Blockchain for ICT Supply Chain Security: Part 1 – The Enhanced MEID (E-MEID)

By Kevin L. Jackson, SVP, Total Network Services Corporation

This is Part 1 of a 3 Part Series on the Enhanced Mobile Equipment Identifier (E-MEID) and how it can be used to improve ICT Supply Chain Security. The E-MEID is a tokenized MEID that creates a globally unique, auditable, and verifiable data repository for any physical or virtual asset connected to the wireless network. Part 1,”The Enhanced MEID (E-MEID)”, explains the E-MEID concept.

According to a 2017 Office of Economic Cooperation and Development (OECD) study, the Information Communications Technology (ICT) industry annually sells approximately $140B in counterfeit parts.  These sales indicate a supply chain security failure that results in 6.5% of ICT products having counterfeit parts and nearly 20% of mobile phones shipped being fake. Consequently, our industry must protect the ICT infrastructure by focusing on network and product security. We must also go beyond current standards that concentrate solely on organizational information security and are not specific enough to address potential security vulnerabilities in the supply chain.

This challenge is why the TIA initiated its Supply Chain Security 9001 Standard development work in 2020. The effort represents a comprehensive approach to improving supply chain security by incorporating proven elements of existing industry-driven standards and adding new ICT requirements that address modern networks and their supporting technologies. This issue is why identifying possible solutions, properly vetting those options, and deploying effective supply chain security solutions are top of mind for many ICT executives. TNS Corporation and TIA support these activities by vetting a new blockchain application for ICT network security as part of the SCS 9001 Standard Pilot tests being conducted during the third quarter of 2021.

 

Enhanced Mobile Equipment Identifier

 

A blockchain is simply a shared digital ledger capable of recording and verifying transactions between two or more parties. This documentation is cryptographically protected and immutable, meaning it cannot be changed without consensus agreement by all participating parties. Blockchain’s most famous use case is in the financial industry, where it is the foundational technology behind digital cryptocurrencies, like Bitcoin. However, the shared digital ledger concept can apply to any use case where two or more parties want to maintain verified and auditable transaction records. For supply chain security, the transaction records support the protection and provenance of telecommunications equipment.

Starting in early 2020, we approached TIA with a concept referred to as an Enhanced Mobile Equipment Identifier (E-MEID). The E-MEID is based on the MEID, a globally unique 56-bit identification number for a physical piece of mobile station equipment. Globally administered by the TIA, MEIDs typically show the manufacturer code and the equipment serial number. The number is permanently affixed to the device and used to facilitate mobile equipment identification and tracking. Assignments are coordinated with International Mobile Equipment Identifiers (IMEIs) to enable global roaming and harmonization between 3G, 4G, and 5G technologies.

Our concept was to attach an MEID to a blockchain specifically designed to support ICT supply chain security. If an MEID is attached to a blockchain, a globally unique digital token can be created that can represent any associated physical or digital asset. This token would be referred to as an Enhanced MEID. “Tokenization” is the name of this process. When attached to a blockchain, the MEID documentation capabilities expand to include hardware bill-of-material (BOM), Software BOM, and software remediation activity. This additional capability can enhance an organization’s hardware and software supply chain visibility, component provenance, and internal change management processes. TNS is also partnering with Rypplzz on this endeavor. Their Interlife™ spatial engineering technology adds time tagged geolocation data and geofenced functional management capability to the Enhanced MEID solution. These additions can dramatically enhance security measures and provide near-real-time operational options based on the location of the associated asset. An organization, for example, could disable software running on an E-MEID provisioned piece of equipment based on its geolocation. As part of our collaboration, TIA has allocated up to thirty-two (32) A1 blocks of MEID numbers to TNS (33,554,432 numbers). These can be “tokenized” to create 33,554,432 individual Enhanced MEID (E-MEID). Pre-assigned MEIDs can also be “tokenized” through a post-deployment blockchain registration process.

E-MEID could also be used to automate internal management processes. For example, relevant vulnerabilities at a user-specified severity level can be automatically detected and recorded using the CVE/NVD feed, listed in a specified MEID field, and be immediately flagged for action as specified by the organization’s change management process. By documenting equipment bill of materials (BOM), for both hardware and software, recording that data in a tokenized MEID field so component changes can be documented and verified by appropriately certified security audit personnel. The distributed ledger can also record digital signatures validating the initial BOM, any subsequent modifications and automate the collection of supplier performance data. This capability can monitor and evaluate supply chain security maturity and automate input to external provider performance management processes. The information is also available for rapid identification and response to product recall or required design or configuration changes.

If you are interested in learning more about the Enhanced MEID or the associated SCS 9001 Pilot demonstrations, please contact Kevin L. Jackson, SVP TNS Corporation, via email at Kevin@TNSCorp.io.

 

This was Part 1 of a three part series. Part 2, “IoT and NFT Management Use Cases“, describes how the E-MEID can be used to enhanced Internet-of-Things (IoT) security and prevent unlicensed access to Non-Fungible Token (NFT) based digital art.

 

TNS is a blockchain solution provider focused on the development of cross-industry interoperable blockchain-based solutions. Our partnership with TIA focuses on using blockchain to securely record, automate, verify, and ensure the provenance of supply chain security-related data.  TNS is also partnering with Rypplzz in this endeavor. Their Interlife™ spatial engineering technology adds geolocation and geofencing data to the E-MEID data fields. This is used to dramatically enhance ICT supply chain security and management capabilities. TechnoGen, Inc. is also participating in the SCS 9001 pilot in the role of Certifying Body for the pilot firms assuring their compliance with SCS 9001 Standard and registering them into the SCS 9001 ecosystem of qualified firms.

 

TIA does not endorse TNS or the solutions it proposes.  TIA is technology and vendor neutral.  The MEID is managed by TIA and the “enhanced” aspects proposed by TNS are products and services that utilize the MEID but are not standardized by TIA engineering committees nor approved or marketed by TIA.