Equipment Identity Register

Description

The Equipment Identity Register (EIR) is a critical security entity within the core network of GSM, UMTS, LTE, and 5G systems. It functions as a centralized database that maintains lists of International Mobile Equipment Identities (IMEIs), which are unique identifiers assigned to mobile devices. The EIR classifies IMEIs into three lists: a white list for known valid devices, a black list for devices reported as stolen, barred, or technically faulty, and a gray list for devices under observation (e.g., with anomalies). When a user equipment (UE) attempts to attach to the network, the Mobility Management Entity (MME) in 4G or the Access and Mobility Management Function (AMF) in 5G queries the EIR to verify the device's IMEI.

The EIR works by receiving IMEI check requests via standardized interfaces, such as the S13 interface in LTE (between MME and EIR) or the N5g-eir service-based interface in 5G (between AMF and EIR). Upon receiving a request, the EIR searches its database and returns a response indicating the list status of the IMEI. Key components include the database engine for storing IMEI records, authentication and authorization modules to secure access, and synchronization mechanisms to update lists from external sources like the Central Equipment Identity Register (CEIR) or operator inputs. In 5G, the EIR is implemented as a network function (NF) that can be deployed in cloud-native environments, offering scalability and flexibility.

In the network architecture, the EIR plays a defensive role against device-related fraud and theft. By blocking blacklisted devices, it deters the use of stolen phones and reduces insurance claims. It also helps maintain network integrity by preventing faulty devices from causing interference or service degradation. The EIR's integration with other security functions, such as the Authentication Server Function (AUSF) and Unified Data Management (UDM), enhances overall network security posture. Its operations are governed by specifications like 29.272 and 29.273 for interfaces and 33.857 for security aspects, ensuring interoperability across different generations of mobile networks.

Purpose & Motivation

The EIR was created to combat the rising issue of mobile phone theft and cloning in early GSM networks. Before its introduction, stolen devices could be easily reused on networks, leading to financial losses for users and operators, and encouraging crime. The EIR provides a standardized mechanism to track and block such devices, thereby protecting consumers and reducing the incentive for theft. Its development was driven by the need for a global, interoperable system to share stolen device information, facilitated by entities like the GSMA's Central Equipment Identity Register (CEIR).

Historically, without an EIR, operators had limited means to verify device legitimacy, relying on manual reporting and local blacklists. The EIR automated this process, enabling real-time checks during network attachment. Over releases, its purpose expanded to address device faults and regulatory requirements, such as blocking non-compliant or counterfeit devices. In 5G, the EIR evolved to support new service-based architectures and integrate with network slicing, ensuring device security per slice. It solves problems of device fraud, network abuse, and supports lawful interception by providing reliable device identification, thereby enhancing trust in mobile communications.