5G Equipment Identity Register

Description

The 5G Equipment Identity Register (5G-EIR) is a critical security function within the 5G Core (5GC) network, operating as a standalone Network Function (NF) that provides equipment identity checking services. Its primary role is to verify the legitimacy and status of User Equipment (UE) attempting to attach to the network by validating its International Mobile Equipment Identity (IMEI) or IMEI Software Version (IMEISV). The 5G-EIR maintains and queries several databases: a blacklist for stolen or prohibited devices, a greylist for devices under observation, and a whitelist for known legitimate devices. This verification is a key step in network access control, ensuring only authorized and compliant hardware can utilize network services.

Architecturally, the 5G-EIR is designed as a service-based component within the 5GC Service-Based Architecture (SBA). It exposes the N5g-eir_EquipmentIdentityCheck service to other authorized Network Functions, primarily the Access and Mobility Management Function (AMF). The AMF acts as the service consumer, invoking the 5G-EIR's service during initial registration procedures or periodically to verify a UE's equipment identity. Communication between the AMF and the 5G-EIR uses the standardized service-based interface, with messages transported over HTTP/2 with JSON payloads as defined in 3GPP TS 29.511. The 5G-EIR itself may connect to external databases, such as a central global IMEI database, to enrich its local decision-making with broader industry data on device status.

The core operation involves the AMF sending an EquipmentIdentityCheck request message to the 5G-EIR. This request contains the UE's IMEI(SV) and potentially other relevant information. The 5G-EIR processes this request by checking the provided identity against its internal lists. It then returns a response indicating the equipment status, typically with values like "WHITELISTED," "BLACKLISTED," "GREYLISTED," or "UNKNOWN." Based on this response, the AMF can decide whether to allow the registration to proceed, reject it, or apply specific restrictions. For blacklisted devices, the AMF will typically reject the registration attempt outright. The 5G-EIR's function is stateless regarding the UE session; it performs pure identity verification, leaving session management and enforcement to the AMF.

Beyond basic list checking, the 5G-EIR plays a vital role in mitigating device-based fraud and protecting network integrity. It helps operators combat the use of counterfeit devices, block devices associated with persistent malicious activity, and enforce regulatory requirements concerning approved device types. By integrating with the 5G SBA, the 5G-EIR offers a scalable, cloud-native security service that can be deployed independently and accessed on-demand by various consumer NFs, aligning with the overall 5G design principles of modularity and network slicing. Its operation is crucial for maintaining trust in the mobile ecosystem by ensuring that the underlying hardware connecting to the network is legitimate.

Purpose & Motivation

The 5G-EIR exists to provide robust equipment identity verification in 5G networks, addressing the critical need to prevent unauthorized, stolen, or faulty mobile devices from accessing network resources. Its creation was motivated by the long-standing problem of mobile device theft and fraud, as well as the need to ensure device compliance with network standards and regulatory mandates. By checking the IMEI—a unique identifier burned into the device hardware—the 5G-EIR offers a hardware-level security check that complements subscriber authentication (which validates the SIM card). This solves the problem where a valid SIM card might be used in a stolen or non-compliant device.

Historically, equipment identity checking was performed by the EIR in 2G, 3G, and 4G networks. However, these were often monolithic network elements with proprietary interfaces. The transition to 5G presented an opportunity to re-architect this function to align with modern cloud-native principles. The purpose of the 5G-EIR is not only to continue providing the essential blacklist/whitelist service but to do so as a scalable, web-based service within the 5G Core's Service-Based Architecture. This addresses limitations of the past, such as scalability constraints and complex integration, by making the EIR a standardised NF that can be easily deployed, scaled, and consumed by other network functions via RESTful APIs.

Furthermore, the 5G-EIR supports the enhanced security requirements of 5G, including those for network slicing and IoT. For network slices serving critical infrastructure (e.g., industrial IoT, public safety), operators can enforce stricter equipment policies via the 5G-EIR, ensuring only devices with specific, trusted IMEIs can access those slices. For massive IoT deployments, it can help identify and block devices with known vulnerabilities or poor radio performance characteristics. Thus, the 5G-EIR's purpose extends beyond anti-theft to become a foundational tool for overall network security hygiene, device compliance management, and the protection of specialized network services.

Key Features

• IMEI(SV) validation against blacklist, greylist, and whitelist databases
• Service-Based Interface (N5g-eir_EquipmentIdentityCheck) for integration with 5GC NFs like the AMF
• Stateless equipment verification independent of UE session context
• Support for integration with external, global IMEI database systems
• Cloud-native design enabling independent scaling and deployment
• Provides equipment status results (e.g., BLACKLISTED, WHITELISTED) to guide AMF registration decisions

Evolution Across Releases

Defining Specifications