GSM/GPRS Protocols Overview -1

Sundararaman Sivaraman Srinath Ananthaswamy

1

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Contents
• • • • • • What is GSM GSM Services GSM System Functional Elements GSM Protocol Functions GSM Air Interface description MS Power On Steps

2

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

What is GSM?
• • • • • • • The Global System for Mobile Communications (GSM: originally from Groupe Spécial Mobile that was established in the year 1982 in Europe) It is a set of standards that encompass all aspects of a Mobile Communication System GSM Specifications are being developed and maintained now by the Third Generation Partnership Project (3GPP, www.3gpp.org ) The 3GPP is a consortium which also develops and maintains the WCDMA specifications GSM is the most popular standard for mobile communication systems in the world. Over 2 billion people use GSM service across the world. The unique feature of the GSM standard makes international roaming very common between mobile phone operators, enabling subscribers to use their phones in many parts of the world.

3

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Some History of GSM
• Early 80’s the mobile communication area in Europe was fragmented and served by several incompatible analog systems
• Market was segmented, and hence costly • No interoperability between systems and hence limited usage

• Administration decided to open up some spectrum in the 900Mhz region for usage by a Pan-European Mobile communication system • The CEPT (Conference of European Posts and Telegraphs ), formed a working group called Groupe Spécial Mobile in charge of developing this pan-European system • This group decided early on not to just adopt/enhance one of the existing analog systems, rather to develop a new digital system from ground up • As a result of this activity the GSM system evolved • Around (1991) the term GSM was defined to stand for Global System for Mobile Communication • In the year (2000) the standardization work was handed over to 3GPP which was originally formed to develop UMTS standards

4

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

What is GSM (contd..)
• GSM is a cellular radio system, as opposed to non-cellular wireless systems like WLAN, Bluetooth etc • GSM is a fully digital system as opposed to earlier systems like NMT (Nordic Mobile Telephone) which were primarily analog
• GSM system handles transmission and reception of digital data (bits) • Any analog data (speech) is converted to digital form before it passes into the GSM system

• GSM operates in frequencies close to 900MHz and 1800MHz in EU and India • GSM uses frequencies close to 850MHz and 1900MHz in US

5

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Basic Concept of Cell
• The geographical area is divided into a number of smaller segments each served by a base station • Each such segment is a cell. • Radio coverage from a base station is limited to the dimension of the cell by adjusting the power of transmission • This system allows the operator to reuse the frequencies allotted to them across multiple cells • Since there is some overlap of transmission from one base station to another the same frequency is not reused in adjacent cells

F2

F7

F3

F1

F6

F4

F2

F5

F7

F3

F1

F6

F4

F5 Realistic case: Overlap between cells. Seven frequencies are used. Same frequencies are never used in adjacent cells

6

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Services
• As a first step the working groups defining GSM had to decide on the services that the new system would provide to users • These services need to be defined in a detailed manner as all the elements in the system would be impacted by this definition • The terminology used in 3GPP specifications is in a sense borrowed from ISDN terminology • Services are classified into the following categories
• Bearer Services: Which simply carry information from one end to another. Only lower layers are specified. The characteristics specified include data transfer rate, direction's of data flow, type of data transfer (circuit or packet) and other physical characteristics. E.g. Data transfer service at 14.4Kbps • Teleservices: A complete telecommunication service. All layers of protocols are specified. E.g. Speech telephony, SMS • Supplementary Services: Supplementing and/or modifying the Basic Services (Bearer Services and Teleservices) E.g. Call Forward Unconditional

7

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Glimpse of GSM Services
• Bearer Services
• Data at 2.4, 4.8, 9.6, 14.4KBPS

• Teleservices
• Voice Telephony • Short Message Service

• Supplementary Services
• Call Forward Unconditional • Calling Number Identification and Presentation

• Refer: 3GPP TS 22.001 For details

8

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

GSM System
• • GSM system is described as a set of functional elements and interfaces between them Functional elements are intended to group related functionality under a logical name. They do not mean that each of them needs to be implemented as separate hardware ‘boxes’ Functional elements provide interfaces to communicate with other elements Across each such interface a protocol operates. This is nothing but a set of rules for communication across the interface The protocol is divided into various layers for ease of implementation and analysis Having a well defined protocol across an interface allows inter-operability of functional elements from different vendors
AIR INTERFACE A-Bis INTERFACE A INTERFACE

BTS1

SIM BTS2 BSC1

HLR/VLR AuC

ME BTS3

• •

To Other MSC’s

BSS1

MSC

To PSTN BTS1

• •

BTS2 BSS2

BSC2

CC NON ACCESS STRATUM MM

CC

MM

RR RR LAPDm LAPDm

BSSCA P

BSSCAP

ACCESS STRATUM

MTP L1 L1

MTP

9

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Base Station Subsystem (BSS)
• • Made up of a set of Base Transceiver Stations (BTS) and a Base Station Controller (BSC) BTS is a radio transceiver. It is part of the towers of antennas that we see. Primarily the lower layer RF and baseband functions BSC manages radio resources for a set of BTS’s. Primarily the Radio Resource intelligence in the network The interface between BTS and BSC is not standardized. Hence they are typically from the same vendor
AIR INTERFACE A-Bis INTERFACE A INTERFACE

BTS1

SIM BTS2 BSC1

HLR/VLR AuC

• •

MS BTS3

To Other MSC’s

BSS1

MSC

To PSTN BTS1

BTS2 BSS2

BSC2

CC NON ACCESS STRATUM MM

CC

MM

RR RR LAPDm LAPDm

BSSCA P

BSSCAP

ACCESS STRATUM

MTP L1 L1

MTP

10

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Network Switching Subsystem (NSS)
• • • • Mobile Switching Centre (MSC): Acts like a telephone exchange with added functions to interface with set of BSC’s If MSC has a function to interface with other networks like PSTN, then it is called a Gateway MSC NSS has a number of databases that communicate with MSC using Signaling System 7 (SS7) protocols Home Location Register (HLR): Database storing all subscriber information. It also holds the address of the current Visited Location Register (VLR) VLR: When roaming in another network the VLR in the destination NSS holds selected management information taken from the HLR. This is so as to enable/disable services. VLR is associated with an MSC Authentication Register (AuR): Protected database holding the secret key stored in the SIM card used for encryption and authentication over the air interface Equipment Identity Register (EIR): Database of International Mobile Equipment Identity (IMEI) classified according to White (good equipments), Black (stolen or bad equipments) and Grey (uncertain)
AIR INTERFACE A-Bis INTERFACE A INTERFACE

BTS1

SIM BTS2 BSC1

HLR/VLR AuC

MS BTS3

To Other MSC’s To PDN

BSS1

MSC

To PSTN BTS1

BTS2 BSS2

BSC2

CC NON ACCESS STRATUM MM

CC

MM

RR RR LAPDm LAPDm

BSSCA P

BSSCAP

ACCESS STRATUM

MTP L1 L1

MTP

11

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Subscriber Identity Module (SIM)
• The SIM is the entity that contains the identity of the subscriber. When placed in a Mobile Equipment (ME), together they become a Mobile Station (MS) which may then register onto a GSM network • SIM is a smartcard as defined by ISO specifications • The International Mobile Subscriber Identity (IMSI) which unambiguously identifies a subscriber • The phone number called MS-ISDN number is not the identity of the subscriber • SIM also stores a number of other items as given below
• • • • • • Subscriber Authentication Key Ki Authentication Algorithm A3, Cipher key generation algorithm (A8) Cipher key (Kc) TMSI, LAI, Forbidden PLMNs Phonebook If the SIM is removed from the MS during a call, the call shall be terminated immediately • Refer: 3GPP TS 02.17 For details

12

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Protocol Layers
• • • Across each interface a set of protocols operate. They are the rules of communication across the interface Protocols are layered according to function. Similar but not the same as OSI layering The protocol layers in operation from MS are classified into two main groups
•The Access Stratum (AS)
•The layers of the protocol that depend on the Radio Access Network (RAN) in use. •GSM EDGE Radio Access Network (GERAN): The RAN using GSM technology •Universal Terrestrial Radio Access Network: The RAN using UMTS technology

•The Non Access Stratum (NAS)
•The layers of the protocol that are essentially independent of the RAN in use. Hence they are common for the GERAN and UTRAN cases

13

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Layer Functions – Layer 1
• • • • • • Layer 1 is concerned with transmission/reception of bits over the air interface Source Coding: Compression of speech Channel Coding: To add redundancy to the data to enable error correction at the receiver Interleaving: Technique used to add robustness against burst errors. Essentially by transmitting bits in a different order than they are generated Ciphering: Encrypt the bits so that only the receiver having the ciphering key will be able to make sense of the data. This ensures secure wireless communication Modulation: To convert the baseband information to/from the appropriate band around the carrier frequency

Rx Chain

Radio Rx

Bit Detection

De- Ciphering

Channel Decoding --------------De- Interleaving

Speech Decoder

Tx Chain

Cellular Protocol Processing

Applications

User Interface

Radio Tx

Modulator

Ciphering

Channel Coding ---------------Interleaving

Speech Encoder

14

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Layer Functions - LAPDm
• • • • • • • LAPDm: This is a Link layer protocol used in the air interface This layer allows upper layers to transfer messages reliably across the air interface It uses the services from the physical layer to transfer messages Main functions include segmentation and reassembly Retransmission and acknowledgement to ensure reliable data transfer LAPDm is only used for transfer of control messages and not for data transfer. Hence this is called a control plane protocol Stands for Link Access Protocol for Dm Channel. This is a simplified adaptation of the LAPD protocol used in ISDN networks

15

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Layer Functions - RR
• • • • • • RR stands for Radio Resource Layer is responsible for managing the Radio Resources RR layer uses the services of the LAPDm to send/receive messages from the peer RR layer RR layer uses services from the L1 to perform measurements and other monitoring functions to keep track of the health of the channels/cells RR layer is responsible for a number of other functions like establishing/releasing dedicated channels, handover, cell reselections etc RR layer is a unique feature in wireless communication systems. Since the Radio resources are scarce we need a dedicated layer to manage the resources optimally and share the resources across many MS

16

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Layer Functions – MM, CC
• Mobility Management (MM)
•This layer is responsible for keeping track of the location of the MS •MM uses services provided by the RR layer to send its messages to the Peer •MS needs to inform the NSS about its location at power up •MS needs to inform the NSS about its location if it is changing its location •MS needs to be authenticated by the NSS before it accesses services from the NSS

• Call Control: Establishment, Maintenance and Release of calls for various applications (Voice Call, TTY etc) at the higher layer level with NSS

17

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Air Interface Basics - 1
• To avoid overlapping with other simultaneous users, wireless systems use many ways to allocate channels. These are called Multiple Access Methods. Common used methods are:
• Frequency division multiplex or FDMA, used in analog cellular; • Time division multiple access or TDMA, used in 2G digital cellular • Code division multiple access or CDMA

• To establish a two way communication link a somehow duplexing method. Typically used methods are
• Frequency division duplex (FDD). (full duplex in analog systems) • Time division duplex (TDD). (half duplex or simplex in analog systems)

18

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

FDMA
• Frequency division is the oldest and simplest access method. • An own frequency channel is allocated for each user as long time as the call is connected. Same channel can be re-used after the call is over.
RxF1 RxF2 RxF3 RxF4
User 1 User 3 User 2 User 4

TxF1 TxF2 TxF3 TxF4

User 1 User 3 User 2 User 4

Time

19

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

TDMA
• In TDMA systems each user gets not the whole time of the used carrier but short time slots at regular intervals (frames). • To send continuous signal over an TDMA system the data have to be packed and insert into the slots.
RxF1 RxF2 RxF3 RxF4
1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5 5 6 6 6 6 7 7 7 7 8 8 8 8 User 5 User 6 7 7 7 7 8 8 8 8 1 1 1 1 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5 5 6 6 6 6 7 7 7 7 8 8 8 8 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5 5 6 6 6 6 7 7 7 7 8 8 8 8

User 1 User 2

User 3 User 4 5 5 5 5 6 6 6 6

User 7 User 8 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5 5 6 6 6 6
Time

TxF1 TxF2 TxF3 TxF4

1 1 1 1

2 2 2 2

3 3 3 3

4 4 4 4

7 7 7 7

8 8 8 8

1 1 1 1

2 2 2 2

3 3 3 3

4 4 4 4

5 5 5 5

6 6 6 6

7 7 7 7

8 8 8 8

20

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

GSM Air Interface (Layer 1)
• • • • • • Uses a combination of Time Division Multiple Access (TDMA) and Frequency Division Multiple Access (FDMA) Users transmit at same or different frequencies (Hence FDMA) Transmission happens in short bursts in time called timeslots Users using the same frequency transmit at different time intervals (Hence TDMA) The transmission from MS to BTS (Uplink) and transmission from BTS to MS (Downlink) are separated in frequency by 45MHz, hence Frequency Division Duplex (FDD) Uplink and downlink transmissions are separated in time so that the RF need not receive and transmit at the same time

21

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

GSM Modulation
• • • • • • • GSM uses a modulation technique called as Gaussian Minimum Shift Keying This is basically Frequency Shift Keying with smoothening applied to the baseband signal in the form of a Gaussian Shaped Pulse This technique has the advantage similar to PSK for having a low Eb/No requirement for a given Bit Error Rate (BER) requirement The waveform generated has a constant envelope The waveform has no discontinuities at the bit transitions This results in a scheme that allows an optimum bandwidth usage coupled with lower transmit power requirement for a given BER and Noise conditions Refer: Subbarayan Pasupathy, “Minimum Shift Keying: A spectrally efficient modulation”, IEEE Communications Magazine, July 1979

22

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

GSM Modulation (Contd …)
• • • • • One symbol corresponds to a bit in GMSK One symbol is 3.69us = (4*12/13us) Thus the bit rate at radio interface is 271Kbps approx The bandwidth occupied by the signal (Frequency range containing significant energy) is 200KHz Thus we get a figure of merit of >1 bits/s/Hz which is a good modulation technique considering the complexity as well as the constant envelope nature of the signal

23

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

GSM Frame structure
• Transmission/Reception happens in units of timeslots of 577microseconds each (156.25bit periods) • Eight timeslots are grouped together to form a GSM TDMA frame 4.615ms • Frames are logically grouped into higher duration intervals like multiframes (51frames)

• A physical channel in GSM therefore consists of specifying a frequency number and a timeslot number between 0 and 7. Physical Channel => (F, TN)
• Physical channel provides a pipe for carrying information • The data transmitted

24

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

GSM Frame structure (Contd…)

25

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Data Transfer with Higher Layers
• • • • • Information transfer between higher layers and layer1 happens in terms of blocks. Each block of data is channel encoded, interleaved, modulated and transmitted by layer 1 in four consecutive timeslots Thus a logical channel that carries control information consists of groups of 4 TDMA frames For instance system information containing information about the cell, is transmitted in the Broadcast Control (BCCH) logical channel in terms of blocks spanning over 4 TDMA frames There are a few logical channels whose data consists of only one burst. This is only for control purposes

26

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

GSM Cell Basics
• Each cell in GSM is given a set of carriers. This is a subset of the carriers that the operator is licensed to use • One carrier in each cell is called the BCCH carrier • This frequency is transmitted by the cell continuously an at a high power level set by the operator • All timeslots are transmitted irrespective of usage • The power level is set by the operator to control the size of the cell

27

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

BCCH Carrier
• Timeslot Number 0 of the BCCH carrier contains a lot of useful information • The timeslot 0 contains transmissions of the Frequency correction burst, Synchronization burst and the System Information • The frames in BCCH carrier TN 0 are organized into multiframes of 51 frames each

28

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

BCCH Carrier (Contd …)
• • • • FCCH: This consists of a specific burst that is modulated with all zeros. This results in a reference frequency used by the MS to correct its local oscillator. This is called the Frequency Burst (FB) SCH: This contains a specific burst that contains the frame number information and a long training sequence, used for time synchronization in the MS BCCH: This is a logical channel transmitting system information, containing details about the cell to be used by higher layers of the protocol stack CCCH: This is a logical channel used for the process of Paging. i.e. notifying an MS about an incoming call

A view of Timeslot 0 on the BCCH Carrier

29

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

MS POWER ON STEPS
POWER ON

FIND A ‘GOOD’ CELL IN REGION

REGISTER FOR SERVICES WITH NSS AND INFORM LOCATION

IDLE MODE NO DEDICATED RADIO RESOURCES AUTONOMOUS CELL CHANGES

CALL RELEASE RELEASE USE OF DEDICATED RADIO RESOURCES

RANDOM ACCESS PROCEDURE TO GET DEDICATED RADIO RESOURCES

DEDICATED MODE DEDICATED RADIO RESOURCES CELL CHANGE INITIATED BY NETWORK

30

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

MS Power On - 1
• RF SEARCH: Look through the entire receive frequency band in steps of 200KHz, measuring the energy in the carrier. The results are averaged over 5 samples spaced in time over 5s • ORDER RESULTS: Arrange the carriers in decreasing order of energy

31

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

MS Power On - 2
• CELL SEARCH: A carrier corresponds to a BCCH carrier if and only if we find an FB and SB in that frequency • Search and find a Frequency Correction Burst (FB). Use the information to correct the local oscillator • Search for an SB and get the timing information, i.e. Frame Number and time location of timeslot 0 in the cell • FB and SB are repeated every 10TDMA frames in the BCCH carrier on timeslot 0

32

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

MS Power On - 3
• • • • • Read System Information (SI) Blocks from the BCCH logical channel One SI is sent in each 51frame multiframe SI’s are numbered as SI 1, 2, 3 etc each containing different information about the cell SI’s are in general repeated over a period of 8 multiframes. This period is called as a TC cycle. This means that there are only 8 types of system information. In reality the repetition is a little more complex and one needs to read some SI’s to get information about the presence of some others

33

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

MS Power On - 4
• • SUITABILITY: Check suitability of a cell This has two parts
• Based on radio criteria
• Signal strength of the cell • Maximum allowed transmit power in the cell • Maximum power the MS is able to transmit

• Based on other criteria
• Whether the cell belongs to subscribed (Home) or allowed PLMN • Whether the cell is allowed for access to operator only • Whether the location area identity of the cell is allowed

• These information relating to cell selection process are found in SI 3

34

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

MS Power on - 5
• • • CAMP ON: Once a cell is found suitable the MS needs to inform the NSS about its location and then listen to the paging channel for incoming call alerts Once camped on a cell the MS is said to be in IDLE mode In IDLE mode the MS performs the following functions
• • • • Listen for paging Measure the strength of the neighbor and serving cells Read system information from serving and neighbor cells Take decisions on whether to remain camped on to the cell or change the cell. This process is called as cell reselection

35

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

BACKUP

36

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Location Update Procedure (1)
• • • • • • • • • Intention is to inform the NSS about the MS location The cells of an operator are grouped into together as Location Areas. The location area identity is broadcast in the system information When the MS powers on for the first time and then each time it performs cell reselection, if the location area changes then the MS needs to inform the NSS of its new location via the Location Update Location of the MS is known to be within one of the cells of an LA Incoming call pages are broadcast to all the cells in that LA by the NSS This reduces signalling load on the network by avoiding MS having to update the location each time it changes cells If the area consists of a large number of cells then the unnecessary paging load increases. The operator sizes the location area accordingly This procedure is the responsibility of the Mobility Management (MM) layer In order for the messages to be exchanged the MM layer requests the Radio Resource layer to establish a channel

37

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Location Update Procedure - 2
Purpose: To notify the network that the MS is moving within a new Location Area. This procedure is done prior to camping on a cell in normal services.

• MS calls the network (Mobile Originated) • A dedicated channel is established • MS registration is performed • MS is told whether the Cell can grant normal service

38

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Channel Establishment - 1
Purpose: To gain access to a traffic channel (Freq, TN) for transmission of full duplex information. The purpose of such an establishment could be to transmit signaling messages (like Location Update) or to perform a voice call or send SMS etc.

MS Leave Idle mode and enter Connection Establishment mode: • Send Channel Request messages to the BTS (RACH) • Keep reading CCCH/BCCH channels looking for Access Grant • BTS responds with an Immediate Assignment message (AGCH). The description of the allocated full duplex channel is provided • MS stops Connection Establishment mode and enter Dedicated Mode

39

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Channel Establishment - 2

40

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>

Location Update Procedure - 3

MS RR CHANNEL REQUEST RR IMMEDIATE ASSIGNMENT

NETWORK

MM LOCATION UPDATING REQUEST

MM AUTHENTICATION REQUEST MM AUTHENTICATION RESPONSE

RR CIPHER MODE COMMAND RR CIPHER MODE COMPLETE

MM LOCATION UPDATING ACCEPT MM TMSI REALLOCATION COMPLETE

RR CHANNEL RELEASE
41 Copyright © 2008 Nokia. All rights reserved. <04-Mar-09> <doc id> / <version and status>

Authentication Process
• • • • • • On mobile startup the MS sends its IMSI to the Mobile Operator requesting access and authentication. The operator network searches its database for the incoming IMSI and its associated Ki. The operator network then generates a Random Number (Rand) and signs it with the SIM’s Ki computing another number known as Signed Response (SRES_1) using an algorithm A3 The operator network then sends the RAND to the MS that also signs it with its Ki stored in SIM and using A3 and sends the result (SRES_2) back to the operator network. The operator network then compares its computed SRES_1 with the SIMs computed SRES_2. If the two numbers match the SIM is authenticated and granted access to the operator's network. Algorithm A3 is operator specific and not specified. Only the SIM and HLR/AuC know it

42

Copyright © 2008 Nokia. All rights reserved.

<04-Mar-09>

<doc id> / <version and status>