NOTE:
--------------------------------------

These articles are from the December, 1994 issue of Cellular Networking
Perspectives. Phone 1-800-633-5514 or e-mail (71574.3157@compuserve.com) for
more information, or to have a sample issue ("IS-41 Explained") faxed or
mailed to you.

                      =====================
                      The Emperor's New PIN
                      =====================

The latest anti-fraud technique being employed by carriers requires subscribers
to enter a Personal Identification Number (PIN) at the start of every call.
Reported NYNEX, for example, as claiming that "even if the thieves are able to
capture a PIN number off the air, they won't be able to pair it with the proper
ESN-MIN number to program a cloned phone." Well, Virginia, life just ain't that
simple.

This technique does not rely on the system protecting cloners capturing the PIN
as it is transmitted. Indeed, that is not possible with current phones.
It relies on the difficulty of associating the PIN, transmitted on whichever
voice channel is assigned to the call, with the MIN and ESN that are transmitted
on the control channel. Because of this, the PIN technique will inconvenience
cloners, but only for a short while. Anyone with a basic knowledge of the
EIA/TIA-553 analog air interface standard, a cellular phone, a PC, easily
available software (about $100), a special cable (about $25) and some "C"
programming skill can overcome this technique. The reason that it is so easy
to overcome is the same reason the legitimate cellular phone has no trouble
finding the correct voice channel and transmitting the PIN digits.

Following similar logic to the legitimate phone, the forger will have no
trouble finding the same voice channel and receiving and storing the digits.

Another way around the system is for cloners to emulate roamers, for which no
PIN will be recorded in the local switch. This will work until IS-41 Revision
C is generally available, which supports the PIN concept.


It is quite possible that, as the PIN technique is implemented, subscribers
and carriers will see a large drop in cloning traffic for a short time ...
followed by a resurgence. Trouble is brewing for carriers when they try to
defend continued use of PINs when their subscribers start seeing large
clone-attack bills again.

If a PIN is not the answer, what is the counterweight to counterfeiting? In
one word; Digital. In the short term digital is just a much more complex and
inaccessible technology for cloners to monitor than analog. In the long term
digital will provide authentication, which is virtually immune to cloning (if
used correctly). Digital phones also provide voice encryption which is
important for preventing fraud, because it may make stolen service unusable,
even if the authentication barrier can be overcome. Analog and NAMPS phones
with authentication (TIA IS-91) will also be important, but only in the long
term, because the current cellular network does not generally support
authentication even for home subscribers, let alone for roamers. Also,
analog phones do not support voice encryption, making them less secure even
when authentication is fully available.

------------------------------------------------------
WHY MINs ARE PHONE NUMBERS AND WHY THEY SHOULDN"T BE

Everyone knows that a cellular phone's MIN is its phone number.

What few know is that it doesn't have to be that way, and that some problems
of the cellular industry are caused because today it usually is that way.

First it is important to distinguish between the terms Directory Number (DN)
and MIN (Mobile Identification Number). The directory number is the phone
number that can be used to dial a cellular phone from anywhere in the world
while the MIN is designed for use across the radio interface to identify a
cellular phone, and by the network to identify the home system that the phone
belongs to.

Figure 1 illustrates where the MIN is used, where the directory number is used,
and the gateways between the world of directory numbers and the arena of MINs.

Directory Numbers

Directory numbers are phone numbers that can be dialed from any phone to
access any other phone in the world, conforming to the ITU-T E.164 standard.
When dialing internationally, the full directory number must be used including
the Country Code, some regional digits (the area code in North America) and the
local number. Directory numbers have several uses for reaching cellular
phones:


1.To make a call to a cellular phone.

2.To allow an originating MSC to request a routing number from the HLR (which
will perform the Directory Number to MIN translation) to allow use #1 to work
even when the cellular phone is roaming.

3.To enable the SS7 data network to route the IS-41 LocationRequest message
to the correct HLR (to support use #2 above).

MIN
---
The MIN is used only within the cellular network (the oval area in Figure 1).
Within its domain, the MIN is used for several purposes:

1.To identify the mobile sending a message across the air interface to a base
station (e.g. registration, origination or page response).

2.To direct a radio interface message to a specific mobile (e.g. page).

3.To route IS-41 messages (e.g. using SS7 global title translation) to the
HLR (Home Location Register) of a cellular phone when its presence is detected
by an MSC (e.g. by autonomous registration).

4.To make a roamer port call from outside the cellular network when the
location of the mobile is known by the caller.

DN/MIN Segregation
------------------
Figure 1 illustrates the two interface points between the domain of DN's and
MINs:

1.The HLR is the point where a dialed DN is translated to a MIN for a call
incoming to a mobile.

2.The Roamer Port is accessed by dialing a DN (often NXX-ROAM) in the system
the mobile is believed to be in. It provides second dialtone and then accepts
the MIN, before using it to page the mobile.

Advantages When MIN = DN
------------------------
There are advantages to keeping the MIN and directory number the same:
1.Carriers do not need to enter, and HLR's do not need to store, a separate
MIN and directory number for every cellular phone.

2.Subscribers need only know one number.


3.The same phone number can be used to dial a cellular phone using call
delivery (DN required) and via the roamer port (MIN required).

4.MINs do not need to be allocated and managed.

Problems When MIN = DN
======================
Life is never simple and there are, as you may have guessed, several problems
that occur because the MIN and DN are required to be the same:

1.Services, such as extension phone, that allow several mobiles to share a
single directory number do not work well if the mobiles share the same MIN,
due to restrictions in the analog and digital air interface standards, and
some fraud management systems, that assume that MINs are assigned to one,
and only one, phone. Therefore, full implementation of these features requires
all but one member of the extension phone group to have a MIN that is not the
same as the group's directory number.

2.MINs are only 10 digits long and therefore cannot encode all international
directory numbers. Even when international numbers fit in 10 digits, they will
match a potential North American directory number. On the other hand, if MINs
were allocated separately from directory numbers there would be no ambiguity.

3.Directory numbers are allocated by the North American Numbering Plan
Administrator. With a shortage of numbers, many constraints are placed on the
allocation of MINs. If MINs were allocated separately, 10 billion numbers
would be available exclusively to cellular phones.

4.Due to the shortage of directory numbers, services that could be built upon
multiple MINs within a single phone are not, in order to conserve directory
numbers. An example of this would be having a separate MIN for Voice, Fax,
Data and Short Message services in one phone. Separate MIN's would make it
easier to identify the terminating service and also to route outgoing calls
using SS7 networking Global Title Translation.

5.If a MIN has to be changed, the directory number must also be changed,
causing unnecessary inconvenience to the subscriber, who may have to reprint
business cards etc. An example is when a MIN is reused and the discontinued
phone with the same MIN is still turned on, although not in use. This phone
will intercept calls to the legitimate subscriber, whose phone number will
have to be changed to keep it the same as the MIN.

6.If a directory number has to be changed, the MIN has to be reprogrammed.
Changing the directory number is simple for the carrier, but forcing a
parallel change to the MIN requires reprogramming all affected cellular
phones.  This situation occurs when an area code is split or overlayed, and
some or all mobiles are moved into the new area code.

7.Preprogrammed, mass distribution, phones are not possible (e.g.
shrink-wrapped) as the MIN must be programmed in the phone. If the MIN is the
same as the directory number, it is not be possible to ensure that it is a
local number to the purchaser. If the Directory Number is separate, it could
be allocated after service is established or, if terminating service is not
required, not allocated at all.

When a MIN does not match a DN
------------------------------
There are phones in use today which have a different MIN and DN. This can be
accomplished in two ways: by wasting a DN or by allocating a non-dialable MIN.

An example of the first method is to configure an extension phone service with
a separate MIN and DN for each phone in the group.  One, or any, DN could be
used to reach a phone with any MIN in the group. Assuming that such services
are used by a small fraction of subscribers, the waste of directory numbers
will not be significant.

A more exotic alternative, is to take advantage of the 2 billion MINs that
cannot be directory numbers. These are all the MIN's starting with the digit 0
or 1. Some of these numbers are already in use for special services (such as
shrink wrapped phones). The problem with these numbers at present, is that
there is no agency authorized to allocate them to carriers. Currently the CTIA
subsidiary, Cibernet, is compiling a list of the blocks that have been
allocated. This, however, is a voluntary effort and could easily allow
conflicts or inefficient allocation to result.

Summary
---------
There are advantages and disadvantages to both keeping the MIN and Directory
Number the same, and in separating them. The trend appears to be slowly toward
separation of MIN and DN, but possibly so slowly that the majority of phones
will always have the same MIN and DN. Luckily, the transition can be gradual,
assuming that the available non-dialable MIN resource is not exhausted
wastefully before carriers realize its full value and potential.

----------------------------------------------------------------------------
Downloaded from Phoenix Rising Communications.

This text file is copyright as indicated at the beginning of the text.  It was
publically available without charge on CompuServe and forwarded via mail to
Phoenix Rising Communications for additional distribution without charge.

 