The BroadForward Next Generation Equipment Identity Register (EIR) is the world’s most advanced software solution for authentication of mobile devices in the network, including IoT devices. It provides a single, unified access point, fully standards compliant, 100% software based and supports 2G/3G, 4G/LTE, 5G and IT interfaces. It also offers an extensive feature set for implementing service logic, active triggering, reporting, alarming and more.
Need for blacklist and whitelist access control to mobile networks
Traditional EIR systems provide device authentication security based solely on blacklisting. Devices in this list are prohibited from entering a specific network. However, in many cases this no longer suffices. With the massive adoption of smartphones and exponential growth of IoT devices there is a growing desire to increase device access control not only to individual networks but to enable enforcement of regulatory directives on a national level. Nominated by the GSMA for Best Mobile Technology, the BroadForward EIR supports both blacklisting and whitelisting, virtually without storage limitation. Because it also supports auto-provisioning, the BroadForward EIR provides a strong base for controlled network access of devices without running the risk of unmanageable access restrictions.
Next Generation EIR
The BroadForward Next Generation EIR provides a single, unified access point for authentication of mobile devices in the network. It is a fully standards compliant, 100% software-based product and supports 2G/3G, 4G/LTE, 5G and IT interfaces. It also offers an extensive feature set for implementing service logic, active triggering, reporting, alarming and more.
The BroadForward EIR supports black-, grey- and white-lists for individual IMEIs, 5G PEIs as well as IMEI / PEI ranges, and allows creation of customized lists (VIP list, exception list etc.). Within non-3GPP networks (e.g. Wi-Fi based) the PEI could also be a MAC address. The EIR functionality works across legacy and IP networks, supporting SS7/MAP as well as Diameter and HTTP/2 based IMEI / PEI checks. Based on available IMSI / MSISDN, 5G SUPI information, flexible service logic can be applied for (un)blocking devices based on e.g. IMEI-IMSI combinations. The latter allows networks to detect IMEI cloning. Furthermore the solution can detect SIM box fraud by cross-referencing location data with the IMEI and IMSI. Expiration can be applied for each entry in any of the black-, grey- and white-lists. Flexible service logic can be applied to trigger actions at expiration (e.g. move to blacklist or whitelist). Extensive options are provided for notification (via SNMP, HTTP, SMS) for all lists.
From an operations, administration and management (OAM) perspective, the BroadForward EIR offers a wide range of functions to manage the EIR solution. This includes an SNMP interface, logging and tracing, reporting, dashboards and a central provisioning interface based on HTTP (REST, SOAP). The BroadForward EIR supports automatic black/white/grey-list synchronization (up and download) with a central EIR system – including that of the GSMA (GSMA IMEI DB) – via the SG.18 IMEI database file format specification. A local web interface is available for customer care and operations (supporting IMEI checking and modification of device status). The BroadForward EIR also supports security access control for remote peers (systems performing IMEI checks, provisioning systems, GUI user management), overload control etc. Also see BroadForward closes device authentication security gaps in the mobile network with the Next Generation EIR.
NRF registration
The BroadForward EIR supports NRF registration to allow other 5G core network functions to find the 5G-EIR nodes in the mobile core. The registration is fully configurable and manageable from the web GUI. In addition, SNMP notifications are sent upon registration to indicate the success state. Patch updates are sent from each 5G-EIR node after successful registration on a frequent basis to let the NRF(s) know that the 5G-EIR nodes are operational.
4G-5G Equipment Check Request IWF
The BroadForward EIR also supports the Interworking Function (IWF) between 5G HTTP/2 N17 Equipment Check Requests/Answer (ECR/ECA) and 4G Diameter S13 Check_IMEI operations. This can enable, for instance, access to a shared and common IMEI database in the mobile core. The BroadForward EIR can forward the S13 Check_IMEI operations after translation to the existing EIR system(s) in the 4G core. This prevents the use of a new IMEI database on the 5G-EIR.
3GPP compliance
The BroadForward EIR supports all relevant 3GPP specifications for EIR. This includes TS 22.016, TS 29.272, TS 23.401, TS 23.060, TS 29.002 and TS 29.511 (5G-EIR).
High capacity, high performance solution
Using standard (commercially off-the-shelf) servers or virtual machines, the BroadForward EIR can support hundreds of millions IMEI records and tens of thousands of transactions per second on a single machine. It supports scaling up and scaling out, without any technical limits. When preferred, the traffic processing and database can be implemented on separate (virtual) machines, to enable independent scaling.
Benefits
The BroadForward Next Generation EIR offers major differentiators compared to traditional EIR products:
- Enabling real-time IMEI / PEI checks, across local and external data sources
- Single, unified solution for EIR, supporting 2G/3G, 4G/LTE, 5G and Fixed networks
- Works across Diameter, SS7, HTTP/2 and various other protocols
- Supports black-, grey- and white-lists and unlimited options for additional personalized lists
- Independent, centralized solution (unlike ‘on-board’ EIR functions on HSS, HLR, VLR, STP, SMSC etc.)
- Supports ETSI, 3GPP and GSMA standards for EIR
- Enables additional services based on IMSI-IMEI correlation, vendor-specific AVP’s etc.
- Configurable triggering of alarms and external applications
- Operator control: easy customization of query interfaces, no need for scripting or development
- No dependence on expensive database technologies
- Automatic colored list synchronization for up and download with the central EIR system of the GSMA (GSMA IMEI DB)
- Completely GUI based configuration and operation / customer care
- Central logging point (EDR-registration)
- Carrier-grade, highly scalable, high-available, geo-redundant solution
- 100% software based, runs on standard off-the-shelf hardware or virtualized / hosted
Virtualized, cloud-based and containerized deployment
The BroadForward EIR provides unmatched flexibility with various deployment options, including bare metal, virtual machines, containers, and cloud environments, all while maintaining a low resource footprint. This 100% software-based, hardware-agnostic solution eliminates the need for specialized hardware or proprietary operating systems. Deploying the BroadForward EIR on a common platform facilitates the transition for operators and vendors from proprietary appliance systems to a standardized, hardware-agnostic, software-only infrastructure.