How is the uniqueness of the identifiers guaranteed?
- Philippe Rousselet
- Category: Unique identifiers
- Hits: 1499
If we consider all the AMCs issued in a given service perimeter, the uniqueness of a predefined identifier is guaranteed by all the following fields:
- PIDXSector (2 bytes) which defines the service perimeter ;
- PIDXKeyRef (2 bytes) which defines the TDES key used to calculate the identifiers from a root value;
- PIDXValue (4 bytes) which defines the value calculated from the above key and a root value.
This uniqueness is ensured by the respect of the rules defined for the choice of the values of PIDXSector, PIDXKeyRef, and PIDXValue.
Within a given information system, PIDXKeyRef or PIDXSector can be omitted if they are identical for all AMCs managed by this system.
So, in the case of the common AMC, to use one of the ranges defined on the ADCET site (Common AMC value ranges), it is necessary and sufficient that in the data structure of the predefined identifiers there is :
- PIDScopeID = 250E00h (common AMC).
- PIDXKeyRef = 0101h (TDES key referenced on the ADCET site, Keys for the predefined identifiers of the common AMC)
Of course, it is also necessary that the one who produces the predefined identifiers takes values only in the ranges which were allocated to him by the ADCET.
IMPORTANT - Rule of uniqueness and non-correlation: the issuer of the predefined identifiers (indicated by PIDIssuerReference) guarantees that each value it generates is used only once for a given sector of activity, and that the identifier must not be deduced from the sole knowledge of one or more other AMC identifiers
The principles of value generation used for the common AMC, and recommended for the specific AMCs, are as follows:
- the issuer of predefined identifiers has a whole range of values of 4 bytes (i.e. more than 4 billion possible values) which he can subdivide as he wishes. It is for example possible to split it into smaller ranges assignable to different subcontractors or to different projects, provided that these ranges do not overlap;
- A triple-DES ("TDES") key managed by the governance of the service scope (ADCET for the AMC commue) is used. This key must remain confidential because it can predict the numbers of the AMC applications: only the entities that generate the identifiers need to know it.