1.

INTRODUCTION
1.1 COMMUNICATION
Four elements of Communication are : Source Destination Media Message

When either source or destination or both are on move it is mobile communication.

1.2 MOBILE COMMUNICATION

There has been a revolution in telecommunication. It is growing rapidly and is a popular service. It has seen a 40 fold increase in the last 10 years. It is the back bone of business efficiency. It has changed the lifestyle of people all over the world.

1.2.1 OBJECTIVES OF MOBILE COMMUNICATION

Anytime anywhere. Mobility and Roaming. High capacity and subscriber density. Efficient use of radio spectrum. Seamless network architecture. Low cost. Flexibility. Innovative services. Standard interface.

1.3 WIRELESS GENERATIONS

1G : # Analog. # Only mobile voice service. 2G : #Digital. #Mostly for voice services and data delivery possible. 3G : #Voice and data. #Mainly for data services and voice services are also possible.

2. GSM ARCHITECTURE
The Global System for Mobile communications is a digital cellular communications system. It was developed in order to create a common European mobile telephone standard but it has been rapidly accepted worldwide. GSM was designed to be compatible with ISDN services.
The standardized GSM system had to meet certain criteria:

Spectrum efficiency International roaming Low mobile and base stations costs Good subjective voice quality Compatibility with other systems such as ISDN (Integrated Services Digital Network) Ability to support new services

2.1 GSM FREQUENCY RANGE

GSM 900 Receive (uplink) 890-915 MHz Transmit (downlink) 935-960 MHz 124 Absolute Radio Frequency Channels (ARFCN) Receive (uplink) 880-915 MHz Transmit (downlink) 925-960 MHz 175 Absolute Radio Frequency Channels (ARFCN) Receive (uplink) 1710-1785 MHz Transmit (downlink) 1805-1880 MHz 374 Absolute Radio Frequency Channels (ARFCN) Receive (uplink) 1850-1910 MHz Transmit (downlink) 1930-1990 MHz 299 Absolute Radio Frequency Channels (ARFCN)

EGSM 900

GSM 1800 (DCS1800)

PCS 1900

2.2. GSM NETWORK

A cell is identified by its Cell Global Identity number (CGI), corresponds to the radio coverage of a base transceiver station. A Location Area (LA), identified by its Location Area Identity (LAI) number, is a group of cells served by a single MSC/VLR. A group of location areas under the control of the same MSC/VLR defines the MSC/VLR area. A Public Land Mobile Network (PLMN) is the area served by one network operator.

2.2.1 GSM NETWORK ARCHITECTURE

A GSM network can be broadly divided into following sub systems: 1. Mobile Station 2. Radio Subsystem 3. Network and Switching Subsystem 4. Operation and Maintenance Center

2.2.1.1 THE MOBILE STATION

Mobile Station consists of:

Mobile Equipment Subscriber Identity Module (SIM)

The SIM is a smart card that identifies the mobile. Only by inserting it, the user can have access to all the subscribed services. The SIM card is protected by a four-digit
Personal Identification Number(PIN) in order to identify the subscriber to the system.

2.2.1.2 THE RADIO SUB-SYSTEM

The Radio Sub-system consists of : Base Station Subsystem(BSS) : The BSS connects the Mobile Station and the NSS. It is in charge of the transmission and reception. o Base Transceiver System(BTS) : The BTS corresponds to the transceivers and antennas used in each cell of the network. A BTS is usually placed in the center of a cell. Its transmitting power defines the size of a cell. o Base Station Controller(BSC) : The BSC controls a group of BTS and manages their radio resources. A BSC is principally in charge of handovers, frequency hopping, exchange functions and control of the radio frequency power levels of the BTSs. Transcoding and Rate Adaption Unit(TRAU)

2.2.1.3 THE NETWORK AND SWITCHING SUB-SYSTEM

It is responsible for performing call processing and subscriber related functions. Its main role is to manage the communications between the mobile users and other users, such as mobile users, ISDN users, fixed telephony users, etc. It also includes data bases needed in order to store information about the subscribers and to manage their mobility. The different components of the NSS are described below :

Mobile Switching Center(MSC) : It is the central component of the NSS. The MSC performs the switching functions of the network. It also provides connection to other networks. Gateway Mobile Switching Center(GMSC) : A gateway is a node interconnecting two networks. The GMSC is the interface between the mobile cellular network and the PSTN. It is in charge of routing calls from the fixed network towards a GSM user. The GMSC is often implemented in the same machines as the MSC

Home Location Register(HLR) : The HLR is considered as a very important database that stores information of the subscribers belonging to the covering area of a MSC. It also stores the current location of these subscribers and the services to which they have access. The location of the subscriber corresponds to the SS7 address of the Visitor Location Register (VLR) associated to the terminal.

Visitor Location Register(VLR) : The VLR contains information from a subscriber's HLR necessary in order to provide the subscribed services to visiting users. When a subscriber enters the covering area of a new MSC, the VLR associated to this MSC will request information about the new subscriber to its corresponding HLR. Authentication Center(AuC) : The AuC register is used for security purposes. It provides the parameters needed for authentication and encryption functions. Equipment Identity Register(EIR) : The EIR is also used for security purposes. It is a register containing information about the mobile equipments. The EIR allows then to forbid calls from stolen or unauthorized terminals.

2.2.1.4 OPERATIONS AND MAINTENANCE CENTER

The OSS is connected to the different components of the NSS and to the BSC, in order to control and monitor the GSM system. It is also in charge of controlling the traffic load of the BSS. However, the increasing number of base stations, due to the development of cellular radio networks, has provoked that some of the maintenance tasks are transferred to the BTS. This transfer decreases considerably the costs of the maintenance of the system.

2.3 CHANNEL CONCEPTS

2.3.1 PHYSICAL CHANNEL:-

The physical channel is the medium over which the information is carried. In TDMA, time is divided into discrete periods called timeslots and these timeslots represent physical channels. The timeslots are arranged in sequence and are conventionally numbered 0 to 7. Each repetition of this sequence is called a TDMA frame. 2.3.2 LOGICAL CHANNELS:Logical Channels are transmitted via Physical Channel onto which they are mapped. There are 12 types of logical channels in the GSM system. 2 are used for traffic, 9 for control signaling and 1 for message distributing.

2.3.3 TRAFFIC CHANNEL:There are 2 types of traffic channels:Full Rate Channel used for full rate speech at 13 kbps or data upto 14.4 kbps. Half Rate Channel used for half rate speech at 6.5 kbps or data upto 4.8 kbps. 2.3.4 CONTROL CHANNEL:There are 3 different groups of control channels with each group containing 3 different logical channels. BROADCAST CHANNELS (BCH): The BCCH is transmitted by the BTS at all times. The information carried on the BCCH is monitored by the MS periodically when it is switched on and not in a call. BCCH carries the following information: Location Area Identity (LAI). List of neighbouring cells which should be monitored by the MS. List of frequencies used in the cell. Power Control Indicator. The MS will monitor BCCH information from surrounding cells and store the information from the best six cells.

1. Frequency Correction Channel (FCCH) This is transmitted frequently on the BCCH timeslot and allows the mobile to synchronize its own frequency to that of the transmitting base site. 2. Synchronization Channel (SCH) The SCH carries the information to enable the MS to synchronize to the TDMA frame structure and know the timing of the individual timeslots.

COMMON CONTROL CHANNELS (CCCH): 1. Paging Channel (PCH) used on the DL to page the MS. 2. Random Access Channel (RACH) used by the mobile on the UL when it requires to gain access to the system. This occurs when the mobile initiates a call or responds to a page. 3. Access Grant Control Channel (AGCH) used by the BTS on the DL to assign a dedicated control channel to a mobile in response to an access message. The mobile will move to the dedicated channel in order to proceed with either a call setup, response to a paging message, Location Area Update or Short Message Service.

 DEDICATED CONTROL CHANNELS (DCCH) : 1) Standalone Dedicated Control Channel (SDCCH) used for system signalling during call set up or registration and the transmission of short text messages in the idle mode( both UL and DL). 2) Slow Associated Control Channel (SACCH) Measurement reports from the MS to the BTS are sent on the uplink through this channel. On the downlink the MS receives information from BTS what transmitting power to use and also instructions on Timing Advance. 3) Fast Associated Control Channel (FACCH) 20 ms of speech is replaced by a control message. FACCH is used to carry out user authentication, handovers and immediate assignment.

2.4 HANDOVERS
The user movements can produce the need to change the channel or cell, especially when the quality of the communication is decreasing. This procedure of changing the resources is called handover. Four different types of handovers can be distinguished:

Handover of channels in the same cell. Handover of cells controlled by the same BSC. Handover of cells belonging to the same MSC but controlled by different BSCs. Handover of cells controlled by different MSCs.

Handovers are mainly controlled by the MSC. However in order to avoid unnecessary signaling information, the first two types of handovers are managed by the concerned BSC (in this case, the MSC is only notified of the handover).

3. MOBILITY MANAGEMENT
The MM function is in charge of all the aspects related with the mobility of the user, specially the location management and the authentication and security.

3.1 NETWORK ATTACHMENT

Network attachment is the process of selecting an appropriate cell (radio frequency) by the mobile station to provide the available services, and making its location known to the network. The process starts when the mobile station is switched on, and ends when the mobile station enters the idle mode. In idle mode the mobile station does not have a traffic channel allocated to make or receive a call. But the Public Land Mobile Network (PLMN) is aware of the existence of the Mobile station within the chosen cell. The Network Attachment Process consists of the following tasks : i. Cell Identification : When a mobile station is switched on it attempts to make contact with the GSM PLMN by performing the following actions : Measure the BCCH channels Search for a suitable cell. PLMN Selection : A suitable PLMN is selected. Cell Selection : It is the process of selecting the appropriate cell(radio frequency) by the mobile station to provide the required services. Location Update : In order to initiate a call or receive a call, the mobile station tunes to the control channel(BCCH plus CCCH) of the chosen cell. Then it registers itself in this cell by means of a location updating procedure.

ii. iii.

iv.

Every radio transmitter in the PLMN broadcasts, via a control channel, a Location Area Identity (LAI) code to identify the location area that it serves. This LAI code is stored in the Subscriber Identity Module (SIM) of the mobile equipment. It has three components : Mobile Country Code(MCC) : A 3-digit code that uniquely identifies the country of domicile of the mobile subscriber. Mobile Network Code(MNC) : A 2-digit code that identifies the home GSM PLMN of the mobile subsctiber. Location Area Code(LAC) : It identifies a location within the PLMN.

3.2 LOCATING A MOBILE STATION

As an active Mobile Station (MS) moves around in the coverage area of a Public Land Mobile Network (PLMN), it reports its movements so that it can be located when required using the Location Update procedure When a MSC in the network needs to establish a call to an MS operating in its area the following happens: 1. A page message is broadcasted which contains the identifications code of the MS. Not every Base Station Controller (BSC) in the network is requested to transmit the page message. The broadcast is limited to a cluster of radio cells that together form a location area. 2. The last reported position of the MS identifies the location area to be used for the broadcast. 3. The MS monitors the page messages transmitted by the radio cell in which it is located and, on detecting its own identification code, responds by transmitting a page response message to the Base Transceiver Station (BTS). 4. Communication is then established between the MSC and the MS via the BTS that received the page response message.

3.3 TYPES OF IDENTIFICATION NUMBERS

During the performance of the location update procedure and the processing of a mobile call different types of numbers are used:
o

Mobile Station ISDN Number (MSISDN) : The real telephone number of a mobile station is the Mobile Subscriber ISDN Number.
MCC-3 digits NDC-3 digits SN-max 10 digits

*NDC-National Destination Code, SN-Subscriber Number.

o Mobile Subscriber Roaming Number (MSRN) : The MSRN is the number required by the gateway MSC to route an incoming call to a MS that is not currently under the gateways control. o International Mobile Subscriber Identity (IMSI) : When registering for service with a mobile network operator, each subscriber receives a unique identifier, the IMSI. This IMSI is stored in the SIM.
MCC-3 digits MNC-2 digits MSIN-max 10 digits

Temporary Mobile Subscriber Identity (TMSI) : The VLR being responsible for the current location of a subscriber can assign a Temporary Mobile Subscriber Identity (TMSI), which has only local significance, in the area handled by the VLR. It is used in place of IMSI for the definite identification and addressing of the MS.

o International Mobile Station Equipment Identity(IMEI) : It uniquely identifies mobile stations internationally. TAC-6 digits FAC-2 SNR-7 digits SP-1

*TAC-Type Approval Code, FAC-Final Assembly Code, SNR-Serial Number, SP-Spare Digit

3.4 LOCATION UPDATE PROCESS

The following table lists the location update process: Stage 1. Description Request for service; the MS detects that it has entered a new Location Area and requests to update its location. The new MSC/VLR identifies the MS. Authentication; the new MSC/VLR requests to the AUC for authentication parameters. Using these parameters the MS is authenticated. Ciphering; using the parameters that were made available earlier during the authentication the uplink and the downlink are ciphered. Update HLR/VLR; the new MSC/VLR requests to update the MS location in the HLR. The MS is de-registered in the old VLR. TMSI re-allocation; the MS is assigned a new TMSI.

2.

3.

4.

5.

3.5 REQUEST FOR SERVICE

The MS enters a new cell area, listens to the Location Area Identity (LAI) being transmitted on the broadcast channel (BCCH), and compares this LAI with the last LAI (stored in the SIM) representing the last area where the mobile was registered. o The MS detects that it has entered a new Location Area and transmits a Channel Request message over the Random Access Channel (RACH). o Once the BSS receives the Channel Request message, it allocates a Stand-alone Dedicated Control Channel (SDCCH) and forwards this channel assignment information to the MS over the Access Grant Channel (AGCH). It is over the SDCCH that the MS will communicate with the BSS and MSC. o The MS transmits a location update request message to the BSS over the SDCCH. Included in this message are the MS TMSI and the old LAI. The BSS forwards the location update request message to the MSC. o The VLR analyzes the LAI supplied in the message and determines that the TMSI received is associated with a different VLR (old VLR). In order to proceed with the registration, the IMSI of the MS must be determined. The new VLR derives the identity of the old VLR by using the received LAI, supplied in the location update request message. It also requests the old VLR to supply the IMSI for a particular TMSI.

3.6 AUTHENTICATION
Since the air interface is vulnerable to fraudulent access, it is necessary to determine if the IMSI received from the MS is from the SIM that was assigned this IMSI. To prevent access of unregistered users, authentication of subscribers is used. Authentication is built around the notion and Authentication Key (Ki) that resides in only two places: in an Authentication Center (AUC) and in the users SIM card. Since the authentication key, Ki, is (or should) never be transmitted, in is virtually impossible for un-authorized individuals to obtain this key to impersonate a given mobile subscriber. The three Authentication parameters are : RAND, which is completely random number SRES, which is an authentication signed response. It is generated by applying the authentication algorithm (A3) to RAND and Ki.

Kc, which is a cipher key. The Kc parameter is generated by applying the cipher key generation algorithm (A8) to RAND and Ki. These parameters (named an authentication triplet) are generated the AUC at the request of the HLR to which the subscriber belongs. The algorithms A3 and A8 are defined by the PLMN operator and are executed by the SIM.

3.6.1 STEPS IN AUTHENTICATION PHASE

MS BSS New MSC/ VLR OLD MSC/ VLR

HLR

(1) (2) (3)

Authentication response (SRES) Authentication Mobile station (RAND) SDCCH

Get authentication parameters (IMSI) Authentication parameters (SRES, Kc, RAND) Request for service

(4) SDCCH

1) The new VLR sends a request to the HLR/AUC (Authentication and Kc) requesting the authentication triplets (RAND, SRES, and Kc) available for the specified IMSI. 2) The AUC, using the IMSI, extracts the subscribers authentication key (Ki). The AUC then generates a random number (RAND), applies the Ki and RAND to both the authentication algorithm (A3) and the cipher key generation algorithm (A8) to produce an authentication Signed Response (SRES) and a Cipher Key (Kc). The AUC then returns to the new VLR an authentication triplet: RAND, SRES, and Kc. 3) The MSC/VLR keeps the two parameters Kc and SRES for later use and then sends a message to the MS. The MS reads its Ki from the SIM, applies the RAND and Ki to both A3 and A8 to produce SRES and Kc. The MS saves Kc for later, and will use Kc when it receives command to cipher the channel. 4) The MS returns the generated SRES to the MSC/VLR. The VLR compares the SRES returned from the MS with the expected SRES received earlier from the AUC. If equal, the mobile passes authentication. If unequal, all signalling activities will be aborted. In this scenario, well assume that authentication passes.

3.7 STEPS IN CIPHERING PHASE

Um MS BSS A New MSC/ VLR Old MSC/ VLR HLR

(1)

Uplink -radio channel (Kc)

(2)

Cipher - uplink - channel SDCCH Uplink - channel-Ciphered SDCCH BSS Cipher the downlink channel

(3)

(4)

Ciphering completed

Update HLR/VLR TMSI re-allocation

1) The new MSC/VLR requests the BSS to cipher the radio channel. Included in this message is the Cipher Key (Kc), which was made available earlier during the authentication. 2) The BSS retrieves the cipher key, Kc, from the message and then transmits a request to the MS requesting it to begin ciphering the uplink channel. 3) The MS uses the cipher key generated previously when it was confirmation over the ciphered channel to the BSS. 4) The BSS upon ciphering the downlink channel sends a cipher complete message to the MSC.

3.8 STEPS IN UPDATE HLR/VLR PHASE

At this point, we are ready to inform the HLR that the MS is under control of a new VLR and that the MS can be de-registered from the old VLR. The steps in the update HLR/VLR phase are:
Um MS BSS A

New MSC/ VLR

Old MSC/ VLR

HLR

(1)

Update location De-register Mobile Station Mobile Station De-registered

Authentication Ciphering

(2)

(3)

Location Updated

1) The new VLR sends a message to the HLR informing it that the given IMSI has changed locations an can be reached by routing all incoming calls to the VLR address included in the message 2) The HLR requests the old VLR to remove the subscriber record associated with the given IMSI. The request is acknowledge. 3) The HLR updates the new VLR with subscriber data (mobiles subscribers customer profile).

3.9 EQUIPMENT VALIDATION PHASE

The steps in equipment validation are as follows: 1. MSC request MS to send IMEI. 2. MS send IMEI. 3. MSC request EIR to Check IMEI. EIR check that IMEI is within valid range and valid equipment. 4. EIR returns the results to MSC if results are negative then MSC drop the call. If call continues, then MSC inform the N/W of the event.

3.10 STEPS IN TMSI RE-ALLOCATION PHASE

Um MS BSS A New MSC/ VLR Old MSC/ VLR

HLR

(1) (2)

Location Update Accept (TMSI) SDCCH Location Update Complete SDCCH Clear Signalling connection Clear Complete Release radio Signaling Channel SDCCH

(3)

(4)

1) The MSC forwards the location update accept message to the MS. This message includes the new TMSI. 2) The MS retrieves the new TMSI value from the message and updates its SIM with this new value. The mobile sends then an update complete message back to the MSC. 3) The MSC requests from the BSS that the signalling connection be released between the MSC and the MS. The MSC releases its portion of the signalling connection when it receives the clear complete message from the BSS. 4) The BSS sends a radio resource channel release message to the MS and then frees up the Stand-alone Dedicated Control Channel (SDCCH) that was allocated previously. The BSS then informs the MSC that the signalling connections have been cleared.

4. CALL PROCESSING
4.1 MOBILE TO LAND CALL SCENARIO
The following table lists the phases of a mobile-to-land call. Stage Description 1 Request for service, the MS request to setup a call. 2 Authentication; the MSC/ VLR request the AUC for authentication parameters. Using these parameters the MS is authenticated. 3 Ciphering: Using the parameters that were made available earlier during the authentication the uplink and the downlink are ciphered. 4 Equipment Validation: the MSC/VLR requests the EIR to check the IMEI for validity. 5 Call Setup; the MSC established a connection to the MS. 6 Handovers 7 Call release, the speech path is released. The figure shows the different steps in a Mobile-to-Call scenario:

4.2 LAND-TO-MOBILE CALL SCENARIO

The following table lists the phases of a mobile call
Stage Description 1 Routing Analysis: the MS terminated call is routed to the visited MSC using information from the HLR and VLR. 2 3 4 5 6 7 8 Paging : the MSC initiates a communication with the MS. Authentication: the MSC/VLR requests the AUC for authentication parameters. Using these parameters the MS is authenticated. Ciphering: using the parameters which were made available earlier during the authentication the uplink and the downlink are ciphered. Equipment Validation: the MSC/VLR requests the EIR to check the IMEI for validity. Call Setup: the MSC establishes a connection to the MS. Handover (s) Call release: The speech path is released.

The figure shows the different steps in a Land-to-Mobile scenario:

4.3 MOBILE-TO-MOBILE CALL SCENARIO

The Mobile-to-mobile call is established using the same phases as seen earlier. As shown on the opposite page, the mobile-to-mobile call phases can be subdivided in to two parts: The originating mobile part where the phases are the same as those of a mobile-toland call, except that the call setup phase is partially performed. This means that only the call setup with Mobile is done. The terminating mobile part consist of the same phases as the land-to-mobile call scenario except again that the call setup phase performs only call setup with mobile.

4.3.1 ORIGINATING MOBILE

The phases of an Originating mobile are: Request for service Authentication (Optional) Ciphering (optional) Equipment validation (optional) Call setup Release.

4.3.2 TERMINATING MOBILE

The phases of a Terminating mobile are: Routing analysis Paging Authentication (Optional) Ciphering (optional) Equipment validation (optional) Call setup Release.

4.4 MOBILE TO LAND CONNECTION STEPS

Assume that MS is registered with system and has been allocated TMSI. User enters the MSISDN and then presses the send Key 1. MS send a channel request on RACH. 2. BSS allocates a SDCCH on AGCH. MS now communicates on SDCCH with BSS & MSC till TCH is allocated. 3. MS send Service request to BSS on SDCCH. In this message are TMSI & LAI. 4. BSS send Service request to MSC. 5. MSC forward service request to VLR. Now Authentication & Ciphering phases take place. Then the Equipment Validation phase takes place.

There are 2 steps in setting a call - Setting of a voice path between MS & MSC by allocating a radio traffic channel & a voice Trunk - Setting a voice path between MSC & PSTN. 6. MS send a call setup request to MSC. It included dialed digit 7 MSC request VLR to supply subs parameters. Requested message contain digit dialed (DD) and service indication (SI). 8. VLR will check for call barring etc. VLR will supply subs data for call processing. 9 MSC will inform MS that call is proceeding.

10. MSC allocates a trunk to BSS for serving MS and request the BSS (TN) to allocate a radio channel (TCH) for MS. 11. BSS allocate Radio channel on SDCCH. 12. MS tunes TCH and send acknowledgement to BSS. 13. BSS connects the radio channel to assigned trunk of MSC, BSS deallocates the SDCCH, BSS send trunk & radio assignment message to MSC.

CALL SETUP WITH LAND N/W - A path has been established between MS & MSC now a path will be established from MSC to PSTN. 14. MSC sends a N/W setup message to PSTN. In message are dialed digit and details of Trunk to be used for call. 15. PSTN informs MSC with networking alerting message. MS will hear ringing tone from PSTN. 16. MSC informs MS that the destination number is being alerted. 17. When B. party go off-hook, PSTN will inform the MSC of this event. Billing start, MS is connected to the destination party. 18. MSC informs the MS that the connection has been established. 19. MS acknowledges the receipt of the connect message.

RELEASE OF CALL 20. MS initiate the release of call by pressing end button. MS will send the Disconnect message to MSC. 21. MSC send Release message to PSTN End to END connection is terminated. 22. MSC send Release message to MS. 23. MS send Release Complete message. 24. Voice Trunk between MSC & BSS is released. 25. The Traffic channel is cleared. 26. The Release of the Resources is completed.

4.5 LAND TO MOBILE CONNECTION STEPS

ROUTING ANALYSIS Assume that MS is already registered and allocated TMSI and MS in his home system 1. PSTN subscriber dials MS ISDN. 2. GMSC request HLR to provide routing information about this MS. 3. HLR provides MSRN to GMSC, if MS is roaming is its home MSC area then MSRN = MS ISDN, if roaming in different MSC area then MS ISDN & MSRN are different. Assume that MS roaming in Home MSC area. 4. MSC informs VLR for a call to MS, In the message is MSRN. 5. VLR responds to MSC by LAI & TMSI.

PAGING 6. MSC used LAI given by VLR to determine which BSS should page, included in the message is the TMSI. 7. BSS broadcast TMSI, of MS in paging channel (PCH). 8. MS detects TMSI, or IMSI on paging channel MS asks channel request on RACH. 9. BSS allocates SDCCH on AGCH. Now onwards MS communicate as SDCCH till MS gets a TCH. 10. MS responds paging on SDCCH, in the message MS sends TMSI, LAI. 11. BSS send this message to MSC.

12. MSC informs its VLR that MS has responded.

Authentication Ciphering, Equipment validation are done in same manner as in Mobile to Land call. In the case, the MS is visiting a new MSC area, the authentication and Equipment Validation are performed as follows. The Visited VLR request the authentication parameters from the Home AUC through the Network connecting the two MSCs and then through the HOME HLR. - The Equipment Validation phase involves the visited MSC & the HOME EIR. There are again two steps in setting up a voice path for a call from a mobile to a PSTN subscriber. - The call setup with the mobile:- A voice path is created between MS & MSC by allocating a TCH and a voice trunk. - The call setup with the land N/W:- Where a voice path is established between the MSC & a PSTN N/W

13. MSC informs MS that a call can be setup. 14. MS perform compatibility check, it acknowledges the call setup message confirm. 15. MSC selects a trunk to BSS and request BSS to allot a radio channel (TCH). 16. BSS allot TCH and transmits an Assignment command over SDCCH to MS. 17. MS tunes to TCH and transmits an assignment complete message back to BSS. MS user phone rings. MS do not use SDCCH after it gets TCH. 18. BSS on receiving assignment complete message connects the TCH to Trunk. SDCCH is free now and send Assignment Complete Message to MSC.

19. MS got TCH, MS begin alerting the user after if receives a TCH. An alerting message is sent to MSC. 20. MSC on getting alerting indication from MS will generate ringing to calling party and sends a N/W alerting to PSTN. 21. Mobile subscriber answers, MS stops alerting and send connect message to MSC. 22. MSC removes audible tone to PSTN, and connects PSTN trunk to BSS trunk and send connect message to PSTN, Billing start. 23. MSC send a connection acknowledge to MS.

RELEASE 24. MSC receives a Release message from the N/W to terminate the end to end connection. 25. MSC send disconnect message to MS. 26. MS send Release to MSC 27. MSC send Release complete to MS. 28. Voice trunk between MSC & BSS in cleared. 29. The Traffic channel is released. 30. The recourses are completely released.

IF MS ROAMING IN ANOTHER MSC AREA 1. The call is routed from home MSC to the visited MSC and MSRN is transmitted then to the VLR 2. The VLR sends a message to the visited MSC asking it to perform paging by passing to it the new LAI & TMSI of the MS.

5.SIGNALLING SYSTEM NO.7

Signalling System No.7 (SS7) is a global standard for telecommunications defined by the International Telecommunication Union (ITU) Telecommunication Standardization Sector (ITU-T). SS7 defines the procedures and protocol by which network elements in the public switched telephone network (PSTN) exchange information over a digital signalling network to effect wireless (cellular) and wire-line call setup, routing and control, as well as, network management and maintenance. Why SS7? The answer is simply that the time had come for the world to begin its move into the high- tech, highly communicative world of the latter part of the Twentieth Century. A new network signalling architecture was needed. SS7 was developed to satisfy the telephone operating companies' requirements for an improvement to the existing signalling systems. Signalling Transfer Point (STP) The STP is to the SS7 Network what the switch is to the Public Switched Telephone Network. While a switch routes calls by making actual voice connections, the STP simply directs the digital traffic by selecting links on which to place the outgoing traffic. STPs are paired for redundancy with consideration being given that both members of the pair are not subject to the same hazards. For example both members of the same pair would not be placed on the same earthquake fault.

5.1 SS7 PROTOCOL LAYERS

SS7 standard was developed in a modular approach. This approach leads to the creation of what is referred to as a layered protocol. Protocol means nothing more than a rigid set of rules which determine how communication should be handled. It covers everything from what should occur to when and how it should occur. It also prescribes exactly what the message consists of when it is sent over the links. Layered means each module performs its function in sequence and then hands the message off to the next module (which is above for incoming messages and below for outgoing messages). Bear in mind that a protocol is only a set of rules. Those rules extend to what occurs in the equipment to control the links. For example, one rule for MTP L1 is that a link must consist of two data channels operating in opposite directions at the same bit rate. In other words, the links must be bi-directional.

Each of the functional program modules is termed as a user part. The rules (protocol) dictate the sequence in which things must be done. To show this graphically, a convention has been adopted for the drawing. In this drawing, the functional modules that deal with a message just about to be transmitted over the links (or one just received from the links) are shown at the bottom. Other modules are shown stacked above in the sequence in which their functions are performed. The resulting picture is commonly called a stack. A typical SS7 stack is shown below.
TRANSACTION CAPABILITIES APPLICATION PART SIGNALLING CONNECTION CONTROL PART INTEGRATED TELEPHONE SERVICES SERVICES USER PART DIGITAL NETWORK USER PART

MESSAGE TRANSFER PART-LEVEL 3 MESSAGE TRANSFER PART-LEVEL 2 MESSAGE TRANSFER PART-LEVEL 1

5.1.1 MESSAGE TRANSFER PART-LEVEL 1

The Message Transfer Part Level 1 (MTP L1) is called the physical layer. It deals with hardware and electrical configuration. MTP level 1 is a user part that deals with physical issues at the level of links, interface cards, multiplexors etc. It does not, therefore, concern software providers except that they need to understand these requirements in order to interface the software module layers with the physical layer.

5.1.2 MESSAGE TRANSFER PART-LEVEL 2

This is a busy user part. It is the last to handle messages being transmitted and the first to handle messages being received. It monitors the links and reports on their status. It checks messages to ensure their integrity (both incoming and outgoing). It discards bad messages and requests copies of discarded messages. It acknowledges good messages, so the transmitting side can get rid of superfluous copies. It places links in service, and restores the service links that have been taken out of service. It tests links before allowing their use. It provides sequence numbering for outgoing messages. And finally it reports much of the information it gathers to MTP Level 3.

5.1.3 MESSAGE TRANSFER PART-LEVEL 3

The MTP Level 3 provides the functions and procedures related to Message Routing (or Signalling Message Handling) and Signalling Network Management. MTP L3 handles these functions assuming that signalling points are connected with signalling links. The message routing provides message discrimination and distribution. Signaling Network Management provides traffic, link and routing management, as well as, congestion (flow) control.

5.1.4 SIGNALLING CONNECTION CONTROL PORT (SCCP)

SCCP provides connectionless (class 0) and connection-oriented (class 1) network services and extended functions including specialized routing (GTT-global title translation) and subsystem management capabilities above MTP Level 3. Many of the benefits of the use of the SCCP lie in the specialized routing functions. The addressing capabilities are what allow the locating of database information or the invoking of features at a switch. A global title is an address (e.g., a dialled 800 number, calling card number, or mobile subscriber identification number) which is translated by SCCP into a destination point code and subsystem number. A subsystem number uniquely identifies an application at the destination signalling point. SCCP is used as the transport layer for TCAP-based services. There are at least two benefits of global title translations. The first is that SPs can have access to data of all types without having to maintain cumbersome tables. New data can become universally available very quickly. The second is that companies can have better control over the data kept within their own networks.

5.1.5 TRANSACTION CAPABILITIES APPLICATION PART (TCAP)

The Transaction Capabilities Application Part offers its services to user designed applications, as well as, to OMAP (Operations, Maintenance and Administration Part) and to IS41- (Interim Standard 41, revision C) and GSM MAP (Global Systems Mobile). TCAP supports the exchange of non-circuit related data between applications across the SS7 network using the SCCP connectionless service. Queries and responses sent between SSPs and SCPs are carried in TCAP messages. TCAP is used largely by switching locations to obtain data from databases (e.g. an SSP querying into an 800 number database to get routing and personal identification numbers) or to invoke features at another switch (like Automatic Call back or Automatic Recall). In mobile networks (IS-41 and GSM), TCAP carries Mobile Application Part (MAP) messages sent between mobile switches and databases to support user authentication, equipment identification, and roaming.

5.1.6. INTERGRATED SERVICES DIGITAL NETWORK USER PART (ISUP)

The ISDN User Part (ISUP) is used throughout the PSTN (Public Switched Telephone Network) to provide the messaging necessary for the set up and tear-down of all circuits, both voice and digital. Wireless networks also make use of ISUP to establish the necessary switch connections into the PSTN. In the telephone network, ISUP messages follow the path of the voice circuits. That is, ISUP messages are sent from one switch to the other where the next circuit connection is required. ISUP offers two types of services, known as Basic and Supplementary. Basic Services consist of those services employed in the process of setting up and tearing down a call. Supplementary Services consist of those services employed in passing all messages that may be necessary to maintain and/or modify the call. ISUP functionality can be further broken down into 3 major procedural categories: Signalling Procedure Control, Circuit Supervision Control, and Call Processing Control.

5.1.7 TELEPHONE USER PART

In some countries (e.g., China, Hong Kong, Brazil), the Telephone User Part (TUP) is used to support basic call setup and teardown. TUP handles analog circuits only. In most regions of the world, ISUP is used instead of TUP for call management.

5.2 ISUP FUNCTIONS AND SIGNALLING

ISUP information is carried in the service information field (SIF) of an MSU. The SIF contains the routing label followed by a 14-bit (ANSI) or 12-bit (ITU) circuit identification code (CIC). The CIC indicates the trunk circuit reserved by the originating switch to carry the call. The CIC is followed by the message type field IAM, ACM, ANM, REL, RLC which defines the contents of the remainder of the message.

5.2.1 ISUP MESSAGE TYPES Initial Address Message (IAM): It is sent in the forward direction by each switch in
the circuit between the calling party and the destination switch of the called party. An IAM carried the called partys number in the mandatory variable part and may contain the caller partys name and number in the optional part. Address Complete Message (ACM): It is sent in the backward direction to indicate the remote end of the trunk circuit has been reserved. The originating switch responds to an ACM message by connecting the calling partys line to the trunk to complete the voice circuit between the calling party and the called party. Release Message (REL): It is sent in either direction to indicate the call is being released to a specified cause indicator. The call is released when either the calling party or the called party hangs up the phone. Release Complete Message (RLC): It is sent in the opposite direction of the REL to acknowledge the release of the remote end of a trunk circuit and to end the billing cycle.

5.3 ISUP CALL SEQUENCE 5.3.1 CALL INITIATED

1. Calling party goes off hook on an originating switch (SSP) and dials the directory number of the called party. 1a. Originating SSP transmits ISUP IAM to reserve an idle trunk circuit. The IAM includes OPC, DPC, CIC, dialled digits, CPID, and calling party name (Caller ID option). 1b. IAM is routed via home STP of originating SSP. 2. Destination switch (SSP) checks the dialled number against its routing table and confirms that the called partys line is available for ringing. 2a. Destination SSP transmits ACM to the originating SSP via its home STP to confirm that the remote end of the trunk circuit has been reserved. 2b. The STP routes the ACM to the originating SSP which connects the calling partys line to the trunk to complete the voice circuit. The calling party hears ring back tone.

5.3.2 ISUP CALL ANSWERED

3a. Called party goes off-hook. Destination switch terminates ringing tone and transmits an ISUP answer message (ANM) to the originating switch via its home STP. 3b. STP routes ANM to originating switch which verifies that the calling party is connected to the reserved trunk. Billing is initiated.

5.3.2 ISUP CALL RELEASED

4a/b. If the calling party hangs up first, the originating switch sends an ISUP release message (REL) to release the trunk between the two switches. If the called party releases first, the destination switch sends an REL message to the originating switch to release the circuit. 5a. When the destination switch receives the REL, it disconnects and idles the trunk, and transmits an ISUP release complete message (RLC) to the originating switch to acknowledge the release of the remote end of the circuit. 5b.When the originating switch receives or sends an RLC, the billing cycle ends and the trunk state is returned to idle.

5.4 SAMPLE TCAP DATABASE QUERY

This sample query describes how a dialled 800 number is processed using TCAP. See Figure 5-12 as you review the messaging sequence described below. 1. A subscriber goes off-hook and dials an 800 number. The end office switch (SSP) parses the digit string and sends an 800 query message to either of its STPs over its Alink. 2. The STP recognizes the 800 query and routes it to an appropriate database via an SCP. 3. The SCP receives the query, extracts the passed information and retrieves a real telephone number to which the call should be routed. 4. The SCP sends a response message with the information necessary to process the call to the originating SSP via an STP and an A-link. 5. The STP receives the response and routes it to the SSP. 6. The SSP receives the response and uses the information to route the call. It generates an IAM message and proceeds with ISUP call setup.

6. INTELLIGENT NETWORK
In an intelligent network (IN), control of call processing is moved out from the switch and into the network. The idea is to give service providers the ability to develop new services quickly, independently, and inexpensively; a capability they do not have when new services are implemented on network switches. An Intelligent Network is a service independent tele-communications network. That is, intelligence is taken out of the switch and placed in computer nodes that are distributed throughout the network. This provides the network operator with the means to control and develop services more effectively. New capabilities can be rapidly introduced into the network. Once introduced, services are easily customized to meet the individual customers needs.

6.1 IN OBJECTIVES
1. Speed in service development, offering new services quickly. 2. Reduce service management costs through standardisation. 3. Use in multi-vendor environments, common signalling standards.

6.2 IN CALL PROCESSING

1. The number is dialled. 2. The Switching System cannot process the call and requires a Service Logic. 3. The message is sent to external logic. 4. The external logic replies with call processing indication. So the principle of Intelligent Network is to enable the Switching System to access the Service Logic.

6.3 IN ELEMENTS
Service Switching Points (SSP) Service Control Points (SCP) Intelligent Peripherals (IP) Service Management Systems (SMS)

Use of SCP for centralised services: -Calling card services -800 service

SCP

STP

SWITCHING SYSTEM

Service Management System (SMS)

Service-specific Management Systems New Service-specific hooks in switch software

6.3.1 SERVICE SWITCHING POINTS (SSP)

SSP is used for Intelligent Exchanges. It is able to detect call events, for example : The number dialled, If the party is off hook, and If the call is terminated.

The Service Switching Points sends the request to the Service Control Points (SCP), which controls any further treatment of call. It passes call control from the exchange to the SCP and then relays instructions from the SCP back to the exchange.

At IN service invocation, the SSF copies information from the access protocol (e.g. ISUP or DTAP) onto the INAP message that is used to invoke the IN service. When the SSF receives instruction from SCP, it copies information received from the SCP on to the call control protocol.

6.3.2 SERVICE CONTROL POINTS (SCP)

The Service Control Points runs the service logic when triggered by the SSP. It holds the service data. As a controlling component, it controls the Service Switching Point and the Intelligent Peripherals. Once the SCP has gained control over the call, it may decide how the call may continue. The SCF supports the IN control e.g. INAP, but the behaviour of the service logic is operator specific.

6.3.3 INTELLIGENT PERIPHERALS (IP)

Intelligent Peripherals are used for: User Interaction. As providers of information. As collectors of information.

Example: Voice Units (prompt and collect digits, voice recognition).

6.3.4. SERVICE MANAGEMENT SYSTEMS (SMS)

Service Management Systems has the following applications: Management of Services. Customer Profile Management and Database Management. Statistics Collection. Alarm Collection

6.4 Basic Call State Model

A fundamental concept for IN control is the basic call state model (BCSM). When a call is processed by an exchange, and goes through a number of pre-defined phases in the BCSM. The BCSM follows the ISUP signalling of a call. ISUP messages received by the exchange, result in the transition from one BCSM state to another. The definition of the BCSM enables the MSC to interact with the SSF at defined points in the call. The SSF may in its turn contact the SCP at these points in the call. The BCSM contains detection points (DP) and points in call (PIC). The PIC indicates the state of the call, i.e. analysis, routing, alerting and active. A DP is associated with a state transition. When the call reaches a certain PIC, the BCSM first processes the DP that is associated with the transition to that PIC, e.g. when the call is in the alerting phase and an answer event is received over ISUP, the BCSM processes the DP that is associated with the answer event. After the processing of the DP is complete, the BCSM transits to the active PIC. IN defines four DP types: Trigger detection point request (TDP-R): when the BCSM instance for a call transits to a DP that is defined as TDP-R, an IN service may be started at that point. This entails the internal SF notifying the SCF and waiting for further instructions. The call processing in the MSC is halted until the SSF has received instructions from the SCF. TDPs are statically defined in an exchange. By defining different DPs in the BCSM as TDP, the exchange may invoke an IN service at different points in the call. Trigger detection point notify (TDP-N): the TDP-N is a variant of the TDP-R. An IN service may be triggered from a DP that is defined as TDPN as opposed to TDP-R. The SSF will in that case not wait for instructions from the SCP, but will return the call control immediately to the MSC. As a result the call processing is not halted. The SCP has not gained control over the call; the SCP was merely notified about the occurrence of the call event. Event detection point request (EDP-R): When an IN service is invoked, it may arm DPs within the BCSM as an event detection point (EDP). Arming a DP entails that the IN service instructs the SSF to monitor for the occurrence of the event associated with the DP. When the event occurs, the SSF notifies the SCP. If the DP is armed as EDP-R, the SSF halts call processing after the notification and waits for instructions from the SCP. The reporting of an event that was armed as an EDP-R is referred to as interrupt mode. Event detection point notify (EDP-N): The IN service may arm an EDP in interrupt mode (EDP-R) or in notify mode (EDP-N). When a DP is armed as an EDP-N, the SSF reports the occurrence of the event associated with the DP, but the SSF does not halt call processing. Instead, the SSF instructs the MSC to continue call processing.

6.5 DIALOGUE HANDLING

The invocation of an IN service involves the establishment of an IN dialogue between SSF and SCF. SSF and SCF start a process that governs this dialogue. The IN dialogue between SSF and SCF facilitates the exchange of instructions and notifications between SSF and SCF. When the IN service terminates, the IN dialogue is closed. Two methods exist for closing the IN dialogue: Pre-arranged end when communication has taken place between SCF and SSF and both entities can deduce that, for this call, there will not be any further communication through this IN dialogue, then both entities may terminate the dialogue without informing the other entity. Basic end an entity may explicitly terminate the IN dialogue by sending a dialogue closing notification to the other entity.

The transaction capability (TC) messages are TC Begin, TC Continue, TC End. The IN service is started by the SSF by sending the initial DP operation to the SCF. The IN service responds by sending the continue operation, which instructs the SSF to continue call establishment. In the pre-arranged end example, the SCF does not explicitly close the IN dialogue. However, since the SCF did not arm any of the DPs in the BCSM, there will not be any further communication between SSF and SCF through this IN dialogue. The SSF and SCF therefore decide to close the IN dialogue. In the basic end example, the SCF instructs the SSF to continue call establishment and at the same time instructs the SSF to close the IN dialogue.

6.6 DP Arming/Disarming Rules

Arming and disarming DPs in the BCSM is a tool used by the IN service to keep informed about the phase of the call and to maintain or close the IN dialogue. A set of DP arming and disarming rules are defined below. TPD arming TDPs are statically armed in the exchange. The operator may decide for which calls an IN service is invoked and at which DP in the BCSM for that call. EDP arming when an IN service is invoked from a particular TDP in the BCSM, the IN service may dynamically arm DPs in the BCSM as EDP-N or EDP-R. The arming of a DP as EDP is valid only for the duration of the IN service. The IN protocol that is used for the IN service determines which DPs are available in the BCSM and whether these DPs may be armed as EDP-N or EDP-R. EDP disarming when a DP is armed as EDP, it may be disarmed in various ways: (1) the IN service may explicitly instruct the SSF to disarm the DP; (2) when the DP occurs, the SSF disarms the DP; the IN service may re-arm the DP, if needed;3 (3) the occurrence of a particular DP in the SSF may result in the implicit disarming of other DPs in the BCSM; CAMEL specifies strict rules for this form of implicit disarming; and (4) when a call or call leg is released, all DPs associated with that call or call leg are disarmed.

6.7 CONTOL AND MONITOR RELATIONSHIPS

The SSF and SCF maintain a relationship through the IN dialogue. The relationship is a means of describing the level of control the SCF has over the call. A relationship exists between SSF and SCF under the following conditions: The SSF has reported a TDP-R or EDP-R to the SCP and is waiting for instructions from the SCP; At least one DP in the BCSM is armed as EDP-N or EDP-R; The SCP has requested the SSF to send a charging report; The SCP has requested the SSF to send a call information report.

6.7.1 Control Relationship

When a control relationship exists between SSF and SCF, the IN service may take actions like releasing the call. A control relationship exists under the following conditions: The SSF has reported a TDP-R or EDP-R to the SCP and is waiting for instructions from the SCP; At least one DP is armed as EDP-R.

When the BCSM transits to a DP that is armed as EDP-R, the SSF automatically disarms that DP. The control relationship between the SSF and SCF remains at least until the end of the processing of this DP.

6.7.2 Monitor Relationship

When a monitor relationship exists between SSF and SCF, the IN service may keep informed about the call progress, but cannot assert any control over the call. It cannot, for example, order a follow-on call when call establishment fails. When a relationship exists between SSF and SCF, but does not qualify for a control relationship, it is a monitor relationship. A control relationship may downgrade to a monitor relationship, but not vice versa.