DOCSLIB.ORG

Financial Inclusion Global Initiative (Figi)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Financial Inclusion Global Initiative (Figi) International Telecommunication Union FINANCIAL INCLUSION GLOBAL INITIATIVE (FIGI) TELECOMMUNICATION (05/2019) STANDARDIZATION SECTOR OF ITU Security, Infrastructure and Trust Working Group Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions Report of Security Workstream FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. A new global program to advance research in digital finance and accelerate digital financial inclusion in developing countries, the Financial Inclusion Global Initiative (FIGI), was launched by the World Bank Group, the International Telecommunication Union (ITU) and the Committee on Payments and Market Infrastructures (CPMI), with support from the Bill & Melinda Gates Foundation. The Security, Infrastructure and Trust Working Group is one of the three working groups, which has been established under FIGI and is led by the ITU. The other two working groups are the Digital Identity and Electronic Payments Acceptance Working Groups and are led by the World Bank Group. © ITU 2019 This work is licensed to the public through a Creative Commons Attribution-Non-Commercial-Share Alike 4.0 International license (CC BY-NC-SA 4.0). For more information visit https://creativecommons.org/licenses/by-nc-sa/4.0/ Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions Security Workstream ii About this report This report was written by Assaf Klinger with special thanks to Dr. Leon Perlman for his helpful support and contribution and the members of the Security, Infrastructure and Trust Working Group for their comments and feedback. Vijay Mauree, ITU provided overall guidance for this report. For queries regarding the report, please contact, Vijay Mauree at ITU (email: [email protected]) iii Table of Contents Page Executive Summary ............................................................................................................................................. 1 Abbreviations and acronyms ............................................................................................................................... 2 1 Introduction ............................................................................................................................................ 3 2 Impact of Telecom vulnerabilities on DFS ............................................................................................ 3 2.1 Over the counter cash fraud .............................................................................................................. 3 2.2 Account takeover .............................................................................................................................. 3 2.3 Social engineering ............................................................................................................................ 3 3 Telecom vulnerabilities and attack surfaces ........................................................................................... 3 4 Common types of telecom attacks .......................................................................................................... 4 5 The commonality of Telecom attacks .................................................................................................... 6 6 The Challenge ........................................................................................................................................ 7 7 Misconception: Isn’t it hard to attack the telco? Governments do that ................................................. 7 8 The Cellular attack kill chain ................................................................................................................. 8 9 Examples of attacks on DFS infrastructure ............................................................................................ 10 9.1 SMS OTP interception...................................................................................................................... 10 9.2 Social engineering of sensitive credentials using USSD .................................................................. 11 9.3 Denial of service attacks ................................................................................................................... 12 9.4 SIM card swap .................................................................................................................................. 12 9.5 SIM card recycle ............................................................................................................................... 12 10 Mitigation strategies for mobile operators ............................................................................................. 13 10.1 FS.11: SS7 Interconnect Security Monitoring Guidelines..................................................... 13 10.2 FS.07 SS7 and SIGTRAN Network Security ........................................................................ 13 10.3 IR.82 Security SS7 implementation on SS7 network guidelines ........................................... 13 10.4 IR.88 LTE and EPC Roaming Guidelines ............................................................................. 13 10.5 Mitigations in GSMA documents vs common telecom attacks ............................................. 14 11 Implementation of mitigation among mobile operators ......................................................................... 15 12 Mitigation strategies for DFS providers ................................................................................................. 16 12.1 Detecting and mitigating account take over using intercepted OTP SMS ............................. 17 12.2 Detecting and mitigating social engineering attacks with MT-USSD ................................... 17 12.3 Detecting and mitigating interception of MO-USSD transactions ........................................ 17 12.4 Detecting and mitigating unauthorized SIM card swap......................................................... 18 12.5 Detecting, preventing and mitigating SIM card recycle ........................................................ 19 12.6 Embedding data within the user’s phone for authentication .................................................. 19 12.7 Regulatory Activities ............................................................................................................. 19 13 Conclusions and recommendations ........................................................................................................ 21 13.1 Conclusions ........................................................................................................................... Error! Bookmark not defined. iv 13.2 Recommendations ................................................................................................................. Error! Bookmark not defined. Annex A Technical description of SS7 and Diameter ........................................................................................ 23 A.1 The SS7 Protocol stack.......................................................................................................... 23 A.2 The Diameter protocol stack ................................................................................................. 24 A.3 EPC protocol stack ................................................................................................................ 24 A.4 Support of voice services and SMS ....................................................................................... 25 Annex B Template for a Model MOU between a Telecommunications Regulator and Central Bank related to DFS Security .......................................................................................................................................... 27 v Executive Summary The world of digital financial services (DFS) relies heavily on the underlying telecommunications infrastructure to enable users send and receive money. In most developing countries where DFS is popular, most of the end-users do not have reliable and accessible means to connect to Internet and thus rely heavily on the mobile communications infrastructure. The communication channels in which the end-user communicates with the DFS provider are mostly Unstructured Supplementary Service Data (USSD), Short Messaging Service (SMS). USSD and SMS have long been known as “broken” and have many published vulnerabilities, some over 20 years old, which enables attackers to commit fraud and steal funds. The core issue that inhibits the mitigation of these vulnerabilities is a misalignment of interests and misplaced liability between the telecom and the financial regulators. ITU and GSMA have long ago published guidelines and advisories to telcos on how to mitigate many of these vulnerabilities; however, the implementation rate of these mitigation measures is extremely low. According to surveys performed by this working group and the European Union Agency for Network and Information Security (ENISA), less than 30% of the telcos in the European Union (EU) and less than 0.5% of telcos in developing countries
Load more

Recommended publications
  • NSP Network Services Platform Release 18.6 Glossary
    NSP Network Services Platform Release 18.6 Glossary 3HE-14073-AAAB-TQZZA Issue 1 June 2018 NSP Legal notice Nokia is a registered trademark of Nokia Corporation. Other products and company names mentioned herein may be trademarks or tradenames of their respective owners. The information presented is subject to change without notice. No responsibility is assumed for inaccuracies contained herein. © 2018 Nokia. Release 18.6 June 2018 2 3HE-14073-AAAB-TQZZA Issue 1 About this document NSP Glossary 1 About this document 1.1 Purpose The NSP Glossary defines terms, acronyms, and initialisms used in the NSP documentation. Glossary entries that are marked with an asterisk (*) are reproduced with permission from LTE – The UMTS Long Term Evolution: A Pocket Dictionary of Acronyms, © 2009 Stefania Sesia, Issam Toufik, and Matthew Baker, available at http://www.wiley.com/go/sesia_theumts. 1.2 Document support Customer documentation and product support URLs: • Customer Documentation Welcome Page • Technical support • Documentation feedback Release 18.6 June 2018 Issue 1 3HE-14073-AAAB-TQZZA 3 About this document NSP Release 18.6 June 2018 4 3HE-14073-AAAB-TQZZA Issue 1 Glossary NSP Glossary Numerics 10/100/1000Base-FX A networking standard that supports data transfer rates of up to 1000 Mb/s over two optical fibers. 10/100/1000Base-TX An Ethernet technology that supports data transfer rates of up to 1000 Mb/s using twisted-pair copper wire. 10/100Base-TX An Ethernet standard that supports data transfer rates of up to 100 Mb/s using two pairs of data-grade, twisted-pair copper wire.
    [Show full text]
  • Openairinterface Core Network: Recent Enhancements in OAI EPC Beken Dincer, BLACKNED and Gauthier Lionel, EURECOM Outline
    OpenAirInterface Core Network: Recent enhancements in OAI EPC Beken Dincer, BLACKNED and Gauthier Lionel, EURECOM Outline . EPC fundamentals . OAI Core Network Overview . Recent developments . OAI Core Network detailed . Future plans 25/06/2019 - - p 1 Outline . EPC fundamentals 3GPP picture of network function and interfaces. Releases and features . OAI Core Network Overview . Recent developments . OAI Core Network detailed . Future plans 25/06/2019 - - p 2 Core Network Fundamentals – Purpose of CN . Evolved Packet Core Network Purpose and history Evolved Packet Core (EPC) is a framework for providing converged voice and data on a 4G Long-Term Evolution (LTE) network. Source http://www.3gpp.org/technologies/keywords-acronyms/100-the-evolved-packet-core 25/06/2019 - - p 3 Core Network Fundamentals . High level functions Network Access Control Functions. – Authentication and authorization, admission control, Policy and charging enforcement Packet Routing and Transfer Functions: IP header compression function, packet screening. Mobility Management Functions. – Reachability management for UE in ECM-IDLE state Security Functions. Radio Resource Management Functions. Network Management Functions (O&M) – GTP-C signaling based Load and Overload Control, Load balancing between MME, MME control of overload, PDN GW control of overload 25/06/2019 - - p 4 Core Network Fundamentals - Architecture 25/06/2019 - - p 5 Core Network Fundamentals – Access Networks WiMax, CDMA2000, WLAN, fixed networks 25/06/2019 - - p 6 Core Network Fundamentals –
    [Show full text]
  • F5 and the Growing Role of GTP for Traffic Shaping, Network Slicing, Iot, and Security
    OVERVIEW F5 and the Growing Role of GTP for Traffic Shaping, Network Slicing, IoT, and Security For years, F5 BIG-IP solutions have managed GPRS Tunneling Protocol (GTP) traffic. Now, in part due to EU regulations, GTP traffic growth is much higher than ever before. International trends show that mobile data is increasing, as is the demand for smart and secure GTP traffic handling. In this document, we will explain GTP, where it is typically used, and where BIG-IP solutions provide significant value. What is GTP? GTP is a group of IP-based communication protocols used to carry General Packet Radio Service (GPRS) within GSM, UMTS, and LTE networks. In 3GPP architectures, GTP and Proxy Mobile IPv6-based interfaces are specified on various interface points. GTP in GPRS (2.5G and 3G) Networks GTP is a set of three separate protocols: GTP Control (GTP-C), GTP User (GTP-U), and GTP Prime (GTP’). GTP-C is used within the GPRS core network for signaling between gateway GPRS support nodes (GGSN) and serving GPRS support nodes (SGSN), as demonstrated by the Gn interface on the diagram below. GTP-C allows the SGSN to activate and deactivate a user’s session, adjust quality- of-service parameters, or update sessions when subscribers arrive from another SGSN. HLR MSC Gr Gs luPS Internet Gi Gn SGSN RNC UMTS Radio Network (RAN) GGSN Gb Corporate SGSN PCU GSM Radio Network Network (BSS) Figure 1: GTP in GPRS (2.5G and 3G networks). OVERVIEW | F5 and the Growing Role of GTP 2 GTP-U carries user data within the GPRS core network, and between the radio access network and core network.
    [Show full text]
  • Leveraging Programmable Dataplanes for a High Performance 5G User Plane Function
    Leveraging Programmable Dataplanes for a High Performance 5G User Plane Function Abhik Bose∗ Diptyaroop Maji† Prateek Agarwal Department of Computer Science Department of Computer Science Department of Computer Science & Engineering Indian Institute of & Engineering Indian Institute of & Engineering Indian Institute of Technology Bombay, India Technology Bombay, India Technology Bombay, India abhik@cse:iitb:ac:in diptyaroop@cse:iitb:ac:in prateekag@cse:iitb:ac:in Nilesh Unhale Rinku Shah Mythili Vutukuru‡ Department of Computer Science Department of Computer Science Department of Computer Science & Engineering Indian Institute of & Engineering Indian Institute of & Engineering Indian Institute of Technology Bombay, India Technology Bombay, India Technology Bombay, India nileshunhale@cse:iitb:ac:in rinku@cse:iitb:ac:in mythili@cse:iitb:ac:in ABSTRACT work presents a preliminary implementation towards a com- Emerging 5G applications require a dataplane that has a high prehensive programmable dataplane-accelerated 5G UPF. forwarding throughput and low processing latency, in ad- dition to low cost and power consumption. To meet these CCS CONCEPTS requirements, the state-of-the-art 5G User Plane Functions • Networks ! In-network processing; Programmable (UPFs) are built over high performance packet I/O mech- networks; Network performance analysis; Mobile networks. anisms like the Data Plane Development Kit (DPDK), and further offload some functionality to programmable data- KEYWORDS plane hardware. In this paper, we design and implement 5G core, cellular networks, programmable networks, DPDK several standards-compliant UPF prototypes, beginning with a software-only DPDK-based UPF, progressing to designs ACM Reference Format: which offload different functions to programmable hardware. Abhik Bose, Diptyaroop Maji, Prateek Agarwal, Nilesh Unhale, Rinku Shah, and Mythili Vutukuru.
    [Show full text]
  • 5GS Roaming Guidelines Version 3.0 17 November 2020
    GSM Association Non-confidential Official Document NG.113 - 5GS Roaming Guidelines 5GS Roaming Guidelines Version 3.0 17 November 2020 This is a Non-binding Permanent Reference Document of the GSMA Security Classification: Non-confidential Access to and distribution of this document is restricted to the persons permitted by the security classification. This document is confidential to the Association and is subject to copyright protection. This document is to be used only for the purposes for which it has been supplied and information contained in it must not be disclosed or in any other way made available, in whole or in part, to persons other than those permitted under the security classification without the prior written approval of the Association. Copyright Notice Copyright © 2020 GSM Association Disclaimer The GSM Association (“Association”) makes no representation, warranty or undertaking (express or implied) with respect to and does not accept any responsibility for, and hereby disclaims liability for the accuracy or completeness or timeliness of the information contained in this document. The information contained in this document may be subject to change without prior notice. Antitrust Notice The information contain herein is in full compliance with the GSM Association’s antitrust compliance policy. V3.0 Page 1 of 49 GSM Association Non-confidential Official Document NG.113 - 5GS Roaming Guidelines Table of Contents 1 Introduction 4 1.1 Overview 4 1.2 Scope 4 2 Definition of Terms and Acronyms 5 2.1 Acronyms 5 2.2 Terms 7 2.3
    [Show full text]
  • Cisco Ultra Platform Evolution to 5G
    BRKSPM-2578 Cisco Ultra Platform Evolution to 5G Laurentiu Spiridon, Consulting System Engineer Cisco Spark Questions? Use Cisco Spark to communicate with the speaker after the session How 1. Find this session in the Cisco Live Mobile App 2. Click “Join the Discussion” 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#BRKSPM-2578 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public Agenda • “5G” Defined • 5G Market Status • Cisco Ultra solution and its evolution • 5G Ready Technologies and 5G Non-Standalone Core • Next Generation 5G Mobile Core Agenda • “5G” Defined • 5G Market Status • Cisco Ultra solution and its evolution • 5G Ready Technologies and 5G Non-Standalone Core • Next Generation 5G Mobile Core The Next Mobile Generation 2020s 2010s 5G Digitization 2000s 4G 1990s 1980s 3G • LTE/LTE-A, 2G Broadband data 1G • WCDMA, & video • Digital CDMA2000 • Analog • GSM, IS-95, IS-136 • Voice & data • AMPS • Voice capacity • Voice BRKSPM-2578 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 ? 5G Digitization BRKSPM-2578 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 5G is led by new services Ultra Reliability Broadband access Higher Massive (Wherever + Whenever) AR/VR everywhere user mobility Internet of Things Ultra Capacity and Coverage 1G UHD Video Average 1 Gbps per High Speed Train Sensor Networks Ultra High-Speed device (up to 20 Gbps to cell site) Extreme real-time Ultra-reliable communications Lifeline communications communications Broadcast-like services Ultra Low Latency (1 ms End-to-End) + Massive Device Connectivity Tactile Internet Natural Disaster E-Health Services Broadcast Services Source:NGMN BRKSPM-2578 © 2018 Cisco and/or its affiliates.
    [Show full text]
  • Etsi Ts 129 244 V16.5.0 (2020-11)
    ETSI TS 129 244 V16.5.0 (2020-11) TECHNICAL SPECIFICATION LTE; 5G; Interface between the Control Plane and the User Plane nodes (3GPP TS 29.244 version 16.5.0 Release 16) 3GPP TS 29.244 version 16.5.0 Release 16 1 ETSI TS 129 244 V16.5.0 (2020-11) Reference RTS/TSGC-0429244vg50 Keywords 5G,LTE ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI deliverable is the one made publicly available in PDF format at www.etsi.org/deliver. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.
    [Show full text]
  • A Softwarized Perspective of the 5G Networks
    A softwarized perspective of the 5G networks Kleber Vieira Cardoso, Cristiano Bonato Both, Lucio´ Rene Prade, Ciro J. A. Macedo, Victor Hugo L. Lopes F Abstract—The main goal of this article is to present the fundamental to clarify that this leap hides the various intermediate steps that theoretical concepts for the tutorial presented in IEEE NetSoft 2020. comprise it. In the telecommunications industry, including for The article explores the use of software in the 5G system composed of advertising reasons, a significant amount of technological devel- the Radio Access Network (RAN) and the core components, following opments and innovations accumulate before defining a generation, the standards defined by 3GPP, particularly the Release 15. The article which was no different at 5G networks. As an example, the Re- provides a brief overview of mobile cellular networks, including basic leases provided by the 3GPP (3rd Generation Partnership Project) concepts, operations, and evolution through the called ‘generations’ of mobile networks. From a software perspective, RAN is presented in the that is one of the leading organizations for standardizing wireless context of 4G and 5G networks, which includes the virtualization and mobile networks. The 4G/LTE networks (Long-Term Evolution) disaggregation concepts. A significant part of the article is dedicated to were introduced in 2008 by Release 8 [5] and, since then, have 5G networks and beyond, focusing on core, i.e., considering the Service- received several updates (represented by new Releases) until the Based Architecture (SBA), due to its relevance and totally softwarized 5G networks were officially introduced by Release 15 [6] in 2018.
    [Show full text]
  • LTE; Interface Between the Control Plane and the User Plane Nodes (3GPP TS 29.244 Version 15.2.0 Release 15)
    ETSI TS 129 244 V15.2.0 (2018-07) TECHNICAL SPECIFICATION LTE; Interface between the Control Plane and the User Plane nodes (3GPP TS 29.244 version 15.2.0 Release 15) 3GPP TS 29.244 version 15.2.0 Release 15 1 ETSI TS 129 244 V15.2.0 (2018-07) Reference RTS/TSGC-0429244vf20 Keywords LTE ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.
    [Show full text]
  • View on 5G Architecture
    5G PPP Architecture Working Group View on 5G Architecture Version 3.0, June 2019 Date: 2019-06-19 Version: 3.0 Dissemination level: Public Consultation Abstract The 5G Architecture Working Group as part of the 5G PPP Initiative is looking at capturing novel trends and key technological enablers for the realization of the 5G architecture. It also targets at presenting in a harmonized way the architectural concepts developed in various projects and initiatives (not limited to 5G PPP projects only) so as to provide a consolidated view on the technical directions for the architecture design in the 5G era. The first version of the white paper was released in July 2016, which captured novel trends and key technological enablers for the realization of the 5G architecture vision along with harmonized architectural concepts from 5G PPP Phase 1 projects and initiatives. Capitalizing on the architectural vision and framework set by the first version of the white paper, the Version 2.0 of the white paper was released in January 2018 and presented the latest findings and analyses of 5G PPP Phase I projects along with the concept evaluations. The work has continued with the 5G PPP Phase II and Phase III projects with special focus on understanding the requirements from vertical industries involved in the projects and then driving the required enhancements of the 5G Architecture able to meet their requirements. The results of the Working Group are now captured in this Version 3.0, which presents the consolidated European view on the architecture design. Dissemination level: Public Consultation Table of Contents 1 Introduction........................................................................................................................
    [Show full text]
  • Junos Multi-Access User Plane User Guide
    Junos Multi-Access User Plane User Guide Published 2021-09-22 ii Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Junos Multi-Access User Plane User Guide Copyright © 2021 Juniper Networks, Inc. All rights reserved. The information in this document is current as of the date on the title page. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ("EULA") posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA. iii Table of Contents About This Guide | v 1 Understanding
    [Show full text]
  • TR-459 Control and User Plane Separation for a Disaggregated BNG
    Technical Report TR-459 Control and User Plane Separation for a disaggregated BNG Issue: 1 Issue Date: June 2020 © Broadband Forum. All rights reserved. Control and User Plane Separation for a disaggregated BNG TR-459 Issue 1 Notice The Broadband Forum is a non-profit corporation organized to create guidelines for broadband network system development and deployment. This Technical Report has been approved by members of the Forum. This Technical Report is subject to change. This Technical Report is owned and copyrighted by the Broadband Forum, and all rights are reserved. Portions of this Technical Report may be owned and/or copyrighted by Broadband Forum members. Intellectual Property Recipients of this Technical Report are requested to submit, with their comments, notification of any relevant patent claims or other intellectual property rights of which they may be aware that might be infringed by any implementation of this Technical Report, or use of any software code normatively referenced in this Technical Report, and to provide supporting documentation. Terms of Use 1. License Broadband Forum hereby grants you the right, without charge, on a perpetual, non-exclusive and worldwide basis, to utilize the Technical Report for the purpose of developing, making, having made, using, marketing, importing, offering to sell or license, and selling or licensing, and to otherwise distribute, products complying with the Technical Report, in all cases subject to the conditions set forth in this notice and any relevant patent and other intellectual property rights of third parties (which may include members of Broadband Forum). This license grant does not include the right to sublicense, modify or create derivative works based upon the Technical Report except to the extent this Technical Report includes text implementable in computer code, in which case your right under this License to create and modify derivative works is limited to modifying and creating derivative works of such code.
    [Show full text]