Copyright ©1991, Michael Clayton All Rights Reserved No part of the contents of this document may be reproduced or distributed

in any form or by any means without the prior written permission of the author, or Security Domain Proprietary Limited.

GSM Bible

GSM - Global System for Mobile Communications


The purpose of this report is to describe in easy terms what GSM is and how it operates. It is intended that it will provide both management and technical staff with an understanding of the services that GSM can provide, the components that make up a GSM network and the way that these components interact. As such, it should be of benefit to all organisations that have a direct or indirect involvement with mobile communications, whether as service operators, providers, equipment manufacturers, vendors, consultants, regulators or, most importantly, users. Each major section begins with a high level overview of the subject, before descending into lower level technical descriptions. This is to allow readers to glean overview information about particular subjects or to use the document as a reference guide without having to wade through technical descriptions.


GSM is still evolving and will continue to do so for a number of years. While the majority of the initial work to enable the system to function has been completed, subsequent services are being defined that may require a change in the operation as specified at the end of the Phase 1 work schedule. As a consequence, it should be noted that while every effort has been made to ensure the accuracy of the information within this document, the author, contributors, publishers and sponsor, in particular Security Domain Proprietary Limited and the sponsor of the report, Telecom Australia, their associates, employees and agents, are not responsible for errors or omissions, actions, or the results of any actions, taken or omitted to be taken upon the basis of information in this document. The author, contributors and publishers expressly disclaim all and any liability (whether arising by reason of negligence or otherwise) to any person or corporation whether in receipt of this document or not, in respect of anything and the consequence of anything done or omitted to be done in reliance, whether whole or partial, upon the whole or any part of the contents of this document. This document is produced as a guide only and for up to date changes, reference must be made to the documentation produced and issued by the European Telecommunications Standards Institute (ETSI).


Conventions Used4
This report follows, as far as possible, the conventions used within GSM

Copyright ©1991, Michael Clayton

Page 1

GSM - Global System for Mobile Communications recommendations. This is done to ensure a familiarity with the terms used if the reader subsequently refers to the recommendations. Also, it should be noted that there is often an important distinction between two apparently similar terms or entities used within GSM, which may confuse the reader. Some of the more important ones are: Subscriber Identity Module (SIM) A Subscriber Identity Module is a smart card which holds all the information required to identify a particular subscription to a mobile service. Mobile Equipment Mobile equipment constitutes a device which has the ability to communicate with the GSM network, but which does not hold any subscriber related information. Mobile Station: A piece of mobile equipment with a valid Subscriber Identity Module (SIM) inserted is termed a Mobile Station. The distinction in this case is that a piece of Mobile Equipment cannot (ordinarily) make or receive calls, since no subscription information (stored in the SIM) is available. The insertion of a valid SIM into the mobile equipment, to make a Mobile Station, is required to enable accesses to the GSM network. PLMN: The GSM Network is termed a Public Lands Mobile Network, or `PLMN. In many GSM documents, references are made to the term network and the term PLMN, the meaning of which is dependent on the context. In this report the term PLMN refers to a GSM network only. Distinctions between different PLMNs is made by refering to the Home PLMN or HPLMN (the network which holds the subscription to the service) and Visited PLMN, or VPLMN (any roamed-to network). Network Operator: The term Network Operator refers to the Operator of a GSM PLMN. It is possible that this Network Operator could also be the operator of more than the GSM PLMN, but for the sake of clarity, in this report the term only refers to GSM. Reference to Operators of non-GSM networks, is made using the network type, i.e. Public Copyright ©1991, Michael Clayton

Page 2

Michael Clayton Page 3 . Where other important distinctions exist. For further information see the glossary of acronyms at the end of this report.GSM . Copyright ©1991. they are indicated in the text.Global System for Mobile Communications Switched Telephone Network (PSTN) Operator.

Michael Clayton . This process is totally automatic and requires no special intervention by the user. instead of one large transmitter. the concept of commercial cellular radio evolved. but it was in Europe that the potential of cellular was most fully realised. Frequency Re-use in GSM2 Figure 1: Page 4 Copyright ©1991. known as a Cell. In cellular the problem is solved by handing the call over to the next cell. the service could not be sold to any great extent because of the limited capacity. is to reduce the interference by one cell on others around it. In doing this. but this is avoided by allowing non-adjacent cells to use the same frequency. present and future. radio phones were limited to just the one transmitter covering a large area.Global System for Mobile Communications 2 GSM STRUCTURE5 This section deals with the route by which the present GSM offering was reached.1 The Cellular Radio Concept6 In the early eighties. Much can be gleaned from analysing the history of how it grew. which is why the service area was so large. Cellular systems sprang up around the world. one of the first problems to solve is what happens when a person using the phone in one cell moves out of range of that cell. In the radio phone service there was no solution and the call was lost. Prior to cellular. but it is a complex technical function requiring significant processing power to achieve a quick reaction. Once this was realised. and the poor quality. the available frequencies could be quickly used up. 2. Cellular radio differs from the radio phone service because. the capacity of the cellular system could increase enough to make it a commercially viable proposition. many small ones are used to cover the same area. As a result.GSM . Another reason for using small cells and limiting the power output from each. particularly in respect of the relationship between GSM and other technologies. the same frequencies can be re-used many times. the high cost. As long as they are far enough apart not to cause each other interference. Each has limited power output so that the coverage of one transmitter is restricted to a small area. So the service is a very efficient user of what is a limited resource. While this was sufficient for pioneer users who needed to be specifically trained to use it. the RF spectrum.

This was seen as a breakthrough because international roaming could open up the European markets. the latent demand consistently outstripped predictions. What was needed was a new system which had increased capacity and was versatile enough to incorporate any foreseeable future advances in telecommunications technology.2 GSM Standardisation7 Over the period of evolution for cellular many different systems were born. In France their system was called RC2000 and in West Germany (as it was then) the system was called NETZ-C. and called Total Access Communications System (TACS).Global System for Mobile Communications In the Scandinavian countries. European Participants in GSM14 Figure 3: Proponents of each different system tried to get their system adopted around Europe. The group was named Groupe Spécial Mobile. by reducing the ödead timeì while travelling. allowing universal interconnect. in 1982. but the work quickly moved on from there. but the key to its success had to be standardisation of the many formats available. and the United Kingdom (UK). and the quality of service suffered. and in the Scandinavian countries the Nordic Mobile Telephone (NMT) system was devised. This initial mandate was to standardise the frequencies for use in cellular radio. into one. especially within Europe. 2. Sweden and Finland led the way by showing how restrictive this situation was. In America the Advanced Mobile Phone Service (AMPS) was used. Within the Scandinavian pocket of NMT in 1981. from which the initials formed the acronym GSM. The force of such a move was apparent in the size of the potential market. At the same time Europe was consolidating into "One Market" and part of the process was to ensure an overall telecommunication standards policy. Michael Clayton Page 5 . It soon became clear that a similar policy could easily be applied to cellular. Hence. limited international roaming allowed subscribers from one country to use the cellular network of another. In the UK the AMPS system was adopted with some adaptions.GSM . The significance of this was that each pocket was isolated from the next because the fundamental technical differences in the systems precluded roaming between them. The Scandinavian countries of Norway. with the result that small pockets of similar cellular networks grew. This would be even more important if a subscriber could receive calls on a different mobile network. Copyright ©1991. the Conférence Européanne des Administrations des Poste et Télécommunications (CEPT) set up a group to study this harmonisation of a panEuropean cellular system. Soon the networks were becoming congested.

should be uniform across all GSM PLMNs. in line with the unified approach to telecommunications occurring in other fields. There was only one way this could be achieved and that was to design a completely new network which was acceptable to all member countries and adopted by them. confusing the subscriber. Page 6 Copyright ©1991. One way this could be done would be to define the interface between PLMNs and between the mobile phones and the PLMN. The same service in different countries could look and act totally differently. and for the mobile phones to be able to access any GSM PLMN. The adoption of GSM was taken care of by a GSM Memorandum of Understanding mentioned later. wherever the subscriber goes within coverage of a GSM system in any country. service will be available using just one subscription to GSM and one number. This was unacceptable and so it was stipulated that the GSM service. Michael Clayton .1 Concept of GSM The aim of a GSM Public Lands Mobile Network (PLMN) is to ensure that.3 ETSI-GSM8 The work continued under the control of the CEPT until 1988. Like most of the Project Teams within ETSI. The problem with this solution was that a consistent GSM service could not be guaranteed. four working parties were set up to ensure that all aspects of the study were covered by the most appropriate and expert people. PT12 is mainly made up of employees of ETSI members on secondment to ETSI. This is no small task. therefore set up in ETSI to coordinate and support the work done in the working parties. It was decided that GSM should be moved to ETSI. 2. and then let each country and national Network Operator do what they wanted in between.2. A Project Team (PT12) was. when the European Telecommunications Standards Institute (ETSI) came into being. By this co-ordinated approach. with all the charges referred back to this home subscription and charged in the home currency. to manufacturers of telecommunications equipment. The minimum requirement to enable this international roaming was for these GSM PLMNs to be able to talk to each other. and later the European Telecommunications Standards Institute (ETSI) and range from operators of telecommunications networks. such as Integrated Services Digital Network (ISDN).Global System for Mobile Communications 2. but it was up to the standards committees of CEPT to ensure the acceptability of GSM. Since the scope of the work was broad. the most acceptable route was always taken. These working parties are made up of interested members of CEPT.GSM . the best solution possible was adopted and where compromises were inevitable. since it involves many countries who wish to run autonomous national PLMNs. as a whole.

This group reports to GSM1 and concentrates on all aspects of the Subscriber Identity Module (SIM). the first being between Italy. in some cases. which will utilise the existing system. Working party A is concerned with the signalling required for Mobile Station control (access. a potentially large market will be opened up for GSM. An important sub-group to GSM1 is the Subscriber Identity Module Expert Group (SIMEG).GSM . called the Services and Facilities group. At present the number of signatories is 22.1 The Role of Working Parties The design procedure adopted by ETSI-GSM is that of a top-down approach. location updating. and it is divided into three distinct areas. and in 1987 a full Memorandum of Understanding (MoU) was signed by 13 members of GSM. to the facilities required to ensure that security is maintained. etc. France and West Germany in 1986.) Working party B is concerned with the signalling necessary within the PLMN and working party C deals with the supplementary service signalling requirements. the United Kingdom (UK) was added. Finally. When this is achieved.Global System for Mobile Communications 2. The next working party is GSM2 named the Radio Interfaces group. This group. and will considerably enhance the versatility of GSM. the smart card used in GSM. 2. The work done in these groups is by no means complete.4 The GSM Memorandum of Understanding9 As work on the standards progressed. paging. Copyright ©1991. Its work ranges from defining the types of channels needed for GSM to the channel coding used over them. This group holds an important responsibility. New services have been outlined. As a consequence. the definition of GSM standards normally starts with GSM1.3. GSM4 controls the data applications of GSM. The responsibilities of GSM3 are concerned with PLMN signalling. Indeed. Michael Clayton Page 7 . for it must design GSM to allow data to be transmitted with ease across the PLMN. which deals with the low level radio sub-system required to support GSM. Agreements sprang up between interested parties. the services to be offered will exceed those offered in fixed ISDN telephone networks. defines the requirements for the system. These range from the requirements of standard synchronous and asynchronous data to specialised data applications such as the Short Message Service (SMS). ranging from the types of bearer services and supplementary services. A frozen set of some 137 specifications exists for phase one of GSM. but there is much still to be done for phase two. some of the parties involved began to realise that the potential of this technology was dependent on the universal adoption of GSM. but there are several potential additions. Very soon thereafter.

and so under it come issues such as billing and type approval. where the work is broken up into expert groups. but it is expected that all will have a major part to play in the near future.GSM .Global System for Mobile Communications Figure 5: The countries within Europe which are taking GSM6 The aim of the MoU is to ensure that GSM becomes a commercial product. so it is with the Memorandum of Understanding (MoU). At the time of writing this report. However. 2. In addition.4. which correspond to the implementation of remaining services. and so members of these Rapporteur Groups must understand the technicalities of GSM. It should also be noted that all signatories have emphasised that they are committed to the implementation of GSM. As a consequence. These groups meet regularly and report back to the MoU Plenary. sometimes to the extent that representatives attend both areas. Some groups are more active than others at this stage of the implementation. The timescale set for start of services is by January 1st 1992. A broad range of issues are covered by the MoU sub-groups. commercial issues often impact on the technical specification (and vice versa). but conversely some signatories have started service already. some signatories have stated that they will not meet the deadline. run by those signatories. The MoU is essentially the commercial arm of GSM. there is no reason why these services can not be implemented prior to the dates set. The apparent delay by some should be viewed in the light of the size and quality of the existing analogue networks. However. As a consequence a close working relationship between ETSI and the MoU is maintained. a list of which is shown in Annex 2. Michael Clayton . Page 8 Copyright ©1991. several other dates have been identified. one of the conditions of the MoU is an agreement to implement GSM within a particular timescale. The MoU is not a legally binding document. with an agreed list of services to be supported.1 MoU Sub-Groups Just as in the ETSI standards body.

This section deals with the most prominent ones. once some evolution had occurred. People took to them immediately and by 1981 the flourishing black market came to the attention of the national operator. Some of these features were thought to be Copyright ©1991. This specification was called Cordless Telephony 1 (CT1). The differences between these systems are fundamental.7 MHz and 47. There are other technologies which are in the process of being defined. During 1979. It is worth noting at this point that. Indeed. However. the Department of Trade and Industry (DTI). compared with the 914-960 MHz of the CEPT system. or which are already in operation. cordless telephony took on a new impetus. and in 1983 the product reached the market. Michael Clayton Page 9 . it was even seen as a cheaper alternative to cellular. the rest of Europe had adopted a different solution under the auspices of the CEPT. the frequencies used are 1. Furthermore.Global System for Mobile Communications 3 OTHER TECHNOLOGIES10 GSM is not alone in providing greater freedom for the mobile subscriber.1 GSM and Cordless Telephony11 Cordless Telephony is a technology which developed entirely separately from cellular and was designed for a different market. and these phones caused troublesome interference. with the exception of France. since invariably the operator was blamed for poor quality and disputed accounts.GSM . in the CEPT system. the channels are allocated dynamically on a per call basis. In CT1. The problem with the illicit phones was that the frequencies they used were already allocated for marine and broadcast television use. These last two failings were perhaps two of the main reasons why British Telecom (BT) decided to take action. but the main ones of note are the different frequencies used and the way channels are allocated. when it first hit the market there was no cellular alternative which tended to limit its possibilities.5 MHz. the quality of speech was not good and there was no dialling security meaning that other people could easily use your account. British Telecom (BT) and the government radio regulatory authority. In pragmatic fashion. Also. With the introduction and subsequent growth of demand for mobile communications as a result of cellular. the United Kingdom (UK) saw the first cordless phones as illicit imports. British Telecom (BT) in conjunction with the DTI devised a new specification for cordless telephony which would correct the deficiencies of the illicit phones and yet be competitive in price. An example of how this occurred can best be seen from examining the United Kingdom experience. 3.

As one might expect. It is therefore ironic that the original concept. was left by the wayside in the rush.GSM . It was seen as a cheap alternative to cellular which could be aimed at the domestic market.1 Cordless Telephony 2 (CT2) The release of the CT1 phones solved the immediate problems with cordless telephony.1. of a next generation cordless phone as an extension to the domestic line.Global System for Mobile Communications advantageous. and despite the limited range of 100m it was seen that. The result was Page 10 Copyright ©1991. British Telecom. The exact details of the format of CT2 and how it works are outside the scope of this report. as work progressed. Shaye. or perhaps to add temporarily a visitor's handset to the existing base site. it became apparent that there was another dimension to the CT2 technology. CT2 at 864 MHz. CT1 only allowed for 8 channels. It was an exciting time for cordless telephony. British Telecom was not the only company concerned with CT2. the underlying technology was digital. a great deal of the control is maintained in the handset in CT2 whereas in GSM this is done in the PLMN (Public Lands Mobile Network). However. for owners to log-on with their own phones and make outgoing calls. A normal cordless phone package would comprise a base site and a matching mobile phone. with several companies vying for a licence to operate such a service. set out to devise the next generation. To be allowed to do this. 3. With CT2. in urban areas. there were still some problems to be resolved. but it was realised that another problem would soon become apparent. congestion would occur. a subscription was necessary with all call charges being billed directly to the user. 3. and were subsequently adopted in the next generation of UK cordless phones . It must be emphasised that CT2 was originally designed as an extension to the existing domestic fixed telephone line. While CT2 may use a similar RF transmission format to GSM (Time Division Multiple Access (TDMA)). again in conjunction with the DTI. but it should be noted that it is substantially different to GSM.1. and GPT were also involved and came up with a similar specifications to British Telecom (BT) and submitted then to the Department of Trade and Industry (DTI) which was required to adjudicate and choose between the competing systems. that of Telepoints. Hence. since this is the most spectrum efficient commercially available technology at present. Motorola. However.2 Telepoints The scenario for Telepoints started from the versatility of CT2. Michael Clayton . It was only a short step from there to providing public base sites.Cordless Telephony 2 (CT2). Ferranti. an added feature was the ability to add more handsets to the one base site.

Indeed. or the Doppler effect of fast moving mobiles. since many of the companies went ahead with their own solution in any case. However.GSM . there is little provision of the complex features found in GSM to cope with dynamic reflections of signals. Copyright ©1991. with a third consrotium led by Mecury and fourth going to an independent consortia. Three operators. In the meantime. However. The technology adopted by DECT is Time Division Multiple Access (TDMA) which is similar to that used in GSM and is described later in this report. A clause was added to the licenses stipulating that they must be operating on a common standard by the end of 1990. was adoption of it within Europe. which may spearhead a new release of Telepoint. whilst the fourth.Global System for Mobile Communications a compromise. with the Public Access Cordless Telephony Service (PACTS) it is expected that support of handover will remain restricted. the only thing required to complete the evolution of the CT2 standard. These shortcomings are in the process of being resolved both in the UK and in Europe.3 Digital European Cordless Telephone (DECT) The European initiative in cordless telephony was begun in 1988. Phonepoint (BT consortium). 3. while GSM is designed for diverse conditions and can cope with high interference factors. The interested companies got together. ZonePhone has been sold and has an uncertain future and Rabbit has not started service. which are that it cannot receive incoming calls or perform handover. The CEPT decided that the Digital European Cordless Telephone (DECT) standard should not be based entirely on the UK CT2 (CAI) or the so called CT3 standard developed by the Swedish company Ericsson. started service with proprietry technology. at the time of writing the status on Telepoint is that both Phonepoint and Callpoint have suspended operation (possibly indefinitely). and eventually came up with the Common Air Interface (CAI) which all agreed they would implement in time. Instead. CEPT invented their own cordless telephony standard.1. Therefore. from the UK perspective. This in turn. Michael Clayton Page 11 . is a result of the perceived problems with Telepoint. Telepoint has not fullfilled the potential which was forcast for it. Instead. PhoneZone (Ferranti consortium) and Callpoint (Mercury). the DECT standard was developed to incorporate the best of these two standards. Rabbit (formerly a Barclays/Phillips/Shell consortia which sold out to Hutchison Telecom). After much selling in several forums this failed. However. In Australia. both British Telecom (BT) and Ferranti put together consortia and both received a licence. DECT is specifically designed for less demanding radio environments. This situation is the direct result of the slow takeup of the service resulting from a poor perception in the market place. decided to wait for the emergence of the CAI technology.

Despite the success of TACS. Another way to squeeze more subscribers onto the cellular network is to increase the spectrum available and put more channels in. signals can travel much further than desired due to reflections off buildings. whereas DECT will have this feature available as part of the standard. 3. The use of DECT in the office could be an exciting application of cordless technology. In GSM. it should be remembered that DECT. especially the profits being made. automatically searches for a free channel which it seizes for the duration of the call.9 GHz frequency spectrum.GSM . not least of whom were the Operators who had trouble keeping up with demand.88-1.2 GSM and Personal Communications Networks (PCN)12 At the start of cellular service in 1984 in the United Kingdom. To this end. The British Government were watching the scene with great interest. the existing analogue network. It is expected that DECT will operate in the 1. (GSM has a maximum power limit of 20W). The user's handset. the PLMN makes that decision based on information provided by the Mobile Station. there was a huge latent demand. it is costly. The range has been put at 500m (optimistically) to 100m (realistically). However. in urban areas. the demand for cellular radio was used to justify the decision to deregulate the telecommunications industry and introduce competition. at a power of approximately 250mW. where TACS stands for Total Access Communications System. the channel reverts to the pool for general use. because in DECT the handset defines when a handover should occur. DECT has a pool of frequencies and dynamically allocates them (as in CT2). In Australia the Public Access Cordless Telephone Service (PACTS) is seen as a ötethered radioì technology insofar as inter-cell handover will not be allowed. in conjunction with the base site. If more cells are put in to cover the same area.Global System for Mobile Communications Coupled with this is the low range of DECT. While it is technically possible to overcome this. Whereas GSM employs pre-planned frequency allocation for each base site. like CT2. Once the call is finished. the quality of service was not always what it could have been and one excuse given for this was the lack of spectrum available. the size of the cell has to be reduced. can also be used as an extension to a domestic fixed line or an office PABx (Private Automatic Branch Exchange). Handover is another area where DECT differs from GSM. Some major differences to GSM are evident in the way DECT works. There is a practical limit to how small the cell can be since. the Government negotiated for a temporary extension to the spectrum which was called Extended TACS (ETACS). Michael Clayton . Finally. Nobody quite realised that such meteoric growth would occur. In effect. the penetration of cellular radio into the United Page 12 Copyright ©1991.

Michael Clayton Page 13 .2. The potential market was still large. and invited comments.8 GHz spectrum. in line with the International perception that future mobile systems would operate at around 2 GHz. it was overwhelmingly thought that PCN should be based on a European standard and lastly. to use their phraseology. The emphasis of the Government was to open up the domestic market. while the discussions continued about what PCN should be. it was evident that PCN had real potential which could be pursued immediately. In Australia. First. but should it be a new standard or an existing one? The timescales envisioned for PCN meant that an existing one had to be used. GSM was expected to open up the different market segments at which PCN was aimed. small handsets were seen as viable and this gave rise to the idea of personal communications carried in the pocket. There are some advantages to using the 1. Though there was little knowledge at the time on the effect the increased capacity of GSM might have on the cellular penetration. not least of which is its short range. The British Government published a consultative document called Phones on the Move.8 GHz).GSM .1 Digital Cellular System (DCS 1800) The next step was to get it agreed in Europe which was not an easy task.Global System for Mobile Communications Kingdom (UK) is quite low. as to what PCN really should look like. However. it stands at approximately 15. or so it seemed at the time.8 GHz frequency for mobile communications. Higher frequencies tend to Copyright ©1991. in the end. The initial idea for PCN was to set up a sub-group within European Telecommunications Standards Institute (ETSI). The question most asked of the PCN Operators was what the actual difference was between PCN and GSM and. with the choice between GSM and DECT. The newly licensed British PCN Operators unanimously chose GSM. because of the nature of the 1. at approximately 18 phones per 1000 head of population compared with Scandinavia where it is approximately 42. Also. there was work to be done to define what the technical content of it would be. This was in the range of 1710 MHz to 1900 MHz (~1. Secondly. The second point regarding a European standard was adopted. In most European countries. This fell on deaf ears for the simple reason that Europe was not convinced that Personal Communications Network (PCN) was really required. It is this last point which gives rise to much of the confusion over PCN that exists today. the analogue cellular networks had not attracted subscribers in anything like the numbers experienced in the United Kingdom. 3. Three things arose from this. These small mobile phones would work on a network specifically designed for them and this in turn gave birth to the Personal Communications Network (PCN). but it was evident that the 900 MHz spectrum would not be large enough to cope with demand. separate from GSM. the Government decided to open up a new spectrum to allow further competition. or to provide öresidential deliveryì. the only tangible difference was the frequency used. there was no real consensus at the time.

Global System for Mobile Communications be attenuated quickly. The key is the mass market and concentrating on this aspect is the most effective means of describing how it could be applied. when outside the coverage of the home network.2.2 What really is PCN? It has been mentioned that PCN can mean all things to all people. between GSM and DCS1800. and to share each others coverage. The roll out of DCS1800 (to form the PCN network) requires many more cells than GSM at 900 MHz. here was an advantage that could be utilised. making DCS1800 more economical and possibly more competitive with some existing analogue networks. It should be emphasised that there is no real difference. it is a concept . or DCS1800. with 11 extra supplemental recommendations called öDeltaì recommendations. which is also available for DCS1800. since all Operators will cover the profitable areas. However. but effectively.8 GHz. For roaming. Obviously. from the author's point of view. is billed to the domestic Page 14 Copyright ©1991. Infrastructure sharing involves an interconnection of two different networks. 3. Even so. and indeed some GSM Operators have said they will do so. Each of the members has a Mobile Phone which.GSM . there is no real reason why GSM at 900 MHz cannot offer PCN services. Also there must be agreements between the Operators and the Government to ensure that fair play occurs. Hence. while appearing to stay on the home network. this applies more to the less profitable areas. and this gives rise to containment of the RF signal to very small cells: micro-cells. However. the subscriber must choose which network to use. by allowing different Operators to cover different areas. PCN really will have to be marketed well before it realises its full potential. The DCS1800 standard constitutes the GSM recommendation set. there is a difference with regard to PCN that is worth application of sophisticated marketing utilising the best of technology. Take a sample family of two adults and some children. it was called Digital Cellular System 1800 MHz. the advantage to using this technique is that the cost of rollout is reduced in the short term. The idea behind this is to ensure that DCS1800 rolls out more quickly. This is due to the limited range of 1. The solution to this was to introduce infrastructure sharing. other than the frequency used. a lesson learnt by the PCN Operators. when used around the home.7 times as many DCS cells than GSM cells to cover the same area. not to be confused with roaming. so that the subscriber can move from one to the other without knowing it. and makes DCS1800 expensive to implement. A figure of 2. Notwithstanding the marketing motivations for PCN. To distinguish this work from the GSM work. at a competitive price. and so it was decided to allow work to be done within the existing GSM working parties. but are reflected more easily. Michael Clayton . has been quoted.

In this way a charge. only slightly higher than domestic charges. each member of the family would have a phone best suited to their needs. On arrival at the place of work. more processing power is required for handover when travelling at speed. The parents could have more sophisticated models. school. and some friends. However. or it could be set up on a time basis wherever the subscriber is located. In the meantime. the cost to implement some 500 DCS1800 cells in Europe. parents commutes into work by car or train. a far more cost and frequency effective method is to use a micro-cell to cover a housing estate. The possibility exists here for the phone to be put into an adapter. and more suitable network. and even then it is a long term return. and the adults could receive calls while at the local shops. which could act as a öclocking inì reference. using the office number. The 900 MHz spectrum is less prone to the speed limitation. but all could be easily updated by buying new equipment and inserting the Subscriber Identity Module (SIM). or sub-number attached to the domestic home number. Copyright ©1991. One of the difficulties with DCS1800 is that because of the smaller cells. such as parents. The timed logging-on may well be particularly appropriate for sales teams. It is envisaged here that each phone has a different telephone number. The children could be reached at the playground or at school. As a rough estimate. for that person. doctor. for instance. and in so doing utilise a different. However. DCS1800 and Digital European Cordless Telephone (DECT). When one. Indeed this is one way of implementing PCN around the home. but the key must be the mass market and economies of scale. since it does not need to handover quite so often. A great many calls must be made to pay back an investment such as that.Global System for Mobile Communications account. The analogy with what exists at present is a house with a cordless phone base site and several handsets. or both. eventually the service will come. There could be a process of logging-on to the business service. the same phone can then become the office phone. For instance. It could be that a PCN as described above will come as an amalgamation of several existing services. GSM marks one of the first steps towards it. Michael Clayton Page 15 . any service could be tailored to any need. business calls are also directed to that phone. would increase the range of communications for that family.GSM . is put at about A$650 million. such as GSM. With a little imagination. Calls to the personal number still get through but in addition. the children could have a phone limited to a few set numbers. then their phone would incur an extra subscription charge and higher call charges for those calls made while travelling. In conjunction with the service offered.

In America. but the solution may be shortlived. It is yet to be seen what form the overlay of a digital network onto the present analogue network will take. Called Digital Advanced Mobile Phone Service (DAMPS). The acutely limited spectrum available in Japan will probably be saturated by 19941995. the extreme lack of available spectrum to introduce a new cellular standard has forced the USA to focus development on a digital enhancement to the existing analogue standard. This is expected to be an issue in the future since some analogue channels will be retained to continue to allow inter-operator roaming.6 GHz.Global System for Mobile Communications 3. Indeed.3 International Rivals to GSM13 There are two main rivals to GSM in the international arena. it is based on an interleaving of digital technology into the analogue spectrum.GSM . The other contender is a Japanese system proposed by the Japanese state operator NTT. using dual mode mobile phones. though there have been some problems keeping the interference between the two technologies to an acceptable level. Michael Clayton . Page 16 Copyright ©1991. The increased capacity is expected to quadruple the channel usage that is possible with Advanced Mobile Phone Service (AMPS). and so the digital system could well be transplanted to 1. such is the demand for spectrum in Japan that the new cordless telephone services could be introduced directly at 2.5 GHz.

Radio traffic passes between the BSS and the Mobile Stations (MS) on the radio uplink (Mobile Station to PLMN) and the downlink (vice versa). This is done using Location Registers. The purpose of the BSS is to manage all aspects of this RF uplink and downlink. the GSM service. using the appropriate Mobile Station (MS) or mobile phone. The areas covered by the limited range transmitters are the radio öcellsì of the system. or a number of. part of this efficiency is achieved by using standard cellular technology and providing many transmitters each with a limited transmitter power. must service this large area. so that the Radio Frequency (RF) signal does not travel very far. there is a requirement for tracking of subscribers and handover of an ongoing call to the next cell.Global System for Mobile Communications 4 GSM COMPONENTS14 The complete GSM Public Lands Mobile Network (PLMN) is an extremely complex machine. In GSM. This is provided by Mobile Services Switching Centres (MSCs). to provide communications. A limited resource.GSM . allowance must be made for the subscriber to move from cell to cell and still obtain. Consequently. or continue to use. Michael Clayton Page 17 . but with more versatility. It is not surprising. At the lower level of the PLMN is the radio subsystem. 4. This is dealt with by the second layer of a GSM PLMN. It is similar to that function found in a fixed telephone network. and dictates the power each should use. each one serviced by a base site. the switching function. therefore. It is by doing this that the same RF channel can be used many times over in non-adjacent transmitters without much interference. which could not be done unless the channels were used as efficiently as possible. It can be likened to a complete fixed telephone network. Since the point of cellular radio is mobility. It allocates the channel for each Mobile Station to use for calls.1 Base Station System (BSS)15 The Base Station System (BSS) constitutes the function used to give radio coverage for one particular. that the subscriber can make calls. It is from within this specified coverage area. in order to monitor the status of particular mobile subscribers as they travel across the PLMN. Finally. namely the radio channels. It then monitors the link between them and finally Copyright ©1991. which provides radio coverage of a GSM service area. with the addition of a radio subsystem on the end to provide the mobility function. that it is broken down into various functional layers dealing with specific areas. information on them needs to be stored in a central place for easy access. cells.

using an encryption key. that of a Base Station Controller (BSC) and a Base Transmitter Station (BTS).Global System for Mobile Communications controls the release of the channel when the call is over. The Base Station Controller is the function within the BSS that controls the transmitter/receiver units within a BSS. These are analysed by the BSS to find out which cells the call could successfully be handed over to and the result is passed to the Mobile Services Switching Centre (MSC). and a number of these BTSs will be linked to a Base Station Controller.2 Base Transmitter Station (BTS) The Base Transmitter Station (BTS). It also collects data on the measurements of adjacent cells which are made by the mobile station and transmitted to the PLMN. A third part. The BSS also carries out the encryption of all data being transmitted. there is an option for a Network Operator to allow the BSS to perform autonomous internal handovers between different channels on the same cell. This last function would be in response to a command from the Mobile Services Switching Centre. The Base Station System is broken down functionally into two component parts. Consequently. This information is then used by the MSC to determine when it is appropriate for that Mobile Station to be handed over. When a handover is required. constitutes the physical equipment required to communicate with the Mobile Station. This may be required where a channel in use would be more appropriately used by another Mobile Station.1 Base Station Controller (BSC) The BSS can control one or more cells. either because the call has ended or the subscriber has been handed over to continue the call in another cell. is normally associated with the BSS. Page 18 Copyright ©1991. or between cells controlled by the same BSS. and simply controlled by the BSS. it defines the configuration of radio channels in respect of their use as traffic channels or signalling channels. Michael Clayton . Other ancillary functions of the BSS relate to ensuring that the cells are run efficiently. which correspond to the cells. it is normally ordered by the Mobile Services Switching Centre.1. Figure 7: Base Station System Configuration8 4. However.1. For each cell there is a BTS.GSM . the Transcoder. forming a Base Station System. A similar encryption function takes place in the Mobile Station. which is also passed from the Mobile Services Switching Centre. 4.

and dictating when and where handoffs are to occur. 4.2 Mobile Services Switching Centre (MSC)16 The Mobile Services Switching Centre (MSC) can be thought of as the interface between radio part and the fixed. the MSC has to perform extra functions on top of pure switching. In the fixed telephone network. These are concerned with monitoring of radio resources. GSM needs to route calls through the network by öswitchingì them to the correct destination.3 Transcoder The nature of the encoder used to change speech into digital signals within GSM. a transcoder is used to change GSM speech data into fixed network speech data. Because of the difference. In some cases. part of the GSM Public Lands Mobile Network (PLMN). What makes the Mobile Services Switching Centre (MSC) different from switches in the fixed telephone network. or transit. Michael Clayton Page 19 . the encoder has been designed to encode just speech. because of the mobility requirement of the Mobile Stations. it is normally considered a part of the BSS irrespective of its geographical location. containing several Base Station Systems (BSS). a dialled number will always be associated with a fixed location. for transmission over fixed lines. This means that a higher data capacity must be provided by the fixed network than is available in GSM. In GSM. Since there is no guarantee that the Mobile Station will remain in one Copyright ©1991. is that the MSC must cope with the mobility of the subscriber. is different from that used by fixed networks. using particular characteristics of speech which allow the amount of data to be reduced. the analogue speech is directly encoded into digital data as if it were a sound like any other. This function could be carried out at the BSS or at the Mobile Services Switching Centre. As in the fixed network. The MSC must also register and update information kept in central storage entities.1. it is also the interface between the GSM PLMN and other networks. In order to make this task a little more orderly. but in GSM the dialled number is associated with a subscriber who could be anywhere. for incoming and outgoing calls. Within this area the MSC controls all the switching functions for Mobile Stations located in any of the cells. On the fixed telephone network.GSM . but in GSM. each Mobile Services Switching Centre (MSC) has a service area under its control.Global System for Mobile Communications 4. MSC Configuration10 Figure 9: In addition.

3 Visitor Location Register (VLR)17 Associated with each MSC is a Visitor Location Register. a note of its location is kept in a central storage entity. The difference only comes down to the provision of an external link. with the interface being a commercial matter agreed between the Operators of the PLMN and the connecting network. it should be noted that there is nothing special about a GMSC and it is equally possible for all MSCs to act as Gateway MSCs. Whenever a Mobile Station makes a call. Thus the type of information stored is the Mobile Station identity. it is unlikely that the operator of a PLMN will allow direct interrogation of the sensitive subscriber data stored in the Home Location Register. or Network Operator option. or into a few central points for distribution. calls may be fed into the PLMN at the most convenient point. Whatever the reason. What is needed is an entity to act as a buffer. the location area in which the Mobile Station was last registered (ie. get the location and then route through to it directly and quickly. Figure 11: Gateway MSC Configuration12 The choice of which Mobile Services Switching Centres (MSC) can act as Gateway MSCs is left as a national matter. Michael Clayton . which cell) and some data associated with the subscription and supplementary services.GSM . A similar process is done for incoming Page 20 Copyright ©1991. It could be that the user has not subscribed to that type of call. Any MSC trying to find a Mobile Station is able to go to the storage entity. the VLR is used as the reference by which the call attempt is tested and allowed or denied. This information is stored locally in a Visitor Location Register (VLR). or for only a designated few to fill that role. but whatever form the PLMN takes. and is only that required to enable the Mobile Station to make and receive calls while registered with the MSC.1 Gateway MSC The configuration of a GSM PLMN can vary. 4. To deal with this. or perhaps a barring program set up by the subscriber precludes it. When an MSC is used in this way. the MSC refers to the VLR to make sure that the requested call is permitted. and centrally in a Home Location Register (HLR). and it falls to the MSC to fulfil this function.2. it is possible for calls to come into it from many different points. The information stored in the VLR is temporary. Irrespective of the choice.Global System for Mobile Communications place for any length of time. 4. The size of the VLR and the number of Mobile Stations stored will dictate whether a VLR serves just one MSC or several MSCs. This is a database which temporarily stores information on each Mobile Station within all the MSC areas served by that VLR. it is termed a Gateway Mobile services Switching Centre (GMSC). However.

the HLR passes back the last known location of the Mobile Station. 4. All information transfer involving the subscriber is done using the IMSI. Copyright ©1991. Michael Clayton Page 21 . The MSISDN is effectively the phone number of the Subscriber Identity Module (SIM). the information is distributed to where it is required or requested within the PLMN. becomes the Mobile Station. The HLR checks the call to see if it is allowed as part of the subscription.Global System for Mobile Communications calls. which when inserted into the mobile equipment. For incoming calls. from this point. all the parameters associated with those services and where the subscriber is located or was last registered. For each subscriber.4 Home Location Register (HLR)18 The Home Location Register is the central database for all subscribers to the GSM PLMN. In it is stored all the necessary information on the identity of each subscriber. at the same time. Effectively. the information on it is retrieved from the Home Location Register for that Mobile Station and. since all PLMN functions involving the subscriber are ultimately referred back to it. It is through this database that all administrative procedures are carried out by the Operator. Any new subscriptions or subscription changes are entered into the HLR and. Once the MSISDN has been used to identify the IMSI of the Mobile Station. the VLR mainly controls the paging of the Mobile Station. Any incoming calls to a particular subscriber's Mobile Station are identified as such by the HLR interpreting the MSISDN and linking it to an IMSI. and if it is. what services each subscriber is entitled to use on the PLMN. the new location is stored in the Home Location Register. When the Mobile Station roams into a new MSC area. but by another register called the Home Location Register (HLR). the HLR looks up the subscription record of that Mobile Station.GSM . not normally by the VLR. Mobile Station information is always referenced to a central database called the Home Location Register. this MSISDN is the external identity of the subscriber. the HLR stores and uses two important permanent numbers to route incoming calls: IMSI MSISDN International Mobile Subscriber Identity Mobile Station International ISDN Number The IMSI is a unique number which identifies each subscriber on the PLMN and is only used within the GSM PLMNs. There are many VLRs in a GSM PLMN and so to avoid possible duplication in the PLMN.

due to the secure nature of their function. as well as the Authentication Centre (AUC). where it may be overheard. Similarly. then the authentication is accepted. There is a hierarchy within the PLMN which corresponds to the levels in it. These are normally Signal Point Codes and are not dealt with here.1 Authentication Centre (AUC) As the name suggests. with additional links to the HLR and VLRs. Michael Clayton Page 22 . the MSCs are interconnected. which must itself be situated in a secure environment. is performed in both using information known only by the HLR. the Authentication Centre is an entity used in GSM to perform tests and ensure that Mobile Stations are who they claim to be.6 Addressing20 Each and every component of a GSM Public Lands Mobile Network (PLMN) has some form of identity which is used as an address to access it. 4. all that need be sent is a random number one way. By having the calculation function in both places. In some cases this is a local identity.Global System for Mobile Communications 4.4.5 GSM Configuration19 Not all of these components are connected together. AUC. There is no interconnection between BSSs. such as the address of a Base Station System (BSS) from the controlling Mobile Services Switching Centre (MSC). The Visitor Location Register is connected to the HLR. The procedure is performed like this to ensure that no sensitive information is passed over the radio interface. A special calculation function known only by the AUC and a module in the Mobile Station called a SIM. There can be more than one Authentication centre in the Public Lands Mobile Network (PLMN).GSM . The Home Location Register (HLR) is connected to all Mobile Services Switching Centres (MSC) and Visitor Location Registers (VLR). and that one specific SIM. need some form of identification which has Copyright ©1991. there is also a connection to the Base Station Systems (BSS) under its control. it is expected that they will normally be associated with a Home Location Register. and they can be implemented together with other functions. other VLRs and the Mobile Services Switching Centres (MSC). however. However. If the results of both correspond. and the result the other. However. The larger components. Figure 13: GSM Network Configuration14 4.

Global System for Mobile Communications local and international (global) significance. a country code. Addressing within one PLMN.7 Mobile Station21 This section primarily deals with the GSM components which make up the PLMN infrastructure. and again acts like an ISDN telephone number. However. 4. The only situation where mobile equipment can access the GSM Copyright ©1991. a temporary number is used which identifies the correct Mobile Station in the foreign PLMN. and a subscriber identification number.8 Mobile Equipment22 GSM differs from existing cellular systems in that the mobile equipment is essentially a dumb piece of equipment. for international access to the Home PLMN. it can route to the desired component.GSM . This temporary number is called a Mobile Station Roaming Number (MSRN). These translate internationally to a country code.164). The second. There is no information programmed into the hardware of the device which identifies a subscription to the GSM PLMN. and can be formed using the International Mobile Subscriber Identity (IMSI) of a particular Mobile Station. is the Global Title. an attempt to access the GSM PLMN using just a piece of mobile equipment will normally fail. As long as a network can understand the significance of the information contained in an address. which is the subject of the access. universal address. a national destination code and a subscriber number respectively (CCITT E. 4. Instead. This approach has been adopted so that flexibility can be put into the routing within different networks. this Global Title can be treated as an ordinary ISDN telephone number. which is out of the scope of this report.214). or indeed perhaps one country. More importantly. a similar Global Title is used. in the other direction from an HLR to a foreign Visitor Location Register (VLR). a mobile network code. but the IMSI of the Mobile Station which is the subject of the access is not used. So. but it is worth briefly describing each here for the sake of completeness. there are two components which are equally as important and without which the GSM PLMN is useless. Both of these components are dealt with in separate sections. the Global Title points only to the HLR to avoid confusion. This Global Title is based on international standards principles (CCITT E. These are two components are the mobile equipment and the Subscriber Identity Module. Whenever this is done. Similarly. It is formed of three parts. Michael Clayton Page 23 . It is formed in the same way. this temporary number points to the IMSI of the required Mobile Station. can be achieved using Signalling Point Code. Once connected to the VLR of the foreign network.

It can be seen therefore that. but this is a national option.GSM . in order to make a call. Michael Clayton . This removable module contains all the information required to allow the GSM PLMN to identify the subscription to which call charges must be directed. making the piece of mobile equipment useless without one. This combination is referred to as a Mobile Station. these are supplied by the Subscriber Identity Module (SIM). The process of inserting the card into a piece of GSM equipment will allow any GSM phone to be that subscriber's own phone. The significance of this is that GSM will now enable the subscriber to carry his subscription details on a credit card sized piece of plastic. Page 24 Copyright ©1991. It also contains functions which provide security in isolation to the mobile equipment.9 Subscriber Identity Module (SIM)23 Since the mobile equipment does not contain subscription details. 4. a valid SIM must be inserted into the mobile equipment.Global System for Mobile Communications PLMN without subscriber information is for an emergency call. with the mobile equipment supplying the physical means to access the GSM PLMN and the SIM providing the identity and subscription details.

Michael Clayton Page 25 . Once the Mobile Station knows where it is. This PLMN is termed the Home PLMN (HPLMN) for that subscription. the Mobile Station knows where to find. In each cell. These channels. Using this information. and with the knowledge of this HPLMN the Mobile Station hunts for that network. some of which is transferred to and stored in it. 5. the Access Grant CHannel (AGCH) and the Random Access CHannel (RACH). it can inform the PLMN that it is now active. broadcast channels continuously transmit the identity of the PLMN together with other information which enables the Mobile Station to talk to it. It then chooses the clearest BCCH of its Home PLMN and analyses the information contained in the messages broadcast. the Mobile Station it identifies which PLMN that subscription is valid for. it always checks if a Subscriber Identity Module (SIM) card is present. and is required to prove the validity of the subscription to the PLMN. collectively known as the Common Control CHannels (CCCH). Effectively. This SIM card holds all the necessary data to identify a mobile subscriber. are the primary means for the Mobile Station to access the PLMN and for the PLMN to öpageì the Mobile Stations. the Mobile Station identifies all those BCCHs it can receive. In the course of hunting for the HPLMN. the Paging CHannel (PCH). Part of this information is the organisation of the signalling channels used within that cell.Global System for Mobile Communications 5 GSM MOBILITY MANAGEMENT FUNCTIONS24 One of the major objectives of GSM cellular. a piece of Mobile Equipment (ME) becomes a Mobile Station only when a valid SIM is inserted. This section deals with those functions which monitor the positions of the Mobile Stations across all GSM PLMNs.GSM . and still be able to make and receive calls. which it does using the Random Access CHannel. is that the subscriber is allowed to go anywhere within coverage of any GSM Public Lands Mobile Network (PLMN). It follows.1 First Registration25 Whenever the Mobile Equipment (ME) is turned on. Using the information stored on the SIM. some will be traffic channels but others will be used for specific control purposes. that GSM supports mobility management functions which allow this to be possible. It is called the Random Access CHannel because the PLMN has no idea when such an attempt will be Copyright ©1991. amongst others. not just those of the Home PLMN. These are the Broadcast Control CHannels (BCCH). Of the channels used in that cell. therefore.

so that identification can be verified. and it is possible that two will try at the same time and collide.GSM . the PLMN can work out where to find the registration information. that the new registration is first activated in the coverage of the Home PLMN. but even if this is not so. The identification information can be given in two ways: by an International Mobile Subscriber Identity (IMSI). Other Mobile Stations within that cell can also make attempts. with some fields left blank. This different channel is called a Dedicated Control CHannel (DCCH) The random access procedure is essentially the same for all types of access to the PLMN. for analysis. It is at this point that the VLR. If an attempt is successful the PLMN grants an access. Even so. and wait for the Mobile Stations to try again which they do after a random time interval dictated internally. If this occurs. The information is stored there and kept while the Mobile Station remains within its service area. which is passed via the Mobile Services Switching Centre (MSC) to the Visitor Location Register (VLR) associated with that MSC. the HLR makes a note of where that Mobile Page 26 Copyright ©1991.2 First Location Updating26 Once the Mobile Station re-tunes itself to the Dedicated Control CHannel (DCCH). On receipt of the IMSI. The latter case is the preferred means of identification since it does not compromise the confidentiality of the subscriber. Michael Clayton . the PLMN ignores both attempts. This is one of the very few times that an IMSI is sent over an open air interface. it is asked to identify itself. an access is made to the HLR regarding this IMSI and the resulting subscription and security data is passed back to the VLR. Meanwhile. is an indication of the type of services required. within the access message sent. the Mobile Station still sends a normal Location Update message. or by supplying data which has been stored from the last time the Mobile Station accessed the PLMN. for now. if the registration is new and this is the first time the Mobile Station has been switched on. with a command to move to a different channel in order to keep the RACCH and AGCH free for access attempts by other Mobile Stations. The PLMN needs to know enough information to know where the subscription details for that Mobile Station are kept.Global System for Mobile Communications made. the IMSI contains enough information to identify the correct Home Location Register (HLR) anywhere in the world. noting that there is no information available on the last registration. then the IMSI is the only information that is available. Once identified. This allows the PLMN to apply some order of importance to the access attempts received. However. In this case the indication is for a basic service such as Location Update. It is assumed. 5. This is explained in the next section. requests that the Mobile Station identify itself with the IMSI. on the Access Grant CHannel (AGCH). However.

As part of the Location Updating the VLR will have pairs of RAND and SRES values stored for each Mobile Station. At some point.2. So if the response from the Mobile Station matches that stored in the VLR for the associated Random Number (RAND). The Mobile Station is now known to the PLMN.1 Authentication Check This is the process by which the Mobile Station proves to the PLMN that it is the Mobile Station that it claims to be. will be a unique Signed RESponse (SRES) for that SIM. This is called the Authentication Algorithm or A3 algorithm.GSM . The mobile equipment passes the Authenticate message and random number to the SIM.2.2 Ciphering Data Associated with the authentication process. The next step is for the PLMN to make the Mobile Station prove it is who says it is. via the MSC and the Base Station System (BSS). the result of which is an answer forming the response sent back to the PLMN.Global System for Mobile Communications Station is now located so that it can route incoming calls to it. When the SIM is given a command to Authenticate. together with its Authentication key (Ki). and the process has been designed to be as secure as possible. but there has been no check as to its authenticity. any information sent so far has not been protected. Furthermore. since all authentication procedures are performed entirely by the SIM. The mobile equipment passes the response (called Signed RESponse (SRES)) from the SIM to the VLR via the BSS and MSC. This algorithm is a complex calculation. and the random number to the A3 algorithm. and also in a secure part of the card. before the card is issued to the subscriber. and the expected Response (SRES). to the A3 algorithm. not the mobile equipment. 5. It is also the point where the difference between a Mobile Station and mobile equipment becomes apparent. it takes the random number and submits it. Once the VLR has sufficient information about the subscription it sends an Authenticate message. the IMSI and an Authentication Key (Ki) are added. and this is done by an Authentication Check. and so the result of presenting it. At a later stage. The mobile equipment only acts as a medium for the information flow. an algorithm is embedded into a very secure part of the card. The used RAND/SRES pairs are then discarded by the VLR. to the mobile station with a Random Number which is called RAND. then the Mobile Station is positively authenticated. The whole process relies on the fact a particular Ki is only known by one SIM. is a cipher key generation process Copyright ©1991. These are unique to each and every SIM card. 5. Michael Clayton Page 27 . These are associated values of the Random Number (RAND).

which is why identification of the Mobile Station using a TMSI. The TMSI is allocated by the VLR. The ciphering and deciphering processes need to be synchronised to avoid confusion. Assuming a positive authentication. As soon as the Mobile Station successfully receives the command it simultaneously starts enciphering and deciphering. as its name suggests.3 Temporary Mobile Subscriber Identity (TMSI) The final process required for the first Location Update. On the PLMN side. in abnormal cases like a first registration. The actual process of ciphering is explained later. In all other situations. Figure 15: Cipher Start Sequence16 Finally the PLMN starts enciphering once it receives a correctly ciphered message back. The TMSI. to be used for the ciphering of data over the air interface. Thereafter. is for the PLMN to allocate a local identity. irrespective of its content. 5. is only kept and used while the Mobile Station is within a given location area. a counter called the Cipher Key Sequence number is incremented. a temporary identification is used. and is passed to the Mobile Station only when Page 28 Copyright ©1991. The maximum value of this counter is four. the ciphering process is started as soon as the Base Station System (BSS) and the Mobile Station have a Cipher key (Kc). the Kc is passed to the BSS. but here the way it is turned on is dealt with. Michael Clayton . Normally.GSM . everything sent across the air interface for that session is protected. Each time a Cipher key is produced. which the Mobile Station is now given in the form of a Temporary Mobile Subscriber Identity (TMSI). after which it starts from zero again.Global System for Mobile Communications which uses the same random number RAND and another algorithm known as the A8 algorithm to produce a Cipher Key (Kc).2. normally that covered by an MSC/VLR combination. This is done by the BSS sending a command to start ciphering. As mentioned earlier. after which it starts deciphering only. whereas the RAND and SRES are discarded after use. This is stored both in the SIM and in the mobile equipment for use in ciphering traffic between the Mobile Station and the Base Station System (BSS). sending an International Mobile Subscriber Identity (IMSI) over the air interface is only done in abnormal cases. A simple comparison of this number on both Mobile Station and PLMN side. Up to this point nothing sensitive should have been sent with the exception. is used later as a simple test for Cipher Key (Kc) compatibility. should always be accompanied by the Location Area Identity (LAI) defining where the TMSI was valid. the Mobile Station is now ready to start ciphering all data across the air interface. It has only local significance. the Kc is stored in the VLR with the RAND/SRES pairs but. where the IMSI is sent.

a number may have been partly entered. As it moves away from its current cell. However.3 Normal Location Updating27 As the Mobile Station moves through the area covered by the GSM networks. This procedure is called handover. over a secure link. it checks the Location Area of the cell against the value stored.4 Normal Service The Mobile Station is now ready to make and receive calls. However. 5. the size of which is defined by the configuration of the PLMN. Part of the data transmitted constantly on the BCCH's is a Location Area Information element. If they differ. Attach/detach is dealt with separately.Global System for Mobile Communications ciphering has been established. Those cells with increasing signal strength are identified as target cells. depending on how large the cells are in relation to the average number of subscribers in each. Location Updates can also occur periodically dependent on a timer in the Mobile Station. in others a number of cells. Copyright ©1991. in the case where no call is in progress the Mobile Station merely re-tunes to the new cell and analyses the information transmitted. These occur each time it moves out of a designated location area. 5. its position in the PLMN is monitored by regular location updates. the decision to re-tune to a new cell is taken by the PLMN. it is unlikely that the SEND button will have been pressed before this stage. If this is the intention of the person using the Mobile Station for the first time then. In some cases it could correspond to just one cell. and monitor the Broadcast Control CHannels (BCCH) and the Common Control CHannels (CCCH) waiting for incoming calls. the mobile requests a Location Update. the Mobile Station camps on the new one. When the strength of the signal from one of the new cells reaches a certain level above that of the original cell (as defined by a special algorithm). (handoff) and is dealt with elsewhere. the signals transmitted from that cell become weaker in relation to the signals from at least one of the surrounding cells. during the above process. or in response to an Attach function signalled via the BCCH in the current serving cell. This being the case. The Mobile Station constantly monitors the surrounding Broadcast Control CHannels (BCCH) while in idle mode as well as monitoring the CCCHs of its current cell for incoming calls.2. and are potentially the next cells for the Mobile Station to use. the Mobile Station is released by the PLMN. to sit in idle mode. When the Mobile Station camps on a new cell. It should be stressed that at this stage the Mobile Station is in idle with no call in progress.GSM . Michael Clayton Page 29 . Where a call is in progress.

and is included in the authenticate request message to the Mobile Station. a ciphering process has to be initiated. such as location update. This is defined by the Network Operator.3. an Authentication procedure may not be applicable for such a simple location update. a different process is used. Figure 17: Location Update in One MSC Area18 The Mobile Station is not only staying within the control of the same VLR. is required. is a simple case since. This Kc is a product of the Authentication process performed by both the PLMN and Mobile Station.1 Cipher Key Sequence Number The Cipher Key Sequence Number is managed by the PLMN. This however. Page 30 Copyright ©1991. This is done using the cipher key sequence number. It is possible for an Authentication to be performed at this point. As before. The Mobile Station makes a random access to the PLMN using the Random Access CHannel (RACH) as before. though normally this is only needed in the more complex cases of Location Update.GSM . but this still needs to be verified at both ends. In this case. with an indication that a basic service. In this case the the process can be viewed merely as an administration function on the MSC. Both the PLMN and the Mobile Station still have the old Kc.1 Location Updating in one MSC Area Location updating occurs when the Mobile Station has moved to a new location area.1. when it reaches four it is reset to zero once again. Being cyclic. the same Cipher Key (Kc) is required on both the Base Station System (BSS) and the Mobile Station. if a full authentication process is not required. when the Mobile Station supplies identification on the DCCH. 5.3. It is merely a number incremented at each successful generation of Kc. under the control of the same Mobile Services Switching Centre (MSC) as the old location area.Global System for Mobile Communications 5. Hence. Before the new TMSI can be sent across the air interface though. However. the Visitor Location Register (VLR) will recognise it as one about which it already has information. but the same MSC also. The Mobile Station is allocated a Dedicated Control Channel (DCCH) and is then asked to identify itself and specify which service is required. Michael Clayton . the procedure for Location Updating in this case is simplified to the allocation and ratification of a new Temporary Mobile Subscriber Identity (TMSI) and Location Area Identity (LAI) pair.

2 Location Updating Between Different MSC Areas The routing information used by the Home Location Register to put incoming calls through to the Mobile Station relies on knowing which Mobile Services Switching Centre (MSC) the Mobile Station is attached to. The old TMSI is sent to the old VLR with a request for the corresponding International Mobile Subscriber Copyright ©1991. it is released. Finally. as before. Finally.3. and the Mobile Station returns to idle mode. as before.Global System for Mobile Communications The Mobile Station passes the Cipher Key Sequence Number to the PLMN in the Location Update Request and. It sends this new location information to the HLR to be stored there.3 Location Updating Between Different VLRs Invariably. and then changes its own reference to the old TMSI and LAI to the new ones. if it corresponds to the one stored in the VLR. From the TMSI and Location Area Identity (LAI) supplied.GSM . Also. 5. then the VLR knows which Kc is current. 5. Figure 19: Location Update between MSC Areas20 On sensing that it is in a new Location Area. where they are stored in the mobile equipment and the Subscriber Identity Module (SIM). since it is still possible in this case for the Cipher Key Sequence number to be used. Michael Clayton Page 31 .3. encryption over the air interface must be initiated prior to sending the new data. where the new MSC is different but are both controlled by the same Visitor Location Register (VLR). the new TMSI and LAI are sent to the Mobile Station. and so when the VLR examines the LAI from the Mobile Station. This is a Network Operator option. the VLR must inform the Home Location Register of the Mobile Station's new location to ensure that calls are routed to the correct MSC. the Mobile Station requests a Location Update using the random access procedure described before. it recognises the same PLMN and will access the old VLR directly. In this update scenario. Once the Mobile Station has received and acknowledged the new data. and how to identify that Mobile Station locally at that MSC. The procedure of setting the cipher key is dependent on whether an Authentication has been initiated or not. This corresponding Kc is then passed to the BSS and ciphering can commence. In this case. the Mobile Station will cross the boundary between VLRs at some stage. it is the boundary existing between VLRs on the same PLMN. Once ciphering has commenced. the VLR recognises that a new TMSI and LAI are required and issues them. the connection is dropped. new location information needs to be stored in the Home Location Register (HLR).

then the Mobile Station is positively authenticated and the new VLR passes the resulting encryption key Kc to the Base Station System (BSS). These are Automatic Selection and Manual Selection which are described later in the chapter on Mobile Equipment. The new VLR also allocates a TMSI to the Mobile Station. 1 1 The situation where a Mobile Station roams to a different PLMN in the same country is a special case. it is assumed here that a proper Authentication proceeds. The HLR updates its own records and sends back an acknowledgement. 5. It is then up to the HLR to inform the old VLR that it no longer has responsibility for that Mobile Station. Page 32 Copyright ©1991. If the response. and passes it to the BSS for transmission to the Mobile Station. it could be crossing the boundary existing between VLRs of different networks. The new VLR now has enough information to authenticate the Mobile Station.Global System for Mobile Communications Identity (IMSI) and subscriber data for that Mobile Station. Ciphering is initiated. the Location Area Identity (LAI) transmitted from the new cells denotes a different or foreign PLMN1. for the RAND values and the Encryption Key Sequence number.GSM . matches the one held in the new VLR. This is identified by the Mobile Station which must now must allow the user to make a selection of which PLMN is desired. The old VLR hands over the data but does not delete any information at this stage. and even countries. It also includes the corresponding Encryption Keys (Kc). and Location Updating proceeds.4 International Roaming28 When the Mobile Station crosses a Visitor Location Register (VLR) service area boundary. Two distinct possibilities are allowed for in GSM. prior to making an access. inter PLMN roaming in one country is considered a useful feature. While this is technically possible using a similar procedure. Only after an acknowledgement is received back. Michael Clayton . As the Mobile Station seeks for BCCHs. SRES. This is a Network Operator option. It does this using a Cancellation message. does the new VLR send the updated location information to the HLR of the Mobile Station and releases the Mobile Station. While it is possible to get by without using the Cipher Key Sequence Number. The VLR provides a RAND from the pairs and requests the Mobile Station to respond. In Australia. Figure 21: Location Update between VLRs22 The subscriber information sent includes pairs made up of Random Number (RAND) and expected Signed RESponse (SRES) for use in Authentication. this section only deals with the case where a roamed-to PLMN is foreign.

5. SRES. the Mobile Station makes a random access in exactly the same way as it would on its Home PLMN. the PLMN has no way of knowing it. In response. This is important where national roaming between different PLMNs is applied. when the VLR examines the Location Area Identity (LAI) from the Mobile Station. the foreign VLR updates the location information held in the Home PLMN's HLR. the foreign VLR receives some new authentication triplets of RAND. Figure 23: Location Update across International Borders24 The foreign VLR then requests subscriber data for that IMSI from the HLR.GSM . not the old VLR as was the case when both VLRs were in the same network. This data is passed to the Mobile Station once encryption of the air interface has been successfully initiated. Michael Clayton Page 33 . then the old VLR in the Home PLMN still has a reference to that Mobile Station. the Foreign VLR asks for the IMSI of the Mobile Station which contains enough information to identify the Home PLMN's (HPLMN) Home Location Register (HLR). it allocates a Temporary Mobile Subscriber Identity (TMSI) and provides Location Area Information (LAI). which is the international phone number of the foreign Mobile Services Switching Centre (MSC) or VLR. So. In this case the HLR of the Home PLMN cancels this reference. the location information normally constitutes a Mobile Station Roaming Number (MSRN). Having completed the local procedure. These will have been calculated expressly for the foreign VLR by the AUthentication Centre (AUC) associated with the HLR. This is an issue of discussion at present. In this case.5 IMSI Detach procedure29 When a Mobile Station is turned off. Copyright ©1991. and delays can occur if subsequent actions are dependent on the Mobile Station being unavailable. In this case.Global System for Mobile Communications 5. and Kc. However. If the international Location Update took place as a result of the Mobile Station moving across the country/Location Area boundary in idle mode.4. 2 The foreign VLR will not directly access the old VLR unless an agreement exists between the two PLMNs. it will not recognise it since it belongs to a different country and PLMN2. The foreign PLMN then authenticates the Mobile Station in the same way as before and. and GSM is adjusted to allow it.1 International Location Update Once a selection of an available PLMN has taken place. This takes time. despite the Mobile Station not being able to hear any paging. when an incoming call is made it is routed to the last known area. assuming a positive response.

An IMSI Attach signal on the BCCH. such as updating the SIM. because there is no difference between the stored LAI and that transmitted. then the Mobile Station initiates one using a random access procedure just to detach. Michael Clayton . is required. However. Here. no Location Update is initiated and the PLMN has no knowledge that the Mobile Station is once again active. though. the IMSI detached information is either stored in the Visitor Location Register (VLR) with no information being passed to the HLR. by signalling to the PLMN prior to going inactive. all incoming calls to a detached mobile always involves signalling to the VLR to determine its state before call handling Page 34 Copyright ©1991. send the IMSI Detach message and then release the connection. One of the situations where IMSI Attach is useful is where a Mobile Station turns on in exactly the same place it was turned off. the IMSI Detach procedure is aborted and the Mobile Station turns off or the SIMless equipment goes into an idle mode. The requirement for IMSI Detach is indicated as part of the system information t ransmitted by the Broadcast Control CHannel (BCCH). These occur where a mobile specific function. the IMSI Attach procedure is used by the Mobile Station to indicate that it has re-entered the active state. which takes precedence over PLMN signalling. that.GSM . the HLR is informed and an IMSI detached flag is set in the HLR. On the PLMN side. This is not only when the Mobile Station is turned on again. unless the HLR is kept informed of IMSI Detach/Attach status.6 IMSI Attach Procedure30 Conversely. It should be noted that the inactive state could be caused by turning off the Mobile Station. 5. If the HLR IMSI Detach flag is not involved. situations can arise when it is delayed or even omitted. If the option of setting the flag in the HLR is used. If. then an update may not be required. causes the Mobile Station to make itself known. In the latter case the removal of the SIM means that the mobile equipment has no subscription information. then re-entering of the active state by the Mobile Station requires a normal location updating from the Mobile Station to reset it. however.Global System for Mobile Communications The IMSI Detach procedure allows the Mobile Station to indicate to the PLMN that it will be unavailable. and the Mobile Station complies wherever possible. Where a connection exists between the Mobile Station and the Base Station System (BSS). or optionally. or indeed by just removing the Subscriber Identity Module (SIM) from the mobile equipment. the access fails or the connection is lost. If no connection exists. It should be noted. the turning off of the Mobile Station causes the PLMN to release the call. but also where a SIM is inserted into an active but idle piece of mobile equipment. No confirmation is sent back to the Mobile Station.

then the reference to that PLMN in the list is deleted. Also.7 Abnormal Cases31 There are a number of reasons why a location update may not be achieved. Cases like these could arise where the PLMN identifies a stolen piece of mobile equipment. In these cases. it is possible for the list to be overridden. the Mobile Station adds the identity of the PLMN to a Forbidden PLMN list stored in the SIM. presence of the chosen PLMN on this list stops the access attempt. there are occasions where the location update may be specifically disallowed. Some of these may be concerned with failures of signalling. Copyright ©1991.GSM . the old PLMNs are dropped off the top. the Mobile Station is sent the message that this Location Area is not allowed. or radio problems. If this forced access attempt is allowed by the PLMN. Whatever the reason. (using the manual selection process) and an access is attempted for that chosen PLMN. Michael Clayton Page 35 . As a safety measure. as new PLMNs are added to the bottom of the list.Global System for Mobile Communications can be initiated. However. nor the PLMN gets caught in infinite loops waiting for a response. This can cause delay and increased signalling overheads. timers are used to ensure that neither the Mobile Station. This is to avoid unnecessary signalling. Part of the selection process for PLMNs is that the Mobile Station checks this list to see if it is allowed to access the PLMN. 5. Depending on the type of selection (Automatic/Manual). On receipt of this message. for instance. the length of the list is limited to four and. or where the mobile equipment is causing interference problems to the PLMN.

the PLMN allocates a Dedicated Control CHannel. it has been assumed the mobility management functions have been met also (i. the Mobile Station analyses the number to determine the type of call attempt requested. the Mobile Station identifies itself using the Temporary Mobile Subscriber Identity (TMSI). but to do this a number of conditions must be met. It is monitoring the BCCHs around it and the Common Control CHannels in the cell presently giving service. any Location Updates are successful). Depending on the analysis of the information. 6. It has been assumed in this section that all the above conditions for making a call are met. or invoke an Authentication process. The service type is used by the PLMN to give some priority to the access attempts by Mobile Stations.Global System for Mobile Communications 6 GSM CALL HANDLING32 The primary purpose of any Mobile Station is to make and receive calls. This is done in the same way as for any access attempt to the Public Lands Mobile Network (PLMN). Indeed. by pressing the SEND button or otherwise. using the Random Access CHannel with an indication of what type of service is required. it can request an identification of the Mobile Station. Michael Clayton . Furthermore.e.GSM . Some more obscure ones include the mobile equipment (or SIM) is not blacklisted. In this message. On receipt of a successful access attempt. It is the last case which is dealt with here. It should be noted that this is a generic procedure used for every access to Page 36 Copyright ©1991. some supplementary services allow calls to be disallowed. The obvious conditions include a valid Subscriber Identity Module (SIM) is inserted into the mobile equipment and a valid subscription exists.1 Outgoing Calls34 When the subscriber enters a number. The next step is for the Mobile Station to establish a radio connection. and so this feature must not have been invoked by the subscriber if calls are to take place (see chapter 33). using the International Mobile Subscriber Identity (IMSI). and a Cipher Key Sequence number along with some supplementary information. The choices for the type can be emergency call. For instance. or some types of calls are not being allowed for debt management reasons. As soon as the subscriber initiates the call. the Mobile Station is in idle mode. which the Mobile Station seizes at the first opportunity. set-up of supplementary services or just a standard outgoing call. The Mobile Station sends a service request message to the PLMN giving details of exactly what type of service is required. the Visitor Location Register (VLR) can start a number of identity related procedures.

Another part of this process checks to see if the call conflicts with any supplementary services settings. the Mobile Station is still on a control channel. the call attempt is allowed to continue. roamers may well be treated differently since it is stipulated that they must be authenticated at least as often as on their own HPLMN. then the Cipher Key Sequence number sent in the service request is compared to the one held in the VLR. a Traffic CHannel (TCH) is be allocated to the Mobile Station. The complete set-up message is passed to the VLR. or is allowed for general use. So. This is called a subscription check. in that it checks the required service against that which has been paid for by the subscriber. and is used by the Mobile Services Switching Centre (MSC). The differences between PLMN Operators is one area in which the GSM Memorandum of Understanding (GSM-MoU) will arbitrate. must be initiated at every call attempt to protect the data. then a new Cipher Key (Kc) is available.1 Traffic Channel Allocation At this stage. such as call barring. In particular. If the Mobile Station has just been authenticated. then this should be complied with in Australia. irrespective of the frequency used there. such as speech. 6. the Dedicated Control CHannel (DCCH). Michael Clayton Page 37 . and is sent to the Base Station System (BSS). It is unlikely. that a Mobile Station will be authenticated at every call attempt in its own network. It is by using this procedure that allows the PLMN to identify and/or authenticate the Mobile Station at any access attempt. which checks the subscription for non-allowed call attempts.GSM . the called party's telephone number is sent. then the VLR passes the corresponding Kc to the BSS and ciphering can commence. to route the call to the desired destination. if New Zealand wishes their subscribers to be authenticated at every attempt. The Mobile Station acknowledges the allocation and re-tunes to the Traffic CHannel (TCH) to make contact. Before the PLMN initiates call establishment in the fixed network. The BSS allocates an appropriate channel and signals this to the Mobile Station. rather than a control channel which is set up purely for signalling. Copyright ©1991. The frequency of authentication is once again a Network Operator choice for subscribers in their own PLMN. The ciphering process.Global System for Mobile Communications the network. If this is not the case. It is different from Authentication. by sending a call set-up message containing all the information required by the PLMN to process the call. However. due to the signalling overheads. however. and is completed for all user-initiated PLMN accesses. If the sequence number corresponds to the one stored in the VLR. This is a specific type of channel which carries user data. Only now is the Mobile Station ready to initiate the outgoing call. If there is no conflict in either subscription or service settings.1.

However. this may cause some delay and. this is to avoid conflicts with release timers in the originating network.Global System for Mobile Communications Once ringing. Off air call set-up is not the same as call queuing. This is called Off-Air Call set-up (OACSU). the Mobile Station is put into a queue to wait for the next available TCH. If there is no answer within a pre-determined time. both are connected to allow the conversation to progress. has been initiated at the called party side. \ In OACSU. There are some restrictions which apply to OACSU. The ring-tone. For instance. as soon as the called party answers. and is implemented to increase the call handling capacity of the PLMN. Alternatively. Also. which may also be applied in GSM. 6. there is a Network Operator's option of setting up the call without allocating a Traffic CHannel (TCH). the Traffic Channel is still reserved for when connection takes place. when the Mobile Station is still on the DCCH. the Network Operator may optionally connect the user to the channel if ring-tone i\ s sent by the remote end. once the alerting (ringing) at the called party end is passed back to the MSC. once the call set-up information has been passed to the PLMN. cross compatibility between those mobile equipments and PLMN infrastructures which support OACSU and those which do not. the user is not connected to the channel and the tone is locally generated at the Mobile Station. the MSC sends a Call Connected message to the Mobile Station which stops the local ring-tone and connects both parties to the channel. This is to avoid conflicts with release timers in the originating network which time-out waiting for allocation of the Traffic Channel. It involves allocating a Traffic CHannel at some time after call initiation. Once again. where the TCH is not allocated until the called party has actually answered the call. and it can apply to both incoming and outgoing calls. In call queuing. Once the call is answered. The final restriction is that it should only be applied to telephony calls. it should not be applied to international calls or calls from unknown networks. or other form of alerting. Michael Clayton . In the latter case. should be ensured. it initiates a signalling message to the Mobile Station to start alerting. for this reason.2 Off-Air Call set-up (OACSU) As an alternative. However. The extreme case of this is late assignment. Queuing is allowed in GSM to help increase efficiency. Page 38 Copyright ©1991. is generated locally at the Mobile Station.GSM .1. queuing should also not be applied to incoming calls via international circuits or from unknown network sources. the Mobile Station initiates call clearing. like many of the call indication tones.

then either the call attempt is rejected.2 Incoming Calls 35 Incoming calls can come from any number of places. all incoming calls using an MSISDN must go via the called party's Home PLMN and Home Location Register (HLR). no matter what the source of the call. Using the MSISDN. the HLR must interrogate the VLR. it performs a subscription check to ensure that the call is allowed. but in all cases. Therefore. Either the MSRN is stored at the HLR. if the Mobile Station status is active the HLR finds the location of the called Mobile Station and passes it back to the GMSC. the first point of contact with the PLMN will be a Mobile Services Switching Centre (MSC). a check is done regarding the activation status of supplementary services such as call forwards. Where the call is from outside the target PLMN.Global System for Mobile Communications 6. or a Mobile Station Roaming Number (MSRN) which effectively corresponds to the phone number of the required MSC. If the Mobile Station is listed as detached or unavailable. Finally. Figure 25: Handling of Incoming Calls26 The dialled digits corresponding to the Mobile Station International ISDN Number (MSISDN). As part of this. whatever the \source. this first contact MSC will be a Gateway Mobile Services Switching Centre (GMSC) designated for that type of call.GSM . In the latter case. as a PLMN option. or it is allocated on a per-call basis by the Visitor Location Register (VLR). the HLR checks the status of the Mobile Station. to obtain it. In the target MSC the LMSI Copyright ©1991. if all this is positive. the MSC is the one controlling the area in which the calling Mobile Station is located. which it does using a Local Mobile Station Identity (LMSI). Wherever the call is from within the same network. Thereafter. and/or the service has been subscribed to. the first MSC will be referred to here as the GMSC. Two possibilities exist here. The location required is that of the MSC controlling the target Mobile Station. The HLR is then interrogated to find the status and location of the Mobile Station. Michael Clayton Page 39 . give enough information for the GMSC to locate the Home Location Register (HLR) for that Mobile Station. However. This is an important point. for the sake of clarity. or a conditional supplementary service set up earlier. This type of MSRN allocation requires that the HLR identify the correct Mobile Station. is invoked. and it can be in two forms: a Signal Point Code (national only). using this IMSI. the HLR finds the corresponding International Mobile Subscriber Identity (IMSI) for the called Mobile Station.

Alternatively. In this case the \ MSRN stored in the HLR points directly to the correct VLR and IMSI for the called Mobile Station. when the Mobile Station makes an access in answer. In either case. Page 40 Copyright ©1991. with other information such as the Cipher Key Sequence Number. 6.2. where. depending on the information required. the VLR initiates a paging of the Mobile Station using a paging request on the Paging CHannel.Global System for Mobile Communications points to the correct IMSI and Temporary Mobile Subscriber Identity (TMSI) for the called Mobile Station. Upon receiving the Paging Request with its identity. it is immediately assigned a Dedicated Control CHannel (DCCH). As soon as the Mobile Station captures the DCCH it sends a Paging Response message containing the identity of the Mobile Station. the HLR finds the MSRN for the called Mobile Station and passes this information back to the Gateway MSC.GSM . This is disimilar to outgoing calls. The call is then routed using this MSRN.2. 6. which has been allocated to the it by the VLR and MSC combination. using the TMSI. The Mobile Station regularly listens to the Common Control Channels. the Mobile Station initiates what is called an immediate assignment procedure.1 Paging Once the call has been passed to the MSC/VLR controlling the target Mobile Station. the HLR has an MSRN stored against that Mobile Station. which the VLR passes back to the HLR.2 Immediate Assignment The immediate assignment differs from normal access attempts in that the PLMN is expecting a response and so. Michael Clayton . This MSRN is valid whilst the Mobile Station remains in the same service area. and the Paging CHannel in particular.

The Mobile Station is then offered the call with the associated call related data. connects the user.1 Generic Emergency Calls In the generic procedure. 6. As soon as the user answers. 6. One is a GSM generic procedure. The next step is for the assignment of a Traffic CHannel (TCH). and is instantly recognised as Copyright ©1991. and the other is a national specific option.3 Off-Air Call set-up (OACSU) Off air call set-up for incoming calls is similar to that for outgoing calls. and the Mobile Station has sent the connect message to the Mobile Services Switching Centre (MSC). The Mobile Station. the MSC connects the calling party. the called subscriber is alerted using locally generated ring-tone. Thereafter. and then alerts the user.2. acknowledges the allocation. the Mobile Station re-tunes to it. or that the offered call does not match the mobile equipment (e. a Cipher Key (Kc) is sent to the Base Station System (BSS) from the VLR. after the Mobile Station has confirmed the receipt of the call. in that the Traffic CHannel (TCH) is allocated some time after it is known a call may be established to the Mobile Station. and the Mobile Station returns a Call Confirmed message if it is capable of receiving that call. the Mobile Station sends a connect message to the MSC/VLR which acknowledges it and connects the calling party. As soon as the TCH is allocated. The ciphering process is expected to be initiated at every call attempt. This number is 112. Michael Clayton Page 41 .GSM . and encryption across the air interface is commenced. the PLMN decides when the TCH is allocated.3 Emergency Calls36 There are two distinct ways for emergency calls to be initiated on a GSM PLMN. which can be done at any time after ringing has commenced. The BSS assigns an appropriate channel and signals it to the Mobile Station. a number sequence has been identified to specifically activate an emergency access. due to the signalling overheads. that a Mobile Station will be authenticated at every incoming call attempt. in turn. once the Mobile Station has been paged and it has accepted the call. re-tunes to the TCH. On receiving this.3.Global System for Mobile Communications the VLR can start a number of identity related procedures such as authentication or a request for the IMSI. In this case. a Fax call to a non-Fax mobile). it is unlikely. However. and sends an acknowledgement back to the MSC. Either as a result of Authentication or by using the Cipher Key Sequence number.g. Reasons for this not being the case could be that the Mobile Station is busy. 6. In the most extreme case the TCH is allocated only when the called party answers.

and who are allowed to under the terms of their licence. 6. governed by the licence of the Operator. It is a national option. it is possible using the 112 number. In the case of no SIM being present no information is available to direct that choice. Further actions are the same as for normal outgoing calls. by ensuring the mobile equipment camps on the most appropriate cell. An option has been included here to authenticate and initiate ciphering if Mobile Station identification was included in the initial Random Access. the Mobile Station is immediately allocated a DCCH. This is to allow for subscription management and call records for those Operators who may wish to charge for emergency calls. rather than basic. an emergency call is invoked by the subscriber dialling a national emergency number just as is done in the fixed network. Hence.Global System for Mobile Communications the emergency number by the Mobile Station once the SEND button is pressed. unless an emergency call is invoked. Michael Clayton .GSM . Where camping occurs no interaction takes place between the mobile equipment and PLMN. even when there is no SIM present. a SIM must be present to supply the Mobile Station identity which is required by the PLMN to allow the call. Because of this. Using the national emergency number without a SIM would not result in a successful access attempt. no identification would normally be included in the Random Access. it has been made possible for emergency access using a piece of mobile equipment (without SIM). It was mentioned earlier that emergency random accesses are possible on most PLMNs. The SIM is. with the call being routed to a place defined by a national agreement. If the emergency access is allowed to continue. access. The limitation on this is that the mobile equipment cannot identify the call as an emergency call and so.3. which it seizes. when the random access is made to the PLMN. The Mobile Station is now free to send an Emergency Set-up message across the air interface. In this case. responsible for the choice of PLMN and cell that the Mobile Station attaches to. The Mobile Station requests an access on the RACCH. but this time the indication is for emergency. in a large way. The significance of this routing is related to those countries that have different national numbers for different emergency services. The call set-up procedure for this type of call is the same as for a normal outgoing Page 42 Copyright ©1991. This difference is important because a Random Access would normally contain the TMSI and associated information which identifies a Mobile Station.2 National Specific Emergency Calls In the national specific case. However. The mobile equipment merely monitors the cell. for a random access to be made where no Subscriber Identity Module (SIM) is present in the Mobile Station. whether access by SIM-less mobile equipment is allowed. it is a basic access like any other call.

4 Inter-cell Handover37 The concept of cellular developed around the ability for the user to move from place to place without any noticeable break in communication. 1 It is assumed here that inter-PLMN handover is not provided. no charge would be made for the call. the MSC determines the most appropriate target cell using the list of preferred cells given in the Handover Required message. 6. While this could seemingly introduce country specific equipment rather than a universal product. and then passes the information back to the PLMN. The BSS continues to send this message on a regular basis until either the transmission quality improves. The Base Station System (BSS) then initiates a Handover Required message to the MSC. Copyright ©1991. This local information. This is achieved by the PLMN handing over the Mobile Station to another cell when it is considered that the new cell would give better service than the old one. a list of preferred target cells. containing information such as the reason for handover. and radio environment information. It monitors the surrounding cells of the same PLMN1 in terms of signal strength and quality. the handover command is received or. The decision to handover is taken by the PLMN. However. in the extreme case.Global System for Mobile Communications call. On receipt of the Handover Required message. Michael Clayton Page 43 . with all the same Authentication and encryption procedures.F. The only difference is that. On the basis of this information a decision is made as to which cell would be the most appropriate as the önewì cell. Since this is ordered in terms of BSS preference. but in order to do so it needs information from the Mobile Station side of the Radio Frequency (R.) link. careful programming would minimise this and at the same time result in a very userfriendly product. is provided regularly by the Mobile Station itself during the call. is used in the uplink direction for this purpose. in those countries where the licence dictates it. this is technically possible and moves are being made to include it as an option in the GSM specifications. This is called handover in GSM. A Slow Associated Control CHannel (SACCH) which is assigned to each Traffic CHannel.GSM . It is quite possible that mobile equipment manufacturers will opt to include functions enabling the mobile equipment to recognise national specific emergency numbers and treat them in the same way as the generic number. the Mobile Station is lost. The key difference between the generic and national emergency calls is the ability for the mobile equipment to recognise such a call from the dialled digits. the one chosen is normally the first on the list.

dependent on whether the two cells are synchronised or not (more is said about synchronisation in the section on Frame Alignment). the access is limited to the handover reference. and the content depends on the manufacturer. synchronisation information.1 Intra MSC Handover The old Mobile Services Switching Centre (MSC) and the new MSC in this case are the same. and continues the call on the present channel. Figure 27: Intra-MSC Handover28 If queuing is in operation at that cell. the priority of a handover is only surpassed by that of an emergency call. once the MSC has an acknowledgement of channel allocation from the target BSS. Page 44 Copyright ©1991. and ignoring incorrect ones. using one of two types of access. and is contained in the acknowledgement to the MSC. In most cases. an indication of the type of access procedure to be used.4. which it does from the available idle channels under its control. it is not until the resource is actually available. and so the position in the queue is expected to be high. using a Handover Command. The allocation of the reference can be by the Mobile Services Switching Centre (MSC) (target MSC in the case of inter-MSC handover) or Visitor Location Register (VLR). Contained in the Handover Command is all the information required to allow the Mobile Station to access the new channel. However. This target BSS is requested to allocate and reserve a channel appropriate to the call in progress. In either case. then the request is put into the queue at a level determined by the indicated priority. it can initiate the handover procedure. This includes characteristics of the new cell. and finally a handover reference and a start time.GSM . it returns a Handover Detect message to the Mobile Station. To initiate the handover. which is what the target BSS is waiting for. so all that is required is the reservation of resources at the target BSS. that the target BSS signals back to the MSC an acknowledgement with all the details. Further attempts at handover are governed by reassessment of conditions and re-initiation by the old BSS. The BSS checks this reference.Global System for Mobile Communications 6. This is generated by the target BSS. the MSC simply forwards it to the old BSS for transmission to the Mobile Station. If no response is received before the expiry of this timer. The Mobile Station re-tunes to the allocated channel and makes an access. However. While the MSC waits for a response from the target BSS a timer is used in the MSC to allow for the resource allocation being delayed. the MSC cancels the attempt. Michael Clayton . Once this is done the BSS waits for an access on that frequency by the correct Mobile Station. an initial power level to transmit at.

Figure 29: Inter-MSC Handover30 In this instance the controlling MSC is MSC-a. which in Copyright ©1991. In addition to the channel assignment information and the reference sent back to the controlling MSC.2 Inter-MSC Handover The procedure for handover between cells from different MSCs is essentially the same. It is up to the new MSC to find the appropriate cell and manage the interface to the target BSS. Michael Clayton Page 45 . and is used to co-ordinate call records for billing and to avoid a daisy-chain effect for call routing at handovers. Whether this access to the VLR for handover reference is made depends on the type of PLMN implementation. the reference could be supplied by the VLR of the new MSC rather than by the MSC itself. Whereas before the controlling (old) MSC communicated directly to the target BSS. is included. but because the Mobile Station is in the service area of MSC-b it is the BSS-b which identifies that a handover is required. That is. Finally. routing information for the call (a new Mobile Station Roaming Number (MSRN)).4. but some added complexity is introduced. via the controlling MSC. This information is passed to MSC-a. to the new one in a Perform Handover message. Where two MSCs are involved in a handover.GSM . The Handover Request from the old BSS is passed. for the continuing call to be handed over to a third MSC. This controlling MSC acts as the reference point for the duration of the call.3 Subsequent Handover It is possible. 6. depending on the Mobile Services Switching Centre (MSC) coverage area in the PLMN.4. now all communications must go through the new MSC which controls the target BSS. The MSC in turn orders the release of the old channels at the old BSS. The Mobile Station and target BSS activate the channels and initiate ciphering. 6. the target BSS informs its MSC. which is the Mobile Services Switching Centre in whose area the Mobile Station was located at call initiation. daisy-chains are avoided by always dropping the call back to the controlling MSC and rerouting from there. as the controlling MSC. a call started on the controlling switch MSC-a was handed to MSCb and is then handed from MSC-b to MSC-c. In all handover situations there is a controlling MSC. In the case of several handovers. the channels are connected and transmission of user data is resumed.Global System for Mobile Communications When a Handover Complete message is returned by the Mobile Station.

the Mobile Station sends back a Release message and waits for an acknowledgement. The Mobile Station then acknowledges and waits for the command to relinquish the radio channel. If this is not the case. the user need only dial a national specific number. there are slight differences that should be mentioned. The information contained in a call and charge record is defined by ETSI-GSM to the extent necessary to allow the transfer of such information across the network. which responds with a Release as before. At this point. Added to this international charges are also incurred. when in a foreign country an international number is required to reach the same destination as before. The final procedure for the MSC after call clearing and/or radio channel release. However. 6.GSM . it is primarily up to the Network Operator to define exactly what constitutes a call or charge record. All charges incurred during the call are collected together to form a record entry which is sent back to the Home Location Register (HLR) for that Mobile Station. or for charges related to the re-routing of calls to the roaming subscriber. but for incoming calls. but still leaves a radio channel and a signalling connection.Global System for Mobile Communications turn contacts MSC-c for channel assignment. the record would normally only include extra charges. In terms of outgoing calls the only difference concerns the number dialled. is to collate a charging record. and is essentially the same for calls to and from subscribers roaming to a Visited PLMN. In response. Page 46 Copyright ©1991.6 Roaming39 The procedure for handling incoming and outgoing calls to Mobile Stations is a generic one. The PLMN initiates a call clearing by sending a Disconnect message to the Mobile Station.5 Call Clearing38 There are two ways a call can be cleared: by the PLMN or by the Mobile Station. These could be for the use of supplementary services. it is possible for the radio channel to be maintained to enable further transactions. and the Mobile Station returns to Idle. However. 6. Thereafter. such as Short Message Service calls. the radio channel is released. Michael Clayton . For outgoing calls the length of this would be substantial. the interactions are the same as before but with MSC-a acting as a gobetween. Whereas in the Home PLMN. This clears the call. A Mobile Station initiates clearing by sending a Disconnect message to the PLMN.

the Mobile Station ISDN Number (MSISDN) of the called subscriber is an international number to the Home country and PLMN. Copyright ©1991. In this instance. both the caller and the called are charged for an international call. The calling party would be charged for the call up to the Gateway MSC. or roaming subscriber. X calls Y). the access to the HLR for a Mobile Station Roaming Number (MSRN) results in an international number to the visited network's Mobile Services Switching Centre (MSC). When the one subscriber calls the other (e. They can be easily quantified.g. There are many other such anomalies which arise because of the versatility of GSM. This is an international call with appropriate charges. but who actually incurs them? The calling party may not have known that the called subscriber had roamed to a foreign country. not to the calling party. the call is routed back to the originating country and VPLMN. While the solutions to them are technically possible. On dialling this number. where the called subscriber is located. is to charge the international roaming leg to the called. however.Global System for Mobile Communications For incoming calls to a roaming subscriber. one approach (and the most widely adopted one). other constraints often apply. Michael Clayton Page 47 .GSM . Hence. Figure 31: Subsequent Handover32 An extreme scenario encompassing this is one where two subscribers from the same HPLMN are on the same Visited PLMN. but they are beyond the scope of this particular report.

there is normally no provision made for ensuring that the correct fittings exist at either end to insert and extract the data carried. In the case of Bearer Services in GSM. which relate to the ability of the Services to carry particular data types. may need a continuous data stream. called the international Open Systems Interconnection (OSI) model. whereas text could be broken up and sent in packets with the gaps in between being used for another application. which can be seen correspondingly as physical descriptions of the pipe itself.GSM . Two levels of attribute exist. ensuring that whatever is input. the pipe represents a capability to transmit data. Within GSM. Speech. Other aspects of the data content are also used for tailoring the channel to a particular data type. and the fittings and connections supplied at both ends. Consequently. using certain descriptive characteristics of the pipes available. or different capacities of pipe for different flow rates. Figure 33: Bearer Services34 To aid the choice of service. All of this means that GSM has to be versatile enough cope with most data types. In simple terms. the description is limited to the low layer attributes. The term low layers corresponds to the functions in GSM required to physically transmit the data from A to B over the channel. the most profound being the low speed of data transfer. and it does this using Bearer Services. Bearer Services are described using certain attributes of the services. the Bearer Services of GSM can be described as pipes down which data can be transmitted. However. the term lower layers corresponds to layers 1 to 3 of this model. An international model exists to help define the function of data transfer. and thus it may appear that one type of channel could be designed to handle all types of data. and data speed. Such a universal channel would suffer some penalties though. many transmission systems include ways to speed up the transfer by utilising characteristics of the data carried. Michael Clayton . but it is up to the user to ensure that the pipe matches what is put into and received out of it. is output safely at the other end. In GSM. At the lowest level. Page 48 Copyright ©1991. for instance. There can be different types of pipe suited to carrying different types of data. but it is up to the subscriber to dictate which capability is appropriate to the data type. this data can be described as a string of bits with the values 1 or 0. The customer can choose which pipe to use. Stripping out redundancy by finding repetitive strings is one way this can be done. Different sizes of pipe become the different data rates.Global System for Mobile Communications 7 BEARER SERVICES40 GSM is essentially concerned with carrying many types of data from one place to another. high layer and low layer.

Duplex means data transfer occurs in both directions. Transparent means that the data is passed through the PLMN as it is input. Hence. 1200bit/s. It is pointless putting high pressure steam into a plastic pipe. In some cases a different protocol type is used to face out into the destination network.Global System for Mobile Communications Low layer attributes are classified into four categories. issues. This last category would cover operation and commercial attributes. a GSM Bearer Service (GSM No. but an assumption can normally be made that the same type will be used throughout. 7. Michael Clayton Page 49 . So. It is broken into various parts. it is normally sufficient for the description of the Bearer Service to refer to the access protocol type (how data is put in). where a dedicated fixed resource is reserved just for that Bearer. but no less important. transparent. for instance. duplex. or perhaps speech information digitally encoded. access (feeding in the data). The V22 dictates which protocol type is being utilised both into the Mobile Station and out of the GSM Public Lands Mobile Network (PLMN). some of the attributes are superfluous because assumptions can be made. All of these attributes combine to form a generic description for all Bearer Services.1 Information Transfer Attributes41 This attribute describes the ability of the Bearer to carry different types of information. information transfer (carrying the data). Examples of this could be digital information with no restrictions. as described in the following sections. Perhaps it should be emphasised here. that data transfer over any network is a veritable minefield. These attributes are included for completeness. the first of which describes what types of information can be carried. they are best left as a reference. For instance. In certain combinations. the information may need to be carried in a circuit type of connection. That same service can be described more comprehensively. and general which covers all the non-technical. but unless there is a good reason for doing so. interworking (far end interfacing). 2212) could be described as V22. into the Public Switched Telephone Network (PSTN). and data is to be fed into the PSTN whatever the transit networks are. using all of the Bearer Service attributes.GSM . and the terminating protocol type (how it is taken out). a packet type of connection Copyright ©1991. The 1200bits/s gives the maximum data speed. with some information on the data type and the data speed. the transit signalling protocol (how data is carried). Figure 35: Information Transfer Attributes36 The second part of this attribute is the information transfer mode. for instance. Alternatively. which describes the way in which the information is transported. especially where interconnection between different networks is involved.

7.MT). MT). only two access points are involved (A to B). C. For point-to-point. This is the symmetry attribute. or structured. The best illustration of this is the packet mode transfer. where certain protocols are introduced to ensure that structure is maintained. The third part is concerned with the rate of information transfer over the PLMN and subsequent transit networks (e. The connection could be from the Mobile Station only (demand Mobile Originated only.). or both (MO. It can be seen here. Next comes the structure of the information transfer. The mode of establishment of communications comes next. and bidirectional asymmetric (different in each direction).. Page 50 Copyright ©1991. However. where the information is broken into small pieces to be sent separately and reassembled at the far end. For Point-to-multipoint several points are involved (A to B. this could be unstructured. Communication configuration describes the distribution (spatial) arrangement for carrying information between different points. The values it can take can be unidirectional. Michael Clayton . ISDN) in between.GSM .2 Access Attributes42 The Access Attributes describe the way the data is fed into the Bearer Service.Global System for Mobile Communications could be specified. the subscriber needs to provide protocols of their own. but in packet modes the term throughput rate is used. For example. Another value this attribute can take is the broadcast communication value which illustrates this point well. it is up to the next attribute to complete the transmission direction picture. MO). and it describes the relationship of information flow between one or more reference points in the communications link. and deals with how the Service is to be set up. bidirectional symmetric (information flow is the same in both directions). Where unstructured data mode is selected. where each packet needs to be identified so that the packets can be re-assembled in the same order at the far end. that this attribute also gives some indication of the direction of transfer (A to B rather than B to A). Where circuit modes are used this is measured in bit rate. which gives the low level protocol used over the signalling channel. The first part of this attribute is the signalling access. etc. or only to the Mobile Station (demand Mobile Terminated. where there is no preservation of data integrity. D..g. or risk confusion at the far end.

The value it takes is either an appropriate V-series interface (CCITT as above). as distinct from the rate within the PLMN given in the Information Attributes shown above. there is also an interface. an Integrated Services Digital Network (ISDN) interface known as the öSì interface (ISDN standard). The values applicable here are: Public Switched Telephone Network (PSTN). However. This is referred to in GSM as the Interworking Function (IWF). rate and interface. Integrated Services Digital Network (ISDN). Packet Switched Public Data Network (PSPDN). GSM PLMN. refers to the rate of information transfer over the access point. It comes in two parts. not unreasonably. The value it can take is the appropriate bit or throughput rate.Global System for Mobile Communications Figure 37: Access Attributes38 It should be emphasised here that use of the Bearer Service guarantees that the data received reaches the far end intact (structure aside). some types of data may have a protocol introduced which is best matched to that of the Bearer Service. and so this attribute is included.3 Interworking Attributes43 The Mobile end of a communications link is referred to as the Access Interface but at the far end. X-series. which refer to the appropriate CCITT international interworking standards. For the Bearer Services in GSM this far end Interworking Function is described using the Interworking attribute. or the point of entry. Then comes the information access part of this attribute. 7. where the GSM PLMN feeds into the destination network. Circuit Switched Public Data Network (CSPDN). and I-series. The second part of this attribute refers to the type of interface into the terminal Copyright ©1991. an appropriate X-series interface (CCITT as above). Figure 39: Interworking Attributes40 The first part of it refers to the type of terminating network. The rate. or Vseries. This gives the protocol used over the interface into the Bearer Service. or an analogue 4-wire interface. Michael Clayton Page 51 . The values it can take are: manual.GSM . and direct access from PLMN into a private network. The second part of the information access part of this Attribute refers to the interface itself.

then there is a good chance that V-series will be used in the terminating network. as in the case of Call Waiting indication on a data connection. is exploited by the Network Operators who tend to supply those Bearer Services that they perceive are sensible combinations. X-series. there is a good chance that the same V22 will be used unless a specific reason exists to do otherwise. but based on fixed network use rather than cellular use. There is a lesson to be learned here. much more could be left out by making educated assumptions. duplex. Another part of this attribute could be concerned with the quality of service. This may seem like a limitation on the options available but. or some charging ramifications when using it.4 General Attributes44 Applying the General Attributes of a Bearer Service allows for some of the anomalies that can be caused when using that Service. analogue 4 wire. To apply the above attributes to the description of this Bearer Service gives the following result: Data circuit. there may be Bearer Services which should not be associated with some Supplementary Services. and may well not be included in the technical description of the Bearer Service.Global System for Mobile Communications network. asynchronous. If someone specifies a V22 modem at the access point. The values here could be V-series. with unrestricted digital capability. or the S interface as used in ISDN. from a subscriber's point of view Page 52 Copyright ©1991. when the terminating network is specified as Public Switched Telephone Network. since little experience is available in cellular data applications. Redundancy caused by assumptions such as these. there is no good reason to provide a Bearer Service at all. These areas are less well defined. Michael Clayton . since the PSTN can only accept a limited range. certain information has been left out because it is obsolete and.5 Example of Bearer Service45 Earlier. 7. or does not meet certain quality criteria. as we have seen above. This is a pity. Furthermore. as there is a school of thought which says they are the most important. After all. a short description of Bearer Service 2212 was given. unstructured. They also tend to supply those Bearer Services which they think are in regular use. transparent: with V22 DTE/DCE interface: into the Public Switched Telephone Network. Even in this description.GSM . if it cannot be charged for. 1200bits/s: circuit mode. For instance. then the number of terminating protocols starts to become limited. 7. Indeed.

the market for cellular mobile data will remain under exploited. as a standard. and combining them with complete solutions to mobile data applications.Global System for Mobile Communications these Bearer Services could probably be usefully limited still further.GSM . Copyright ©1991. Michael Clayton Page 53 . Until these end-to-end data solutions emerge. However. which pass transparently over GSM. That is why so many options exist at this stage. Time will tell which combinations sell and which do not but there is a good case for restricting the Bearer Services. GSM must meet the requirements of many applications until the popular few emerge.

Figure 41: Relationship between Teleservices and Bearer Services42 There is no equivalent speech Bearer Service specifically provided for in GSM. This choice would have to take into account the many different types of speech digitising. Hence. these are pipes used to carry specific materials. as well as the many types of coding that abound. 8. it is the Bearer Service capabilities which are used. but it is possible to send speech data over a Bearer Service. Not surprisingly. Therefore. An example of this is the speech Teleservice. where the options are purposely limited . As can be seen below. the speech Teleservice provides for the digitising of speech. if this were done.1 Teleservice Attributes47 Generally.either there is speech or there is not. not the Bearer Services themselves. and it is for this reason that GSM has provided the Teleservices. where the name gives all the necessary information for the Public Lands Mobile Network (PLMN) and all the subscriber need do is send the information. As has been mentioned previously. a Teleservice utilises the capabilities of a Bearer Service to transport the data across the PLMN. a Teleservice must define which capabilities are required and how they should be set up. Using the analogy with pipes once more. its decoding. Michael Clayton . whereas the Bearer Services cover the delivery of the data within the PLMN. The description may be. As a consequence. This is a great deal of trouble just to make phone call. the subscriber would have to define which Bearer Service that should be used for each call.GSM . the Teleservices offer an end-to-end delivery. its transporting across the PLMN. with all the necessary fittings and monitoring requirements implicit in that description. However. So it is with the Teleservices. or a gas pipe. an Page 54 Copyright ©1991. the Teleservice attributes cover higher layers as well as the lower layers used for Bearer Services. Note. which encompass the Bearer Service attributes as well as adding specific Teleservice descriptions. a high pressure steam pipe. there are some services which can be described in quite fine detail. this is done using Teleservice attributes. conversion back to analogue speech and finally sending it into the terminating (fixed telephone) network at the far end.Global System for Mobile Communications 8 TELESERVICES46 While the Bearer Services have to be versatile in order to deal with myriad different requirements. its coding. These are the GSM Teleservices.

and higher layers refers to the rest.12) cover normal speech calls. The telephony Teleservice (No. it would cause problems for those Operators who are not allowed to charge as part of the terms of their licence. and Emergency Teleservice (No. Consequently a Copyright ©1991. videotex. There are some higher layer attributes which are worth noting. Michael Clayton Page 55 .11). called the international Open Systems Interconnection (OSI) model. The use of the voice encoder designed specifically for GSM precludes the encoding of anything other than speech. It is the higher layers that distinguish a Teleservice from a Bearer Service. If this subscription were included with normal telephony. While provision is made to allow telephone signalling tones to be transferred transparently over this Teleservice. and so it is not appropriate to delve too deeply into Teleservice attributes. but they are separated because of a special need for Emergency calls. both scenarios are allowed for. care needs to be exercised when relating this to the same service in the fixed telephone network. When a call is made from a GSM Mobile Station.GSM . the term lower layers corresponds to layers 1 to 3 of this model. some data such as electronic mail. This was done to emphasise the difficulty surrounding the definition of these GSM services. It is used to give an orderly approach to the design of communications systems.03. which requires a subscription to a Teleservice for Emergency calls. This means that the PLMN has the option to treat emergency calls differently by allowing mobile equipment without a Subscriber Identity Module (SIM) to make them. teletex. However. 8. Teleservices were designed to overcome just this type of difficulty.2 Types of Teleservices48 The most distinct Teleservice is that of telephony. More details of the Teleservice attributes can be found in GSM recommendation 02. This is perhaps best highlighted by describing the Teleservices themselves. These are both the fundamental services for making ordinary telephone calls. since they also deal with aspects of the Mobile Station also. By separating them. the type of service requested is indicated in the set-up message. In GSM. Despite the use of the term telephony in the telephony Teleservice. but it is by no means the only one. other tones such as facsimile signals cannot be guaranteed. Also.Global System for Mobile Communications international model exists to help define the function of data transfer. The Attributes of Bearer Services were addressed in some depth. some Operators have requested that Emergency calls be charged for. but they mainly refer to the type of user information which is to be carried. and it is for this reason that GSM utilises the model to describe its different communication layers. and a service called Short Message Service. Teleservices also include specific data applications such as facsimile.

which acts as a store and forward centre. there is a provision for the subscription to be held by the GSM subscriber. teletex (No. Cell Broadcast is a Point-to-multipoint service. though the acronym CB/PM is not normally used. it soon became apparent that SMS would become a key service in differentiating GSM from any other cellular service. However. overlaid on top of the GSM PLMN. Michael Clayton . It is expected that. to use a Service Centre. with the capability to send. Mobile Terminated (MT). (No. These are provided for in GSM by Teleservices videotex (Nos. However. Group 3 covers the use of automatic facsimilies.51).41. There are three types of SMS.3 Short Message Service49 The Short Message Service (SMS) Teleservice was originally defined to utilise some spare signalling capacity in GSM. This Teleservice is the Short Message Service. to co-ordinate the messages sent to and from Mobile Stations.31). These centres are designed to be functionally separate from the GSM PLMN to enable them to be physically and economically separate. A service centre has been defined. people will need to subscribe to it. as well as receive. In GSM.42. enabling manually operated facsimile machines to be used. Mobile Originated (MO) and Cell Broadcast (CB). a distinction is made to indicate the spread of the SMS. The GSM PLMN is regarded as merely providing a delivery service for SMS MT and MO. This electronic mail Teleservice is designed to allow quite long messages. hence Mobile Terminated and Mobile Originated are described as Pointto-Point services (MT/PP. on which GSM is based. Moreover. and electronic mail services.Global System for Mobile Communications Teleservice is provided. and Advanced Message Handling Service (No. but there may be occasions where a manual facsimile is used. messages. there can be more than one Service Centre on one PLMN.43). The Integrated Services Digital Network (ISDN). While the finer details have not been sorted out yet. GSM has one more Teleservice which is designed for short. and CB is sufficient. Rather than forcing two calls to be made. The last of these covers the electronic mail requirement. GSM has been set up to allow an alternate switching from facsimile to speech. paging type messages. 8. has a great deal of potential for other information and data services. or a private individual who is not Page 56 Copyright ©1991. teletex. SMS is effectively an international paging service.GSM .61) which is specifically designed for Group 3 facsimile. These are the videotex. MO/PP). there is no reason for the Centre not to be integrated into the PLMN itself. in which case a speech call is required to inform the called party that connection to a facsimile is required.

In addition. which is then used to perform subscription checks for the SMS service. and to find the required Mobile Station. a timer is also used in the Service Centre to periodically try and deliver the message up to the expiry time for that SMS. the message is delivered. After this time expires the message is deleted. or becomes. facsimile. Since this is at the discretion of the Service Centre Operator it is out of the scope of GSM. It should also be noted that the emphasis in SMS is on short messages. This could be by fixed telephone. are sent to the Service Centre by any means provided for by the centre's Operator. to see how the service could work. another service may be supported in GSM in Copyright ©1991.1 Mobile Terminated Messages Messages coming into a Mobile Station (MT). The process used is the same as if an incoming call was to be delivered. is simply the directory number (MSISDN) of the mobile subscriber. but there remains a reference to that message so that the originator can enquire about the result. then this is indicated to the Service Centre. over the signalling channel. although services such as this are planned in the future.3. but may wish to send SMSs. a flag is set at the HLR to then notify the Service Centre when the Mobile Station becomes available once more. in turn. If the Mobile Station is. and so the sender does not need to know in which country the recipient is currently located. forwarded to the Service Centre as a confirmation of delivery. The Mobile Station is paged and after the customary access procedure. an access is made from the Gateway Mobile Services Switching Centre (GMSC) to the Home Location Register (HLR). However. an acknowledgement of receipt is sent back by the Mobile Station. Finally. However. the SMS is forwarded to the MSC which is controlling it. In this case. but there is provision for a future option allowing several messages to be concatenated.GSM . at the time of presentation. These messages can only be 160 characters long. This is. Michael Clayton Page 57 . telex. and consequently it is also out of the scope of this report. since the message is small (160 characters) it can be delivered even during a call. the reader needs to be aware of it. available. If at this stage the Mobile Station is found to be unavailable. and are forwarded to the GSM PLMN. In the PLMN. from a GSM Mobile Station.Global System for Mobile Communications a GSM subscriber. In the HLR. Also. 8. to find the whereabouts of the recipient. The messages are then reformatted into the format required for transmission to the Mobile Station. It does not prove that the message has been read. The identification of the recipient (MT). either by the person sending it or by the Service Centre in the form of a default value. the directory number supplied is used to obtain the International Mobile Subscriber Identity (IMSI) for that Mobile Station. an expiry time is set for the message. or by any other method defined by the Service Centre Operator. As a failsafe mechanism.

8. This is ideal for information services such as traffic updates. where the information is valid for a particular area. In cases such as this.3 Cell Broadcast Messages The Cell Broadcast Teleservice is different from the other two forms of SMS. Also. and so the GSM process of sending an SMS is exactly like the outgoing call set-up already described. This will make SMS a versatile service indeed. the content needs to be formulated somewhere and the most likely place is via the Mobile Station key pad.Global System for Mobile Communications the future.GSM . for instance. a subscriber to the Service Centre can define the format to use for some regularly used contacts. Mobile manufacturers have made major advances in the man-machine interface. The identity of the Service Centre is given by its telephone number. For both these reasons it may be Page 58 Copyright ©1991. to be passed on to the recipient. Michael Clayton . in that the messages are sent from one point and can be received by any Mobile Station. Another point worth noting is the method of inputting an SMS message. but there may be cases where the recipient.2 Mobile Originated Messages Sending an SMS message from a Mobile Station is as easy as receiving one. but any attempt to write a message 140 characters long using the Mobile Station will be frustrating to say the least. by which a pre-paid reply could accompany the SMS sent. A message received by the Service Centre is first acknowledged. sports results.3. some means of easily entering outgoing SMS messages may well be a precursor to the success of mobile originated SMS messages. the information is broadcast on a cell by cell basis. Other information services which could be given over Cell Broadcast are weather reports. news updates. This could imply that the GSM subscriber also has a subscription to the Service Centre since the SMS message needs to be reformatted in a form that the recipient can receive. these messages are broadcast without any request for service. So.3. This is not a problem if the receiving end is another GSM Mobile Terminal. as the name implies. The different message types are transmitted in a cyclic order only when there is spare capacity on the GSM signalling channels and so reception is not guaranteed. who is not a GSM subscriber. hence the point-to-multipoint description. 8. Also. and then is reformatted into an appropriate form. Entering personal names against telephone numbers on present analogue phones is bad enough as it is. and reception is controlled entirely by the Mobile Station. which allows for information to be delivered to a specific area only. In the case of mobile originated SMS messages. share market indicators and even network information. The SMS message is passed to the MSC and then forwarded via the PLMN to the correct Service Centre. can only be contacted by facsimile. All the subscriber need do is formulate a message and send it to a Service Centre.

and an incoming message will be received. It is not a fixed limit and depends on the configuration of the card. Alternatively. there are some specifications regarding the Subscriber Identity Module (SIM) and SMS. The Mobile Station options are up to the manufacturers. which is a Network Operator's option. Copyright ©1991. even the provision of SMS on the mobile equipment is not compulsory. when received at the Mobile Station. and so the more SMS messages that can be stored. On the PLMN side. This is left to the mobile Manufacturer as a means of product differentiation. Sooner or later. would first be stored before the incoming SMS indication is given.4 Mobile Equipment Considerations SMS messages. Each of the different information items is characterised by a service identity number. Michael Clayton Page 59 . The SIMs.3. It has been provided for SMS messages to be stored on the SIM itself. If the user then deletes a message. These are stored indefinitely.Global System for Mobile Communications difficult to charge separately for Cell Broadcast. that will be initially available for GSM. However. The space available can be used either for SMSs or for the user's personal telephone directory. which has been centrally allocated by the GSM Memorandum of Understanding (GSM-MoU).GSM . The GSM subscriber would just need to choose the message types. a second attempt is made after the expiry of a timer in the Service Centre. 8. but there is a limit as to how many may be stored. a specific non-acknowledge message is sent back to the Service Centre. this is not indicated to the PLMN until a subsequent reference is made to that Mobile Station. the fewer telephone numbers are available. unless they are overwritten. In this case. unless the Mobile Station allows for messages to be deleted (read or unread). the incoming SMS will be rejected with the cause. will typically be able to store approximately eight messages and some frequently dialled numbers. and that because of this an SMS message has been rejected. Also this limit is likely to increase with technology advances over time. but could include functions to indicate that the store is full. the combined mobile equipment/SIM (Mobile Station) store will be full. Indeed. and these would be received and stored. or they become out of date. using a Mobile Station function. The Service Centre stores these messages until it is informed that the Mobile Station can receive them. once the message is rejected. There is no formal limitation on the mobile equipment as to how many may be stored and no specification as to how they are to be manipulated or formulated.

In terms of this report. there is also reference made to how they do it where appropriate. would be when a salesperson turns off his mobile phone during a meeting with customers. 9. there may be occasions when the subscriber knows that his Mobile Station will be unavailable.1 Call Forwarding51 The call forwarding Supplementary Service is used to divert calls from the original recipient to another number. This corresponds to tailoring the services to meet specific subscriber requirements. A typical scenario. and describes what they do. a Phase 1 documentation set was produced covering the essential services for launch. however. but does not wish to lose potential sales leads while he is unavailable. is to deal with them separately. In doing so. GSM has not finished the evolutionary process and changes are being made to integrate the new services that are now being defined. A list of planned Supplementary Services. Indeed. This section deals with Supplementary Services. and so to ensure that calls are not lost. However. To cope with the various scenarios in which the subscriber may wish to forward calls.GSM . the subscriber may wish not to receive calls in particular circumstances. it can be implemented. and is normally set up by the subscriber himself. It can be used by the subscriber to divert calls from the Mobile Station when the subscriber is not available. though this does not mean they will be late in being implemented. In its basic form. However.Global System for Mobile Communications 9 SUPPLEMENTARY SERVICES50 The Teleservices and Bearer Services provide the ability to send information across the GSM Public Lands Mobile Network (PLMN). The best way to illustrate them. As soon as a Service is stable and frozen. by making calls. a call is either accepted by the called Mobile Station or it is rejected for whatever reason. but there must be a word of caution included here. Alternatively. since only the Call Forwarding Services and the Call Barring Services were included in this release. This has relevance to the Supplementary Services. is given in Annex 3. in order to meet the ödeadlineì set by the Memorandum of Understanding. Michael Clayton . The rest of the Supplementary Services are intended to be included in subsequent phases. and is the reason that Supplementary Services have been defined. to date. irrespective of its designated Phase. the uncertainty does mean that complete accuracy cannot be guaranteed. and may wish to have calls delivered elsewhere. there are several conditional forwarding services which have been defined. it is Page 60 Copyright ©1991.

GSM - Global System for Mobile Communications entirely up to the Operator whether the conditional forwarding services are offered separately or as a package. Provision has been made to check subscriptions for them in isolation of each other. 9.1.1 Call Forward Unconditional As the name suggests, this service is used to forward calls whatever happens. In this case, no calls of the type specified are accepted by the subscriber while it is operative. Instead they are sent to the number(s) specified when the service is set up. The capability for the subscriber to make outgoing calls remains unaffected by Call Forward Unconditional (CFU). The subscriber to the service has one option. This concerns the notification to the caller if their call is being forwarded. The person receiving the forwarded call receives a notification of this, as a matter of course. The method of setting up this service requires three pieces of information. The first is the identity of the call forward unconditional service itself (No. 21), the second is the number to which the calls are to be forwarded, and the third is the single, or group of, Bearer and Teleservices to which it should apply. It is possible to forward different types of calls to different numbers so, for example, speech calls can go to a secretary, and fax calls to the office fax. There is one point that the subscriber should be aware of: it is the owner of the Subscription who defines that the call is to be forwarded, and the caller will not know if call forwarding has been invoked prior to making the call. Hence, it is inappropriate to charge the caller for the forwarded portion of the call. So any charges incurred for this part are expected to be charged to the called subscriber (the person who set up the forwarding service). This applies to all forwarding services. When a call is made to the subscriber, it is invariably referred to the Home Location Register (HLR) to find out where that person is. If at this point the call forwarding unconditional service is found to be in operation for that type of call, the call is diverted accordingly. In this case the original call only goes as far as the HLR and the called party is never paged. 9.1.2 Call Forward on Subscriber Busy For this, and all other forwarding services, a condition must be met before incoming calls are diverted. In this case, the call is only diverted when the called person is busy on another call. This diversion occurs without the call being offered to the subscriber. There is another service, called the call waiting service, which indicates an incoming call. The subscription options for this call forward service are twofold. The first refers to the indication given to the caller that their call is being forwarded, as described Copyright ©1991, Michael Clayton Page 61

GSM - Global System for Mobile Communications above. The second refers to the notification, given to the subscriber, that a call to them is being diverted. As in Call Forward Unconditional (CFU), this service requires three pieces of information. These are the service code (No. 67), the forwarded-to number and the Basic or Teleservices to which the service should apply. For this service the call is routed via the HLR to the Mobile Services Switching Centre (MSC) and Visitor Location Register (VLR) controlling that mobile. At this point the call would normally be directed to the Mobile Station, but when it is determined that there is a call in progress, the Call Forward on Subscriber Busy (CFB) service is invoked. There is no attempt to offer the call to the subscriber, despite their being informed that a call is being forwarded if that option was chosen at subscription time. 9.1.3 Call Forward on No Reply As the name suggests, the condition to be met for this service (CFNRy) to be invoked, is a no reply situation from the Mobile Station. For this to be ascertained, the call has to be offered to the Mobile Station, which means that the call has progressed through all the normal stages of a call set-up, and has caused the phone to ring. Only then, after a set period of time, is this service put into effect. Because of the additional parameter of the length of time for ringing, this service needs four pieces of information: the service code (No. 61), the forwarded-to number, the Bearer/Teleservices for which it is applicable, and a time after which the subscriber is deemed not to have replied. If this is not specified, a default value is set by the Network Operator. The options available at subscription time are the same as those for the Call Forward on Subscriber Busy (CFB), i.e. notification to the calling party, and notification to the forwarding party. 9.1.4 Call Forward on Subscriber Not Reachable

The Call Forward on Subscriber Not Reachable (CFNRc) service is provided for those instances where the network determines that the subscriber is not registered or would normally be available but cannot currently be reached. The main scenarios for this service deal with situation where the subscriber is out of radio coverage, or is in an area of congestion, or indeed, if the subscriber is known to have turned the mobile off. Because of the many possible reasons for the subscriber not being reachable, this service varies in terms of how it works. For the simplest situation, the incoming call is referred to the HLR, and if it is known that the subscriber is not available Page 62 Copyright ©1991, Michael Clayton

GSM - Global System for Mobile Communications then the service is invoked there and then. For the HLR to know the status of the Mobile Station, the PLMN needs to use the IMSI Detach/Attach function. This function requires the Mobile Station to notify the PLMN when it is turned off and subsequently when it is turned back on again. The only other way that the PLMN can ascertain if a subscriber is not reachable is if they are paged and no response is received. The one subscription option for the call forwarding when not reachable service, is that of informing the calling party that the call is being forwarded. The person receiving the forwarded call receives a notification of this, as a matter of course. To register this conditional call forward three pieces of information are required: the service number (No. 62), the forwarded-to number and the Bearer/Teleservices to which it applies. 9.1.5 Special Considerations and Interactions Some common characteristics occur in all of the forwarding services, which should be mentioned. The first refers to the input of information in conjunction with the service. Apart from the setting of the service in the GSM PLMN, there is a need for the forwarded-to number to be entered. The format of this number is important since it may be used from within a foreign country, where the national format of the home country is not valid. While it is possible to enter a national specific number (08 811 9334), this number must be converted to an international form (+61 8 811 9334) when used in the foreign country. This can either be done automatically by the PLMN when the subscriber roams, or be done by the subscribers themselves. In the latter case some education is necessary. In addition, when a forwarded-to number is set for call forwards, there is no requirement for the number given to be checked for validity. So calls can be forwarded to a non-valid number without the subscriber knowing it. This will occur consistently until the subscriber corrects any error, so it is important that the number is correctly entered in the first place. To avoid the situation where the subscriber forgets that a call forwarding service is active and operative, an indication is given to the forwarding party each time an outgoing call is made. It is expected that there will be one indication for Call Forwarding Unconditional and another common indication for the rest of the call forwarding services. This is necessary since the Call Forward Unconditional will result in no incoming calls at all, whereas the conditional forwards at least will result in some incoming calls. The distinction made above between active and operative is also important. Interactions exist between specific call forwarding services and the many other Supplementary Services which have been defined in GSM. A primary example of this is the interaction between Call Forward Unconditional and a Supplementary Service to bar all outgoing calls. If both these services are active and operational Copyright ©1991, Michael Clayton Page 63

there are times when the subscriber is not the actual user of the Mobile Station. with an indication that an incompatibility has occurred. 9. that if one is active the setting of the other is disabled. it is has not been temporarily overridden). so as to limit the charges incurred. Hence a condition. and they are chosen at the time of subscription. They are grouped into two main areas: barring of incoming calls and barring of outgoing calls. but each barring program is handled as if it were a single Supplementary Service. It has been defined. There are many intricate conditions that are clearly defined in the 02. The reason for this is because it is expected that the charges incurred for international rerouting of calls will be paid by the roaming subscriber. which may be associated with this barring service. the GSM recommendations should be consulted. then Call Barring may be useful to stop calls being routed to international destinations when they are roaming. This would leave free access to national calls. if the subscriber and user are one and the same. In this case the less dominant service becomes quiescent and only becomes operational again if the dominant service is cancelled. Michael Clayton .2 Call Barring52 The concept of barring certain types of calls might seem to be a Supplementary DISSERVICE rather than Service. This is the difference between active (i. The conditions are: Page 64 Copyright ©1991. The conditions for the barring service are combined to form barring programs. However. So GSM devised some flexible services that enable the subscriber to conditionally bar calls. a further situation may occur where a call forward service overrides one already set and which is active.e.Global System for Mobile Communications at the same time then the Mobile Station would not be able to receive or make any calls. could be barring of outgoing international calls. and as a consequence may wish to limit the functionality.2. To include them here may mislead the reader. it has been set) and operational (i. For further information on the interactions between Call Forwarding and other Supplementary Services. therefore.e. However. These are further sub-divided into barring programs to provide the flexibility required. 9.80 series. but stop the more costly international calls.GSM . A typical scenario could be the use of the Mobile Station in a company where a manager wants to limit the access capability to reduce unauthorised calls. but which may be subject to change. Alternatively.1 Barring of Outgoing Calls The barring of outgoing calls allows the subscriber to be selective with the calls made from the Mobile Station under certain conditions.

until the type of call attempt is given by the Mobile Station on the control channel (after ciphering). with the others unaffected. 1&3. and is barred where appropriate with an indication to the user if the call is not allowed. Bearer/Teleservices. 2. Furthermore. or by the subscriber using this password. they may make calls to Singapore. Also. the barring of outgoing international calls does not preclude the user from making calls to the PLMN or fixed network where the user is located. etc. the applicability is to all services. when a proposed parallel service is defined giving similar controls to the Service Provider. Michael Clayton Page 65 . So. as stored in the Visitor Location Register (VLR). Copyright ©1991. but not to New Zealand. the number must be an international call to New Zealand. These barring programs are self evident. Also. The use of the same password is extended to the barring of the incoming call services. with the exception of emergency calls. calls are allowed from the roamed-to country back to the home country. This type is then checked against the types of allowed calls.) In the scenarios given above. The barring of all outgoing calls does not affect the ability to make emergency calls. In subscribing to the service. the barring service is used by the subscriber to restrict service. they may make calls to a Singapore subscriber irrespective of where that subscriber has roamed. options exist to allow all logical combinations of the conditions above. but this implies that there is some form of security to stop the user of the Mobile Station from resetting the barring program. 1. The operation of barring outgoing calls is very simple. The reason for this is that to call a New Zealand subscriber. In this way. but there are some points which could be clarified. At a later time this may change to allow full control by the subscriber. Hence GSM has added a password for use with the call barring service. The call set-up progresses as described above. For barring of outgoing calls. it is possible to have the barring program working on one. or a group of.g. which is also defined at the time of subscription. With the Barring of International Calls Except those directed to the HPLMN program.GSM . GSM provides a section on the applicability of each of the Supplementary Services on the various Bearer and Teleservices. As with most of the Supplementary Services. (e. 1&2. facsimile calls may be barred but telephony calls of the same type allowed. but not to a New Zealand subscriber standing right next to them. The Phase 1 description of this barring service allows for the control of barring settings by the Service Provider only. if an Australian subscriber roams to Singapore. which is then routed back to Singapore. 3.Global System for Mobile Communications 1 2 3 Barring of all outgoing calls (BAOC) Barring of outgoing international calls (BOIC) Barring of outgoing international calls except those directed to the Home PLMN country (BOIC-exHC).

The interaction between call forward unconditional and barring of incoming calls is also worthy of note. or groups of. For the outgoing call barring service there is an interaction with call forwarding. but for incoming calls. it should not be possible to activate outgoing calls and the forwarding of incoming calls as this would stop all calls to the Mobile Station. Once again. Another point worthy of note is a similar situation implied (but not specifically stated) in the interaction between barring of all incoming and all outgoing calls. attached to one.2. simultaneous activation of the two services is not allowed on the same subscription. These are: 1 2 Barring of all incoming calls (BAIC) Barring of incoming calls when roaming outside the Home PLMN country (BIC-Roam). the barring on incoming calls is applicable to all types of Bearer/Teleservices. However. Bearer/Teleservices.2 Barring of Incoming Calls The barring of incoming calls is effectively the same as the above service.Global System for Mobile Communications 9. The first barring condition means. apply to the barring of incoming calls.GSM . In this case the forwarded call is treated as if it was a normal incoming Page 66 Copyright ©1991. and so when such a forward conflicts with a barring program it should be barred. It is here that the call type is compared with what has been set. The same password options and conditions as used in the barring of outgoing calls. but this time with just two conditions. As with the barring of outgoing calls. it is always referred to the Home Location Register (HLR). Also. In addition. another interaction can occur if a call is forwarded to a subscriber who has invoked the incoming calls barred service. and the call stopped if a conflict arises. the subscription allows for combinations of the two barring conditions. the process of forwarding a call can look like an outgoing call. Once again there is one service. Michael Clayton . there are some situations arising from the interaction of the barring services and other Supplementary Services. that all incoming calls to that Mobile Station are stopped. This may also be stopped by not allowing simultaneous activation of forwarding and barring services where a conflict is obvious. as one would expect. The second condition means that all the calls to the Mobile Station are stopped if the subscriber is roaming outside the Home PLMN country. In effect. 9. It is this second condition which would be used to stop charges being incurred on the international portion of redirected calls to roaming subscribers.2. When an incoming call is made to the subscriber.3 Special Considerations and Interactions Once again.

and so they would subscribe to this service. Some of these services have been frozen and are deemed to be complete but have not yet been released. Normally. The concept is for this number to be presented.Global System for Mobile Communications call and set-up is denied. These are best referred to directly in the ETSI-GSM recommendations. Copyright ©1991. this overrides the presentation service. This may seem strange since the person making the call should know the number they dialled. the restriction service overrides the presentation service. In the normal course of events.81) Calling Line Identification Presentation (CLIP) This first service deals with the presentation of the calling party's telephone number. Calling Line Identification Restriction (CLIR) The calling line restriction service is subscribed to by a person not wishing their number to be presented. but there are situations (such as forwardings) where the number connected is not the number dialled. Number Identification Supplementary Services (GSM Recommendation 02. at the start of the phone ringing. The person subscribing to the service is the calling party. and which are at various stages of development.GSM . 9. There are further interactions. Connected Line Identification Presentation (COLP) This service is provided to give the calling party the telephone number of the person to whom they are connected. It would be inappropriate to give too many details. In the meantime the name of each and a brief description is given below. between the barring services and other Supplementary Services. The person subscribing to the service receives the telephone number of the calling party. Connected Line Identification Restriction As may be expected there are times when the person called does not wish to have their number presented. Michael Clayton Page 67 .3 Phase 2 Supplementary Services53 There are a number of other Supplementary Services that have been identified. which can be deduced by common sense. so that the called person can determine who is ringing prior to answering. some quite subtle.

caused by its application to the mobile environment. which has no limit on the number of conferees. once set. The victim would subscribe to this service.GSM . This is a difficult service to implement in the mobile environment. The definition for this service is not stable. Multi-Party Supplementary Services (GSM Recommendation 02. or make another call). It is expected that ISDN will be used for planned or large conference calls. allows them to be notified when the called party is free. Call Completion Supplementary Services (GSM Recommendation 02. However.83) Call Waiting The call waiting service. using a simple command. there are enough differences. The subscriber can then accept or reject the call. and then they could cause known malicious calls to be identified in the PLMN. for it to be known by a different name. Page 68 Copyright ©1991.Global System for Mobile Communications Malicious Call Identification (MCI) The malicious call identification service was provided to combat the spread of obscene or annoying phone calls. this service. in that several calls may be connected with all parties talking to each other. Michael Clayton .84) Multi-Party Service This service is similar to a conference type service. allows the subscriber to be notified of an incoming call when they are in the middle of another call. and then to subsequently retrieve the original call. whereas GSM will be used for impromptu multi-party calls. Completion of Calls to Busy Subscribers When a subscriber makes a call and the called party is busy. This identified number could then be passed to the appropriate authority for action. It should be noted here that there are no restrictions for any GSM subscriber to be a part of an ISDN Conference call. and to have the call automatically re-initiated. Call Hold The call hold service allows the subscriber to put an existing call on hold to perform some other function (such as answer a waiting call.

or B. To charge B is technically difficult). Furthermore. however. require more investigation. The amount of information is limited. then it is not clear who should be charged for the rest of the call (A. intrusions can be limited only to those members who wish to talk with each other. and numbers (such as telephone numbers). Call transfer and Mobile Access Hunting have been separated because they are not a phase one service. This party can be either another GSM Mobile Station. who asked for the call transfer. Copyright ©1991. This service does. and are not stable. who initiated the call but is no longer a participant.) Call Transfer The call transfer service allows the subscriber to transfer a call to another party. but may include text (such as names and addresses). this service can also be utilised.82) The call forwarding services also come under this heading. Charging Supplementary Service (GSM Recommendation 02. One of the difficulties with this service is the billing ramifications.86) Advice of Charge There are many people who receive a shock when the phone bill for mobile services is received. Michael Clayton Page 69 . In this way. If A calls B.87) Transfer Supplementary Services (GSM User-to-User Signalling This service allows the subscriber to send and receive information to and from the person with whom they have an active call. in a slightly different form. or indeed a person on a different network. Call Offering Supplementary Services (GSM Recommendation 02.Global System for Mobile Communications Community of Interest Supplementary Service (GSM Recommendation 02. by those Service Providers who wish to offer rental services to subscribers without their own Subscriber Identity Module (SIM). Additional Information Recommendation 02.85) Closed User Group This service is provided on GSM to enable groups of subscribers to only call each other. and B asks to be transferred to C.GSM . This service was designed to give the subscriber an indication of the cost of the services as they are used.

The opposite function to activation is termed deactivation. The concept behind it is to allow a call placed by a subscriber to be offered to several Mobile Stations in a predetermined order. If an erasure takes place then this information is not available and the service cannot operate. whenever a service is erased. it is also deactivated at the same time if it is operative. An example of the sort of information that may be registered is the forwarding number. and the Bearer/Teleservice for which the Supplementary Service is to be set. where it is loaded onto the PLMN. As in the case of erasure. normal call procedures are adopted. which refers to the action required of the Operator to make this service available to the subscriber. 9. The first function is provision. This function should not be confused with implementation of a Supplementary Service. been turned on (activated). So. The opposite of this is withdrawal which makes up the second function. While it is implicit that a charge is made for the provision of the service. Michael Clayton .Global System for Mobile Communications Mobile Access Hunting The definition of this service is not yet stable.GSM . it is possible for activation and registration to occur concurrently. These functions cover the requirements for each service to make it work. Finally. a call forward may be subscribed to (provisioned). each service is described in terms of seven functions. Once a Mobile Station accepts the call. Page 70 Copyright ©1991. but only be invoked when an incoming call is made to that Mobile Station. this is entirely a matter for the Operator. or the öturning onì of the service. As an example of the use of these functions. in order for some services to work. and it is a function carried out either by the user or automatically by the PLMN. After registration comes activation. in which the registration information is deleted. to how it is actually set in motion. A special condition exists here since. have the forwarding number stored for speech calls (registered). the information registered needs to be present. This can be under subscriber control or under Operator control. It depends on the service whether this is a separate function or not. Provision is really the way a subscriber may gain access to the service. The opposite of registration is erasure. Next comes the registration of the service. there is another function which covers the setting in motion of the service.4 Using Supplementary Services54 To make the application of Supplementary Services universal in the GSM recommendations. which involves the programming of information required for it to function. and range from how it is provided for use by the Operator. This is invocation.

Copyright ©1991. call forwards require all of the above functions. and so they are left out or combined. call waiting does not require any supplementary information to work and so there is no registration.GSM . Conversely. For instance.Global System for Mobile Communications Not all of these functions are required in the use of some Supplementary Services. Michael Clayton Page 71 .

which would normally be attached to an Home Location Register (HLR) but be located in a secure environment. are algorithms. Also. one concerned with impersonation of valid Subscriptions and the corresponding fraudulent use of Public Lands Mobile Network (PLMN) resources. at time of manufacture. GSM provides Authentication and Ciphering over the air interface.1. There are two areas of security provided in GSM. two options exist to generate the RAND and SRES pairs. the IMSI's and Ki's for all subscribers to that network are known. In GSM terminology. so that only the PLMN and the SIM know the secret key. The Ki is stored in the SIM at pre-personalisation and in the PLMN in a secure environment. They are one-way in the sense that. then the Mobile Station is positively identified as being the one claimed. The first involves an AUthentication Centre (AUC). To combat these two areas. The A3 algorithm needs two inputs to reach a result: a random number supplied by the VLR. This calculation is done both in the PLMN and the SIM. and another concerned with eavesdropping. 10. If the response from the SIM matches that in the PLMN.Global System for Mobile Communications 10 PLMN SECURITY55 By virtue of the open nature of radio communications. security is an important feature of GSM. it is very difficult or impossible to work out the key by which the results are reached. Michael Clayton . The procedure takes place between the Subscriber Identity Module (SIM) and the Visitor Location Register (VLR) in the PLMN. with all information passed transparently by the components in between. or complex oneway calculations. and the result issues from it. Within this functional component. It should be emphasised that the Authentication procedure at the Mobile Station is done purely by the SIM. in the case where more than one Page 72 Copyright ©1991. The algorithm for GSM authentication is called the A3 algorithm.1 Authentication56 This process is designed to be as secure as circumstances allow. with only the RAND and SRES being exposed to the insecure air interface.1 PLMN Side On the PLMN side. The random number and Ki are applied to the A3 algorithm. Embedded in the SIM. 10. the Random Number is called RAND and the result is called SRES (Signed RESponse).GSM . not the mobile equipment. given a series of inputs and the corresponding results. and an Authentication Key (Ki) which is unique to the subscriber.

GSM . All the VLR does is to select a RAND/SRES pair.2 Transmission of Authentication Key This leads on to the second method. the calculation is done in real time each time the Mobile Station is authenticated. the identity of this too is linked to the appropriate IMSI/Ki pairs. Copyright ©1991. or encryption. This does not stop eavesdropping. 101.2 Ciphering57 The second security function provided in GSM is that of ciphering. with the consequence that deciphering takes place as soon as data is received. this means that the mechanism is a low level function. It then discards the pair. that this mechanism does not provide end-to-end protection. In most cases. All the AUC does is to generate several RAND/SRES pairs for a given International Mobile Subscriber Identity (IMSI) at a time. Using this method. which in turn passes out the pairs to a VLR for storage and subsequent use. However. This is to allow signalling messages to be understood at the Base Station System (BSS). the details of the algorithm which should be used. The advantage of this method is that the VLR does not have to know the Ki or even the algorithm.Global System for Mobile Communications Authentication Algorithm is used. only protection over the air interface. security must be compromised. This is especially useful where international roaming comes into play and foreign networks need to authenticate roaming subscribers. are also included. LAI). However. to be able to authenticate a Mobile Station. this is the HLR for that subscriber. Michael Clayton Page 73 . and compare the result sent back with the SRES stored. 10. therefore. TMSI. and pass them back to the inquirer. and protection of user data. but ensures that what is heard is unintelligible. In the case where several algorithms are used. such as speech. send the RAND to the SIM. but the primary areas are protection of user identification signalling data (e. not least because the VLR would not normally be as secure as the AUC. The same mechanism is used in both areas: that of ciphering the raw bit-stream data sent over the air interface. which is less secure and therefore less likely to be used.g. The method revolves around having the algorithm stored in the VLR and sending the Ki to the VLR on request. of data over the air interface. It should be noted. It is a network Operator option as to which method to implement. There are several areas where protection of user data is required.

The setting of the new Kc is indirectly obtained from authentication. it needs a Key called the Cipher Key (Kc). Ciphered data 011100 + Cipher stream 101001 To ensure that the added Cipher bit stream is the same at both ends. Whenever Page 74 Copyright ©1991. All that needs to be done is to take away the known bit stream from the received data.Global System for Mobile Communications 10. During authentication. is not itself sent over the air interface. a random number is generated in the PLMN and sent to the SIM. values of Kc are computed at the same time and in the same place (for example the Authentication Centre) as the RAND/SRES values. so that the known bit stream. This is put through the A3 algorithm with the Authentication Key (Ki) to obtain a response as described above. To obtain the Cipher Key. which was added. the same algorithm must be used at both ends.GSM . In fact. and is only implemented on the SIM. Kc. which. 10. On the PLMN. resulting in the original data once more. Cipher stream 101001 User Data + 110101 = 011100 Ciphered data At the far end. although known at both ends.2. and it is implemented in the mobile equipment. is available there also. This gives the procedure security. At the local end the cipher stream is added to user data. To work. and is never sent over the air interface. Remember that Ki is only known by the SIM and the PLMN. this algorithm is known as the A5 algorithm.2. Michael Clayton = 110101 User data . In GSM. and a known bit stream which is derived from a cipher algorithm. which results in the original data without the necessity of a subtraction. this same random number is put through a different algorithm with the Ki. An example is shown below. The different algorithm is called the A8 algorithm. The same cipher algorithm is run independently at the other end with the same parameters. a bit by bit binary addition is used in both cases.1 The ciphering method The ciphering method relies on adding together the data.2 Cipher Key (Kc) setting Mutual key setting is the procedure that allows the Mobile Station and the PLMN to agree on the Cipher Key (Kc) to use in the A5 cipher and decipher algorithms. the same cipher stream is added to the ciphered data to retrieve the user data.

In this case. As a consequence. and it is just a matter of ensuring that both ends still have this key. or when the SIM is taken out. Normally the process is started on the Dedicated Control CHannel (DCCH). the RAND/SRES/Kc values are known as Triplets. 10. As soon as the Kc is identified. and is always initiated by the PLMN. another mechanism exists to allow agreement without running the authentication procedure. and they are stored together. by the mobile station until it is updated at the next authentication. the ciphering process on the Base Station System (BSS) side starts as soon as a frame or a message from the Mobile Station has been correctly received. using the Cipher Key Sequence number.4 Synchronisation Synchronisation of the ciphering stream at one end. is required for the ciphering and the deciphering bit streams to coincide.3 Starting of the ciphering and deciphering processes The Mobile Station and the BSS must choose to start ciphering in a coordinated way.2. to ensure that the user data can be retrieved. and of the deciphering stream at the other. the BSS starts to decipher information received from the Mobile Station. The Cipher Key Sequence number is incremented every time the A8 algorithm is run up to a value of four after which it returns to zero. the key used for ciphering is the one set up during the preceding DCCH session (Call Set-up). The key Kc may be stored. the ciphering and deciphering processes start immediately. Copyright ©1991. at the BSS. This timing is indicated in the message to the Mobile Station to start ciphering. Figure 43: Cipher Start Sequence44 On receipt of the Start Cipher message. When a Traffic CHannel is allocated to the Mobile Station for transmission of user data. since no sensitive information can be sent until ciphering is in place. 10. it is sent to the BSS. and deciphered.Global System for Mobile Communications RAND/SRES pairs are supplied within the PLMN. this sequence number is sent over the air interface and compared. To ensure that the Kc is the same at both ends. which immediately sends a message to the Mobile Station to start ciphering. and used. Michael Clayton Page 75 . In this case. Finally. the last Kc is used. This is done quickly.GSM . the Mobile Station starts ciphering and deciphering simultaneously. As soon as the message to the Mobile Station has been sent.2. the Kc values are given also. While the key setting is normally triggered by the authentication procedure. This is achieved by controlling the A5 cipher algorithm using an explicit time variable as an input to the algorithm in addition to the Kc.

to allow product differentiation.1 Mobile Equipment Features59 There is a minimum requirement.GSM . initialisation data) is transmitted within the system infrastructure to enable the communication to proceed from the old BSS to the new one.5 Handover When a handover occurs. 11.g. However. which must be present for the mobile equipment to be deemed a GSM mobile terminal.10. In this section. there are some mandatory features and functions. key Kc. as well as in conjunction with it. prior to pressing the SEND button. once more. in terms of features. However. that mobile equipment merely conforming to them could well be considered archaic. 11 MOBILE EQUIPMENT58 The report has so far dealt mainly with the GSM infrastructure and only touched on the Mobile Station in terms of its functionality. there are several areas which are not be covered under infrastructure but which are. Hence it is prudent.Global System for Mobile Communications 10. the mobile equipment is dealt with in isolation from the Subscriber Identity Module (SIM). despite what the manufacturers may claim. nonetheless important. It is also worth pointing out that ETSI-GSM has allowed a fair degree of latitude to the mobile manufacturers. They are: Display of called number This refers to the display of the number input. Michael Clayton . which will be type approved. to emphasise the difference between a piece of mobile equipment and a Mobile Station. Page 76 Copyright ©1991.2. The key Kc remains unchanged at handover. It is also only mandatory for mobile terminals which require a human attendant. In fact they are so limited. the necessary information (e. The appropriate ETSI GSM recommendation for reference is 11. Mobile equipment becomes a Mobile Station when a SIM associated with a valid subscription is inserted.

Subscription identity management This is a little esoteric. entered twice) before it is presented to the SIM. there is no reason for a specific roaming indication not to be supplied as well. The only sure way is to make an access and test the errors received. It involves identifying what information needs to be deleted once the SIM is removed. Invalid PIN indicator This is a display feature to indicate that an invalid Personal Identification Number (PIN) has been entered. Country/PLMN selection This refers to the means by which the subscriber chooses which PLMN to access when roaming and given the choice. Country/PLMN indication This is merely an indication of which country and PLMN the Mobile Station is attached to. but essentially deals with the scenarios regarding the removal of the SIM and safeguarding the identity of the IMSI. It is up to the mobile equipment to manage the means by which the new PIN is verified. recorded messages and text displays from the Public Lands Mobile Network (PLMN). The form this indication takes is actually being coordinated under the control of the MoU-SERG group. A small point worth noting here is that. the SIM only accepts the old one and the new one. and normally takes the form of a 2-3 country letter indication and a PLMN name. when the PIN is changed.GSM . This is not a simple process because pure signal strength in a Time Division Multiple Access (TDMA) system is not always a good indicator. It is on the basis of this that stolen equipment may be identified.Global System for Mobile Communications Indication of call progress signals These are the tones. Michael Clayton Page 77 . Copyright ©1991. and which may be transmitted to the PLMN when requested. (e. Service indicator This is an indication of the adequacy of the signal to allow calls to be made. International Mobile Equipment Identity (IMEI) This is a unique Identity sealed into the equipment.g. A special section deals with this later. While it implicitly indicates when roaming has occurred.

it is up to the PLMN Operator. In the same recommendation dealing with mandatory features (ETSI-GSM 02. Page 78 Copyright ©1991. This must be supplied on every mobile.GSM .Global System for Mobile Communications Emergency call capabilities This refers to the capability for the Mobile Station or the mobile equipment to make emergency calls. It may seem improbable at this point that a subscriber will change phones often enough to worry. past experience has taught Operators that if there is a problem with the setting of a service. The Man-Machine interface deals with this in more depth. using their licence as the terms of reference. Michael Clayton . If all of these Operators had their way then the mobile equipment would be versatile indeed. However. sooner or later they are asked to solve it. 11. In doing so the mobile equipment should not affect the PLMN by radiating any signal. the list is by no means exhaustive and represents only part of the wishlist for a GSM mobile terminal. who are used to a universal service yet have different commands to access it. which allow the Supplementary Services to be set up using just a 0-9. The mandatory portion is the use of an emergency signal to gain access to emergency services with or without a SIM. despite this. The above are the mandatory features for the mobile equipment. So imagine the problem facing GSM subscribers. irrespective of the Manufacturer methods for accessing these services.2 Man-Machine Interface60 One of the main difficulties facing users of mobile equipment is the difference in the way mobile phones achieve similar functions. but on another it could be öFCN 51ì. * and # keypad (ETSI-GSM 02.30). However. Moreover. but the advent of the Subscriber Identity Module (SIM) means that this is more likely to occur than before. Their offerings should surpass what is laid-down in the GSM recommendations. It is expected that PLMN Operators will have individual wishes that match what will be available on the their own network. This is more efficiently done if the same control procedure can be used on any GSM Mobile Station.07) a number of optional features have also been identified. Control of Supplementary Services There is a set of universal commands. some of which require the presence of a SIM card. For some. retrieving the number of the phone could be öRCL #ì. but suffice it to say that most mobile manufacturers will be realistic but eager to please. Self testing The self testing is required to ensure that the mobile equipment is ready to operate properly. to determine whether to allow SIM-less mobile equipment to make emergency calls.

and SEND and END. the appropriate function is meant irrespective of how it is instigated. These are provision. but some GSM services may differ slightly. In this section. where call hold would be one of the former and call forwarding one of the latter. However. This is another reason why the reader should refer to the ETSI-GSM recommendation. for the sake of accuracy. the presence of a key pad on the Mobile Station is not mandatory. An example of registering information is the registration of the number to which calls should be forwarded. irrespective of how the information is input. registration is performed using: Copyright ©1991. registration. The concept behind the GSM MMI is that a well defined signalling system is used to send the information from the Mobile Station to the PLMN...80 series) to find out which functions are applicable to which Supplementary Services.1 Registration The general procedure for setting Supplementary Services occurs in two stages: the registration of information required by the service to operate. we are only concerned with registration. invocation. It is cumbersome in some respects. GSM has a standard Man-Machine Interface (MMI) which can be accessed by any GSM terminal with a key pad or some means of entering 0-9. +. where SEND and END are used. and the service for which this forwarding applies. In describing the Man-Machine Interface. the examples given below are generically correct. and it is left to the reader to refer to the ETSI-GSM recommendations (02. However. and therefore also needs a registration command. 11. *. much use is made of the words SEND and END.30 and 02. Michael Clayton Page 79 . #. For the purposes of this section. *. # and +. Also. A distinction often made between different Supplementary Services concerns those services which merely require a command to make them work. it is the safety net that the Operators believe is imperative. Whereas the call hold service only requires an activation command. and the actual activation of that service. Therefore.Global System for Mobile Communications Consequently. the generic approach is adopted here. to signify the use of the buttons used to start and finish a call.GSM . The distinction is sometimes highlighted using the terms in-call services and out-of-call services. activation and sometimes. the same information elements are required for both the standard MMI and any Manufacturer-specific MMI. and those which require additional information. 61. In GSM. the call forwarding service requires a forwarding number in order to work. activation and invocation. and it is fully expected that the mobile Manufacturers will think of more user friendly ways of achieving the same ends.2.1 Setting up Supplementary Services It can be seen from the section on Supplementary Services that there are different actions required to make them work. but there must be some means of entering 0-9. In the standard MMI.

an example of activation for call forward to 012345678 for Fax is given below. then the last supplementary information registered is used. In separating registration and activation. in which case it would be input in a specific order with each element being separated by a *. If no such information is included in the activation command. the # denotes the end of information. If this is not the case then any attempt to utilise the service is rejected by the network. For instance. ** 21 * 081234567 * 13 # SEND 62.2 Activation The second stage is the activation. and once again the NN(N) gives the Supplementary Service code. It is quite likely that more than one piece of information could be input. Si gives the supplementary information. Also included in this procedure is the supplementary information field Si. Note that in the second example. services being set up would normally be activated at the same time as registration. two commands would be required just to set up a service. it was decided to allow the activation procedure to also contain the supplementary information which would be registered as part of the activation. An example is given below of call forward unconditional (service code 21).. of the service. the NN(N) is the Supplementary Service code. So. Using the same example as above. * 21 # SEND or * 21 * +6181234567 * 13 # SEND It is assumed that a valid subscription exists for each service to be set up. in most cases. for the Fax service (service code 13). This is here since it was decided that. Page 80 Copyright ©1991.GSM . or turning on. the forwarding of calls may not always be applicable and so it may be turned off and on at will. to the telephone number 08 123 4567. Michael Clayton . The generic procedure for activation is: * NN(N) * Si # SEND The single * denotes the activation command. and the SEND refers to the button on the Mobile Station used to send the information..Global System for Mobile Communications ** NN(N) * Si # SEND Where the ** denotes a Registration command. the * is used as a separator between elements. the forward-to number is given as an international number not a national specific number.

since in most cases all that is required is an invocation of the service. there is some justification for showing how it looks now to give some indication of how it may look when completely stable. the principle is that one or two digits followed by the SEND function dictates the command. Conversely. However. then 2 SEND puts the existing call on hold and answers the waiting call. then the two functions of ending the current call and accepting the new call can be started by entering 1 SEND.3 Erasure/Deactivation Erasure of a service deletes any information in the network and also deactivates the service. The identifier for erasure is ## (the opposite of registration **) and for deactivation # is used (the opposite of activation *). After this timer expires the keystroke becomes invalid. there is no need to identify the service requested. If the subscriber wishes to clear the existing call and accept the new call. if this too cumbersome. deactivation of the service can be used to turn off the service without deleting the information. Also.2 In-Call Supplementary Services The in-call Supplementary Services are handled a little differently from the generic approach.GSM . To accept this call the subscriber must enter SEND.Global System for Mobile Communications 63. For all of these supplementary services.. 11. then all that is required is to press END after which the waiting call starts to ring as a normal call. because the commands are context dependent (e. for example. While the definition of some of these services is still going on. Some indication of the stability of recommendations is given in Annex 3. Copyright ©1991. The generic procedures for erasure and deactivation are:## NN(N) * Si # SEND (Erasure) # NN(N) * Si # SEND (Deactivation) In practice. Michael Clayton Page 81 . If the subscriber wishes to keep the existing call and merely find out who else is calling. and subsequent call handling operations follow.. and what follows may well change before this is complete. a waiting call cannot be accepted unless one is waiting).. the call forward version is #002#SEND. there is no real need for the supplementary information unless it is required to ensure the correct set-up is being deleted or deactivated. There is also a general deactivation command for most out-of-call Supplementary Services.4 Call Waiting Once a call is indicated as waiting there is a time limit in which the subscriber needs to give a command.. 64.g. There is no need to add any stars or hashes to identify the activation.2.

. The process for connecting each call is essentially the same.6 Multi-Party A multi-party call is essentially an extension of the call hold and call waiting services. 11.3 Type of Numbers It has been mentioned among the requirements for the key pad. However. if the subscriber definitely does not wish to accept the waiting call. up to a limit of five calls (six parties including the controller). then entering END clears all calls. Once the call is set up. At any time the subscriber can connect all parties by entering 3 SEND.. by entering 2 SEND. Thereafter by entering 3 SEND.5 Call Hold During a call the subscriber may wish to contact someone else briefly. If at any stage a party wishes to leave the multi-party call. that the + key.. If at some stage the subscriber wishes to clear one call. or some means of entering it is needed. if a specific party is to be released then entering 1x SEND can be used. the new call is added to the held calls and they all become active once more. All that is required is for the subscriber to enter the required number and press SEND. However. 66. This puts all the active calls on hold and sets up the new call. This is easily done by entering the required number and then pressing SEND. Where the subscriber wishes to end the call.Global System for Mobile Communications Thereafter the call scenario is that of the call hold service with the corresponding commands..) Rather than making the subscriber remember all the myriad Page 82 Copyright ©1991.2. the subscriber can just ignore the waiting call. then a 0 SEND rejects the waiting call. This is the method used for building up a multi-party call. Finally. this is not standard across the world (0011 in Australia. where x is the specific call numbered in the order of set-up. or 1 SEND clears the active call and return the held call. since it is through these two services that a multi-party call is built up. Michael Clayton . The reason for this is that it is used to indicate an outgoing international call. without connecting them. but the subscriber may wish to connect a third or fourth call.GSM . all they need do is enter END. The method of indicating an international call on the fixed telephone network is done by a specific access code. Alternatively. then a 0 SEND clears the held call. which would require them to put the existing call on hold. the subscriber can then shuttle between the calls. Entering 3 SEND connects a held call and an active call. 65. 010 in the United Kingdom (UK) etc.

with national specific numbers accessed as a subset of this. The only way this can be done would be indicate a Network Specific number and let the PLMN filter out the special numbers. Initially it normally looks for the Home PLMN first but in the process of doing this. nationally and internationally. these numbers are used in different networks.69). then the Mobile Station starts the procedure as Copyright ©1991. and hence Number Plans were devised. There is some provision for TON and NPI to be used in the Subscriber Identity Module (SIM) on the Abbreviated Dialling Number Data-field. It may be surprising. Telex (F. Network Specific. Invariably. and at the same time include the ISDN/telephony (E. There is also some redundancy left for future extensions.GSM . One of the values it can take is ISDN/telephony Numbering Plan. 11. accessed by a +.163/E. It may appear at first that telephone numbers have no special structure. National. which is signalled to the PLMN as a Type of Number (TON) in the call set-up message. and these have been identified as. However.164). However. In the normal course of events. other than the +. in addition to national numbers. the structure of numbers was standardised to give some order to the process. There are some interesting possibilities regarding the TON and NPI. If one of these is the last registered PLMN or the Home PLMN. there is no MMI to utilise them. Data (X. to allow parties to contact one another. The main reason for this is that the PLMN Operator will wish to have some special services accessed by special numbers.121). the Mobile Station defaults to one value.164) as a subset for normal telephone numbers. this is not done entirely by TON. National Number. or Unknown. the + indicates an international call. The NPI can take other values these being: ISDN/telephony (E. corresponding to internationally recognised numbering plans. with the only other value being International.163/E. it identifies up to 30 Broadcast Control CHannels (BCCH) from any PLMN giving service. leaving the options open for the mobile manufacturers to exploit. This TON can take other values than just International. Dedicated PAD. Michael Clayton Page 83 . but they have an explicit function to identify the end destination. As a consequence. but the probable default value would normally be Network Specific. for the purposes of this section. It is the National number plan which would allow the Operator to add their own special numbers.3 PLMN Selection67 One of the first things a Mobile Station does when switched on is to look for a PLMN on which to register.Global System for Mobile Communications access code combinations. Private and Unknown. and as this report is written they are still being developed. In conjunction with it is another indicator called Number Plan Identifier (NPI).

GSM - Global System for Mobile Communications described earlier to register. However, if none of these belong to the last registered or HPLMN, then another PLMN needs to be chosen. There are two methods which apply to GSM, Manual and Automatic selection, and the Mobile Station can be programmed by the subscriber to swap from one mode to the other. Once the top 30 BCCHs list has been constructed, it is analysed to find which PLMNs each belongs to, and a list of available PLMNs results. This list of PLMNs is used as the basis for both manual and automatic modes. In the Manual PLMN selection mode, the subscriber is presented with this list, given as a country code of two or three letters and the name of the PLMN, and prompted to choose one PLMN. The means for choosing the requested PLMN are left to the mobile manufacturer, but once it is chosen the Mobile Station attempts registration as before. In Automatic mode, the user does not need to do anything. On the SIM is a preferred PLMN selection list, in which the subscriber (or the Operator) has stored all the PLMNs in various countries in the order that access attempts should be made. The Mobile Station compares the preferred list starting from the top, against the available PLMNs until a match is found. It then attempts to make an access. For whatever reason, it is possible that the access attempt could fail, in either mode. In cases such as this, GSM has built in a safety mechanism to reduce the amount of signalling over the air interface when the Mobile Station is in Automatic mode. When a registration fails, the Mobile Station stores the identity of the PLMN in a Forbidden PLMN list kept on the SIM. It contains only four PLMNs, and the addition of a new one causes the oldest one to drop off the end. In Automatic mode, each time a match between the available PLMN list and the preferred list is found, prior to the access attempt it is checked against the forbidden list. If the identified PLMN is on the forbidden list, it is disregarded and the Mobile Station moves on to the next available PLMN. A side effect of the whole process is that, in Automatic mode, any PLMNs on the forbidden list never get chosen. The only way to override this is to change to Manual mode. In Manual mode, the presence of forbidden PLMNs in the list of identified PLMNs may cause that PLMN to be marked as forbidden. However, there is nothing to stop the subscriber still requesting that PLMN, whereupon a registration attempt is made. If this attempt is successful, the entry in the Forbidden List is deleted. There are commercial ramifications to the PLMN selection list that should be mentioned. Because this list dictates the order in which the available PLMNs should be tried, an advantage is gained by an Operator having their PLMN listed above their competitor's on the SIMs of subscribers roaming to that country. This Copyright ©1991, Michael Clayton

Page 84

GSM - Global System for Mobile Communications may be exploited by Operators through mutual agreement so that, by default, each will carry the traffic of the other's subscribers when roaming into its area of coverage.

11.4 Mobile Station Access Class Mark68
Congestion is a problem in any network, and may well occur at some stage with GSM. One important consideration in a congestion situation is to stop the PLMN from overloading to the extent that it öfalls overì. The best way of doing this is to prevent groups of users from attempting to access the PLMN, but how can these groups be identified? This is done in GSM using access classes, which are stored on the SIM. There are fifteen of them, 0 to 9, and 11 to 15 (class 10 does not exist). Normal subscribers will have a class between 0 and 9, and so when a group of subscribers needs to be barred temporarily from a particular area of the PLMN, one or more of these classes can be chosen. If this is done then the Broadcast Control CHannel (BCCH) broadcasts a list of authorised access classes. The Mobile Station checks the allowed class against its own and, if not allowed, it does not attempt to make a call. The only time this can be overridden is if an emergency call is requested. However, also indicated on the BCCH is whether emergency calls are allowed from all Mobile Stations or only from special classes. These special classes are in the range from 11-15. They must be specially programmed by the Operator and their use is restricted to the HPLMN and Home country. Any high access class Mobile Station roaming internationally must revert back to a normal, 0-9 access class. Despite their parochial nature, their use has been defined. Class 11 is for PLMN use, and class 15 is for PLMN staff. Class 12 is reserved for security services, class 13 for public utilities (e.g. gas, water, etc.), and class 14 is for emergency services. It follows that classes 12, 13 and 14 are valid within one country, whereas classes 11 and 15 are only valid in one PLMN.

11.5 R and S Interfaces69
Data transfer over GSM has been designed to be flexible, and so it is expected that the interconnection with the Mobile Station for data communications would be reasonably easy. To this end two data ports have been incorporated in the Mobile Station, the R and the S interface. While the physical connection has not been standardised, which may cause some difficulties, the protocol has. The S interface is effectively the same as would be found on an Integrated Services Digital Network (ISDN) terminal. The R interface is equivalent to a standard nonISDN interface such as the CCITT V or X series. However, there is a limited amount of functionality that can be incorporated in a Mobile Station, and the provision of the R and S interfaces is optional. It is quite Copyright ©1991, Michael Clayton Page 85

GSM - Global System for Mobile Communications possible that one or both of these interfaces involves an extra adapter to give the required input to the Mobile Station. This is, once again, entirely up to the mobile manufacturer.

11.6 International Mobile Identity Number (IMEI)70
The IMEI is the electronic number that uniquely identifies the mobile equipment. It is the electronic serial number of the equipment, and is not normally used by the PLMN for standard procedures. However, provision has been made for the PLMN to request the IMEI at any time during a call, including during the call initiation procedure. This is for two reasons. Primarily, the IMEI is used to identify those mobile terminals that have been type approved. Secondly, the IMEI also enables the Operator to identify stolen equipment. The responsibility for this IMEI has been given to the manufacturer of the equipment, who must ensure that each IMEI is unique, and keep detailed records of released mobile equipment. This may seem like a large task but, when a piece of mobile equipment passes through type approval, it is given a type approval number which forms part of the IMEI. All the Manufacturer need do is add the actual unit and manufacturer number. 6 Digits ³<ÄÄÄÄÄÄÄÄ>³ ÚÄÄÄÄÄÄÄÄÄÄ¿ ³ TAC ³ ÀÄÄÄÄÄÄÄÄÄÄÙ 2 Digits ³<ÄÄÄÄÄÄÄ>³ ÚÄÄÄÄÄÄÄÄÄ¿ ³ FAC ³ ÀÄÄÄÄÄÄÄÄÄÙ 6 Digits ³<ÄÄÄÄÄÄ>³ ÚÄÄÄÄÄÄÄÄ¿ ³ SNR ³ ÀÄÄÄÄÄÄÄÄÙ 1 Digit ³<ÄÄÄÄÄ>³ ÚÄÄÄÄÄÄÄ¿ ³ SP ³ ÀÄÄÄÄÄÄÄÙ

Figure 45: Composition of the IMEI46

The TAC is the Type Approval Code, and it is determined by a central body, yet to be identified. The Final Assembly Code (FAC), is used to identify the place of manufacture and final assembly. The Serial Number (SNR) is the manufacturer defined unit number within the TAC and FAC and finally, the SP is a spare digit for future use. The IMEI is not part of the subscriber's data unless it is expressly desired, and even then at the discretion of the Operator. However, some guidance is given regarding white, grey and black lists of IMEIs. The white list contains all number series issued from different participating GSM countries (i.e. those mobile terminals which have been type approved in that country). The black list contains Copyright ©1991, Michael Clayton

Page 86

Michael Clayton Page 87 . This is an issue which remains to be discussed within the GSM Memorandum of Understanding (GSM-MoU). stolen mobiles). They are not barred but reported to the operation and maintenance staff with the International Mobile Subscriber Identity (IMSI). While this guidance is given. it can be black listed.GSM . The staff may wish to call the subscriber using the equipment to ask them to have it checked. if the equipment causes too much disruption. Copyright ©1991. there is no specification as to how it must be implemented.Global System for Mobile Communications individual IMEIs that need to be barred for whatever reason (e.g. Alternatively. The grey list records those pieces of mobile equipment that may be faulty.

GSM . has been specifically designed for GSM to fulfil a role similar to that of existing cellular systems. 12. and placed in a different piece of mobile equipment. applies. The two SIMs have been physically designed to fulfil two distinct roles. Michael Clayton . however. To facilitate this and give flexibility. Whereas in existing cellular systems the Mobile Phone contains the subscription identity. öwith the GSM SIM any phone is your phoneì. In this way. It comes in two forms which are functionally identical.1 Description72 Physically. but differ in size. ISO 7816/3. slightly above the middle line of the card. or technically. the importance of the SIM cannot be ignored. The small size allows for the module to be placed semi-permanently in the mobile equipment. There is a further scenario which GSM has taken into account. This section deals with the content of the SIM and its functional characteristics. although the subscriber can remove it. the SIM has been designed to be inserted or removed by the subscriber. becomes the Mobile Station for that subscription. As the glossy advertising puts it. or SIM. This card can be removed from the mobile equipment by the user. It can make calls and receive calls for that subscriber and have them billed to the subscription of that SIM. Exaggeration apart. with some slight exaggeration.Global System for Mobile Communications 12 SUBSCRIBER IDENTITY MODULE71 The use of a Subscriber Identity Module (SIM) marks a major departure from the existing situation in most cellular communications networks. in GSM this is now kept in a small credit card sized smart card. the IC card SIM conforms to international smart card standards (ISO 7816 series). any piece of GSM mobile equipment which can take the card. For the Plug-in SIM only. It then goes on to talk about the commercial ramifications. The Plug-in SIM. which defines electrical and protocol characteristics. The IC card SIM is intended to be inserted and removed from the Mobile Station on a regular basis. either commercially. The Plug-in SIM is much smaller (~25mm square) with the contacts central to the card. The IC card SIM is the size of a credit card with a set of six standard contacts diagonally on the left hand side. While it is expected that the Plug-in SIM is semi-permanently inserted in the mobile Page 88 Copyright ©1991.

is not allowed. In this case the larger IC card SIM inserted takes precedence over the Plug-in SIM. from the root directory stem two application directories. There are six contacts in all. which is able to manipulate and store data. The power supply to the card is supplied via the same contacts used for data transfer. The Tel-AD could contain the user's telephone directory. As is the case normally. the data fields it stores are set up in a directory structure. Like a microprocessor in a personal computer. the SIM microprocessor has instruction sets and an operating system. but all of it must be non-volatile. if the IC card SIM is removed during a call the call is terminated. 12. Sometimes there is some security included. It has a storage medium. the inserted card will only take over once that call has been cleared. Hence. some semi-permenant. The SIM data storage scheme has been designed to be flexible. needs to store a great deal of information. 12.3 SIM Content74 The SIM. The GSM-AD contains such things as the International Mobile Subscriber Identity (IMSI) and the last Location Area Identity. it may be possible for this equipment to also take an IC card SIM. access by other applications. The information stored in the GSM-AD is secure to varying degrees.2 Internal Electronics73 A SIM consists of a small microprocessor embedded in plastic. Once the IC card is removed. or the Short Message Service (SMS) storage field. However. allowing a subscriber with a full sized SIM to borrow a phone without having to disturb the owner's plug-in SIM. Serial Number Copyright ©1991. ensuring that the data field is only accessed by the appropriate entity. whereas the Tel-AD has limited access so that other telecommunication technologies can access the data. This allows the applications of the SIM to grow and not be limited to one situation or application. While it is unlikely that an IC card will be inserted during a call. where certain data is kept in partitioned areas.Global System for Mobile Communications equipment. the Plug-in SIM takes over. even to the extent that GSM-related data resides in a subdirectory so that the SIM may also support other applications. Also like a personal computer. Michael Clayton Page 89 . the GSM Applications Directory (GSM-AD) and the Telecom Applications Directory (Tel-AD). Some of this is static and some of it is frequently updated. They would simply insert their own SIM and that phone would become theirs as long as their SIM remains inserted. being the functional component of the subscription.GSM . such as banking applications. thereafter the Plug-in SIM takes over. some of which is permanent. and some of which is volatile.

without passing details of the key over the air interface. Authentication Key (Ki) This is the key used in conjunction with the A3 Authentication Algorithm to positively identify the Mobile Station. which is passed to the Mobile Station and used in the A5 Encryption Algorithm to provide a secure RF link. TMSI This is the temporary identification given to the Mobile Station while it is in the service area of a particular MSC/VLR. Status of SIM This refers to whether the SIM has been blocked by successive incorrect Personal Identification Number (PIN) entry attempts used to unlock the card. though it may also appear as part.GSM . It can Page 90 Copyright ©1991.g GSM) to which the application data field relates. assuming that one has not occurred since the timer was started. or all.Global System for Mobile Communications This is used to identify the card itself. It contains information regarding the manufacture of the SIM. Periodic Location Update Timer The Mobile Station has a clock which determines how often it needs to perform a Location Update. Michael Clayton . of the printed serial number. It cannot be read out of a SIM. Update Status This piece of data refers to the Location Update status of the Mobile Station. Cipher Key Sequence number At every Kc generation this number is incremented. It is used as a quick check to ensure that both the Mobile Station and the Base Station System (BSS) have the same key. and allows identification of some internal variances in the SIM such as the operating system version. Cipher Key (Kc) This is the Key generated using the A8 algorithm. which is used to uniquely identify each and every subscriber on any Public Lands Mobile Network (PLMN). Service code This refers to the service (e. It is stored electronically. is stored on the SIM to allow the PLMN to find the reference to the TMSI used in identification. IMSI This is the International Mobile Subscriber Identity. LAI The Location Area Identity of where the Mobile Station was last registered. It has local significance and so is normally used in conjunction with an Location Area Identity (LAI) for identification purposes. during which the counter is frozen and the value stored. This timer is independent of the periods when the Mobile Station is turned off.

and also the reasons for Update Failure. due to their sensitive nature. possibly forever. The GSM Memorandum of Understanding (GSM-MoU) dictates. so this field is included for Copyright ©1991. Preferred PLMN list This is a list of PLMNs stored in the order that the user wishes the Mobile Station to look for and try to access PLMNs when roaming. identified by this class mark. it only contains four PLMNs and once a new PLMN is added. It should be noted that. After ten incorrect consecutive attempts.GSM . PIN Error counter Every time an incorrect PIN entry attempt is made this counter is incremented. The list is not fixed. PIN Unblocking Key (PUK) This is used to unblock the PIN after it has been blocked by three consecutive erroneous PIN entry attempts. the PLMN can be configured to allow access only to certain Mobile Stations. If three consecutive incorrect attempts are made. the programming of certain emergency classes must be carried out specifically by the Operator. PIN enabled/disabled indicator This field indicates whether the Personal Identification Number function is required or not. A correct PIN resets this counter to zero. PIN Disabling allowed/not allowed indicator This field indicates whether the Personal Identification Number function is allowed to be disabled or not. at present. Also. that international roaming must be supplied for all subscription options. the card is locked. Inter-PLMN roaming allowed/not allowed This is an indicator defining when inter PLMN roaming is not allowed.Global System for Mobile Communications indicate whether it was updated. an old one drops off the end. the card is blocked. at Location Update time. Subscriber Access Control class In times of emergency. since the it can be overridden and deleted if a subsequent successful update occurs. PIN This is the Personal Identification number used to restrict access to the SIM. Forbidden PLMNs This is a list of PLMNs which have been forbidden to the Mobile Station. Michael Clayton Page 91 . Unblocking Counter This keeps a count of unblocking attempts.

GSM . Michael Clayton . Fixed Dialling Number field. Apart from the more secure information above.1 Production The first of these stages is production which is really outside the scope of this document. Pre and Re-Personalisation Keys These are keys that control the access to the SIM for the purposes of personalisation of the card. This list is by no means exhaustive. 12. The emphasis in this report is given to those stages necessary to get the SIM into the hands of the subscriber. it is blank and needs to be formatted in much the same way as a blank floppy disk used in personal computers needs to be prepared for use. before the SIM leaves the Manufacturer.2 Pre-Personalisation The next step is to allocate an International Mobile Subscriber Identity (IMSI) and Authentication Key (Ki). Also not included are those data fields related to supplementary services and those used for subscriber controlled data. This is performed in a secure environment.Global System for Mobile Communications completeness. it is locked so that only authorised personnel can access the card. Once it is completed the Pre-Personalisation Key is rendered inactive and a RePersonalisation Key is added for subsequent use. some aspects of the production are worth noting. This is the stage where the directory structure is added to the card and a unique serial number is written to it. and there are many administrative data fields not listed. and the Charging Counter. 12. Finally. It refers to several administrative data fields and is included for completeness. These include the Personal Identification Page 92 Copyright ©1991. 12.1. However. Once the card is manufactured. which is done at the Pre-Personalisation stage. Examples of these are the Abbreviated Dialling Number field.1. the Short Message Service (SMS) storage field. Pre-Personalisation and Re-Personalisation data This is data which is specific to a particular SIM and gives details of the Personalisation functions. This makes the card less vulnerable in transit. Pre-Personalisation is used to set up some internal workings of the card. These cannot be read out of the SIM. and is for further study. and requires the Pre-Personalisation Key.4 Lifecycle of SIMs75 The SIM card goes through several distinct stages during its lifetime.

Assuming that nothing untoward happens it should give several years of service before it needs replacing. 12. To unblock the card a similar operation is utilised where a PIN Unblocking Key (PUK) is used. If this PIN is incorrectly entered three times the card is blocked. or capital investment in having preprogrammed cards waiting idle at the sales outlet. the line between the Pre-Personalisation and Personalisation stages becomes blurred. Whereas in the analogue system. in GSM this is contained in the SIM.1.3 Personalisation This stage corresponds to the point where a Subscription and a subscriber are associated with the SIM. Whereas after only three incorrect attempts the SIM is blocked. Michael Clayton Page 93 . the penalty paid is extra lead time in getting cards from the Network Operator to the sales outlet.5 SIM Security76 Security on the SIM is not taken lightly. it can be seen that there is the option for the SIM to require a PIN before the mobile equipment can utilise it. The consequences of this include ensuring that the GSM Application Data Files are physically separate from other areas. From the data fields included on the SIM. and in this situation the card is rendered useless. and the subscriber Access Control Class. probably forever. The latter provides a second layer of security if required. and the status indicator of the SIM.Global System for Mobile Communications Number (PIN) disabling allowed/not-allowed function. The Network Operator has full control over the subscription. what goes into it and what does not. Therefore. and it is possible that both will occur at the same time. especially when different applications also Copyright ©1991. the PIN error counter.1.4 Normal Operation Once the SIM is issued to the subscriber and inserted into the mobile equipment. the initial PIN. it enters the normal operation stage. Data such as the Authentication Key (Ki) and subscriber related secret data must be protected at all times. After the tenth failed attempt the card is then locked. which can prematurely render the card useless. to unblock it ten failed attempts to unblock it are allowed. however. the mobile equipment contained all that was necessary to access the network. the personal unblocking key. This stage is also aligned with management procedures for setting up the subscriber's account. However. 12. In this case. There is one situation.GSM . since the distribution characteristics of SIMs have changed. rather than having to rely on third parties to program the equipment. These are significant problems which need to be addressed. some Personalisation data such as the date. the type of information loaded includes subscriber related information. 12.

Global System for Mobile Communications use the card. but it doesn't just supply the data. It was suggested that this information is left intact when the mobile equipment is switched off. compromise the security of any of these. an IMSI (if requested by the PLMN). The mobile equipment requests the PIN enabled/disabled status and. but there is no fail-safe function that explicitly deletes the subscriber information if a different SIM is then inserted. In the resulting exchange with the subscriber. by only acting on known commands. At this stage. the security function precludes that. SIM capability information and update status data. In the case of multi-application cards this must also be context dependent ensuring that no overlapping commands. the SIM always acts as slave and the mobile equipment takes the role of the master. some administration data. and finally the Cipher Key and the Sequence number. and time will determine if this requirement remains in the future. which is then presented to the SIM. The SIM responds with a yes or no answer and then opens up the access to the appropriate data files. This security must be set up internally to the card. Only after all this has been transferred is the Mobile Station ready for PLMN operations. but it takes time to transfer data across the SIM/mobile equipment interface. All subscriber related information stored in the mobile equipment and used in GSM PLMN operations must be deleted on removal of the SIM or when the mobile equipment is turned off. This could make the information vulnerable. forbidden PLMN list. It merely means that the mobile equipment initiates the SIM interaction. the requirement that the information is deleted each time the mobile equipment is turned off remains. if enabled. in such a way that the SIM does not recognise any commands other than the specified GSM commands. it waits for the mobile equipment to ask for it. the mobile equipment must request the Temporary Mobile Subscriber Identity (TMSI). Further requests result in the transfer of the Broadcast Control CHannel (BCCH) information. This does not mean that the SIM blindly carries out any mobile equipment command. 12. This is probably quite a severe requirement especially when the SIM is the Plug-in type and is seldom removed. The outward facing security must be equally stringent. A good example of this is the session initialisation procedure for the SIM/mobile equipment interface. Michael Clayton . and the SIM provides results. access control information. then the Location Area Identity (LAI). In this case the data is passed back and forth between the same SIM and mobile equipment combination every time the Mobile Station is turned off. Page 94 Copyright ©1991. it is the mobile equipment that governs the method of asking for the PIN. the mobile equipment starts the routine to check the PIN. Consequently. which are similar in each application.GSM .6 Start up procedure77 In the GSM application.

Global System for Mobile Communications In reverse. which could result in resynchronisation difficulties.GSM . depending on the in-session updating carried out by the mobile equipment. Copyright ©1991. the above information must be transferred back and stored when the Mobile Station is deactivated. It is worth noting here that no guarantee is made for the situation when the SIM is removed without warning. After this transfer the connection between the SIM and the mobile equipment is broken. and the Mobile Station powers down. Michael Clayton Page 95 . In this case there is a high probability that some information may be lost.

The Radio Frequency (RF) layer(s) in GSM applies to layers one to three of this model. apart from understanding the terms used in GSM.Global System for Mobile Communications 13 RADIO FREQUENCY LAYER IN GSM78 It has been mentioned that there is an international model which helps to describe telecommunications systems by breaking them down into layers. This leads to the two main channel types called. Page 96 Copyright ©1991. but allowance has been made for it now to avoid cross-phase compatibility problems. but before this is done. 13.1 Logical Channels79 The report so far has dealt with data transfer on Traffic CHannels. speech channels and data channels. These are referred to as Logical Channels in GSM.GSM . it is worth explaining what Logical Channels are. The term lower layers is used a great deal in the GSM Recommendations and it refers to the first three layers of the OSI model. it is expected that the Half Rate speech channel will not be utilised for some time. as part of GSM Phase 2 definition. The physical realisation of these channels is complex and is dealt with later.1 Traffic Channels The Traffic Channels are configured to carry user data. Consequently. It is not really necessary to go into any depth regarding this model. This data can be in the form of speech or in the form of pure digital data. 13. This is the Opens Systems Interconnection (OSI) model. They represent a specified portion of the information carrying capacity of the GSM Public Lands Mobile Network (PLMN). and can be regarded as the öpipesì for information transfer. or Control CHannels. each dealing with specific functions. not surprisingly. corresponding to the two data rates available from the two methods of speech encoding. and what they do. The Half Rate speech encoder is in the process of being defined at present. Full Rate and Half Rate. They are split into two groups. those which are configured as Traffic Channels and those which are configured as Control Channels. it covers all the necessary requirements to enable data to be transferred across the air interface between the Mobile Station and the Base Station System. for example. The speech channels also come in two forms.1. This chapter describes how data is transferred using channels and how the channels are physically realised. Effectively. Michael Clayton . from a computer terminal.

The Synchronisation Channel (SCH) takes care of this and at the same time is used to identify the PLMN.7 Broadcast Channels The broadcast channels cover those channels used by the Mobile Station to identify.8 Common Control Channels Like the Broadcast channels. on a cell by cell basis. Both the R. but there are other areas where synchronisation needs occur. The first is the Frequency Correction CHannel (FCCH). a raw data rate of 4. the Random Access CHannel (RACH) is used only in the uplink direction for Mobile Stations to make first contact with the PLMN. GSM relies on ensuring that the timing in the Mobile Station matches that of the PLMN.1. the PLMN. but this time the choice of which type to use is dictated by consideration of the most efficient use of resources for the user's raw data rate. In contrast. Michael Clayton Page 97 .. the Access Grant CHannel (AGCH) is used to reply to a Mobile Copyright ©1991. and are split into three types: Broadcast. and enable access to. 80. For instance. due to the vagaries of the R.. The FCCH controls the frequency between the Mobile Station and the BSS. The identification is given in the form of a Base transceiver Station Identity Code (BSIC). always needs to be monitored and adjusted.Global System for Mobile Communications The Data Channels also come in half rate and full rate. Common. The last of the Broadcast channels is the Broadcast Control CHannel (BCCH) itself. and synchronisation is supplied by packet numbering information. The sort of information it transmits includes what control channels are supplied and how they are configured.8kbit/s could be carried on either full or half rate. whereas raw data rates higher than that would only be carried on a full rate channel.F. which sends out information allowing the Mobile Station to fine tune its frequencies to that of the Base Station System (BSS). There are specific channels within these categories which are defined in the following sections. which need to be synchronised with the BSS. 81. This channel is used to transmit general information regarding the configuration of the Base Transceiver Station. carrier frequencies and the data timing frequencies are obtained using the FCCH..2 Control Channels The control channels are designed to carry signalling information only. and Dedicated control channels. three types of channel come under this heading. Information is sent over the air interface in packets.GSM . The Paging CHannel (PCH) is used only in the downlink direction (BSS to MS) to page Mobile Stations for incoming calls.F. Leading on from there. 13. and also how often paging takes place. a situation which. link..

However. Not unreasonably.. It is used only in the downlink direction. fast and slow. The difference between them is that the Fast Associated Control CHannels (FACCH) actually steal resources from the Traffic CHannel.9 Dedicated Control Channels (DCCH) Dedicated Control Channels are the signalling workhorses of GSM. This does not require a Traffic CHannel (TCH).. and are used for signalling. These are radio frequency channels available to the GSM system as a whole.2. through which interaction between the PLMN and the Mobile Station occurs. 82.. GSM uses the same frequency channel to support several calls.2 Physical Channels84 The radio spectrum is the physical medium used by GSM to transfer information. radio channels have been created by partitioning this frequency spectrum. in turn. The Associated Control CHannels come in two forms. 83. to enable in-call functions such as Handovers.. This channel.GSM . 13. like the PCH. the stand alone types are known as Stand Alone Dedicated Control CHannels (SDCCH) and those associated with TCHs are known as Associated Control CHannels (ACCH). unlike Location Updating. 13. and each is numbered. location updates are performed and calls are initiated.10 Cell Broadcast CHannel (CBCH) The one remaining control channel is the Cell Broadcast CHannel (CBCH).1 Time Division Multiple Access (TDMA) The radio channels are effectively the same as those that an analogue cellular system would use. whereas the Slow Associated Control CHannels (SACCH) wait for resources to become available. Others are standalone. Subsets of these frequency channels correspond to particular allocations to cells and/or Mobile Stations. In the GSM band. Some of these control channels are associated with Traffic CHannels. and is specifically used for the GSM Short Message Service cell broadcast feature.Global System for Mobile Communications Station making a random access on the RACH. This is achieved by allowing each call. Michael Clayton Page 98 . while an analogue cellular system uses one frequency channel for one call. to use the same radio frequency Copyright ©1991. is only used in the downlink direction. It is using these channels that the Mobile Station is authenticated. Their very nature as the major signalling medium over the air interface means that there are many types.

called a timeslot. This process is called Time Division Multiple Access (TDMA). and hence the pieces of information arrive at exactly the right time. and lasts for 4. a cycle from T0 to T7) is defined as a frame. each timeslot is received and separated so that all the timeslots of the different calls can be reassembled to form a continuous stream. However. which means that after call number 8 has transmitted data.2. In GSM.2. and a timeslot number in which to transmit. Michael Clayton Page 99 . then by the time it reaches the BSS. T0 to T7 inclusive. the number of calls is 8 and the use is cyclic. only half a millisecond long (~0. Copyright ©1991. A set of 8 of these timeslots (i.F. the Mobile Station must advance its timing by the same amount of time that the signal takes to travel to the BSS. for eight calls there would be eight timeslots. for reasons which will become apparent. channel of course. otherwise the calls start to break up. it will be late and will interfere.GSM . however. to do this. 13. the Mobile Station and Base Station System (BSS) would need to receive and transmit at the same time. one would expect that the same channel (timeslot number) would be used in both the uplink and downlink but. at the Mobile Station the delay is variable. each timeslot is numbered. The received pieces of data must all arrive at the correct time or they start to overlap. 13.62 milliseconds. If.3 Frame Alignment/Timing advance The key to the TDMA process working is synchronisation. then call number 1 would transmit once again. So. To ensure that the Mobile Station and Base Transmitter Station (BTS) transmit in the correct timeslot. a delay of 3 timeslots is built in between the reception of data and the transmission on the same timeslot number. It is therefore apparent that a physical channel in GSM corresponds to a frequency.577 mS) and so synchronisation is important.e. If the Mobile Station transmits at the correct time. then this extra time can be used in travelling to the BSS. and interfere. At the BSS. this delay is fixed. Figure 47: Time Division Multiple Access48 At the receiving end. the Mobile Station transmits early.2 Timeslots and Frames The timeslots used in GSM are very short in duration. There is a limit to how many calls can be put on the same R.Global System for Mobile Communications channel for a short period. However. with a different call being transmitted one after another in each one. To avoid this. The problem is that it takes time for a transmitted piece of data to travel from the Mobile Station to the BSS. So.

GSM - Global System for Mobile Communications
Figure 49: Adaptive Frame Alignment50

In fact it is the BSS which tells the Mobile Station by how much to advance its timing, since it can measure the difference between the time when a piece of information was due and the time when it actually arrived. The process is called adaptive frame alignment, and is continually monitored and adjusted by the BSS. To avoid start up problems, the random access is designed to have leeway built in to allow for transmission delay, so that interference does not occur. Thereafter, an alignment message is calculated and sent to the Mobile Station. Similar precautions are also built in for handover. In finely synchronised cells a quick calculation is done to determine what the difference of frame alignment between the Mobile Station and the two cells could be. From that, the alignment for the new cell is estimated and any discrepancies quickly ironed out once transmission starts. In cells which are not finely synchronised, a special handover access is used which, like the random access, has some leeway built in. 13.2.4 Frame Numbers The TDMA frames in the GSM system, consisting of 8 timeslots, are also numbered in a cyclic fashion. Using this numbering, multiframes, superframes and hyperframes are defined. The smallest is the multiframe, next comes the superframe and finally there is the hyperframe. Multiframes and Superframes There are two types of multiframes, 26 TDMA frames and 51 TDMA frames, which are used to support Traffic channels and Signalling channels respectively. These multiframes are built into a superframe of 1326 frames, in different ways. A superframe can consist of 51 of the Traffic channel multiframes (51x26 frame multiframes), or 26 of the Signalling channel multiframes (26x51 frame multiframes).

Page 100

Copyright ©1991, Michael Clayton

Figure 51: ???52

The reasoning for this revolves around the need for the Mobile Station to be able to monitor every Broadcast Control CHannel (BCCH) in the GSM PLMN. Because the BCCH needs to be found easily it is always located in timeslot T0. If a Mobile Station is also using timeslot T0, but on a different frequency, then they would always be transmitting at the same time, and so that BCCH would never be monitored. This is solved by using every thirteenth frame in the multiframe sequence as a Slow Associated Control CHannel (SACCH), on which the results of monitoring and a few other things, are reported back to the PLMN. For a 26 frame multiframe this SACCH might occur, for example, in frames 13, 26, 39, 52, and back to 13. However, in the 51 frame multiframe, the SACCH would occur in 13, 26, 39, and then, because the multiframe is only 51 frames long, the SACCH would then occur in frames 1, 14, 27, and so on. After the first multiframe the SACCHs do not occur together, and they appear to slip in relation to each other. It is not until the end of the superframe, when the slip has occurred across the whole superframe, that they once more coincide. Hyperframes The hyperframe is much larger, consisting of 2048 superframes. The reason for this much longer time frame (~3 hours 48 mins) is due to the use of the frame number as an input to the ciphering process. A time frame less that this reduces the difficulty of cracking the code. The definition of a physical channel can, therefore, be extended to become an R.F. channel, a timeslot number to transmit on, and a frame number. The addition of the frame number is now required because of the SACCH on every thirteenth frame. 13.2.5 Transmission Bursts It has been mentioned that a transmission of data occurs in a timeslot. To take this Copyright ©1991, Michael Clayton

Page 101

GSM - Global System for Mobile Communications a little further, the physical content of this transmission is referred to as a burst. This burst is divided up into approximately 156 bits (156.25), of which there are 147 which can be utilised. There are several types of burst, with different characteristics, used for specific purposes. For instance, the frequency burst just consists of fixed information used for timing purposes. The synchronisation burst, on the other hand, carries some encrypted information as well as some fixed data and tail bits. A dummy burst has also been defined and is similar to the synchronisation burst but carries mixed bits instead of data. Finally, a normal burst and access burst complete the list of different types. The normal burst, which is used for carrying voice and data traffic, has 4 useful sections. There are two sections of encrypted data, a trailing sequence and some tail bits. The rest is called the guard period, and allows for very slight variances, and time for the transmitter to ramp up to the required transmission power. The last of the bursts is the access burst. It is different from all the rest because it has fewer data bits and a much larger guard period (68.25 bits as apposed to 8.25 bits). The extended guard period is to allow for the maximum travel time since, at the time when a random access is made, there is no frame advance information available to stop bursts overlapping at the Base Station System (BSS). Annex 1 gives a list of the various bursts and their make up.

13.3 Mapping of Logical to Physical Channels85
It follows that the Physical Channels are used to support the Logical Channels, and this is done by allocating a timeslot, and number, on which the Logical Channel data should be transmitted. However, there are some extensions to this. For instance, there is one frequency reserved in each cell which is defined as the Broadcast Channel Frequency, and is the RF channel on which the Broadcast Control CHannel (BCCH) data is transmitted. On this RF channel, timeslot T0 is always used for the BCCH. However, the BCCH may not need to transmit on all the consecutive frames in the Hyperframe. The frames not used for the BCCH can be used for other channels, and so several different control channels can be mapped onto one physical channel. In the cases where no data is available to be sent on the BCCH, and no other control channel utilises this free frame, a dummy burst is inserted. This burst has been specifically defined to ensure that a transmission occurs in every frame, thus enabling any Mobile Station listening in to monitor the RF characteristics of the channel. Several other combinations have been defined which involve a mixture of Traffic Page 102 Copyright ©1991, Michael Clayton

then only half the data is lost and there is a good chance that the entire packet can be rebuilt using what is left. FACCHs. However if that same packet is cut in half. however.GSM . and sent off. 13.3. In that case. FACCH data is inserted. The FACCH.3. and diverts it to the appropriate function for action. 13. Later. with an indication of what has happened.1 Frame Interleaving The mapping of Traffic CHannel data to the content of a burst is also worthy of note. the data stream is cut up into packets to fit the burst. In this case a frame of normal data is östolenì from the associated channel. At the receiving end the Base Station System (BSS) identifies that a frame has been stolen. though generally these are restricted to combinations of TCHs. and so it cannot wait for the thirteenth frame. Data frames ÄÂÄÄÄÄÂÄÄÄÄÂÄÄÄÄÂÄÄÄÄÂÄÄÄÄÂÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÂÄ ³ AA ³ BB ³ XX ³ YY ³ CC ³ DD ³ ÄÁÄÄÄÄÁÄÄÄÄÁÄÄÄÄÁÄÄÄÄÁÄÄÄÄÁÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄ / \ / \ Ä Ä ÚÄÂÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÂÄ¿ Ä ÚÄÂÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÂÄ¿Ä Ä ³ ³ BB ³ XX ³ ³ ³ ³ YY ³ CC ³ ³ Ä Ä ÀÄÁÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÁÄÙ Ä ÀÄÁÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÁÄÙÄ Ä Transmission bursts Figure 53: Frame Interleaving54 This process is called interleaving. if the burst is lost.2 Frame Stealing There are two control channels which are always associated with a dedicated logical channel resource. These are the Slow Associated Control CHannel (SACCH) and the Fast Associated Control CHannel (FACCH). Michael Clayton Page 103 . The SACCH is incorporated into the logical channel (TCH or SDCCH) by utilising every thirteenth frame. half of the burst will be filled with one call and the other half filled with a different call enabling a doubling of capacity.Global System for Mobile Communications CHannels and control channels (given in Annex 1). This method is used to report signal strengths around the Mobile Station or for gradually changing the power levels transmitted by the Mobile Station. when half rate coding is used. In this case. then half could be sent in one burst and half in the next burst. is used for handovers amongst other things. and SACCHs. Copyright ©1991. it is expected that interleaving will not be appropriate. By doing this. it is possible to fill the available space in the burst with the data of one packet. In a full rate channel.

some subscribers will get a good RF channel and some will get a bad one. 13. being digital. Indeed. with each measurement in time converted to a digital value of the amplitude. the analogue data is sampled at a very high speed. Alternatively. The crux of this method is the speed of sampling. The function is managed by the BSS which defines the RF channels and sequence for hopping. As the name might suggest. Whatever the cause. the BCCH RF channel. where the reflections of one transmission. the interference on any one channel is reduced to manageable proportions.4 Frequency Hopping86 In an ideal world there is always a line-of-sight between the transmitter and the receiver. then a great deal of information would be lost. this is not an ideal world. The interference could be as a result of multi-path propagation. and applies this structure purely on a cell by cell basis. If a sample of voice was taken every 2 seconds. However. so it must be easily found.Global System for Mobile Communications 13. GSM can absorb much more interference before degradation of call quality is noticed. Michael Clayton Page 104 . where something gets in the way of the signal. By sharing out the interference between a number of RF channels. and so all manner of things cause interference.5 Speech Coder87 The coder used in GSM is quite special. This is the timeslot used by the BCCH and does not move since this is the channel that transmits frequency hopping details. and to give all subscribers a good service by sharing the bad patches. In normal conversion from analogue to digital data. interact to cancel out the signal. amongst other things. it could be as a result of shadow fading. delayed by different path lengths. certain frequencies and/or RF channels could be subjected to worse interference than others. Frequency hopping was therefore introduced to average out the vagaries of RF. This limitation is applied by reducing the hopping options in the sequence on timeslot T0 by one. but only up to a limit.GSM . some subscribers on a good channel may drive behind a bus at a junction and experience interference while waiting for the lights to change. These measurements are sent to the destination and reassembled in the same order to reform the analogue data again. For example the sentence öI went down to the shops todayì. might come out as Copyright ©1991. It should be noted here that. Over a range of RF channels in one cell. the procedure involves hopping from one RF channel to the next while still keeping the same timeslot. The only restriction applied to frequency hopping is that timeslot T0 on the BCCH RF channel must not hop.

In doing this.. In this way..GSM . regular pulses).. whereupon the difference between the digital transmission and the analogue transmission would not be noticeable.sho... The advantage with this voice coder is that the amount of information sent is hugely reduced..en.t..e. after the way in which the filter settings are derived. the sound could be sampled at 64. if the drain of a shower is too small. so does the amount of information that needs to be sent and the data rate increases. the name of this coder is a Regular Pulse Excited . whereas the analogue signal does. This vocoder is specialised to code Copyright ©1991... Now. This noise from the vocal chords is caused by a vibration which is similar to a series of fast pulses.ayì. This is done in GSM using a specially designed voice coder. the wider the channel width needed to send it. This process is called Long Term Prediction.5.Global System for Mobile Communications öI. Michael Clayton Page 105 ..the. Using an analogy with a pipe.Long Term Prediction (RPE-LTP) coder. often called a vocoder. To transfer the speech. However. As the sample speed is increased more information is sent and the reassembled sound gets closer to the original.wn. however. The clarity is due to the digital signal not picking up noise in transmission. the values set on each filter vary in line with the speech. What the encoder does is to pass the speech through a series of electronic filters which try to gradually remove the voice tract leaving some minimal residual GSM Vocoder Speech is created by a vibration in the vocal chords making a noise.odaì. then the water would not run out quickly enough to stop the shower cubicle from overflowing. if too much is required the limited radio spectrum is used up too quickly.000 times a second. with some indication of the type of vocal chord excitation including the residual information. except that the digital sound would be crystal clear. which is then manipulated by the vocal tract. To increase this to realistic figures.wen. One of the charactersitics of the radio transmission of digital data is that the higher the data rate.. there is also a penalty to be paid. if samples were taken at two times per second it might come out as öI. What comes out is the same speech that went in. the actual voice information is stripped off. to try and match it exactly.. GSM needed a way to keep the data rate down. being limited to some filter settings and a bit of residual information.. If the size of pipe (bore diameter) is increased then more water is allowed to flow. 13.own. At the end of this process all that should be left is the hum of the original vocal chord excitation. As the sample rate increases. The equivalent bore diameter in radio is the channel width required and. The settings are applied to an exact copy of the filters at the far end and the system is excited as if by vocal chords (i.o. Consequently. but keep the quality of speech high.. the settings on the filters are sent to the destination.

perhaps where one party is giving a long and detailed explanation. Whenever there is a pause in speech. There is one problem that arises from DTX. With Discontinuous Transmission the transmitter is switched off during these silences which helps to preserve the battery. Page 106 Copyright ©1991. What this means is that anything other than voice may not be correctly encoded. and it gives an evaluation of the background noise around the user of the Mobile Station. or not. humans cannot match the preciseness of tones. the next few frames are still sent with the flag at 1 indicating speech.1 Comfort Noise When the VAD detects silence. this is indicated by changing the flag from 1 to 0. To do this. In effect. When the flag is set to 0 then that frame does not contain speech and it is not transmitted. Michael Clayton . This scenario has been solved in GSM by using comfort noise. the overall amount of RF transmissions is reduced so less interference is caused on the air interface. It is for this reason that tones in GSM are sent as signals (e.g. This remains the case until speech is detected or an updated SID is passed for transmission.6 Discontinuous Transmission88 Another clever trick utilised in GSM is Discontinuous Transmission (DTX). thereafter not transmitting anything. the far end party geta silence. while a special frame is made up. This is quite disconcerting especially when the non-talker is in a noisy environment.Global System for Mobile Communications just voice. no useful speech is transmitted from the other. and errors will occur. Frames are marked as containing speech. silent party. which identifies whether speech data is present on a frame by frame basis. What generally happens in cases like this is that the far end party thinks that the call has dropped and hangs up. At the receiving end. since the transmitter is power hungry. when transmission stops. When the flag is set to the value 1. If the voice tract of a human cannot make the sound.6. because there are no signals being transmitted unnecessarily. Also. The transmitter function analyses the flag and sends the first frame which is set to 0. to be generated synthetically at the far end. and consequently these get distorted if sent through a vocoder. 13. since every time the transmission stops the background noise stops and it goes quiet. start tone. then that frame contains speech and is transmitted. It was included to help preserve battery life in the Mobile Station and to reduce overall interference on the air. Instead of doing this immediately. This frame is called the Silence Descriptor frame (SID). the feature uses a Voice Activity Detector (VAD) included in the Mobile Station. it is passed to the radio transmitter function with the flag set to 0. then the vocoder will not be able to match the sound. hence the term Vocoder. by a flag. Once this has been prepared.GSM . 13. however. stop tone).

the flag is also analysed and. Copyright ©1991. using information in the now identified SID frame.GSM . If the flag is a 0 the frame is separated and used to generate comfort noise.Global System for Mobile Communications At the receiving end. if it is a 1. Michael Clayton Page 107 . This is inserted into the speech path instead of pure silence. the frame is sent straight to the speech decoder. thus making the far end party think that the Mobile Station is still transmitting as normal.

for the purpose of making calls. The next ten digits correspond to the Mobile Subscriber Identification Number (MSIN). location area identifier). Page 108 Copyright ©1991.g. Some of this is permanent data which is only changed by administrative means (e. This ranges from identification of the subscriber. The way this is done is by breaking down the digits that makeup the IMSI into sections. As a sub-set of the IMSI. 14. locating the Mobile Station. This particular data is only that which is required for the subscriber to access the PLMN. routing calls. and it is only kept temporarily while the Mobile Station is under control of that VLR. Of all this subscriber data. and charging for them. The next one or two digits are the Mobile Network Code (MNC). handling calls. this data has been singled out for attention here. the National Mobile Subscriber Identity (NMSI). It also identifies the source of further information on that subscriber. The entire number is made up of numerical characters (0-9). authenticating the subscription. It uniquely identifies the subscription. Michael Clayton . by pointing unequivocally to the HLR. and is no longer than fifteen digits. Temporary Mobile Subscriber Identity (TMSI). anywhere in any of the GSM PLMNs in the world.GSM . The first three digits give the Mobile Country Code (MCC). and hence the subscriber. and Mobile Station ISDN Number (MSISDN). another identity has been defined. All of these point to the identity of the subscriber.1 IMSI90 The International Mobile Subscriber Identity is the most important. the most often used are the International Mobile Subscriber Identity (IMSI). which uniquely identifies the country of origin for this subscription.g. It should be noted that nearly every facet of subscriber information is stored in the Home Location Register (HLR). and other data is temporary and changes as a result of normal operation of the Public Lands Mobile Network (PLMN) (e. with only particular data kept locally at the Visitor Location Register (VLR). subscription level). which identify the PLMN for this subscription. This consists of the Mobile Network Code and the Mobile Subscriber Identification Number only. For this reason alone.Global System for Mobile Communications 14 MOBILE SUBSCRIBER DATA89 The term mobile subscriber data is used to cover all types of information associated with allowing the subscriber to use the service.

Michael Clayton Page 109 . there are some guidelines which should be adhered to.2 TMSI91 The Temporary Mobile Subscriber Identity (TMSI) has only local significance to an Mobile Services Switching Centre (MSC) and Visitor Location Register (VLR) combination. The number plan used by the Operator has to fit into a national and international scheme. 14. the Mobile Network Code is a matter for the national authority. This makes the issue of these numbers much more flexible. then the callers from the fixed network would not able to call into the PLMN. However.3 MSISDN92 The Mobile Station ISDN Number (MSISDN) is the telephone number used by callers wishing to contact the Mobile Station. as soon as the Mobile Station is successfully handed over to a new MSC/VLR combination. 14.GSM . They refer to the length of the TMSI. and consequently the structure is really up to the Operator and National Authority. and other parameters which avoid confusion. and the Mobile Subscriber Identification Number is left to the PLMN Operator. So. or else it is difficult for callers to and from that network to contact each other. and provide enough information for the PLMN to refer back to the MSC/VLR which assigned it. the new MSC/VLR issues a new TMSI and passes this to the HLR for storage in a location update. For instance. A TMSI can be allocated only after a successful authentication. the component parts can be issued by different bodies. However. The Mobile Country Code as defined within CCITT. and changed at any time while under the control of the same MSC/VLR combination. an international standard was devised which allows flexibility while ensuring Copyright ©1991. if the PLMN had a number plan with 30 digits. and the fixed network only allowed 10 to be sent.Global System for Mobile Communications IMSI not more than 15 digits ³<ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ>³ ÚÄÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ MCC ³ MNC ³ MSIN ³ ÀÄÄÄÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÁÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ NMSI ³<ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ>³ Figure 55: The Structure of the IMSI56 Because of the way the IMSI is constructed. The HLR then contacts the old MSC/VLR combination to ensure that the old TMSI reference is deleted.

Here the HLR cross references the facsimile MSISDN to the IMSI for that number and includes the type of incoming call. Because of this. Each time a person wants to send a facsimile to that subscriber. Indeed. and facsimile can be connected to the same line. and it is this IMSI which is thereafter used to identify the Mobile Station during that call.164) plan. It is for this reason that the idea of a multi-numbering scheme has been devised. When a call comes to the Mobile Station. it can be seen that more than one MSISDN can be applied to the same Mobile Station and IMSI. which does not contain information identifying the type of call.121) plan. this call type is passed to the Mobile Station on call set-up. Page 110 Copyright ©1991. Using these plans as subsets. Hence a facsimile call could be offered to a Mobile Station which has no capability of receiving it.163/E. More is said about this in the section on Types of Numbers. but all pointing to the same IMSI. for it to accept or reject as appropriate. or private companies can devise their own. telephone. Using this feature. a Data (X. 14. In fact. for instance. one for fax. This gives rise to Single and Multinumbering PLMNs. Quite often a call will be made to the PLMN from the Public Switched Telephone Network. The multi-numbering scheme is the safety net until ISDN becomes widespread. GSM is based on ISDN. This does not stop a call to the telephony number from still being identified as a facsimile call. Michael Clayton . several plans have been devised for different applications. the MSISDN is passed to the HLR which then cross-refers it to an International Mobile Subscriber Identity (IMSI). an ISDN/telephony (E. When the subscriber pays for an additional Bearer/Teleservice. and so the same feature is available. and the calls can be directed to the correct machine as they come in. Once identified. and a Telex (F. In GSM. one for data etc. There is.GSM .Global System for Mobile Communications a standard approach.69) plan.1 Single and Multi-Numbering Plans One of the most versatile features of Integrated Services Digital Networks (ISDN) is that the type of call coming into a terminal is identified in the call set-up. countries can build national numbering plans. the particular number plan used when dialling can be changed and this is identified using a Number Plan Identifier (NPI). but a problem occurs in identifying the type of call made. they ring the facsimile number which is passed to the HLR.3. another number is allocated giving one number for telephony. this is how PLMNs which use single numbering schemes have been designed to work.

there is a great deal of work to do be done to complete the task and realise the full potential of GSM. and almost all are much less complex than GSM. but methodically. Co-operation between Governments. but it should not stop there. It is now up to the rest of the world to get involved. and it was achieved by uncompromising co-operation. Operators. some frustrating. some of which are amusing. What is unusual in GSM though. This was granted in March 1991. The European Telecommunications Standards Institute (ETSI) have shown that they are willing to allow other countries around the world to take part by introducing associate1 membership. this should not be seen as in any way unusual. logically yet speedily.Global System for Mobile Communications 15 OPENING OF GSM SERVICE AND ANOMALIES93 In June 1991. is the speed with which the standards have been put together. It is a tribute to European harmony. Michael Clayton Page 111 . Manufacturers and a great many experts brought in to solve specific problems. 1 Australia is first nation to gain status as associate members of ETSI via the Australian CCITT Committee (ACC). Copyright ©1991. It was not hastily done. Government Authorities. However.GSM . There are many issues to sort out regarding the interaction of Supplementary Services. all new networks suffer from this. It is doubtful that this occurred without some problems. Still. GSM service opened in several countries in Europe. and it will take time to sort out some of the GSM service anomalies.

GSM . it is important that. that standards work was boring though it did have a silver lining in the form of the foreign travel required. Page 112 Copyright ©1991. it is no longer boring. is a good example of the way to achieve this.g. GSM3..)! I would like to thank all the people of ETSI-GSM for all they taught me. In the documents from GSM1 the third person pronoun used is always the feminine (e. not just about the system.g. to my mind. .. and are considering a career in standards. but also about how people can work together to achieve something.when the subscriber is informed. The world must have standards. GSM. It involves a great deal of foreign travel. The people I had the pleasure of working with showed a very high degree of professionalism. helping to define the standards for this next generation of cellular system.when the subscriber is informed.. she must... he must.... Michael Clayton . not to be left out. I must say here that the lecturer is no longer correct in that analysis. there is an unwritten convention used in GSM recommendations.). decided to settle on the impersonal pronoun (e. ensured that in their documents that the masculine third personal pronoun was used (e.g. As an indication of the underlying humour. In case any students read this. . I was once told during my degree..). the lecturer was right about one thing. but at the same time displayed a human face. in retaliation.. .. GSM4...when the subscriber is informed..Global System for Mobile Communications 16 CONCLUSION94 The basis for much of the content of this report is the time I spent in the ETSI GSM committees.. and they must be completed quickly. and a sense of humour.

8 kbit/s user data (TCH/H4.4 kbit/s user data (v) Full rate traffic channel for µ 2.8). (ii) Full rate traffic channel for 4.8 kbits/s.4 kbit/s. It is purely used for the Short Message Service (SMS) and is listed here as a broadcast type channel.8).6). Half rate traffic channel for speech (TCH/HS). (iv) Half rate traffic channel for µ 2. (TCH/F2. (ii) Half rate traffic channel (TCH/H).4).GSM . This channel carries information at a gross rate of 22. Michael Clayton Page 113 .6 kbit/s user data (TCH/F9.4 kbit/s user data (TCH/H2. Copyright ©1991.Global System for Mobile Communications ANNEX 1 RF CHANNEL DATA Traffic channels (TCH's) (i) Full rate traffic channel (TCH/F).4) Control Channels Broadcast Type Channels Frequency correction channel (FCCH) Synchronisation channel (SCH) Broadcast control channel (BCCH) Cell Broadcast Channel (CBCH) Note that CBCH is not normally referred to as part of the BCCH channels. Traffic channels defined to carry user data: (i) Full rate traffic channel for 9. This channel carries information at a gross rate of 11.8 kbit/s user data (TCH/F4. Traffic channels defined to carry encoded speech: (i) (ii) Full rate traffic channel for speech (TCH/FS). (iii) Half rate traffic channel for 4.

Page 114 Copyright ©1991. control channel (SACCH/C4) Timing and Frame Numbering Timeslot duration: TDMA frame: · · · 3/5200 seconds (577 ms). TCH/F associated. TCH/H associated. TCH/F associated. Random Access CHannel (RACH): Uplink only. Michael Clayton .62 ms in duration. control channel (SACCH/TH) Fast. control channel (FACCH/F) Slow. TCH/H associated. TDMA frames are numbered by a frame number (FN). SDCCH/8 associated. Access Grant CHannel (AGCH): Downlink only. combined with CCCH (SDCCH/4) Slow. used to request allocation of a SDCCH. control channel (FACCH/H) Stand alone dedicated control channel (SDCCH/8) Slow. used to page mobiles. ~4. control channel (SACCH/C8) Stand alone dedicated control channel. control channel (SACCH/TF) Fast.Global System for Mobile Communications Common Control Type Channels Collectively known as Common Control CHannels (CCCH) when combined as a common control channel: Paging CHannel (PCH): Downlink only. Eight timeslots form a TDMA frame Timeslots in a TDMA frame are numbered from 0 to 7 and a particular timeslot shall be referenced by its timeslot number (TN). SDCCH/4 associated.GSM . - Dedicated control channels Slow. used to allocate a SDCCH or directly a TCH.

Lowest numbered bit transmitted first. Numbering from 0 to 156. Frequency Correction Burst Tail Bits Fixed Bits Tail Bits Guard Bits Synchronisation Burst Tail Bits Encrypted Bits Training Sequence Encrypted Bits Tail Bits Guard Bits 3 39 64 39 3 8.Global System for Mobile Communications Hyperframe Superframe Multiframe Control channel multiframe consists of 51 TDMA frames Traffic channel multiframe consists of 26 TDMA frames 26 control channel multiframes.25 Copyright ©1991.GSM . 1326 TDMA frames The frame number shall be cyclic and shall have a range of 0 to FN_MAX called Hyperframe. FN_MAX = (26 x 51 x 2048) -1 = 2715647 Frame number is incremented at the end of each TDMA frame. Michael Clayton Page 115 .25 3 142 3 8. with last 1/4 bit numbered with bit 156. 51 traffic channel multiframes.25 Bits. Consists of 2048 superframes RF Transmission Bursts Timeslot is divided into 156.

25 3 58 26 58 3 8.25 3 58 26 58 3 8.Global System for Mobile Communications Dummy Burst Tail Bits Mixed Bits Training Sequence Mixed Bits Tail Bits Guard Bits Normal Burst Tail Bits Encrypted Bits Training Sequence Encrypted Bits Tail Bits Guard Bits Access Burst Tail Bits Synch.GSM . Sequence Bits Encrypted Bits Tail Bits Guard Bits 8 41 36 3 68.25 Allowed Channel Combinations The following are the permitted ways in which channels can be combined onto basic physical channels (numbers appearing in parenthesis after channel designations indicate sub-channel numbers): Page 116 Copyright ©1991. Michael Clayton .

. Michael Clayton Page 117 .3) BCCH + CCCH SDCCH/8(0 .1) TCH/H(0) + FACCH/H(0) + SACCH/TH(0) + TCH/H(1) FCCH + SCH + BCCH + CCCH FCCH + SCH + BCCH + CCCH + SDCCH/4(0.1) + FACCH/H(0...7) + SACCH/C8(0 .3) + SACCH/C4(0..Global System for Mobile Communications TCH/F + FACCH/F + SACCH/TF TCH/H(0.. 7) Note: CCCH = PCH + RACH + AGCH Copyright ©1991..1) + SACCH/TH(0.GSM .

Marketing Planning presentation of coverage information identification of selling features commissioning of market surveys co-ordination of awareness campaigns GSM name and logo Procurement. European Roaming mobile numbering plans routing of mobile terminated calls and signalling messages technical implications of tariff principles on international interworking establishment of international signalling links interworking between PLMNs. MoU-CONIG Conformance of Network Interfaces lists and definitions of tests for conformance of interfaces harmonisation of test activities. MoU-TAP Type Approval Administrative Procedures Page 118 Copyright ©1991. Michael Clayton . Billing and Accounting Rapporteur Group administration of subscribers billing harmonisation credit control fraud prevention accounting operation statistics definition of billing software harmonisation.GSM .Global System for Mobile Communications ANNEX 2 GSM COMMITTEE SUB-GROUPS Memorandum of Understanding (MoU) Sub-Groups MoU-BARG MoU-MP MoU MoU-EREG Intellectual Property Rights harmonisation of precurement policy lists of recommendations and version numbers used in contracts.

Security Group administration of non-disclosure undertakings for GSM Algorithms maintenance of algorithms and test sequences monitoring adequacy of system security and proposing of enhancements if required. MoU-RIC - Copyright ©1991. MoU-SERG MoU-SG Services Expert Rapporteur Group maintenance of GSM recommendations transferred to GSM-MoU control allocation and review of implementation dates for GSM services review of compatibility of services in the roaming situation definition of principles of customer relations and education.Global System for Mobile Communications harmonisation of procedures regarding Type Approval review of existing or emerging directives identification of possible difficulties with directives control and issue of IMEIs.GSM . MoU-TADIG Transfer Account Data Interchange detailed specification of file interchange mechanism between billing entities specification of billing data format specification of standard sets of protocols for billing data interchange. Radio Interface Co-ordination Co-ordination of technical aspects of type approval including interpretation of GSM recommendations resolution of technical problems with type approval organisation of compatibility of testing mobile equipment to ensure adequacy of type approval review of GSM validation results and effects on implementation plans review of system simulator activities. Michael Clayton Page 119 .

1 kHz ex PLMN All data circuit synch All data circuit async All data packet synch All PAD access 12 kbit/s unrestricted digital 20 21 22 23 24 25 26 27 29 Teleservice Below is a list of the Teleservices within the GSM PLMN.GSM .Global System for Mobile Communications ANNEX 3 GSM SERVICES Bearer Services Below is a list of groups of the principle Bearer Services.02. Michael Clayton . it is not intended as a comprehensive list.03. These are used to identify the Bearer service when used in conjunction with Supplementary Services. but an indication which includes the Service Code for use in conjunction with Supplementary Services. A comprehensive list is available in the ETSI-GSM recommendation 02. Once again. Service Code All teleservices Telephony All data teleservices Facsimile services Videotex Teletex Short Message Services All data teleservices except SMS All teleservices except SMS 10 11 12 13 14 15 16 18 19 Page 120 Copyright ©1991. Service Code All bearer services All async services All synch services 3. A more comprehensive list may be found in the ESTI-GSM recommendation 02.

(02.S. (02. not completed.86) Advice of charge Additional Information Transfer S. this does not necessarily mean that a code will be assigned.81) Calling number identification presentation Calling number identification restriction Called number identification presentation Called number identification restriction Malicious call identification Call Offering S. The letter S gives some indication of which services have a reasonably stable Phase 1 description. (02. Service Code Number Identification S. (02. in which case they are marked as NC. the service code is not applicable.85) Closed user group Charging S. (02.S.87) User-to-user signalling Copyright ©1991.Global System for Mobile Communications Supplementary Services The list of Supplementary Services is given below with the GSM service code. the letter F denotes those frozen Phase 1 services. in which case they are marked as NA. In the latter case.S. Finally.S. Michael Clayton NA S NA S NA S NA S NC 21 F 67 F 61 F 62 F NC NC 43 S NA S NC NC NC NA S NC Page 121 . Subsequent changes could be made as a result of implementation considerations. For some Supplementary Services. In other cases. (02.GSM . (02.S.83) Call waiting Call hold Completion of calls to busy subscribers Multi Party S. the Supplementary Service is not well defined as yet.S.84) Multi-Party Service Community of Interest S.S.82) Call forwarding unconditional Call forwarding on mobile subscriber busy Call forwarding on no reply Call forwarding on mobile subscriber not reachable Call transfer Mobile Access Hunting Call Completion S.

88) Barring of all outgoing calls Barring of outgoing international calls Barring of outgoing international calls except those directed to the home PLMN Barring of all incoming calls Barring of incoming calls when outside home PLMN 33 F 331 F 332 F 35 F 351 F Page 122 Copyright ©1991. (02.GSM . Michael Clayton .Global System for Mobile Communications Call Restriction S.S.

Global System for Mobile Communications ANNEX 4 STRUCTURE OF STANDARDS Copyright ©1991.GSM . Michael Clayton Page 123 .

GSM .Global System for Mobile Communications GLOSSARY OF TERMS AB ACC AGCH AMPS AoC AUC BAOC BAIC BCC BCCH BIC-Roam BN BOIC BOIC-exHC BSC BSIC BSS BTS CA CAI CB CBCH CCBS CCCH CCITT CEPT CFB CFNRc CFNRy CFU CLIP CLIR COLP Access Burst Australian CCITT Committee Access Grant Channel Advanced Mobile Phone Service (USA analogue cellular system) Advice of Charge AUthentication Centre Barring of All Outgoing Calls Barring of All Incoming Calls Outside the Home PLMN Country Base Transceiver Station Colour Code Broadcast Control CHannel Barring of Incoming Calls when Roaming Bit Number Barring of Outgoing International Calls Barring of Outgoing International Calls except those directed to the Home PLMN Country Base Station Controller Base Transceiver Station Identity Code Base Station System Base Transceiver Station Cell Allocation Common Air Interface Cell Broadcast Cell Broadcast Channel Completion of Call to Busy Subscriber Common Control CHannel Comité Consultatif International Télégraphique et Téléphonique Conférence Européanne de Administration des Poste et Télécommunications Call Forwarding on mobile subscriber Busy Call Forwarding on mobile subscriber Not Reachable Call Forwarding on No Reply Call Forwarding Unconditional Calling Line Identification Presentation Calling Line Identification Restriction Connected Line Identification Presentation Copyright ©1991. Michael Clayton Page 124 .

Global System for Mobile Communications COLR CSPDN CT CT1 CT2 CT3 CUG CW DAMPS DECT DCCH DCS 1800 DTX ETACS ETSI FAC FACCH FACCH/F FACCH/H FN FB FCCH GSM-AD GMSC HPLMN HLR HOLD HSN IMEI IMSI ISDN IWF Kc Ki LAI LMSI Connected Line Identification Restriction Circuit Switched Public Data Network Call Transfer Cordless Telephony 1 (First generation) Cordless Telephony 2 (Second generation) Proprietary cordless technology designed Ericsson Closed User Group Call Waiting Digital Advanced Mobile Phone Service (AMPS) Digital European Cordless Telephone Dedicated Control CHannel Digital Cellular System at 1800 MHz Discontinuous Transmission Extended TACS European Telecommunications Standards Institute Final Assembly Code (used in IMEI) Fast Associated Control Channel FACCH Full rate channel FACCH Half rate channel Frame Number Frequency Correction Burst Frequency Correction Channel GSM Applications Directory (on SIM) Gateway Mobile Services Switching Centre Home PLMN Home Location Register Call Hold Hopping Sequence Number International Mobile station Equipment Identity International Mobile Subscriber Identity Integrated Services Digital Network InterWorking Function cipher key authentication key Location Area Identity Local Mobile Subscriber Identity by Copyright ©1991. Michael Clayton Page 125 .GSM .

Michael Clayton Page 126 .GSM .Global System for Mobile Communications MA MAH MAI MAIO MCC MCI ME MMI MNC MO MoU MPty MS MSC MSIN MSISDN MSRN MT MP/PP NB NETZ-C NPI NMSI OACSU OSI PACTS PABx PAD PCH PCN PLMN PSPDN PSTN PT12 PUK RACH RAND RPE-LTP RF RFCH Mobile Allocation Mobile Access Hunting Mobile Allocation Index Mobile Allocation Index Offset Mobile Country Code Malicious Call Identification Mobile Equipment Man-Machine Interface Mobile Network Code Mobile Originated Memorandum of Understanding (for GSM) Multi-Party (conference call) Mobile Station Mobile Services Switching Centre Mobile Subscriber Identity Number Mobile Station ISDN Number Mobile Station Roaming Number Mobile Terminated Mobile Terminated/Point-to-Point Normal Burst German analogue cellular network Number Plan Identity National Mobile Subscriber Identity Number Off-Air Call Set-Up (international) Open Systems Interconnection Public Access Cordless Telephone Service Private Automatic Branch Exchange Packet Assembler-Disassembler Paging Channel Personal Communications Network Public Lands Mobile Network Pack Switched Public Data Network Public Switched Telephone Network Project Team 12 (ETSI co-ordinating team for GSM) PIN Unblocking Key Random Access Channel RANDom number (used for authentication) Regular Pulse Excited-Long Term Prediction (GSM voice encoder) Radio Frequency Radio Frequency Channel Copyright ©1991.

8 TDMA TMSI TN TSC UK UUS VAD VLR Index Reduced Frame Number Slow Associated Control Channel Synchronisation Burst Synchronisation CHannel Stand-alone Dedicated Control Channel SDCCH for Traffic channel Full rate SDCCH for Traffic channel Half rate Sub-channel Number Synchronisation Channel SIlence Descriptor frame Subscriber Identity Module Subscriber Identity Module Expert Group Short Message Service Short Message Service Cell Broadcast Serial Number (used in IMEI) SPare digit (used in IMEI) Signed RESponse (used in authentication) Type Approval Code Total Access Communications System analogue cellular) Telecom-Applications Directory Traffic Channel Traffic Channel/Full rate Traffic Channel/Full rate for Speech Traffic Channel/Full rate for Data 9. Michael Clayton Page 127 .Global System for Mobile Communications RFN SACCH SB SCH SDCCH SDCCH/TF SDCCH/TH SCN SCH SID SIM SIMEG SMS SMSCB SNR SP SRES TAC TACS Tel-AD TCH TCH/F TCH/FS TCH/F9.GSM .6 TCH/H TCH/HS TCH/H4.6Kb/s Traffic Channel/Half rate Traffic Channel/Half rate for Speech Traffic Channel/Half rate for Data 4.8Kb/s Time Division Multiple Access Temporary Mobile Station Identity Timeslot Number Training Sequence Code United Kingdom User-to-User Signalling Voice Activity Detector Visitor Location Register Cellular Radio Concept (UK Index 3 Copyright ©1991.

................................5 IMSI Detach procedure...........................................................3 ETSI-GSM............... 10 102...4 International Roaming.......22 108.... 39 120.....1 Base Station System (BSS)......25 5 GSM MOBILITY MANAGEMENT FUNCTIONS 26 111................ 12 103.7 Abnormal Cases..................................19 106...................................................................................................................... 37 119............................ 46 -1- ..........................................................................7 Mobile Station..............................................................................................................................................................3 Visitor Location Register (VLR).....................1 First Registration.. 21 107................................................................................................................................4 Home Location Register (HLR)............................................................................2 Incoming Calls............ 35 117.......................... 42 121....................................... 27 113................................................................................................................Global System for Mobile Communications Table of Contents 1 95.....................................1 Outgoing Calls...................................... 30 114.................................................2 Mobile Services Switching Centre (MSC).2 GSM Standardisation.....5 Call Clearing..............26 112... 17 105.................................................................................................3 International Rivals to GSM...............................4 Inter-cell Handover..................................................................... 36 6 GSM CALL HANDLING 37 118..............................................................................................................................................1 The Cellular Radio Concept........4 The GSM Memorandum of Understanding..................................................... 1 2 GSM STRUCTURE 3 97.............................23 109.............................. 4 99...................................................................................................................................... 35 116................................. 24 110.... 7 3 OTHER TECHNOLOGIES 10 101....6 IMSI Attach Procedure...................................................................................2 GSM and Personal Communications Networks (PCN).......2 First Location Updating............3 Emergency Calls....2 INTRODUCTION 1 Disclaimer...............................1 GSM and Cordless Telephony.............................................................................................................................................................6 Addressing..... 43 122..................................3 Normal Location Updating..3 98......................................................................... 6 100....................... 15 Schlumberger Private 4 GSM COMPONENTS 17 104............................................................................33 115..................................................................................................5 GSM Configuration..................Contents List GSM ............ 1 Conventions Used.......................1 96.

........................................ 70 137............................................................................................................................................................7 Distribution................................2 Types of Teleservices...............................................................64 135.80 141........................... 50 126.................................... 89 13 RADIO FREQUENCY LAYER IN GSM 90 151.......................................................................................................................GSM ..6 International Mobile Identity Number (IMEI).....2 Call Barring.............4 Using Supplementary Services.......................................................................................2 Access Attributes..................................................1 Logical Channels..................55 131.2 Internal Electronics..........................1 Description............................................................................................................................................................................................. 97 Schlumberger Private -2- ..........................5 R and S Interfaces..........1 Teleservice Attributes........................................................... 74 139.....90 152...............................4 Mobile Station Class Mark.........3 Mapping of Logical to Physical Channels................ 56 9 SUPPLEMENTARY SERVICES 59 132.......87 148.................................82 12 SUBSCRIBER IDENTITY MODULE 84 144......1 Call Forwarding.....4 Lifecycle of SIMs..............................................................................51 127................................................... 89 150.3 Phase 2 Supplementary Services...................................................................................................................................... 82 143....... 95 154.....................3 Interworking Attributes..................................................................... 68 10 PLMN SECURITY 70 136....................................................4 Frequency Hopping...............5 Example of Bearer Service........................................ 52 128................ 92 153............................2 Man-Machine Interface..........................................................................................4 General Attributes........................3 SIM Content..............................Global System for Mobile Communications 123........................5 Speech Coder................................... 59 133........................................................................................................... 49 125...... 47 7 BEARER SERVICES 48 124.................... 84 145................................................................................................... 85 146........6 Start up procedure..2 Ciphering......1 Information Transfer Attributes...6 Contents List Roaming.....................52 8 TELESERVICES 54 129.......................97 155..............................................1 Mobile Equipment Features................................................................................................. 81 142......................................................................3 PLMN Selection............................. 54 130.........................................71 11 MOBILE EQUIPMENT 74 138..............3 Short Message Service..................................5 SIM Security..................................................................................................................................1 Authentication..........................62 134............................................76 140.........................................................................................................................................2 Physical Channels............................................................................................................................ 85 147.................................................................................................... 88 149.......

.Global System for Mobile Communications Discontinuous Transmission......................................................................................... 100 158........101 15 16 OPENING OF GSM SERVICE AND ANOMALIES CONCLUSION RF CHANNEL DATA GSM COMMITTEE SUB-GROUPS GSM SERVICES STRUCTURE OF STANDARDS 103 104 105 109 111 113 ANNEX 1 ANNEX 2 ANNEX 3 ANNEX 4 GLOSSARY OF TERMS 114 INDEX 118 Schlumberger Private -3- ..............................2 TMSI............... 99 14 MOBILE SUBSCRIBER DATA 100 157.......................................................6 GSM .........................1 IMSI...........................................................................................................3 MSISDN......................Contents List 156...................... 101 159......................................

............................................................73 Composition of the IMEI.......................................................................................4 European Participants in GSM....... 21 GSM Network Configuration.......................................... 24 Cipher Start Sequence..............101 Schlumberger Private .......................................................................Global System for Mobile Communications Table of Figures Figure 1: Figure 2: Figure 3: Figure 4: Figure 5: Figure 6: Figure 7: Figure 8: Figure 9: Figure 10: Figure 11: Figure 12: Figure 13: Figure 14: Figure 15: Figure 16: Figure 17: Figure 18: Figure 19: Figure 20: Figure 21: Figure 22: Figure 23: Figure 24: Figure 25: Figure 26: Figure 27: Figure 28: Frequency Re-use in GSM........................ 19 Gateway MSC Configuration......................................................................................................................................................................................54 Cipher Start Sequence...................83 Time Division Multiple Access............................40 Intra-MSC Handover........................................................................................................................................................................................................... 44 Inter-MSC Handover....................33 Location Update across International Borders...................................... 8 Base Station System Configuration.......................................................................................................... 93 ???................................... 32 Location Update between VLRs............................................................................................................................29 Location Update in One MSC Area................................................................................................................................................................. 47 Bearer Services................................................................................ 51 Relationship between Teleservices and Bearer Services. 92 Adaptive Frame Alignment................................ 51 Interworking Attributes......................................................................................49 Access Attributes..... 94 Frame Interleaving................................................................................31 Location Update between MSC Areas.... 34 Handling of Incoming Calls................................................................................................... 18 MSC Configuration........................................................................................................................................................ 48 Information Transfer Attributes...........................................................................................................................................................................................96 The Structure of the IMSI.................................................................. 5 The countries within Europe which are taking GSM......................Table of Figures GSM ...................................... 46 Subsequent Handover........................................

Sign up to vote on this title
UsefulNot useful