01 Basic (GSM)

中兴通讯学院 www.univ.zte.com.
cn
Main contents
• Mobile communication overview
• Related knowledge about GSM

• main components in GSM
• the interface and protocol between entities
• wireless area partition
• numbering plan
• mobile service management
• security management
中兴通讯学院 www.univ.zte.com.cn
Mobile Communication
Overview
1 The first generation mobile communication
—— analog cellular mobile communication
Feature:
1)frequency division multiple access(FDMA)
2)analog signal
3)narrow band
Main mode: AMPS TACS NMT
2 The second generation mobile communication
—— digital cellular mobile communication
Feature:
1)time division multiple access(TDMA)
narrow code division multiple access(N-CDMA)
2)digital signal
3)narrow band
Main mode: GSM DAMPS
N-CDMA
3 The third generation mobile communication
—— IMT2000 (3G)
Feature:
1) code division multiple access(CDMA)
2) digital signal
3) broadband
2000 means: Frequency is 2000MHZ,
Maximum service rate is 2000kbit/s.
Main mode: CDMA2000
WCDMA
TD-SCDMA
Related knowledge about
GSM
Digital Public Land Mobile communication Network----PLMN
MSS
BSS HLR/AUC EIR MSC/VLR
No.7 MAP
BTS
Abis No.7 BSSAP
No.7 MAP TUP PLMN
A
BSC MSC/VLR PSTN
No.7 TUP
X.25 ISDN
BTS SC PSPDN
Um
X.25/ No.7
MS OMC
Signaling Voice
•MS:Mobile Station
•BSC:Base Station Controller
•BTS:Base Transceiver Station
•MSC:Mobile Switching Center
•HLR:Home Location Register
•VLR:Visitor Location Register
•AUC:Authentication Center
•EIR:Equipment Identity Register
•SC:Short Message Center
•OMC:Operation and Maintenance Center
1.Main components of GSM
•MS(mobile station)
•BSS(base station sub-system)
•MSS(mobile switching sub-system)
•OMC(operation and maintenance center)
1.1 Mobile Station
Function： It is the device of mobile subscriber.

It includes two parts: mobile terminal and SIM card.
Attention:
Physical mobile terminal and mobile subscriber
are different. What is the meaning.
1.2 Base Station sub-System
Function：It provides trunks between wireless part
and fixed part of PLMN network.
---BSC
---BTS
BTS is in charge of wireless transmission.
BSC performs the control and management function.
1.3 Mobile Switching sub-System
•Function：It performs GSM switching function as well as
manage mobile subscriber data and database for mobile
service. It is interface between GSM network and other
network (such as PLMN,PSPDN etc.)
•It includes 6 function units:
---MSC ---VLR
---HLR ---AUC
---EIR ---SC
1.3.1 Mobile Switching Center(MSC)
Function
• It is responsible for setting up,managing and clearing
connections as well as routing the calls to the proper cell.
• It provides the interface to the telephone system as well as
provisioning for charging and accounting service.
• MSC get data for call handling from 3 databases:
VLR/HLR/AUC
• GMSC(gateway):It is used to query the mobile subscriber
location information,and connect the route to the VMSC which
the subscriber in at that time.
1.3.2 Visitor Location Register(VLR)
VLR is a dynamic database,it stores all related information of
mobile subscribers that enter into its coverage area,which enables
MSC to set up incoming and outgoing calls.
Subscriber parameters include: subscriber number(MSISDN),
location area identity(LAI),user’s status , services subscriber can
use, and so on.
When the subscriber leaves this area, it should register in another
VLR,and old VLR will delete all the data about this subscriber.
1.3.3 Home Location Register(HLR)
HLR: It is a static database. when a user apply for mobile service,

all data about this subscriber will be stored in HLR.
Information:
--- basic service information: including MSISDN, IMSI,the
telecom service, support service,user’s type, and so on;
--- supplement service information;
---the mobile location information (MSC/VLR address),so as to
realize the call route to the MS and billing.
1.3.4 Authentication Center(AUC)
It is used to prevent unauthorized subscriber from access GSM

network or from a mobile number being used by unauthorized
person. It operates closely with the HLR.
AUC stores correlative parameters information for subscriber

authentication, encryption to prevent unauthorized access and
guarantee the safety of mobile subscriber communication.
1.3.5 Equipment identity Register(EIR）
•It is used to manage the international mobile station equipment

identification number (IMEI) of all mobile station devices and
check whether each mobile station device is a legal equipment.
•It includes one or more database to store the IMEI.
•All IMEI are stored separately in three lists: “white name
lists”, “grey name lists”, and “black name lists”. Network will
judge whether the IMEI is a legal device and decide to either
accept or reject the device.
1.3.6 Short Message Center(SC）
•It provides the short message service(SMS). It provides the

delivery and receiving of short message between mobile
subscriber and fixed subscriber or between mobile subscribers.
1.4 Operation and maintenance center (OMC)
The operation and maintenance center realizes the management
of network. The specific function include: maintain and measure
system, monitor system’s status,performance management,traffic
statistics and so on. It can improve the overall system working
efficiency and service quality.
OMC includes two parts:for system(MSS) and for

radio(BSS).
2.The interface and protocol between entities
The difference between interface and protocol:

The interface:the connection point between 2 adjacent
entities.
The protocol: illustrate the rules followed when
information exchanged at the connection point.
Main interface:
Um interface Abis interface A interface
BTS BSC
MS
BTS BSC MSC
2.1 Um interface:
Um interface defines the communication interface between MS and
BTS, also called air interface.Um interface is the most important
interface in all interfaces.
• it realizes the compatibility between all kinds of MS and different
network, so that the MS can roam.(it is open interface)
• it adopts some anti-jamming technology and measurements to
reduce interferer and improve the frequency spectrum efficiency.
• It realizes the physical connection between MS and GSM
network(that is wireless link)，at the same time it is also in charge
of transferring of the information about RR, MM and CM.
Note:
RR:radio resource management
MM:mobile management
CM:connection management
2.2 Abis interface:
•the intra-interface between the BTS and BSC,used for

remote connection
•2Mb/s PCM system
•It is an inner interface.
2.3 A interface and protocol
• It is an interface between BSC and MSC
•It is based on 2.048Mbit/s PCM
•CCS signaling (SPC CODE:14 Bits)
•Information through this interface include: MS management,
mobility management,BTS management and so on.
•It is a open interface.
2.4 MSS interface and protocol
A F
BSC MSC EIR
C
B
D HLR/AUC
VLR
BTS
E
VLR
B
BSS MSC MSS
2.4.1 B interface:
•the interface between MSC and VLR.
•MSC transfers the location update information of roaming
subscriber to VLR
•MSC queries information of called roaming subscriber
from VLR when setting up the calls
•Always associated with VLR, use inner interface.
2.4.2. C interface
•The interface between MSC and HLR.
•When a MS is called,MSC must query the routing message of

called MS from HLR through this interface to locate called
MS,and HLR will return the routing message(visit MSC/VLR
number) to MSC.
•VMSC/VLR send the MSRN assigned to the called subscriber
to HLR.
2.4.3. D interface
The interface between VLR and HLR.
This interface is used to transfer location information and

subscriber data information between VLR and HLR.(location
Information,route information, service information and etc.)
2.4.4. E interface:
the interface between MSC and MSC.
it is used to hand-over channel when MS moves between 2 MSC
offices during the call so that the call will not be disconnected.
this interface transfers inter-office signaling which controls voice
connection between MSCs’
2.4.5. F interface :
The interface between MSC and EIR.
It is used for MSC to check IMEI of MS
2.4.6. The interface between MSC and PSTN:
The inter-office signaling interface,used for setting up voice

connection between PSTN and PLMN.
3. Wireless area partition
GSM service area
PLMN Service area
MSC Service area
Location area
Cell
Wireless coverage area structure
3.1.Cell
The smallest area that can not be divided.
3.2.Location area:
•The area where MS moves without updating location.
•It includes some cells.
•It only belongs to one MSC.
•It includes one or more BSC.
•One location area has one LAI to identify each other.
3.3.MSC service area:
The area that all the cell controlled by one MSC covered.
One MSC composes one or more location areas.
3.4 .PLMN service area:

It includes one or more MSC service areas.
3.5.GSM service area:

It includes global PLMN networks .
4.Numbering Plan
4.1 ISDN number (MSISDN) of mobile subscribers

• A MSISDN number is the number dialed by the caller
subscriber in PLMN.
• Composition of a MSISDN number.
Country code +valid national ISDN

number
International mobile subscriber ISDN number
4.2 International mobile subscriber identification number (IMSI)
•IMSI is an unique number that can identify a mobile subscriber
in the PLMN network.
• Composition of an IMSI number
MCC MNC MSIN

International
mobile subscriber
identification
National mobile
subscriber
identification
•MCC＝ mobile country code
•MNC＝ mobile network code,
•MSIN＝ mobile subscriber identification number, a 10-digit
equi-length number.
•IMSI is used in all signaling in a GSM mobile
communication network, stored in HLR, VLR and the SIM
card.
4.3 International mobile equipment identification number (IMEI)
• IMEI is an unique number that can identify a mobile device in
the GSM network.
•TAC(Type Approval Code) : 6 digits, assigned by certain department;
•FAC(Final Assembly Code) : 2 digits,decide the place of manufacturing or
assembling, coded by manufacturer;
•SNR(Serial NumbeR) : 6 digits, assigned by manufacturer in sequence;
•Spare bit : 1 digit.
TAC FAC SNR Spare bit
4.4 .MSC/VLR number
•MSC/VLR number is used in the No.7 signaling.

•MSC/VLR number structure : CC+NDC+……
4.5.HLR number
•HLR number is used in the No.7 signaling .

•HLR number structure : CC+NDC+……
4.6 Mobile subscriber roaming number (MSRN)
•MSRN is a number temporarily assigned by VLR to a
called mobile subscriber which it registers in according to
the request of HLR (of called party) in each call for the
network to re-route.
• This number will be released and can be assigned to other
mobile subscriber afterward.
4.7 Hand-over number (HON)
• HON is a number assigned to a mobile subscriber by
the destination MSC/VLR temporarily for routing
during inter-office handover.
• This number is part of a MSRN number.
• It is used only during inter-office handover of a
mobile subscriber. After the connection, it is released
and used by other subscribers.
4.8 Temporary mobile subscriber identification number (TMSI)
TMSI is an identification number assigned temporarily to a

visiting mobile subscriber by VLR for the secrecy of IMSI. It is
a 4-byte BCD code, used only locally, and assigned by each
MSC/VLR independently.
4.9 Location area identification number (LAI)
•LAI is used to identify the location area.
• Its number structure is:
MCC＋MNC＋LAC
MCC and MNC : same as the MCC and MNC in IMSI.
LAC is a location area code that uniquely identifies each
location area in digital PLMN. It is a 2-byte hexadecimal
BCD code represented by L1L2L3L4 (with the range of
0000～FFFF, able to define 65536 different location areas.)
4.10.Global Cell Identification（GCI）
It is used to identify certain cell in a location area.
Structure:
MCC+MNC+LAC+CI，
432+20+23510+26032 (MRK0013)
CI:2 bytes BCD code .
5.Mobile service management
•MS status
•Roaming and updating location
•Paging
5.1 MS status
Mobile subscriber
•MS switch on （free）

•MS switch off
•MS busy
1)MS switch on
The Network should label with “attached ” flag.
Case 1: Record MSC
/VLR number
•If MS switch on for the first
time(HLR operate)
HLR
IMSI
updating
Updating location locate
MSC/VLR accept
request
VLR attach
label on this
IMSI
SIM card
record LAI
Case 2:
•Ms switch on again,the LAI it received is the same as
LAI stored in SIM card,VLR only label with “attached”
flag.
Case 3:
• The LAI it received is different from the LAI stored
in SIM card.MS send the message “location updating
request” to MSC/VLR to update the LAI,VLR will
judge if the data of this MS is in its database.
If it has,update the new LAI.
If it hasn’t ,repeat the case 1.
2) Ms switches off ， MS get “detached ” from the
network
3) MS busy
Assign a service channel to MS for transferring voice and
label with “busy” for this mobile subscriber.
5.2 Periodical registration
The GSM system takes the compulsory registration

measure,requiring MS to register periodically. If the GSM
system has not received the periodical registration information
from a certain MS,the VLR of this MS will record it with
“hidden detachment”status. Only when it receives the correct
periodical registration information again,will it change MS
back into the “attached “status.
5.3 Basic location updating
Location area has been changed, and MS set up location updating.
2 cases:
1)MS location area is changed ,but in the same MSC
2)MS roams from one MSC to another MSC.
•Location updating in same MSC
BSC M
Location
area 1 S
MSC/VLR 2
2
1
3 Location 4 M
area 2
BSC S
•Location updating between MSCs
MSC/VLR1 M
5
S
HLR
2
3 1 M
MSC/VLR2
4 S
5.4 Fix subscriber call mobile subscriber
PSTN 1 6 MSC/VLR MS
GMSC
2 5 4
3
HLR
1.MSISDN 2. MSISDN 3. IMSI 4. MSRN

5. MSRN 6. MSRN
5.5 Mobile subscriber call mobile subscriber
HLR/AUC
（5）（3）
（2）（4）
（6）
MSC1/VLR2 MSC2/VLR2
（9）
（1）（10）（8）（7）
MS1 MS2
6. Security management
To guarantees system security ,the following measures are

taken:
1.prevent access of unauthorized subscribers,which is
realized through authentication;
2.protecting subscriber privacy by encrypting;
3.prevent access of invalid mobile device,which is realized
through checking IMEI in EIR;
4.preventing subscriber IMSI from being stolen,realized by
TMSI assignment .
6.1 Authentication service
Authentication is to protect legal subscribers and prevent

“intrusion” of illegal subscribers. Subscriber authentication
should be performed with the subscriber triad parameters
(RAND , SRES ,Kc)provided by the system.
MS VLR (MSC, HLR) AUC
Kc Kc
Step2
Step4 obtain Kc transfer Step1 obtain
and SRES by A8 Step3 A8 Kc and
3-parameter
calculation transfer RAND SRES by
according to Ki RAND RAND calculation
and RAND Ki Kc Kc with RAND
Ki RAND
SRES SRES generated by
Ki obtained
A3 =? A3 from query
Step5 SRES into IMSI
transfer
SRES SteP6
compare
SRES
authentication
determination
Authentication
MS NETWORK
Ki RAND RAND generator

Ki
Algorithm A3 Algorithm A3
SRES’ SRES’

01 Basic (GSM)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01 Basic (GSM)

Uploaded by

Copyright:

Available Formats

中兴通讯学院 www.univ.zte.com.

• Related knowledge about GSM

• the interface and protocol between entities

• wireless area partition

• mobile service management

Function： It is the device of mobile subscriber.

HLR: It is a static database. when a user apply for mobile service,

It is used to prevent unauthorized subscriber from access GSM

AUC stores correlative parameters information for subscriber

•It is used to manage the international mobile station equipment

•It provides the short message service(SMS). It provides the

OMC includes two parts:for system(MSS) and for

The difference between interface and protocol:

Um interface Abis interface A interface

•the intra-interface between the BTS and BSC,used for

•It is based on 2.048Mbit/s PCM

•CCS signaling (SPC CODE:14 Bits)

•Information through this interface include: MS management,

mobility management,BTS management and so on.

•It is a open interface.

•When a MS is called,MSC must query the routing message of

The interface between VLR and HLR.

This interface is used to transfer location information and

2.4.6. The interface between MSC and PSTN:

The inter-office signaling interface,used for setting up voice

GSM service area

PLMN Service area

MSC Service area

Wireless coverage area structure

3.4 .PLMN service area:

3.5.GSM service area:

4.1 ISDN number (MSISDN) of mobile subscribers

Country code +valid national ISDN

International mobile subscriber ISDN number

• Composition of an IMSI number

MCC MNC MSIN

TAC FAC SNR Spare bit

•MSC/VLR number is used in the No.7 signaling.

•HLR number is used in the No.7 signaling .

TMSI is an identification number assigned temporarily to a

•MS switch on （free）

The GSM system takes the compulsory registration

Location area has been changed, and MS set up location updating.

1)MS location area is changed ,but in the same MSC

2)MS roams from one MSC to another MSC.

1.MSISDN 2. MSISDN 3. IMSI 4. MSRN

（1） （10） （8） （7）

To guarantees system security ,the following measures are

Authentication is to protect legal subscribers and prevent

Ki RAND RAND generator

You might also like

（1）（10）（8）（7）