Controlling access to mobile networks
With the massive adoption of smartphones and growing rate of mobile phone thefts and identity fraud, pressure on operators is increasing to implement protective measures. Deploying an Equipment Identity Register (EIR) helps operators to protect their networks and revenues against the use of stolen and unauthorized devices. In a growing number of countries, governments and telecom regulators demand for installation of an EIR solution. In addition to fulfilling regulatory requirements, an EIR also provides an opportunity for operators to offer additional security services to their subscribers.
BFX, the Next Generation EIR solution
The BFX Next Generation EIR provides a single, unified access point for Mobile Equipment authentication in the network. The BFX EIR solution is fully standards compliant, 100% software based, supporting 2G/3G, 4G/LTE and IT interfaces. It also offers an extensive feature set for implementing service logic, active triggering, reporting, alarming and more.
BFX supports black-, grey- and white-lists, and unlimited options for additional lists (VIP list, exception list etc.), for individual IMEIs as well as IMEI ranges. It works across legacy and IP networks, supporting SS7/MAP as well as Diameter IMEI checks. Based on available IMSI / MSISDN information, flexible service logic can be applied for (un)blocking devices based on e.g. IMEI-IMSI combinations. Expiration can be applied for each entry in the grey-list. Flexible service logic can be applied after expiration (e.g. move to blacklist or whitelist). Extensive options are provided for reporting and notification at black- and grey-list detection (via SNMP, HTTP, SMS). This includes device location (optional, based on additional HSS / HLR check).
For implementation of nation-wide or operator group-wide EIR solutions, BFX supports a centralized EIR function for multiple operators in a single solution, including reporting per network.
From an operations, administration and management (OAM) perspective, BFX offers a wide range of functions to manage the EIR solution. This includes SNMP interface, logging and tracing, reporting, dashboards and a central provisioning interface based on HTTP (REST, SOAP). A local web interface is available for customer care and operations (supporting IMEI checking and modification of device status). The BFX EIR also supports security access control for remote peers (systems performing IMEI checks, provisioning systems, GUI user management), overload control etc.
The BFX EIR solution supports all relevant 3GPP specifications for EIR. This includes TS 22.016, TS 29.272, TS 23.401, TS 23.060 and TS 29.002.
High capacity, high performant solution
Using standard (commercially off-the-shelf) servers or virtual machines, BFX can support 100 million IMEI records and 10,000’s of transactions per second on a single machine. BFX supports scaling up and scaling out, without any technical limits. When preferred, the traffic processing and database can be implemented on separate (virtual) machines, to enable independent scaling.
The BFX Interface Gateway offers major differentiators compared to traditional EIR products:
- Enabling real-time IMEI checks, across local and external data sources;
- Single, unified solution for EIR, supporting both 2G / 3G and 4G / LTE;
- Works across Diameter, SS7 and various other protocols;
- Independent, centralized solution (unlike ‘on-board’ EIR functions on HSS, HLR, VLR, STP, SMSC etc.);
- Supports ETSI, 3GPP and GSMA standards for EIR;
- Enables additional services based on IMSI-IMEI correlation, vendor-specific AVP’s etc.;
- Configurable triggering of alarms and external applications;
- Operator control: easy customization of query interfaces, no need for scripting or development;
- No dependence on expensive database technologies;
- Completely GUI based configuration and operation / customer care;
- Central logging point (EDR-registration);
- Carrier grade, highly scalable, high available, geo-redundant solution;
- 100% software based, runs on standard off-the-shelf hardware or virtualized / hosted.