Need for a National level Central Equipment Identity Register (CEIR) System

C-DOT designed CEIR is a nationwide reference databasesystem used to maintain database containing the IMEI (International Mobile Equipment Identity) and IMSI(International Mobile Subscriber Identity of all the mobile devices used in the nation

The mobile phone is now the most critical personal device today – from personal to professional and from banking to entertainment.

Consumers store a lot of personal details like phone contacts, bank account details, passwords, ATM PIN, date of birth etc on their devices. Thus, the mobile device has become an indispensable companion and repository of personal data/information. This brings in its wake a number of serious threats and is one of the primary reasons why there are increasing numbers of theft of mobile devices, cloning of IMEIs, and availability of illegal & non-genuine mobile devices.

According to International Telecommunication Union (ITU), the noticeable growth in the capacity and number of broadband wireless communication devices has introduced a serious security challenge with regard to theft of these devices as well as unauthorised access to personal data and other data security issues.

Global CEIR

The Central EIR (CEIR), hosted by GSMA, maintains information on the eligibility for access to networks by Mobile Equipment Types. The CEIR interconnects with Equipment Identity Registers (EIR) through out the world so that a common set of data is maintained and available to participating operators.

It is estimated that the total number of mobile users in the world in 2022 would be around 6.6 billion.

And correspondingly the number of mobile devices would be upwards of 16 billion. This is a dramatic increase across the world. All of these smartphones and tablets, provide access to humongous amounts of individual and corporate data and information.

Mobile devices with new technologies such as 3G/4G/5G smart phones with advanced features and applications are expensive. Thus, black market of stolen devices is a lucrative avenue for many.

Stolen mobile devices are re-programmed to change their IMEI numbers so that it cannot be traced.

The IMEI was originally introduced, as a unique terminal identity, for type approval reasons, in order that non-type approved terminals could be prevented from connecting to GSM networks. Nowadays, the IMEI is used to identify mobile station equipment on mobile networks in order to be able to take measures against the use of stolen equipment or equipment whose use can not be tolerated under Article 7 of the R&TTE directive (within Europe), or an appropriate regulatory requirement in other markets. Additionally, the IMEI can be used to allow infrastructure to load appropriate patches and adaptations to avoid inter- working issues.

All Access Service Providers were directed by DoT on 6th October 2008 to make provision of Equipment Identity Register or EIR in their systems so that calls from mobile handsets without IMEI or that of IMEI with all zeros are rejected.

The availability of mobile handsets with duplicate/ stolen/ unauthorized IMEIs in the Indian Telecom Network is not merely a law and order problem, it is also a security issue. It has implications on lawful interception and monitoring of suspected devices.

In the interest of national security, all Access Service Providers were directed by DoT on 6th October 2008 to make provision of EIR in their systems so that calls from mobile handsets without IMEI or that of IMEI with all zeros are rejected. Subsequent to this direction, all Telecom Service Providers (TSP) have upgraded their network and presently have provisioned EIR in their network. The Equipment Identity Register (EIR) is a database that contains a list of IMEIs of GSM based mobile handsets which are active in a mobile network. EIR maintains a white, grey and black list. The white list is composed of IMEIs of mobiles that are permitted for use. The gray list consists of devices that do not conform to the standards but could be permitted to connect under supervision or triggering an alert. The black list contains IMEIs of devices which have been reported stolen or lost and they are being denied access to the network.

Accordingly TSPs can block these handsets in their networks. Even after this direction, the issues remain – as the black-listed handset / device is blocked only in a particular Licensed Service Area (LSA) of a TSP, but it is allowed in all other TSPs and in different LSA.

To block usage of any mobile device in all networks across country - Centralized Equipment Identity Register (CEIR) is required to be implemented, which provides these consolidated restricted/black list data to all EIRs in the nation to ensure countrywide blocking of the stolen/lost mobile devices.

Description of the System

C-DOT designed CEIR is a nationwide reference database system used to maintain database containing the IMEI (International Mobile Equipment Identity) and IMSI (International Mobile Subscriber Identity of all the mobile devices used in the nation for the purpose of detecting clone IMEIs and maintaining black-listed (BL) IMEIs centrally. All TSPs update their local Equipment Identity Register (EIR) black list from the CEIR black list, preventing the use of BL mobile device across all service providers within India. The BL mobile device is traced if its usage is attempted and the corresponding traceability details are presented to the local/regional/state police for recovery. Additionally, CEIR also provide solution to cross-check and restrict import of counterfeited devices to the nation.

Features for the users

Mobile device verification utility to check device validity even before purchase – which will warn the user if the device is black-listed or cloned. If the device is valid – it will show make and model of the device. For these type of functionalities – Know Your Mobile (KYM) mobile App, web portal and SMS to 14422 is made available.

Subscriber has been facilitated with easy and convenient way to report lost/stolen mobile device to blocking pan India and the CEIR system will provide traceability details to the reporting police station for recovery of the mobile device if someone has tried to insert SIM in that device. Although mobile device will not be used – but traceability report will be generated. It will be done through Stolen Device Reporting System (SDRS) module of CEIR.

CEIR will also facilitate users to import mobile device from other countries through ICDR (Indian Counterfeited Device Restriction) portal of CEIR. Thus the system will discourage import of duplicate/cloned mobile devices to the India.

By Biren Karmakar, CDOT

feedbackvnd@cybermedia.co.in