1 4 1.2 References 1 5 1.2
20、.1 Normative References . 1 6 1.3 Document Conventions . 1 7 1.4 Definitions Chal is the last challenge value used by the ME for the 17 1x subscription authentication, either RAND or RANDU; and ChalResp is the corresponding 18 challenge response, either AUTHR or AUTHU; and | means concatenation. In
21、this case, the 19 size of MEID_SIG is 384 bits long. 20 5.5.1.2 MEID_SIG Verification 21 The HLR shall fetch the MEs KME_Pubassociated with the reported MEID_ME from a 22 server/database in the network and verify MEID_SIG as specified in FIPS PUB 186 5. 23 The server/database may store the KME_Pubor
22、 it may store a certificate for KME_Pub. If the 24 server/database stores the KME_Pub, the server/database shall protect against unauthorized 25 changes. Exactly how the HLR obtains the public key is outside the scope of this document. 26 5.5.1.3 ECC Profile 27 In order to ensure the interoperabilit
23、y of the MEID_SIG generation and to ensure all entities 28 use the same parameters, the KME_Priand KME_Pubshall be based on the NIST curve P-192 as 29 specified in FIPS PUB 186 4. 30 5.5.2 Symmetric Key Mechanism 31 When MEID_SIG is generated using KME, it is generated using a keyed hash algorithm.
24、In order 32 to validate the MEID_SIG, the HLR shall have the identical KME. The KMEshall have a length of 33 128 bits. 34 3GPP2 S.S0152-0 v1.0 10 5.5.2.1 MEID_SIG Generation 1 When using the symmetric key mechanism, the ME shall generate MEID_SIG using the HMAC-2 SHA256, as specified in RFC 2104 3 a
25、nd FIPS PUB 180 4, as follows: 3 MEID_SIG = 128 msb of HMAC-SHA256(KME, MEID_ME| Chal | ChalResp) 4 where MEID_ME is the MEID of the ME; Chal is the last challenge value used for the 1x 5 subscription authentication, either RAND or RANDU; and ChalResp is the corresponding 6 challenge response, eithe
26、r AUTHR or AUTHU; and | means concatenation. Since the size of 7 MEID_SIG is 128 bits, it is set to the leftmost (i.e., the most significant) 128 bits of the HMAC-8 SHA256 output. 9 5.5.2.2 MEID_SIG Verification 10 The HLR shall use the MEs KMEassociated with the report MEID_ME to verify MEID_SIG as
27、 11 specified in RFC 2104 3 and FIPS PUB 180 4. In order to verify MEID_SIG, the HLR shall 12 have access to the MEs KME. 13 How the HLR is provisioned with MEs KMEis outside the scope of this document. 14 15 3GPP2 S.S0152-0 v1.0 11 6 MESSAGE FLOW 1 The Device Binding Functionality procedures are il
28、lustrated in the following message flow. 2 dMS MSC VLR HLRStatus Request (MEID_ME, MEID_SIG)Status Response (MEID_ME, MEID_SIG)NOTE 1REGNOT (MSID, MEID_ME, MEID_SIG, RAND, AUTHR)NOTE 2abefhiREGNOT (MSID, MEID_ME, MEID_SIG, RAND, AUTHR)regnot (MEIDValidated)regnot (MEIDValidated)GenerateMEID_SIGcVali
29、dateMEID_SIGg1x System Access and Authentication3 Figure 3 Device Binding Message Flow 4 Items in red represent new Information Elements that are required to support DBF. The 5 message flow is as follows: 6 a) The MS performs 1x System Access and Authentication procedures using the existing 7 1x pro
30、cedures. 8 b) Based on MSC local policy, the MSC that supports DBF decides to send a Status 9 Request with a new RECORD_TYPE requesting a MEID_SIG in addition to MEID_ME. 10 c) The MS generates a MEID_SIG using its Device Binding Credentials (DBC) as described 11 in section 5.5. 12 d) The MS sends a
31、 Status Response message with its MEID_ME and the generated 13 MEID_SIG from step c) to the MSC. 14 NOTE 1: Although the figure shows a Status Request message, the MEID_ME 15 and MEID_SIG can also be sent in an Extended Status Response message. 16 3GPP2 S.S0152-0 v1.0 12 e) The MSC sends a Registrat
32、ion Notification (REGNOT) message to the VLR with the MSID, 1 MEID_ME, MEID_SIG, RAND and AUTHR. 2 NOTE 2: Although the figure shows a REGNOT message, other messages 3 associated with the MS System Access can be used. The VLR forwards the 4 REGNOT to the HLR. 5 f) The HLR (with DBF) checks that the
33、MSID and MEID_ME pairing is allowed. If allowed, 6 then the DBF verifies the MEID_SIG. In addition, in order to verify the ME_SIG, the DBF 7 needs to have access DBC associated with the MEID. How the DBF gets access to the 8 DBC is outside the scope of this document. 9 g) The HLR validates the recei
34、ved MEID_SIG. 10 h) The HLR send a regnot to the VLR with new status of MEIDValidated. 11 i) The VLR forwards the regnot to the MSC. 12 13 THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION TIA represents the global information and communications technology (ICT) industry through standards development, adv
35、ocacy, tradeshows, business opportunities, market intelligence and world-wide environmental regulatory analysis. Since 1924, TIA has been enhancing the business environment for broadband, wireless, information technology, cable, satellite, and unified communications. TIA members products and services empower communications in every industry and market, including healthcare, education, security, public safety, transportation, government, the utilities. TIA is accredited by the American National Standards Institute (ANSI).
