Database Requirements IMEI/MEID CEIR March 30/31 JEM Geneva

Issues (1 of N) How is the manufacturer code reflected in the database(s) (note: there is TAC in IMEI)? Does a manufacturer with assigned block(s) have a privilege to access allocations for that manufacturer? –Read only (YES, e.g. for warranty, time to deployment, …) –Read/write (maybe?) –Security issues: URL of manufacturer datasheet

Issues (2 of N) Assignment affirmation: Assignment revocation: –Conditions for affirmation/allocation –Time before it must be consumed Coordination of assignments for multi- mode devices between GHA/GDA data bases, if separate

Issues (3 of N) What are operators’ access privileges to MEID/IMEI (assignment) data base(s)? –Read? (Yes) –Read/Write? (No, administrators only)

Issues (4 of N) Secure access: –A Manufacturer’s access should be confined only to codes assigned to it; –Access privileges are to designated entities only (e.g. a member operator’s agent, likewise for other designated entities) –Level of authentication (is mutual authentication required?) –Protocol specifications –Backups

Use scenarios

CEIR Issues (1 of X) Is an IMEI/MEID implicitly white-listed (if not on the black/gray list)? –Normal = white list –Block = black –Track = gray Coordination on multi-mode devices, if separate CEIR deployed What are the criteria for black or gray listing? Hierarchy (EIR owned by operator feeding to CEIR)

CEIR Issues (2 of X) Only operators populate EIR, and implicitly CEIR. Are there any exceptions? White lists migrate from TAD-like database

Requirements The GHA/GDA or a designated regional administrator shall record MEID/IMEI allocations of numbering space to the appropriate Allocation Database (e.g. TAD in case of IMEI), within 3 business days of the grant of such allocation, or within the timeframe requested by the manufacturer. –The recording shall contain, as a minimum, the following information: Equipment manufacturer identity, segment of allocated numbering space. The recording should also contain: Reference to a manufacturer product data, or explicit information regarding equipment characteristics (e.g. power class, frequency band(s), technology modes supported).

Requirements (2 of N) The GDA/GHA entry should indicate allocation status as “granted”. A Manufacturer may have access to a section of allocation database reserved for that manufacturer’s use, only after allocation is “granted”. –If manufacturer has access to the allocation database, the manufacturer shall be able to read any data in its section of Allocation database. A manufacturer shall not have access to a section of database outside its domain.

Requirements (3 of N) As devices are manufactured, the manufacturer should be able to convert status of segments of it allocation from “granted” to “released”.

Requirements (4 of N) CEIR Allocation database (TAD) shall be reflected in the CEIR automatically upon assignment of codes (creation of “granted” status). CEIR whitelist (normal) range should reflect the serial number ranges of mobile equipment with status “released”.

Requirements (5 of N) EIR An Operator’s (explicit) EIR whitelist should be updated from the CEIR whitelist at a frequency deemed suitable to that operator (recommended on a daily basis).

Blacklist (Block) Requirements (1 of N) An Operator should create entries to the EIR blacklist per the internal policy of that operator (e.g. police report may be required before blacklisting). All EIR new blacklist entries should be uploaded to CEIR on a daily basis. An EIR should request blacklist updates from the CEIR on a daily basis. If implemented separately, the decimal CEIR and hexadecimal CEIR should exchange blacklists for multimode devices on a daily basis