The BroadForward Next Generation Equipment Identity Register (EIR) is the world’s most advanced software solution for authentication of mobile devices in the network, including IoT devices. It provides a single, unified access point, fully standards compliant, 100% software based and supports 2G/3G, 4G/LTE, 5G and IT interfaces. It also offers an extensive feature set for implementing service logic, active triggering, reporting, alarming and more.
Need for Black- and Whitelist access control to mobile networks
Traditional EIR systems provide device authentication security based solely on blacklisting. Devices in this list are prohibited from entering a specific network. However, in many cases this no longer suffices. With the massive adoption of smartphones, and exponential growth of IoT devices there is a growing desire to increase device access control not only to individual networks but to enable enforcement of regulatory directives on a national level. Nominated by the GSMA for Best Mobile Technology, the BroadForward EIR supports both blacklisting and whitelisting, virtually without storage limitation. Because it also supports auto-provisioning the BroadForward EIR provides a strong base for controlled network access of devices without running the risk of unmanageable access restrictions.
Next Generation EIR
The BroadForward Next Generation EIR provides a single, unified access point for authentication of mobile devices in the network. It is a fully standards compliant, 100% software based product and supports 2G/3G, 4G/LTE, 5G and IT interfaces. It also offers an extensive feature set for implementing service logic, active triggering, reporting, alarming and more.
The BroadForward EIR supports black-, grey- and white-lists for individual IMEIs, 5G PEIs as well as IMEI / PEI ranges, and allows creation of customized lists (VIP list, exception list etc.). Within non-3GPP networks (e.g. Wi-Fi based) the PEI could also be a MAC address. The EIR functionality works across legacy and IP networks, supporting SS7/MAP as well as Diameter and HTTP/2 based IMEI / PEI checks. Based on available IMSI / MSISDN, 5G SUPI information, flexible service logic can be applied for (un)blocking devices based on e.g. IMEI-IMSI combinations. The latter allows networks to detect IMEI cloning. Furthermore the solution can detect SIM box fraud by cross-referencing location data with the IMEI and IMSI. Expiration can be applied for each entry in any of the black-, grey- and white-lists. Flexible service logic can be applied to trigger actions at expiration (e.g. move to blacklist or whitelist). Extensive options are provided for notification (via SNMP, HTTP, SMS) for all lists.
From an operations, administration and management (OAM) perspective, the BroadForward EIR offers a wide range of functions to manage the EIR solution. This includes SNMP interface, logging and tracing, reporting, dashboards and a central provisioning interface based on HTTP (REST, SOAP). The BroadForward EIR supports automatic black/white/grey-list synchronization (up and download) with a central EIR system – including that of the GSMA (GSMA IMEI DB) – via the SG.18 IMEI database file format specification. A local web interface is available for customer care and operations (supporting IMEI checking and modification of device status). The BroadForward EIR also supports security access control for remote peers (systems performing IMEI checks, provisioning systems, GUI user management), overload control etc. Also see BroadForward closes device authentication security gaps in the mobile network with the Next Generation EIR.
The BroadForward EIR supports all relevant 3GPP specifications for EIR. This includes TS 22.016, TS 29.272, TS 23.401, TS 23.060, TS 29.002 and TS 29.511 (5G).
High capacity, high performance solution
Using standard (commercially off-the-shelf) servers or virtual machines, the BroadForward EIR can support 100’s of millions IMEI records and 10,000’s of transactions per second on a single machine. It supports scaling up and scaling out, without any technical limits. When preferred, the traffic processing and database can be implemented on separate (virtual) machines, to enable independent scaling.
The BroadForward Next Generation EIR offers major differentiators compared to traditional EIR products:
- Enabling real-time IMEI / PEI checks, across local and external data sources;
- Single, unified solution for EIR, supporting 2G/3G, 4G/LTE, 5G and Fixed networks;
- Works across Diameter, SS7, HTTP/2 and various other protocols;
- Supports black-, grey- and white-lists and unlimited options for additional personalized lists
- Independent, centralized solution (unlike ‘on-board’ EIR functions on HSS, HLR, VLR, STP, SMSC etc.);
- Supports ETSI, 3GPP and GSMA standards for EIR;
- Enables additional services based on IMSI-IMEI correlation, vendor-specific AVP’s etc.;
- Configurable triggering of alarms and external applications;
- Operator control: easy customization of query interfaces, no need for scripting or development;
- No dependence on expensive database technologies;
- Automatic colored list synchronization for up and download with the central EIR system of the GSMA (GSMA IMEI DB);
- Completely GUI based configuration and operation / customer care;
- Central logging point (EDR-registration);
- Carrier grade, highly scalable, high available, geo-redundant solution;
- 100% software based, runs on standard off-the-shelf hardware or virtualized / hosted.
Hardware-agnostic solution, supporting virtualized deployments
The BroadForward EIR runs on any off-the-shelf hardware or in a virtualized environment. It is a 100% software based solution, hardware-agnostic and support virtualization and cloud deployment as well as containerized application deployment. The EIR does not rely on specialist hardware or proprietary operating systems. The ability to deploy the BroadForward EIR on a common (shared) platform supports operators and vendors in migrating away from proprietary based appliance systems to a standards based, hardware agnostic, software only infrastructure.