Automatic Device Detection and
Central Equipment Identification
Registration System
Context
Lost and Stolen Phones
As smartphones have become more sophisticated and more expensive, they are also unfortunately
more attractive to thieves. Recent years have seen an increased need for a tool to combat handset
theft. The number of smartphones (iPhones and Androids) in use increases every day and they present a
target for criminal activities not only for their high “resale” value, but also for the information that they
contain. The smartphone has become our sole companion and often is used to contain banking
information, address books, and a myriad of potentially useful information to the criminal mind. As the
number of mobile devices and messaging users continue to grow, they become an ever increasing target
for fraudulent and criminal activities.
The following statistics give an indication of the magnitude of the problem:
Crimes involving cell phones now comprise 40 percent of thefts in major American cities
Over half of Miami citizens, about 52%, have lost their phone or had it stolen
56% of us misplace our cell phone or laptop each month
113 cell phones are lost or stolen every minute in the U.S.
120,000 cell phones are lost annually in Chicago taxi cabs
25% of Americans lose or damage their cell phone each year
Every day US$7 million worth of phones are lost globally
Big Brother, Theft - At any one time, your mobile network operator (MNO) knows where you are. So can
the law authorities. Operators and law authorities can use the technology outlined in this document to
track your phone, including right down to where you are standing.
Scary? Probably, if you’re a terrorist, a law authority knowing where you are is not an ideal situation to
find yourself in. But if your phone has been stolen, then it just might be comforting to know that
blocking the device means that no one will be able to use your handset.
What is a Fake Phone?
Counterfeit phones are handsets that are usually copies of leading brands or models (iPhone, Samsung
etc). They are more often than not imported illegally into a country and sold at discount prices, thus
avoiding associated customs duties and standards verification.
Identifying a fake phone - Every genuine mobile phone has a unique serial
number (IMEI) to register it to a carrier network, whereas counterfeits
often have cloned or invalid IMEI numbers. The International Mobile
Station Equipment Identity or IMEI is a 15 digit number to identify mobile
phones (including brand and model). The IMEI number is used by a
GSM network to identify valid devices and therefore can be used for
preventing a stolen phone from accessing that network. For example, if
a mobile phone is stolen, the owner can call his or her network provider and instruct them to "blacklist"
the phone using its IMEI number. This renders the phone useless on that network and sometimes other
networks too, whether or not the phone's SIM is changed.
The IMEI is only used for identifying the device and has no permanent or semi-permanent relationship
to the subscriber. Instead, the subscriber is identified by transmission of an IMSI number, which is
stored on a SIM card that can (in theory) be transferred to any handset. However, many network and
security features are enabled by knowing the current device being used by a subscriber.
Criminals have been able to change the IMEI of mobile handsets fairly easily using a data cable (to
connect the handsets to a PC) and specialized software. Because of this and of the abundance and high
price of mobile handsets, theft has hit epidemic levels in many parts of the world.
To determine whether a phone is fake or not dial *#06#. This number works for all devices.
Unfortunately, even ‘fake’ phones have an IMEI number (often cloned), so this is not an entirely
effective way of establishing whether the phone is a fake or not, it requires further identification as
outlined in this document.
Impact of counterfeit phones - They are often made with cheap sub-standard materials and have been
shown to contain dangerous levels of metals and chemicals like lead, often up to 40 times higher than
industry standards. These substandard devices run on inferior operating systems and there have been
reports of fraudulent applications which, when downloaded, collect and send the subscribers sensitive
and personal data to criminal gangs.
Because these phones are made from sub-standard materials and are not tested for compliance with
industry and national standards, they suffer frequent call dropouts and put a strain on the mobile
networks by degrading coverage, call quality and mobile internet speeds for all users. Research has
found that network coverage was significantly reduced as more substandard devices connected to the
network, which created coverage black-spots that could only be fixed by installing 80% more base
stations.
US$6 billion a year drain on global economy - According to the Mobile
Manufacturers Forum (MMF) black-market sales of counterfeit and
substandard cell phones is a US$6 billion a year problem. Research predicts
sales in excess of 200 million counterfeit or substandard mobile devices in
2015 through visible retail sites, with many more expected to be sold in
unofficial retail outlets, online auction websites and in local black markets. Counterfeit phones destined
for foreign countries are smuggled over lax borders where they bypass government taxes, circumventing
safety checks and regulations. This represents a massive financial loss for governments and the mobile
phone industry. The MMF conducted an analysis which shows in India alone counterfeits make up more
than 20% of the mobile phone market. This is costing the industry US$1.5 billion annually in lost sales
and the government is deprived of $85 million in direct tax losses and around $460 million in indirect tax
losses.
To achieve better control over the devices that are used in a country requires the establishment of an
equipment register known as the “Central Equipment Identification Register.”
The N-SOFT ADD/CEIR Solution
The N-SOFT solution enables the National Regulatory Authorities to collect IMSI/MSISDN/IMEI triplets
from all the GSM operators in their country in real time and to analyze the subscriber and handset
populations.
The solution complies with the requirements of most National Regulatory Authorities in the following
areas:









Follow the evolution of the mobile markets in the country in real-time, through detailed and
accurate statistics on the handset population.
The detection of SIM card profiles and Terminal Equipment Identification details to enforce
compliance with the standards and regulations pertaining to mobile devices in the country.
Fight against other types of fraud, such as identity theft and eliminate illegal SIM-box
operations.
Fight against device theft.
Prevent and eliminate threats to homeland security and other criminal activities.
Detect and eliminate counterfeit, lost and stolen devices through a central registry that provides
the categorization of devices that are valid and permitted access to the networks.
o white, gray, black
High performance access.
Device information delivered in real time.
System redundancy.
The solution can be further linked to the worldwide GSMA database thereby allowing
the sharing of similar data with authorities across the globe. The advantage being that a
phone stolen in one country is identified and made known to all countries sharing the
data and denied access accordingly. The GSM Association is an association of mobile
operators and related companies devoted to supporting the standardization, deployment and
promotion of the GSM mobile telephone system.
Technical Description of the Automatic Device Detection (ADD)
The N-SOFT ADD solution is made up of the following two components:
The ADD/EIR network-based Equipment Identity Register, which provides services required to
interrogate device attach and which can also provide new device detection and trigger external
management systems
The ADME (Advanced Device Management Engine), which provides customer care interface
(provisioning) to the nationwide IMEI database, device profile information, reporting/statistics,
interfaces to external systems such as GSMA C-EIR or GSM operators’ EIR – which can be
extended to filter and build custom logic for triggers to external management systems.
The following figure represents the N-SOFT solution:
Figure 1: ADD solution overview
Figure 2: Software architecture of the ADD solution
EIR (Equipment Identification Register)
The purpose of the EIR (Equipment Identification Register function) is to maintain a register of all device
types that have been validated for use on the networks and to further maintain a registry of all devices
that have been reported lost or stolen. A colour (white, gray or black) is assigned to the device to
identify its status to connect to the network. When a GSM mobile attaches to the network its status is
checked with the Registry and if valid is permitted access to the networks. If the device is lost or stolen
and deemed to be invalid a report/alarm is generated and access denied.
Network
attachment
Check_imeireq
ADD/EIR
Black, gray or white
Figure 3 : ADD/EIR colour assignation
The MAP CHECK-IMEI requests initiated by a MSC (Mobile Switching Center) is received by the ADD/EIR
(Equipment Identity Register function). The ADD/EIR (Equipment Identify function) is in charge of
ADD/EI
validating that a handset is authorized (i.e. the handset was not stolen
R or can be used by the user who is
connecting).
The ADD/EIR (Equipment Identify Register function) sends the CHECK-IMEI response back to the CHECKIMEI and, optionally, to the MSC. The ADD/EIR (Equipment Identify Register function) can act as an EIR –
optionally, returning “white, grey or black-listed IMEI” responses to the MSC.
Two methods are used to define colour response:


From an internal colour table (IMEI is present and associated to a colour)
From a list of users (IMSI) allowed to use the handset: The colour response is forced to black if
the IMSI obtained from the CHECK-IMEI message is not included in this IMSI list.
The ADD/EIR (Equipment Identify Register function) maintains white, black and gray lists of handsets
and will allow handsets that are not blacklisted. It also maintains a list of authorized users per handset
(IMSI restriction), if needed.
The EIR feature can be turned ON or OFF depending on the needs of the Regulator.
Note: With the “IMEI to IMSI restriction” feature, the ADD/EIR can optionally authorize a handset,
identified by its IMEI, to be used only by a specific subscriber or a list of subscribers (identified by their
IMSI).
Automatic Device Detection (ADD) Process
The ADD solution takes advantage of the integration and performance of the USPSS7 platform, which
combines the following components in a single server:


The IP-STG SFE functionality, which embeds the SS7 connectivity board and processes the
low level of the signalling stack
The applications server, which will process the ADD application itself and host
complementary applications like DMP and EIR.
The incoming MAP-CHECK-IMEI messages are received and processed by the SS7 stack; the ADD extracts
the IMSI and IMEI using the TCAP API. The current IMSI/IMEI pair is compared with any previous values.
As a result of the comparison, the ADD will decide if the subscriber (IMSI) is using a new device (IMEI) or
not.
The messages MAP-CHECK-IMEI are sent to the ADME module via the ADD module, which analyses the
messages in order to detect any change of IMSI/IMEI pair. When configured like this, the MAP message
is then forwarded to the EIR module.
When an IMSI/IMEI pair is detected and compared to the data previously stored in the ADD module, the
HLR is queried for gathering the associated MSISDN. Once this is done, all the data is recorded and the
ADME is informed about the change in the MSISDN/IMSI/IMEI triplet.
In-Memory Database
The ADD/EIR (Automatic Device Detection function) database is in-memory-based for high performance
access. The Device Detection data is stored in a table holding the IMSI, IMEI, MSISDN, update flag and
timestamp. The IMSI is the table key.
The update flag is set to ‘Y’ (yes) when the (IMSI, MSISDN, IMEI) triplet has been successfully sent and
responded to by the ADME system. ‘N’ (no) is the default value indicating that the ADME system has not
yet been successfully notified of a triplet update (a notification retry is then attempted upon the next
network attachment for this user). ‘C’ (clone) indicates that the IMSIs are sharing the same IMEI (to
notify the ADME when a handset is swapped back and forth between the same users).
The timestamp is set when the DB record is created or updated. The IMSI, IMEI, MSISDN and update flag
are stored in ASCII format. The timestamp is stored in a binary format.
IMSI
IMSI
IMEI
IMEI
MSISDN
MSISDN
Interna tiona l M obile
Subscriber Identity
(1 6 digits M AX )
Interna tiona l M obile
sta tion Equipment
Identity
(1 6 digits M AX )
M obile Sta tion
Interna tiona l
ISDN
(1 8 digits M AX )
MDM
MDM
UPDATE
UPDATE
FLAG
FLAG
“ Y”
“ C”
“N”
(1 cha r)
TIMESTAMP
TIMESTAMP
DATE+ TIM E
yea r, m onth, da y ,
hour, m in, sec, µs
(8 bytes)
Figure 4 : ADD data table format
Advanced Device Management Engine (ADME)/Nationwide IMEI Database
The ADME is the customer care interface component and it must interact with ADD-EIR according to the
Customer Care (CC) updates. Especially, the operator is able to give information about mobile
equipment status (Black, gray or white) and the ADD-EIR must update its database according to CC’s
operator orders. The ADME/nationwide IMEI database module covers the following functionalities:








Log-in and Search device
Whitelist, Blacklist or Graylist a device
Remove Status Priority of the Customer Care for a Device
Enable/DisableTracing of a device
View Tracing History of a device
Synchronize the nationwide IMEI database with the GSMA IMEI database and the country’s GSM
operators’ EIRs
Pair/Un-Pair a Device with IMSI
View Device Pairings.
Customer Care Interface
The solution offers a rich GUI for the user and administrator of the system, so that they can manage the
handset population in the most efficient manner, using the following functions:




Management of white/black/gray lists
Activate/Deactivate the tracing of specific handsets
View the tracing of the handsets for which Tracing had been turned on
View historical data on the pairing IMEI/IMSI for a specific handset.
Figure 5: Customer Care - Subscriber Device Management
Accessing the data related to a handset and searching for it: Users can search the devices by providing
various search criteria such as:




IMEI
IMSI
MSISDN
Vendor (Make)





Model
Status (nationwide IMEI database status, like black-, white- or graylisted for a specific IMEI)
Whether the device is Trace-enabled or not
Whether the device is paired with IMSIs or not
Whether the Priority status is set or not.
Figure 6: Real-time Subscriber Device Information
The solution automatically translates the IMEI number of a specific subscriber’s mobile terminal into a
Make & Model and its associated profile, by using the GSMA TAC file and the WURFL online reference
information.
Users can also perform bulk operations like the Black, White, Graylisting of the selected devices, “Enable
or Disable” the device trace or “Clearing Colour Code” for the selected devices, by checking the check
box against each device, selecting the bulk operation from the drop-down menu at the bottom of the
page and then pressing the "Submit" button.
Administrator Interface
The solution enables the administrator to produce a large set of reports, including reports based on the
IMEI, TAC Analysis, handset population analysis, etc.

The Handset TAC analysis provides a flash on the percentage of handsets that have:

•
An unknown TAC, i.e. a TAC which cannot be correlated to any handset supplier, make
or model – known usually as gray market.
•
A shared TAC, i.e. thepercentage of subscribers that have handsets using TAC which are
shared by more than one make/model. This is quite useful when external systems need
to identify the supplier of a make/model for delivering the appropriate
services/content.
•
A distinct TAC, i.e. the percentage of subscribers having a distinct TAC.
Most popular make and model: Tracks and analyzes the most popular device models in the network.
Figure 7: Subscriber TAC Analysis
Figure 8: Popular Handset Models
Technological view
The generic approach of the proposed ADD solution is based on the use of servers running the operating
system Linux Red Hat. This approach provides the best performance/cost ratio for the deployment of
such a solution.
The high availability is based on the redundancy of all the hardware and software components of the
solution.
The solution has an N+1 architecture, in an active-active configuration. This means that in case of failure
of a hardwareor software component, the components that are left would take over without any service
interruption.
The figures below summarize the typical hardware architecture proposed for the deployment of the
solution made up of the following components: EIR/ADD & ADME/Nationwide IMEI Database.
Figure 9: ADME/nationwide typical IMEI database hardware architecture
Figure 10: EIR/ADD typical hardware architecture
Sizing
The sizing of the example solution is based on the estimated total number of devices for all GSM
operators in a typical small country, i.e. 25 million.
A single ADD platform is capable of handling traffic from all the GSM mobile operators in the typical
country. Several ADD applications – one per network operator – will be set up on the platform.
A duplex configuration is suggested for all components of the solution, due to the size of the total
number of devices to be managed and to the expected current growth in the number of subscribers in
the country. Such a configuration also helps ensure a high level of availability.
The entire solution could be scaled up to cope with additional devices, if necessary, by adding software
or hardware capacity.