Blockchain for ICT Supply Chain Security: Part 1 – The Enhanced MEID (E-MEID)
This is Part 1 of a 3 Part Series on the Enhanced Mobile Equipment Identifier (E-MEID) and how it can be used to improve ICT Supply Chain Security. The E-MEID is a tokenized MEID that creates a globally unique, auditable, and verifiable data repository for any physical or virtual asset connected to the wireless network. Part 1,” The Enhanced MEID (E-MEID)”, explains the E-MEID concept.
According to a 2017 Office of Economic Cooperation and Development (OECD) study, the Information Communications Technology (ICT) industry annually sells approximately $140B in counterfeit parts. These sales indicate a supply chain security failure that results in 6.5% of ICT products having counterfeit parts and nearly 20% of mobile phones shipped being fake.
As a consequence, our industry must protect the ICT infrastructure by focusing on network and product security. We must also go beyond current standards that concentrate solely on organizational information security and are not specific enough to address potential security vulnerabilities in the supply chain.
This challenge is why the Telecommunications Industry Association initiated its Supply Chain Security 9001 Standard development work in 2020. The effort represents a comprehensive approach to improving supply chain security by incorporating proven elements of existing industry-driven standards and adding new ICT requirements that address modern networks and their supporting technologies.
This issue is why identifying possible solutions, properly vetting those options, and deploying effective supply chain security solutions are top of mind for many ICT executives. TNS Corporation and TIA support these activities by vetting blockchain’s application to ICT network security as part of the SCS 9001 Pilot being conducted during the third quarter of 2021.
TNS is a blockchain solution provider focused on the development of cross-industry interoperable blockchain-based solutions. Our partnership with TIA focuses on using blockchain to securely record, automate, verify, and ensure the provenance of supply chain security-related data.
TNS is also partnering with Rypplzz in this endeavor. Their Interlife™ spatial engineering technology adds geolocation and geofencing data to the E-MEID data fields. This is used to dramatically enhance ICT supply chain security and management capabilities. TechnoGen, Inc. is also part of the TNS team. They will be participating in the SCS 9001 pilot in the role of Certifying Body for the pilot firms assuring their compliance with SCS 9001 Standard and registering them into the SCS 9001 ecosystem of qualified firms.
Enhanced Mobile Equipment Identifier
A blockchain is simply a shared digital ledger capable of recording and verifying transactions between two or more parties. This documentation is cryptographically protected and immutable, meaning it cannot be changed without consensus agreement by all participating parties.
Blockchain’s most famous use case is in the financial industry, where it is the foundational technology behind Bitcoin. However, the shared digital ledger concept can apply to any use case where two or more parties want to maintain verified and auditable transaction records. For supply chain security, the transaction records support the protection and provenance of telecommunications equipment.
Starting in early 2020, we approached TIA with a concept referred to as an Enhanced Mobile Equipment Identifier (E-MEID). The E-MEID is based on the MEID, a globally unique 56-bit identification number for a physical piece of mobile station equipment. Globally administered by the TIA, MEIDs typically show the manufacturer code and the equipment serial number.
The number is permanently affixed to the device and used to facilitate mobile equipment identification and tracking. Assignments are coordinated with International Mobile Equipment Identifiers (IMEIs) to enable global roaming and harmonization between 3G, 4G, and 5G technologies.https://www.linkedin.com/embeds/publishingEmbed.html?articleId=8554920551701839290
Our concept was to attach a MEID to a blockchain specifically designed to support ICT supply chain security. If a MEID is attached to a blockchain, a globally unique digital token is created capable of representing any associated physical or digital asset. This token is an Enhanced MEID.
“Tokenization” is the name of this process. When attached to a blockchain, the MEID documentation capabilities expand to include hardware bill-of-material (BOM), Software BOM, and software remediation activity.
This additional capability can enhance an organization’s hardware and software supply chain visibility, component provenance, internal change management processes. The geospatial engineering additions from Rypplzz can dramatically enhance security and provide near-real-time operational options based on the location of the associated physical or virtual asset.
An organization, for example, could disable software running on an E-MEID provisioned piece of equipment based on its geolocation. As part of our collaboration, TIA has allocated up to thirty-two (32) A1 blocks of MEID numbers to TNS (33,554,432 numbers). These can be “tokenized” to create 33,554,432 individual Enhanced MEID (E-MEID). Pre-assigned MEIDs can also be “tokenized” through a post-deployment blockchain registration process.
E-MEID can also be used to automate many internal management processes. For example, relevant vulnerabilities at a user-specified severity can be automatically detected and recorded using the CVE/NVD feed, listed in a specified MEID field, and immediately flagged for action as specified by the organization’s change management process.
By documenting equipment BOM (hardware and software) and recording that data in a tokenized MEID field, component changes can be documented and verified by appropriately certified security audit personnel. The distributed ledger can also record digital signatures validating the initial BOM, any subsequent modifications and automate the collection of supplier performance data.
This capability can monitor and evaluate supply chain security maturity and automate input to external provider performance management processes. The information is also available for rapid identification and response to product recall or required design or configuration changes.