What are IMEI and TAC Numbers, And How Do Manufacturers Use Them?
Every cellular device has an International Mobile Equipment Identity (IMEI), a 14-digit number that serves as a distinct identifier for the device. Essentially a serial number that the manufacturer assigns, the IMEI is guaranteed to be globally unique. There’s also a 15th digit at the end called a check digit, which uses the 1 algorithm to verify the entire number.
Typically, you can find the IMEI printed on the outside of the device, so it’s used fairly often as a way to identify a device downstream. Another way to find the IMEI is using a device management system. Firmware on the device can interrogate the modem module to discover the IMEI. Then, the information is reported through your IoT platform’s IMEI detection feature, allowing you to verify IMEIs remotely.
What is a TAC?
The first eight digits of an IMEI make up the Type Allocation Code (TAC). The TAC indicates the manufacturer and model of the particular device. So, all device models from a particular manufacturer will have the same TAC.
To obtain a TAC, manufacturers must apply to GSMA, which uses a reporting body to supply it. The reporting bodies are regional—for example, in the U.S., the reporting body is PTCRB, a certification organization that ensures devices reach standards of global interoperability. Local reporting bodies are better equipped to ensure that devices are compliant with regional guidelines, whether they are government or industry regulations. The first two digits of the TAC identify the reporting body that was involved in its creation.
What is the Origin of the TAC?
Originally, TAC stood for Type Approval Code, which was a six-digit number followed by a two-digit addendum called the Final Assembly Code (FAC). Device manufacturers had to request approval from a review body in their own country prior to receiving a TAC.
In 2003, the industry took a turn toward a more self-regulated device market. Since then, manufacturers in many countries can request their TAC (Type Allocation Code) through GSMA’s online system, rather than having to go through a review process with a national body.
Common TAC Equipment Types
In cellular IoT, your device’s TAC is typically associated with the cellular modem or module. Each cellular modem product line could have multiple TACs, depending on whether the hardware or firmware has been changed on the device since certification or if there are regional variants. For example, below are some examples of popular cellular modems with multiple TACs.
- U-blox SARA-R410M : 35275309, 35672610
- Quectel BG-96: 86642503, 86844603, 86206104
- Telit LE910: 35894205, 35696107, 35814806, 35776609, 35353509, 35605210
- Sierra Wireless HL7588: 1475100, 1428400, 1471100
- Fibocomm Wireless G510: 86028604, 86404604
- Gemalto Cinterion BGS2: 35486905, 35554406, 35819704
As you can see, the same module has several different TACs according to hardware and firmware versions. Each have been certified for use on different carriers.
How Does the Network Use the IMEI?
The network uses the IMEI to recognize the type of device and ensure that the make and model are approved. The allocation of a valid, legitimate TAC by a reporting body is an indication that the device, module, or modem has passed regulatory scrutiny. Using the TAC, the network is able to validate that the device is recognized and permitted to be connected.
The rest of the IMEI acts as an identifier for the particular device. GSM networks match the IMEI against a database to be sure it’s valid. If a particular IMEI isn’t valid and the device is misbehaving on the network and slowing down service to other subscribers, network operators might choose to cancel service to the device.
How are the IMEI and TAC different from the IMSI and ICCID?
Before we drown in a sea of acronyms, here’s a quick refresher:
The International Mobile Subscriber Identity (IMSI) number is used by the cellular network to identify a specific line of service that your data plan is attached to. If you have a SIM card in the device, the modem module will read the IMSI from it. When the device needs to establish a connection, the network identifies it by the IMSI. The first 3 digits of the IMSI are the mobile country code (MCC), and the next 2–3 digits are the mobile network code (MNC). The remaining digits identify the line of service, or what’s termed as the subscriber.
The Integrated Circuit Card ID (ICCID) is a 19- or 20-digit number that’s typically printed on the back of a SIM card. Like the IMEI, it’s a globally unique serial number—a one-of-a-kind signature that identifies the SIM card itself.
The IMSI and the ICCID are linked to the device’s line of communications service and SIM card. By contrast, the TAC and IMEI have to do with the device itself and its particular hardware. Because the connectivity pieces are often detachable from the hardware, it’s useful to have two sets of identification. In fact, keeping track of all these numbers can help you authenticate devices on the network and prevent security breaches in your IoT fleet.
Linking IMEI with SIM ICCIDs for Traceability
Because the IMEI is guaranteed to be unique, it’s often used as part of the device’s certification when it connects to the cloud. SIM/subscriber identifiers are coupled with their IMEI hardware numbers, and operators might set up an alert to notify them if something looks suspicious.
For example, if a SIM card suddenly appears on the network attached to a new IMEI, it could indicate that someone has removed (or stolen) the SIM and is trying to use it to access the same line of service with another device.
As part of your supply chain process, it can help to link which SIMs are paired with which cellular module’s IMEI for traceability and auditing of devices in your fleet. You can use the IMEI information returned from Hologram’s dashboard to pair these as devices use data or as part of your SIM receiving process.
IMEIs are useful in the supply chain because they tie a specific customer to a particular device and manufacturing run. If there’s ever a problem with a device, the customer can check the IMEI and see if other devices in that manufactured batch might need the same software updates. And if a customer ever returns a device, you can match the IMEI to an ICCID to decommission it—and reap a cost benefit since you’ll no longer need to pay for service.
Hologram’s Dashboard can trace a SIM and use session data to find out where it’s being used. And with built-in IMEI detection, Hologram allows you to locate your device’s IMEI remotely and ensure that it’s paired with the right IMSI. This is found in the “All Activity” console drawer of the dashboard.
Monitoring for IMEI Changes to Detect Potential Tampering or Misuse
First, check in with your engineering and operations departments to see if it’s an expected change. If they’re testing multiple devices with a single SIM card or in the midst of refurbishing IoT devices, they might reuse SIM cards, resulting in an IMEI alert.
If no one in your organization sees a reason for the IMEI shift, the alert quite possibly indicates a stolen SIM card. Once you’re aware of a potential problem, pause the data flow to that device, delete it from your dashboard, and contact Hologram to help resolve the issue.
Automated Alerts and Actions
Hologram allows you to set up an alert that will notify you automatically if an IMEI changes in one of your devices. You can specify how you’d like to receive the alerts, such as through email or Slack.
To further streamline your device management efforts, Hologram also enables automated actions. For example, you can set the platform to shut down a device’s connection if it detects an IMEI change. By the time you receive the alert, the potential emergency will already be averted and you can decide how to proceed.
Hologram allows you to manage by exception, sending you real-time alerts when there’s a problem requiring your attention. When you’re only dealing with real, identified problems, you can scale your operations much more quickly.