What is IMEI Number ? IMEISV and IMEI Check?

It is a unique 15 digits number that is assigned to a device by the manufacturer. The IMEI full form is International Mobile Equipment Identity. From IMEIthe device vendor can know what is the year, model number, etc.

In cellular communication, every sim card is identified by an IMSI, the mobile device in which the sim is inserted is identified by an IMEI number.

When a mobile subscriber changes the sim card, only IMSI changes not the device IMEI as still the device is the same.

The number can be obtained from the device itself. E.g for a smartphone (Android), in the settings of the mobile phone,
(Samsung Galaxy S8 Settings->About phone->Status->IMEI Information,) or by dialing a code (e.g *#06#). The code works on all devices.

A mobile device can only work with mobile operators if the device having a valid IMEI number. The use of IMEI number is to allow, disallow in case of stolen devices, or allow/disallow a device due to technical reasons. The IMEI should not be changed once a device is manufactured.


What is IMEI Structure?

The IMSI number is 15 digits long. 15 digits are divided into groups. Each group of digits in the IMEI structure has information about IMEI. IMEI structure is composed in such a way that it can be traced who is the manufacturer of the device and other information. The structure has the following sections

Type Allocation Code (TAC code)

This is 8 digit code. The manufacture of device requests from the international GSM standard body the TAC code for a new model of the device. TAC Codes for IMEI. GSMA allocated bodies allocate the tac code. The TAC code has two parts.  The format is AA  BBBBBB. AA is of two digits.

  1. AA –  Allocation Body
  2. BBBBBB – Manufacture’s code e.g Apple

Serial Number (SNR)

Each serial number uniquely identifies a device within a TAC. This is 6 digits in length. The serial number range is for the manufacturer.  When a new IMEI is allocated for a device, the manufacturer picks a new serial number and reserved it. So that no two devices will have the same IMEI.

Check Digit or IMEI number check

This is the last part of IMEI. A check digit is derived from other digits from a formula. An IMEI number check uses a check digit to make sure that the IMEI number is not altered over the network.

The integrity of IMEI  on the network is checked by the Luhn Algorithm. The check digit should be calculated by the receiving entity for verification. The IMEI number check is important, this ensures that the IMEI number is valid and the device is not tempered.

IMEISV Meaning:

It is a 16 bits value assigned to a device. The first 14 digits are the same as IMEI. The last 2 digits are for the software version. The device manufacturer gets details from the IMEI number. But for software updates to propagate correctly they should know the currently used version of software on the device. Version information sets correct application update and firmware updates.

How lost Phone is traced using IMEI number:

After reporting a lost mobile device. Its IMEI number is provided to all mobile operators in a country/area. The mobile operators put the device on monitoring using the IMEI number. When the mobile phone is switched on with a new or older SIM card. The phone tries to register on the network roaming network. The roaming network sends the IMSI and MSISDN information to the monitoring system. From MSISDN location and other activities (voice call, SMS, etc.) can be traced.

OTA updates for device setting:

A device gets updates from the manufactures most of the time. Device updates can be for firmware etc. From IMEI, the full device information ( type, brand, model, etc), can be obtained. For sending updates device information is important, so that the device gets the correct updates. A mobile operator may send updates for device settings for the network information (IMSI, APN, etc.). In case of changes required by the home network operator in a device setting, an OTA is sent from the home network to the device. If IMEI is known to the mobile operator, the device gets correct settings or updates. A roaming sim card has multiple IMSI, an OTA may be used to update the IMSI, based on the location a subscriber is roaming.

EIR and IMEI check:

EIR is the central database of mobile phones, which have IMEI number status along with IMEI. There may be a central EIR, in a country where all roaming mobile operators query for the legality of a device. When a call starts, serving MSC or SGSN sends an IMEI check operation to the EIR, and EIR responds back to the MSC. If the response is successful then the call is completed else the call is dropped.

IMEI-Check over network:

In 2G or 3G network:

IMEI check is the process of finding whether a device is allowed to register for data or voice calls. This is achieved by a gsm node call EIR or Equipment Identity Register. This is a central database in the roaming network. Upon receiving a  check request, EIR may return with the following. When a call is initiated, the MSC does the ss7 signaling using a gsm map protocol to check IMEI.
The roaming MSC or SGSN sends CHECK_IMEI to the EIR and EIR responds with one of the following equipment statuses.

  • Unknown Equipment, When the device is not registered in EIR.
  • White List, When Equipment number is allowed to operate.
  • Blacklist, When Equipment number is not allowed to operate.
  • Grey List, When Equipment number is allowed to operate with observation.

In the 4G network :

In a 4G network, the underlying protocol used is the Diameter protocol.  The S13 and S13′ are used in the 4G network over diameter signaling. S13 is used between MME and EIR and S13 is used between SGSN and EIR. The 3GPP application id is 16777252. 3GPP Spec for S13/S13′
ME identity check procedure is used for identity verification.  ME-Identity-Check-Request/Answer (ECR/ECA),  Commands, or messages are used. When a mobile phone tries to register on the network then a ME identity check procedure is used between MME/SGSN and EIR.

< ME-Identity-Check-Request > ::= < Diameter Header: 324, REQ, PXY, 16777252 >
< Session-Id >
[ Vendor-Specific-Application-Id ]
{ Auth-Session-State }
{ Origin-Host }
{ Origin-Realm }
[ Destination-Host ]
{ Destination-Realm }
{ Terminal-Information }
[ User-Name ]
*[ AVP ]
*[ Proxy-Info ]
*[ Route-Record ]

The Terminal Information AVP have ME Identity, and User name (optional) have IMSI.

< ME-Identity-Check-Answer> ::= < Diameter Header: 324, PXY, 16777252 >
< Session-Id >
[ Vendor-Specific-Application-Id ]
[ Result-Code ]
[ Experimental-Result ]
{ Auth-Session-State }
{ Origin-Host }
{ Origin-Realm }
[ Equipment-Status ]
*[ AVP ]
*[ Failed-AVP ]
*[ Proxy-Info ]
*[ Route-Record ]

If the result code received DIAMETER SUCCESS (2001) from EIR, then Equipment Status AVP has the status (whitelisted, blacklisted, or greylisted) of ME identity status.

Device lock from a mobile operator:

There are phones which mobile operators provide along with their sim cards. These phones work only when a sim card from that mobile operator is used. This check is done by hardware information obtained from the IMEI number.  When a device switches on, the mobile network checks if the IMSI is the device that was given with the subscription.  Then the only the device is allowed to register on the network.

1 thought on “IMEI | IMEI Number | Check IMEI”

Leave a Comment