Specifications
Sierra Wireless, Inc. CDPD Primer
2130006 Rev 1.0 Page 24
5.1.3. Equipment Identifier (EID)
Each M-ES device has an Equipment Identifier (EID), which, unlike the changeable NEI, is a
fixed number completely unique to that M-ES. The EID is a 48-bit number based on the IEEE
Organizationally Unique Identifier (OUI). The EID represents a universal address that is
unique to a subscriber unit such as a modem or cellular handset. The first 24-bits of this address
are the OUI assigned to each CDPD equipment manufacturer by the IEEE, and the second 24-bits
are assigned by the equipment manufacturer when the device is made. It represents a unique
electronic serial number for the subscriber device. No two devices in CDPD can have the same
EID.
When a user initially signs up for service with a CDPD service provider, they are required to give
the EID to the service provider. This EID then becomes part of the CDPD Subscriber Directory
Profile that the CDPD service provider maintains for each subscriber on that CDPD network.
So, for instance, a subscriber with a CDPD modem already functioning on the network might
replace the modem with a newer one. That newer modem will have a different EID that must be
reported to the CDPD carrier, which must then assign an NEI to the new unit. Until the new EID
is mapped to an NEI, the new modem will not work on the CDPD network.
5.1.4. Authentication and Verification
In order to prevent piracy and “cloning” of CDPD devices, and thus fraudulent network use and
billing, the CDPD standard provides sophisticated mechanisms for NEI authentication and
verification. It can confirm that only the authorized possessor of the NEI (the modem assigned
that NEI by the carrier) is using it.
The authentication process uses three numbers: the NEI, the Authentication Sequence Number
(ASN), and the Authentication Random Number (ARN), which together form the credentials
of that M-ES. Although a CDPD subscriber can determine their NEI, they cannot obtain the ASN
or ARN. When a subscriber’s M-ES performs the authentication procedure during network
registration, the CDPD network’s serving MD-IS forwards these credentials to the home MD-IS
(if they differ), which is holding the current values of the ASN and ARN. If the stored values do
not match those provided by the M-ES, the home MD-IS notifies the serving MD-IS of the failure,
and the M-ES is not allowed to connect.
From time to time, the home MD-IS generates a new (random) value for the ARN, and it then
increments the ASN by one. The home MD-IS delivers the new ARN to the M-ES via the serving
MD-IS, as an option in the final step of the encrypted registration process. The M-ES stores this
ARN internally and increments its local ASN by one.
Note that although the ARN is synchronized between the M-ES and the MD-IS, they maintain
separate versions of the ASN, which are separately incremented by one with each change to the
ARN. This process helps prevent other M-ESs from impersonating the real one, since there is no
way for another M-ES to know the initial value of the ASN—it is never sent over the airlink or
any other part of the network—and if the ARN and ASN do not correspond, authentication fails.
In addition, the end user cannot read or alter the ASN or ARN values stored locally in the M-ES.
Once a user has registered an NEI and an M-ES, which establishes an ASN and ARN pair, they
cannot simultaneously use that NEI with a different CDPD modem—although the modem, which
is the M-ES as far as the network is concerned, could be used in a different notebook, for instance.
If anyone attempted authentication with a different M-ES, then the ASN and ARN stored at the
home MD-IS (which correspond to those stored in the original M-ES) and the ASN and ARN
stored in the new M-ES (which would most likely be the initial values set when the unit was
manufactured) would disagree. The authentication would fail, and the subscriber would be denied
access to the CDPD network. Any subscriber attempting to use another subscriber’s NEI on the
CDPD network would also be denied access.
Therefore, if a user replaces or changes modems, they must contact their service provider to
establish new credentials before they can use the new modem. The carrier can reset the NEI and