EIR (Equipment Identity Register) — 3GPP Glossary

The Equipment Identity Register (EIR) is a security database in mobile networks that stores and validates International Mobile Equipment Identities (IMEIs). It checks if a device is blacklisted (stolen or faulty), gray-listed, or white-listed, preventing unauthorized or problematic devices from accessing the network.

Description

The Equipment Identity Register (EIR) is a critical security entity within the core network of GSM, UMTS, LTE, and 5G systems. It functions as a centralized database that maintains lists of International Mobile Equipment Identities (IMEIs), which are unique identifiers assigned to mobile devices. The EIR classifies IMEIs into three lists: a white list for known valid devices, a black list for devices reported as stolen, barred, or technically faulty, and a gray list for devices under observation (e.g., with anomalies). When a user equipment (UE) attempts to attach to the network, the Mobility Management Entity (MME) in 4G or the Access and Mobility Management Function (AMF) in 5G queries the EIR to verify the device's IMEI.

The EIR works by receiving IMEI check requests via standardized interfaces, such as the S13 interface in LTE (between MME and EIR) or the N5g-eir service-based interface in 5G (between AMF and EIR). Upon receiving a request, the EIR searches its database and returns a response indicating the list status of the IMEI. Key components include the database engine for storing IMEI records, authentication and authorization modules to secure access, and synchronization mechanisms to update lists from external sources like the Central Equipment Identity Register (CEIR) or operator inputs. In 5G, the EIR is implemented as a network function (NF) that can be deployed in cloud-native environments, offering scalability and flexibility.

In the network architecture, the EIR plays a defensive role against device-related fraud and theft. By blocking blacklisted devices, it deters the use of stolen phones and reduces insurance claims. It also helps maintain network integrity by preventing faulty devices from causing interference or service degradation. The EIR's integration with other security functions, such as the Authentication Server Function (AUSF) and Unified Data Management (UDM), enhances overall network security posture. Its operations are governed by specifications like 29.272 and 29.273 for interfaces and 33.857 for security aspects, ensuring interoperability across different generations of mobile networks.

Purpose & Motivation

The EIR was created to combat the rising issue of mobile phone theft and cloning in early GSM networks. Before its introduction, stolen devices could be easily reused on networks, leading to financial losses for users and operators, and encouraging crime. The EIR provides a standardized mechanism to track and block such devices, thereby protecting consumers and reducing the incentive for theft. Its development was driven by the need for a global, interoperable system to share stolen device information, facilitated by entities like the GSMA's Central Equipment Identity Register (CEIR).

Historically, without an EIR, operators had limited means to verify device legitimacy, relying on manual reporting and local blacklists. The EIR automated this process, enabling real-time checks during network attachment. Over releases, its purpose expanded to address device faults and regulatory requirements, such as blocking non-compliant or counterfeit devices. In 5G, the EIR evolved to support new service-based architectures and integrate with network slicing, ensuring device security per slice. It solves problems of device fraud, network abuse, and supports lawful interception by providing reliable device identification, thereby enhancing trust in mobile communications.

Key Features

Storage and management of IMEI white, black, and gray lists for device validation
Standardized query interfaces (e.g., S13 in LTE, N5g-eir in 5G) for network functions to check device status
Integration with central databases (e.g., CEIR) for global stolen device tracking
Support for real-time IMEI verification during device attachment and registration procedures
Security mechanisms to protect EIR data and ensure authorized access as per 33.857
Cloud-native deployment capability in 5G, with scalability and service-based architecture

Evolution Across Releases

Rel-4 Initial

Initial standardization of the Equipment Identity Register (EIR) in 3GPP for GSM and UMTS networks. Defined its basic architecture as a standalone database for storing IMEI lists, with interfaces for network queries to check device status against white, black, and gray lists.

TS 21.905 TS 28.702 TS 29.272 TS 29.273 TS 29.511 TS 32.102 TS 32.140 TS 32.141 TS 32.240 TS 32.250 TS 32.272 TS 32.401 TS 32.632 TS 32.732 TS 32.808 TS 33.857 TS 52.402

Rel-8

Enhanced EIR integration with LTE networks, specifying the S13 interface between MME and EIR for IMEI checking. Introduced support for EPS (Evolved Packet System) mobility procedures, ensuring seamless device validation during LTE attach and handovers.

TS 21.905 TS 28.702 TS 29.272 TS 29.273 TS 29.511 TS 32.102 TS 32.140 TS 32.141 TS 32.240 TS 32.250 TS 32.272 TS 32.401 TS 32.632 TS 32.732 TS 32.808 TS 33.857 TS 52.402

Rel-15

Re-architected EIR as a 5G network function (NF) with service-based interfaces (e.g., N5g-eir). Enabled cloud-native deployment, integration with 5G core (5GC) via AMF, and support for network slicing, allowing device checks per slice for enhanced security.

TS 21.905 TS 28.702 TS 29.272 TS 29.273 TS 29.511 TS 32.102 TS 32.140 TS 32.141 TS 32.240 TS 32.250 TS 32.272 TS 32.401 TS 32.632 TS 32.732 TS 32.808 TS 33.857 TS 52.402

Rel-16

Introduced enhancements for IoT device security, supporting IMEI checking for massive IoT deployments. Added features for improved scalability and performance in handling large volumes of device validations in 5G networks.

TS 21.905 TS 28.702 TS 29.272 TS 29.273 TS 29.511 TS 32.102 TS 32.140 TS 32.141 TS 32.240 TS 32.250 TS 32.272 TS 32.401 TS 32.632 TS 32.732 TS 32.808 TS 33.857 TS 52.402

Rel-17

Further refined EIR security protocols and interoperability with external systems like CEIR. Added support for advanced analytics integration to detect suspicious device patterns, enhancing fraud prevention capabilities.

TS 21.905 TS 28.702 TS 29.272 TS 29.273 TS 29.511 TS 32.102 TS 32.140 TS 32.141 TS 32.240 TS 32.250 TS 32.272 TS 32.401 TS 32.632 TS 32.732 TS 32.808 TS 33.857 TS 52.402

Rel-18

Extended EIR functionalities to support emerging 5G-Advanced use cases, including integration with AI/ML for predictive device blocking and enhanced privacy features for IMEI handling in compliance with global regulations.

TS 21.905 TS 28.702 TS 29.272 TS 29.273 TS 29.511 TS 32.102 TS 32.140 TS 32.141 TS 32.240 TS 32.250 TS 32.272 TS 32.401 TS 32.632 TS 32.732 TS 32.808 TS 33.857 TS 52.402

Rel-19

Continued evolution with focus on sustainability and energy efficiency, optimizing EIR operations in cloud environments. Added support for new device types and enhanced interfaces for seamless operation in multi-generation networks.

TS 21.905 TS 28.702 TS 29.272 TS 29.273 TS 29.511 TS 32.102 TS 32.140 TS 32.141 TS 32.240 TS 32.250 TS 32.272 TS 32.401 TS 32.632 TS 32.732 TS 32.808 TS 33.857 TS 52.402

Defining Specifications

Specification	Title
TS 21.905	3GPP TS 21.905
TS 28.702	3GPP TS 28.702
TS 29.272	3GPP TS 29.272
TS 29.273	3GPP TS 29.273
TS 29.511	3GPP TS 29.511
TS 32.102	3GPP TR 32.102
TS 32.140	3GPP TR 32.140
TS 32.141	3GPP TR 32.141
TS 32.240	3GPP TR 32.240
TS 32.250	3GPP TR 32.250
TS 32.272	3GPP TR 32.272
TS 32.401	3GPP TR 32.401
TS 32.632	3GPP TR 32.632
TS 32.732	3GPP TR 32.732
TS 32.808	3GPP TR 32.808
TS 33.857	3GPP TR 33.857
TS 52.402	3GPP TR 52.402