Central Equipment Identity Register

A Central Equipment Identity Register (CEIR) is a database of mobile equipment identifiers (IMEI – for networks of GSM standard, MEID – for networks of CDMA standard). Such an identifier is assigned to each SIM slot of the mobile device.

Lists of IMEIs may be the:

* White – for devices that are allowed to register in the cellular network,
* Black – for devices that are prohibited to register in the cellular network,
* Grey – for devices in intermediate status (when it is not yet defined in which of the lists - black or white - the device should be placed).

Depending on the rules of mobile equipment registration in a country the CEIR database may contain other lists or fields beside IMEI. For example, the subscriber number ( MSISDN), which is bound to the IMEI, the ID of the individual (passport data, National ID, etc.) who registered IMEI in the database, details of the importer who brought the device into the country, etc.

Originally abbreviation CEIR stood for IMEI Database, created and provided by GSM Association. It was proposed to blacklist the IMEIs of stolen or lost phones. It was assumed that any MNO would be able to receive this list to block the registration of such devices on their network. Thus, it turns out that a stolen phone, once blacklisted by the GSMA CEIR, cannot be used on a large number of cellular networks, which means that the theft of mobile devices will become meaningless. However, it soon became clear that the MNOs on their initiative were not going to do this because if many phones stopped working in their networks, but works in another, it puts them at a disadvantage and can lead to an outflow of subscribers. It became clear that the blocking of stolen devices should be introduced simultaneously in all mobile networks of the country by legislative measures at the initiative of the communications regulator. In this case, as a rule, a national IMEI database is created, which contains general lists of blocked IMEIs. Since the registration in the cellular operator's network is directly blocked by a network node called EIR (Equipment Identity Register), the system that contains the national IMEI base became known as Central EIR (CEIR). To avoid confusion the database of GSM Association was renamed to IMEI Database - IMEI DB (it was in 2003-2008, see “Document History” at IMEI Database File Format Specification). Also sometimes a common IMEI database for several EIRs is called SEIR (Shared EIR).

In each country, the CEIR can interact with IMEI DB differently. National CEIR may not communicate with IMEI DB at all. Firstly, it is separately decided whether CEIR will send information about its blacklist to IMEI DB (which IMEIs are placed in it or removed from there). Secondly, upon receipt of the blacklist from IMEI DB, the regulator decides from which countries it will receive it (IMEI DB stores the information exactly who blacklisted the IMEI). For example, you can get a list from neighboring countries, from countries in your region, from around the world.

In addition to the blacklist, the GSMA is developing a list of IMEIs allocated to manufacturers for use in their devices. The manufacturer for each new device model gets at least one TAC (Type Allocation Code) allocated by GSMA, consisting of 8 digits, to which he can add a 6-digit serial number to obtain the IMEI. Thus, with one TAC, a manufacturer can release up to 1 million devices with a unique IMEI. Usually, CEIR receives a list of allocated TACs from the GSMA, since if the first 8 digits of the IMEI of a device are not in this list, this is a sign that it is counterfeit.

If the central database of identifiers does not work with GSM networks, but with CDMA, then for the same purposes it is necessary to interact with another worldwide database that contains MEIDs – MEID Database.

A system that directly blocks the registration of a mobile device on a cellular network – EIR. Each MNO must have at least one EIR, to which IMEI check requests (CheckIMEI) are sent when registering a device on the network. A typical EIR and CERI interaction scheme:

# The CEIR accumulates black, white, and grey lists using various data sources and verification methods.
# These lists are periodically transmitted to all EIRs.
# EIR uses them when processing every CheckIMEI request to determine whether to allow the device on the network or not.

EIR can transmit some data to the CEIR database too. Usually, changes in a grey list – new IMEIs on the network that are not in any list – are transmitted from EIR to CEIR.

In addition to synchronizing lists across multiple networks, the main function of CEIR is to implement the scenarios of changes at these lists. This usually requires interaction with various IT systems (databases) of other organizations and/or with subscribers. Еxamples of such scenarios:
* Whitelisting the IMEI of devices imported by the legal entity
* Whitelisting the IMEI of devices manufactured domestically
* Whitelisting the IMEI of devices imported by individual
* Blacklisting the IMEI of stolen/lost devices
* Binding IMEI to the subscriber's number and, vice versa, unbinding IMEI from the subscriber

System implementation results

The goals and results of CEIR implementation in a country are usually:
* Reducing mobile phone theft
* Reducing the import of devices stolen in other countries
* Reducing the presence of counterfeit devices on the market (null IMEI, incorrect IMEI, changed IMEI)
* Reducing illegal imports of mobile devices (increase in the collection of customs duties)

Additionally, CEIR most often contributes to the solution of such problems:
* Combating various mobile fraud schemes
* Obtaining more accurate statistics on the state of the mobile communications market for the regulator
* Fight against terrorism (the ability to block the device at once in all mobile networks of the country).

Known results achieved in some countries:
* Great Britain – reducing mobile phone theft.
* Turkey – reducing mobile phone theft, decreasing the current account deficit of Turkey and maximizing tax revenues.
* Uzbekistan – preventing black import of mobile devices by 98%, increase in revenues from the import of mobile devices by 700%.
* Kenya – disposing the market of counterfeit mobile equipment.
* Azerbaijan – disposing the market of counterfeit mobile equipment.
* Ukraine – increasing of legally imported mobile devices by 95%, increase in revenues from the import of mobile devices.

CEIR and EIR manufacturers

Some countries have used local developers to implement CEIR for their country (Great Britain, Turkey, India, and Azerbaijan). There are also a number of companies that offer their solution already installed in at least one country: Invigo, Mediafon Datapro, PortingXS, Qualcomm, Svyazcom, Oratech Bilisim.

EIR is a system that is standardized in a 2G-5G networks. Such system may be established at mobile network even it doesn’t use black list and there are no CEIR in a country. The most common EIR manufacturers are companies BroadForward, Mahindra Comviva, Primal Technologies, Mavenir, Nokia, Svyazcom. Some developers of MNO’s signal core include EIR in a complex solution. However, its standard capabilities are usually lacking for specific requirements when implementing CEIR.

See also

* The IMEI article has this relatively detailed CEIR/blacklist section

References

{{reflist
Mobile phones
Mobile security
Wireless
GSM standard
Regulation
Import
Databases