1、 ATIS-0700024 ATIS Standard on - BEST PRACTICES FOR OBTAINING MOBILE DEVICE IDENTIFIERS FOR MOBILE DEVICE THEFT PREVENTION (MDTP) As a leading technology and solutions development organization, the Alliance for Telecommunications Industry Solutions (ATIS) brings together the top global ICT companies
2、 to advance the industrys most pressing business priorities. ATIS nearly 200 member companies are currently working to address the All-IP transition, network functions virtualization, big data analytics, cloud services, device solutions, emergency services, M2M, cyber security, network evolution, qu
3、ality of service, billing support, operations, and much more. These priorities follow a fast-track development lifecycle from design and innovation through standards, specifications, requirements, business use cases, software toolkits, open source solutions, and interoperability testing. ATIS is acc
4、redited by the American National Standards Institute (ANSI). The organization is the North American Organizational Partner for the 3rd Generation Partnership Project (3GPP), a founding Partner of the oneM2M global initiative, a member of and major U.S. contributor to the International Telecommunicat
5、ion Union (ITU), as well as a member of the Inter-American Telecommunication Commission (CITEL). For more information, visit www.atis.org. Notice of Disclaimer & Limitation of Liability The information provided in this document is directed solely to professionals who have the appropriate degree of e
6、xperience to understand and interpret its contents in accordance with generally accepted engineering or other professional standards and applicable regulations. No recommendation as to products or vendors is made or should be implied. NO REPRESENTATION OR WARRANTY IS MADE THAT THE INFORMATION IS TEC
7、HNICALLY ACCURATE OR SUFFICIENT OR CONFORMS TO ANY STATUTE, GOVERNMENTAL RULE OR REGULATION, AND FURTHER, NO REPRESENTATION OR WARRANTY IS MADE OFMERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR AGAINST INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. ATIS SHALL NOT BE LIABLE, BEYOND THE AMOUNT
8、 OF ANY SUM RECEIVED IN PAYMENT BY ATIS FOR THIS DOCUMENT, AND IN NO EVENT SHALL ATIS BE LIABLE FOR LOST PROFITS OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES. ATIS EXPRESSLY ADVISES THAT ANY AND ALL USE OF OR RELIANCE UPON THE INFORMATION PROVIDED IN THIS DOCUMENT IS AT THE RISK OF THE USER. NOTE -
9、The users attention is called to the possibility that compliance with this standard may require use of an invention covered by patent rights. By publication of this standard, no position is taken with respect to whether use of an invention covered by patent rights will be required, and if any such u
10、se is required no position is taken regarding the validity of this claim or any patent rights in connection therewith. Please refer to http:/www.atis.org/legal/patentinfo.asp to determine if any statement has been filed by a patent holder indicating a willingness to grant a license either without co
11、mpensation or on reasonable and non-discriminatory terms and conditions to applicants desiring to obtain a license. ATIS-0700024, Best Practices for Obtaining Mobile Device Identifiers for Mobile Device Theft Prevention (MDTP) Is an American National Standard developed by the Systems and Networks (S
12、N) Subcommittee under the ATIS Wireless Technologies and Systems Committee (WTSC). Published by Alliance for Telecommunications Industry Solutions 1200 G Street, NW, Suite 500 Washington, DC 20005 Copyright 2015 by Alliance for Telecommunications Industry Solutions All rights reserved. No part of th
13、is publication may be reproduced in any form, in an electronic retrieval system or otherwise, without the prior written permission of the publisher. For information contact ATIS at 202.628.6380. ATIS is online at . ATIS-0700024 ATIS Standard on Best Practices for Obtaining Mobile Device Identifiers
14、for Mobile Device Theft Prevention (MDTP) Alliance for Telecommunications Industry Solutions Approved October 2015 Abstract This specification defines best practices for obtaining the device identifiers (e.g., International Mobile Equipment Identity IMEI) from mobile devices even if the mobile devic
15、e is locked or disabled. This best practices specification was developed in response to Recommendation 1.5 of the December 4, 2014 Federal Communications Commission (FCC) Technological Advisory Council (TAC) report on Mobile Device Theft Prevention (MDTP). ATIS-0700024 ii Foreword The Alliance for T
16、elecommunication Industry Solutions (ATIS) serves the public through improved understanding between providers, customers, and manufacturers. The Wireless Technologies and Systems Committee (WTSC) develops and recommends standards and technical reports related to wireless and/or mobile services and s
17、ystems, including service descriptions and wireless technologies. WTSC develops and recommends positions on related subjects under consideration in other North American, regional, and international standards bodies. The mandatory requirements are designated by the word shall and recommendations by t
18、he word should. Where both a mandatory requirement and a recommendation are specified for the same criterion, the recommendation represents a goal currently identifiable as having distinct compatibility or performance advantages. The word may denotes an optional capability that could augment the sta
19、ndard. The standard is fully functional without the incorporation of this optional capability. Suggestions for improvement of this document are welcome. They should be sent to the Alliance for Telecommunications Industry Solutions, WTSC, 1200 G Street NW, Suite 500, Washington, DC 20005. At the time
20、 of consensus on this document, WTSC, which was responsible for its development, had the following leadership: M. Younge, WTSC Chair (T-Mobile) D. Zelmer, WTSC Vice-Chair (AT&T) P. Musgrove, WTSC SN Chair (AT&T) G. Schumacher, WTSC SN Vice-Chair (Sprint) D. Sennett, Technical Editor (AT&T) The Syste
21、ms and Networks (SN) Subcommittee was responsible for the development of this document. ATIS-0700024 iii Table of Contents 1 Scope, Purpose, & Application . 1 1.1 Scope 1 1.2 Purpose . 1 1.3 Application . 1 2 Normative References 2 3 Definitions, Acronyms, & Abbreviations . 2 3.1 Definitions 2 3.2 A
22、cronyms & Abbreviations 2 4 Assumptions . 3 5 Use Case 3 6 Existing Solutions . 3 7 Best Practices for Obtaining Mobile Device IDs . 3 7.1 Mobile Device Disabled by Owner Initiated MDTP Procedures 4 7.2 IMEI Display on Disabled or Locked Mobile Devices . 4 7.3 IMEI Display on Unlocked Mobile Devices
23、 . 5 Table of Figures Figure 7.1 Example Display of IMEI on Mobile Device 4 ATIS TANDARD ATIS-07024 ATIS Standard on Best Practices for Obtaining Mobile Device Identifiers for Mobile Device Theft Prevention (MDTP) 1 1 Scope, Purpose, & Application 1.1 Scope The scope of this best practices specifica
24、tion on Mobile Device Theft Prevention (MDTP) is limited to phones and tablets with user interface capabilities (e.g., touchscreen) which have an International Mobile Equipment Identity (IMEI). Machine to Machine (M2M)/Internet of Things (IoT) devices and devices without cellular network capabilitie
25、s (e.g., WiFi only devices) are out of scope. Personal Computers (PCs) and laptops with cellular capabilities are also out of scope. 1.2 Purpose At the December 4, 2014 meeting, the Federal Communications Commission (FCC) Technological Advisory Council (TAC) approved the final report of the Mobile D
26、evice Theft Prevention (MDTP) working group. Ref 1 The MDTP working group report contains a recommendation which requires development of standards or best practices within ATIS. Specifically, Recommendation 1.5 (as quoted below) tasks industry to develop “standards, methods and procedures” to obtain
27、 device identifiers from smartphones: “Recommendation 1.5: The FCC TAC recommends that ATIS in coordination with other appropriate industry groups (e.g., GSMA-NA Regional Interest Group) be tasked with developing standards, methods and procedures to obtain device identifiers from smartphones includi
28、ng those which are locked or rendered inoperable. Note: Device identifiers are typically available on smartphones either through a label on the device (which may be under the back cover or under the battery), or available through a menu option on the screen. This recommendation is to define standard
29、s, methods, and procedures for obtaining such identifiers from the device even if the device is locked or disabled, and may include a combination of physical and electronic methods for obtaining the identifier. 1.3 Application This best practices specification is applicable to cellular network opera
30、tors, to the FCC, to the FCC TAC, to mobile device manufacturers, and to third party developers of theft prevention solutions. ATIS-0700024 2 2 Normative References The following standards contain provisions which, through reference in this text, constitute provisions of this Standard. At the time o
31、f publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this Standard are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below. Ref 1 FCC, Report of Technological Advisory C
32、ouncil (TAC) Subcommittee on Mobile Device Theft Prevention (MDTP), Version 1.0, 4 December 2014.13 Definitions, Acronyms, & Abbreviations For a list of common communications terms and definitions, please visit the ATIS Telecom Glossary, which is located at . 3.1 Definitions 3.1.1 Disabled: This is
33、the state of the mobile device after theft prevention (anti-theft) procedures have been activated. Examples of applications supporting mobile device disablement on commonly available handsets are Apple Activation Lock or BlackBerry Protect on iPhone or BlackBerry mobile devices respectively. 3.1.2 L
34、ocked: The mobile device display/keyboard/keypad does not allow access to mobile device features and applications and is password protected. To unlock the mobile device the correct password needs to be entered. This is a common feature on smartphones where the owner will set a password for the mobil
35、e device which is required to gain access to the mobile device display, keyboard, and applications. This feature normally is activated at mobile device power up, restart, and after a period of inactivity. 3.2 Acronyms & Abbreviations ATIS Alliance for Telecommunications Industry Solutions CMSP Comme
36、rcial Mobile Service Provider FCC Federal Communications Commission IMEI International Mobile Equipment Identity IoT Internet of Things M2M Machine to Machine MDTP Mobile Device Theft Prevention PC Personal Computer TAC Technological Advisory Council UICC Universal Integrated Circuit Card 1Available
37、 from the FCC at: . ATIS-0700024 3 4 Assumptions The following assumptions are associated with this best practices specification: 1. The device identifier relevant to the FCC requirement is the IMEI. 2. The mobile device has sufficient power to execute its normal boot sequence and activate the user
38、interface. 3. The IMEI can be retrieved without knowing the authentication credentials (password, PIN, etc.) of the mobile device. 4. The IMEI is present in the mobile device. 5. A Universal Integrated Circuit Card (UICC) or equivalent may or may not be present in the mobile device. 6. A Commercial
39、Mobile Service Provider (CMSP) may or may not have provisioned the mobile device. 5 Use Case The primary Use Case for obtaining the device identifiers for MDTP is to support the needs of Law Enforcement. Law Enforcement personnel may encounter a mobile device during their normal execution of duties
40、and need to determine if the mobile device has been listed as stolen on the GSMA IMEI Database2. Access to the IMEI is the first step in determining if a mobile device has been reported as stolen. Therefore, a quick, simple, and consistent means to obtain the IMEI from disabled, locked, or unlocked
41、mobile devices is needed for law enforcement personnel. NOTE: For example, possession of stolen property could lead to an immediate arrest which is why Law Enforcement needs a quick, easy, and consistent method for obtaining the device identifier. 6 Existing Solutions The following are some of the e
42、xisting solutions for obtaining the IMEI from mobile devices: 1. The IMEI is available on some but not all mobile devices on a label attached to the mobile device which is normally located under the battery. NOTE: The label can be subject to tampering. Therefore, a means to retrieve the IMEI through
43、 the user interface on the mobile device is needed. 2. From an unlocked mobile device, the IMEI can be determined by entering *#06# into the mobile phone dialer. 3. From an unlocked mobile device, the IMEI can be obtained from the mobile device configuration menus. NOTE: These configuration menus va
44、ry by mobile device manufacturer and by the specific model. 4. There are no known methods for obtaining the IMEI via the user interface of a disabled or locked mobile device. 7 Best Practices for Obtaining Mobile Device IDs The recommended best practices in this clause are based on the requirement t
45、hat Law Enforcement access to the IMEI in a mobile device which is suspected of being stolen shall be achievable when the mobile device is locked or disabled, without knowing the authentication credentials (password, PIN, etc.) of the mobile device. 2Information on the GSMA IMEI Database including t
46、he general description of the database, the colored lists, the operator best practices, and access to the IMEI Database is available at: .(last visited September 10, 2015). 7ThomgmTdIn7FmE.1 Mobihe mobile deas been repof mobile devobile deviceoal that a mobile devicehe IMEI is aevice displayn additi
47、on to umber and th.2 IMEI or disabled obile device Whenclicks Clear xamples of o Whenscreele Devicevice IMEI is rted stolen. Aices reportedbattery, but obile device . 15-digit numas: the above, ous reduce trDisplay oor locked mouser interfaca mobile dev/button pressinstructions fbtaining IMEan emerg
48、enn, a pre-call wDisablea means for mobile devas stolen. Fthe label candisplay the Ieric string anFigure 7.1 ther forms ofanscription orn Disabbile devicese. ice is powerees, swipes, eor an inexperI display fromcy call is initiaindow (emeATd by Ownidentifying thice retrieved or many mobbe subject to
49、MEI on its dd as an exaExample Ddisplaying thmistakes caled or Lo, display of td on, IMEI dtc.). ienced user oa disabled oted from a mrgency dialogTIS-07000244 er Initiae mobile devby Law Enfoile devices ttampering aisplay screenmple can be isplay of IMEe IMEI suchused by humcked Mohe device IMisplay is accon how to obtr locked mobobile device ue box) appeted MDTPice by its owrcement mayhe IMEI is nond the IMEI regardless shown in theI on Mobile as Code 128an error. bile DeviEI does notmplished in tain the IMEIile device colocked screears asking thProcedner and wheh