This action might not be possible to undo. Are you sure you want to continue?
in any form or by any means without the prior written permission of the author, or Security Domain Proprietary Limited.
GSM - Global System for Mobile Communications
The purpose of this report is to describe in easy terms what GSM is and how it operates. It is intended that it will provide both management and technical staff with an understanding of the services that GSM can provide, the components that make up a GSM network and the way that these components interact. As such, it should be of benefit to all organisations that have a direct or indirect involvement with mobile communications, whether as service operators, providers, equipment manufacturers, vendors, consultants, regulators or, most importantly, users. Each major section begins with a high level overview of the subject, before descending into lower level technical descriptions. This is to allow readers to glean overview information about particular subjects or to use the document as a reference guide without having to wade through technical descriptions.
GSM is still evolving and will continue to do so for a number of years. While the majority of the initial work to enable the system to function has been completed, subsequent services are being defined that may require a change in the operation as specified at the end of the Phase 1 work schedule. As a consequence, it should be noted that while every effort has been made to ensure the accuracy of the information within this document, the author, contributors, publishers and sponsor, in particular Security Domain Proprietary Limited and the sponsor of the report, Telecom Australia, their associates, employees and agents, are not responsible for errors or omissions, actions, or the results of any actions, taken or omitted to be taken upon the basis of information in this document. The author, contributors and publishers expressly disclaim all and any liability (whether arising by reason of negligence or otherwise) to any person or corporation whether in receipt of this document or not, in respect of anything and the consequence of anything done or omitted to be done in reliance, whether whole or partial, upon the whole or any part of the contents of this document. This document is produced as a guide only and for up to date changes, reference must be made to the documentation produced and issued by the European Telecommunications Standards Institute (ETSI).
This report follows, as far as possible, the conventions used within GSM
Copyright ©1991, Michael Clayton
GSM - Global System for Mobile Communications recommendations. This is done to ensure a familiarity with the terms used if the reader subsequently refers to the recommendations. Also, it should be noted that there is often an important distinction between two apparently similar terms or entities used within GSM, which may confuse the reader. Some of the more important ones are: Subscriber Identity Module (SIM) A Subscriber Identity Module is a smart card which holds all the information required to identify a particular subscription to a mobile service. Mobile Equipment Mobile equipment constitutes a device which has the ability to communicate with the GSM network, but which does not hold any subscriber related information. Mobile Station: A piece of mobile equipment with a valid Subscriber Identity Module (SIM) inserted is termed a Mobile Station. The distinction in this case is that a piece of Mobile Equipment cannot (ordinarily) make or receive calls, since no subscription information (stored in the SIM) is available. The insertion of a valid SIM into the mobile equipment, to make a Mobile Station, is required to enable accesses to the GSM network. PLMN: The GSM Network is termed a Public Lands Mobile Network, or `PLMN. In many GSM documents, references are made to the term network and the term PLMN, the meaning of which is dependent on the context. In this report the term PLMN refers to a GSM network only. Distinctions between different PLMNs is made by refering to the Home PLMN or HPLMN (the network which holds the subscription to the service) and Visited PLMN, or VPLMN (any roamed-to network). Network Operator: The term Network Operator refers to the Operator of a GSM PLMN. It is possible that this Network Operator could also be the operator of more than the GSM PLMN, but for the sake of clarity, in this report the term only refers to GSM. Reference to Operators of non-GSM networks, is made using the network type, i.e. Public Copyright ©1991, Michael Clayton
they are indicated in the text. Michael Clayton Page 3 .GSM . For further information see the glossary of acronyms at the end of this report.Global System for Mobile Communications Switched Telephone Network (PSTN) Operator. Copyright ©1991. Where other important distinctions exist.
and the poor quality. the concept of commercial cellular radio evolved. Michael Clayton . is to reduce the interference by one cell on others around it. So the service is a very efficient user of what is a limited resource. the available frequencies could be quickly used up. Prior to cellular. Much can be gleaned from analysing the history of how it grew.1 The Cellular Radio Concept6 In the early eighties. This process is totally automatic and requires no special intervention by the user. radio phones were limited to just the one transmitter covering a large area. Frequency Re-use in GSM2 Figure 1: Page 4 Copyright ©1991. but this is avoided by allowing non-adjacent cells to use the same frequency. Once this was realised. the capacity of the cellular system could increase enough to make it a commercially viable proposition. Each has limited power output so that the coverage of one transmitter is restricted to a small area. but it is a complex technical function requiring significant processing power to achieve a quick reaction. Another reason for using small cells and limiting the power output from each. While this was sufficient for pioneer users who needed to be specifically trained to use it. present and future. 2. In cellular the problem is solved by handing the call over to the next cell. the same frequencies can be re-used many times. Cellular systems sprang up around the world. As long as they are far enough apart not to cause each other interference. the high cost. particularly in respect of the relationship between GSM and other technologies. Cellular radio differs from the radio phone service because. In doing this.GSM . instead of one large transmitter. the RF spectrum. In the radio phone service there was no solution and the call was lost. one of the first problems to solve is what happens when a person using the phone in one cell moves out of range of that cell.Global System for Mobile Communications 2 GSM STRUCTURE5 This section deals with the route by which the present GSM offering was reached. the service could not be sold to any great extent because of the limited capacity. As a result. many small ones are used to cover the same area. but it was in Europe that the potential of cellular was most fully realised. known as a Cell. which is why the service area was so large.
the Conférence Européanne des Administrations des Poste et Télécommunications (CEPT) set up a group to study this harmonisation of a panEuropean cellular system. the latent demand consistently outstripped predictions. In America the Advanced Mobile Phone Service (AMPS) was used. Hence. in 1982. and the United Kingdom (UK). What was needed was a new system which had increased capacity and was versatile enough to incorporate any foreseeable future advances in telecommunications technology. It soon became clear that a similar policy could easily be applied to cellular. and called Total Access Communications System (TACS). into one. Soon the networks were becoming congested. but the work quickly moved on from there. European Participants in GSM14 Figure 3: Proponents of each different system tried to get their system adopted around Europe. At the same time Europe was consolidating into "One Market" and part of the process was to ensure an overall telecommunication standards policy. Within the Scandinavian pocket of NMT in 1981.GSM .2 GSM Standardisation7 Over the period of evolution for cellular many different systems were born. The significance of this was that each pocket was isolated from the next because the fundamental technical differences in the systems precluded roaming between them. Michael Clayton Page 5 . but the key to its success had to be standardisation of the many formats available. and the quality of service suffered. allowing universal interconnect. Copyright ©1991. especially within Europe. The Scandinavian countries of Norway. 2. This was seen as a breakthrough because international roaming could open up the European markets. with the result that small pockets of similar cellular networks grew. This initial mandate was to standardise the frequencies for use in cellular radio. This would be even more important if a subscriber could receive calls on a different mobile network. and in the Scandinavian countries the Nordic Mobile Telephone (NMT) system was devised.Global System for Mobile Communications In the Scandinavian countries. The force of such a move was apparent in the size of the potential market. from which the initials formed the acronym GSM. In France their system was called RC2000 and in West Germany (as it was then) the system was called NETZ-C. The group was named Groupe Spécial Mobile. by reducing the ödead timeì while travelling. In the UK the AMPS system was adopted with some adaptions. Sweden and Finland led the way by showing how restrictive this situation was. limited international roaming allowed subscribers from one country to use the cellular network of another.
to manufacturers of telecommunications equipment. but it was up to the standards committees of CEPT to ensure the acceptability of GSM. in line with the unified approach to telecommunications occurring in other fields.Global System for Mobile Communications 2. therefore set up in ETSI to coordinate and support the work done in the working parties. since it involves many countries who wish to run autonomous national PLMNs. These working parties are made up of interested members of CEPT.1 Concept of GSM The aim of a GSM Public Lands Mobile Network (PLMN) is to ensure that. It was decided that GSM should be moved to ETSI. and then let each country and national Network Operator do what they wanted in between. 2. such as Integrated Services Digital Network (ISDN). PT12 is mainly made up of employees of ETSI members on secondment to ETSI. This is no small task. when the European Telecommunications Standards Institute (ETSI) came into being.2. Michael Clayton . the best solution possible was adopted and where compromises were inevitable. should be uniform across all GSM PLMNs. confusing the subscriber. There was only one way this could be achieved and that was to design a completely new network which was acceptable to all member countries and adopted by them. four working parties were set up to ensure that all aspects of the study were covered by the most appropriate and expert people. with all the charges referred back to this home subscription and charged in the home currency. Page 6 Copyright ©1991. The minimum requirement to enable this international roaming was for these GSM PLMNs to be able to talk to each other. Since the scope of the work was broad. By this co-ordinated approach. service will be available using just one subscription to GSM and one number. A Project Team (PT12) was. wherever the subscriber goes within coverage of a GSM system in any country. This was unacceptable and so it was stipulated that the GSM service. One way this could be done would be to define the interface between PLMNs and between the mobile phones and the PLMN. the most acceptable route was always taken. Like most of the Project Teams within ETSI. as a whole. The adoption of GSM was taken care of by a GSM Memorandum of Understanding mentioned later. The problem with this solution was that a consistent GSM service could not be guaranteed. and later the European Telecommunications Standards Institute (ETSI) and range from operators of telecommunications networks. The same service in different countries could look and act totally differently.3 ETSI-GSM8 The work continued under the control of the CEPT until 1988. and for the mobile phones to be able to access any GSM PLMN.GSM .
but there are several potential additions. An important sub-group to GSM1 is the Subscriber Identity Module Expert Group (SIMEG). the United Kingdom (UK) was added. etc. called the Services and Facilities group. paging. Indeed. Very soon thereafter. 2. This group reports to GSM1 and concentrates on all aspects of the Subscriber Identity Module (SIM). to the facilities required to ensure that security is maintained.1 The Role of Working Parties The design procedure adopted by ETSI-GSM is that of a top-down approach. When this is achieved. a potentially large market will be opened up for GSM. This group. in some cases.GSM . France and West Germany in 1986. some of the parties involved began to realise that the potential of this technology was dependent on the universal adoption of GSM. The work done in these groups is by no means complete. the first being between Italy. but there is much still to be done for phase two. At present the number of signatories is 22. and will considerably enhance the versatility of GSM. New services have been outlined.3. the services to be offered will exceed those offered in fixed ISDN telephone networks. location updating. This group holds an important responsibility. which deals with the low level radio sub-system required to support GSM. the smart card used in GSM. GSM4 controls the data applications of GSM.Global System for Mobile Communications 2. ranging from the types of bearer services and supplementary services. and it is divided into three distinct areas.) Working party B is concerned with the signalling necessary within the PLMN and working party C deals with the supplementary service signalling requirements. the definition of GSM standards normally starts with GSM1.4 The GSM Memorandum of Understanding9 As work on the standards progressed. Michael Clayton Page 7 . Finally. A frozen set of some 137 specifications exists for phase one of GSM. Agreements sprang up between interested parties. Working party A is concerned with the signalling required for Mobile Station control (access. defines the requirements for the system. As a consequence. Copyright ©1991. for it must design GSM to allow data to be transmitted with ease across the PLMN. Its work ranges from defining the types of channels needed for GSM to the channel coding used over them. The responsibilities of GSM3 are concerned with PLMN signalling. which will utilise the existing system. These range from the requirements of standard synchronous and asynchronous data to specialised data applications such as the Short Message Service (SMS). The next working party is GSM2 named the Radio Interfaces group. and in 1987 a full Memorandum of Understanding (MoU) was signed by 13 members of GSM.
In addition. some signatories have stated that they will not meet the deadline. there is no reason why these services can not be implemented prior to the dates set. As a consequence. with an agreed list of services to be supported. several other dates have been identified. These groups meet regularly and report back to the MoU Plenary. but conversely some signatories have started service already. and so members of these Rapporteur Groups must understand the technicalities of GSM. Michael Clayton . However. Some groups are more active than others at this stage of the implementation. At the time of writing this report. one of the conditions of the MoU is an agreement to implement GSM within a particular timescale.Global System for Mobile Communications Figure 5: The countries within Europe which are taking GSM6 The aim of the MoU is to ensure that GSM becomes a commercial product. sometimes to the extent that representatives attend both areas.GSM . A broad range of issues are covered by the MoU sub-groups. but it is expected that all will have a major part to play in the near future. and so under it come issues such as billing and type approval. Page 8 Copyright ©1991. commercial issues often impact on the technical specification (and vice versa).1 MoU Sub-Groups Just as in the ETSI standards body. The apparent delay by some should be viewed in the light of the size and quality of the existing analogue networks. 2. It should also be noted that all signatories have emphasised that they are committed to the implementation of GSM. where the work is broken up into expert groups. As a consequence a close working relationship between ETSI and the MoU is maintained.4. The timescale set for start of services is by January 1st 1992. a list of which is shown in Annex 2. The MoU is essentially the commercial arm of GSM. The MoU is not a legally binding document. so it is with the Memorandum of Understanding (MoU). which correspond to the implementation of remaining services. run by those signatories. However.
In pragmatic fashion. the United Kingdom (UK) saw the first cordless phones as illicit imports. or which are already in operation. In CT1. British Telecom (BT) and the government radio regulatory authority.Global System for Mobile Communications 3 OTHER TECHNOLOGIES10 GSM is not alone in providing greater freedom for the mobile subscriber. in the CEPT system.5 MHz.GSM . Furthermore. During 1979. compared with the 914-960 MHz of the CEPT system. These last two failings were perhaps two of the main reasons why British Telecom (BT) decided to take action.7 MHz and 47. 3. Michael Clayton Page 9 . However. when it first hit the market there was no cellular alternative which tended to limit its possibilities. but the main ones of note are the different frequencies used and the way channels are allocated. and these phones caused troublesome interference. the Department of Trade and Industry (DTI). It is worth noting at this point that. the channels are allocated dynamically on a per call basis. since invariably the operator was blamed for poor quality and disputed accounts. with the exception of France. Some of these features were thought to be Copyright ©1991. British Telecom (BT) in conjunction with the DTI devised a new specification for cordless telephony which would correct the deficiencies of the illicit phones and yet be competitive in price. This section deals with the most prominent ones. the frequencies used are 1. There are other technologies which are in the process of being defined. Also. This specification was called Cordless Telephony 1 (CT1). The problem with the illicit phones was that the frequencies they used were already allocated for marine and broadcast television use. the quality of speech was not good and there was no dialling security meaning that other people could easily use your account. once some evolution had occurred. Indeed. and in 1983 the product reached the market. With the introduction and subsequent growth of demand for mobile communications as a result of cellular. it was even seen as a cheaper alternative to cellular. People took to them immediately and by 1981 the flourishing black market came to the attention of the national operator. the rest of Europe had adopted a different solution under the auspices of the CEPT. An example of how this occurred can best be seen from examining the United Kingdom experience. The differences between these systems are fundamental. cordless telephony took on a new impetus.1 GSM and Cordless Telephony11 Cordless Telephony is a technology which developed entirely separately from cellular and was designed for a different market.
British Telecom.GSM . It must be emphasised that CT2 was originally designed as an extension to the existing domestic fixed telephone line. in urban areas.2 Telepoints The scenario for Telepoints started from the versatility of CT2. set out to devise the next generation.1. that of Telepoints. A normal cordless phone package would comprise a base site and a matching mobile phone. Ferranti. but it was realised that another problem would soon become apparent.1. for owners to log-on with their own phones and make outgoing calls. Motorola. 3. the underlying technology was digital. and were subsequently adopted in the next generation of UK cordless phones . It is therefore ironic that the original concept. but it should be noted that it is substantially different to GSM. As one might expect. of a next generation cordless phone as an extension to the domestic line. CT1 only allowed for 8 channels. Hence. again in conjunction with the DTI. While CT2 may use a similar RF transmission format to GSM (Time Division Multiple Access (TDMA)). it became apparent that there was another dimension to the CT2 technology. and despite the limited range of 100m it was seen that. there were still some problems to be resolved. 3.1 Cordless Telephony 2 (CT2) The release of the CT1 phones solved the immediate problems with cordless telephony. However. It was only a short step from there to providing public base sites.Global System for Mobile Communications advantageous. However. Shaye. and GPT were also involved and came up with a similar specifications to British Telecom (BT) and submitted then to the Department of Trade and Industry (DTI) which was required to adjudicate and choose between the competing systems. since this is the most spectrum efficient commercially available technology at present. a great deal of the control is maintained in the handset in CT2 whereas in GSM this is done in the PLMN (Public Lands Mobile Network). CT2 at 864 MHz.Cordless Telephony 2 (CT2). The exact details of the format of CT2 and how it works are outside the scope of this report. With CT2. To be allowed to do this. Michael Clayton . as work progressed. with several companies vying for a licence to operate such a service. an added feature was the ability to add more handsets to the one base site. or perhaps to add temporarily a visitor's handset to the existing base site. congestion would occur. The result was Page 10 Copyright ©1991. It was an exciting time for cordless telephony. British Telecom was not the only company concerned with CT2. was left by the wayside in the rush. It was seen as a cheap alternative to cellular which could be aimed at the domestic market. a subscription was necessary with all call charges being billed directly to the user.
Instead. However. which are that it cannot receive incoming calls or perform handover. These shortcomings are in the process of being resolved both in the UK and in Europe. the DECT standard was developed to incorporate the best of these two standards. CEPT invented their own cordless telephony standard. This situation is the direct result of the slow takeup of the service resulting from a poor perception in the market place. Copyright ©1991.3 Digital European Cordless Telephone (DECT) The European initiative in cordless telephony was begun in 1988. DECT is specifically designed for less demanding radio environments. Instead. Therefore. Phonepoint (BT consortium). is a result of the perceived problems with Telepoint. PhoneZone (Ferranti consortium) and Callpoint (Mercury). The technology adopted by DECT is Time Division Multiple Access (TDMA) which is similar to that used in GSM and is described later in this report. The interested companies got together.Global System for Mobile Communications a compromise. Rabbit (formerly a Barclays/Phillips/Shell consortia which sold out to Hutchison Telecom). In the meantime.1. with the Public Access Cordless Telephony Service (PACTS) it is expected that support of handover will remain restricted. decided to wait for the emergence of the CAI technology. there is little provision of the complex features found in GSM to cope with dynamic reflections of signals. In Australia. the only thing required to complete the evolution of the CT2 standard. which may spearhead a new release of Telepoint. at the time of writing the status on Telepoint is that both Phonepoint and Callpoint have suspended operation (possibly indefinitely). both British Telecom (BT) and Ferranti put together consortia and both received a licence. A clause was added to the licenses stipulating that they must be operating on a common standard by the end of 1990. Michael Clayton Page 11 . After much selling in several forums this failed. 3.GSM . However. This in turn. started service with proprietry technology. or the Doppler effect of fast moving mobiles. while GSM is designed for diverse conditions and can cope with high interference factors. However. ZonePhone has been sold and has an uncertain future and Rabbit has not started service. with a third consrotium led by Mecury and fourth going to an independent consortia. Three operators. whilst the fourth. from the UK perspective. and eventually came up with the Common Air Interface (CAI) which all agreed they would implement in time. since many of the companies went ahead with their own solution in any case. Indeed. Telepoint has not fullfilled the potential which was forcast for it. was adoption of it within Europe. The CEPT decided that the Digital European Cordless Telephone (DECT) standard should not be based entirely on the UK CT2 (CAI) or the so called CT3 standard developed by the Swedish company Ericsson.
2 GSM and Personal Communications Networks (PCN)12 At the start of cellular service in 1984 in the United Kingdom. Handover is another area where DECT differs from GSM. signals can travel much further than desired due to reflections off buildings. at a power of approximately 250mW. If more cells are put in to cover the same area. Whereas GSM employs pre-planned frequency allocation for each base site. automatically searches for a free channel which it seizes for the duration of the call. Finally. it is costly. the channel reverts to the pool for general use. The range has been put at 500m (optimistically) to 100m (realistically). where TACS stands for Total Access Communications System. especially the profits being made.Global System for Mobile Communications Coupled with this is the low range of DECT.9 GHz frequency spectrum. DECT has a pool of frequencies and dynamically allocates them (as in CT2). like CT2. the existing analogue network. Nobody quite realised that such meteoric growth would occur. whereas DECT will have this feature available as part of the standard. the Government negotiated for a temporary extension to the spectrum which was called Extended TACS (ETACS). in urban areas. In effect. Some major differences to GSM are evident in the way DECT works. The British Government were watching the scene with great interest. not least of whom were the Operators who had trouble keeping up with demand. The use of DECT in the office could be an exciting application of cordless technology. Another way to squeeze more subscribers onto the cellular network is to increase the spectrum available and put more channels in. There is a practical limit to how small the cell can be since. In Australia the Public Access Cordless Telephone Service (PACTS) is seen as a ötethered radioì technology insofar as inter-cell handover will not be allowed. the PLMN makes that decision based on information provided by the Mobile Station. the quality of service was not always what it could have been and one excuse given for this was the lack of spectrum available. because in DECT the handset defines when a handover should occur. While it is technically possible to overcome this. Once the call is finished. (GSM has a maximum power limit of 20W). the size of the cell has to be reduced. it should be remembered that DECT.88-1. there was a huge latent demand. It is expected that DECT will operate in the 1. Despite the success of TACS. Michael Clayton . the demand for cellular radio was used to justify the decision to deregulate the telecommunications industry and introduce competition. 3. To this end.GSM . The user's handset. However. in conjunction with the base site. In GSM. can also be used as an extension to a domestic fixed line or an office PABx (Private Automatic Branch Exchange). the penetration of cellular radio into the United Page 12 Copyright ©1991.
Higher frequencies tend to Copyright ©1991. The potential market was still large. There are some advantages to using the 1. In most European countries. Though there was little knowledge at the time on the effect the increased capacity of GSM might have on the cellular penetration. at approximately 18 phones per 1000 head of population compared with Scandinavia where it is approximately 42. small handsets were seen as viable and this gave rise to the idea of personal communications carried in the pocket. while the discussions continued about what PCN should be. It is this last point which gives rise to much of the confusion over PCN that exists today.8 GHz).1 Digital Cellular System (DCS 1800) The next step was to get it agreed in Europe which was not an easy task. First. Michael Clayton Page 13 . there was work to be done to define what the technical content of it would be. The question most asked of the PCN Operators was what the actual difference was between PCN and GSM and.8 GHz spectrum. The initial idea for PCN was to set up a sub-group within European Telecommunications Standards Institute (ETSI). These small mobile phones would work on a network specifically designed for them and this in turn gave birth to the Personal Communications Network (PCN). because of the nature of the 1. the Government decided to open up a new spectrum to allow further competition. The British Government published a consultative document called Phones on the Move. the only tangible difference was the frequency used. but should it be a new standard or an existing one? The timescales envisioned for PCN meant that an existing one had to be used. The newly licensed British PCN Operators unanimously chose GSM. In Australia. as to what PCN really should look like. there was no real consensus at the time. Secondly. not least of which is its short range. with the choice between GSM and DECT.8 GHz frequency for mobile communications. in the end. 3.Global System for Mobile Communications Kingdom (UK) is quite low.2. to use their phraseology. The emphasis of the Government was to open up the domestic market. it stands at approximately 15. This fell on deaf ears for the simple reason that Europe was not convinced that Personal Communications Network (PCN) was really required. but it was evident that the 900 MHz spectrum would not be large enough to cope with demand. The second point regarding a European standard was adopted. or to provide öresidential deliveryì. Also. in line with the International perception that future mobile systems would operate at around 2 GHz.GSM . it was overwhelmingly thought that PCN should be based on a European standard and lastly. GSM was expected to open up the different market segments at which PCN was aimed. However. it was evident that PCN had real potential which could be pursued immediately. Three things arose from this. This was in the range of 1710 MHz to 1900 MHz (~1. separate from GSM. and invited comments. the analogue cellular networks had not attracted subscribers in anything like the numbers experienced in the United Kingdom. or so it seemed at the time.
However. other than the frequency used. For roaming. at a competitive price. between GSM and DCS1800.7 times as many DCS cells than GSM cells to cover the same area. This is due to the limited range of 1. To distinguish this work from the GSM work. the subscriber must choose which network to use.an application of sophisticated marketing utilising the best of technology. has been quoted. It should be emphasised that there is no real difference. while appearing to stay on the home network. making DCS1800 more economical and possibly more competitive with some existing analogue networks. and makes DCS1800 expensive to implement. The DCS1800 standard constitutes the GSM recommendation set. there is a difference with regard to PCN that is worth noting. and indeed some GSM Operators have said they will do so.2 What really is PCN? It has been mentioned that PCN can mean all things to all people. there is no real reason why GSM at 900 MHz cannot offer PCN services. Also there must be agreements between the Operators and the Government to ensure that fair play occurs. the advantage to using this technique is that the cost of rollout is reduced in the short term. a lesson learnt by the PCN Operators. since all Operators will cover the profitable areas. it was called Digital Cellular System 1800 MHz. here was an advantage that could be utilised. so that the subscriber can move from one to the other without knowing it. and so it was decided to allow work to be done within the existing GSM working parties. but effectively. by allowing different Operators to cover different areas. not to be confused with roaming. The roll out of DCS1800 (to form the PCN network) requires many more cells than GSM at 900 MHz.2. Michael Clayton . The solution to this was to introduce infrastructure sharing. this applies more to the less profitable areas. The idea behind this is to ensure that DCS1800 rolls out more quickly. Hence. it is a concept . A figure of 2.GSM . from the author's point of view. when used around the home. and to share each others coverage. or DCS1800. but are reflected more easily. Even so. The key is the mass market and concentrating on this aspect is the most effective means of describing how it could be applied. Infrastructure sharing involves an interconnection of two different networks. with 11 extra supplemental recommendations called öDeltaì recommendations. when outside the coverage of the home network. 3.8 GHz. Obviously. Notwithstanding the marketing motivations for PCN. and this gives rise to containment of the RF signal to very small cells: micro-cells.Global System for Mobile Communications be attenuated quickly. which is also available for DCS1800. Take a sample family of two adults and some children. PCN really will have to be marketed well before it realises its full potential. However. is billed to the domestic Page 14 Copyright ©1991. Each of the members has a Mobile Phone which.
and the adults could receive calls while at the local shops. DCS1800 and Digital European Cordless Telephone (DECT). for instance. The analogy with what exists at present is a house with a cordless phone base site and several handsets.GSM . or sub-number attached to the domestic home number. The children could be reached at the playground or at school. which could act as a öclocking inì reference. Indeed this is one way of implementing PCN around the home. and in so doing utilise a different.Global System for Mobile Communications account. would increase the range of communications for that family. for that person. The 900 MHz spectrum is less prone to the speed limitation. then their phone would incur an extra subscription charge and higher call charges for those calls made while travelling. is put at about A$650 million. and even then it is a long term return. It could be that a PCN as described above will come as an amalgamation of several existing services. such as GSM. the same phone can then become the office phone. It is envisaged here that each phone has a different telephone number. and some friends. such as parents. but the key must be the mass market and economies of scale. more processing power is required for handover when travelling at speed. When one. only slightly higher than domestic charges. Calls to the personal number still get through but in addition. For instance. the cost to implement some 500 DCS1800 cells in Europe. eventually the service will come. GSM marks one of the first steps towards it. parents commutes into work by car or train. since it does not need to handover quite so often. and more suitable network. business calls are also directed to that phone. a far more cost and frequency effective method is to use a micro-cell to cover a housing estate. As a rough estimate. There could be a process of logging-on to the business service. or it could be set up on a time basis wherever the subscriber is located. On arrival at the place of work. A great many calls must be made to pay back an investment such as that. In the meantime. One of the difficulties with DCS1800 is that because of the smaller cells. or both. Copyright ©1991. the children could have a phone limited to a few set numbers. In conjunction with the service offered. The timed logging-on may well be particularly appropriate for sales teams. With a little imagination. In this way a charge. each member of the family would have a phone best suited to their needs. doctor. However. but all could be easily updated by buying new equipment and inserting the Subscriber Identity Module (SIM). The possibility exists here for the phone to be put into an adapter. any service could be tailored to any need. The parents could have more sophisticated models. using the office number. However. school. Michael Clayton Page 15 .
In America. it is based on an interleaving of digital technology into the analogue spectrum. Indeed.6 GHz. such is the demand for spectrum in Japan that the new cordless telephone services could be introduced directly at 2. The acutely limited spectrum available in Japan will probably be saturated by 19941995.GSM . Called Digital Advanced Mobile Phone Service (DAMPS). though there have been some problems keeping the interference between the two technologies to an acceptable level. and so the digital system could well be transplanted to 1. It is yet to be seen what form the overlay of a digital network onto the present analogue network will take. Michael Clayton .Global System for Mobile Communications 3. The other contender is a Japanese system proposed by the Japanese state operator NTT. The increased capacity is expected to quadruple the channel usage that is possible with Advanced Mobile Phone Service (AMPS). the extreme lack of available spectrum to introduce a new cellular standard has forced the USA to focus development on a digital enhancement to the existing analogue standard.3 International Rivals to GSM13 There are two main rivals to GSM in the international arena. using dual mode mobile phones. but the solution may be shortlived.5 GHz. This is expected to be an issue in the future since some analogue channels will be retained to continue to allow inter-operator roaming. Page 16 Copyright ©1991.
Global System for Mobile Communications 4 GSM COMPONENTS14 The complete GSM Public Lands Mobile Network (PLMN) is an extremely complex machine. It allocates the channel for each Mobile Station to use for calls. It then monitors the link between them and finally Copyright ©1991. This is provided by Mobile Services Switching Centres (MSCs). Finally. that it is broken down into various functional layers dealing with specific areas. cells. The purpose of the BSS is to manage all aspects of this RF uplink and downlink. or a number of. the GSM service. so that the Radio Frequency (RF) signal does not travel very far. which provides radio coverage of a GSM service area. using the appropriate Mobile Station (MS) or mobile phone.GSM . the switching function. and dictates the power each should use.1 Base Station System (BSS)15 The Base Station System (BSS) constitutes the function used to give radio coverage for one particular. In GSM. This is done using Location Registers. It is not surprising. that the subscriber can make calls. It is by doing this that the same RF channel can be used many times over in non-adjacent transmitters without much interference. or continue to use. Radio traffic passes between the BSS and the Mobile Stations (MS) on the radio uplink (Mobile Station to PLMN) and the downlink (vice versa). with the addition of a radio subsystem on the end to provide the mobility function. which could not be done unless the channels were used as efficiently as possible. namely the radio channels. This is dealt with by the second layer of a GSM PLMN. allowance must be made for the subscriber to move from cell to cell and still obtain. The areas covered by the limited range transmitters are the radio öcellsì of the system. must service this large area. but with more versatility. It is from within this specified coverage area. information on them needs to be stored in a central place for easy access. It can be likened to a complete fixed telephone network. Since the point of cellular radio is mobility. It is similar to that function found in a fixed telephone network. in order to monitor the status of particular mobile subscribers as they travel across the PLMN. Michael Clayton Page 17 . Consequently. A limited resource. At the lower level of the PLMN is the radio subsystem. there is a requirement for tracking of subscribers and handover of an ongoing call to the next cell. each one serviced by a base site. to provide communications. 4. part of this efficiency is achieved by using standard cellular technology and providing many transmitters each with a limited transmitter power. therefore.
there is an option for a Network Operator to allow the BSS to perform autonomous internal handovers between different channels on the same cell. Consequently. it defines the configuration of radio channels in respect of their use as traffic channels or signalling channels. The Base Station System is broken down functionally into two component parts. When a handover is required. This may be required where a channel in use would be more appropriately used by another Mobile Station. using an encryption key. either because the call has ended or the subscriber has been handed over to continue the call in another cell.1. that of a Base Station Controller (BSC) and a Base Transmitter Station (BTS).1. This information is then used by the MSC to determine when it is appropriate for that Mobile Station to be handed over. forming a Base Station System. A similar encryption function takes place in the Mobile Station.2 Base Transmitter Station (BTS) The Base Transmitter Station (BTS). The Base Station Controller is the function within the BSS that controls the transmitter/receiver units within a BSS. Figure 7: Base Station System Configuration8 4. It also collects data on the measurements of adjacent cells which are made by the mobile station and transmitted to the PLMN. These are analysed by the BSS to find out which cells the call could successfully be handed over to and the result is passed to the Mobile Services Switching Centre (MSC). and a number of these BTSs will be linked to a Base Station Controller. it is normally ordered by the Mobile Services Switching Centre. the Transcoder.1 Base Station Controller (BSC) The BSS can control one or more cells. which is also passed from the Mobile Services Switching Centre. Page 18 Copyright ©1991. or between cells controlled by the same BSS. A third part. is normally associated with the BSS. However. 4. which correspond to the cells. constitutes the physical equipment required to communicate with the Mobile Station.Global System for Mobile Communications controls the release of the channel when the call is over. Michael Clayton .GSM . The BSS also carries out the encryption of all data being transmitted. For each cell there is a BTS. This last function would be in response to a command from the Mobile Services Switching Centre. and simply controlled by the BSS. Other ancillary functions of the BSS relate to ensuring that the cells are run efficiently.
1.2 Mobile Services Switching Centre (MSC)16 The Mobile Services Switching Centre (MSC) can be thought of as the interface between radio part and the fixed. In GSM.Global System for Mobile Communications 4. but in GSM the dialled number is associated with a subscriber who could be anywhere. These are concerned with monitoring of radio resources. for transmission over fixed lines. but in GSM. Within this area the MSC controls all the switching functions for Mobile Stations located in any of the cells. MSC Configuration10 Figure 9: In addition. Because of the difference. a dialled number will always be associated with a fixed location. In some cases. In the fixed telephone network.GSM . 4. What makes the Mobile Services Switching Centre (MSC) different from switches in the fixed telephone network. is different from that used by fixed networks. for incoming and outgoing calls. and dictating when and where handoffs are to occur. This means that a higher data capacity must be provided by the fixed network than is available in GSM. As in the fixed network. In order to make this task a little more orderly. part of the GSM Public Lands Mobile Network (PLMN). is that the MSC must cope with the mobility of the subscriber. using particular characteristics of speech which allow the amount of data to be reduced. containing several Base Station Systems (BSS). the analogue speech is directly encoded into digital data as if it were a sound like any other.3 Transcoder The nature of the encoder used to change speech into digital signals within GSM. it is also the interface between the GSM PLMN and other networks. The MSC must also register and update information kept in central storage entities. or transit. the encoder has been designed to encode just speech. because of the mobility requirement of the Mobile Stations. it is normally considered a part of the BSS irrespective of its geographical location. a transcoder is used to change GSM speech data into fixed network speech data. each Mobile Services Switching Centre (MSC) has a service area under its control. Michael Clayton Page 19 . the MSC has to perform extra functions on top of pure switching. This function could be carried out at the BSS or at the Mobile Services Switching Centre. Since there is no guarantee that the Mobile Station will remain in one Copyright ©1991. On the fixed telephone network. GSM needs to route calls through the network by öswitchingì them to the correct destination.
4. or Network Operator option. This is a database which temporarily stores information on each Mobile Station within all the MSC areas served by that VLR. which cell) and some data associated with the subscription and supplementary services. calls may be fed into the PLMN at the most convenient point.Global System for Mobile Communications place for any length of time.GSM . but whatever form the PLMN takes. A similar process is done for incoming Page 20 Copyright ©1991. The size of the VLR and the number of Mobile Stations stored will dictate whether a VLR serves just one MSC or several MSCs. Whatever the reason.2. with the interface being a commercial matter agreed between the Operators of the PLMN and the connecting network. it is termed a Gateway Mobile services Switching Centre (GMSC). Irrespective of the choice. When an MSC is used in this way. the VLR is used as the reference by which the call attempt is tested and allowed or denied.1 Gateway MSC The configuration of a GSM PLMN can vary. it should be noted that there is nothing special about a GMSC and it is equally possible for all MSCs to act as Gateway MSCs. or for only a designated few to fill that role. or perhaps a barring program set up by the subscriber precludes it. Thus the type of information stored is the Mobile Station identity.3 Visitor Location Register (VLR)17 Associated with each MSC is a Visitor Location Register. and is only that required to enable the Mobile Station to make and receive calls while registered with the MSC. and centrally in a Home Location Register (HLR). However. a note of its location is kept in a central storage entity. it is possible for calls to come into it from many different points. Figure 11: Gateway MSC Configuration12 The choice of which Mobile Services Switching Centres (MSC) can act as Gateway MSCs is left as a national matter. the location area in which the Mobile Station was last registered (ie. it is unlikely that the operator of a PLMN will allow direct interrogation of the sensitive subscriber data stored in the Home Location Register. This information is stored locally in a Visitor Location Register (VLR). To deal with this. The information stored in the VLR is temporary. Whenever a Mobile Station makes a call. get the location and then route through to it directly and quickly. The difference only comes down to the provision of an external link. What is needed is an entity to act as a buffer. Any MSC trying to find a Mobile Station is able to go to the storage entity. It could be that the user has not subscribed to that type of call. or into a few central points for distribution. Michael Clayton . the MSC refers to the VLR to make sure that the requested call is permitted. and it falls to the MSC to fulfil this function. 4.
4 Home Location Register (HLR)18 The Home Location Register is the central database for all subscribers to the GSM PLMN. It is through this database that all administrative procedures are carried out by the Operator. For each subscriber. the VLR mainly controls the paging of the Mobile Station. When the Mobile Station roams into a new MSC area. The MSISDN is effectively the phone number of the Subscriber Identity Module (SIM). The HLR checks the call to see if it is allowed as part of the subscription. the HLR looks up the subscription record of that Mobile Station. Once the MSISDN has been used to identify the IMSI of the Mobile Station. the information is distributed to where it is required or requested within the PLMN. All information transfer involving the subscriber is done using the IMSI. Effectively. from this point. since all PLMN functions involving the subscriber are ultimately referred back to it. There are many VLRs in a GSM PLMN and so to avoid possible duplication in the PLMN. For incoming calls. the HLR stores and uses two important permanent numbers to route incoming calls: IMSI MSISDN International Mobile Subscriber Identity Mobile Station International ISDN Number The IMSI is a unique number which identifies each subscriber on the PLMN and is only used within the GSM PLMNs.GSM . Any new subscriptions or subscription changes are entered into the HLR and. at the same time. what services each subscriber is entitled to use on the PLMN. the new location is stored in the Home Location Register. the HLR passes back the last known location of the Mobile Station. not normally by the VLR. In it is stored all the necessary information on the identity of each subscriber.Global System for Mobile Communications calls. Copyright ©1991. and if it is. all the parameters associated with those services and where the subscriber is located or was last registered. becomes the Mobile Station. but by another register called the Home Location Register (HLR). which when inserted into the mobile equipment. this MSISDN is the external identity of the subscriber. Any incoming calls to a particular subscriber's Mobile Station are identified as such by the HLR interpreting the MSISDN and linking it to an IMSI. the information on it is retrieved from the Home Location Register for that Mobile Station and. Michael Clayton Page 21 . Mobile Station information is always referenced to a central database called the Home Location Register. 4.
need some form of identification which has Copyright ©1991. other VLRs and the Mobile Services Switching Centres (MSC). and they can be implemented together with other functions.Global System for Mobile Communications 4. all that need be sent is a random number one way. The larger components. Michael Clayton Page 22 . and the result the other. and that one specific SIM. 4. However. which must itself be situated in a secure environment. The Home Location Register (HLR) is connected to all Mobile Services Switching Centres (MSC) and Visitor Location Registers (VLR). A special calculation function known only by the AUC and a module in the Mobile Station called a SIM. such as the address of a Base Station System (BSS) from the controlling Mobile Services Switching Centre (MSC).5 GSM Configuration19 Not all of these components are connected together. as well as the Authentication Centre (AUC). there is also a connection to the Base Station Systems (BSS) under its control. These are normally Signal Point Codes and are not dealt with here. where it may be overheard. is performed in both using information known only by the HLR. The procedure is performed like this to ensure that no sensitive information is passed over the radio interface. the MSCs are interconnected.1 Authentication Centre (AUC) As the name suggests. The Visitor Location Register is connected to the HLR.4. with additional links to the HLR and VLRs. By having the calculation function in both places. then the authentication is accepted. AUC. Similarly. There is a hierarchy within the PLMN which corresponds to the levels in it. However. There is no interconnection between BSSs. the Authentication Centre is an entity used in GSM to perform tests and ensure that Mobile Stations are who they claim to be. There can be more than one Authentication centre in the Public Lands Mobile Network (PLMN).6 Addressing20 Each and every component of a GSM Public Lands Mobile Network (PLMN) has some form of identity which is used as an address to access it. however. If the results of both correspond.GSM . due to the secure nature of their function. it is expected that they will normally be associated with a Home Location Register. Figure 13: GSM Network Configuration14 4. In some cases this is a local identity.
and can be formed using the International Mobile Subscriber Identity (IMSI) of a particular Mobile Station.214). These are two components are the mobile equipment and the Subscriber Identity Module. This temporary number is called a Mobile Station Roaming Number (MSRN). which is the subject of the access. a national destination code and a subscriber number respectively (CCITT E. this temporary number points to the IMSI of the required Mobile Station. The second. can be achieved using Signalling Point Code. It is formed of three parts. in the other direction from an HLR to a foreign Visitor Location Register (VLR). Once connected to the VLR of the foreign network. but the IMSI of the Mobile Station which is the subject of the access is not used. So.164). for international access to the Home PLMN. 4. the Global Title points only to the HLR to avoid confusion. a temporary number is used which identifies the correct Mobile Station in the foreign PLMN. Whenever this is done. These translate internationally to a country code. However. Instead. a country code. or indeed perhaps one country. is the Global Title. universal address. It is formed in the same way. a mobile network code. 4.GSM . this Global Title can be treated as an ordinary ISDN telephone number. As long as a network can understand the significance of the information contained in an address. Both of these components are dealt with in separate sections. This Global Title is based on international standards principles (CCITT E. which is out of the scope of this report.8 Mobile Equipment22 GSM differs from existing cellular systems in that the mobile equipment is essentially a dumb piece of equipment. Michael Clayton Page 23 . Addressing within one PLMN. there are two components which are equally as important and without which the GSM PLMN is useless. an attempt to access the GSM PLMN using just a piece of mobile equipment will normally fail. it can route to the desired component. and a subscriber identification number. Similarly. and again acts like an ISDN telephone number. but it is worth briefly describing each here for the sake of completeness. a similar Global Title is used. The only situation where mobile equipment can access the GSM Copyright ©1991.Global System for Mobile Communications local and international (global) significance. More importantly.7 Mobile Station21 This section primarily deals with the GSM components which make up the PLMN infrastructure. This approach has been adopted so that flexibility can be put into the routing within different networks. There is no information programmed into the hardware of the device which identifies a subscription to the GSM PLMN.
a valid SIM must be inserted into the mobile equipment. but this is a national option. in order to make a call.GSM . It can be seen therefore that. This removable module contains all the information required to allow the GSM PLMN to identify the subscription to which call charges must be directed. with the mobile equipment supplying the physical means to access the GSM PLMN and the SIM providing the identity and subscription details.Global System for Mobile Communications PLMN without subscriber information is for an emergency call. This combination is referred to as a Mobile Station. The significance of this is that GSM will now enable the subscriber to carry his subscription details on a credit card sized piece of plastic. It also contains functions which provide security in isolation to the mobile equipment. The process of inserting the card into a piece of GSM equipment will allow any GSM phone to be that subscriber's own phone. Page 24 Copyright ©1991. these are supplied by the Subscriber Identity Module (SIM). Michael Clayton .9 Subscriber Identity Module (SIM)23 Since the mobile equipment does not contain subscription details. 4. making the piece of mobile equipment useless without one.
the Paging CHannel (PCH). some of which is transferred to and stored in it. a piece of Mobile Equipment (ME) becomes a Mobile Station only when a valid SIM is inserted. some will be traffic channels but others will be used for specific control purposes. are the primary means for the Mobile Station to access the PLMN and for the PLMN to öpageì the Mobile Stations. Michael Clayton Page 25 . Part of this information is the organisation of the signalling channels used within that cell. Once the Mobile Station knows where it is. collectively known as the Common Control CHannels (CCCH). the Mobile Station knows where to find. Of the channels used in that cell. These channels. therefore. In each cell. These are the Broadcast Control CHannels (BCCH). In the course of hunting for the HPLMN. which it does using the Random Access CHannel. It follows. Effectively.GSM . the Mobile Station it identifies which PLMN that subscription is valid for. amongst others. it always checks if a Subscriber Identity Module (SIM) card is present. the Access Grant CHannel (AGCH) and the Random Access CHannel (RACH). not just those of the Home PLMN. It then chooses the clearest BCCH of its Home PLMN and analyses the information contained in the messages broadcast. that GSM supports mobility management functions which allow this to be possible. Using the information stored on the SIM.1 First Registration25 Whenever the Mobile Equipment (ME) is turned on. and still be able to make and receive calls. It is called the Random Access CHannel because the PLMN has no idea when such an attempt will be Copyright ©1991. broadcast channels continuously transmit the identity of the PLMN together with other information which enables the Mobile Station to talk to it.Global System for Mobile Communications 5 GSM MOBILITY MANAGEMENT FUNCTIONS24 One of the major objectives of GSM cellular. it can inform the PLMN that it is now active. This SIM card holds all the necessary data to identify a mobile subscriber. 5. is that the subscriber is allowed to go anywhere within coverage of any GSM Public Lands Mobile Network (PLMN). Using this information. and with the knowledge of this HPLMN the Mobile Station hunts for that network. and is required to prove the validity of the subscription to the PLMN. This PLMN is termed the Home PLMN (HPLMN) for that subscription. the Mobile Station identifies all those BCCHs it can receive. This section deals with those functions which monitor the positions of the Mobile Stations across all GSM PLMNs.
is an indication of the type of services required. Meanwhile. The latter case is the preferred means of identification since it does not compromise the confidentiality of the subscriber. the PLMN can work out where to find the registration information. This is explained in the next section. so that identification can be verified. Even so. In this case the indication is for a basic service such as Location Update. and wait for the Mobile Stations to try again which they do after a random time interval dictated internally. On receipt of the IMSI. This is one of the very few times that an IMSI is sent over an open air interface. This allows the PLMN to apply some order of importance to the access attempts received.2 First Location Updating26 Once the Mobile Station re-tunes itself to the Dedicated Control CHannel (DCCH). the Mobile Station still sends a normal Location Update message. noting that there is no information available on the last registration. The information is stored there and kept while the Mobile Station remains within its service area. the HLR makes a note of where that Mobile Page 26 Copyright ©1991. within the access message sent. which is passed via the Mobile Services Switching Centre (MSC) to the Visitor Location Register (VLR) associated with that MSC. It is at this point that the VLR.Global System for Mobile Communications made. on the Access Grant CHannel (AGCH). that the new registration is first activated in the coverage of the Home PLMN. for now. 5. requests that the Mobile Station identify itself with the IMSI. Once identified. with a command to move to a different channel in order to keep the RACCH and AGCH free for access attempts by other Mobile Stations. it is asked to identify itself. This different channel is called a Dedicated Control CHannel (DCCH) The random access procedure is essentially the same for all types of access to the PLMN. Other Mobile Stations within that cell can also make attempts. It is assumed. then the IMSI is the only information that is available. an access is made to the HLR regarding this IMSI and the resulting subscription and security data is passed back to the VLR. with some fields left blank. Michael Clayton . the IMSI contains enough information to identify the correct Home Location Register (HLR) anywhere in the world. but even if this is not so. if the registration is new and this is the first time the Mobile Station has been switched on. If an attempt is successful the PLMN grants an access. or by supplying data which has been stored from the last time the Mobile Station accessed the PLMN. the PLMN ignores both attempts. If this occurs. However. and it is possible that two will try at the same time and collide. The identification information can be given in two ways: by an International Mobile Subscriber Identity (IMSI). The PLMN needs to know enough information to know where the subscription details for that Mobile Station are kept. However. for analysis.GSM .
These are unique to each and every SIM card. via the MSC and the Base Station System (BSS). is a cipher key generation process Copyright ©1991. 5. This is called the Authentication Algorithm or A3 algorithm. and the process has been designed to be as secure as possible.2. it takes the random number and submits it.1 Authentication Check This is the process by which the Mobile Station proves to the PLMN that it is the Mobile Station that it claims to be.GSM . and the expected Response (SRES). The used RAND/SRES pairs are then discarded by the VLR. and this is done by an Authentication Check.2 Ciphering Data Associated with the authentication process. to the A3 algorithm. Furthermore.2. The whole process relies on the fact a particular Ki is only known by one SIM. before the card is issued to the subscriber. will be a unique Signed RESponse (SRES) for that SIM. The mobile equipment passes the Authenticate message and random number to the SIM. and the random number to the A3 algorithm. Michael Clayton Page 27 . The mobile equipment passes the response (called Signed RESponse (SRES)) from the SIM to the VLR via the BSS and MSC. As part of the Location Updating the VLR will have pairs of RAND and SRES values stored for each Mobile Station. So if the response from the Mobile Station matches that stored in the VLR for the associated Random Number (RAND). These are associated values of the Random Number (RAND). not the mobile equipment. The next step is for the PLMN to make the Mobile Station prove it is who says it is. At a later stage. It is also the point where the difference between a Mobile Station and mobile equipment becomes apparent. When the SIM is given a command to Authenticate. since all authentication procedures are performed entirely by the SIM.Global System for Mobile Communications Station is now located so that it can route incoming calls to it. the result of which is an answer forming the response sent back to the PLMN. and also in a secure part of the card. Once the VLR has sufficient information about the subscription it sends an Authenticate message. to the mobile station with a Random Number which is called RAND. The mobile equipment only acts as a medium for the information flow. This algorithm is a complex calculation. together with its Authentication key (Ki). an algorithm is embedded into a very secure part of the card. 5. At some point. any information sent so far has not been protected. then the Mobile Station is positively authenticated. The Mobile Station is now known to the PLMN. the IMSI and an Authentication Key (Ki) are added. and so the result of presenting it. but there has been no check as to its authenticity.
is only kept and used while the Mobile Station is within a given location area. Each time a Cipher key is produced. The TMSI is allocated by the VLR. Normally. a temporary identification is used. It has only local significance. should always be accompanied by the Location Area Identity (LAI) defining where the TMSI was valid. Michael Clayton . the Kc is stored in the VLR with the RAND/SRES pairs but. The maximum value of this counter is four.GSM . Up to this point nothing sensitive should have been sent with the exception. is used later as a simple test for Cipher Key (Kc) compatibility. irrespective of its content. the Kc is passed to the BSS. Thereafter. On the PLMN side. As mentioned earlier. This is stored both in the SIM and in the mobile equipment for use in ciphering traffic between the Mobile Station and the Base Station System (BSS). after which it starts deciphering only. a counter called the Cipher Key Sequence number is incremented. This is done by the BSS sending a command to start ciphering. after which it starts from zero again. is for the PLMN to allocate a local identity. where the IMSI is sent. 5. and is passed to the Mobile Station only when Page 28 Copyright ©1991.3 Temporary Mobile Subscriber Identity (TMSI) The final process required for the first Location Update. normally that covered by an MSC/VLR combination. which the Mobile Station is now given in the form of a Temporary Mobile Subscriber Identity (TMSI). whereas the RAND and SRES are discarded after use. The TMSI. Assuming a positive authentication.Global System for Mobile Communications which uses the same random number RAND and another algorithm known as the A8 algorithm to produce a Cipher Key (Kc). as its name suggests. As soon as the Mobile Station successfully receives the command it simultaneously starts enciphering and deciphering. Figure 15: Cipher Start Sequence16 Finally the PLMN starts enciphering once it receives a correctly ciphered message back. but here the way it is turned on is dealt with. the Mobile Station is now ready to start ciphering all data across the air interface. The ciphering and deciphering processes need to be synchronised to avoid confusion. In all other situations.2. to be used for the ciphering of data over the air interface. everything sent across the air interface for that session is protected. The actual process of ciphering is explained later. which is why identification of the Mobile Station using a TMSI. in abnormal cases like a first registration. the ciphering process is started as soon as the Base Station System (BSS) and the Mobile Station have a Cipher key (Kc). sending an International Mobile Subscriber Identity (IMSI) over the air interface is only done in abnormal cases. A simple comparison of this number on both Mobile Station and PLMN side.
This being the case. the Mobile Station camps on the new one. When the Mobile Station camps on a new cell. a number may have been partly entered. 5. or in response to an Attach function signalled via the BCCH in the current serving cell. If this is the intention of the person using the Mobile Station for the first time then. (handoff) and is dealt with elsewhere. in others a number of cells. When the strength of the signal from one of the new cells reaches a certain level above that of the original cell (as defined by a special algorithm). In some cases it could correspond to just one cell. As it moves away from its current cell. Copyright ©1991.4 Normal Service The Mobile Station is now ready to make and receive calls. the size of which is defined by the configuration of the PLMN. the signals transmitted from that cell become weaker in relation to the signals from at least one of the surrounding cells. However. Location Updates can also occur periodically dependent on a timer in the Mobile Station. However. depending on how large the cells are in relation to the average number of subscribers in each. the mobile requests a Location Update. Attach/detach is dealt with separately. its position in the PLMN is monitored by regular location updates.GSM .2. over a secure link. to sit in idle mode. Michael Clayton Page 29 . it checks the Location Area of the cell against the value stored. If they differ. the Mobile Station is released by the PLMN. during the above process. The Mobile Station constantly monitors the surrounding Broadcast Control CHannels (BCCH) while in idle mode as well as monitoring the CCCHs of its current cell for incoming calls. 5.3 Normal Location Updating27 As the Mobile Station moves through the area covered by the GSM networks. These occur each time it moves out of a designated location area. It should be stressed that at this stage the Mobile Station is in idle with no call in progress.Global System for Mobile Communications ciphering has been established. Where a call is in progress. the decision to re-tune to a new cell is taken by the PLMN. Those cells with increasing signal strength are identified as target cells. it is unlikely that the SEND button will have been pressed before this stage. in the case where no call is in progress the Mobile Station merely re-tunes to the new cell and analyses the information transmitted. and monitor the Broadcast Control CHannels (BCCH) and the Common Control CHannels (CCCH) waiting for incoming calls. This procedure is called handover. and are potentially the next cells for the Mobile Station to use. Part of the data transmitted constantly on the BCCH's is a Location Area Information element.
In this case. The Mobile Station makes a random access to the PLMN using the Random Access CHannel (RACH) as before.GSM . if a full authentication process is not required. Hence. Before the new TMSI can be sent across the air interface though. This however. a ciphering process has to be initiated.Global System for Mobile Communications 5. with an indication that a basic service. The Mobile Station is allocated a Dedicated Control Channel (DCCH) and is then asked to identify itself and specify which service is required. a different process is used. As before. Both the PLMN and the Mobile Station still have the old Kc. but this still needs to be verified at both ends. It is merely a number incremented at each successful generation of Kc. the same Cipher Key (Kc) is required on both the Base Station System (BSS) and the Mobile Station. the procedure for Location Updating in this case is simplified to the allocation and ratification of a new Temporary Mobile Subscriber Identity (TMSI) and Location Area Identity (LAI) pair. This is done using the cipher key sequence number. though normally this is only needed in the more complex cases of Location Update. 5. It is possible for an Authentication to be performed at this point. Figure 17: Location Update in One MSC Area18 The Mobile Station is not only staying within the control of the same VLR. Page 30 Copyright ©1991.3.1 Cipher Key Sequence Number The Cipher Key Sequence Number is managed by the PLMN. Michael Clayton . such as location update. Being cyclic. However. and is included in the authenticate request message to the Mobile Station. under the control of the same Mobile Services Switching Centre (MSC) as the old location area.1 Location Updating in one MSC Area Location updating occurs when the Mobile Station has moved to a new location area. the Visitor Location Register (VLR) will recognise it as one about which it already has information. when the Mobile Station supplies identification on the DCCH. is required. an Authentication procedure may not be applicable for such a simple location update. when it reaches four it is reset to zero once again. is a simple case since.1. In this case the the process can be viewed merely as an administration function on the MSC. This Kc is a product of the Authentication process performed by both the PLMN and Mobile Station.3. but the same MSC also. This is defined by the Network Operator.
This corresponding Kc is then passed to the BSS and ciphering can commence. since it is still possible in this case for the Cipher Key Sequence number to be used. Finally.Global System for Mobile Communications The Mobile Station passes the Cipher Key Sequence Number to the PLMN in the Location Update Request and. Once the Mobile Station has received and acknowledged the new data. encryption over the air interface must be initiated prior to sending the new data.2 Location Updating Between Different MSC Areas The routing information used by the Home Location Register to put incoming calls through to the Mobile Station relies on knowing which Mobile Services Switching Centre (MSC) the Mobile Station is attached to. Finally. the VLR must inform the Home Location Register of the Mobile Station's new location to ensure that calls are routed to the correct MSC. This is a Network Operator option. Once ciphering has commenced. the connection is dropped.3. From the TMSI and Location Area Identity (LAI) supplied. and how to identify that Mobile Station locally at that MSC. The procedure of setting the cipher key is dependent on whether an Authentication has been initiated or not. new location information needs to be stored in the Home Location Register (HLR). and so when the VLR examines the LAI from the Mobile Station. the new TMSI and LAI are sent to the Mobile Station. In this update scenario. 5. In this case.3 Location Updating Between Different VLRs Invariably. and then changes its own reference to the old TMSI and LAI to the new ones. The old TMSI is sent to the old VLR with a request for the corresponding International Mobile Subscriber Copyright ©1991. as before. the Mobile Station requests a Location Update using the random access procedure described before. if it corresponds to the one stored in the VLR. the Mobile Station will cross the boundary between VLRs at some stage. it is the boundary existing between VLRs on the same PLMN. Michael Clayton Page 31 .3. and the Mobile Station returns to idle mode. where they are stored in the mobile equipment and the Subscriber Identity Module (SIM). it is released. It sends this new location information to the HLR to be stored there.GSM . 5. Also. the VLR recognises that a new TMSI and LAI are required and issues them. where the new MSC is different but are both controlled by the same Visitor Location Register (VLR). as before. it recognises the same PLMN and will access the old VLR directly. Figure 19: Location Update between MSC Areas20 On sensing that it is in a new Location Area. then the VLR knows which Kc is current.
These are Automatic Selection and Manual Selection which are described later in the chapter on Mobile Equipment. SRES. Michael Clayton . it is assumed here that a proper Authentication proceeds. 5. As the Mobile Station seeks for BCCHs. and Location Updating proceeds. This is a Network Operator option. Page 32 Copyright ©1991. Only after an acknowledgement is received back. It is then up to the HLR to inform the old VLR that it no longer has responsibility for that Mobile Station. The new VLR also allocates a TMSI to the Mobile Station. does the new VLR send the updated location information to the HLR of the Mobile Station and releases the Mobile Station. this section only deals with the case where a roamed-to PLMN is foreign. and even countries. The new VLR now has enough information to authenticate the Mobile Station. Two distinct possibilities are allowed for in GSM. prior to making an access. Figure 21: Location Update between VLRs22 The subscriber information sent includes pairs made up of Random Number (RAND) and expected Signed RESponse (SRES) for use in Authentication. it could be crossing the boundary existing between VLRs of different networks.GSM . for the RAND values and the Encryption Key Sequence number. the Location Area Identity (LAI) transmitted from the new cells denotes a different or foreign PLMN1. It also includes the corresponding Encryption Keys (Kc). inter PLMN roaming in one country is considered a useful feature. The HLR updates its own records and sends back an acknowledgement. The old VLR hands over the data but does not delete any information at this stage. then the Mobile Station is positively authenticated and the new VLR passes the resulting encryption key Kc to the Base Station System (BSS). and passes it to the BSS for transmission to the Mobile Station.Global System for Mobile Communications Identity (IMSI) and subscriber data for that Mobile Station. Ciphering is initiated. matches the one held in the new VLR. It does this using a Cancellation message. If the response.4 International Roaming28 When the Mobile Station crosses a Visitor Location Register (VLR) service area boundary. This is identified by the Mobile Station which must now must allow the user to make a selection of which PLMN is desired. While this is technically possible using a similar procedure. In Australia. While it is possible to get by without using the Cipher Key Sequence Number. The VLR provides a RAND from the pairs and requests the Mobile Station to respond. 1 1 The situation where a Mobile Station roams to a different PLMN in the same country is a special case.
5 IMSI Detach procedure29 When a Mobile Station is turned off. So. then the old VLR in the Home PLMN still has a reference to that Mobile Station. This data is passed to the Mobile Station once encryption of the air interface has been successfully initiated. Michael Clayton Page 33 . In this case. In response. However. the Foreign VLR asks for the IMSI of the Mobile Station which contains enough information to identify the Home PLMN's (HPLMN) Home Location Register (HLR). the foreign VLR updates the location information held in the Home PLMN's HLR.4. 2 The foreign VLR will not directly access the old VLR unless an agreement exists between the two PLMNs. when the VLR examines the Location Area Identity (LAI) from the Mobile Station. despite the Mobile Station not being able to hear any paging.GSM . it will not recognise it since it belongs to a different country and PLMN2. and GSM is adjusted to allow it. If the international Location Update took place as a result of the Mobile Station moving across the country/Location Area boundary in idle mode. In this case the HLR of the Home PLMN cancels this reference. This is important where national roaming between different PLMNs is applied. the Mobile Station makes a random access in exactly the same way as it would on its Home PLMN. Having completed the local procedure. Figure 23: Location Update across International Borders24 The foreign VLR then requests subscriber data for that IMSI from the HLR. The foreign PLMN then authenticates the Mobile Station in the same way as before and.1 International Location Update Once a selection of an available PLMN has taken place. the PLMN has no way of knowing it. when an incoming call is made it is routed to the last known area. This takes time. This is an issue of discussion at present. and Kc. These will have been calculated expressly for the foreign VLR by the AUthentication Centre (AUC) associated with the HLR. assuming a positive response. not the old VLR as was the case when both VLRs were in the same network. the foreign VLR receives some new authentication triplets of RAND. SRES. it allocates a Temporary Mobile Subscriber Identity (TMSI) and provides Location Area Information (LAI). In this case. which is the international phone number of the foreign Mobile Services Switching Centre (MSC) or VLR.Global System for Mobile Communications 5. the location information normally constitutes a Mobile Station Roaming Number (MSRN). 5. and delays can occur if subsequent actions are dependent on the Mobile Station being unavailable. Copyright ©1991.
On the PLMN side. In the latter case the removal of the SIM means that the mobile equipment has no subscription information. situations can arise when it is delayed or even omitted. If the HLR IMSI Detach flag is not involved. These occur where a mobile specific function. Here. It should be noted that the inactive state could be caused by turning off the Mobile Station. the access fails or the connection is lost. causes the Mobile Station to make itself known. An IMSI Attach signal on the BCCH. but also where a SIM is inserted into an active but idle piece of mobile equipment.Global System for Mobile Communications The IMSI Detach procedure allows the Mobile Station to indicate to the PLMN that it will be unavailable.6 IMSI Attach Procedure30 Conversely. and the Mobile Station complies wherever possible. then an update may not be required. the HLR is informed and an IMSI detached flag is set in the HLR. or optionally. 5. Where a connection exists between the Mobile Station and the Base Station System (BSS). that. It should be noted.GSM . the turning off of the Mobile Station causes the PLMN to release the call. Michael Clayton . send the IMSI Detach message and then release the connection. the IMSI Detach procedure is aborted and the Mobile Station turns off or the SIMless equipment goes into an idle mode. by signalling to the PLMN prior to going inactive. is required. then the Mobile Station initiates one using a random access procedure just to detach. or indeed by just removing the Subscriber Identity Module (SIM) from the mobile equipment. however. The requirement for IMSI Detach is indicated as part of the system information t ransmitted by the Broadcast Control CHannel (BCCH). No confirmation is sent back to the Mobile Station. which takes precedence over PLMN signalling. because there is no difference between the stored LAI and that transmitted. then re-entering of the active state by the Mobile Station requires a normal location updating from the Mobile Station to reset it. This is not only when the Mobile Station is turned on again. One of the situations where IMSI Attach is useful is where a Mobile Station turns on in exactly the same place it was turned off. no Location Update is initiated and the PLMN has no knowledge that the Mobile Station is once again active. If no connection exists. unless the HLR is kept informed of IMSI Detach/Attach status. such as updating the SIM. though. the IMSI Attach procedure is used by the Mobile Station to indicate that it has re-entered the active state. the IMSI detached information is either stored in the Visitor Location Register (VLR) with no information being passed to the HLR. However. If the option of setting the flag in the HLR is used. If. all incoming calls to a detached mobile always involves signalling to the VLR to determine its state before call handling Page 34 Copyright ©1991.
In these cases. Whatever the reason. Also. This can cause delay and increased signalling overheads. it is possible for the list to be overridden. However. Depending on the type of selection (Automatic/Manual). Copyright ©1991. Cases like these could arise where the PLMN identifies a stolen piece of mobile equipment. This is to avoid unnecessary signalling. Some of these may be concerned with failures of signalling. for instance. the Mobile Station adds the identity of the PLMN to a Forbidden PLMN list stored in the SIM. (using the manual selection process) and an access is attempted for that chosen PLMN. the old PLMNs are dropped off the top.GSM . or radio problems. If this forced access attempt is allowed by the PLMN. or where the mobile equipment is causing interference problems to the PLMN. there are occasions where the location update may be specifically disallowed.7 Abnormal Cases31 There are a number of reasons why a location update may not be achieved. Part of the selection process for PLMNs is that the Mobile Station checks this list to see if it is allowed to access the PLMN. presence of the chosen PLMN on this list stops the access attempt. then the reference to that PLMN in the list is deleted. the length of the list is limited to four and. the Mobile Station is sent the message that this Location Area is not allowed. 5. nor the PLMN gets caught in infinite loops waiting for a response. On receipt of this message. timers are used to ensure that neither the Mobile Station.Global System for Mobile Communications can be initiated. As a safety measure. as new PLMNs are added to the bottom of the list. Michael Clayton Page 35 .
the Visitor Location Register (VLR) can start a number of identity related procedures.e. On receipt of a successful access attempt. using the International Mobile Subscriber Identity (IMSI). it has been assumed the mobility management functions have been met also (i. some supplementary services allow calls to be disallowed. It is the last case which is dealt with here. The obvious conditions include a valid Subscriber Identity Module (SIM) is inserted into the mobile equipment and a valid subscription exists. This is done in the same way as for any access attempt to the Public Lands Mobile Network (PLMN). the Mobile Station is in idle mode. Some more obscure ones include the mobile equipment (or SIM) is not blacklisted. Depending on the analysis of the information. and so this feature must not have been invoked by the subscriber if calls are to take place (see chapter 33). The Mobile Station sends a service request message to the PLMN giving details of exactly what type of service is required. It should be noted that this is a generic procedure used for every access to Page 36 Copyright ©1991.1 Outgoing Calls34 When the subscriber enters a number. and a Cipher Key Sequence number along with some supplementary information. the Mobile Station identifies itself using the Temporary Mobile Subscriber Identity (TMSI). using the Random Access CHannel with an indication of what type of service is required.Global System for Mobile Communications 6 GSM CALL HANDLING32 The primary purpose of any Mobile Station is to make and receive calls. Indeed. The choices for the type can be emergency call. the Mobile Station analyses the number to determine the type of call attempt requested.GSM . any Location Updates are successful). It is monitoring the BCCHs around it and the Common Control CHannels in the cell presently giving service. or some types of calls are not being allowed for debt management reasons. In this message. The service type is used by the PLMN to give some priority to the access attempts by Mobile Stations. 6. by pressing the SEND button or otherwise. set-up of supplementary services or just a standard outgoing call. Michael Clayton . the PLMN allocates a Dedicated Control CHannel. Furthermore. or invoke an Authentication process. It has been assumed in this section that all the above conditions for making a call are met. which the Mobile Station seizes at the first opportunity. it can request an identification of the Mobile Station. The next step is for the Mobile Station to establish a radio connection. For instance. As soon as the subscriber initiates the call. but to do this a number of conditions must be met.
If this is not the case. and is used by the Mobile Services Switching Centre (MSC). the called party's telephone number is sent. This is called a subscription check. then the VLR passes the corresponding Kc to the BSS and ciphering can commence. This is a specific type of channel which carries user data. such as speech. Copyright ©1991. It is different from Authentication. irrespective of the frequency used there. roamers may well be treated differently since it is stipulated that they must be authenticated at least as often as on their own HPLMN. Another part of this process checks to see if the call conflicts with any supplementary services settings. to route the call to the desired destination. If the sequence number corresponds to the one stored in the VLR. rather than a control channel which is set up purely for signalling. The differences between PLMN Operators is one area in which the GSM Memorandum of Understanding (GSM-MoU) will arbitrate. due to the signalling overheads. However. and is completed for all user-initiated PLMN accesses.Global System for Mobile Communications the network. which checks the subscription for non-allowed call attempts. In particular. Michael Clayton Page 37 . The frequency of authentication is once again a Network Operator choice for subscribers in their own PLMN. however. must be initiated at every call attempt to protect the data. 6. It is by using this procedure that allows the PLMN to identify and/or authenticate the Mobile Station at any access attempt. If the Mobile Station has just been authenticated. Only now is the Mobile Station ready to initiate the outgoing call. then a new Cipher Key (Kc) is available.1. such as call barring. Before the PLMN initiates call establishment in the fixed network. the Mobile Station is still on a control channel. then this should be complied with in Australia.1 Traffic Channel Allocation At this stage. the call attempt is allowed to continue. the Dedicated Control CHannel (DCCH). and is sent to the Base Station System (BSS). The ciphering process. by sending a call set-up message containing all the information required by the PLMN to process the call. that a Mobile Station will be authenticated at every call attempt in its own network. So. The Mobile Station acknowledges the allocation and re-tunes to the Traffic CHannel (TCH) to make contact. a Traffic CHannel (TCH) is be allocated to the Mobile Station. If there is no conflict in either subscription or service settings. in that it checks the required service against that which has been paid for by the subscriber. It is unlikely. or is allowed for general use. then the Cipher Key Sequence number sent in the service request is compared to the one held in the VLR.GSM . The complete set-up message is passed to the VLR. The BSS allocates an appropriate channel and signals this to the Mobile Station. if New Zealand wishes their subscribers to be authenticated at every attempt.
Also.Global System for Mobile Communications Once ringing. the MSC sends a Call Connected message to the Mobile Station which stops the local ring-tone and connects both parties to the channel. the Mobile Station is put into a queue to wait for the next available TCH. the Network Operator may optionally connect the user to the channel if ring-tone i\ s sent by the remote end. there is a Network Operator's option of setting up the call without allocating a Traffic CHannel (TCH). Queuing is allowed in GSM to help increase efficiency.GSM . Once the call is answered.2 Off-Air Call set-up (OACSU) As an alternative. it initiates a signalling message to the Mobile Station to start alerting. This is to avoid conflicts with release timers in the originating network which time-out waiting for allocation of the Traffic Channel. \ In OACSU. However. when the Mobile Station is still on the DCCH. queuing should also not be applied to incoming calls via international circuits or from unknown network sources. the Mobile Station initiates call clearing. where the TCH is not allocated until the called party has actually answered the call. it should not be applied to international calls or calls from unknown networks. In call queuing. as soon as the called party answers. once the alerting (ringing) at the called party end is passed back to the MSC. Page 38 Copyright ©1991. the Traffic Channel is still reserved for when connection takes place. both are connected to allow the conversation to progress. which may also be applied in GSM. for this reason. This is called Off-Air Call set-up (OACSU). 6. Michael Clayton . The ring-tone. The extreme case of this is late assignment.1. However. is generated locally at the Mobile Station. once the call set-up information has been passed to the PLMN. The final restriction is that it should only be applied to telephony calls. There are some restrictions which apply to OACSU. Once again. It involves allocating a Traffic CHannel at some time after call initiation. Off air call set-up is not the same as call queuing. In the latter case. should be ensured. or other form of alerting. If there is no answer within a pre-determined time. For instance. cross compatibility between those mobile equipments and PLMN infrastructures which support OACSU and those which do not. this may cause some delay and. and it can apply to both incoming and outgoing calls. Alternatively. this is to avoid conflicts with release timers in the originating network. the user is not connected to the channel and the tone is locally generated at the Mobile Station. like many of the call indication tones. and is implemented to increase the call handling capacity of the PLMN. has been initiated at the called party side.
using this IMSI. as a PLMN option. is invoked. for the sake of clarity. or a Mobile Station Roaming Number (MSRN) which effectively corresponds to the phone number of the required MSC. As part of this. all incoming calls using an MSISDN must go via the called party's Home PLMN and Home Location Register (HLR). In the target MSC the LMSI Copyright ©1991. if the Mobile Station status is active the HLR finds the location of the called Mobile Station and passes it back to the GMSC. If the Mobile Station is listed as detached or unavailable. this first contact MSC will be a Gateway Mobile Services Switching Centre (GMSC) designated for that type of call. and/or the service has been subscribed to. no matter what the source of the call. the first MSC will be referred to here as the GMSC. Two possibilities exist here. Either the MSRN is stored at the HLR. or it is allocated on a per-call basis by the Visitor Location Register (VLR). the first point of contact with the PLMN will be a Mobile Services Switching Centre (MSC). then either the call attempt is rejected. Where the call is from outside the target PLMN.Global System for Mobile Communications 6. However. The HLR is then interrogated to find the status and location of the Mobile Station. and it can be in two forms: a Signal Point Code (national only).2 Incoming Calls 35 Incoming calls can come from any number of places. the HLR finds the corresponding International Mobile Subscriber Identity (IMSI) for the called Mobile Station. if all this is positive. Finally. the HLR must interrogate the VLR. The location required is that of the MSC controlling the target Mobile Station. the MSC is the one controlling the area in which the calling Mobile Station is located.GSM . or a conditional supplementary service set up earlier. give enough information for the GMSC to locate the Home Location Register (HLR) for that Mobile Station. Using the MSISDN. which it does using a Local Mobile Station Identity (LMSI). but in all cases. to obtain it. Figure 25: Handling of Incoming Calls26 The dialled digits corresponding to the Mobile Station International ISDN Number (MSISDN). Wherever the call is from within the same network. This type of MSRN allocation requires that the HLR identify the correct Mobile Station. This is an important point. Thereafter. a check is done regarding the activation status of supplementary services such as call forwards. Michael Clayton Page 39 . In the latter case. Therefore. it performs a subscription check to ensure that the call is allowed. the HLR checks the status of the Mobile Station. whatever the \source.
which the VLR passes back to the HLR.2. Upon receiving the Paging Request with its identity. The call is then routed using this MSRN.1 Paging Once the call has been passed to the MSC/VLR controlling the target Mobile Station. the Mobile Station initiates what is called an immediate assignment procedure. The Mobile Station regularly listens to the Common Control Channels. In this case the \ MSRN stored in the HLR points directly to the correct VLR and IMSI for the called Mobile Station. when the Mobile Station makes an access in answer. depending on the information required. In either case.Global System for Mobile Communications points to the correct IMSI and Temporary Mobile Subscriber Identity (TMSI) for the called Mobile Station. 6. As soon as the Mobile Station captures the DCCH it sends a Paging Response message containing the identity of the Mobile Station. using the TMSI. Page 40 Copyright ©1991. 6. and the Paging CHannel in particular. This MSRN is valid whilst the Mobile Station remains in the same service area. it is immediately assigned a Dedicated Control CHannel (DCCH). Alternatively.2.GSM . the VLR initiates a paging of the Mobile Station using a paging request on the Paging CHannel. which has been allocated to the it by the VLR and MSC combination. This is disimilar to outgoing calls.2 Immediate Assignment The immediate assignment differs from normal access attempts in that the PLMN is expecting a response and so. where. the HLR finds the MSRN for the called Mobile Station and passes this information back to the Gateway MSC. with other information such as the Cipher Key Sequence Number. the HLR has an MSRN stored against that Mobile Station. Michael Clayton .
As soon as the user answers. in that the Traffic CHannel (TCH) is allocated some time after it is known a call may be established to the Mobile Station. and encryption across the air interface is commenced. the Mobile Station sends a connect message to the MSC/VLR which acknowledges it and connects the calling party. the PLMN decides when the TCH is allocated.1 Generic Emergency Calls In the generic procedure.Global System for Mobile Communications the VLR can start a number of identity related procedures such as authentication or a request for the IMSI. re-tunes to the TCH. and then alerts the user.3.g. The ciphering process is expected to be initiated at every call attempt. and the Mobile Station returns a Call Confirmed message if it is capable of receiving that call. In the most extreme case the TCH is allocated only when the called party answers. a Cipher Key (Kc) is sent to the Base Station System (BSS) from the VLR. in turn. connects the user. This number is 112. The Mobile Station is then offered the call with the associated call related data. Reasons for this not being the case could be that the Mobile Station is busy. it is unlikely. and the Mobile Station has sent the connect message to the Mobile Services Switching Centre (MSC). the MSC connects the calling party. a Fax call to a non-Fax mobile). 6. The BSS assigns an appropriate channel and signals it to the Mobile Station. However. acknowledges the allocation. Either as a result of Authentication or by using the Cipher Key Sequence number. 6. 6. or that the offered call does not match the mobile equipment (e. and the other is a national specific option. after the Mobile Station has confirmed the receipt of the call. and is instantly recognised as Copyright ©1991. and sends an acknowledgement back to the MSC. the Mobile Station re-tunes to it. that a Mobile Station will be authenticated at every incoming call attempt. One is a GSM generic procedure. which can be done at any time after ringing has commenced. the called subscriber is alerted using locally generated ring-tone.GSM . due to the signalling overheads. Thereafter.3 Emergency Calls36 There are two distinct ways for emergency calls to be initiated on a GSM PLMN. In this case.3 Off-Air Call set-up (OACSU) Off air call set-up for incoming calls is similar to that for outgoing calls. a number sequence has been identified to specifically activate an emergency access.2. On receiving this. The Mobile Station. As soon as the TCH is allocated. once the Mobile Station has been paged and it has accepted the call. Michael Clayton Page 41 . The next step is for the assignment of a Traffic CHannel (TCH).
The SIM is. rather than basic. and who are allowed to under the terms of their licence. An option has been included here to authenticate and initiate ciphering if Mobile Station identification was included in the initial Random Access. If the emergency access is allowed to continue. In this case. However. whether access by SIM-less mobile equipment is allowed. 6. responsible for the choice of PLMN and cell that the Mobile Station attaches to. This difference is important because a Random Access would normally contain the TMSI and associated information which identifies a Mobile Station. Where camping occurs no interaction takes place between the mobile equipment and PLMN. It was mentioned earlier that emergency random accesses are possible on most PLMNs. unless an emergency call is invoked. an emergency call is invoked by the subscriber dialling a national emergency number just as is done in the fixed network.GSM . which it seizes. no identification would normally be included in the Random Access. the Mobile Station is immediately allocated a DCCH. for a random access to be made where no Subscriber Identity Module (SIM) is present in the Mobile Station. The call set-up procedure for this type of call is the same as for a normal outgoing Page 42 Copyright ©1991. The Mobile Station is now free to send an Emergency Set-up message across the air interface. but this time the indication is for emergency. with the call being routed to a place defined by a national agreement. it is a basic access like any other call. it has been made possible for emergency access using a piece of mobile equipment (without SIM). Hence. The mobile equipment merely monitors the cell. Because of this. This is to allow for subscription management and call records for those Operators who may wish to charge for emergency calls.3.2 National Specific Emergency Calls In the national specific case. In the case of no SIM being present no information is available to direct that choice. access. even when there is no SIM present. The significance of this routing is related to those countries that have different national numbers for different emergency services. It is a national option. Further actions are the same as for normal outgoing calls. when the random access is made to the PLMN. Michael Clayton . Using the national emergency number without a SIM would not result in a successful access attempt. by ensuring the mobile equipment camps on the most appropriate cell. The limitation on this is that the mobile equipment cannot identify the call as an emergency call and so.Global System for Mobile Communications the emergency number by the Mobile Station once the SEND button is pressed. in a large way. governed by the licence of the Operator. it is possible using the 112 number. The Mobile Station requests an access on the RACCH. a SIM must be present to supply the Mobile Station identity which is required by the PLMN to allow the call.
While this could seemingly introduce country specific equipment rather than a universal product. careful programming would minimise this and at the same time result in a very userfriendly product. the MSC determines the most appropriate target cell using the list of preferred cells given in the Handover Required message.4 Inter-cell Handover37 The concept of cellular developed around the ability for the user to move from place to place without any noticeable break in communication. this is technically possible and moves are being made to include it as an option in the GSM specifications. The decision to handover is taken by the PLMN. However.F. but in order to do so it needs information from the Mobile Station side of the Radio Frequency (R. 6. a list of preferred target cells. Since this is ordered in terms of BSS preference. The Base Station System (BSS) then initiates a Handover Required message to the MSC. and radio environment information. This local information. On the basis of this information a decision is made as to which cell would be the most appropriate as the önewì cell. is used in the uplink direction for this purpose. It is quite possible that mobile equipment manufacturers will opt to include functions enabling the mobile equipment to recognise national specific emergency numbers and treat them in the same way as the generic number. is provided regularly by the Mobile Station itself during the call. in the extreme case.GSM .Global System for Mobile Communications call. A Slow Associated Control CHannel (SACCH) which is assigned to each Traffic CHannel. It monitors the surrounding cells of the same PLMN1 in terms of signal strength and quality. Michael Clayton Page 43 . the handover command is received or. The key difference between the generic and national emergency calls is the ability for the mobile equipment to recognise such a call from the dialled digits. Copyright ©1991. with all the same Authentication and encryption procedures.) link. in those countries where the licence dictates it. and then passes the information back to the PLMN. The only difference is that. containing information such as the reason for handover. This is achieved by the PLMN handing over the Mobile Station to another cell when it is considered that the new cell would give better service than the old one. 1 It is assumed here that inter-PLMN handover is not provided. no charge would be made for the call. the one chosen is normally the first on the list. The BSS continues to send this message on a regular basis until either the transmission quality improves. On receipt of the Handover Required message. the Mobile Station is lost. This is called handover in GSM.
and finally a handover reference and a start time. synchronisation information. Once this is done the BSS waits for an access on that frequency by the correct Mobile Station. Contained in the Handover Command is all the information required to allow the Mobile Station to access the new channel. using a Handover Command. it returns a Handover Detect message to the Mobile Station. and ignoring incorrect ones.4. However. Further attempts at handover are governed by reassessment of conditions and re-initiation by the old BSS. an indication of the type of access procedure to be used. the MSC simply forwards it to the old BSS for transmission to the Mobile Station. Figure 27: Intra-MSC Handover28 If queuing is in operation at that cell. To initiate the handover. the access is limited to the handover reference. which it does from the available idle channels under its control. While the MSC waits for a response from the target BSS a timer is used in the MSC to allow for the resource allocation being delayed. that the target BSS signals back to the MSC an acknowledgement with all the details. so all that is required is the reservation of resources at the target BSS. then the request is put into the queue at a level determined by the indicated priority. Page 44 Copyright ©1991. This includes characteristics of the new cell. In either case.Global System for Mobile Communications 6. using one of two types of access. once the MSC has an acknowledgement of channel allocation from the target BSS. it can initiate the handover procedure. it is not until the resource is actually available. The Mobile Station re-tunes to the allocated channel and makes an access. and continues the call on the present channel. Michael Clayton . the MSC cancels the attempt. the priority of a handover is only surpassed by that of an emergency call. and is contained in the acknowledgement to the MSC. However.GSM . This is generated by the target BSS. dependent on whether the two cells are synchronised or not (more is said about synchronisation in the section on Frame Alignment). and so the position in the queue is expected to be high. In most cases. If no response is received before the expiry of this timer. The BSS checks this reference. which is what the target BSS is waiting for.1 Intra MSC Handover The old Mobile Services Switching Centre (MSC) and the new MSC in this case are the same. an initial power level to transmit at. and the content depends on the manufacturer. The allocation of the reference can be by the Mobile Services Switching Centre (MSC) (target MSC in the case of inter-MSC handover) or Visitor Location Register (VLR). This target BSS is requested to allocate and reserve a channel appropriate to the call in progress.
but because the Mobile Station is in the service area of MSC-b it is the BSS-b which identifies that a handover is required. as the controlling MSC. This information is passed to MSC-a. which in Copyright ©1991.2 Inter-MSC Handover The procedure for handover between cells from different MSCs is essentially the same. Figure 29: Inter-MSC Handover30 In this instance the controlling MSC is MSC-a.4. is included. 6. In the case of several handovers. The Handover Request from the old BSS is passed. In all handover situations there is a controlling MSC. 6. The Mobile Station and target BSS activate the channels and initiate ciphering. routing information for the call (a new Mobile Station Roaming Number (MSRN)). Whether this access to the VLR for handover reference is made depends on the type of PLMN implementation. It is up to the new MSC to find the appropriate cell and manage the interface to the target BSS. Where two MSCs are involved in a handover. Michael Clayton Page 45 .Global System for Mobile Communications When a Handover Complete message is returned by the Mobile Station. the target BSS informs its MSC. This controlling MSC acts as the reference point for the duration of the call. That is. and is used to co-ordinate call records for billing and to avoid a daisy-chain effect for call routing at handovers. to the new one in a Perform Handover message. via the controlling MSC. Finally. The MSC in turn orders the release of the old channels at the old BSS.4. daisy-chains are avoided by always dropping the call back to the controlling MSC and rerouting from there. a call started on the controlling switch MSC-a was handed to MSCb and is then handed from MSC-b to MSC-c. for the continuing call to be handed over to a third MSC. but some added complexity is introduced. the reference could be supplied by the VLR of the new MSC rather than by the MSC itself. which is the Mobile Services Switching Centre in whose area the Mobile Station was located at call initiation. In addition to the channel assignment information and the reference sent back to the controlling MSC. the channels are connected and transmission of user data is resumed. depending on the Mobile Services Switching Centre (MSC) coverage area in the PLMN.3 Subsequent Handover It is possible.GSM . now all communications must go through the new MSC which controls the target BSS. Whereas before the controlling (old) MSC communicated directly to the target BSS.
The Mobile Station then acknowledges and waits for the command to relinquish the radio channel. However.5 Call Clearing38 There are two ways a call can be cleared: by the PLMN or by the Mobile Station. it is primarily up to the Network Operator to define exactly what constitutes a call or charge record. Page 46 Copyright ©1991. is to collate a charging record. For outgoing calls the length of this would be substantial. Added to this international charges are also incurred. In terms of outgoing calls the only difference concerns the number dialled. Thereafter. when in a foreign country an international number is required to reach the same destination as before. Whereas in the Home PLMN. or for charges related to the re-routing of calls to the roaming subscriber. it is possible for the radio channel to be maintained to enable further transactions. the record would normally only include extra charges. The PLMN initiates a call clearing by sending a Disconnect message to the Mobile Station. 6. This clears the call. However. the radio channel is released. In response. These could be for the use of supplementary services. which responds with a Release as before. such as Short Message Service calls. and is essentially the same for calls to and from subscribers roaming to a Visited PLMN. the interactions are the same as before but with MSC-a acting as a gobetween. but for incoming calls.6 Roaming39 The procedure for handling incoming and outgoing calls to Mobile Stations is a generic one. All charges incurred during the call are collected together to form a record entry which is sent back to the Home Location Register (HLR) for that Mobile Station. 6. At this point. Michael Clayton .GSM . The information contained in a call and charge record is defined by ETSI-GSM to the extent necessary to allow the transfer of such information across the network.Global System for Mobile Communications turn contacts MSC-c for channel assignment. If this is not the case. A Mobile Station initiates clearing by sending a Disconnect message to the PLMN. the user need only dial a national specific number. but still leaves a radio channel and a signalling connection. The final procedure for the MSC after call clearing and/or radio channel release. there are slight differences that should be mentioned. the Mobile Station sends back a Release message and waits for an acknowledgement. and the Mobile Station returns to Idle.
In this instance.Global System for Mobile Communications For incoming calls to a roaming subscriber. Michael Clayton Page 47 . X calls Y).GSM . one approach (and the most widely adopted one). the Mobile Station ISDN Number (MSISDN) of the called subscriber is an international number to the Home country and PLMN.g. the access to the HLR for a Mobile Station Roaming Number (MSRN) results in an international number to the visited network's Mobile Services Switching Centre (MSC). the call is routed back to the originating country and VPLMN. Hence. where the called subscriber is located. The calling party would be charged for the call up to the Gateway MSC. other constraints often apply. but they are beyond the scope of this particular report. When the one subscriber calls the other (e. both the caller and the called are charged for an international call. This is an international call with appropriate charges. Copyright ©1991. They can be easily quantified. is to charge the international roaming leg to the called. however. or roaming subscriber. On dialling this number. but who actually incurs them? The calling party may not have known that the called subscriber had roamed to a foreign country. Figure 31: Subsequent Handover32 An extreme scenario encompassing this is one where two subscribers from the same HPLMN are on the same Visited PLMN. not to the calling party. While the solutions to them are technically possible. There are many other such anomalies which arise because of the versatility of GSM.
Stripping out redundancy by finding repetitive strings is one way this can be done. the most profound being the low speed of data transfer. There can be different types of pipe suited to carrying different types of data. Other aspects of the data content are also used for tailoring the channel to a particular data type. Such a universal channel would suffer some penalties though. there is normally no provision made for ensuring that the correct fittings exist at either end to insert and extract the data carried. Page 48 Copyright ©1991. but it is up to the subscriber to dictate which capability is appropriate to the data type. or different capacities of pipe for different flow rates. At the lowest level. However. Consequently. and the fittings and connections supplied at both ends. for instance. Two levels of attribute exist. Different sizes of pipe become the different data rates.GSM . and it does this using Bearer Services. Bearer Services are described using certain attributes of the services. the description is limited to the low layer attributes. Speech. this data can be described as a string of bits with the values 1 or 0. but it is up to the user to ensure that the pipe matches what is put into and received out of it. the term lower layers corresponds to layers 1 to 3 of this model. called the international Open Systems Interconnection (OSI) model. many transmission systems include ways to speed up the transfer by utilising characteristics of the data carried. and data speed. ensuring that whatever is input. using certain descriptive characteristics of the pipes available. Michael Clayton . An international model exists to help define the function of data transfer. and thus it may appear that one type of channel could be designed to handle all types of data. may need a continuous data stream. The term low layers corresponds to the functions in GSM required to physically transmit the data from A to B over the channel. In GSM. which can be seen correspondingly as physical descriptions of the pipe itself. which relate to the ability of the Services to carry particular data types.Global System for Mobile Communications 7 BEARER SERVICES40 GSM is essentially concerned with carrying many types of data from one place to another. The customer can choose which pipe to use. In the case of Bearer Services in GSM. whereas text could be broken up and sent in packets with the gaps in between being used for another application. the Bearer Services of GSM can be described as pipes down which data can be transmitted. is output safely at the other end. All of this means that GSM has to be versatile enough cope with most data types. Within GSM. the pipe represents a capability to transmit data. In simple terms. Figure 33: Bearer Services34 To aid the choice of service. high layer and low layer.
So. but unless there is a good reason for doing so. and general which covers all the non-technical. for instance. All of these attributes combine to form a generic description for all Bearer Services. issues. For instance. with some information on the data type and the data speed. for instance. This last category would cover operation and commercial attributes. Alternatively. it is normally sufficient for the description of the Bearer Service to refer to the access protocol type (how data is put in). the first of which describes what types of information can be carried. Examples of this could be digital information with no restrictions. The 1200bits/s gives the maximum data speed. 7. transparent. a GSM Bearer Service (GSM No. or perhaps speech information digitally encoded. but no less important. the transit signalling protocol (how data is carried). as described in the following sections. especially where interconnection between different networks is involved. Perhaps it should be emphasised here. information transfer (carrying the data). The V22 dictates which protocol type is being utilised both into the Mobile Station and out of the GSM Public Lands Mobile Network (PLMN). where a dedicated fixed resource is reserved just for that Bearer. Michael Clayton Page 49 . into the Public Switched Telephone Network (PSTN). Figure 35: Information Transfer Attributes36 The second part of this attribute is the information transfer mode.1 Information Transfer Attributes41 This attribute describes the ability of the Bearer to carry different types of information. In some cases a different protocol type is used to face out into the destination network. Transparent means that the data is passed through the PLMN as it is input. In certain combinations. 1200bit/s. some of the attributes are superfluous because assumptions can be made. the information may need to be carried in a circuit type of connection. 2212) could be described as V22. duplex. That same service can be described more comprehensively. but an assumption can normally be made that the same type will be used throughout. a packet type of connection Copyright ©1991. that data transfer over any network is a veritable minefield. interworking (far end interfacing). It is pointless putting high pressure steam into a plastic pipe.Global System for Mobile Communications Low layer attributes are classified into four categories.GSM . using all of the Bearer Service attributes. These attributes are included for completeness. and the terminating protocol type (how it is taken out). Hence. It is broken into various parts. which describes the way in which the information is transported. access (feeding in the data). they are best left as a reference. Duplex means data transfer occurs in both directions. and data is to be fed into the PSTN whatever the transit networks are.
. Where circuit modes are used this is measured in bit rate.). MT). where there is no preservation of data integrity.GSM . or risk confusion at the far end. Next comes the structure of the information transfer. where the information is broken into small pieces to be sent separately and reassembled at the far end.. The mode of establishment of communications comes next. where certain protocols are introduced to ensure that structure is maintained. 7. The connection could be from the Mobile Station only (demand Mobile Originated only. ISDN) in between. However.MT). that this attribute also gives some indication of the direction of transfer (A to B rather than B to A). the subscriber needs to provide protocols of their own. bidirectional symmetric (information flow is the same in both directions). and bidirectional asymmetric (different in each direction). it is up to the next attribute to complete the transmission direction picture. Michael Clayton . Communication configuration describes the distribution (spatial) arrangement for carrying information between different points. MO). Page 50 Copyright ©1991. The values it can take can be unidirectional. and deals with how the Service is to be set up. Another value this attribute can take is the broadcast communication value which illustrates this point well. The third part is concerned with the rate of information transfer over the PLMN and subsequent transit networks (e. this could be unstructured. etc.Global System for Mobile Communications could be specified. C.g.2 Access Attributes42 The Access Attributes describe the way the data is fed into the Bearer Service. The best illustration of this is the packet mode transfer. where each packet needs to be identified so that the packets can be re-assembled in the same order at the far end. or structured. For Point-to-multipoint several points are involved (A to B. or both (MO. and it describes the relationship of information flow between one or more reference points in the communications link. Where unstructured data mode is selected. only two access points are involved (A to B). It can be seen here. or only to the Mobile Station (demand Mobile Terminated. For point-to-point. which gives the low level protocol used over the signalling channel. This is the symmetry attribute. The first part of this attribute is the signalling access. D. but in packet modes the term throughput rate is used. For example.
as distinct from the rate within the PLMN given in the Information Attributes shown above. some types of data may have a protocol introduced which is best matched to that of the Bearer Service. The second part of the information access part of this Attribute refers to the interface itself. an appropriate X-series interface (CCITT as above). This gives the protocol used over the interface into the Bearer Service. Packet Switched Public Data Network (PSPDN). Michael Clayton Page 51 .Global System for Mobile Communications Figure 37: Access Attributes38 It should be emphasised here that use of the Bearer Service guarantees that the data received reaches the far end intact (structure aside). The values applicable here are: Public Switched Telephone Network (PSTN). where the GSM PLMN feeds into the destination network. or the point of entry. The second part of this attribute refers to the type of interface into the terminal Copyright ©1991.3 Interworking Attributes43 The Mobile end of a communications link is referred to as the Access Interface but at the far end. Then comes the information access part of this attribute. Circuit Switched Public Data Network (CSPDN). It comes in two parts. and so this attribute is included. GSM PLMN.GSM . and direct access from PLMN into a private network. The rate. rate and interface. The value it takes is either an appropriate V-series interface (CCITT as above). and I-series. The value it can take is the appropriate bit or throughput rate. X-series. This is referred to in GSM as the Interworking Function (IWF). or Vseries. which refer to the appropriate CCITT international interworking standards. an Integrated Services Digital Network (ISDN) interface known as the öSì interface (ISDN standard). there is also an interface. or an analogue 4-wire interface. refers to the rate of information transfer over the access point. The values it can take are: manual. However. For the Bearer Services in GSM this far end Interworking Function is described using the Interworking attribute. not unreasonably. Integrated Services Digital Network (ISDN). Figure 39: Interworking Attributes40 The first part of it refers to the type of terminating network. 7.
duplex. there is no good reason to provide a Bearer Service at all. but based on fixed network use rather than cellular use. there is a good chance that the same V22 will be used unless a specific reason exists to do otherwise. there may be Bearer Services which should not be associated with some Supplementary Services. Indeed.4 General Attributes44 Applying the General Attributes of a Bearer Service allows for some of the anomalies that can be caused when using that Service.Global System for Mobile Communications network. certain information has been left out because it is obsolete and. with unrestricted digital capability. Michael Clayton . analogue 4 wire. asynchronous. much more could be left out by making educated assumptions.5 Example of Bearer Service45 Earlier. as we have seen above. as there is a school of thought which says they are the most important. They also tend to supply those Bearer Services which they think are in regular use. as in the case of Call Waiting indication on a data connection. Redundancy caused by assumptions such as these. since the PSTN can only accept a limited range. or some charging ramifications when using it. then the number of terminating protocols starts to become limited. To apply the above attributes to the description of this Bearer Service gives the following result: Data circuit.GSM . 7. is exploited by the Network Operators who tend to supply those Bearer Services that they perceive are sensible combinations. when the terminating network is specified as Public Switched Telephone Network. a short description of Bearer Service 2212 was given. This is a pity. 7. For instance. or the S interface as used in ISDN. If someone specifies a V22 modem at the access point. and may well not be included in the technical description of the Bearer Service. This may seem like a limitation on the options available but. X-series. 1200bits/s: circuit mode. transparent: with V22 DTE/DCE interface: into the Public Switched Telephone Network. then there is a good chance that V-series will be used in the terminating network. After all. Furthermore. from a subscriber's point of view Page 52 Copyright ©1991. Another part of this attribute could be concerned with the quality of service. unstructured. These areas are less well defined. since little experience is available in cellular data applications. if it cannot be charged for. The values here could be V-series. Even in this description. There is a lesson to be learned here. or does not meet certain quality criteria.
GSM must meet the requirements of many applications until the popular few emerge. and combining them with complete solutions to mobile data applications.GSM . which pass transparently over GSM.Global System for Mobile Communications these Bearer Services could probably be usefully limited still further. However. the market for cellular mobile data will remain under exploited. Copyright ©1991. That is why so many options exist at this stage. as a standard. Time will tell which combinations sell and which do not but there is a good case for restricting the Bearer Services. Michael Clayton Page 53 . Until these end-to-end data solutions emerge.
either there is speech or there is not. where the options are purposely limited . the Teleservice attributes cover higher layers as well as the lower layers used for Bearer Services.1 Teleservice Attributes47 Generally. However. its coding. Note. a high pressure steam pipe. As has been mentioned previously. its transporting across the PLMN. These are the GSM Teleservices.Global System for Mobile Communications 8 TELESERVICES46 While the Bearer Services have to be versatile in order to deal with myriad different requirements. an Page 54 Copyright ©1991.GSM . a Teleservice must define which capabilities are required and how they should be set up. Figure 41: Relationship between Teleservices and Bearer Services42 There is no equivalent speech Bearer Service specifically provided for in GSM. As can be seen below. where the name gives all the necessary information for the Public Lands Mobile Network (PLMN) and all the subscriber need do is send the information. not the Bearer Services themselves. or a gas pipe. the subscriber would have to define which Bearer Service that should be used for each call. As a consequence. this is done using Teleservice attributes. there are some services which can be described in quite fine detail. This is a great deal of trouble just to make phone call. it is the Bearer Service capabilities which are used. if this were done. these are pipes used to carry specific materials. So it is with the Teleservices. the speech Teleservice provides for the digitising of speech. Hence. Michael Clayton . the Teleservices offer an end-to-end delivery. Not surprisingly. conversion back to analogue speech and finally sending it into the terminating (fixed telephone) network at the far end. as well as the many types of coding that abound. with all the necessary fittings and monitoring requirements implicit in that description. which encompass the Bearer Service attributes as well as adding specific Teleservice descriptions. its decoding. but it is possible to send speech data over a Bearer Service. An example of this is the speech Teleservice. Using the analogy with pipes once more. a Teleservice utilises the capabilities of a Bearer Service to transport the data across the PLMN. whereas the Bearer Services cover the delivery of the data within the PLMN. The description may be. This choice would have to take into account the many different types of speech digitising. 8. Therefore. and it is for this reason that GSM has provided the Teleservices.
Global System for Mobile Communications international model exists to help define the function of data transfer.GSM .12) cover normal speech calls. and higher layers refers to the rest. More details of the Teleservice attributes can be found in GSM recommendation 02. There are some higher layer attributes which are worth noting. Teleservices also include specific data applications such as facsimile. Michael Clayton Page 55 . and so it is not appropriate to delve too deeply into Teleservice attributes. Also. but they are separated because of a special need for Emergency calls. However. Consequently a Copyright ©1991. which requires a subscription to a Teleservice for Emergency calls. but it is by no means the only one. teletex. care needs to be exercised when relating this to the same service in the fixed telephone network. The telephony Teleservice (No. These are both the fundamental services for making ordinary telephone calls. In GSM. The Attributes of Bearer Services were addressed in some depth. both scenarios are allowed for. and Emergency Teleservice (No. it would cause problems for those Operators who are not allowed to charge as part of the terms of their licence. since they also deal with aspects of the Mobile Station also. called the international Open Systems Interconnection (OSI) model. While provision is made to allow telephone signalling tones to be transferred transparently over this Teleservice. some data such as electronic mail. This means that the PLMN has the option to treat emergency calls differently by allowing mobile equipment without a Subscriber Identity Module (SIM) to make them. Teleservices were designed to overcome just this type of difficulty.2 Types of Teleservices48 The most distinct Teleservice is that of telephony. It is used to give an orderly approach to the design of communications systems. videotex. 8. The use of the voice encoder designed specifically for GSM precludes the encoding of anything other than speech. the type of service requested is indicated in the set-up message. Despite the use of the term telephony in the telephony Teleservice. but they mainly refer to the type of user information which is to be carried. some Operators have requested that Emergency calls be charged for. This was done to emphasise the difficulty surrounding the definition of these GSM services. other tones such as facsimile signals cannot be guaranteed. When a call is made from a GSM Mobile Station. By separating them.03. This is perhaps best highlighted by describing the Teleservices themselves. the term lower layers corresponds to layers 1 to 3 of this model. and it is for this reason that GSM utilises the model to describe its different communication layers. and a service called Short Message Service. If this subscription were included with normal telephony. It is the higher layers that distinguish a Teleservice from a Bearer Service.11).
While the finer details have not been sorted out yet. These are the videotex. there can be more than one Service Centre on one PLMN. Mobile Originated (MO) and Cell Broadcast (CB). MO/PP). Group 3 covers the use of automatic facsimilies. messages. GSM has one more Teleservice which is designed for short. it soon became apparent that SMS would become a key service in differentiating GSM from any other cellular service. Rather than forcing two calls to be made. or a private individual who is not Page 56 Copyright ©1991.31). paging type messages. and CB is sufficient. There are three types of SMS. a distinction is made to indicate the spread of the SMS. enabling manually operated facsimile machines to be used.Global System for Mobile Communications Teleservice is provided. hence Mobile Terminated and Mobile Originated are described as Pointto-Point services (MT/PP. but there may be occasions where a manual facsimile is used. GSM has been set up to allow an alternate switching from facsimile to speech. overlaid on top of the GSM PLMN. This Teleservice is the Short Message Service. there is a provision for the subscription to be held by the GSM subscriber.3 Short Message Service49 The Short Message Service (SMS) Teleservice was originally defined to utilise some spare signalling capacity in GSM. These centres are designed to be functionally separate from the GSM PLMN to enable them to be physically and economically separate. Mobile Terminated (MT). 8. people will need to subscribe to it. in which case a speech call is required to inform the called party that connection to a facsimile is required. It is expected that. The last of these covers the electronic mail requirement. teletex. Moreover. The Integrated Services Digital Network (ISDN). as well as receive. which acts as a store and forward centre. However. Cell Broadcast is a Point-to-multipoint service.61) which is specifically designed for Group 3 facsimile. has a great deal of potential for other information and data services. though the acronym CB/PM is not normally used. (No. Michael Clayton . and Advanced Message Handling Service (No.GSM . to use a Service Centre. These are provided for in GSM by Teleservices videotex (Nos. This electronic mail Teleservice is designed to allow quite long messages. However. SMS is effectively an international paging service. on which GSM is based.43).41. and electronic mail services.42. The GSM PLMN is regarded as merely providing a delivery service for SMS MT and MO. In GSM. A service centre has been defined. with the capability to send.51). to co-ordinate the messages sent to and from Mobile Stations. there is no reason for the Centre not to be integrated into the PLMN itself. teletex (No.
The messages are then reformatted into the format required for transmission to the Mobile Station. although services such as this are planned in the future. available. and to find the required Mobile Station. forwarded to the Service Centre as a confirmation of delivery. or by any other method defined by the Service Centre Operator. are sent to the Service Centre by any means provided for by the centre's Operator. an access is made from the Gateway Mobile Services Switching Centre (GMSC) to the Home Location Register (HLR). another service may be supported in GSM in Copyright ©1991. and so the sender does not need to know in which country the recipient is currently located. In the HLR. 8.GSM . to find the whereabouts of the recipient. The Mobile Station is paged and after the customary access procedure. since the message is small (160 characters) it can be delivered even during a call. the message is delivered. the directory number supplied is used to obtain the International Mobile Subscriber Identity (IMSI) for that Mobile Station. telex. The identification of the recipient (MT). but may wish to send SMSs. in turn. the reader needs to be aware of it. It should also be noted that the emphasis in SMS is on short messages. Since this is at the discretion of the Service Centre Operator it is out of the scope of GSM. If the Mobile Station is.1 Mobile Terminated Messages Messages coming into a Mobile Station (MT). This is. an acknowledgement of receipt is sent back by the Mobile Station.Global System for Mobile Communications a GSM subscriber. Michael Clayton Page 57 . These messages can only be 160 characters long. the SMS is forwarded to the MSC which is controlling it. As a failsafe mechanism. to see how the service could work. which is then used to perform subscription checks for the SMS service. However. at the time of presentation.3. It does not prove that the message has been read. This could be by fixed telephone. and are forwarded to the GSM PLMN. is simply the directory number (MSISDN) of the mobile subscriber. from a GSM Mobile Station. a flag is set at the HLR to then notify the Service Centre when the Mobile Station becomes available once more. but there is provision for a future option allowing several messages to be concatenated. However. either by the person sending it or by the Service Centre in the form of a default value. but there remains a reference to that message so that the originator can enquire about the result. In the PLMN. If at this stage the Mobile Station is found to be unavailable. Finally. The process used is the same as if an incoming call was to be delivered. and consequently it is also out of the scope of this report. over the signalling channel. a timer is also used in the Service Centre to periodically try and deliver the message up to the expiry time for that SMS. After this time expires the message is deleted. then this is indicated to the Service Centre. Also. an expiry time is set for the message. In addition. or becomes. facsimile. In this case.
3. as the name implies. news updates. these messages are broadcast without any request for service. can only be contacted by facsimile.3. and then is reformatted into an appropriate form. Other information services which could be given over Cell Broadcast are weather reports. This is not a problem if the receiving end is another GSM Mobile Terminal. For both these reasons it may be Page 58 Copyright ©1991. but there may be cases where the recipient. some means of easily entering outgoing SMS messages may well be a precursor to the success of mobile originated SMS messages. but any attempt to write a message 140 characters long using the Mobile Station will be frustrating to say the least. and reception is controlled entirely by the Mobile Station. sports results. hence the point-to-multipoint description. the information is broadcast on a cell by cell basis. 8. In cases such as this. Mobile manufacturers have made major advances in the man-machine interface. This is ideal for information services such as traffic updates. In the case of mobile originated SMS messages. The identity of the Service Centre is given by its telephone number. The different message types are transmitted in a cyclic order only when there is spare capacity on the GSM signalling channels and so reception is not guaranteed. the content needs to be formulated somewhere and the most likely place is via the Mobile Station key pad. The SMS message is passed to the MSC and then forwarded via the PLMN to the correct Service Centre. share market indicators and even network information. This will make SMS a versatile service indeed. by which a pre-paid reply could accompany the SMS sent. where the information is valid for a particular area. for instance.GSM . 8. All the subscriber need do is formulate a message and send it to a Service Centre. which allows for information to be delivered to a specific area only. So.3 Cell Broadcast Messages The Cell Broadcast Teleservice is different from the other two forms of SMS. and so the GSM process of sending an SMS is exactly like the outgoing call set-up already described. Also. A message received by the Service Centre is first acknowledged. a subscriber to the Service Centre can define the format to use for some regularly used contacts. Also.Global System for Mobile Communications the future.2 Mobile Originated Messages Sending an SMS message from a Mobile Station is as easy as receiving one. who is not a GSM subscriber. Another point worth noting is the method of inputting an SMS message. to be passed on to the recipient. Michael Clayton . Entering personal names against telephone numbers on present analogue phones is bad enough as it is. in that the messages are sent from one point and can be received by any Mobile Station. This could imply that the GSM subscriber also has a subscription to the Service Centre since the SMS message needs to be reformatted in a form that the recipient can receive.
Each of the different information items is characterised by a service identity number. It has been provided for SMS messages to be stored on the SIM itself. a second attempt is made after the expiry of a timer in the Service Centre. unless they are overwritten. once the message is rejected. In this case. It is not a fixed limit and depends on the configuration of the card. Copyright ©1991.Global System for Mobile Communications difficult to charge separately for Cell Broadcast. 8. that will be initially available for GSM. There is no formal limitation on the mobile equipment as to how many may be stored and no specification as to how they are to be manipulated or formulated. Michael Clayton Page 59 . even the provision of SMS on the mobile equipment is not compulsory. and an incoming message will be received. The SIMs. and these would be received and stored.4 Mobile Equipment Considerations SMS messages. However. which is a Network Operator's option. and that because of this an SMS message has been rejected. On the PLMN side. when received at the Mobile Station. using a Mobile Station function. the fewer telephone numbers are available. Indeed.3. Alternatively. The GSM subscriber would just need to choose the message types. If the user then deletes a message. The Service Centre stores these messages until it is informed that the Mobile Station can receive them. Also this limit is likely to increase with technology advances over time. Sooner or later. the combined mobile equipment/SIM (Mobile Station) store will be full. there are some specifications regarding the Subscriber Identity Module (SIM) and SMS. the incoming SMS will be rejected with the cause. a specific non-acknowledge message is sent back to the Service Centre. will typically be able to store approximately eight messages and some frequently dialled numbers. but there is a limit as to how many may be stored. which has been centrally allocated by the GSM Memorandum of Understanding (GSM-MoU). The Mobile Station options are up to the manufacturers. and so the more SMS messages that can be stored. but could include functions to indicate that the store is full.GSM . This is left to the mobile Manufacturer as a means of product differentiation. would first be stored before the incoming SMS indication is given. These are stored indefinitely. this is not indicated to the PLMN until a subsequent reference is made to that Mobile Station. The space available can be used either for SMSs or for the user's personal telephone directory. or they become out of date. unless the Mobile Station allows for messages to be deleted (read or unread).
but does not wish to lose potential sales leads while he is unavailable. This corresponds to tailoring the services to meet specific subscriber requirements. Michael Clayton . however. In its basic form. Indeed. irrespective of its designated Phase. As soon as a Service is stable and frozen. there may be occasions when the subscriber knows that his Mobile Station will be unavailable. The rest of the Supplementary Services are intended to be included in subsequent phases. and may wish to have calls delivered elsewhere. A typical scenario. there are several conditional forwarding services which have been defined. a Phase 1 documentation set was produced covering the essential services for launch. However. since only the Call Forwarding Services and the Call Barring Services were included in this release. the subscriber may wish not to receive calls in particular circumstances. To cope with the various scenarios in which the subscriber may wish to forward calls. Alternatively. The best way to illustrate them. it is Page 60 Copyright ©1991.1 Call Forwarding51 The call forwarding Supplementary Service is used to divert calls from the original recipient to another number. and describes what they do. 9. This has relevance to the Supplementary Services. though this does not mean they will be late in being implemented.GSM . by making calls. In doing so. a call is either accepted by the called Mobile Station or it is rejected for whatever reason. and so to ensure that calls are not lost. In terms of this report. it can be implemented.Global System for Mobile Communications 9 SUPPLEMENTARY SERVICES50 The Teleservices and Bearer Services provide the ability to send information across the GSM Public Lands Mobile Network (PLMN). and is the reason that Supplementary Services have been defined. GSM has not finished the evolutionary process and changes are being made to integrate the new services that are now being defined. there is also reference made to how they do it where appropriate. the uncertainty does mean that complete accuracy cannot be guaranteed. but there must be a word of caution included here. A list of planned Supplementary Services. However. and is normally set up by the subscriber himself. is to deal with them separately. It can be used by the subscriber to divert calls from the Mobile Station when the subscriber is not available. is given in Annex 3. This section deals with Supplementary Services. in order to meet the ödeadlineì set by the Memorandum of Understanding. would be when a salesperson turns off his mobile phone during a meeting with customers. to date.
GSM - Global System for Mobile Communications entirely up to the Operator whether the conditional forwarding services are offered separately or as a package. Provision has been made to check subscriptions for them in isolation of each other. 9.1.1 Call Forward Unconditional As the name suggests, this service is used to forward calls whatever happens. In this case, no calls of the type specified are accepted by the subscriber while it is operative. Instead they are sent to the number(s) specified when the service is set up. The capability for the subscriber to make outgoing calls remains unaffected by Call Forward Unconditional (CFU). The subscriber to the service has one option. This concerns the notification to the caller if their call is being forwarded. The person receiving the forwarded call receives a notification of this, as a matter of course. The method of setting up this service requires three pieces of information. The first is the identity of the call forward unconditional service itself (No. 21), the second is the number to which the calls are to be forwarded, and the third is the single, or group of, Bearer and Teleservices to which it should apply. It is possible to forward different types of calls to different numbers so, for example, speech calls can go to a secretary, and fax calls to the office fax. There is one point that the subscriber should be aware of: it is the owner of the Subscription who defines that the call is to be forwarded, and the caller will not know if call forwarding has been invoked prior to making the call. Hence, it is inappropriate to charge the caller for the forwarded portion of the call. So any charges incurred for this part are expected to be charged to the called subscriber (the person who set up the forwarding service). This applies to all forwarding services. When a call is made to the subscriber, it is invariably referred to the Home Location Register (HLR) to find out where that person is. If at this point the call forwarding unconditional service is found to be in operation for that type of call, the call is diverted accordingly. In this case the original call only goes as far as the HLR and the called party is never paged. 9.1.2 Call Forward on Subscriber Busy For this, and all other forwarding services, a condition must be met before incoming calls are diverted. In this case, the call is only diverted when the called person is busy on another call. This diversion occurs without the call being offered to the subscriber. There is another service, called the call waiting service, which indicates an incoming call. The subscription options for this call forward service are twofold. The first refers to the indication given to the caller that their call is being forwarded, as described Copyright ©1991, Michael Clayton Page 61
GSM - Global System for Mobile Communications above. The second refers to the notification, given to the subscriber, that a call to them is being diverted. As in Call Forward Unconditional (CFU), this service requires three pieces of information. These are the service code (No. 67), the forwarded-to number and the Basic or Teleservices to which the service should apply. For this service the call is routed via the HLR to the Mobile Services Switching Centre (MSC) and Visitor Location Register (VLR) controlling that mobile. At this point the call would normally be directed to the Mobile Station, but when it is determined that there is a call in progress, the Call Forward on Subscriber Busy (CFB) service is invoked. There is no attempt to offer the call to the subscriber, despite their being informed that a call is being forwarded if that option was chosen at subscription time. 9.1.3 Call Forward on No Reply As the name suggests, the condition to be met for this service (CFNRy) to be invoked, is a no reply situation from the Mobile Station. For this to be ascertained, the call has to be offered to the Mobile Station, which means that the call has progressed through all the normal stages of a call set-up, and has caused the phone to ring. Only then, after a set period of time, is this service put into effect. Because of the additional parameter of the length of time for ringing, this service needs four pieces of information: the service code (No. 61), the forwarded-to number, the Bearer/Teleservices for which it is applicable, and a time after which the subscriber is deemed not to have replied. If this is not specified, a default value is set by the Network Operator. The options available at subscription time are the same as those for the Call Forward on Subscriber Busy (CFB), i.e. notification to the calling party, and notification to the forwarding party. 9.1.4 Call Forward on Subscriber Not Reachable
The Call Forward on Subscriber Not Reachable (CFNRc) service is provided for those instances where the network determines that the subscriber is not registered or would normally be available but cannot currently be reached. The main scenarios for this service deal with situation where the subscriber is out of radio coverage, or is in an area of congestion, or indeed, if the subscriber is known to have turned the mobile off. Because of the many possible reasons for the subscriber not being reachable, this service varies in terms of how it works. For the simplest situation, the incoming call is referred to the HLR, and if it is known that the subscriber is not available Page 62 Copyright ©1991, Michael Clayton
GSM - Global System for Mobile Communications then the service is invoked there and then. For the HLR to know the status of the Mobile Station, the PLMN needs to use the IMSI Detach/Attach function. This function requires the Mobile Station to notify the PLMN when it is turned off and subsequently when it is turned back on again. The only other way that the PLMN can ascertain if a subscriber is not reachable is if they are paged and no response is received. The one subscription option for the call forwarding when not reachable service, is that of informing the calling party that the call is being forwarded. The person receiving the forwarded call receives a notification of this, as a matter of course. To register this conditional call forward three pieces of information are required: the service number (No. 62), the forwarded-to number and the Bearer/Teleservices to which it applies. 9.1.5 Special Considerations and Interactions Some common characteristics occur in all of the forwarding services, which should be mentioned. The first refers to the input of information in conjunction with the service. Apart from the setting of the service in the GSM PLMN, there is a need for the forwarded-to number to be entered. The format of this number is important since it may be used from within a foreign country, where the national format of the home country is not valid. While it is possible to enter a national specific number (08 811 9334), this number must be converted to an international form (+61 8 811 9334) when used in the foreign country. This can either be done automatically by the PLMN when the subscriber roams, or be done by the subscribers themselves. In the latter case some education is necessary. In addition, when a forwarded-to number is set for call forwards, there is no requirement for the number given to be checked for validity. So calls can be forwarded to a non-valid number without the subscriber knowing it. This will occur consistently until the subscriber corrects any error, so it is important that the number is correctly entered in the first place. To avoid the situation where the subscriber forgets that a call forwarding service is active and operative, an indication is given to the forwarding party each time an outgoing call is made. It is expected that there will be one indication for Call Forwarding Unconditional and another common indication for the rest of the call forwarding services. This is necessary since the Call Forward Unconditional will result in no incoming calls at all, whereas the conditional forwards at least will result in some incoming calls. The distinction made above between active and operative is also important. Interactions exist between specific call forwarding services and the many other Supplementary Services which have been defined in GSM. A primary example of this is the interaction between Call Forward Unconditional and a Supplementary Service to bar all outgoing calls. If both these services are active and operational Copyright ©1991, Michael Clayton Page 63
therefore. The conditions are: Page 64 Copyright ©1991. It has been defined. so as to limit the charges incurred. then Call Barring may be useful to stop calls being routed to international destinations when they are roaming. there are times when the subscriber is not the actual user of the Mobile Station. Hence a condition. This would leave free access to national calls. They are grouped into two main areas: barring of incoming calls and barring of outgoing calls. There are many intricate conditions that are clearly defined in the 02. and as a consequence may wish to limit the functionality. A typical scenario could be the use of the Mobile Station in a company where a manager wants to limit the access capability to reduce unauthorised calls. the GSM recommendations should be consulted. a further situation may occur where a call forward service overrides one already set and which is active. Michael Clayton .Global System for Mobile Communications at the same time then the Mobile Station would not be able to receive or make any calls.80 series. Alternatively.2. but each barring program is handled as if it were a single Supplementary Service. which may be associated with this barring service. it has been set) and operational (i. The conditions for the barring service are combined to form barring programs. but which may be subject to change. However. So GSM devised some flexible services that enable the subscriber to conditionally bar calls. These are further sub-divided into barring programs to provide the flexibility required. However. it is has not been temporarily overridden).e. but stop the more costly international calls. could be barring of outgoing international calls. and they are chosen at the time of subscription. In this case the less dominant service becomes quiescent and only becomes operational again if the dominant service is cancelled.GSM . For further information on the interactions between Call Forwarding and other Supplementary Services. 9. The reason for this is because it is expected that the charges incurred for international rerouting of calls will be paid by the roaming subscriber. if the subscriber and user are one and the same. with an indication that an incompatibility has occurred.e. that if one is active the setting of the other is disabled. This is the difference between active (i. 9. To include them here may mislead the reader.1 Barring of Outgoing Calls The barring of outgoing calls allows the subscriber to be selective with the calls made from the Mobile Station under certain conditions.2 Call Barring52 The concept of barring certain types of calls might seem to be a Supplementary DISSERVICE rather than Service.
Michael Clayton Page 65 .Global System for Mobile Communications 1 2 3 Barring of all outgoing calls (BAOC) Barring of outgoing international calls (BOIC) Barring of outgoing international calls except those directed to the Home PLMN country (BOIC-exHC). 1&2. GSM provides a section on the applicability of each of the Supplementary Services on the various Bearer and Teleservices. 1.g. The use of the same password is extended to the barring of the incoming call services. etc. until the type of call attempt is given by the Mobile Station on the control channel (after ciphering). Bearer/Teleservices. (e. or a group of. As with most of the Supplementary Services. For barring of outgoing calls. These barring programs are self evident. This type is then checked against the types of allowed calls. the barring service is used by the subscriber to restrict service. they may make calls to Singapore. 2. facsimile calls may be barred but telephony calls of the same type allowed. The call set-up progresses as described above.GSM .) In the scenarios given above. or by the subscriber using this password. In this way. Hence GSM has added a password for use with the call barring service. it is possible to have the barring program working on one. 3. 1&3. if an Australian subscriber roams to Singapore. The Phase 1 description of this barring service allows for the control of barring settings by the Service Provider only. and is barred where appropriate with an indication to the user if the call is not allowed. with the exception of emergency calls. with the others unaffected. calls are allowed from the roamed-to country back to the home country. The barring of all outgoing calls does not affect the ability to make emergency calls. At a later time this may change to allow full control by the subscriber. but not to a New Zealand subscriber standing right next to them. options exist to allow all logical combinations of the conditions above. In subscribing to the service. So. The operation of barring outgoing calls is very simple. With the Barring of International Calls Except those directed to the HPLMN program. Also. Also. as stored in the Visitor Location Register (VLR). they may make calls to a Singapore subscriber irrespective of where that subscriber has roamed. which is then routed back to Singapore. the barring of outgoing international calls does not preclude the user from making calls to the PLMN or fixed network where the user is located. the number must be an international call to New Zealand. Copyright ©1991. The reason for this is that to call a New Zealand subscriber. which is also defined at the time of subscription. but this implies that there is some form of security to stop the user of the Mobile Station from resetting the barring program. Furthermore. when a proposed parallel service is defined giving similar controls to the Service Provider. but not to New Zealand. the applicability is to all services. but there are some points which could be clarified.
In this case the forwarded call is treated as if it was a normal incoming Page 66 Copyright ©1991. it should not be possible to activate outgoing calls and the forwarding of incoming calls as this would stop all calls to the Mobile Station. the barring on incoming calls is applicable to all types of Bearer/Teleservices. As with the barring of outgoing calls. simultaneous activation of the two services is not allowed on the same subscription. These are: 1 2 Barring of all incoming calls (BAIC) Barring of incoming calls when roaming outside the Home PLMN country (BIC-Roam). and so when such a forward conflicts with a barring program it should be barred. Once again. but for incoming calls. it is always referred to the Home Location Register (HLR).2.2 Barring of Incoming Calls The barring of incoming calls is effectively the same as the above service. In addition. This may also be stopped by not allowing simultaneous activation of forwarding and barring services where a conflict is obvious. It is here that the call type is compared with what has been set. the process of forwarding a call can look like an outgoing call. or groups of. there are some situations arising from the interaction of the barring services and other Supplementary Services. that all incoming calls to that Mobile Station are stopped. attached to one.GSM . Another point worthy of note is a similar situation implied (but not specifically stated) in the interaction between barring of all incoming and all outgoing calls. Once again there is one service. The first barring condition means. but this time with just two conditions. Michael Clayton . However. the subscription allows for combinations of the two barring conditions. as one would expect. In effect. Also. It is this second condition which would be used to stop charges being incurred on the international portion of redirected calls to roaming subscribers. 9. The interaction between call forward unconditional and barring of incoming calls is also worthy of note. and the call stopped if a conflict arises.2. The second condition means that all the calls to the Mobile Station are stopped if the subscriber is roaming outside the Home PLMN country. For the outgoing call barring service there is an interaction with call forwarding. Bearer/Teleservices. another interaction can occur if a call is forwarded to a subscriber who has invoked the incoming calls barred service.Global System for Mobile Communications 9. When an incoming call is made to the subscriber.3 Special Considerations and Interactions Once again. The same password options and conditions as used in the barring of outgoing calls. apply to the barring of incoming calls.
This may seem strange since the person making the call should know the number they dialled. which can be deduced by common sense. 9. at the start of the phone ringing. In the meantime the name of each and a brief description is given below. Normally. Some of these services have been frozen and are deemed to be complete but have not yet been released. The person subscribing to the service is the calling party. The person subscribing to the service receives the telephone number of the calling party. There are further interactions. and so they would subscribe to this service. between the barring services and other Supplementary Services. In the normal course of events. These are best referred to directly in the ETSI-GSM recommendations. so that the called person can determine who is ringing prior to answering. The concept is for this number to be presented.81) Calling Line Identification Presentation (CLIP) This first service deals with the presentation of the calling party's telephone number.3 Phase 2 Supplementary Services53 There are a number of other Supplementary Services that have been identified. some quite subtle. Connected Line Identification Presentation (COLP) This service is provided to give the calling party the telephone number of the person to whom they are connected. It would be inappropriate to give too many details. Connected Line Identification Restriction As may be expected there are times when the person called does not wish to have their number presented. and which are at various stages of development. Calling Line Identification Restriction (CLIR) The calling line restriction service is subscribed to by a person not wishing their number to be presented. but there are situations (such as forwardings) where the number connected is not the number dialled.Global System for Mobile Communications call and set-up is denied. this overrides the presentation service. Number Identification Supplementary Services (GSM Recommendation 02. Michael Clayton Page 67 . the restriction service overrides the presentation service. Copyright ©1991.GSM .
allows them to be notified when the called party is free.Global System for Mobile Communications Malicious Call Identification (MCI) The malicious call identification service was provided to combat the spread of obscene or annoying phone calls. there are enough differences. The definition for this service is not stable. which has no limit on the number of conferees. The subscriber can then accept or reject the call. Completion of Calls to Busy Subscribers When a subscriber makes a call and the called party is busy. caused by its application to the mobile environment.83) Call Waiting The call waiting service. or make another call). This identified number could then be passed to the appropriate authority for action. However. Page 68 Copyright ©1991. once set. Call Hold The call hold service allows the subscriber to put an existing call on hold to perform some other function (such as answer a waiting call. Multi-Party Supplementary Services (GSM Recommendation 02. allows the subscriber to be notified of an incoming call when they are in the middle of another call. whereas GSM will be used for impromptu multi-party calls. Call Completion Supplementary Services (GSM Recommendation 02. It is expected that ISDN will be used for planned or large conference calls. in that several calls may be connected with all parties talking to each other. for it to be known by a different name. and to have the call automatically re-initiated. using a simple command. It should be noted here that there are no restrictions for any GSM subscriber to be a part of an ISDN Conference call. The victim would subscribe to this service. and then they could cause known malicious calls to be identified in the PLMN. and then to subsequently retrieve the original call. Michael Clayton . This is a difficult service to implement in the mobile environment.84) Multi-Party Service This service is similar to a conference type service. this service.GSM .
This party can be either another GSM Mobile Station.GSM . and are not stable. but may include text (such as names and addresses). Additional Information Recommendation 02. and B asks to be transferred to C. or indeed a person on a different network.87) Transfer Supplementary Services (GSM User-to-User Signalling This service allows the subscriber to send and receive information to and from the person with whom they have an active call. Copyright ©1991. by those Service Providers who wish to offer rental services to subscribers without their own Subscriber Identity Module (SIM). who asked for the call transfer.Global System for Mobile Communications Community of Interest Supplementary Service (GSM Recommendation 02. require more investigation. intrusions can be limited only to those members who wish to talk with each other.85) Closed User Group This service is provided on GSM to enable groups of subscribers to only call each other. This service does. however. To charge B is technically difficult). Charging Supplementary Service (GSM Recommendation 02.82) The call forwarding services also come under this heading. Call transfer and Mobile Access Hunting have been separated because they are not a phase one service.) Call Transfer The call transfer service allows the subscriber to transfer a call to another party. One of the difficulties with this service is the billing ramifications. in a slightly different form.86) Advice of Charge There are many people who receive a shock when the phone bill for mobile services is received. this service can also be utilised. or B. In this way. and numbers (such as telephone numbers). Furthermore. Call Offering Supplementary Services (GSM Recommendation 02. then it is not clear who should be charged for the rest of the call (A. This service was designed to give the subscriber an indication of the cost of the services as they are used. If A calls B. The amount of information is limited. who initiated the call but is no longer a participant. Michael Clayton Page 69 .
GSM . An example of the sort of information that may be registered is the forwarding number. and the Bearer/Teleservice for which the Supplementary Service is to be set. The opposite function to activation is termed deactivation. Provision is really the way a subscriber may gain access to the service. Finally. So. Michael Clayton . This is invocation. Next comes the registration of the service. These functions cover the requirements for each service to make it work. a call forward may be subscribed to (provisioned). Page 70 Copyright ©1991. it is also deactivated at the same time if it is operative. it is possible for activation and registration to occur concurrently. The opposite of this is withdrawal which makes up the second function. Once a Mobile Station accepts the call. As an example of the use of these functions. in order for some services to work. been turned on (activated). this is entirely a matter for the Operator. While it is implicit that a charge is made for the provision of the service. there is another function which covers the setting in motion of the service.Global System for Mobile Communications Mobile Access Hunting The definition of this service is not yet stable. If an erasure takes place then this information is not available and the service cannot operate. which refers to the action required of the Operator to make this service available to the subscriber. After registration comes activation. to how it is actually set in motion. 9. The opposite of registration is erasure. and it is a function carried out either by the user or automatically by the PLMN. As in the case of erasure. in which the registration information is deleted. This function should not be confused with implementation of a Supplementary Service.4 Using Supplementary Services54 To make the application of Supplementary Services universal in the GSM recommendations. have the forwarding number stored for speech calls (registered). whenever a service is erased. A special condition exists here since. The first function is provision. which involves the programming of information required for it to function. It depends on the service whether this is a separate function or not. where it is loaded onto the PLMN. or the öturning onì of the service. the information registered needs to be present. This can be under subscriber control or under Operator control. each service is described in terms of seven functions. The concept behind it is to allow a call placed by a subscriber to be offered to several Mobile Stations in a predetermined order. normal call procedures are adopted. but only be invoked when an incoming call is made to that Mobile Station. and range from how it is provided for use by the Operator.
and so they are left out or combined. call waiting does not require any supplementary information to work and so there is no registration.GSM . call forwards require all of the above functions. Copyright ©1991. For instance. Michael Clayton Page 71 .Global System for Mobile Communications Not all of these functions are required in the use of some Supplementary Services. Conversely.
and an Authentication Key (Ki) which is unique to the subscriber. the Random Number is called RAND and the result is called SRES (Signed RESponse). with only the RAND and SRES being exposed to the insecure air interface. which would normally be attached to an Home Location Register (HLR) but be located in a secure environment. are algorithms.GSM . They are one-way in the sense that. The first involves an AUthentication Centre (AUC). The random number and Ki are applied to the A3 algorithm. security is an important feature of GSM. in the case where more than one Page 72 Copyright ©1991. Michael Clayton . Also. 10. the IMSI's and Ki's for all subscribers to that network are known.1. 10. two options exist to generate the RAND and SRES pairs. and the result issues from it. This calculation is done both in the PLMN and the SIM. it is very difficult or impossible to work out the key by which the results are reached. given a series of inputs and the corresponding results. and another concerned with eavesdropping. GSM provides Authentication and Ciphering over the air interface. so that only the PLMN and the SIM know the secret key. with all information passed transparently by the components in between. The A3 algorithm needs two inputs to reach a result: a random number supplied by the VLR. not the mobile equipment. There are two areas of security provided in GSM. The Ki is stored in the SIM at pre-personalisation and in the PLMN in a secure environment. Within this functional component. To combat these two areas. then the Mobile Station is positively identified as being the one claimed. It should be emphasised that the Authentication procedure at the Mobile Station is done purely by the SIM. If the response from the SIM matches that in the PLMN.1 Authentication56 This process is designed to be as secure as circumstances allow. or complex oneway calculations.1 PLMN Side On the PLMN side. Embedded in the SIM. The procedure takes place between the Subscriber Identity Module (SIM) and the Visitor Location Register (VLR) in the PLMN. In GSM terminology. at time of manufacture. one concerned with impersonation of valid Subscriptions and the corresponding fraudulent use of Public Lands Mobile Network (PLMN) resources. The algorithm for GSM authentication is called the A3 algorithm.Global System for Mobile Communications 10 PLMN SECURITY55 By virtue of the open nature of radio communications.
LAI). The same mechanism is used in both areas: that of ciphering the raw bit-stream data sent over the air interface. Using this method. but ensures that what is heard is unintelligible. that this mechanism does not provide end-to-end protection. security must be compromised. Michael Clayton Page 73 . Copyright ©1991. this means that the mechanism is a low level function.2 Ciphering57 The second security function provided in GSM is that of ciphering.GSM . All the VLR does is to select a RAND/SRES pair. which is less secure and therefore less likely to be used. It should be noted. All the AUC does is to generate several RAND/SRES pairs for a given International Mobile Subscriber Identity (IMSI) at a time. of data over the air interface. the identity of this too is linked to the appropriate IMSI/Ki pairs. to be able to authenticate a Mobile Station. or encryption. and compare the result sent back with the SRES stored. However. which in turn passes out the pairs to a VLR for storage and subsequent use. only protection over the air interface. with the consequence that deciphering takes place as soon as data is received. the calculation is done in real time each time the Mobile Station is authenticated. It then discards the pair. 10. but the primary areas are protection of user identification signalling data (e.Global System for Mobile Communications Authentication Algorithm is used. send the RAND to the SIM. The advantage of this method is that the VLR does not have to know the Ki or even the algorithm.g. 101. This does not stop eavesdropping. and protection of user data. therefore. This is to allow signalling messages to be understood at the Base Station System (BSS).2 Transmission of Authentication Key This leads on to the second method. There are several areas where protection of user data is required. are also included. This is especially useful where international roaming comes into play and foreign networks need to authenticate roaming subscribers. In the case where several algorithms are used. The method revolves around having the algorithm stored in the VLR and sending the Ki to the VLR on request. In most cases. However. this is the HLR for that subscriber. the details of the algorithm which should be used. and pass them back to the inquirer. such as speech. TMSI. not least because the VLR would not normally be as secure as the AUC. It is a network Operator option as to which method to implement.
which results in the original data without the necessity of a subtraction. To work. Michael Clayton = 110101 User data . resulting in the original data once more. a random number is generated in the PLMN and sent to the SIM. This gives the procedure security. This is put through the A3 algorithm with the Authentication Key (Ki) to obtain a response as described above. so that the known bit stream. is not itself sent over the air interface.2 Cipher Key (Kc) setting Mutual key setting is the procedure that allows the Mobile Station and the PLMN to agree on the Cipher Key (Kc) to use in the A5 cipher and decipher algorithms. The different algorithm is called the A8 algorithm. Remember that Ki is only known by the SIM and the PLMN. which was added. At the local end the cipher stream is added to user data. Whenever Page 74 Copyright ©1991. and is only implemented on the SIM. which.GSM . On the PLMN. Kc. and it is implemented in the mobile equipment. During authentication. In GSM. and is never sent over the air interface. The setting of the new Kc is indirectly obtained from authentication. All that needs to be done is to take away the known bit stream from the received data. Cipher stream 101001 User Data + 110101 = 011100 Ciphered data At the far end. the same algorithm must be used at both ends. 10. it needs a Key called the Cipher Key (Kc). The same cipher algorithm is run independently at the other end with the same parameters. a bit by bit binary addition is used in both cases. values of Kc are computed at the same time and in the same place (for example the Authentication Centre) as the RAND/SRES values. although known at both ends. Ciphered data 011100 + Cipher stream 101001 To ensure that the added Cipher bit stream is the same at both ends. this algorithm is known as the A5 algorithm. the same cipher stream is added to the ciphered data to retrieve the user data. is available there also. An example is shown below.Global System for Mobile Communications 10. To obtain the Cipher Key. In fact.1 The ciphering method The ciphering method relies on adding together the data.2. and a known bit stream which is derived from a cipher algorithm. this same random number is put through a different algorithm with the Ki.2.
As soon as the message to the Mobile Station has been sent. to ensure that the user data can be retrieved. The Cipher Key Sequence number is incremented every time the A8 algorithm is run up to a value of four after which it returns to zero. Finally. the ciphering and deciphering processes start immediately. it is sent to the BSS. at the BSS. Copyright ©1991. and it is just a matter of ensuring that both ends still have this key. When a Traffic CHannel is allocated to the Mobile Station for transmission of user data. the BSS starts to decipher information received from the Mobile Station. and is always initiated by the PLMN. the RAND/SRES/Kc values are known as Triplets. since no sensitive information can be sent until ciphering is in place. the ciphering process on the Base Station System (BSS) side starts as soon as a frame or a message from the Mobile Station has been correctly received. Michael Clayton Page 75 . 10. This timing is indicated in the message to the Mobile Station to start ciphering. and deciphered.4 Synchronisation Synchronisation of the ciphering stream at one end. Normally the process is started on the Dedicated Control CHannel (DCCH). using the Cipher Key Sequence number. is required for the ciphering and the deciphering bit streams to coincide. This is done quickly. and they are stored together. To ensure that the Kc is the same at both ends. The key Kc may be stored. While the key setting is normally triggered by the authentication procedure. and of the deciphering stream at the other.Global System for Mobile Communications RAND/SRES pairs are supplied within the PLMN. the last Kc is used. which immediately sends a message to the Mobile Station to start ciphering. As a consequence. another mechanism exists to allow agreement without running the authentication procedure.2. In this case. This is achieved by controlling the A5 cipher algorithm using an explicit time variable as an input to the algorithm in addition to the Kc. the Mobile Station starts ciphering and deciphering simultaneously. by the mobile station until it is updated at the next authentication.2. As soon as the Kc is identified. or when the SIM is taken out. the Kc values are given also. In this case.GSM . this sequence number is sent over the air interface and compared. 10. Figure 43: Cipher Start Sequence44 On receipt of the Start Cipher message.3 Starting of the ciphering and deciphering processes The Mobile Station and the BSS must choose to start ciphering in a coordinated way. and used. the key used for ciphering is the one set up during the preceding DCCH session (Call Set-up).
initialisation data) is transmitted within the system infrastructure to enable the communication to proceed from the old BSS to the new one. despite what the manufacturers may claim. as well as in conjunction with it.10. The key Kc remains unchanged at handover. In this section. the necessary information (e. It is also only mandatory for mobile terminals which require a human attendant. However. in terms of features.5 Handover When a handover occurs. Mobile equipment becomes a Mobile Station when a SIM associated with a valid subscription is inserted. there are some mandatory features and functions. Page 76 Copyright ©1991.2. However. 11 MOBILE EQUIPMENT58 The report has so far dealt mainly with the GSM infrastructure and only touched on the Mobile Station in terms of its functionality. which will be type approved.GSM .Global System for Mobile Communications 10.g. which must be present for the mobile equipment to be deemed a GSM mobile terminal. to emphasise the difference between a piece of mobile equipment and a Mobile Station. that mobile equipment merely conforming to them could well be considered archaic.1 Mobile Equipment Features59 There is a minimum requirement. The appropriate ETSI GSM recommendation for reference is 11. nonetheless important. once more. there are several areas which are not be covered under infrastructure but which are. the mobile equipment is dealt with in isolation from the Subscriber Identity Module (SIM). 11. Hence it is prudent. to allow product differentiation. It is also worth pointing out that ETSI-GSM has allowed a fair degree of latitude to the mobile manufacturers. They are: Display of called number This refers to the display of the number input. prior to pressing the SEND button. Michael Clayton . key Kc. In fact they are so limited.
GSM . Michael Clayton Page 77 . when the PIN is changed. Subscription identity management This is a little esoteric. the SIM only accepts the old one and the new one. Copyright ©1991. The only sure way is to make an access and test the errors received. The form this indication takes is actually being coordinated under the control of the MoU-SERG group. and normally takes the form of a 2-3 country letter indication and a PLMN name. It is on the basis of this that stolen equipment may be identified. International Mobile Equipment Identity (IMEI) This is a unique Identity sealed into the equipment. and which may be transmitted to the PLMN when requested. but essentially deals with the scenarios regarding the removal of the SIM and safeguarding the identity of the IMSI. A special section deals with this later. (e. recorded messages and text displays from the Public Lands Mobile Network (PLMN). A small point worth noting here is that.Global System for Mobile Communications Indication of call progress signals These are the tones. It involves identifying what information needs to be deleted once the SIM is removed. Country/PLMN selection This refers to the means by which the subscriber chooses which PLMN to access when roaming and given the choice. there is no reason for a specific roaming indication not to be supplied as well.g. It is up to the mobile equipment to manage the means by which the new PIN is verified. Country/PLMN indication This is merely an indication of which country and PLMN the Mobile Station is attached to. entered twice) before it is presented to the SIM. Invalid PIN indicator This is a display feature to indicate that an invalid Personal Identification Number (PIN) has been entered. Service indicator This is an indication of the adequacy of the signal to allow calls to be made. While it implicitly indicates when roaming has occurred. This is not a simple process because pure signal strength in a Time Division Multiple Access (TDMA) system is not always a good indicator.
2 Man-Machine Interface60 One of the main difficulties facing users of mobile equipment is the difference in the way mobile phones achieve similar functions. past experience has taught Operators that if there is a problem with the setting of a service.07) a number of optional features have also been identified. In doing so the mobile equipment should not affect the PLMN by radiating any signal. which allow the Supplementary Services to be set up using just a 0-9. Their offerings should surpass what is laid-down in the GSM recommendations. However. Moreover. It is expected that PLMN Operators will have individual wishes that match what will be available on the their own network. This is more efficiently done if the same control procedure can be used on any GSM Mobile Station. but on another it could be öFCN 51ì. This must be supplied on every mobile. The mandatory portion is the use of an emergency signal to gain access to emergency services with or without a SIM. retrieving the number of the phone could be öRCL #ì. However.GSM . but the advent of the Subscriber Identity Module (SIM) means that this is more likely to occur than before. the list is by no means exhaustive and represents only part of the wishlist for a GSM mobile terminal. Michael Clayton . 11. but suffice it to say that most mobile manufacturers will be realistic but eager to please. It may seem improbable at this point that a subscriber will change phones often enough to worry. Page 78 Copyright ©1991. Control of Supplementary Services There is a set of universal commands. Self testing The self testing is required to ensure that the mobile equipment is ready to operate properly. who are used to a universal service yet have different commands to access it. some of which require the presence of a SIM card. * and # keypad (ETSI-GSM 02. to determine whether to allow SIM-less mobile equipment to make emergency calls. For some. The Man-Machine interface deals with this in more depth. The above are the mandatory features for the mobile equipment. In the same recommendation dealing with mandatory features (ETSI-GSM 02. If all of these Operators had their way then the mobile equipment would be versatile indeed. irrespective of the Manufacturer methods for accessing these services.30). sooner or later they are asked to solve it. it is up to the PLMN Operator. despite this. So imagine the problem facing GSM subscribers. using their licence as the terms of reference.Global System for Mobile Communications Emergency call capabilities This refers to the capability for the Mobile Station or the mobile equipment to make emergency calls.
and the service for which this forwarding applies. where call hold would be one of the former and call forwarding one of the latter. activation and sometimes. Michael Clayton Page 79 . Also. In GSM.1 Setting up Supplementary Services It can be seen from the section on Supplementary Services that there are different actions required to make them work. *. to signify the use of the buttons used to start and finish a call. An example of registering information is the registration of the number to which calls should be forwarded. # and +.GSM . However. and it is left to the reader to refer to the ETSI-GSM recommendations (02. GSM has a standard Man-Machine Interface (MMI) which can be accessed by any GSM terminal with a key pad or some means of entering 0-9. for the sake of accuracy. but there must be some means of entering 0-9. but some GSM services may differ slightly. the examples given below are generically correct.. 11. Whereas the call hold service only requires an activation command. where SEND and END are used.30 and 02. However. *.2. we are only concerned with registration.1 Registration The general procedure for setting Supplementary Services occurs in two stages: the registration of information required by the service to operate. +. and therefore also needs a registration command.. and the actual activation of that service. activation and invocation. irrespective of how the information is input.80 series) to find out which functions are applicable to which Supplementary Services. In describing the Man-Machine Interface. These are provision. the presence of a key pad on the Mobile Station is not mandatory. and it is fully expected that the mobile Manufacturers will think of more user friendly ways of achieving the same ends. it is the safety net that the Operators believe is imperative. registration. much use is made of the words SEND and END. invocation. and SEND and END. A distinction often made between different Supplementary Services concerns those services which merely require a command to make them work. Therefore. In the standard MMI. 61. and those which require additional information. the appropriate function is meant irrespective of how it is instigated. In this section. The concept behind the GSM MMI is that a well defined signalling system is used to send the information from the Mobile Station to the PLMN. The distinction is sometimes highlighted using the terms in-call services and out-of-call services. #. registration is performed using: Copyright ©1991. the same information elements are required for both the standard MMI and any Manufacturer-specific MMI. This is another reason why the reader should refer to the ETSI-GSM recommendation. the generic approach is adopted here.Global System for Mobile Communications Consequently. the call forwarding service requires a forwarding number in order to work. For the purposes of this section. It is cumbersome in some respects.
or turning on. it was decided to allow the activation procedure to also contain the supplementary information which would be registered as part of the activation. Using the same example as above. for the Fax service (service code 13). This is here since it was decided that. Michael Clayton . the forwarding of calls may not always be applicable and so it may be turned off and on at will.. For instance. Note that in the second example.. of the service. In separating registration and activation. Also included in this procedure is the supplementary information field Si. It is quite likely that more than one piece of information could be input. services being set up would normally be activated at the same time as registration. * 21 # SEND or * 21 * +6181234567 * 13 # SEND It is assumed that a valid subscription exists for each service to be set up. The generic procedure for activation is: * NN(N) * Si # SEND The single * denotes the activation command.GSM . If no such information is included in the activation command. in most cases. then the last supplementary information registered is used. Si gives the supplementary information. the * is used as a separator between elements. and once again the NN(N) gives the Supplementary Service code. to the telephone number 08 123 4567. and the SEND refers to the button on the Mobile Station used to send the information. in which case it would be input in a specific order with each element being separated by a *. an example of activation for call forward to 012345678 for Fax is given below. the NN(N) is the Supplementary Service code. Page 80 Copyright ©1991. the forward-to number is given as an international number not a national specific number. An example is given below of call forward unconditional (service code 21).2 Activation The second stage is the activation. ** 21 * 081234567 * 13 # SEND 62. two commands would be required just to set up a service. So. If this is not the case then any attempt to utilise the service is rejected by the network. the # denotes the end of information.Global System for Mobile Communications ** NN(N) * Si # SEND Where the ** denotes a Registration command.
2 In-Call Supplementary Services The in-call Supplementary Services are handled a little differently from the generic approach. because the commands are context dependent (e.GSM . Copyright ©1991. if this too cumbersome. there is some justification for showing how it looks now to give some indication of how it may look when completely stable. 11. Conversely. If the subscriber wishes to clear the existing call and accept the new call. There is no need to add any stars or hashes to identify the activation. If the subscriber wishes to keep the existing call and merely find out who else is calling. then the two functions of ending the current call and accepting the new call can be started by entering 1 SEND. After this timer expires the keystroke becomes invalid. The generic procedures for erasure and deactivation are:## NN(N) * Si # SEND (Erasure) # NN(N) * Si # SEND (Deactivation) In practice. then all that is required is to press END after which the waiting call starts to ring as a normal call.. then 2 SEND puts the existing call on hold and answers the waiting call. Michael Clayton Page 81 . Some indication of the stability of recommendations is given in Annex 3. there is no real need for the supplementary information unless it is required to ensure the correct set-up is being deleted or deactivated. Also.2. The identifier for erasure is ## (the opposite of registration **) and for deactivation # is used (the opposite of activation *). there is no need to identify the service requested.. deactivation of the service can be used to turn off the service without deleting the information. and what follows may well change before this is complete. for example. and subsequent call handling operations follow. the call forward version is #002#SEND.Global System for Mobile Communications 63. To accept this call the subscriber must enter SEND. For all of these supplementary services.4 Call Waiting Once a call is indicated as waiting there is a time limit in which the subscriber needs to give a command. While the definition of some of these services is still going on. the principle is that one or two digits followed by the SEND function dictates the command. However. since in most cases all that is required is an invocation of the service.3 Erasure/Deactivation Erasure of a service deletes any information in the network and also deactivates the service. 64. There is also a general deactivation command for most out-of-call Supplementary Services..g.. a waiting call cannot be accepted unless one is waiting).
Global System for Mobile Communications Thereafter the call scenario is that of the call hold service with the corresponding commands. if the subscriber definitely does not wish to accept the waiting call. If at some stage the subscriber wishes to clear one call.GSM . However. where x is the specific call numbered in the order of set-up. the subscriber can then shuttle between the calls. since it is through these two services that a multi-party call is built up. However. then entering END clears all calls.) Rather than making the subscriber remember all the myriad Page 82 Copyright ©1991. This puts all the active calls on hold and sets up the new call. this is not standard across the world (0011 in Australia. Entering 3 SEND connects a held call and an active call. Thereafter by entering 3 SEND. all they need do is enter END. This is easily done by entering the required number and then pressing SEND. The reason for this is that it is used to indicate an outgoing international call. 11. Finally. The process for connecting each call is essentially the same. the new call is added to the held calls and they all become active once more. 010 in the United Kingdom (UK) etc..5 Call Hold During a call the subscriber may wish to contact someone else briefly... by entering 2 SEND. up to a limit of five calls (six parties including the controller). then a 0 SEND clears the held call. the subscriber can just ignore the waiting call. At any time the subscriber can connect all parties by entering 3 SEND.3 Type of Numbers It has been mentioned among the requirements for the key pad. 65. Alternatively. All that is required is for the subscriber to enter the required number and press SEND. 66. This is the method used for building up a multi-party call. Once the call is set up. If at any stage a party wishes to leave the multi-party call.6 Multi-Party A multi-party call is essentially an extension of the call hold and call waiting services. which would require them to put the existing call on hold. Michael Clayton .. if a specific party is to be released then entering 1x SEND can be used. without connecting them. then a 0 SEND rejects the waiting call. The method of indicating an international call on the fixed telephone network is done by a specific access code. that the + key.2. or 1 SEND clears the active call and return the held call. Where the subscriber wishes to end the call. but the subscriber may wish to connect a third or fourth call. or some means of entering it is needed.
There is also some redundancy left for future extensions. Michael Clayton Page 83 .69). it identifies up to 30 Broadcast Control CHannels (BCCH) from any PLMN giving service.163/E. There is some provision for TON and NPI to be used in the Subscriber Identity Module (SIM) on the Abbreviated Dialling Number Data-field. and hence Number Plans were devised.164). It may appear at first that telephone numbers have no special structure. with national specific numbers accessed as a subset of this.GSM . The NPI can take other values these being: ISDN/telephony (E. The main reason for this is that the PLMN Operator will wish to have some special services accessed by special numbers. One of the values it can take is ISDN/telephony Numbering Plan.121). 11. but they have an explicit function to identify the end destination. then the Mobile Station starts the procedure as Copyright ©1991. corresponding to internationally recognised numbering plans. the + indicates an international call.Global System for Mobile Communications access code combinations. accessed by a +. National. to allow parties to contact one another. leaving the options open for the mobile manufacturers to exploit. National Number. the structure of numbers was standardised to give some order to the process.163/E. However. Network Specific. It may be surprising. Invariably. and at the same time include the ISDN/telephony (E. As a consequence. and as this report is written they are still being developed. there is no MMI to utilise them. In the normal course of events. Telex (F. and these have been identified as. but the probable default value would normally be Network Specific. with the only other value being International.164) as a subset for normal telephone numbers. Private and Unknown. for the purposes of this section. Initially it normally looks for the Home PLMN first but in the process of doing this. The only way this can be done would be indicate a Network Specific number and let the PLMN filter out the special numbers. other than the +. Data (X. the Mobile Station defaults to one value. In conjunction with it is another indicator called Number Plan Identifier (NPI). these numbers are used in different networks. which is signalled to the PLMN as a Type of Number (TON) in the call set-up message. However. nationally and internationally. in addition to national numbers. This TON can take other values than just International. There are some interesting possibilities regarding the TON and NPI.3 PLMN Selection67 One of the first things a Mobile Station does when switched on is to look for a PLMN on which to register. If one of these is the last registered PLMN or the Home PLMN. It is the National number plan which would allow the Operator to add their own special numbers. this is not done entirely by TON. or Unknown. Dedicated PAD.
GSM - Global System for Mobile Communications described earlier to register. However, if none of these belong to the last registered or HPLMN, then another PLMN needs to be chosen. There are two methods which apply to GSM, Manual and Automatic selection, and the Mobile Station can be programmed by the subscriber to swap from one mode to the other. Once the top 30 BCCHs list has been constructed, it is analysed to find which PLMNs each belongs to, and a list of available PLMNs results. This list of PLMNs is used as the basis for both manual and automatic modes. In the Manual PLMN selection mode, the subscriber is presented with this list, given as a country code of two or three letters and the name of the PLMN, and prompted to choose one PLMN. The means for choosing the requested PLMN are left to the mobile manufacturer, but once it is chosen the Mobile Station attempts registration as before. In Automatic mode, the user does not need to do anything. On the SIM is a preferred PLMN selection list, in which the subscriber (or the Operator) has stored all the PLMNs in various countries in the order that access attempts should be made. The Mobile Station compares the preferred list starting from the top, against the available PLMNs until a match is found. It then attempts to make an access. For whatever reason, it is possible that the access attempt could fail, in either mode. In cases such as this, GSM has built in a safety mechanism to reduce the amount of signalling over the air interface when the Mobile Station is in Automatic mode. When a registration fails, the Mobile Station stores the identity of the PLMN in a Forbidden PLMN list kept on the SIM. It contains only four PLMNs, and the addition of a new one causes the oldest one to drop off the end. In Automatic mode, each time a match between the available PLMN list and the preferred list is found, prior to the access attempt it is checked against the forbidden list. If the identified PLMN is on the forbidden list, it is disregarded and the Mobile Station moves on to the next available PLMN. A side effect of the whole process is that, in Automatic mode, any PLMNs on the forbidden list never get chosen. The only way to override this is to change to Manual mode. In Manual mode, the presence of forbidden PLMNs in the list of identified PLMNs may cause that PLMN to be marked as forbidden. However, there is nothing to stop the subscriber still requesting that PLMN, whereupon a registration attempt is made. If this attempt is successful, the entry in the Forbidden List is deleted. There are commercial ramifications to the PLMN selection list that should be mentioned. Because this list dictates the order in which the available PLMNs should be tried, an advantage is gained by an Operator having their PLMN listed above their competitor's on the SIMs of subscribers roaming to that country. This Copyright ©1991, Michael Clayton
GSM - Global System for Mobile Communications may be exploited by Operators through mutual agreement so that, by default, each will carry the traffic of the other's subscribers when roaming into its area of coverage.
11.4 Mobile Station Access Class Mark68
Congestion is a problem in any network, and may well occur at some stage with GSM. One important consideration in a congestion situation is to stop the PLMN from overloading to the extent that it öfalls overì. The best way of doing this is to prevent groups of users from attempting to access the PLMN, but how can these groups be identified? This is done in GSM using access classes, which are stored on the SIM. There are fifteen of them, 0 to 9, and 11 to 15 (class 10 does not exist). Normal subscribers will have a class between 0 and 9, and so when a group of subscribers needs to be barred temporarily from a particular area of the PLMN, one or more of these classes can be chosen. If this is done then the Broadcast Control CHannel (BCCH) broadcasts a list of authorised access classes. The Mobile Station checks the allowed class against its own and, if not allowed, it does not attempt to make a call. The only time this can be overridden is if an emergency call is requested. However, also indicated on the BCCH is whether emergency calls are allowed from all Mobile Stations or only from special classes. These special classes are in the range from 11-15. They must be specially programmed by the Operator and their use is restricted to the HPLMN and Home country. Any high access class Mobile Station roaming internationally must revert back to a normal, 0-9 access class. Despite their parochial nature, their use has been defined. Class 11 is for PLMN use, and class 15 is for PLMN staff. Class 12 is reserved for security services, class 13 for public utilities (e.g. gas, water, etc.), and class 14 is for emergency services. It follows that classes 12, 13 and 14 are valid within one country, whereas classes 11 and 15 are only valid in one PLMN.
11.5 R and S Interfaces69
Data transfer over GSM has been designed to be flexible, and so it is expected that the interconnection with the Mobile Station for data communications would be reasonably easy. To this end two data ports have been incorporated in the Mobile Station, the R and the S interface. While the physical connection has not been standardised, which may cause some difficulties, the protocol has. The S interface is effectively the same as would be found on an Integrated Services Digital Network (ISDN) terminal. The R interface is equivalent to a standard nonISDN interface such as the CCITT V or X series. However, there is a limited amount of functionality that can be incorporated in a Mobile Station, and the provision of the R and S interfaces is optional. It is quite Copyright ©1991, Michael Clayton Page 85
GSM - Global System for Mobile Communications possible that one or both of these interfaces involves an extra adapter to give the required input to the Mobile Station. This is, once again, entirely up to the mobile manufacturer.
11.6 International Mobile Identity Number (IMEI)70
The IMEI is the electronic number that uniquely identifies the mobile equipment. It is the electronic serial number of the equipment, and is not normally used by the PLMN for standard procedures. However, provision has been made for the PLMN to request the IMEI at any time during a call, including during the call initiation procedure. This is for two reasons. Primarily, the IMEI is used to identify those mobile terminals that have been type approved. Secondly, the IMEI also enables the Operator to identify stolen equipment. The responsibility for this IMEI has been given to the manufacturer of the equipment, who must ensure that each IMEI is unique, and keep detailed records of released mobile equipment. This may seem like a large task but, when a piece of mobile equipment passes through type approval, it is given a type approval number which forms part of the IMEI. All the Manufacturer need do is add the actual unit and manufacturer number. 6 Digits ³<ÄÄÄÄÄÄÄÄ>³ ÚÄÄÄÄÄÄÄÄÄÄ¿ ³ TAC ³ ÀÄÄÄÄÄÄÄÄÄÄÙ 2 Digits ³<ÄÄÄÄÄÄÄ>³ ÚÄÄÄÄÄÄÄÄÄ¿ ³ FAC ³ ÀÄÄÄÄÄÄÄÄÄÙ 6 Digits ³<ÄÄÄÄÄÄ>³ ÚÄÄÄÄÄÄÄÄ¿ ³ SNR ³ ÀÄÄÄÄÄÄÄÄÙ 1 Digit ³<ÄÄÄÄÄ>³ ÚÄÄÄÄÄÄÄ¿ ³ SP ³ ÀÄÄÄÄÄÄÄÙ
15 Digits ³<ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ>³
Figure 45: Composition of the IMEI46
The TAC is the Type Approval Code, and it is determined by a central body, yet to be identified. The Final Assembly Code (FAC), is used to identify the place of manufacture and final assembly. The Serial Number (SNR) is the manufacturer defined unit number within the TAC and FAC and finally, the SP is a spare digit for future use. The IMEI is not part of the subscriber's data unless it is expressly desired, and even then at the discretion of the Operator. However, some guidance is given regarding white, grey and black lists of IMEIs. The white list contains all number series issued from different participating GSM countries (i.e. those mobile terminals which have been type approved in that country). The black list contains Copyright ©1991, Michael Clayton
g. it can be black listed. stolen mobiles). Copyright ©1991. The grey list records those pieces of mobile equipment that may be faulty. if the equipment causes too much disruption. While this guidance is given.Global System for Mobile Communications individual IMEIs that need to be barred for whatever reason (e. The staff may wish to call the subscriber using the equipment to ask them to have it checked. there is no specification as to how it must be implemented. Alternatively.GSM . Michael Clayton Page 87 . They are not barred but reported to the operation and maintenance staff with the International Mobile Subscriber Identity (IMSI). This is an issue which remains to be discussed within the GSM Memorandum of Understanding (GSM-MoU).
The two SIMs have been physically designed to fulfil two distinct roles. however. Whereas in existing cellular systems the Mobile Phone contains the subscription identity. There is a further scenario which GSM has taken into account. applies. While it is expected that the Plug-in SIM is semi-permanently inserted in the mobile Page 88 Copyright ©1991. the IC card SIM conforms to international smart card standards (ISO 7816 series). This card can be removed from the mobile equipment by the user. with some slight exaggeration. but differ in size.1 Description72 Physically. and placed in a different piece of mobile equipment. The Plug-in SIM is much smaller (~25mm square) with the contacts central to the card. becomes the Mobile Station for that subscription. This section deals with the content of the SIM and its functional characteristics. Exaggeration apart. either commercially. the SIM has been designed to be inserted or removed by the subscriber. To facilitate this and give flexibility. Michael Clayton .GSM .Global System for Mobile Communications 12 SUBSCRIBER IDENTITY MODULE71 The use of a Subscriber Identity Module (SIM) marks a major departure from the existing situation in most cellular communications networks. ISO 7816/3. For the Plug-in SIM only. which defines electrical and protocol characteristics. any piece of GSM mobile equipment which can take the card. The Plug-in SIM. In this way. the importance of the SIM cannot be ignored. slightly above the middle line of the card. 12. As the glossy advertising puts it. öwith the GSM SIM any phone is your phoneì. It then goes on to talk about the commercial ramifications. although the subscriber can remove it. in GSM this is now kept in a small credit card sized smart card. The IC card SIM is the size of a credit card with a set of six standard contacts diagonally on the left hand side. It can make calls and receive calls for that subscriber and have them billed to the subscription of that SIM. has been specifically designed for GSM to fulfil a role similar to that of existing cellular systems. or SIM. The IC card SIM is intended to be inserted and removed from the Mobile Station on a regular basis. The small size allows for the module to be placed semi-permanently in the mobile equipment. or technically. It comes in two forms which are functionally identical.
ensuring that the data field is only accessed by the appropriate entity. some semi-permenant. The Tel-AD could contain the user's telephone directory. it may be possible for this equipment to also take an IC card SIM. Serial Number Copyright ©1991. the data fields it stores are set up in a directory structure. needs to store a great deal of information. the GSM Applications Directory (GSM-AD) and the Telecom Applications Directory (Tel-AD).GSM . Hence. It has a storage medium. some of which is permanent. The information stored in the GSM-AD is secure to varying degrees. Like a microprocessor in a personal computer. or the Short Message Service (SMS) storage field. even to the extent that GSM-related data resides in a subdirectory so that the SIM may also support other applications. Sometimes there is some security included. In this case the larger IC card SIM inserted takes precedence over the Plug-in SIM. The GSM-AD contains such things as the International Mobile Subscriber Identity (IMSI) and the last Location Area Identity. where certain data is kept in partitioned areas. is not allowed. While it is unlikely that an IC card will be inserted during a call. Also like a personal computer. Some of this is static and some of it is frequently updated. 12. being the functional component of the subscription. This allows the applications of the SIM to grow and not be limited to one situation or application. from the root directory stem two application directories. There are six contacts in all. The power supply to the card is supplied via the same contacts used for data transfer. and some of which is volatile. such as banking applications. which is able to manipulate and store data. but all of it must be non-volatile. if the IC card SIM is removed during a call the call is terminated. thereafter the Plug-in SIM takes over. As is the case normally. The SIM data storage scheme has been designed to be flexible. allowing a subscriber with a full sized SIM to borrow a phone without having to disturb the owner's plug-in SIM.3 SIM Content74 The SIM. Once the IC card is removed. the Plug-in SIM takes over. the inserted card will only take over once that call has been cleared.2 Internal Electronics73 A SIM consists of a small microprocessor embedded in plastic.Global System for Mobile Communications equipment. However. the SIM microprocessor has instruction sets and an operating system. access by other applications. whereas the Tel-AD has limited access so that other telecommunication technologies can access the data. Michael Clayton Page 89 . They would simply insert their own SIM and that phone would become theirs as long as their SIM remains inserted. 12.
Cipher Key (Kc) This is the Key generated using the A8 algorithm. of the printed serial number. Update Status This piece of data refers to the Location Update status of the Mobile Station. or all. It is used as a quick check to ensure that both the Mobile Station and the Base Station System (BSS) have the same key. which is passed to the Mobile Station and used in the A5 Encryption Algorithm to provide a secure RF link. and allows identification of some internal variances in the SIM such as the operating system version. is stored on the SIM to allow the PLMN to find the reference to the TMSI used in identification. TMSI This is the temporary identification given to the Mobile Station while it is in the service area of a particular MSC/VLR. It contains information regarding the manufacture of the SIM. Authentication Key (Ki) This is the key used in conjunction with the A3 Authentication Algorithm to positively identify the Mobile Station. during which the counter is frozen and the value stored.GSM . LAI The Location Area Identity of where the Mobile Station was last registered.Global System for Mobile Communications This is used to identify the card itself. Cipher Key Sequence number At every Kc generation this number is incremented. IMSI This is the International Mobile Subscriber Identity. Michael Clayton . Periodic Location Update Timer The Mobile Station has a clock which determines how often it needs to perform a Location Update. without passing details of the key over the air interface.g GSM) to which the application data field relates. though it may also appear as part. It has local significance and so is normally used in conjunction with an Location Area Identity (LAI) for identification purposes. Service code This refers to the service (e. It is stored electronically. This timer is independent of the periods when the Mobile Station is turned off. Status of SIM This refers to whether the SIM has been blocked by successive incorrect Personal Identification Number (PIN) entry attempts used to unlock the card. assuming that one has not occurred since the timer was started. which is used to uniquely identify each and every subscriber on any Public Lands Mobile Network (PLMN). It can Page 90 Copyright ©1991. It cannot be read out of a SIM.
Subscriber Access Control class In times of emergency. the PLMN can be configured to allow access only to certain Mobile Stations. PIN This is the Personal Identification number used to restrict access to the SIM. The list is not fixed. since the it can be overridden and deleted if a subsequent successful update occurs. identified by this class mark. If three consecutive incorrect attempts are made. Michael Clayton Page 91 . Forbidden PLMNs This is a list of PLMNs which have been forbidden to the Mobile Station. Inter-PLMN roaming allowed/not allowed This is an indicator defining when inter PLMN roaming is not allowed. an old one drops off the end. PIN Error counter Every time an incorrect PIN entry attempt is made this counter is incremented. Preferred PLMN list This is a list of PLMNs stored in the order that the user wishes the Mobile Station to look for and try to access PLMNs when roaming. Unblocking Counter This keeps a count of unblocking attempts. and also the reasons for Update Failure.GSM . PIN enabled/disabled indicator This field indicates whether the Personal Identification Number function is required or not. It should be noted that. that international roaming must be supplied for all subscription options. the programming of certain emergency classes must be carried out specifically by the Operator. at Location Update time. PIN Disabling allowed/not allowed indicator This field indicates whether the Personal Identification Number function is allowed to be disabled or not. PIN Unblocking Key (PUK) This is used to unblock the PIN after it has been blocked by three consecutive erroneous PIN entry attempts. it only contains four PLMNs and once a new PLMN is added. possibly forever.Global System for Mobile Communications indicate whether it was updated. at present. so this field is included for Copyright ©1991. due to their sensitive nature. the card is blocked. the card is locked. A correct PIN resets this counter to zero. Also. The GSM Memorandum of Understanding (GSM-MoU) dictates. After ten incorrect consecutive attempts.
The emphasis in this report is given to those stages necessary to get the SIM into the hands of the subscriber. Once it is completed the Pre-Personalisation Key is rendered inactive and a RePersonalisation Key is added for subsequent use. Apart from the more secure information above. Pre-Personalisation is used to set up some internal workings of the card. some aspects of the production are worth noting.2 Pre-Personalisation The next step is to allocate an International Mobile Subscriber Identity (IMSI) and Authentication Key (Ki). and requires the Pre-Personalisation Key. These cannot be read out of the SIM.4 Lifecycle of SIMs75 The SIM card goes through several distinct stages during its lifetime. and is for further study. and there are many administrative data fields not listed. Once the card is manufactured.1 Production The first of these stages is production which is really outside the scope of this document. and the Charging Counter. Pre and Re-Personalisation Keys These are keys that control the access to the SIM for the purposes of personalisation of the card. Pre-Personalisation and Re-Personalisation data This is data which is specific to a particular SIM and gives details of the Personalisation functions. Finally. Examples of these are the Abbreviated Dialling Number field. This makes the card less vulnerable in transit.GSM . 12. However. These include the Personal Identification Page 92 Copyright ©1991. This is the stage where the directory structure is added to the card and a unique serial number is written to it.1.1. the Short Message Service (SMS) storage field. it is blank and needs to be formatted in much the same way as a blank floppy disk used in personal computers needs to be prepared for use. it is locked so that only authorised personnel can access the card. This list is by no means exhaustive. Also not included are those data fields related to supplementary services and those used for subscriber controlled data. 12. Fixed Dialling Number field.Global System for Mobile Communications completeness. Michael Clayton . It refers to several administrative data fields and is included for completeness. before the SIM leaves the Manufacturer. which is done at the Pre-Personalisation stage. This is performed in a secure environment. 12.
what goes into it and what does not. However. some Personalisation data such as the date. These are significant problems which need to be addressed. and the status indicator of the SIM. and in this situation the card is rendered useless. the penalty paid is extra lead time in getting cards from the Network Operator to the sales outlet. and it is possible that both will occur at the same time. the initial PIN.1. it can be seen that there is the option for the SIM to require a PIN before the mobile equipment can utilise it. 12.GSM . The consequences of this include ensuring that the GSM Application Data Files are physically separate from other areas. which can prematurely render the card useless. The latter provides a second layer of security if required. There is one situation. 12. Data such as the Authentication Key (Ki) and subscriber related secret data must be protected at all times. After the tenth failed attempt the card is then locked.4 Normal Operation Once the SIM is issued to the subscriber and inserted into the mobile equipment.3 Personalisation This stage corresponds to the point where a Subscription and a subscriber are associated with the SIM. Therefore. it enters the normal operation stage. and the subscriber Access Control Class. 12. to unblock it ten failed attempts to unblock it are allowed. In this case. Whereas in the analogue system. From the data fields included on the SIM. since the distribution characteristics of SIMs have changed. in GSM this is contained in the SIM. Assuming that nothing untoward happens it should give several years of service before it needs replacing. To unblock the card a similar operation is utilised where a PIN Unblocking Key (PUK) is used.Global System for Mobile Communications Number (PIN) disabling allowed/not-allowed function. If this PIN is incorrectly entered three times the card is blocked. The Network Operator has full control over the subscription. however. or capital investment in having preprogrammed cards waiting idle at the sales outlet.5 SIM Security76 Security on the SIM is not taken lightly. the mobile equipment contained all that was necessary to access the network. the type of information loaded includes subscriber related information.1. This stage is also aligned with management procedures for setting up the subscriber's account. the line between the Pre-Personalisation and Personalisation stages becomes blurred. the personal unblocking key. probably forever. Michael Clayton Page 93 . especially when different applications also Copyright ©1991. rather than having to rely on third parties to program the equipment. Whereas after only three incorrect attempts the SIM is blocked. the PIN error counter.
6 Start up procedure77 In the GSM application. and the SIM provides results. This security must be set up internally to the card. The SIM responds with a yes or no answer and then opens up the access to the appropriate data files. which are similar in each application. but there is no fail-safe function that explicitly deletes the subscriber information if a different SIM is then inserted. The mobile equipment requests the PIN enabled/disabled status and. the mobile equipment must request the Temporary Mobile Subscriber Identity (TMSI). A good example of this is the session initialisation procedure for the SIM/mobile equipment interface. and finally the Cipher Key and the Sequence number. an IMSI (if requested by the PLMN). Page 94 Copyright ©1991. 12. the security function precludes that. some administration data. Only after all this has been transferred is the Mobile Station ready for PLMN operations. access control information. This could make the information vulnerable. it is the mobile equipment that governs the method of asking for the PIN. All subscriber related information stored in the mobile equipment and used in GSM PLMN operations must be deleted on removal of the SIM or when the mobile equipment is turned off. compromise the security of any of these. In this case the data is passed back and forth between the same SIM and mobile equipment combination every time the Mobile Station is turned off. but it doesn't just supply the data. Further requests result in the transfer of the Broadcast Control CHannel (BCCH) information. and time will determine if this requirement remains in the future. the SIM always acts as slave and the mobile equipment takes the role of the master. by only acting on known commands. if enabled. This is probably quite a severe requirement especially when the SIM is the Plug-in type and is seldom removed. In the resulting exchange with the subscriber. Michael Clayton . Consequently. the mobile equipment starts the routine to check the PIN. it waits for the mobile equipment to ask for it. which is then presented to the SIM. It merely means that the mobile equipment initiates the SIM interaction. At this stage. This does not mean that the SIM blindly carries out any mobile equipment command. In the case of multi-application cards this must also be context dependent ensuring that no overlapping commands. The outward facing security must be equally stringent. forbidden PLMN list. the requirement that the information is deleted each time the mobile equipment is turned off remains. but it takes time to transfer data across the SIM/mobile equipment interface.Global System for Mobile Communications use the card. in such a way that the SIM does not recognise any commands other than the specified GSM commands. SIM capability information and update status data. It was suggested that this information is left intact when the mobile equipment is switched off. then the Location Area Identity (LAI).GSM .
GSM . and the Mobile Station powers down. Copyright ©1991. In this case there is a high probability that some information may be lost. It is worth noting here that no guarantee is made for the situation when the SIM is removed without warning.Global System for Mobile Communications In reverse. depending on the in-session updating carried out by the mobile equipment. the above information must be transferred back and stored when the Mobile Station is deactivated. which could result in resynchronisation difficulties. After this transfer the connection between the SIM and the mobile equipment is broken. Michael Clayton Page 95 .
They represent a specified portion of the information carrying capacity of the GSM Public Lands Mobile Network (PLMN). speech channels and data channels. or Control CHannels. They are split into two groups. apart from understanding the terms used in GSM. Michael Clayton . Full Rate and Half Rate.Global System for Mobile Communications 13 RADIO FREQUENCY LAYER IN GSM78 It has been mentioned that there is an international model which helps to describe telecommunications systems by breaking them down into layers.1. This chapter describes how data is transferred using channels and how the channels are physically realised. This leads to the two main channel types called. it is worth explaining what Logical Channels are. for example. but allowance has been made for it now to avoid cross-phase compatibility problems. The term lower layers is used a great deal in the GSM Recommendations and it refers to the first three layers of the OSI model.GSM . 13. The Half Rate speech encoder is in the process of being defined at present. It is not really necessary to go into any depth regarding this model. The Radio Frequency (RF) layer(s) in GSM applies to layers one to three of this model. and what they do. The physical realisation of these channels is complex and is dealt with later. These are referred to as Logical Channels in GSM. those which are configured as Traffic Channels and those which are configured as Control Channels. Page 96 Copyright ©1991. and can be regarded as the öpipesì for information transfer. but before this is done. Consequently. it covers all the necessary requirements to enable data to be transferred across the air interface between the Mobile Station and the Base Station System. as part of GSM Phase 2 definition. Effectively. This is the Opens Systems Interconnection (OSI) model. This data can be in the form of speech or in the form of pure digital data. 13. not surprisingly. it is expected that the Half Rate speech channel will not be utilised for some time. corresponding to the two data rates available from the two methods of speech encoding. The speech channels also come in two forms. each dealing with specific functions. from a computer terminal.1 Traffic Channels The Traffic Channels are configured to carry user data.1 Logical Channels79 The report so far has dealt with data transfer on Traffic CHannels.
. The FCCH controls the frequency between the Mobile Station and the BSS. 13. 81. GSM relies on ensuring that the timing in the Mobile Station matches that of the PLMN. which need to be synchronised with the BSS. and Dedicated control channels.7 Broadcast Channels The broadcast channels cover those channels used by the Mobile Station to identify.1. link. a raw data rate of 4..2 Control Channels The control channels are designed to carry signalling information only. the Random Access CHannel (RACH) is used only in the uplink direction for Mobile Stations to make first contact with the PLMN. a situation which. the Access Grant CHannel (AGCH) is used to reply to a Mobile Copyright ©1991. Michael Clayton Page 97 .F. and synchronisation is supplied by packet numbering information. the PLMN.GSM . whereas raw data rates higher than that would only be carried on a full rate channel. three types of channel come under this heading. The last of the Broadcast channels is the Broadcast Control CHannel (BCCH) itself. Information is sent over the air interface in packets. Both the R.8 Common Control Channels Like the Broadcast channels.8kbit/s could be carried on either full or half rate. Leading on from there. 80. but this time the choice of which type to use is dictated by consideration of the most efficient use of resources for the user's raw data rate. carrier frequencies and the data timing frequencies are obtained using the FCCH. The Synchronisation Channel (SCH) takes care of this and at the same time is used to identify the PLMN. In contrast. The first is the Frequency Correction CHannel (FCCH). and are split into three types: Broadcast.F.. The Paging CHannel (PCH) is used only in the downlink direction (BSS to MS) to page Mobile Stations for incoming calls. The sort of information it transmits includes what control channels are supplied and how they are configured. and also how often paging takes place. which sends out information allowing the Mobile Station to fine tune its frequencies to that of the Base Station System (BSS). on a cell by cell basis. The identification is given in the form of a Base transceiver Station Identity Code (BSIC).Global System for Mobile Communications The Data Channels also come in half rate and full rate. Common.. due to the vagaries of the R. and enable access to. For instance. always needs to be monitored and adjusted. but there are other areas where synchronisation needs occur. This channel is used to transmit general information regarding the configuration of the Base Transceiver Station. There are specific channels within these categories which are defined in the following sections.
and is specifically used for the GSM Short Message Service cell broadcast feature. 82. Their very nature as the major signalling medium over the air interface means that there are many types. and each is numbered. Others are standalone.. Some of these control channels are associated with Traffic CHannels. like the PCH. In the GSM band. to enable in-call functions such as Handovers. unlike Location Updating..9 Dedicated Control Channels (DCCH) Dedicated Control Channels are the signalling workhorses of GSM. the stand alone types are known as Stand Alone Dedicated Control CHannels (SDCCH) and those associated with TCHs are known as Associated Control CHannels (ACCH). Not unreasonably.Global System for Mobile Communications Station making a random access on the RACH. The Associated Control CHannels come in two forms..10 Cell Broadcast CHannel (CBCH) The one remaining control channel is the Cell Broadcast CHannel (CBCH). while an analogue cellular system uses one frequency channel for one call. in turn. radio channels have been created by partitioning this frequency spectrum. GSM uses the same frequency channel to support several calls. This channel. to use the same radio frequency Copyright ©1991. 13. through which interaction between the PLMN and the Mobile Station occurs. 83. However. 13. whereas the Slow Associated Control CHannels (SACCH) wait for resources to become available.. Subsets of these frequency channels correspond to particular allocations to cells and/or Mobile Stations.GSM .2 Physical Channels84 The radio spectrum is the physical medium used by GSM to transfer information. It is used only in the downlink direction. is only used in the downlink direction. This does not require a Traffic CHannel (TCH). and are used for signalling.1 Time Division Multiple Access (TDMA) The radio channels are effectively the same as those that an analogue cellular system would use. fast and slow. location updates are performed and calls are initiated.2. This is achieved by allowing each call. The difference between them is that the Fast Associated Control CHannels (FACCH) actually steal resources from the Traffic CHannel. Michael Clayton Page 98 . It is using these channels that the Mobile Station is authenticated. These are radio frequency channels available to the GSM system as a whole.
then by the time it reaches the BSS. called a timeslot. this delay is fixed.2. In GSM. a delay of 3 timeslots is built in between the reception of data and the transmission on the same timeslot number. The received pieces of data must all arrive at the correct time or they start to overlap.3 Frame Alignment/Timing advance The key to the TDMA process working is synchronisation. at the Mobile Station the delay is variable. and interfere. otherwise the calls start to break up. To avoid this. to do this. The problem is that it takes time for a transmitted piece of data to travel from the Mobile Station to the BSS. However. the Mobile Station and Base Station System (BSS) would need to receive and transmit at the same time. the Mobile Station transmits early. There is a limit to how many calls can be put on the same R. However. for reasons which will become apparent.Global System for Mobile Communications channel for a short period. however. A set of 8 of these timeslots (i. Michael Clayton Page 99 . If the Mobile Station transmits at the correct time. each timeslot is received and separated so that all the timeslots of the different calls can be reassembled to form a continuous stream. T0 to T7 inclusive. So. So. with a different call being transmitted one after another in each one. To ensure that the Mobile Station and Base Transmitter Station (BTS) transmit in the correct timeslot.62 milliseconds. and hence the pieces of information arrive at exactly the right time. It is therefore apparent that a physical channel in GSM corresponds to a frequency. it will be late and will interfere. and lasts for 4. then call number 1 would transmit once again.577 mS) and so synchronisation is important.2 Timeslots and Frames The timeslots used in GSM are very short in duration. a cycle from T0 to T7) is defined as a frame. Copyright ©1991. for eight calls there would be eight timeslots. the number of calls is 8 and the use is cyclic. then this extra time can be used in travelling to the BSS. only half a millisecond long (~0. and a timeslot number in which to transmit. At the BSS.F. 13. one would expect that the same channel (timeslot number) would be used in both the uplink and downlink but.GSM . 13. If. which means that after call number 8 has transmitted data. Figure 47: Time Division Multiple Access48 At the receiving end.2.e. each timeslot is numbered. the Mobile Station must advance its timing by the same amount of time that the signal takes to travel to the BSS. This process is called Time Division Multiple Access (TDMA). channel of course.
GSM - Global System for Mobile Communications
Figure 49: Adaptive Frame Alignment50
In fact it is the BSS which tells the Mobile Station by how much to advance its timing, since it can measure the difference between the time when a piece of information was due and the time when it actually arrived. The process is called adaptive frame alignment, and is continually monitored and adjusted by the BSS. To avoid start up problems, the random access is designed to have leeway built in to allow for transmission delay, so that interference does not occur. Thereafter, an alignment message is calculated and sent to the Mobile Station. Similar precautions are also built in for handover. In finely synchronised cells a quick calculation is done to determine what the difference of frame alignment between the Mobile Station and the two cells could be. From that, the alignment for the new cell is estimated and any discrepancies quickly ironed out once transmission starts. In cells which are not finely synchronised, a special handover access is used which, like the random access, has some leeway built in. 13.2.4 Frame Numbers The TDMA frames in the GSM system, consisting of 8 timeslots, are also numbered in a cyclic fashion. Using this numbering, multiframes, superframes and hyperframes are defined. The smallest is the multiframe, next comes the superframe and finally there is the hyperframe. Multiframes and Superframes There are two types of multiframes, 26 TDMA frames and 51 TDMA frames, which are used to support Traffic channels and Signalling channels respectively. These multiframes are built into a superframe of 1326 frames, in different ways. A superframe can consist of 51 of the Traffic channel multiframes (51x26 frame multiframes), or 26 of the Signalling channel multiframes (26x51 frame multiframes).
Copyright ©1991, Michael Clayton
GSM - Global System for Mobile Communications ÚÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÂÄ Ä Ä Ä Ä Ä ÄÄÄÂÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄ¿ ³ 1 - 26 ³ 1 - 26 ³ ³ 1 - 26 ³ 1 - 26 ³ ÀÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÁÄ Ä Ä Ä Ä Ä ÄÄÄÁÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÙ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÂ Ä Ä ÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ 1 - 56 ³ 1 - 56 ³ ³ 1 - 56 ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁ Ä Ä ÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³<ÄÄÄÄÄÄ>³ 26 Frame Multiframe ³ ³ ³ ³<ÄÄÄÄÄÄÄÄÄÄÄÄÄ>³ 51 Frame Multiframe ³ ³ ³ ³ 1326 Frame Superframe ³ ³<ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ>³
Figure 51: ???52
The reasoning for this revolves around the need for the Mobile Station to be able to monitor every Broadcast Control CHannel (BCCH) in the GSM PLMN. Because the BCCH needs to be found easily it is always located in timeslot T0. If a Mobile Station is also using timeslot T0, but on a different frequency, then they would always be transmitting at the same time, and so that BCCH would never be monitored. This is solved by using every thirteenth frame in the multiframe sequence as a Slow Associated Control CHannel (SACCH), on which the results of monitoring and a few other things, are reported back to the PLMN. For a 26 frame multiframe this SACCH might occur, for example, in frames 13, 26, 39, 52, and back to 13. However, in the 51 frame multiframe, the SACCH would occur in 13, 26, 39, and then, because the multiframe is only 51 frames long, the SACCH would then occur in frames 1, 14, 27, and so on. After the first multiframe the SACCHs do not occur together, and they appear to slip in relation to each other. It is not until the end of the superframe, when the slip has occurred across the whole superframe, that they once more coincide. Hyperframes The hyperframe is much larger, consisting of 2048 superframes. The reason for this much longer time frame (~3 hours 48 mins) is due to the use of the frame number as an input to the ciphering process. A time frame less that this reduces the difficulty of cracking the code. The definition of a physical channel can, therefore, be extended to become an R.F. channel, a timeslot number to transmit on, and a frame number. The addition of the frame number is now required because of the SACCH on every thirteenth frame. 13.2.5 Transmission Bursts It has been mentioned that a transmission of data occurs in a timeslot. To take this Copyright ©1991, Michael Clayton
GSM - Global System for Mobile Communications a little further, the physical content of this transmission is referred to as a burst. This burst is divided up into approximately 156 bits (156.25), of which there are 147 which can be utilised. There are several types of burst, with different characteristics, used for specific purposes. For instance, the frequency burst just consists of fixed information used for timing purposes. The synchronisation burst, on the other hand, carries some encrypted information as well as some fixed data and tail bits. A dummy burst has also been defined and is similar to the synchronisation burst but carries mixed bits instead of data. Finally, a normal burst and access burst complete the list of different types. The normal burst, which is used for carrying voice and data traffic, has 4 useful sections. There are two sections of encrypted data, a trailing sequence and some tail bits. The rest is called the guard period, and allows for very slight variances, and time for the transmitter to ramp up to the required transmission power. The last of the bursts is the access burst. It is different from all the rest because it has fewer data bits and a much larger guard period (68.25 bits as apposed to 8.25 bits). The extended guard period is to allow for the maximum travel time since, at the time when a random access is made, there is no frame advance information available to stop bursts overlapping at the Base Station System (BSS). Annex 1 gives a list of the various bursts and their make up.
13.3 Mapping of Logical to Physical Channels85
It follows that the Physical Channels are used to support the Logical Channels, and this is done by allocating a timeslot, and number, on which the Logical Channel data should be transmitted. However, there are some extensions to this. For instance, there is one frequency reserved in each cell which is defined as the Broadcast Channel Frequency, and is the RF channel on which the Broadcast Control CHannel (BCCH) data is transmitted. On this RF channel, timeslot T0 is always used for the BCCH. However, the BCCH may not need to transmit on all the consecutive frames in the Hyperframe. The frames not used for the BCCH can be used for other channels, and so several different control channels can be mapped onto one physical channel. In the cases where no data is available to be sent on the BCCH, and no other control channel utilises this free frame, a dummy burst is inserted. This burst has been specifically defined to ensure that a transmission occurs in every frame, thus enabling any Mobile Station listening in to monitor the RF characteristics of the channel. Several other combinations have been defined which involve a mixture of Traffic Page 102 Copyright ©1991, Michael Clayton
and sent off. when half rate coding is used. though generally these are restricted to combinations of TCHs. FACCH data is inserted. These are the Slow Associated Control CHannel (SACCH) and the Fast Associated Control CHannel (FACCH). and diverts it to the appropriate function for action.2 Frame Stealing There are two control channels which are always associated with a dedicated logical channel resource. with an indication of what has happened. the data stream is cut up into packets to fit the burst. and so it cannot wait for the thirteenth frame. By doing this. it is expected that interleaving will not be appropriate.3. 13. and SACCHs. In this case a frame of normal data is östolenì from the associated channel. then only half the data is lost and there is a good chance that the entire packet can be rebuilt using what is left. Data frames ÄÂÄÄÄÄÂÄÄÄÄÂÄÄÄÄÂÄÄÄÄÂÄÄÄÄÂÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÂÄ ³ AA ³ BB ³ XX ³ YY ³ CC ³ DD ³ ÄÁÄÄÄÄÁÄÄÄÄÁÄÄÄÄÁÄÄÄÄÁÄÄÄÄÁÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄ / \ / \ Ä Ä ÚÄÂÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÂÄ¿ Ä ÚÄÂÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÂÄ¿Ä Ä ³ ³ BB ³ XX ³ ³ ³ ³ YY ³ CC ³ ³ Ä Ä ÀÄÁÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÁÄÙ Ä ÀÄÁÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÁÄÙÄ Ä Transmission bursts Figure 53: Frame Interleaving54 This process is called interleaving. is used for handovers amongst other things. The FACCH. Michael Clayton Page 103 . if the burst is lost.Global System for Mobile Communications CHannels and control channels (given in Annex 1). 13. In this case. Later. it is possible to fill the available space in the burst with the data of one packet.GSM .3. This method is used to report signal strengths around the Mobile Station or for gradually changing the power levels transmitted by the Mobile Station. then half could be sent in one burst and half in the next burst. however. Copyright ©1991. In that case. FACCHs. half of the burst will be filled with one call and the other half filled with a different call enabling a doubling of capacity. However if that same packet is cut in half. In a full rate channel. The SACCH is incorporated into the logical channel (TCH or SDCCH) by utilising every thirteenth frame. At the receiving end the Base Station System (BSS) identifies that a frame has been stolen.1 Frame Interleaving The mapping of Traffic CHannel data to the content of a burst is also worthy of note.
and to give all subscribers a good service by sharing the bad patches. delayed by different path lengths. If a sample of voice was taken every 2 seconds.GSM . For example the sentence öI went down to the shops todayì.Global System for Mobile Communications 13. The interference could be as a result of multi-path propagation. but only up to a limit. might come out as Copyright ©1991. However. Frequency hopping was therefore introduced to average out the vagaries of RF. This is the timeslot used by the BCCH and does not move since this is the channel that transmits frequency hopping details. Alternatively. The function is managed by the BSS which defines the RF channels and sequence for hopping. 13. The crux of this method is the speed of sampling. Michael Clayton Page 104 . Over a range of RF channels in one cell. being digital. the BCCH RF channel. GSM can absorb much more interference before degradation of call quality is noticed. By sharing out the interference between a number of RF channels. some subscribers will get a good RF channel and some will get a bad one. These measurements are sent to the destination and reassembled in the same order to reform the analogue data again. This limitation is applied by reducing the hopping options in the sequence on timeslot T0 by one.4 Frequency Hopping86 In an ideal world there is always a line-of-sight between the transmitter and the receiver. As the name might suggest.5 Speech Coder87 The coder used in GSM is quite special. Indeed. it could be as a result of shadow fading. certain frequencies and/or RF channels could be subjected to worse interference than others. the interference on any one channel is reduced to manageable proportions. the analogue data is sampled at a very high speed. Whatever the cause. so it must be easily found. The only restriction applied to frequency hopping is that timeslot T0 on the BCCH RF channel must not hop. where the reflections of one transmission. where something gets in the way of the signal. this is not an ideal world. with each measurement in time converted to a digital value of the amplitude. then a great deal of information would be lost. It should be noted here that. and so all manner of things cause interference. amongst other things. some subscribers on a good channel may drive behind a bus at a junction and experience interference while waiting for the lights to change. interact to cancel out the signal. and applies this structure purely on a cell by cell basis. In normal conversion from analogue to digital data. the procedure involves hopping from one RF channel to the next while still keeping the same timeslot.
with some indication of the type of vocal chord excitation including the residual information. This is done in GSM using a specially designed voice coder.1 GSM Vocoder Speech is created by a vibration in the vocal chords making a noise.Global System for Mobile Communications öI. As the sample speed is increased more information is sent and the reassembled sound gets closer to the original. often called a vocoder. Now. but keep the quality of speech high. Consequently.. In this way.. This noise from the vocal chords is caused by a vibration which is similar to a series of fast pulses.GSM . after the way in which the filter settings are derived.wen. the sound could be sampled at 64.000 times a second. At the end of this process all that should be left is the hum of the original vocal chord excitation.. Using an analogy with a pipe. To increase this to realistic figures. except that the digital sound would be crystal clear..e.sh. regular pulses).. The equivalent bore diameter in radio is the channel width required and.Long Term Prediction (RPE-LTP) coder. then the water would not run out quickly enough to stop the shower cubicle from overflowing. however.en.own. being limited to some filter settings and a bit of residual information.... If the size of pipe (bore diameter) is increased then more water is allowed to flow. What comes out is the same speech that went in. This process is called Long Term Prediction. To transfer the speech.o. which is then manipulated by the vocal tract.. the name of this coder is a Regular Pulse Excited .sho.to.wn.. the settings on the filters are sent to the destination. if samples were taken at two times per second it might come out as öI. As the sample rate increases.the. The advantage with this voice coder is that the amount of information sent is hugely reduced... leaving some minimal residual information. whereas the analogue signal does. However. if the drain of a shower is too small.. if too much is required the limited radio spectrum is used up too quickly. One of the charactersitics of the radio transmission of digital data is that the higher the data rate.5. In doing this.. The clarity is due to the digital signal not picking up noise in transmission. the actual voice information is stripped off. the wider the channel width needed to send it.ayì. whereupon the difference between the digital transmission and the analogue transmission would not be noticeable. The settings are applied to an exact copy of the filters at the far end and the system is excited as if by vocal chords (i. the values set on each filter vary in line with the speech. GSM needed a way to keep the data rate down. so does the amount of information that needs to be sent and the data rate increases. to try and match it exactly. 13. This vocoder is specialised to code Copyright ©1991. What the encoder does is to pass the speech through a series of electronic filters which try to gradually remove the voice tract manipulation.odaì. there is also a penalty to be paid..t. Michael Clayton Page 105 .
hence the term Vocoder. When the flag is set to the value 1. since the transmitter is power hungry. At the receiving end.Global System for Mobile Communications just voice. the next few frames are still sent with the flag at 1 indicating speech. Frames are marked as containing speech. and it gives an evaluation of the background noise around the user of the Mobile Station. This remains the case until speech is detected or an updated SID is passed for transmission. If the voice tract of a human cannot make the sound.6. the feature uses a Voice Activity Detector (VAD) included in the Mobile Station. Michael Clayton . Also. no useful speech is transmitted from the other. the far end party geta silence. 13. since every time the transmission stops the background noise stops and it goes quiet.6 Discontinuous Transmission88 Another clever trick utilised in GSM is Discontinuous Transmission (DTX).GSM . then that frame contains speech and is transmitted. silent party.1 Comfort Noise When the VAD detects silence. however. This is quite disconcerting especially when the non-talker is in a noisy environment. What generally happens in cases like this is that the far end party thinks that the call has dropped and hangs up. it is passed to the radio transmitter function with the flag set to 0. This frame is called the Silence Descriptor frame (SID). With Discontinuous Transmission the transmitter is switched off during these silences which helps to preserve the battery. and consequently these get distorted if sent through a vocoder. the overall amount of RF transmissions is reduced so less interference is caused on the air interface. To do this. because there are no signals being transmitted unnecessarily.g. to be generated synthetically at the far end. which identifies whether speech data is present on a frame by frame basis. or not. perhaps where one party is giving a long and detailed explanation. humans cannot match the preciseness of tones. It was included to help preserve battery life in the Mobile Station and to reduce overall interference on the air. Whenever there is a pause in speech. In effect. When the flag is set to 0 then that frame does not contain speech and it is not transmitted. The transmitter function analyses the flag and sends the first frame which is set to 0. by a flag. It is for this reason that tones in GSM are sent as signals (e. What this means is that anything other than voice may not be correctly encoded. this is indicated by changing the flag from 1 to 0. when transmission stops. This scenario has been solved in GSM by using comfort noise. Instead of doing this immediately. There is one problem that arises from DTX. stop tone). start tone. Page 106 Copyright ©1991. then the vocoder will not be able to match the sound. and errors will occur. Once this has been prepared. while a special frame is made up. thereafter not transmitting anything. 13.
the flag is also analysed and. using information in the now identified SID frame. This is inserted into the speech path instead of pure silence. If the flag is a 0 the frame is separated and used to generate comfort noise.Global System for Mobile Communications At the receiving end. the frame is sent straight to the speech decoder.GSM . Michael Clayton Page 107 . Copyright ©1991. thus making the far end party think that the Mobile Station is still transmitting as normal. if it is a 1.
Some of this is permanent data which is only changed by administrative means (e.Global System for Mobile Communications 14 MOBILE SUBSCRIBER DATA89 The term mobile subscriber data is used to cover all types of information associated with allowing the subscriber to use the service. Of all this subscriber data. another identity has been defined. The way this is done is by breaking down the digits that makeup the IMSI into sections. The next ten digits correspond to the Mobile Subscriber Identification Number (MSIN). for the purpose of making calls. and Mobile Station ISDN Number (MSISDN). the National Mobile Subscriber Identity (NMSI). which uniquely identifies the country of origin for this subscription. As a sub-set of the IMSI. The entire number is made up of numerical characters (0-9). This consists of the Mobile Network Code and the Mobile Subscriber Identification Number only. anywhere in any of the GSM PLMNs in the world.g. 14.1 IMSI90 The International Mobile Subscriber Identity is the most important. the most often used are the International Mobile Subscriber Identity (IMSI).g. location area identifier). For this reason alone. by pointing unequivocally to the HLR. which identify the PLMN for this subscription. and other data is temporary and changes as a result of normal operation of the Public Lands Mobile Network (PLMN) (e. This particular data is only that which is required for the subscriber to access the PLMN. Temporary Mobile Subscriber Identity (TMSI). and is no longer than fifteen digits. Michael Clayton . authenticating the subscription. this data has been singled out for attention here. and charging for them. with only particular data kept locally at the Visitor Location Register (VLR). It should be noted that nearly every facet of subscriber information is stored in the Home Location Register (HLR). It also identifies the source of further information on that subscriber. The next one or two digits are the Mobile Network Code (MNC). handling calls. and it is only kept temporarily while the Mobile Station is under control of that VLR. subscription level). locating the Mobile Station. and hence the subscriber. It uniquely identifies the subscription.GSM . The first three digits give the Mobile Country Code (MCC). This ranges from identification of the subscriber. routing calls. All of these point to the identity of the subscriber. Page 108 Copyright ©1991.
A TMSI can be allocated only after a successful authentication. 14.2 TMSI91 The Temporary Mobile Subscriber Identity (TMSI) has only local significance to an Mobile Services Switching Centre (MSC) and Visitor Location Register (VLR) combination. Michael Clayton Page 109 .3 MSISDN92 The Mobile Station ISDN Number (MSISDN) is the telephone number used by callers wishing to contact the Mobile Station. and changed at any time while under the control of the same MSC/VLR combination. if the PLMN had a number plan with 30 digits. or else it is difficult for callers to and from that network to contact each other. and consequently the structure is really up to the Operator and National Authority. For instance. So. as soon as the Mobile Station is successfully handed over to a new MSC/VLR combination. and provide enough information for the PLMN to refer back to the MSC/VLR which assigned it.GSM . and other parameters which avoid confusion. The number plan used by the Operator has to fit into a national and international scheme. the new MSC/VLR issues a new TMSI and passes this to the HLR for storage in a location update. However. They refer to the length of the TMSI.Global System for Mobile Communications IMSI not more than 15 digits ³<ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ>³ ÚÄÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ MCC ³ MNC ³ MSIN ³ ÀÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ NMSI ³<ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ>³ Figure 55: The Structure of the IMSI56 Because of the way the IMSI is constructed. and the Mobile Subscriber Identification Number is left to the PLMN Operator. the Mobile Network Code is a matter for the national authority. and the fixed network only allowed 10 to be sent. This makes the issue of these numbers much more flexible. The Mobile Country Code as defined within CCITT. an international standard was devised which allows flexibility while ensuring Copyright ©1991. However. then the callers from the fixed network would not able to call into the PLMN. 14. the component parts can be issued by different bodies. there are some guidelines which should be adhered to. The HLR then contacts the old MSC/VLR combination to ensure that the old TMSI reference is deleted.
Quite often a call will be made to the PLMN from the Public Switched Telephone Network. and the calls can be directed to the correct machine as they come in. they ring the facsimile number which is passed to the HLR. this is how PLMNs which use single numbering schemes have been designed to work.Global System for Mobile Communications a standard approach. and facsimile can be connected to the same line. which does not contain information identifying the type of call. 14. This gives rise to Single and Multinumbering PLMNs. Once identified. and so the same feature is available. Michael Clayton . and a Telex (F. Hence a facsimile call could be offered to a Mobile Station which has no capability of receiving it. but all pointing to the same IMSI. Using these plans as subsets. In GSM. Page 110 Copyright ©1991. Indeed. Each time a person wants to send a facsimile to that subscriber.121) plan.3. the particular number plan used when dialling can be changed and this is identified using a Number Plan Identifier (NPI). When a call comes to the Mobile Station.69) plan. for it to accept or reject as appropriate. Here the HLR cross references the facsimile MSISDN to the IMSI for that number and includes the type of incoming call. In fact. countries can build national numbering plans. an ISDN/telephony (E. one for fax.164) plan. and it is this IMSI which is thereafter used to identify the Mobile Station during that call. More is said about this in the section on Types of Numbers. the MSISDN is passed to the HLR which then cross-refers it to an International Mobile Subscriber Identity (IMSI). one for data etc. Because of this. It is for this reason that the idea of a multi-numbering scheme has been devised. When the subscriber pays for an additional Bearer/Teleservice. or private companies can devise their own. several plans have been devised for different applications. There is. The multi-numbering scheme is the safety net until ISDN becomes widespread. it can be seen that more than one MSISDN can be applied to the same Mobile Station and IMSI. a Data (X. this call type is passed to the Mobile Station on call set-up. but a problem occurs in identifying the type of call made.GSM . for instance. Using this feature.163/E. GSM is based on ISDN. This does not stop a call to the telephony number from still being identified as a facsimile call. telephone.1 Single and Multi-Numbering Plans One of the most versatile features of Integrated Services Digital Networks (ISDN) is that the type of call coming into a terminal is identified in the call set-up. another number is allocated giving one number for telephony.
Operators. It is doubtful that this occurred without some problems. The European Telecommunications Standards Institute (ETSI) have shown that they are willing to allow other countries around the world to take part by introducing associate1 membership. and it was achieved by uncompromising co-operation. Michael Clayton Page 111 . However. Co-operation between Governments. there is a great deal of work to do be done to complete the task and realise the full potential of GSM.GSM . 1 Australia is first nation to gain status as associate members of ETSI via the Australian CCITT Committee (ACC). Manufacturers and a great many experts brought in to solve specific problems. There are many issues to sort out regarding the interaction of Supplementary Services. is the speed with which the standards have been put together. Copyright ©1991. It is a tribute to European harmony. It is now up to the rest of the world to get involved. and almost all are much less complex than GSM. some frustrating. logically yet speedily. This was granted in March 1991.Global System for Mobile Communications 15 OPENING OF GSM SERVICE AND ANOMALIES93 In June 1991. GSM service opened in several countries in Europe. some of which are amusing. What is unusual in GSM though. this should not be seen as in any way unusual. all new networks suffer from this. It was not hastily done. but methodically. Still. but it should not stop there. Government Authorities. and it will take time to sort out some of the GSM service anomalies.
and they must be completed quickly.when the subscriber is informed. Michael Clayton .. he must.. it is important that. GSM3. but also about how people can work together to achieve something. Page 112 Copyright ©1991. and a sense of humour. It involves a great deal of foreign travel. As an indication of the underlying humour. the lecturer was right about one thing. there is an unwritten convention used in GSM recommendations...when the subscriber is informed.... in retaliation.. helping to define the standards for this next generation of cellular system.when the subscriber is informed.. and are considering a career in standards. . The people I had the pleasure of working with showed a very high degree of professionalism. but at the same time displayed a human face.).). not just about the system. In the documents from GSM1 the third person pronoun used is always the feminine (e.. ensured that in their documents that the masculine third personal pronoun was used (e. I must say here that the lecturer is no longer correct in that analysis.. I was once told during my degree.)! I would like to thank all the people of ETSI-GSM for all they taught me.. GSM.g.. it is no longer boring. ..Global System for Mobile Communications 16 CONCLUSION94 The basis for much of the content of this report is the time I spent in the ETSI GSM committees. that standards work was boring though it did have a silver lining in the form of the foreign travel required. decided to settle on the impersonal pronoun (e.GSM . not to be left out. In case any students read this. is a good example of the way to achieve this. to my mind. . GSM4.g. The world must have standards.g. she must..
Global System for Mobile Communications ANNEX 1 RF CHANNEL DATA Traffic channels (TCH's) (i) Full rate traffic channel (TCH/F). Michael Clayton Page 113 .6).8 kbits/s.4 kbit/s.6 kbit/s user data (TCH/F9.8).8).4). (TCH/F2. This channel carries information at a gross rate of 22. This channel carries information at a gross rate of 11.4) Control Channels Broadcast Type Channels Frequency correction channel (FCCH) Synchronisation channel (SCH) Broadcast control channel (BCCH) Cell Broadcast Channel (CBCH) Note that CBCH is not normally referred to as part of the BCCH channels. It is purely used for the Short Message Service (SMS) and is listed here as a broadcast type channel. (ii) Half rate traffic channel (TCH/H). Half rate traffic channel for speech (TCH/HS). (iv) Half rate traffic channel for µ 2.8 kbit/s user data (TCH/F4. (ii) Full rate traffic channel for 4.4 kbit/s user data (v) Full rate traffic channel for µ 2.GSM . Traffic channels defined to carry user data: (i) Full rate traffic channel for 9.4 kbit/s user data (TCH/H2. Traffic channels defined to carry encoded speech: (i) (ii) Full rate traffic channel for speech (TCH/FS). Copyright ©1991.8 kbit/s user data (TCH/H4. (iii) Half rate traffic channel for 4.
combined with CCCH (SDCCH/4) Slow. control channel (SACCH/C4) Timing and Frame Numbering Timeslot duration: TDMA frame: · · · 3/5200 seconds (577 ms). control channel (FACCH/F) Slow. - Dedicated control channels Slow. Page 114 Copyright ©1991.Global System for Mobile Communications Common Control Type Channels Collectively known as Common Control CHannels (CCCH) when combined as a common control channel: Paging CHannel (PCH): Downlink only. TCH/F associated. used to allocate a SDCCH or directly a TCH. used to request allocation of a SDCCH. TDMA frames are numbered by a frame number (FN). Eight timeslots form a TDMA frame Timeslots in a TDMA frame are numbered from 0 to 7 and a particular timeslot shall be referenced by its timeslot number (TN). control channel (SACCH/TH) Fast. Access Grant CHannel (AGCH): Downlink only. ~4. TCH/F associated. SDCCH/4 associated. TCH/H associated. Random Access CHannel (RACH): Uplink only.GSM . control channel (FACCH/H) Stand alone dedicated control channel (SDCCH/8) Slow. control channel (SACCH/TF) Fast. TCH/H associated. used to page mobiles. control channel (SACCH/C8) Stand alone dedicated control channel.62 ms in duration. SDCCH/8 associated. Michael Clayton .
25 Bits.GSM . with last 1/4 bit numbered with bit 156. Michael Clayton Page 115 .Global System for Mobile Communications Hyperframe Superframe Multiframe Control channel multiframe consists of 51 TDMA frames Traffic channel multiframe consists of 26 TDMA frames 26 control channel multiframes. Frequency Correction Burst Tail Bits Fixed Bits Tail Bits Guard Bits Synchronisation Burst Tail Bits Encrypted Bits Training Sequence Encrypted Bits Tail Bits Guard Bits 3 39 64 39 3 8. Numbering from 0 to 156.25 3 142 3 8.25 Copyright ©1991. Consists of 2048 superframes RF Transmission Bursts Timeslot is divided into 156. Lowest numbered bit transmitted first. 1326 TDMA frames The frame number shall be cyclic and shall have a range of 0 to FN_MAX called Hyperframe. 51 traffic channel multiframes. FN_MAX = (26 x 51 x 2048) -1 = 2715647 Frame number is incremented at the end of each TDMA frame.
25 3 58 26 58 3 8. Sequence Bits Encrypted Bits Tail Bits Guard Bits 8 41 36 3 68. Michael Clayton .25 Allowed Channel Combinations The following are the permitted ways in which channels can be combined onto basic physical channels (numbers appearing in parenthesis after channel designations indicate sub-channel numbers): Page 116 Copyright ©1991.GSM .Global System for Mobile Communications Dummy Burst Tail Bits Mixed Bits Training Sequence Mixed Bits Tail Bits Guard Bits Normal Burst Tail Bits Encrypted Bits Training Sequence Encrypted Bits Tail Bits Guard Bits Access Burst Tail Bits Synch.25 3 58 26 58 3 8.
. 7) Note: CCCH = PCH + RACH + AGCH Copyright ©1991.1) + SACCH/TH(0.3) + SACCH/C4(0.Global System for Mobile Communications TCH/F + FACCH/F + SACCH/TF TCH/H(0.GSM .1) + FACCH/H(0.. Michael Clayton Page 117 .3) BCCH + CCCH SDCCH/8(0 ..1) TCH/H(0) + FACCH/H(0) + SACCH/TH(0) + TCH/H(1) FCCH + SCH + BCCH + CCCH FCCH + SCH + BCCH + CCCH + SDCCH/4(0....7) + SACCH/C8(0 .
Michael Clayton . Billing and Accounting Rapporteur Group administration of subscribers billing harmonisation credit control fraud prevention accounting operation statistics definition of billing software harmonisation.Global System for Mobile Communications ANNEX 2 GSM COMMITTEE SUB-GROUPS Memorandum of Understanding (MoU) Sub-Groups MoU-BARG MoU-MP MoU MoU-EREG Intellectual Property Rights harmonisation of precurement policy lists of recommendations and version numbers used in contracts. Marketing Planning presentation of coverage information identification of selling features commissioning of market surveys co-ordination of awareness campaigns GSM name and logo Procurement. European Roaming mobile numbering plans routing of mobile terminated calls and signalling messages technical implications of tariff principles on international interworking establishment of international signalling links interworking between PLMNs.GSM . MoU-TAP Type Approval Administrative Procedures Page 118 Copyright ©1991. MoU-CONIG Conformance of Network Interfaces lists and definitions of tests for conformance of interfaces harmonisation of test activities.
Security Group administration of non-disclosure undertakings for GSM Algorithms maintenance of algorithms and test sequences monitoring adequacy of system security and proposing of enhancements if required.GSM . MoU-SERG MoU-SG Services Expert Rapporteur Group maintenance of GSM recommendations transferred to GSM-MoU control allocation and review of implementation dates for GSM services review of compatibility of services in the roaming situation definition of principles of customer relations and education. MoU-RIC - Copyright ©1991. Michael Clayton Page 119 . Radio Interface Co-ordination Co-ordination of technical aspects of type approval including interpretation of GSM recommendations resolution of technical problems with type approval organisation of compatibility of testing mobile equipment to ensure adequacy of type approval review of GSM validation results and effects on implementation plans review of system simulator activities. MoU-TADIG Transfer Account Data Interchange detailed specification of file interchange mechanism between billing entities specification of billing data format specification of standard sets of protocols for billing data interchange.Global System for Mobile Communications harmonisation of procedures regarding Type Approval review of existing or emerging directives identification of possible difficulties with directives control and issue of IMEIs.
1 kHz ex PLMN All data circuit synch All data circuit async All data packet synch All PAD access 12 kbit/s unrestricted digital 20 21 22 23 24 25 26 27 29 Teleservice Below is a list of the Teleservices within the GSM PLMN. Michael Clayton . These are used to identify the Bearer service when used in conjunction with Supplementary Services. A more comprehensive list may be found in the ESTI-GSM recommendation 02. A comprehensive list is available in the ETSI-GSM recommendation 02. but an indication which includes the Service Code for use in conjunction with Supplementary Services. Service Code All teleservices Telephony All data teleservices Facsimile services Videotex Teletex Short Message Services All data teleservices except SMS All teleservices except SMS 10 11 12 13 14 15 16 18 19 Page 120 Copyright ©1991. Service Code All bearer services All async services All synch services 3. it is not intended as a comprehensive list.Global System for Mobile Communications ANNEX 3 GSM SERVICES Bearer Services Below is a list of groups of the principle Bearer Services.03. Once again.02.GSM .
S. not completed.85) Closed user group Charging S. the Supplementary Service is not well defined as yet. (02. (02.81) Calling number identification presentation Calling number identification restriction Called number identification presentation Called number identification restriction Malicious call identification Call Offering S. Service Code Number Identification S. Subsequent changes could be made as a result of implementation considerations. The letter S gives some indication of which services have a reasonably stable Phase 1 description. in which case they are marked as NA. (02. In the latter case.S.86) Advice of charge Additional Information Transfer S.82) Call forwarding unconditional Call forwarding on mobile subscriber busy Call forwarding on no reply Call forwarding on mobile subscriber not reachable Call transfer Mobile Access Hunting Call Completion S.87) User-to-user signalling Copyright ©1991. this does not necessarily mean that a code will be assigned.Global System for Mobile Communications Supplementary Services The list of Supplementary Services is given below with the GSM service code.S. In other cases. (02.83) Call waiting Call hold Completion of calls to busy subscribers Multi Party S. the letter F denotes those frozen Phase 1 services. (02.S.GSM . Michael Clayton NA S NA S NA S NA S NC 21 F 67 F 61 F 62 F NC NC 43 S NA S NC NC NC NA S NC Page 121 . in which case they are marked as NC.S.S. Finally. (02.S. the service code is not applicable. (02. For some Supplementary Services.84) Multi-Party Service Community of Interest S.
Global System for Mobile Communications Call Restriction S. Michael Clayton .88) Barring of all outgoing calls Barring of outgoing international calls Barring of outgoing international calls except those directed to the home PLMN Barring of all incoming calls Barring of incoming calls when outside home PLMN 33 F 331 F 332 F 35 F 351 F Page 122 Copyright ©1991.S. (02.GSM .
Michael Clayton Page 123 .Global System for Mobile Communications ANNEX 4 STRUCTURE OF STANDARDS Copyright ©1991.GSM .
Michael Clayton Page 124 .GSM .Global System for Mobile Communications GLOSSARY OF TERMS AB ACC AGCH AMPS AoC AUC BAOC BAIC BCC BCCH BIC-Roam BN BOIC BOIC-exHC BSC BSIC BSS BTS CA CAI CB CBCH CCBS CCCH CCITT CEPT CFB CFNRc CFNRy CFU CLIP CLIR COLP Access Burst Australian CCITT Committee Access Grant Channel Advanced Mobile Phone Service (USA analogue cellular system) Advice of Charge AUthentication Centre Barring of All Outgoing Calls Barring of All Incoming Calls Outside the Home PLMN Country Base Transceiver Station Colour Code Broadcast Control CHannel Barring of Incoming Calls when Roaming Bit Number Barring of Outgoing International Calls Barring of Outgoing International Calls except those directed to the Home PLMN Country Base Station Controller Base Transceiver Station Identity Code Base Station System Base Transceiver Station Cell Allocation Common Air Interface Cell Broadcast Cell Broadcast Channel Completion of Call to Busy Subscriber Common Control CHannel Comité Consultatif International Télégraphique et Téléphonique Conférence Européanne de Administration des Poste et Télécommunications Call Forwarding on mobile subscriber Busy Call Forwarding on mobile subscriber Not Reachable Call Forwarding on No Reply Call Forwarding Unconditional Calling Line Identification Presentation Calling Line Identification Restriction Connected Line Identification Presentation Copyright ©1991.
Michael Clayton Page 125 .Global System for Mobile Communications COLR CSPDN CT CT1 CT2 CT3 CUG CW DAMPS DECT DCCH DCS 1800 DTX ETACS ETSI FAC FACCH FACCH/F FACCH/H FN FB FCCH GSM-AD GMSC HPLMN HLR HOLD HSN IMEI IMSI ISDN IWF Kc Ki LAI LMSI Connected Line Identification Restriction Circuit Switched Public Data Network Call Transfer Cordless Telephony 1 (First generation) Cordless Telephony 2 (Second generation) Proprietary cordless technology designed Ericsson Closed User Group Call Waiting Digital Advanced Mobile Phone Service (AMPS) Digital European Cordless Telephone Dedicated Control CHannel Digital Cellular System at 1800 MHz Discontinuous Transmission Extended TACS European Telecommunications Standards Institute Final Assembly Code (used in IMEI) Fast Associated Control Channel FACCH Full rate channel FACCH Half rate channel Frame Number Frequency Correction Burst Frequency Correction Channel GSM Applications Directory (on SIM) Gateway Mobile Services Switching Centre Home PLMN Home Location Register Call Hold Hopping Sequence Number International Mobile station Equipment Identity International Mobile Subscriber Identity Integrated Services Digital Network InterWorking Function cipher key authentication key Location Area Identity Local Mobile Subscriber Identity by Copyright ©1991.GSM .
Michael Clayton Page 126 .Global System for Mobile Communications MA MAH MAI MAIO MCC MCI ME MMI MNC MO MoU MPty MS MSC MSIN MSISDN MSRN MT MP/PP NB NETZ-C NPI NMSI OACSU OSI PACTS PABx PAD PCH PCN PLMN PSPDN PSTN PT12 PUK RACH RAND RPE-LTP RF RFCH Mobile Allocation Mobile Access Hunting Mobile Allocation Index Mobile Allocation Index Offset Mobile Country Code Malicious Call Identification Mobile Equipment Man-Machine Interface Mobile Network Code Mobile Originated Memorandum of Understanding (for GSM) Multi-Party (conference call) Mobile Station Mobile Services Switching Centre Mobile Subscriber Identity Number Mobile Station ISDN Number Mobile Station Roaming Number Mobile Terminated Mobile Terminated/Point-to-Point Normal Burst German analogue cellular network Number Plan Identity National Mobile Subscriber Identity Number Off-Air Call Set-Up (international) Open Systems Interconnection Public Access Cordless Telephone Service Private Automatic Branch Exchange Packet Assembler-Disassembler Paging Channel Personal Communications Network Public Lands Mobile Network Pack Switched Public Data Network Public Switched Telephone Network Project Team 12 (ETSI co-ordinating team for GSM) PIN Unblocking Key Random Access Channel RANDom number (used for authentication) Regular Pulse Excited-Long Term Prediction (GSM voice encoder) Radio Frequency Radio Frequency Channel Copyright ©1991.GSM .
GSM .8Kb/s Time Division Multiple Access Temporary Mobile Station Identity Timeslot Number Training Sequence Code United Kingdom User-to-User Signalling Voice Activity Detector Visitor Location Register Cellular Radio Concept (UK Index 3 Copyright ©1991. Michael Clayton Page 127 .Global System for Mobile Communications RFN SACCH SB SCH SDCCH SDCCH/TF SDCCH/TH SCN SCH SID SIM SIMEG SMS SMSCB SNR SP SRES TAC TACS Tel-AD TCH TCH/F TCH/FS TCH/F9.8 TDMA TMSI TN TSC UK UUS VAD VLR Index Reduced Frame Number Slow Associated Control Channel Synchronisation Burst Synchronisation CHannel Stand-alone Dedicated Control Channel SDCCH for Traffic channel Full rate SDCCH for Traffic channel Half rate Sub-channel Number Synchronisation Channel SIlence Descriptor frame Subscriber Identity Module Subscriber Identity Module Expert Group Short Message Service Short Message Service Cell Broadcast Serial Number (used in IMEI) SPare digit (used in IMEI) Signed RESponse (used in authentication) Type Approval Code Total Access Communications System analogue cellular) Telecom-Applications Directory Traffic Channel Traffic Channel/Full rate Traffic Channel/Full rate for Speech Traffic Channel/Full rate for Data 9.6 TCH/H TCH/HS TCH/H4.6Kb/s Traffic Channel/Half rate Traffic Channel/Half rate for Speech Traffic Channel/Half rate for Data 4.
............... 24 110.............................................................................. 39 120.5 IMSI Detach procedure...............................................1 96............ 46 -1- ................................................ 12 103...............7 Abnormal Cases........2 First Location Updating......1 GSM and Cordless Telephony..................5 GSM Configuration.......................2 INTRODUCTION 1 Disclaimer.........................................................................1 The Cellular Radio Concept..... 4 99.................................................................19 106................................................................................2 GSM and Personal Communications Networks (PCN)....................................................................................33 115....................................................................3 98..............4 Inter-cell Handover.............................. 36 6 GSM CALL HANDLING 37 118.......................................3 International Rivals to GSM...............25 5 GSM MOBILITY MANAGEMENT FUNCTIONS 26 111......... 7 3 OTHER TECHNOLOGIES 10 101......................................................6 IMSI Attach Procedure...........................................................................................4 International Roaming...........................................................................................................................26 112...................3 ETSI-GSM............................. 35 116........ 35 117.........2 GSM Standardisation.. 30 114................................................................. 6 100................................................................................ 17 105.............................................................................. 1 2 GSM STRUCTURE 3 97...............................................2 Mobile Services Switching Centre (MSC).............23 109..... 42 121.....................................................................................................................................2 Incoming Calls...............................................................................................4 The GSM Memorandum of Understanding......... 10 102.................5 Call Clearing......................................................................................22 108............ 1 Conventions Used............................................................................................................................................ 43 122.................1 First Registration.............. 27 113.................4 Home Location Register (HLR).....................6 Addressing......1 Base Station System (BSS)............................................... 15 Schlumberger Private 4 GSM COMPONENTS 17 104.............3 Normal Location Updating.......................................................Global System for Mobile Communications Table of Contents 1 95.............................................................................1 Outgoing Calls..............................................7 Mobile Station....................................... 37 119.............................................................................................................3 Visitor Location Register (VLR)...........................................Contents List GSM ... 21 107...................................3 Emergency Calls......
......................2 Ciphering.............................1 Logical Channels..................................................5 SIM Security...........3 Mapping of Logical to Physical Channels... 84 145..............4 Using Supplementary Services.................................................................................................................6 Contents List Roaming..............................................................1 Call Forwarding......62 134................. 81 142...................................................................... 89 13 RADIO FREQUENCY LAYER IN GSM 90 151....1 Teleservice Attributes..................................................................................1 Authentication................ 88 149.......51 127........................................................................4 Mobile Station Class Mark.........................................97 155................3 Interworking Attributes............................................................. 92 153...............1 Information Transfer Attributes...............................GSM .......................................................................................2 Physical Channels....................................................................................... 49 125......................................................................90 152..................... 85 146....................52 8 TELESERVICES 54 129...............................................2 Call Barring... 85 147.......................................................................................................................... 70 137......3 Short Message Service............... 54 130................................. 47 7 BEARER SERVICES 48 124........................................................................Global System for Mobile Communications 123..........................2 Types of Teleservices.........................80 141................................................ 56 9 SUPPLEMENTARY SERVICES 59 132........................................................................5 Speech Coder...................................................................4 Lifecycle of SIMs...................................................................................................64 135........................... 50 126....................3 PLMN Selection....................................................... 74 139........................................ 95 154................................................................................................87 148.....................82 12 SUBSCRIBER IDENTITY MODULE 84 144..........................................2 Man-Machine Interface...................................................................................................................................................................................................3 Phase 2 Supplementary Services........................................................................1 Mobile Equipment Features.......5 Example of Bearer Service................................................................................................................6 Start up procedure.............. 59 133...............................................................76 140................................................. 82 143.............................................5 R and S Interfaces...................7 Distribution.......................1 Description..................55 131............3 SIM Content... 89 150............. 52 128...............................71 11 MOBILE EQUIPMENT 74 138..........4 General Attributes..2 Access Attributes........................4 Frequency Hopping.................................................................................................................................................... 68 10 PLMN SECURITY 70 136................................................................2 Internal Electronics......................... 97 Schlumberger Private -2- ...........6 International Mobile Identity Number (IMEI)..........................................................
.......101 15 16 OPENING OF GSM SERVICE AND ANOMALIES CONCLUSION RF CHANNEL DATA GSM COMMITTEE SUB-GROUPS GSM SERVICES STRUCTURE OF STANDARDS 103 104 105 109 111 113 ANNEX 1 ANNEX 2 ANNEX 3 ANNEX 4 GLOSSARY OF TERMS 114 INDEX 118 Schlumberger Private -3- ............................... 101 159........................2 TMSI.......1 IMSI...............................Global System for Mobile Communications Discontinuous Transmission....................................................Contents List 156............................................................................................ 100 158. 99 14 MOBILE SUBSCRIBER DATA 100 157.3 MSISDN.............................................................................................................6 GSM .........................................................
............................................................................................Table of Figures GSM ..................... 34 Handling of Incoming Calls..................................................................................................................................................................49 Access Attributes............................... 47 Bearer Services................................................................................73 Composition of the IMEI.............................................................. 51 Relationship between Teleservices and Bearer Services......................................... 46 Subsequent Handover......................................................................101 Schlumberger Private ...............................................96 The Structure of the IMSI........... 19 Gateway MSC Configuration...29 Location Update in One MSC Area....................................................................................................................... 18 MSC Configuration..................... 51 Interworking Attributes..... 48 Information Transfer Attributes............................................................................................................................ 92 Adaptive Frame Alignment........................................................................................................................................ 94 Frame Interleaving........................................................................ 8 Base Station System Configuration....................................................................................................... 21 GSM Network Configuration..................................................................................................................................................... 24 Cipher Start Sequence..................................................................................................54 Cipher Start Sequence...........................................4 European Participants in GSM..................................31 Location Update between MSC Areas........................................................................................... 5 The countries within Europe which are taking GSM........................................................... 44 Inter-MSC Handover................................................. 32 Location Update between VLRs........................................................................................................ 93 ???.40 Intra-MSC Handover..........................................................Global System for Mobile Communications Table of Figures Figure 1: Figure 2: Figure 3: Figure 4: Figure 5: Figure 6: Figure 7: Figure 8: Figure 9: Figure 10: Figure 11: Figure 12: Figure 13: Figure 14: Figure 15: Figure 16: Figure 17: Figure 18: Figure 19: Figure 20: Figure 21: Figure 22: Figure 23: Figure 24: Figure 25: Figure 26: Figure 27: Figure 28: Frequency Re-use in GSM.................................................................................................................33 Location Update across International Borders...............................................................................83 Time Division Multiple Access...................................
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.