Documente Academic
Documente Profesional
Documente Cultură
Contents
- GSM Introduction
- CDMA Overview
- GPRS Introduction
- UMTS Introduction
- HSDPA for WCDMA
TRAINING SECTOR
GENERAL DEPARTMENT FOR
PLANNING & DEVELOPING PROGRAMS
Sub-sections
Introduction
Transmission Principles
GSM PLMN
Procedures
Radio Interface
Appindex
GSM Introduction
GSM Introduction
Sub-section reference
Sub-section identification
1
2
3
4
5
6
Introduction
Transmission Principles
GSM PLMN
Procedures
Radio Interface
Appendix
Pages
1
1
1
1
1
1
44
37
32
38
31
14
Chapter 1
Introduction
Introduction
Introduction
Contents
1
2
3
History
GSM
Current Situation, Market & Trends
2
15
27
Siemens
Introduction
History
Introduction
History
Fig. 1
Siemens
Introduction
Introduction
Siemens
Telegraph: S.F.B. Morse: 1843 First experimental telegraph line: Washington Baltimore
Telephone: Phillip Reis 1861: First speech transmission by cable / A. G. Bell: 1876
World Exhibition, Philadelphia
At first electronic communications was possible only via wire i.e. by means of fixed
(immobile) connections, forerunners of today's Fixed Network Connections. Initially
an operator ("switchboard girl") was needed to establish these fixed physical
connections for the caller manually at the central office. The first automatic
exchanges were first put into service in the mid-1920s.
Radio Communications
Radio connections were first used for Wireless Communications in the late 19th
century; information was sent via "ether".
l
1903: "Deutschen Telefunken GmbH" founded by AEG and Siemens & Halske
Siemens
Introduction
Electronic
communication:
"terrestrial network"
Telegraph
1st telegraph line 1843
Washington - Baltimore
Telephone
P. Reis 1861
A.G. Bell 1876
World Exhibition Philadelphia
Radio transmission:
1873 Maxwells theory of electromagn. waves
1887 H. Hertz: experimental proof
1895 Marconi: 1st wireless transmission
1901 1st transatlantic transmission
1903 Dt. Telefunken GmbH: AEG, Siemens& Halske
1906 1st speech and sound transmission
1909 1st radio broadcast
1917 1st mobile transmission: radio station - train
Fig. 2
Siemens
Introduction
Siemens
Introduction
Connection Types
There are two principles for radio connections:
Simplex Connection
Simplex connections are a "one-way street" for communication in the form of (mostly
fixed) transmitters and mobile receivers. This has been realized as e.g. (broadcast)
radio and television. But simplex connections are also used for direct communication
exchange i.e. two-way communication using stations which can be used both as a
transmitter and a receiver (e.g. walkie-talkies). However the equipment (transmitting /
receiving stations) cannot transmit and receive simultaneously. The call cycles or call
intervals are determined by prior agreement or personal code words ("over").
Duplex Connections
Duplex connections signify two-way communication. Users can transmit and receive
messages simultaneously. An example of an early duplex connection is radio
telegraphy.
Over
Simplex Connection:
transmit or receive
Duplex Connection:
simultaneous
transmission and reception
Fig. 3
Siemens
Introduction
Introduction
Siemens
The equipment required was extremely heavy, bulky (therefore only feasible as a
car phone service) and expensive.
The service range was limited to the area that could be covered by a single
transmitting or receiving station (single cell system).
The HF frequency range available was (is) very limited; it had to be (and still has
to be) distributed among competitors (e.g. the military, radio, and television).
The result was limited capacity, rapid market saturation, high equipment costs and
low service quality.
First Mobile
Services:
Car telephone service
Since the late 40s
Fig. 4
Siemens
Introduction
Introduction
Siemens
automatic switching
reduction of size and weight of equipment (in the 1950s/1960s a car phone took
up half of a car trunk; 1988: introduction of the mobile phone)
but:
l
During the 1970s large-scale integrated, electronic applications and the development
of microprocessors made the configuration of more complex systems possible. One
result of this was the development of single-cell transmitter systems with multiple
receiving stations. This made it possible to extend the range of the supply area, i.e.
the operational range of the subscriber because the mobile station's transmitter
power limits the size of the cell in Single Cell Systems. However no increase in
capacity resulted from this.
Cellular Mobile Radio Systems
The breakthrough in capacity, which resulted in a significant increase in the number
of subscribers, was achieved with the introduction of the Cellular Radio System in the
late 1970s/early 1980s. The coverage of the supply area of a mobile communication
operator involves many radio cells with cellular radio systems, in which the
aforementioned limitation of the available HF frequency range is neatly circumvented
through the repeated use of the HF channels.
Siemens
Introduction
radius
r
Single Cell
System
re-use distance
Cellular
System
Fig. 5
Siemens
Introduction
Siemens
Introduction
System
Frequency range
[MHz]
Introduced
in year
USA
AMPS
800
1979
Japan
NTT-MTS
800
1979
Sweden, Norway,
Finland, Denmark
NMT
450, 900
1981 - 86
Great Britain
TACS
900
1985
Germany
C450
450
1985
France
Radiocom2000
450
1985
NMT
900
1989
RTMS
450
1985
TACS
900
1990
Italy
Fig. 6
Siemens
Introduction
Siemens
Introduction
Analog technology.
Terminal devices were
bulky and heavy.
Second generation
GSM mobile telephones
Second generation
GSM mobile telephones
Fig. 7
10
Siemens
Introduction
Introduction
Siemens
11
0,01
1988
1986
1984
Year
2000
1998
1996
1994
Germany
GSM (E2)
introduction
GSM (Eplus)
introduction
100
1992
1990
C-network
introduction
10
1982
1980
0,1
B-network
introduction
1978
Subscriber [M.]
Introduction
Siemens
Fig. 8
12
Introduction
Siemens
Siemens
Introduction
13
Siemens
Introduction
1G Limitations
Capacity
Quality
Incompatibility
European mobile
communication market
early 90s
Fig. 9
14
Siemens
Introduction
GSM
Introduction
GSM
Global System for
Mobile Communications
Fig. 10
15
Introduction
Siemens
Siemens
Introduction
1982: The CEPT forms a team of experts, the Group Special Mobile (GSM) with
the purpose of developing a binding international standard for mobile
communications in Europe.
1987: Main transmission principles are selected; 13 countries agree in the MoU
(Memorandum of Understanding) to start GSM networks until 1991.
1989: GSM is renamed from "Group Special Mobile" to "Global System for Mobile
Communications".
1995: GSM-R (Railway): The ETSI reserves further frequency range for a railway
networks; first test projects are started. GSM Phase 2 work is completed.
16
Siemens
Introduction
GSM Milestones
1978
CEPT reserves 2 x 25 MHz in 900 MHz range
1982
CEPT founds "Groupe Special Mobile" GSM
1984-86 Comparison of technical possibilities
Goals:
1986
1987
1988
1989
1990
1991
1992
1993
1995
1996
- free roaming
- international accessibility under 1 number (international roaming)
- large network capacity (bandwidth efficiency)
- flexibility ISDN
- broad service offering
- security mechanisms
Fig. 11
17
Siemens
Introduction
Siemens
Introduction
1997: GSM Phase 2+ Annual Release 96: CAMEL Stage 1, ASCI for GSM-R.
DCS1800 / PCS1900 are renamed to GSM1800 / GSM1900. Dual band
equipment for GSM900 / GSM1800; 10 years of MoU: 109 countries; 239
operators; 44 million GSM subscribers; 28 % share of the world market.
1998: Phase 2+ Annual Release 97: HSCSD, GPRS Stage 1, CAMEL Stage 2,...
08/98: 100 million GSM subscribers in 120 countries; 35 % share of the world
market; GSM is quasi world standard. GSM-R networks in operation. World-wide
servicing through co-operation with mobile satellite systems (IRIDIUM).
1999: Phase 2+ Annual Release '98; 250 million subscriber; 130 countries
2000: Phase 2+ Annual Release '99: GPRS Stage 2, CAMEL Stage 3, EDGE,
Virtual Home Environment VHE, Adaptive Multirate speech AMR,...GSM Rel. '99
services identical to UMTS Rel. '99 (first UMTS release); 410 million subscriber;
161 countries; approx. 60% of world-market
GSM Milestones
1997
1998
1999
2000
Fig. 12
18
Introduction
Siemens
Siemens
Introduction
19
Siemens
Introduction
GSM Recommendation
Series 08:
MSC-BSS Interface
PSTN
ISDN
MSC
BSS
Series 04:
MS/BS Interface
& Protocols
MS
Series 05:
Um Radio
Transmission
Register
Series 10:
Service Interworking
Series 11: Equipment & Type Approval Specifications
Series 06:
Speech Coding
Series 067:
Terminal
Adaptors for MS
Fig. 13
20
Introduction
Siemens
Siemens
Introduction
21
Siemens
Introduction
Downward compatibility
Phase 1
1991
Full Rate Speech (FR),
Standard services
Data: max. 9.6 kbit/s
MTPy: Multiparty Service
CUG: Closed User Group
AoC: Advice of Charge
ASCI: Advanced Speech Call Items
SOR: Support of Optimal Routing
UUS: User to User Signalling
Phase 2+
Phase 2
Phase 1
Phase 2
Phase 1
1995
New services e.g.
MTPy, CUG, AoC;
Half Rate Speech (HR)
EFR:
Enhanced Full Rate Speech
IN:
Intelligent Network
CAMEL: Customized Applications for
Mobile network Enhanced Logic
HSCSD: High Speed Circuit Switched Data
GPRS: General Packet Radio Service
EDGE: Enhanced Data Rates for the GSM
Evolution
1997
Year
Fig. 14
22
Introduction
Siemens
Siemens
Introduction
23
Siemens
Introduction
890
GSM-R
935
GSM - Adaptations
1880
GSM
900
GSM
900
E-GSM
E-GSM
876 880
960
GSM
1800
GSM
1900
[MHz]
1710
Frequency Range
[MHZ]
GSM400
GSM
1800
Useable HF
channels
35
GSM
1900
1910 1930
1990 [MHz]
Application Area
rural environment
124
174
Worldwide except
America
374
Worldwide except
America
299
America
19
Railway systems
Fig. 15
24
Introduction
Siemens
Siemens
Introduction
The GSM-PLMN
In the GSM System there must be a distinction between network operator, provider of
telecommunication services, supplier of terminal equipment and manufacturer of
network components. Especially the sale of telecommunication services and terminal
equipment differs from the conventional fixed network and mobile communication
network of the first generation, in which state-owned network operators, service
providers and equipment suppliers usually form a monopoly. In GSM the actual
network operator often transfers services to private providers who supply the
services to the mobile subscribers under different conditions. With the wide range of
products there is also great competition in the field of mobile equipment as well as of
mobile communication network components which should force further technical
development and keep the prices down.
PLMN - Public Land Mobile Network
A PLMN is a terrestrial mobile communication network set up and run by public and
private operators. It is used to provide public mobile communication services.
General Objectives of a GSM-PLMN (with respect to service aspects):
a) Provision of a wide range of speech and non-speech services and
compatibility to those services offered in fixed telecommunication networks
such as PSTN, ISDN and PDN;
b) Additional provision of specific services for mobile access environment;
c) Compatible access for mobile subscribers in all countries where the GSM
System is operated;
d) Provision of roaming (roaming agreement) and automatic updating;
e) Location registration of mobile subscribers in these countries;
f) Provision of sufficient quality of service;
g) Provision of services with a wide range of mobile stations, e.g. permanently installed in vehicles, so-called portables and hand stations (mobile phones).
General Objectives of a GSM-PLMN (with respect to performance aspects):
a) Guarantee of a high spectrum efficiency;
b) Provision of a system concept which will lead to attractive costs regarding
infra-structure and mobile equipment
25
Siemens
Introduction
Example:
Germany
GSM-PLMN
(Public Land Mobile Network)
D1
Telekom
Competition concept:
D2
Mannesmann
Eplus
E2
Viag Intercom
Fig. 16
26
Siemens
Introduction
2000
1998
1996
1994
1992
1990
1988
1986
1984
1982
0,01
1980
0,1
Current Situation,
Market & Trends
Fig. 17
27
Introduction
Siemens
Siemens
Introduction
Overview: Systems/Standards
At the time there is a wide spectrum of mobile communication systems of the first and
second generation along with the GSM Standard and its adaptations. Important
examples include:
l
Paging Systems
Cordless Telephone
Target groups
Services offered
Prices
Coverage
Degree of mobility
28
Siemens
Introduction
Current
Mobile
Communication
Systems
Differences:
target groups
services offered
prices
coverage
degree of mobility
transmission technique
...
analogue
paging systems
e.g. Citycall
digital
paging systems
e.g. ERMES
analogue cordless
telephone systems
e.g. CT1, CT1+
digital cordless
telephone systems
e.g. DECT, PACS, PHP
Cordless
telephone booth
analogue
Private Mobile Radio
PMR
digital
PMR
e.g. TETRA
analogue
cellular systems
e.g. C450, NMT, AMPS
digital
cellular systems
e.g. GSM, D-AMPS,
PDC, IS-95
analogue
satellite systems
e.g. INMARSAT
digital
satellite systems
e.g. IRIDIUM, ICO,
Globalstar
1G
2G
Fig. 18
29
Introduction
Siemens
Siemens
Introduction
1G Systems
C450: closed 12/2000
TACS (Total Access Communications System): closed 2001.
NMT (Nordic Mobile Telephone): closed 2001.
AMPS (Advanced Mobile Phone Service): The AMPS system was introduced in 1979
in the USA. The system, operated in the frequency range of 800 MHz, was the most
successful mobile radio system in the world until 1997. It still has an increasing
number of subscribers, because of its large coverage in the USA. 12/2000, more than
75 million AMPS subscribers were registered.
2G Systems
GSM (Global System for Mobile Communications): The GSM Standard was
adopted as the first digital mobile communication standard, as planned since the
early 80s. Commercial operation started in 1992. This led to the world-wide use of
GSM net-works, which were originally planned for the European system, in more than
120 countries and regions. GSM uses a hybrid solution of FDMA and TDMA as an
access technique. GSM used currently 900 / 1800 /1900 frequency ranges.
D-AMPS (Digital Advanced Mobile Phone System): The D-AMPS was conceived
as a supplementary system to the successful analogue AMPS in the USA and
Canada. The commercial start was 1991/92. D-AMPS as IS-136 standard is based
on a combined FDMA/TDMA access technique. It shares the 800 MHz range with
AMPS (824 - 849; 869 - 894 MHz). It expanded to the 1900 MHz range in 1995.
Multimode / multiband equipment is used for AMPS/D-AMPS.
PDC (Personal Digital Cellular): With the influence of D-AMPS, PDC (originally
called JDC - Japanese Digital Cellular) was standardized for the Japanese market.
The commercial start was 1993/94. A combined FDMA/TDMA procedure, similarly to
the D-AMPS, is used as an access procedure. Mobile stations transmit at the higher
frequency with PDC, in contrast to all other systems. Frequencies around 900 MHz
(810 - 826; 940 - 956 MHz) & 1500 MHz (1429 - 1453; 1477 - 1501 MHz) are used.
IS-95 CDMA IS-95 CDMA was developed in the early 90s based on CDMA spread
spectrum digital technology and was declared IS-95 standard in 1993. The
commercial start was 1995/96. IS-95 CDMA networks are emerging world-wide with
emphasis on North America and Eastern Asia. Frequencies in the 800 MHz and 1900
MHz range are used world-wide, and also in the 1700 MHz range in Korea.
30
Siemens
Introduction
Cellular Systems
First generation:
C450
NMT - Nordic Mobile Telephone
TACS - Total Access Communications System
AMPS - Advanced Mobile Phone System
Second generation:
GSM
D-AMPS
PDC
IS-95
Start
1992
1991/92
1993/94
1995
Coverage
worldwide
especially
USA, Canada
Japan
especially USA,
Canada, Eastern
Asia
Frequency
ranges [MHz]
900 / 1800 /
1900 (America)
800 / 1900
900 / 1500
Multiple
Access
TDMA / FDMA
TDMA / FDMA
TDMA / FDMA
CDMA
7.95
6.7
9.4 / 13
Data (max.)
[kbit/s]
9.6
(n14.4; n = 1...8)
4.8
4.8
9.6 / 14.4
Subscribers
(02/2001)
~ 410 million
~ 55 million
~ 85 million
~ 35 million +
75 million (AMPS)
Fig. 19
31
Introduction
Siemens
Siemens
Introduction
1G MSS
MARISAT (Maritime Satellite): MARISAT went into operation in 1976 as the first
mobile satellite system, initiated by the USA.
INMARSAT (International Maritime Satellite Organization): INMARSAT is taking a
dominant role in 1G MSS. Founded in 1979, it is used by more than 100 membership
countries. The four INMARSAT (operation) satellites are in a geostationary orbit
(about 36,000 km altitude). With the exception of a the pole caps, a global
transmission to the world is achievable. Digital transmission is via INMARSAT
satellites since 1995., i.e. INMARSAT has turned over to a 2G MSS system
2G MSS
Digital information transmission and a larger number of satellites in lower orbits (LEO
and MEO satellites) allow considerably higher capacity. Several services similar to
those of GSM should be possible. A problem of the 2G systems is the comparable
high price and fast extension of 2G terrestrial networks
l
Globalstar
ICO
Ellipso
ORBCOMM
Teledesic
Skybridge
32
Siemens
Introduction
10,000
- 20,000 km
MEO
Medium
Earth Orbit
700
- 1,500 km
Earth
LEO
Low Earth
Orbit
approx.
36,000 km
GEO
GEostationary
Orbit
HEO
High Elliptic
Orbit
1G:
MARISAT (USA) since 1976
INMARSAT (International Maritime
Satellite Organisation):
since 1979; > 80 member countries
4 GEO satellites;
global access
2G:
Iridium, ICO, Globalstar
private MSS operator
speech- & low data rate services
Fig. 20
33
Introduction
Siemens
Siemens
Introduction
34
Siemens
Introduction
Subscriber trends:
1980 - 2000
Germany
100
World
10
1
Single cell
systems
1G
Introduction
2000
1998
1996
1994
Year
1992
1990
1988
1986
1984
0,01
1982
0,1
1980
Subscriber [M.]
1000
2G
Introduction
Fig. 21
35
Siemens
Introduction
Siemens
Introduction
Ro W
2 0 0 0'
A s ia / P a c ific
Subscriber [M.]
No rth A m e ric a
1 5 0 0'
E U 15
1 0 0 0'
5 0 0'
0'
1995
2000
2005
2 0 10
Year
2015
UMTS Forum
Report #1
Fig. 22
36
Introduction
Siemens
Siemens
Introduction
Mobile Trends
The mobile radio systems of the second generation have been optimized for speech
transmission. Data transmission is possible, but has previously been considered
secondary. Taking the increasing mobility in the professional world (work outside the
office, telework) into consideration, the need for mobile transmission of data is increasing. Comparatively user-unfriendly terminals (adapter solution) and relatively
low data transmission rates are problems for data transmission of the second
generation of mobile communications. The data rates for GSM are between 0.3 - 9.6
kbit/s, the transmission rates of other cellular standards are comparable or less. The
first mobile satellite systems of the second generation also have only low data
transmission rates (Iridium max. 2.4 kbit/s, Globalstar max. 9.6 kbit/s). These rates
are considerably lower than those of ISDN (64 kbit/s).
A large variety of demands are being placed on future mobile communications. Along
with improved world-wide service, user friendliness and cost reduction, mobile PC
Internet connection with a high data transmission rate is required.
Many of these demands are taken into account in GSM Phase 2+.
In this way bearer services were standardized with transmission rates in order to increase data transmission rates as well as to realize mobile computing and access
to the Internet. Data transmission rates can be adapted to the transmission rates of
ISDN and can be increased significantly further (up to more than 100 kit/s) by means
of these bearer services. User friendly equipment and cost-reduced features are also
planned, such as improvements in speech quality and world-wide availability by
means of satellite roaming. Furthermore flexible services adaptable to customer requests and intelligent network services are planned.
37
Siemens
Introduction
Mobile Trends
Trend:
Voice Data
100
Voice
Data
Traffic [%]
80
Requirements:
high data rates
user-friendliness
improved service offering
cost reduction
worldwide accessibility
60
40
GSM Phase 2+
20
0
1996
Source:
UMTS Forum
2001
2005
Year
2007
Fig. 23
38
Introduction
Siemens
Siemens
Introduction
39
Siemens
Introduction
300'
Mobile communication
forecast (Europa)
Mobile subscriber
(total)
Subscriber [M.]
250'
Mobile subscriber
all applications from
voice to Multimedia
200'
150'
Mobile subscriber
Speech only/
low data rates
100'
50'
0'
1995
Source: UMTS-Forum
2000
2005
2010
3G (UMTS)
Year
Fig. 24
40
Introduction
Siemens
Siemens
Introduction
41
Siemens
Introduction
1G
2G
(analog)
(digital)
Paging Systems,
e.g. City Call
Paging Systems
e.g. ERMES
Cordless Telephone
e.g. CT1, 1+
Cordless Telephone
e.g. DECT, PACS, PHS
wireless
Telephone cell
Wireless
Local Loops
WLL
PMR
e.g. TETRA
Cellular systems
e.g. C450, NMT, AMPS
Cellular systems
e.g. GSM, D-AMPS,
IS-95, PDC
MSS
e.g. INMARSAT
MSS
e.g. IRIDIUM, ICO,
Globalstar
IMT-2000
3G
1 family of
standards
for all
applications
countries
Fig. 25
42
Introduction
Siemens
Siemens
Introduction
Zone 1 Indoor: for offices, private households,...; for low speed (stationary / up to
10 km/h) max. data rates up to 2 Mbit/s are theoretically possible.
Zone 2 Urban: for city, shopping malls, railway stations, subways, airport halls for
low speed (stationary / up to 10 km/h) max. data rates up to 2 Mbit/s are
theoretically possible.
Zone 3 Suburban/Rural: For wide range mobility (car, train) with higher / high
speeds (up to 120 / 500 km/h), 384 kbit/s 144 kbit/s should be possible. (Remark:
for UMTS only the lower speed value is currently planed)
Zone 4 Global: For rural, thinly populated areas with low user densities. All speeds
from stationary (individual buildings, measuring stations), to intermediate speeds
(car, train, ship), to 1000 km/h (airplanes). Mobile satellite systems (e.g.
INMARSAT: Horizons) which ensure up to 144 kbit/s are planned for servicing.
For IMT-2000 the frequency ranges from 1885 - 2025 MHz and from 2110 - 2200
MHz should be reserved (requested by ITU).
UMTS uses in Europe the frequency ranges of 1900 - 1980 MHz, 2010 - 2025 MHz
and 2110 - 2170 MHz.
The frequency ranges of 1980 - 2010 MHz and 2170 - 2200 MHz are reserved for 3G
MSS.
43
Siemens
Introduction
MSS
144 kbit/s
cellular
2010
2170
MSS
1885
cellular
2110
2025
1 9 0 0
1 9 5 0
2 0 0 0
max.
data rate
2048 kbit/s
384 kbit/s
144 kbit/s
1980
1 8 5 0
Micro
Cell
Zone 1:
Indoor
Pico
Cell
2 0 5 0
2 1 0 0
MSS
2200
2 1 5 0
2 2 0 0
2 2 5 0
Fig. 26
44
Chapter 2
Transmission Principles
Transmission Principles
Transmission Principles
Contents
1
2
3
4
2
14
21
25
Siemens
Transmission Principles
Transmission Principles
Siemens
Base Station Subsystem BSS: The BSS is the fixed network part of the PLMN
radio access (Radio SubSystem RSS). It realizes the radio transmission via the
radio interface. Several fixed radio station, so-called Base Stations BS are coordinated by one control unit.
Network Switching Subsystem NSS: The NSS forms the interface between the
radio subsystem and the public fixed networks (PSTN, ISDN, PDN). It executes all
signaling functions for setting up connections from and to mobile subscribers. It is
similar to the exchanges of fixed network communication systems, but it
furthermore fulfils important mobile communication specific functions, e.g. keeping
track of the users / mobile stations location.
Siemens
Transmission Principles
PLMN
Mobile
terminal device
Um
Fixed
network
Air Interface
PSTN
BSS
Public Switched
Telephone Network
Base Station
Subsystem
NSS
BSS
MS
Base Station
Subsystem
Mobile
Station
Network Switching
Subsystem
control/switching of
mobile services
BSS
Base Station
Subsystem
Mobile
components
ISDN
Integrated Services
Digital Network
PDN
Public Data
Network
Fixed network
components
Fig. 2
Transmission Principles
Siemens
Mobile Components
Mobile components are the Mobile Stations MS which transmit the users speech and
data to the PLMN. The Mobile Station MS consist of:
l
ME:
Mobile Equipment,
SIM:
The MS is not necessarily the termination point for the users data transmission. A
Terminal Equipment TE, e.g. laptop, fax machine,... can be connected to the MS for
final data handling.
The Mobile Station MS
An important difference between fixed network communications and mobile
communications is the separation of equipment and subscriber identity. It is possible
for the mobile subscriber to use various mobile terminal equipment with a personal
identity by means of the SIM card, which includes his subscriber identity. The mobile
station is defined as: MS = ME + SIM.
The SIM card is allocated and activated by the provider upon completion of the
contract. It is realized by means of a chip which contains a variety of permanent and
temporary information for the subscriber (e.g. personal telephone register) and about
him/her. Along with the personal (secret) ID numbers (IMSI - International Mobile
Subscriber Identity, TMSI - Temporary Mobile Subscriber Identity) these stored
information are for example algorithms and keys for ciphering the transmission.
The PIN (Personal Identity Number) is important for the subscriber; it must be
entered by the mobile subscriber before the start of the conversation in order to
prevent fraud by unauthorized intruders. As a rule, calls cannot be made without a
SIM card in the ME and without the PIN being entered. Emergency calls are an
exception.
Siemens
Transmission Principles
Mobile Components
MS = ME + SIM
SIM
Subscriber Identification Module
Fig. 3
Transmission Principles
Siemens
The successive digital systems of the second generation, and therefore GSM
systems, are structured as cellular communication systems in the same way as the
analogue systems.
Principle of the Cellular Communication System
PLMNs operating on a national level are divided by location into servicing areas, socalled cells, in which a Base Transceiver Station BTS supplies the mobile subscribers
of the area concerned. The cells represent the smallest service area in the PLMN
network.
A variety of cells ensures service of the total PLMN service area. The cells are
theoretically arranged in a so-called honeycomb pattern. Adaptations to the
population/ traffic density and the topography of the service area lead to a more
irregular pattern.
The service areas of the individual cells partially overlap. In order to avoid
interference of different subscribers in surrounding cells the cell structure is
organized according to the principle of cellular systems, frequency re-use. The
narrow available frequency range is divided into individual frequencies (channels).
Only some of these channels are used in a certain cell, the remaining channels are
used in the adjacent cells. The same frequency is used again in cells which are
sufficiently far apart from each other to avoid interchannel interference. This means
that any area can be covered and thus an enormous increase in network capacity
can be achieved with a small supply of channel frequencies.
Siemens
Transmission Principles
Principle:
The Cellular
Network
channels
x,y,z
channels
u, v, w
~4r
channels
x,y,z
Principle:
Many cells (BTS)
Full coverage
Partial overlap of cells
Distribution of frequency resources
Only a few frequencies per cell
Frequency re-use
Solution:
r = cell radius
(cell parameter)
re-use distance
for HF channel frequency
cell,
radio cell
re-use distance
for
HF channel frequency
Fig. 4
Transmission Principles
Siemens
Cluster
A certain minimum distance must be maintained between cells using the same
frequencies in order to prevent interference or at least keep it to a bare minimum.
This minimum distance, the so-called frequency re-use distance, depends on the
concrete network planning and corresponds to approximately 4 times the cell radius.
On this principle, the available channels can be divided e.g. into 7 parts and
distributed over the PLMN area in such a way that each cell contains one of these 7
sets of frequency channels. The minimum area in which the whole range of HF
channels is used is described as a cluster. Planning a concrete network implies that
the population/traffic density, the topography of the area to be supplied, etc. must be
taken into account. This network planning is an extremely difficult process; there is
special network planning software for this purpose.
Fig. 5
Transmission Principles
Siemens
The range of the MS radio contact (MS output peak power); topography (e.g.
mountains, buildings, vegetation etc) and climate play a role here.
Traffic density
Macro-Cell: The "normal" cells are called Macro Cells. They have ranges from
approximately one km to several (extended cell concept: 100 km).
Micro Cell: Cells for the support of restricted areas with very high mobile user
density, e.g. shopping malls, railway and subway stations, airport terminals. Their
radius ranges from some 100 meters to approximately 1 km.
Pico Cell: Cells for the support of indoor applications, e.g. offices. Their range
should be several 10m.
Omni Cells: The BTS is equipped with omni-directional antennae and serves a
360 angle.
Sector Cells: The BTS supplies the cells with directional antennae. The cell shape
is a circular segment. Sectors of e.g. 180 or 120 are covered.
10
Siemens
Transmission Principles
GSM900
35 km
(100 km)
omni cell
360
(extended cell)
GSM1800
cell 2
8 km
180
sector cells
180
cell 1
180
120 120
120
sector cells
cell 3
120
cell 1
cell 2
Fig. 6
11
Transmission Principles
Siemens
12
Siemens
Transmission Principles
MS
BS
Handover
BS
Location Update:
Location Area: most precise location information
stored in the network
Location Registration: initial registration
Location Update: update of registration
Fig. 7
13
Siemens
Transmission Principles
DL
Duplex
transmission
FDD
FDMA
Multiple
Access
TDD
TDMA
CDMA
Duplex Transmission
& Multiple Access
Fig. 8
14
Siemens
Transmission Principles
Time Division Duplex TDD: Transmission and reception take place in the same
frequency band. Uplink UL and Downlink DL transmission take place at different
times. There is fast switching between UL and DL transmission, so that the user
has the impression of simultaneous transmission and reception.
FDD
Frequency
Division Duplex
Uplink UL
Duplex distance
Downlink DL
UL / DL
separated by
frequency !
Base Station BS
Mobile Station MS
frequency f
T
TDD
Time
Division
Duplex
MS
transmit
UL
BS
receive
receive
DL
transmit
transmit
UL
receive
receive
DL
transmit
Same
frequency
UL / DL
separated by
time!
time t
Fig. 9
15
Siemens
Transmission Principles
Co-ordination
of limited frequency resources
for different subscribers
Multiplex Access
FDMA
CDMA
Frequency Division
Multiple Access
Code Division
Multiple Access
TDMA
Time Division
Multiple Access
Fig. 10
16
Siemens
Transmission Principles
power
P
FDMA
time t
P
time t
TDMA
TS 3
TS 2
TS 1
1
frequency f
frequency f
power
P
time t
CDMA
Multiple
method
FDMA
TDMA
CDMA
3
2
1
BS & MS share
knowledge about
Frequency
Time
PN code
frequency f
Fig. 11
17
Transmission Principles
Siemens
FDMA in GSM
In the GSM system, a band width of 200 kHz is defined for one frequency band.
These HF channel widths are perfectly suited to the demands for speech
transmission.
Allocation to (E-) GSM900, GSM-R, GSM1800 and GSM1900 is as follows:
l
GSM900: (880) 890 - 915 MHz; 925 (935) - 960 MHz; 124 (174) channel pairs ;
with a duplex distance of 45 MHz
GSM-R: 876 - 880 MHz; 921 - 925 MHz; 19 channel pairs; with a duplex distance
of 45 MHz
GSM1800:1710 - 1785 MHz; 1805 - 1880 MHz; 374 channel pairs; with a duplex
distance of 95 MHz
GSM1900: 1850 - 1910 MHz; 1930 - 1990 MHz; common use along with other
standards (e.g. IS-95; D-AMPS); with a duplex distance of 80 MHz
In GSM for DL the higher and for UL the lower frequency range is used in general.
Remark: In co-ordination with the frequency plan regulation, there is a 200 kHz
protective band inserted between the lower limit frequency and the first carrier of
every sub-band, i.e. the corresponding channels are not used. This protective band
known as the "guard band" is an accepted, virtually "unavoidable loss" for preventing
interference between different applications in the totally filled frequency range.
18
Siemens
Transmission Principles
FDMA in GSM
GSM900 / 1800 Frequency Allocation
(880) 890 MHz
1710 MHz
915 MHz
1785 MHz
UPLINK (UL)
960 MHz
1880 MHz
GSM900
GSM1800
DOWNLINK (DL)
Transmit band
of the Base Station
Transmit band
of the Mobile Station
25 (35) MHz
75 MHz
Guard band
C
124
(174)
374
C C C
1 2 3
200 kHz
C C C
1' 2' 3'
C
124'
(174')
374'
Fig. 12
19
Siemens
Transmission Principles
TDMA in GSM
Each of the 200 kHz frequency bands is further sub-divided by TDMA into 8 so called
Time Slots TS. This produces 8 physical channels within one frequency band. In
GSM a physical channel is thus defined by a determined frequency channel Uplink
UL and Downlink DL and a determined time slot TS
In the GSM system, up to 8 (with half-rate transmission even 16) calls can be
transmitted "simultaneously" on one frequency band.
A sequence of 8 time slots TS in one radio channel is referred to as a TDMA frame. A
TDMA frame has a duration of 4.615 ms, an individual time slot a duration of approx.
0.577 ms. The users data are transmitted virtually "piece by piece" on one specific
time slot every TDMA frame.
FDMA
GSM:
combined
FDMA/TDMA
1TS
1TS==577
577ms
ms
11TDMA
TDMAframe
frame==
88TS
TS==4.615
4.615ms
ms
TDMA
frame
7
5
4
3
0
200 kHz
time
frequency
Fig. 13
20
Siemens
Transmission Principles
speech band 1
1011
Multiplexer
band
3
speech band 2
common line
1100
PCM
Pulse Code
Modulation
speech band 3
21
Transmission Principles
Siemens
22
Siemens
Transmission Principles
signal 1
time slot
0 1 0 0 1 1 0 1
signal 2
Fig. 15
23
Siemens
Transmission Principles
PCM30
PCM30 transmission systems use digital transmission lines or radio relay. A PCM30
frame consists of 32 time multiplexed time slots.
The 32 time slots can contain pulse code modulated message information (speech,
data) or signaling information in the form of 8-bit words.
The total bit rate of a PCM30 line is 2048 kbit/s
l
Time slot 0: alternately frame identification word and service word (alarms)
telephone channels 1 - 15
frame alignment/
service word channel
telephone channels 17 - 31
signaling channel
PCM30
PCM30
pulse frame
pulse frame
pulse frame
Fig. 16
24
Siemens
Transmission Principles
mobility
Limits:
cell
national
2nd generation
incl. satellite roaming
GSM (Ph1/2)
(GSM Ph2+)
GSM service area
unlimited
25
Transmission Principles
Siemens
Cost Aspect: Problem - The need to built up a new network architecture with
thousands of BTS. But: Compared with the costs for a fixed network ISDN / PSTN
infrastructure, a GSM PLMN is comparable cheap, because there is no need for
millions of lines into every private household.
Data Rate: GSM (Phase 1/2) offers a maximum 9.6 kbit/s, compared to the 64
kbit/s of ISDN. Introduction of HSCSD, GPRS and EDGE enhances the GSM data
rates significantly.
Security Aspect: The radio interface can be intercepted with comparatively little
technical expenditure. 1G could be intercepted without any problem, while the
digital transmission of the second generation offers protective measures against
interception; the transmission is coded.
Health Aspect: The mobile radio frequencies lie near the resonance frequency of
water (2.45 GHz). In order to keep thermal exposure to the mobile radio user as
low as possible there are maximum power limitations for mobile phones, 2 W for
GSM900 and 1 W for GSM1800.
26
Siemens
Transmission Principles
Capacity:
Security Aspect:
Health Aspect:
Construction of mobile
communication network
cheaper than terrestrial network
GSM900 / E-GSM: 124 / 174 frequency bands
GSM1800: 374 frequency bands
increasing subscriber numbers, data transmission
Resource optimization / protection !!!
Fig. 18
27
Transmission Principles
Siemens
Screening: If there are hindrances between transmitter and receiver, the signals
will weaken. A connection can thus become problematic or impossible. In GSM
there is therefore the possibility of regulation of the transmitting power (Power
Control - PC) from mobile and base stations over several orders of magnitude.
Interference with external systems: The receive quality can also be disturbed by
electromagnetic waves from outside systems (e.g. car ignition, generators, PCs).
A compensation is being tried out by means of the mechanisms described under
multipath propagation.
28
Siemens
Transmission Principles
transmitted signal
Screening
Multipath propagation
Distance MS-BS
MS speed
External system interference
received
signals
signal to
antenna
Mobility
( redundancy)
Fig. 19
29
Transmission Principles
Siemens
Additional Frequency Ranges: The simplest way to cope with the growing
demand for mobile communications is to expand the available frequency range.
This approach was pursued with E-GSM and GSM1800. Any further future
expansion would be problematic as other frequency ranges are already reserved
for other applications.
Cell Size Reduction/Coverage: The most important measure for increasing the
capacity of GSM networks lies in a reduction of the cell size. The resources of a
radio cell are available to a small geographical area through the reduction of the
cell radius or through the limitation of the cell coverage (sector cell). By doing so,
the density of mobile communication subscribers and consequently the system
capacity can be considerably increased. By halving the cell radius, its capacity is
increased by a factor of four. Nevertheless the size of a (normal = macro) cell can
not be reduced indiscriminately. Hierarchical Cell Concepts (Rec. 05.22) with
macro, micro and pico cells are significantly enhancing efficiency.
OACSU (Off Air Call Set Up): Traffic channels are allocated only after a successfull call setup, that is after the called subscriber (delayed allocation). The OACSU
procedure thus serves to improve the frequency efficiency; it can be used for
overload handling.
Tariffs: Introduction of day- & night time tariffs can help to level down peak loads.
Discontinuous Transmission DTX: For a conversation, this will mean that just
speech phases are transmitted. Background noise, or so called comfort noise is
transmitted with a greatly reduced bitrate (500 bit/s instead of 13 kbit/s as with
speech phase) in phases in which a subscriber is silent. The other subscriber
should thus not worry that connection has been broken off. In order to make
discontinuous transmission possible, the presence of "useful" information for
transmission must be determined by means of Voice Activity Detection VAD. DTX
aspects are included in GSM-Rec.06.31 and 06.41, VAD aspects in Rec. 06.32
and 06.42.
30
Siemens
Transmission Principles
GSM900:
2 x 25 MHz
E-GSM:
2 x 35 MHz
Speech compression:
GSM1800
2 x 75 MHz
Cell size
reduction:
(Radius reduction
and sectorization)
35 / 8 km
FR:
HR:
13 kbit/s
5.6
kbit/s
Full Rate
speech
Half Rate
speech
500 m
omnicell
180 / 120
sector cell
31
Siemens
Transmission Principles
Security Aspect: Digital information can be ciphered much more easily than
analog information. Transmission via radio interface is protected from fraud and
unauthorized interception in GSM by the ciphering the digital user data (speech,
data) and signaling data.
Input data
(plain text)
ENCRYPTION
MODULE
Output data
(coded text)
Fig. 21
32
Siemens
Transmission Principles
Transmission Quality: Signal transmission via radio interface leads to considerable distortions and weakening of the transmitted signals. Digital signals are
fundamentally less susceptible to interference than analog signals and are better
suited to regeneration. Analog speech connections become increasingly worse
with increasing distance from the transmitter until they eventually disconnect.
Digital transmissions on the other hand maintain a constant good quality over a
long distance and then disconnect almost suddenly.
distance to transmitter
analog signal
digital signal
Fig. 22
33
Transmission Principles
Siemens
34
Siemens
Transmission Principles
Channel Coding
Um
Addition of:
parity
and filler
bits
Convolutional
coding
redundancy
Interleaving
temporal
spreading
transmission side
De-interleaving
Convolutional
decoding
Parity
check
reception side
Fig. 23
35
Transmission Principles
Siemens
Half Rate HR Speech Codec compresses speech information from 64 kbit/s to 5.6
kbit/s. The gross data rate after adding redundancy is 11.4 kbit/s. The connections
of two Half Rate speech using subscribers can be realized in one physical channel
together, with a gross data rate of 22.8 kbit/s.
Models for speech generation are generally used for speech coding. Periodically returning elements of speech are identified as phonemata; redundancy is removed
from the speech information. Even the attributes of hearing, especially the spectral
covering effect, are taken into account in different ways.
More efficient speech recognition mechanisms are of use for the HR introduced in
GSM Phase 2 and EFR introduced in Phase 2+. The HR codec delivers a somewhat
lower speech quality in comparison to the FR codec if transmission is undisturbed. It
is more robust against radio specific disturbances owing to the relatively strong error
protection. The EFR codec offers a significant increase in quality in comparison to the
FR codec. It sounds more natural and "smoother" according to subjective test results.
36
Siemens
Transmission Principles
GSM Ph1;
13 kbit/s
Enhanced Full Rate (EFR) Codec
GSM Ph2+;
12.2 kbit/s
Half Rate (HR)
Codec; GSM Ph2;
5.6 kbit/s
Redundancy
5.8 kbit/s
HR & EFR:
improved, acoustically optimized
speech coding
Fig. 24
37
Chapter 3
GSM PLMN
GSM PLMN
GSM PLMN
Contents
1
2
Overview
Network Elements
2
7
Siemens
GSM PLMN
Overview
GSM-PLMN
RSS
PLMN
Public Land Mobile Network
Radio
SubSystem
fixed
network
PSTN
Public Switched
Telephone Network
ISDN
MS
Mobile
Station
BSS
NSS
Base Station
Subsystem
Network Switching
Subsystem
Integrated Services
Digital Network
PDN
OSS
Public Data
Network
Operation SubSystem
Overview
Fig. 1
GSM
PLMN
Siemens
GSM Siemens
PLMN
Network Elements
The subsystems functions are grouped into functional units or network elements.
Functional units may be realized either as standalone Hardware HW units or
associated with other GSM functional units in one HW unit.
The Radio SubSystem RSS consists of the Mobile Stations MS and the Base
Station Subsystem BSS, which is composed of the following functional units:
l
Authentication Center AC
Operation & Maintenance Center for the Base Station Subsystem OMC-B
Siemens
GSM PLMN
GSM-PLMN
Radio
SubSystem
RSS =
Mobile
Station
MS
Base Station
+ Subsystem
BSS
BTS
BSC
OMC- B
MS =
ME + SIM
Network
Switching
Subsystem
NSS
AC
T
R
A
U
HLR
other
networks
EIR
VLR
PSTN
MSC
ISDN
OMC- S
Data
Networks
Fig. 2
GSM PLMN
Siemens
GSM Siemens
PLMN
Interfaces
The individual network elements are connected to each other for user data and/or
signaling transfer. Some of the interfaces are specified by ETSI as open interfaces,
allowing to connect equipment of different network manufacturer. Others are not
specified or "weakly" specified, so that only proprietary solutions are possible.
The following GSM Phase 1/2 interfaces are open interfaces:
l
B: MSC - VLR
C: MSC - HLR
D: HLR - VLR
E: MSC - MSC
F: MSC - EIR
G: VLR - VLR.
O: BSC - OMC-B
Siemens
GSM PLMN
other networks
MSC/xxx interworking interface
AC
Um
MS
A bis
A sub
TRAU
BTS
not specified
BSC
LMT
LMT
LMT
HLR
MSC
B
VLR
MSC
F
EIR
VLR
OMC - B
Fig. 3
Siemens
GSM PLMN
Network Elements
GSM-PLMN
PLMN
RSS
Radio
SubSystem
fixed
network
PSTN
Public Switched
Telephone Network
ISDN
MS
Mobile
Station
BSS
Base Station
Subsystem
NSS
Network Switching
Subsystem
Integrated Services
Digital Network
PDN
Public Data
Network
OSS
Operation SubSystem
Network Elements
Fig. 4
GSM PLMN
Siemens
GSM Siemens
PLMN
Siemens
GSM PLMN
ME:
MSISDN: Mobile Subscriber ISDN no.
IMSI: International Mobile Subscriber Identity
TMSI: Temporary Mobile Subscriber Identity
PIN: Personal Identity Number
Ki: individual key
Kc: cipher key
Mobile Equipment
Hardware & Software
for radio transmission
Cipher algorithm
Fig. 5
GSM Siemens
PLMN
GSM
PLMN
Siemens
block diagram
reverse speech
conversion
speech
conversion
security check
de-interleaving
reformation
securing
interleaving
burst block formation
ciphering
de-ciphering
filtering
amplification
de-modulation
HF generation
modulation
amplification
Mobile Equipment ME
Subscriber Identity Module SIM
Fig. 6
10
GSM Siemens
PLMN
GSM PLMN
Siemens
BSC:
BTS:
TRAU:
LMT:
The BSS architecture shall be selected to achieve maximum flexibility with regards to
the various operator requirements. All BSS components can be installed in the same
geographical location or in different locations where the transmission paths can be
used via public networks. The ability of the BSC to manage several BTSs in different
cell locations enables optimal adaptability to the traffic requirements in urban and
rural areas.
In terms of function, the main task of the BSC is the handling of the call connections
(switching), sampling of operational/maintenance information of all BSS (BSC, BTSs
and TRAUs), as well as their transfer to OMC-B. The BTS handles the radio specific
aspects.
BTS
TRAU
BSC
MSC
TRAU
LMT
BTS
OMC-B
Fig. 7
11
GSM Siemens
PLMN
GSM
PLMN
Siemens
evaluation of signaling information from MSC via TRAU and MS via BTS
back-up storage of the total BSS Software for fast system restart
Asub
Abis
TRAU
BSC
BSS
BSScontrol
control
Switched
Switchedbetween
betweenTRAU
TRAU
BTS
BTS
Radio
Resource
Management
Radio Resource Management
Collecting
Collectingerror
errormessages
messagesininBSS
BSS
Contact
to
OMC-B
Contact to OMC-B
Database
Databasestorage,
storage,SW
SWofofBSS
BSS
BTS
BTS
OMC- B
Fig. 8
12
GSM PLMN
Siemens
GSM Siemens
PLMN
Ciphering: After channel coding, the transmission of message information and the
subscriber data is coded to prevent illegal interception.
Modulation: The carrier frequency is created in the 900/1800/1900 MHz range and
the information is modulated upon this carrier.
Power Control PC: Control of the power level of the BTS and MS.
Timing Advance TA: Calculation of the distance of the MSs from the BTS; the MSs
are informed of necessary transmission advance.
13
Siemens
GSM PLMN
Abis
parity
bits
convolutional
coding
interleaving
channel coding
Um
max. 16 carrier/cell
ciphering
+
burst blocks
formation
HF generation
burst
multiplexing
modulation
Frequency hopping
Synchronization
(time and frequency)
Monitoring & optimization
of transmission quality
Power Control PC
Timing Advance TA
transmit
modulation
receive
Fig. 9
14
GSM
PLMN
Siemens
GSM Siemens
PLMN
Rate Adaptation RA filters out the useful data (0.3 9.6 kbit/s in Phase 1/2)
coming from the MSC (64 kbit/s) signal and forms a 16 kbit/s signal toward the
BSC
The user data are sub-multiplexed into 16 kbit/s subslots on the Asub interface
Remarks:
l
The TRAU is logically allocated to the BSC. Consequently, it belongs to the Base
Station Subsystem (BSS), but is generally installed at the MSC node in order to
keep line costs to a minimum.
The users information (data / speech) is embedded into 16 kbit/s channels. The
additional space is filled with proprietary inband-signaling (i.e. information, which
are directly exchanged between BTS and TRAU)
15
Siemens
GSM PLMN
TRAU
Transcoding & Rate Adaptation Unit
TRAU
B
S
C
A sub
64 64
16
64
64
64
64 kbit/s
16
64
64
64
64 kbit/s
16
64
64
64
64 kbit/s
16
64
64
64
64 kbit/s
M
S
C
64 64 kbit/s
16 16 16 16
submultiplexer
speech
speechcompression:
compression:
data
transmission:
data transmission:
signaling:
signaling:
64kbit/s
64kbit/s
13
13or
or5.6
5.6kbit/s
kbit/s++inband
inbandsignaling
signaling
"64
kbit/s"
0.3
9.6
kbit/s
+
inband
"64 kbit/s" 0.3 - 9.6 kbit/s + inbandsignaling
signaling
transparent
transparent
Fig. 10
16
GSM PLMN
Siemens
GSM Siemens
PLMN
17
Siemens
GSM PLMN
NSS
other
MSC/VLRs
AC
Network &
Switching
Subsystem
Authentication Center
EIR
HLR
Equipment Identity
Register
Home Location
Register
VLR
Visitor Location
Register
MSC
other
networks
Mobile services
Switching Center
Fig. 11
18
GSM PLMN
Siemens
GSM Siemens
PLMN
Digit translation
Legal interception
Call supervision
Overload protection
Charging
Support of maintenance and administration functions, e.g. connection cut off, trunk
test and measurement
19
Siemens
GSM PLMN
MSC
Mobile services
Switching Center
NSS
NSSheart
heart&¢er
center
Nodes
Nodesbetween
betweenNSS
NSSregisters,
registers,BSS,
BSS,
other
MSCs
and
external
other MSCs and externalnetworks
networks
Serves
Servesseveral
severalBSS
BSS(BSC)
(BSC)
Set-up
&
switching
Set-up & switchingofofuser
usertraffic
traffic&&signaling
signaling
Always
associated
with
VLR
Always associated with VLR
Association
Associationwith
withHLR/AC
HLR/ACand
andEIR
EIRpossible
possible
Gateway
MSC:
Gateway
to
external
Gateway MSC: Gateway to externalnetworks
networks
Visited
VisitedMSC:
MSC:MSC
MSCserving
servingcertain
certainMS
MS
Fig. 12
20
GSM Siemens
PLMN
GSM
PLMN
Siemens
...
MSC
Mobile services
Switching Center
Fig. 13
21
GSM
PLMN
Siemens
GSM Siemens
PLMN
....
22
Siemens
GSM PLMN
MSC
Mobile services
Switching Center
VLR
Visitor Location Register
Tasks:
Subscriber management in MSC area
Associated with MSC
Authentication co-ordination
commands start of ciphering
Subscriber data:
Subscriber data from HLR (MSISDN, IMSI,
services (BS, TS, SS), service restrictions,..)
Temporary subscriber information (LMSI, TMSI, LAI,
IMSI attach/detach, MSRN, HON, triples,...)
Entries valid until re-registration in another VLR!
Fig. 14
23
GSM PLMN
Siemens
GSM Siemens
PLMN
It supports the call setup in case of Mobile Terminating Calls MTC by sending
routing information to the Gateway MSC (Interrogation).
Bearer Services BS
Tele Services TS
Supplementary Services SS
Restrictions
VLR address
SMS flags
24
Siemens
GSM PLMN
AC
Authentication Center
Tasks:
Security data storage (Ki)
Generation of triples (VLR request)
Associated with HLR
Data / algorithms:
Ki, IMSI, A3, A8
HLR
Home Location Register
Tasks:
Central storage/management of subscriber data
Delivery of data to VLR
Routing information at MTC
Associated with AC
Subscriber data:
Semipermanent data: MSISDN, IMSI,
services (BS, TS & SS), service restrictions,...
Temporary subscriber information: VLR address,
LMSI, MSRN, SMS flags,...
Fig. 15
25
GSM PLMN
Siemens
GSM Siemens
PLMN
Authentication Center AC
An Authentication Center AC contains all necessary means, keys and algorithms for
the creation of security related authorization parameters, the so-called Triples. The
Triples are created on VLR request and delivered via HLR to the VLR. An AC is
always associated with an HLR.
Central information contained in the AC are:
l
26
Siemens
GSM PLMN
CEIR
Common EIR
site: Dublin
Tasks:
Central, worldwide ME register
Worldwide ME theft prevention
EIR
Equipment Identity Register
Tasks:
Storage of ME data (IMEI)
Monitoring of IMEI: "white", "gray", "black" list
ME data:
IMEI = International Mobile Equipment Identity
= Type Approval Code TAC
+ Final Assembly Code FAC (manufacture site)
+ Serial Number SNR (device serial number)
+ Software Version Number SVR
Fig. 16
27
GSM PLMN
Siemens
GSM Siemens
PLMN
HLR Extension
GPRS MS
Routing / Traffic-Management
Gateway to PDNs
Protocol conversion
Screening / Filtering
protocol conversion
The Channel Codec Unit CCU enables to transmit using the new Coding Schemes
CS-1, CS-2, CS-3 and CS-4.
The HLR has to be extended to include the new type of GPRS subscriber data.
28
Siemens
GSM PLMN
Mobile
DTE
CCU
VMSC /
VLR
BSS
HLR
PCU
Gb
extension
Gr
SGSN
Packet Control Unit PCU:
protocol conversion
radio resource management
PSTN
ISDN
GMSC
GGSN
Gn
Serving GPRS
Support Node
Gi
Gateway GPRS
Support Node
SGSN:
GGSN:
Gateway to PDNs
Protocol conversion
Routing / Traffic Management
Screening / Filtering
Internet
Intranet
X.25
Fig. 17
29
GSM
PLMN
Siemens
GSM Siemens
PLMN
Security management
Network configuration
Quality checks
30
Siemens
GSM PLMN
OSS
Operation SubSystem
EIR
MSC/VLR
HLR/
AC
NSS
OMC
MSC/VLR
WS
TRAU
BSC
BSS
BTS
Fig. 18
31
GSM Siemens
PLMN
GSM PLMN
Siemens
OSS
Telecommunication
Management System
according to
TMN
Operating systems
national
OMCs,
administration, billing,
network management system,..
regional
OMCs
Fig. 19
32
Chapter 4
Procedures
Procedures
Procedures
Contents
1
2
3
4
2
8
19
24
Siemens
Procedures
MCC
MNC
LAC
CI
LAI
IMSI
MCC
HLR-ID
MSISDN
CC
MNC
X1
X2
NDC
MSIN
X3
X4
X5
X6
X7
X8
SN
Procedures
Siemens
Siemens
Procedures
Mobile Country Code MCC: The MCC consists of 3 digits; it is used e.g. for the
International Mobile Subscriber Identity IMSI ,Location Area Identity LAI and Cell
Global Identity CGI.
Country Code CC: The CC is the dialing code of the country in which the mobile
subscriber is registered. The CC consists of 2 or 3 digits and is used e.g. in the
Mobile Subscriber International ISDN number.
Mobile Network Code MNC: The MNC is the mobile specific PLMN identification;
it consists of 2 digits. The MNC is used in IMSI, LAI, CGI.
National Destination Code NDC: NDCs identify the dialing code of a PLMN; it
consist of 3 digits. The NDC is used in MSISDN.
Network Color Code NCC: The NCC is a PLMN discrimination code that is not
unambiguous. It is used as short identity (length: 3 bits) of a particular PLMN in
overlapping PLMN areas or in border regions; it is used e.g. in the Base Station
Identity Code BSIC.
Siemens
Procedures
Hierarchy
of GSM
Service Areas
/ Codes
Service
Area
Codes
International
National
PLMN
1 Operator
MSC / SGSN
MCC:
CC:
MNC:
NDC:
NCC:
LAC:
LAI:
CI:
CGI:
Location Area LA
Cell
Switch
MSC-Identity
LA1
LA2
Fig. 2
Procedures
Siemens
Siemens
Procedures
Location Area Code LAC: The LAC serves to identify a LA within a GSM-PLMN.
The LAC length is 2 bytes.
Location Area Identity LAI = MCC + MNC + LAC; the LAI serves as an
unambiguous international identification of a location area.
Cell Identity CI: The CI allows identification of a cell within a location area. The CI
length is 2 bytes.
Cell Global Identity CGI = MCC + MNC + LAC + CI = LAI + CI; the CGI
represents an international unambiguous identification of a cell.
Base Transceiver Station Identity Code BSIC = NCC + BCC (Base Station Color
Code); The BSIC represents a non-unambiguous short identification (NCC: 3 bit;
BCC: 3 bit) of a cell. The BSIC is emitted at a regular rate by the BTS. It enables
the MS to differentiate between different surrounding cells and to identify the
requested cell in a random access.
Siemens
Procedures
National &
PLMN Codes
Example*:
Germany
CC = 49
MCC = 262
D1
NDC = 171
MNC = 01
Telekom
D2
Subscriber Identities
Mannesmann
IMSI
International Mobile Subscriber Identity
MCC
HLR-ID
MSIN
MNC
X1
X2
NDC = 172
MNC = 02
Eplus
X3
X4
X5
X6
X7
X8
NDC = 177
MNC = 03
E2
MSISDN
Viag Intercom
CC
NDC
NDC = 178
MNC = 04
SN
Subscriber Number
Fig. 3
Siemens
Procedures
Subscriber Identities:
l
Temporary Mobile Subscriber Identity TMSI: The TMSI is generated by the VLR
and temporarily allocated to one MS. It is only valid in this MSC/VLR service.
When changing to a new MSC area, a new TMSI has to be allocated. The TMSI
consists of a TMSI Code TIC with length 4 bytes. Often the TMSI is used together
with the LAI.
Principle:
MSC, Location
& Cell Area
MSC / VLR
MSC / VLR
MSC / VLR
Identifier:
MSC / VLR - Identity
LAI = MCC + MNC + LAC
CGI = LAI + CI
MCC
MNC
LAC
LA
Cell
LA
Cell
MSC / VLR
LA
MSC / VLR
CI
LA
LA
LAI
Fig. 4
Siemens
Procedures
Security Features:
Authentication
Ciphering
TMSI allocation
IMEI check
Siemens
Procedures
Procedures
Siemens
Security Features
In GSM the security of a mobile subscriber is ensured by several features.
l
02.09:
Security Aspects"
02.17:
03.20:
03.21:
Ki (Individual Key)
A3, A8: Algorithms for the creation of authentication and ciphering parameters
Furthermore, for ciphering the algorithm A5 is stored in the Mobile Equipment. This
algorithm can be found in the BTS, too.
Siemens
Procedures
MSC / VLR
IMEI
NSS
BTS
ME
IMSI
Ki
A3, A8
EIR
HLR
IMEI
A5
Prerequisites
for Authentication
& Ciphering
AC
BSS
SIM
Fig. 6
10
Siemens
Procedures
Triples
The triples are parameters, which are necessary for authentication and ciphering.
They are produced in the Authentication Center AC and consist of:
l
For the subscriber with a particular IMSI the reference value of authentication
SRES is calculated by the algorithm A3 from the users individual key Ki and the
random number RAND produced by a random number generator.
The cipher key Kc is calculated by the algorithm A8 from the individual key Ki and
the random number RAND.
At the request of the VLR, several triples are generated for each mobile subscriber in
the AC and transferred to the VLR via the HLR on request.
Remark: The individual key Ki is only stored in the AC and the SIM card. Different to
the IMSI and the triples, it is never transmitted through the network. For all signaling
procedures the users IMSI is used.
Triples
Calculation
A8(Ki, RAND) = Kc
Ki
Random
Number
Generator
RAND
RAND
IMSI
Database
Algorithm
A3
Algorithm
A8
SRES
Kc
SRES
Triple
AC
Authentication
Center
Kc
RAND = RANDom number
SRES = Signed RESponse
Kc
= Cipher Key
Fig. 7
11
Procedures
Siemens
Siemens
Procedures
Authentication
The authentication checks the real identity of a user, i.e. his authorization to take
access to the network. Actually it is checked, whether the secret individual Key Ki
stored on the SIM card is identically to the one stored for this user in the
Authentication Center or not. The authentication procedure is or can be initiated by
the VLR in the following cases:
l
IMSI Attach
Location Registration
Authentication Procedure
1. the VLR recognizes the need for an authentication; in the case, that no / no more
Triples are available in the VLR it requests a set of Triples from the HLR
2. the Triples are generated in the AC (see above) and sent via HLR to the VLR
3. the VLR sends the RAND to the MS; the SIM card calculates the SRES using Ki,
A3 and RAND (see above)
4. the MS sends the SRES back to the VLR; the VLR compares the SRES in the
triple with the SRES calculated by the MS; if they coincide, the network access
will be authorized and the general procedure will continue, otherwise
5. the access will be refused and the "Authentication Refused" message will be sent
to the MS
12
Siemens
Procedures
Authentication
MS
Um
with:
Location Registration LR
LUP with VLR change
Call Setup: MOC / MTC / SMS
Activation of connectionless supplementary services
BSS
MSC
VLR
HLR/AC
*1
requests
triples
2
3
3
3
sends RAND
sends SRES
4
5
sends triples
sends
Authentication
refused"
coincidence
check
*2
*1 only if no more Triples
available in VLR
*2 only if coincidence
check negative
Fig. 8
13
Procedures
Siemens
Siemens
Procedures
Ciphering
Ciphering regards the security aspects of the information exchange between the
Mobile Station (MS) and the Base Station (BTS) on the air interface Um. User
information (speech/data) and signaling information are ciphered via air interface Um
(UL & DL). An exception is given by the initial signaling, before the cipher command
is sent from the network side. At initial signaling data exchange ciphering is not
possible, because the users identities are necessary prerequisite for the generation
of ciphering parameters. The cipher command is given after transmission of the user
identity (TMSI / IMSI) and the authentication procedure. Ciphering / Deciphering is
carried out in the BTS and in the MS.
The GSM Recommendation (02.16) of Phase 2 states that up to 8 logically different
encryption algorithms (incl. "no ciphering") should be used. The reason for this is the
intention
a) to assign different algorithms to different countries and
b) to provide MS, which do not use the A5-1 algorithm, with the possibility of
roaming in different GSM-PLMN networks.
Currently 3 algorithms are defined:
l
A5-1: "strict" cipher algorithm (originally MoU algorithm) for MoU-1 countries , A51comes from GB; due to military origin (NATO), high security arrangements are to
be regarded
Remark: A5-0 is implemented in every MS and every BTS to enable access of every
MS in every network. Additionally A5-1 or A5-2 can be implemented.
14
Siemens
Procedures
Ciphering
Prevents eavesdropping in Um
Application in user information and signalling
Exception: initial signalling
MS
Cipher command
BTS
ciphered information
A5
A5
Rec.
Rec.02.16:
02.16:max.
max.88cipher
cipheralgorithms
algorithms
A5-0:
A5-0: no
nociphering;
ciphering;COCOM
COCOMcountries
countries
A5-1:
"strict"
ciphering;
MoU-1
A5-1:
"strict" ciphering; MoU-1countries
countries
A5-2:
"simple"
ciphering;
MoU-2
A5-2:
"simple" ciphering; MoU-2countries
countries(except
(exceptCOCOM)
COCOM)
Fig. 9
15
Siemens
Procedures
Ciphering process
Transmitter/receiver must use the same cipher algorithms.
In order to handle ciphering individually for every user, the individual key Ki (stored in
the SIM card and the AC) is used.
The cipher key Kc is transmitted after ciphering from the VLR to the BTS. The MS is
able to calculate Kc (after receiving RAND in the authentication procedure) by
algorithm A8 from RAND and Ki.
A 114 bit long cipher sequence is calculated using the cipher algorithm A5, the cipher
key Kc and the TDMA frame number (broadcasted cyclically by every BTS over the
cell area).
The speech, data and signaling information are ciphered / deciphered in 114 bit long
sequences being connected in a so-called "eXclusive OR" XOR operation.
Deciphering follows exactly the same scheme as ciphering, as the XOR operation
yields the original values after double application of XOR (using the same cipher
sequence).
To start ciphering, the network sends a cipher start command, which has to be
acknowledged by the MS (being the first ciphered information).
plain text
Ciphering
& Authentication
XOR
0 1 0 0 1 0 1 1 1 0 0 1...
XOR
0 1 1 0 0 1 1 1 0 1 1 1...
0 1 0 0 1 0 1 1 1 0 0 1...
Um
encoded
transmission !
ME:
A5
SIM:
A3, A8,
Ki, IMSI
RAND
BTS:
A5
SRES
SRES
MS
VLR:
RAND, Kc IMSI
Triples
Triples:
RAND,
SRES, Kc
AC:
A3, A8,
IMSI,Ki
BTS
VLR
AC
Authentication:
Ciphering:
Authentication:
A5(Kc,TDMA-No.) = CS
text XOR CS = ciphered text
SRES comparison
Authentication
& ciphering:
Ciphering:
A8(Ki, RAND) = Kc
A5(Kc,TDMA-No.) = CS
text XOR CS = ciphered text
generates RAND
A3(Ki, RAND) = SRES
A8(Ki, RAND) = Kc
CS: cipher sequence
Fig. 10
16
Siemens
Procedures
TMSI Allocation
Ciphering protects the user from being eavesdropped. However, the ciphering with
Kc requires that the network is aware of the identity of the mobile subscriber with
whom it is in contact. Thus, during the initial phase of communication setup, when the
identity of the mobile subscriber is still unknown, the transmitted signaling information
can not be ciphered. During this phase a third party may identify a subscriber and the
desired service.
In order to protect the identity of the subscriber in this phase, a temporary
identification of the subscriber is distributed: the Temporary Mobile Subscriber
Identity TMSI.
The TMSI is used instead of the real user identity, the International Mobile Subscriber
Identity IMSI. This TMSI is allocated by the VLR, which is associated to the VMSC.
The MS usually identifies itself with the TMSI in the initial access phase to the VLR.
The VLR uses this TMSI to re-identify the IMSI. This is only possible if the TMSI has
been allocated by the same VLR. If not, the VLR has to request the VLR, which has
allocated the TMSI to the MS, to deliver the IMSI. Therefore, the TMSI is in most
cases transmitted together with the old LAI, which identifies uniquely a VLR. The
request VLR - VLR is only possible, if both VLR belong to the same PLMN.
Therefore, the IMSI has to be transmitted via Um at the first registration in a new
PLMN and obviously at the very first usage of the SIM card (i.e. in the case of
Location Registrations).
A new TMSI (TMSI re-allocation) can optionally be allocated to the MS after every
authentication & cipher start (and the optional IMEI check).
TMSI
Allocation
sends
MS
TMSI
= LAI + TIC
Network
Networkrequires
requiressubscriber
subscriberId.
Id.for
forcall
callsetup
setup
Id.
necessary
for
triples
calculation
Id. necessary for triples calculation
Start
Startofoftransmission
transmissionofofId.
Id.uncoded
uncoded
TMSI
prevents
eavesdropping
TMSI prevents eavesdroppingofofsubscriber
subscriberId.
Id.(IMSI)
(IMSI)
New
TMSI
with
VLR
change
&
usually
at
call
setup
New TMSI with VLR change & usually at call setup
BSS
MSC
TMSI
Authentication
Ciphering
stores
new
TMSI
new
TMSI
VLR
TMSI
determines
IMSI from
TMSI
IMSI
Triples
HLR/
AC
IMSI
Ki
Triples
assigns
new
TMSI
For
ForLA
LAchange
changewith
withMSC/VLR
MSC/VLRchange:
change:
New
VLR
identifies
old
VLR
by
TMSI
New VLR identifies old VLR by TMSI
Subscriber
Subscriberdata:
data:query
queryofofold
oldVLR
VLR
Fig. 11
17
Siemens
Procedures
IMEI Check
In contrast to the other security mechanism authentication, ciphering and TMSI
allocation, the check of the International Mobile Equipment Identity IMEI is optional. It
depends on the operators decision whether a EIR is implemented and IMEI checks
are done.
IMEI check serves to identify stolen, expired or faulty mobile equipment. A IMEI
clearly identifies a particular mobile device and contains information about the place
of manufacture, type approval code and the serial number of the equipment.
The IMEI consists of: Type Approval Code TAC, Final Assembly Code FAC, Serial
Number SNR and a Software Version Number SVN.
If a IMEI check in the PLMN is intended, the Mobile Station MS will be requested to
submit the IMEI during call setup after authentication and cipher command. The MS
sends back its IMEI. The IMEI is routed to the EIR of the PLMN. A check occurs here
to find out whether the IMEI is registered on the black or gray list, i.e. whether the MS
is blocked from further use of the PLMN, or whether it has to be observed.
IMEI Check
Recognise
Recognisestolen,
stolen,expired
expiredand
andfaulty
faultyMEs
MEs
TAC
Type Approval Code
FAC
24 Bit
MS
ME
identified
by
IMEI
SNR
BSS
authentication
ciphering
IDENT_REQ
IDENT_RSP
SVN
Software Version Number
24 Bit
(spare) 4 Bit
MSC/VLR
EIR
Initiates
authentication
Ciphering
Initiates
IMEI Request
(Identity Request)
Checking
IMEI
(white, grey
or black list)
IMEI
Fig. 12
18
Siemens
Procedures
Location Update
Procedures
request
Location Update
MS
BTS
Location Update
Fig. 13
19
Procedures
Siemens
Siemens
Procedures
The LUP is not performed during the duration of a connection. In this case, the LUP
is performed after call release.
20
Siemens
Procedures
Location
Registration/
Update
LAI =
2620533
request
Location Update
MS
BTS
Fig. 14
21
Siemens
Procedures
BSS
1
MSC
1
VLR
HLR/AC
requests LUP,
LR: IMSI
LUP: TMSI
2
*1
requests triples
3
triples
requests
subscriber data;
sends VLR-Id.
& LMSI
6
7
7
7
sends TMSI =
LAI + TIC
sends data
Fig. 15
22
Siemens
Procedures
Location Update Procedure LUP with VLR change
1. The MS recognizes that the LAI has changed. It requests a LUP, identifying itself
with the TMSI. The request and the identity (TMSI in combination with the old
LAI) are forwarded to the new VLR.
2. The new VLR receives the TMSI and LAI. It recognizes from the LAI, that the
TMSI has been allocated by another VLR (old VLR). Thus, the VLR is not able to
re-identify the IMSI from the TMSI and has no chance to request the subscriber
data from the HLR. Therefor, the new VLR calculates the address of the old VLR
from the LAI and transmits the TMSI to the old VLR and requests it to deliver the
users IMSI. The old VLR delivers the IMSI and the remaining Triples to the new
VLR. Remark: If this step 2 is not possible (e.g. line break between old and new
VLR) the new VLR commands the MS to transmit the IMSI directly.
3. The new VLR uses the IMSI to calculate the users HLR. The new VLR transmit
its identity and LMSI to the HLR and requests the HLR to deliver the subscriber
data and, if necessary, a set of Triples.
4. The HLR stores the new VLRs identity and LMSI, confirms the information,
supplies the subscriber data and, if necessary, the Triples.
5. The HLR informs the old VLR to erase the stored data set of this subscriber.
6. The VLR now starts authentication, ciphering and (optionally) IMEI check.
7. The VLR allocates a new TMSI to the MS.
old
VLR
HLR
AC
3
4
new
VLR
7
MSC
MSC
7
BSS
BSS
Um
LA change
with MSC / VLR change
Fig. 16
23
Siemens
Procedures
MTC
MS is contacted
MMC
MS1 starts network access
MS2 is contacted
MIC
Special case MMC:
both MSs in same MSC area
Call Setup
Fig. 17
24
Procedures
Siemens
Siemens
Procedures
Call Setup
Different procedures are necessary depending on the initiating and terminating party:
l
Mobile Terminating Call MTC: Call setup, where an MS is the called party
Mobile Mobile Call MMC: Call setup between two mobile subscribers; MMC thus
consists of the execution of a MOC and a MTC one after the other.
Mobile Internal Call MIC: a special case of MMC; both MSs are in the same MSC
area, possibly even in the same cell.
25
Siemens
Procedures
BSS
MSC
VLR
Channel Request
sends
subscriber Id.
TMSI (IMSI)
identification +
authentication
request
*1
HLR/AC
3
requests
triples
3
4
triples
5
Setup (Phone No.,..)
6
requests call
information
6
8
Traffic Channel
assignment
7
commands
channel assignment
sends info
9
Setup connection to B-subscriber
Fig. 18
26
Procedures
Siemens
Siemens
Procedures
27
Siemens
Procedures
VMSC
VLR
HLR
GMSC
BTS
3
BTS
MS
sends IMSI
requests MSRN
2
Interrogation:
MSRN request
1
call
request
4
sends MSRN
8
8
Paging
9
Paging Response
10
Paging
6
7
5
connection request
requests data
(LAI, IMSI)
sends data
9
10
10
11
11
11
11
Fig. 19
28
Siemens
Procedures
traffic
channel
VLR
EIR
VMSC
BSC
BTS
VLR
HLR AC
VMSC
BTS
BSC
RSS Radio Subsystem
traffic
channel
BSC
VLR
BTS
VMSC
HLR AC
NSS Network Switching Subsystem
BSC
BTS
RSS Radio Subsystem
Fig. 20
29
Siemens
Procedures
OACSU
Off Air Call Set Up
A- subscriber
call setup:
B- subscriber
signaling
traffic channel
assignment
MS
B-subscriber
answers
BTS
B-subscriber
answers
Not for:
International calls
Data connection
Emergency calls
Fig. 21
30
Procedures
Siemens
Siemens
Procedures
31
Siemens
Procedures
Handover Types
Intra-BSS
Intra-cell
BTS
f 1, TS 1
BTS
BSC
BSC
MSC
f 2, TS 2
Handover
performed
Intra-MSC
Handover
performed
BTS
MSC
Inter-MSC
basic
BSS
MSC - A
MSC - B
MSC
BSS
subsequent
MSC - C
Fig. 22
32
Procedures
Siemens
Siemens
Procedures
Handover Decision
The handover algorithm is based on periodically measurements of MS and BTS
concerning the strength and quality of the received signals. The MS measures quality
and strength of the connection and the strength of the serving BTS and that of the
surrounding BTSs. The BTS measures quality and strength of the connection as well
as the distance MS - BTS (Timing Advance TA).
The result of the MS measurements is transmitted to the BTS. The BTS adds its own
measurements and transmits the data as "Measurement Report" to the BSC.
The BSC has to decide, whether a handover is necessary or not. The decision is
determined by the comparison between the current measured values and the
threshold values. If no threshold values are exceeded, the BSC analyses whether an
other BTS as the current one would enable a better air interface quality. Different
other aspects have to be taken into account, e.g. the current load of the cells.
Furthermore, so-called "Ping-Pong Handover" should be prevented.
If an Inter-cell handover is initiated, the criterion of availability of surrounding cells is
used to set up a list of suitable handover destinations in a declining order of priority.
This list forms the basis for the final handover decision that is carried out by the BSC
(in case of Intra-BSS Handover) or by the MSC (in case of Inter-BSC / -MSC
Handover).
Handover criteria are e.g.:
l
33
Siemens
Procedures
Handover
Decision
BTS
MS
Timing Advance,
Power control
Measurement:
connection quality & strength,
distance measurement (TA)
Measurement:
connection quality & strength:
strength of serving BTS &
surrounding BTSs
Measurement report
Measurement
report
HO
decision
BSC
Evaluation list
(suitable BTSs for HO...)
Initiation of HO type
BSC/
MSC
Handover
Fig. 23
34
Siemens
Procedures
Handover
example
BSC
VLR
cell B
MSC (B)
BTS
MSC (A)
BTS
VLR
BTS
BTS
MSC (B)
BTS
Level:
BTS
BSC
C
BTS
cell A
cell B
cell C
BTS
BTS
1. BSC: HO necessary
2. Parallel connection setup
3. MS changes phys. channel
4. Original connection released
Fig. 24
35
Siemens
Procedures
Emergency Call
The connection set up for the Tele Service "Emergency Call" is similar the that of the
Mobile Originating Call MOC.
The mobile subscriber starts this service either by pressing a SOS key or by dialing
an emergency service number (often: 112).
The setup follows the MOC signaling flow. Differences are:
l
no Authentication is necessary
A short call setup is resulting in this lack of security features. Furthermore, the
Emergency Call should always be possible with any MS, even without a valid SIM
Card.
Emergency calls are treated with precedence. This may also lead to the release of
other existing connections.
The BSS always delivers the location of the emergency call to the MSC. Depending
on this origin, the emergency connection is then transmitted from the MSC to the
regionally responsible Emergency Call Center. The available location information can
be delivered to the Emergency Call Center, too (operator dependent).
Emergency
Call
Emergency Call
Center
SOS
call setup:
without:
Authentification
Ciphering
IMEI check
TMSI-Reallocation
MSC
Direct connection
Supplies location info
Emergency call:
MS
Priority treatment
no security features
fast call setup
usually always possible,
even without valid SIM card
Fig. 25
36
Procedures
Siemens
A Short Message Service Center SM-SC (out of the scope of the GSM Rec.) tries
to transmit the SMS to the requested MS via GMSC.
The GMSC performs an Interrogation to the HLR to get knowledge about the
current VMSC.
The HLR requests the VLR for an MSRN and forwards this to the GMSC.
The GMSC gets into contact with the VMSC and the SMS is delivered to the MS.
Different to the MOC, no Traffic Channel allocation is necessary in case of SMS
transmission. The SMS can be transmitted via Signaling Channel.
The SM-SC tries to transmit the SMS to the requested MS via GMSC.
The GMSC performs an Interrogation to the HLR to get knowledge about the
current VMSC.
The HLR requests the VLR for an MSRN. This is not possible, because the
subscriber is Detached and the VLR stores this information.
In the following, a SMS flag is set in the VLR and in the HLR. Furthermore, the
HLR stores the address of the SMS-SC.
The HLR informs the GMSC that the SMS can not be delivered and the GMSC
rejects the request of the SM-SC. The SMS is still stored in the SM-SC.
Due to the SMS flags, the VLR informs the HLR, that the MS is reachable again.
The HLR requests via GMSC the SM-SC to start the SMS transmission again.
37
Siemens
Procedures
MS
MSDetached
Detached
SMS /
no
noSMS
SMSdelivery
deliverypossible
possible
SMS
SMSstored
storedininSM-SC
SM-SC
flag
flagininVLR
VLR&&HLR
HLR
SMS-SC
IMSI
IMSIAttach
Attach
VLR
VLRinforms
informsHLR
HLR
HLR
requests
HLR requestsSM-SC
SM-SCvia
via
SMS-GMSC
SMS-GMSCtotoretransmit
retransmitSMS
SMS
SM-SC
SMS Service Center
SMSGMSC
HLR
HLR-flag
+ SM-SC Id(s)
VMSC
MS
VLR
VLR-flag
GSM-PLMN
Fig. 26
38
Chapter 5
Radio Interface
Radio Interface
Radio Interface
Contents
1
2
3
Physics of Layer 1
Logic of L1
MOC / MTC
2
14
25
Siemens
Radio Interface
Physics of Layer 1
Radio Interface (Layer 1)
time
Example:
GSM900
TS6
TS5
TDMA
frame
UL
DL
TS4
4.615
ms
TS3
Physical
Physicalchannel
channel(Um)
(Um)
TS2
TS
TS1
577
ms
TS0
890
915
200 kHz
935
Physics of Layer 1
960
Frequency
[MHz]
Fig. 1
Radio
SiemensInterface
Siemens
Radio Interface
Siemens
Radio Interface
The Burst
Power
Useful
Usefulpart
part
Time
28 ms
542,8 ms
28 ms
Fig. 2
Siemens
Radio Interface
Burst: Content
A Time Slot is defined as a duration of 0.577 ms (to be precise: 0.576923 ms). This
duration is divided per definition into 156.25 bit. This means an individual bit has a
duration of 3692.3 ns.
The 156.25 bit are used / defined as follows:
142 bit for the transmission of Information (not only users data / signaling but also
control information necessary for maintenance of the connection)
3 bit as Tail Bits TB for edge limitations of the TS. They are preventing, that useful
information are falling into the flanks of the burst. TB contain no useful information.
They are modulated as content 0.
8.25 bit as Guard Period GP. The GP is not part of the HF transmission. It is used to
compensate run-time effects in the cells. Note: There is one exception of GPs: The
first MS transmissions of the MS toward the network use special bursts (Access
Burst) with an extended GP of 68.25 bit.
Burst: Content
TS = 576 12/13 ms
= 156.25 bit
1 bit = 3.6923 ms
TB
Tail Bits
3 bit
Information
142 bit
TB
GP
3 bit
8.25 bit
HF transmission
Fig. 3
Siemens
Radio Interface
2 x 1 bit as Stealing Flags which inform the receiving side if user data or user
related signaling is transmitted
Now the structure of a TS / burst is explained, the content has been described down
to bit level, but the question is now:
How are the 0 and 1 physically presented on the radio interface?
Normal Burst
55Burst
BurstTypes
Types
with
withdifferent
differentlogical
logicalcontent
content
(discussed
(discussedlater-on)
later-on)
Example:
Normal Burst
156.25 Bit = 576.9 ms
TB
Information-Bits
57
Training
Sequence
26
Information-Bits
57
TB
GP
3 8.25
Bit
142 bit Information
S: Stealing flag
TB: Tail Bits
GP: Guard Period
Fig. 4
Siemens
Radio Interface
Minimum Shift
Keying MSK
1
binary
signal
0
f
frequency
f
T f
T
+
T
+ 180
+ 90
t
phase
- 90
- 180
Fig. 5
Radio
SiemensInterface
Siemens
Radio Interface
Frames
TDMA frames
A single frequency band in TDMA systems is subdivided into several Time Slots TS,
which can be used by different users. In GSM 8 TS form one TDMA frame (4.615
ms), i.e. 8 physical channels are using the same frequency band being cyclically
(every 4.615 ms) allocated to a certain user / application.
So the TDMA frame is a repetition cycle with a duration of 4.615 ms.
The TDMA frames themselves are again part of a repetition cycle of a larger duration.
Certain contains are always repeated after a certain duration. This repetition cycle is
called: Multiframe.
Multiframes
Here a separation has to be done according to the type of information a physical
channel is transmitting. The physical channels can be used to transmit either user
data or signaling.
Multiframes of physical channels allocated for user traffic (Traffic Channels TCH) are
repetition cycles of 26 TDMA frames.
Multiframes of physical channels allocated for signaling data (mostly on one / several
of the TS0 of the carrier of one cell) are repetition cycles of 51 TDMA frames.
Certain logical contents are repeated on certain TDMA frames of the 26 TDMA
frames of the TCH Multiframes or on the 51 TDMA frames of the signaling
Multiframe.
Siemens
Radio Interface
Signaling
Time
MultiFrames
7
6
5
4
3
2
1
0
Frames
User
Traffic
50
49
48
47
46
45
44
43
25
24
23
22
21
20
5
4
3
2
1
0
Frames
Time
6
5
4
3
2
1
TDMA
frame
cyclical
cyclicalrepetition
repetition
of
certain
of certaincontents
contents
RFC
124
FDMA
Frequency
Fig. 6
Siemens
Radio Interface
Example:
TCH Multiframe
T T T T T T T T T T T TAT T T T T T T T T T T T I
26 TDMA frame = 120 ms
T t T t T t T t T t T t A t T t T t T t T t T t T a
2 Half Rate (HR) TCH
T/t = TDMA frame for TCH
A/a = TDMA frame for SACCH/T
I = Idle
Signaling Multiframe
Logic of L1
Fig. 7
10
Siemens
Radio Interface
Radio Interface
Siemens
Time
Structure
1 Superframe =
51 x 26
TDMA frames
6.12 ms
Hyperframe =
2048 Superframes 3h 29 min
e.g. repetition of
frequency hopping
ciphering
0 1 2 3
0
Numbering Period
4950
24
1 TCH Multiframe =
1 Signalling Multiframe =
0 1 2 3
24 25
25
Channel organisation
scheme
Repetition scheme
for TCH / Signaling
0 1 2 3
49 50
1 TDMA frame
= 8 TS = 4,615 ms
BURST = TS content
11
Siemens
Radio Interface
UL/DL shifted by 3 TS
UL
DL
Fig. 9
12
Siemens
Radio Interface
Radio
SiemensInterface
Frequency Hopping
Frequency Hopping
Compensation of
narrow-band interference
stable & reliable transmission
(redundant bits on different TDMA frames)
RFC 1
RFC2
RFC 3
RFC 4
RFC 5
TCH
Fig. 10
frame 0
frame 1
frame 2
frame 3
frame 4
frame 5
13
Siemens
Radio Interface
Logic of L1
Radio Interface (Layer 1)
BCCH
DL
BCH
Broadcast Channel
FCCH
SCH
DL
Signaling
CCCH
Common Control
Channel
PCH
AGCH
UL
RACH
SDCCH
DCCH
Dedicated Control
Channel
UL
+
DL
SACCH
FACCH
Traffic
User Data
TCH/F
UL + DL
TCH/H
Logic of L1
Fig. 11
14
Radio
SiemensInterface
Siemens
Radio Interface
Logical Channels
Different signaling and user data contents determine different Logical Channels in
GSM.
For user data transmission two different Logical Channels are used:
l
TCH/F Traffic Channels, Full rate (FR/EFR speech: 13 / 12.2 kbit/s; data: 9.6
kbit/s)
TCH/H Traffic Channels, Half rate (HR speech: 5.6 kbit/s; data: 4.8/2.4/1.2/0.6/0.3
kbit/s)
For signaling 3 types of Logical Channels are used: BCHs, CCCHs and DCCHs.
Broadcast Channels BCH are used DL only for MS synchronization & information:
l
BCCH Broadcast Control Channel: contains system & cell parameters, e.g. CGI
(i.e. PLMN, LAI), channel combining, frequency hopping algorithm, cipher mode,
cell capabilities: e.g. EFR/FR/HR, VAD/DTX, ASCI, HSCSD, GPRS, EDGE,..)
Common Control Channels CCCH are used uni-directional UL & DL for initial
access:
l
Dedicated Control Channels DCCH are used bi-directional for dedicated signaling:
l
15
Siemens
Radio Interface
Logical channels
DL
BCH
Broadcast Channel
DL
Signaling
CCCH
Common Control
Channel
DCCH
Dedicated Control
Channel
Traffic
User Data
BCCH: Broadcast Control Channel
FCCH: Frequency Correction Channel
SCH: Synchronisation Channel
PCH: Paging Channel
UL
UL
+
DL
FCCH
Frequency synchronization
SCH
BCCH
PCH
RACH
AGCH
SDCCH
SACCH
Measurement Report,
TA, PC, cell parameters,...
FACCH
TCH/F
TCH/H
UL + DL
AGCH: Access Grant Channel
RACH: Random Access Channel
SDCCH: Stand-alone Dedicated Control Channel
Fig. 12
16
Radio
SiemensInterface
Siemens
Radio Interface
Burst Types
The HF transmission, which is transmitted in a Time Slot with a pre-defined bit
sequence is call Burst. In GSM there are 5 different Burst types defined:
Normal Burst NB: The NB is used for most of the Logical Channels (TCH, BCCH,
PCH, AGCH, SDCCH, SACCH, FACCH). It consists of the following bit sequence:
l
2 x 3 bit as Tail Bits TB for edge limitation of the HF burst (content: 0),
2 x 57 bit as Data Bits (Information), which carry the users data or signaling
information.
2 x 1 bit as Stealing Flags S, which indicate whether user data (TCH) or user
related signaling (FACH) is transmitted in this Burst.
26 bit as Training Sequences, which are fixed bit pattern (8 different sequences
exist for NB) for synchronization of the transmitted burst & recognition of
transmission quality
8.25 bit as Guard Period GP, which is not part of the HF transmission; used as
guard period between succeeding TS.
Frequency Correction Burst: It is used for the FCCH only, consisting of:
l
2 x 39 bit with Information necessary for initial MS access (BSIC, TDMA frame
number, NB training sequence used in this cell,..)
36 bits Information for initial access (BSIC, MS random no., access reason)
68.25 bits Guard Period GP; the extended GP prevents interference with the
succeeding TS occurring due to the run-time problem (the MS lacks of information
about its distance to the BS before starting access)
17
Siemens
Radio Interface
Dummy Burst: The Dummy Burst has NB structure; it is transmitted in special cases
if nothing else (useful) is to be transmitted (e.g. at the BCCH carrier, which has to be
transmitted continuously because it is the cell beacon).
Burst Types
Normal Burst
TB
3
bit
Information
57 bit
Training
Sequence
bit
26 bit
bit
TB
3
Information
57 bit
bit
bit
TB GP
3 8.25
Fixed bits
142 bit
bit
TB GP
3 8.25
bit
bit
Training
Sequence
Information
39 bit
64 bit
Information
39 bit
TB GP
3 8.25
bit
bit
41 bit
Information
36 bit
TB
3
GP
68.25
bit
bit
Fig. 13
18
Radio
SiemensInterface
Siemens
Radio Interface
19
Siemens
Radio Interface
II)
III)
TCH-Combinations
TCH-Combinations
shown
shownbefore
before
V)
VI)
CCCH + BCCH
VII)
SDCCH/8 + SACCH/8
Combination IV
DL
UL
R R
0 1
F:FCCH
S:SCH
B: BCCH
R R
10 11
R R
20 21
R R
30 31
R R
40 41
R
50
Fig. 14
20
Radio
SiemensInterface
Siemens
Radio Interface
21
Siemens
Radio Interface
SDCCH SDCCH
FS
SDCCH SDCCH
FS
SACCH SACCH
SDCCH SDCCH
FS
SDCCH SDCCH
FS
SACCH SACCH
SDCCH
RR
SACCH SACCH
RR
SACCH SACCH
RRRRRRRRRRRRRRRRRRRRRRR
SDCCH SDCCH
RRRRRRRRRRRRRRRRRRRRRRR
SDCCH SDCCH
Combination VII
DL
RR
SDCCH
RR
SDCCH
2
2
SDCCH/8 + SACCH/8
SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH SACCH SACCH SACCH
I I I
SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH SACCH SACCH SACCH
I I I
0
0
1
1
2
2
UL
SACCH SACCH SACCH
I I I
I I I
5
0
6
1
7
2
0
0
1
1
2
2
3
3
4
4
5
5
6
6
7
7
4
0
Fig. 15
22
Radio
SiemensInterface
Siemens
Radio Interface
23
Siemens
Radio Interface
915 MHz
FDMA
GMSK
270.833
Modulation kbit/s
RFC
i
RFC RFC
123 124
200 kHz
Information
57
S Training Seq. S
1
26
Information
57
TB GP
3
8.25
1 Bit = 3.6923 ms
24.7 kbit/s = 22.8 kbit/s TCH data (incl. redundancy)
+ 0.95 kbit/s SACCH + 0.95 kbit/s Idle
Fig. 16
24
Siemens
Radio Interface
MOC / MTC
Radio Interface (Layer 1)
RACH: Channel Request
AGCH: Immediate Assign
SDCCH: CM Service Request
SDCCH: Authentication Request
SDCCH: Authentication Response
SDCCH: Cipher Mode Command
SDCCH: Cipher Mode Complete
SDCCH: Setup
SDCCH: Call Proceeding
SDCCH: Assign Command
MOC / MTC
Fig. 17
25
Radio Interface
Siemens
Siemens
Radio Interface
Authentication Request (SDCCH): the networks checks the real identity (Ki) of the
SIM transmitting RAND.
Cipher Mode Complete (SDCCH): the MS acknowledges the cipher start (first
ciphered message)
Setup (SDCCH): the MS transmits the Setup information including the desired TS /
BS and number of the B-subscriber.
Call Proceeding (SDCCH): the network acknowledges the authorization for the
requested service and confirms the call proceeding.
Assign Complete (FACCH): the MS confirms the TCH allocation (using TCH
resources)
Alerting (FACCH): the network informs the MS on successful call setup (i.e. the
phone of the B subscriber rings). This starts generation of the ringing signals in the
MS, too.
Connect (FACCH): the MS is informed, that the B subscriber accepted the call
TCH: now network switch over to data transfer; the communication is able to start
26
Siemens
Radio Interface
MOC
Mobile
Originating
Call
SDCCH: Setup
SDCCH: Call Proceeding
SDCCH: Assign Command
FACCH: Assign Complete
FACCH: Alerting
FACCH: Connect
FACCH: Connection Ackn.
TCH
Fig. 18
27
Radio
SiemensInterface
Siemens
Radio Interface
28
Siemens
Radio Interface
MOC
MS
BSS
Part I
ISDN
MSC
VLR
EIR
CIPH_MOD_COM
Check IMEI
TMSI Re-allocation TMSI_REAL_COM
TMSI-REAL-CMD
TMSI_REAL_COM
TMSI_REAL_COM
SETUP
SETUP
TSMI Acknowledged
TMSI_ACK
SEND INFO
Fig. 19
29
Siemens
Radio Interface
MOC
MS
BSS
Part II
Call Proceeding CALL_PROC
ISDN
MSC
VLR
CALL_PROC
Assign Command ASS_CMD
ALERT
ALERT
Connect CON
CON
Connect Acknowledged CON_ACK
CON_ACK
User data
Disconnect DISC
REL
DISC
Release REL
Release REL
Release Complete RLC
REL_COM
Clear Command CLR_CMD
Clear Complete CLR_CMP
Fig. 20
30
Siemens
Radio Interface
Mobile
Terminating
Call
MTC
Start Ciphering
Setup Message
[Bearer Service, Calling No.]
Requested Service possible in MS
SDCCH: Setup
FACCH: Alerting
FACCH: Connect
Acknowledgement
Start of user data transmission & charging
TCH
Fig. 21
31
Appendix
Appendix
Appendix
Contents
1
2
References
Abbreviations
2
3
Appendix
Siemens
References
M. Mouly, M.B. Pautet, "The GSM System for Mobile Communications", Cell & Sys
(1992), ISBN 2-9507190-0-7
A. Mehrotra, "GSM System Engineering", Artech House Inc. (1997), ISBN 089006-860-7
G. Heine, "GPRS from A Z", Artech House Inc. (2000), ISBN 1-58053-181-4
G. Heine, "GPRS, EDGE, HSCSD and the Path to 3G", Artech House Inc. (2001),
CD-ROM, ISBN 1-58053-275-6
Siemens
Appendix
Abbreviations
AB
access burst
AC
authentication center
ACCH
ACE
ACE-Rx
ACE-Tx
ACG
ACM
ACU
ADC
AEF
AF
audio frequency
AFC
AGC
AGCH
AMA
AMPC
advice of charge
AP
application part
APS
ARFCN
ARQ
ASN
ATB
ATE
AUC
authentication center
AUT(H)
authentication
BA
BCCH allocation
BAIC
BAOC
BAP
BCC
Siemens
Appendix
BCCH
BCH
broadcast channel
BER
BHCA
BIC- Roam
BNHO
BOIC
base station
BSC
BSCU
BSIC
BSS
BSSAP
BSSMAP
BSSOMAP
BSU
BTS
CA
cell allocation
CAS
CAP
CBCH
CBS
CC
call control
CC
channel coding
CC
country code
CCBS
CCC
CCG
CCH
control channel
CCITT
CCNC
CCNP
Siemens
Appendix
Appendix
Siemens
CCS7
CCS
CCU
CdPA
CF
call forwarding
CFB
CFNRc
CFNRy
CFU
CGI
CgPA
CHA
component handling
CI
cell identity
CIC
CKSN
CLIP
CLIR
CMD
command
CMY
common memory
CNI
COLI
CoLP
CoLR
CP
call processing
CP
coordination processor
CPU
CR
code receiver
CRC
CT
call transfer
CT
Craft Terminal
CTC
continuity check
CUG
CW
call waiting
DAS
Siemens
Appendix
DB
dummy burts
DBMS
DCCH
DCN
DCP
DCS1800
DE
digital exchange
DEC
DEMUX
demultiplexer
DHA
dialogue handling
DIU
Dm
control/data channel
DL
down link
DPC
DPPC
DPPS
DRX
discontinuous reception
DSMX
DTAP
DTMF
DTX
discontinuous transmission
EIR
EMML
ERP
EWSD
FAC
FACCH
FACCH/F
FACCH/H
FB
FC
filter coupler
FCCH
FDMA
FEC
Siemens
Appendix
Appendix
Siemens
FHE
FN
frame number
FPLMTS
GCR
GMSC
gateway MSC
GMSK
GOS
grade of service
GP
guard period
GP
group processor
GSM
handover
HC
hard copy
HF
history file
HLR
HLR-ID
HMSC
home MSC
HO
HANDO
HOLD
call hold
HPA
HPLMN
home PLMN
HSN
IAM
ICB
ID
identification
ID
identity
IMEI
IMN
installation manual
IMSI
IMT-2000
IN
intelligent network
IOC
input/output controller
IOP
input/output processor
IOP: AUC
Siemens
Appendix
ISC
ISDN
ISUP
IWE
interworking equipment
IWF
interworking function
IWUP
Kc
Ki
LA
location area
LAC
LAI
LAN
LAPDm
LE
local exchange
LIC
Lm
LMSI
LMT
LR
location register
LTG
line/trunk group
MA
mobile allocation
MAP
MAH
MB
message buffer
MBG
MBU
MCC
MCI
ME
mobile equipment
MFC
multifrequency code
MGT
MIB
MM
mobility management
MMI
Siemens
Appendix
Appendix
Siemens
MMI
MMN
maintenance manual
MML
MNAP
MNC
MOC
MP
Main Processor
MPTY
MPU
MS
mobile station
MS
mobile subscriber
MSC
MSIN
MSISDN
MSRN
MT
mobile termination
MTC
MTE
MTP
NB
normal burst
NCC
NDC
NE
NEF
NF
network function
NI
national Indicator)
NM
network management
NMC
NMSI
O&M
OACSU
OCB
ODAGEN
OMAP
Siemens
Appendix
OMC
OMC- B
OMC- S
OMP
OMP- B
OMP- S
OMS
OMT
OMT- B
OMT- S
OPC
PA
power Amplifier
PCH
paging channel
PCM
PCM- INT
PCM interface
PCS
PDN
PIN
PLMN
PM
performance management
PSPDN
PSTN
PSU
QA
Q (interface adapter)
QOS
quality of service
RA
rate adaptation
RAB
RACH
RAE
RAND
random number
REC
recommendation
REQ
request
RES
response
RF
radio frequency
10
Siemens
Appendix
Appendix
Siemens
RFC
RFCH
RFCN
RFM
RFN
RLP
RMA
RMC
ROI
ROSE
RPE- LTP
RR
RSE
RSS
radio subsystem
RT
radio terminal
RX or Rx
receiver
RXLEV
RxMC
receiver multicoupler
RXQUAL
SACCH
SACCH/T
SACCH/TF
SACCH/TH
SAP
SAPI
SB
synchronization burst
SC
Switch Commander
SCCP
SCF
SCP
SCH
synchronization channel
SCN
SCP
SDCCH
11
Siemens
Appendix
SFH
SG
safeguarding
SGC
SGL
service guidelines
SI
service indicator
SIM
SM
security management
SMC
submultiplex channel
SMG
SMS
SN
subscriber number
SN
switching network
SNR
serial number
SP
signaling point
SPC
SPC
SRES
signed response
SSF
SSG
SSM
SSNC
SSP
SSS
switching subsystem
STP
SW
software
SYP
system panel
SYPC
SYPD
TA
Terminal Adaptation
TAC
TAC
TB
tail bit
TC
transaction capability
TCAP
12
Siemens
Appendix
Appendix
Siemens
TCB
transcoder board
TCG
transcoder group
TCGQ
TCH
traffic channel
TCH/F
TCH/FS
TCH/H
TCH/HS
TDMA
TE
terminal equipment
TETRA
THA
transaction handling
TMN
TMRP
TMS
TMS
TMSI
TN
telecommunication network
TN
timeslot number
TRAU
TRX
transceiver
TS
tele service
TS
timeslot
TSM
TSG
TUP
TX or Tx
transmitter
UL
uplink
UMTS
UP
user part
UUS
VAD
VBR
VE
exchange equipment
13
Siemens
Appendix
VBS
VGCS
VHE
VLR
VMSC
Visited MSC
VoIP
Voice over IP
VPLMN
Visited PLMN
WAN
WAP
WARC
WLL
WS
Work Station
14
TRAINING SECTOR
GENERAL DEPARTMENT FOR
PLANNING & DEVELOPING PROGRAMS
Sub-sections
Appindex
Reference
Glossary
CDMA Overview
CDMA Overview
Sub-section reference
Sub-section identification
1
2
3
4
5
6
7
8
Pages
1
1
1
1
1
1
1
1
39
16
20
18
15
11
2
5
Chapter 1
The Way to CDMA Technology
2
2
4
6
8
8
10
11
11
13
15
15
17
17
19
21
21
23
24
24
26
26
28
29
31
36
38
38
Higher capacities and lower system design costs (plus lower infrastructure
costs) which will lead to a lower cost per subscriber.
A lower cost per subscriber combined with new subscriber features, which
will help the operators to increase their market penetration.
High quality calls must be maintained during the change to or migration to any
new digital technology.
Fig.2
Fig. 3
Digital Signal
Analogue
Signal
Transmission
Quality:
Easy to regenerate
Distance to BS
Fig. 4
Fig. 5
Security
Higher capacities
Easily Maintainance
Minaturization an friendleness
High Quality with low cost
Worlwide Availability
New Service Implementation
High Fidility
Fig.6
10
A cell is the basic geographic unit of a cellular system.The term cellular comes
from the honeycomb shape of the areas into which a coverage region is divided.
Cells are base stations transmitting over small geographic areas that are represented
as hexagons. Each cell size varies depending on the landscape. Because of
constraints imposed by natural terrain and man-made structures, the true shape of
cells is not a perfect hexagon.
Unfortunately, economic considerations made the concept of creating full systems
with many small areas impractical. To overcome this difficulty, system operators
developed the idea of splitting cells into sectors to form sector cells
.
Clusters
A cluster is a group of cells in which all available frequencies have been used
once. No channels are reused within a cluster.
Frequency Reuse
The concept of frequency reuse is based on assigning to each cell a group of radio
channels used within a small geographic area. Cells are assigned a group of
channels that is completely different from neighboring cells. The coverage area of
cells are called the footprint. This footprint is limited by a boundary so that the same
group of channels can be used in different cells that are far enough away from each
other so that their frequencies do not interfere.Cells with the same number have the
same set of frequencies.
11
Cluster
Fig.7
Fig.8
12
Macrocells
The macrocells are large cells for remote and sparsely populated areas.
Microcells
These cells are used for densely populated areas. By splitting the existing areas
into smaller cells, the number of channels available is increased as well as the
capacity of the cells. The power level of the transmitters used in these cells is then
decreased, reducing the possibility of interference between neighboring cells.
Selective cells
It is not always useful to define a cell with a full coverage of 360 degrees. In some
cases, cells with a particular shape and coverage are needed. These cells are called
selective cells.
A typical example of selective cells is the cells that may be located at the
entrances of tunnels where coverage of 360 degrees is not needed. In this case, a
selective cell with coverage of 120 degrees is used.
Umbrella cells
Handoff
The final obstacle in the development of the cellular network involved the problem
created when a mobile subscriber traveled from one cell to another during a call. As
adjacent areas do not use the same radio channels, a call must either be dropped or
transferred from one radio channel to another when a user crosses the line between
adjacent cells. Because dropping the call is unacceptable, the process of handoff
was created. Handoff occurs when the mobile telephone network automatically
transfers a call from radio channel to radio channel as a mobile crosses adjacent
cells.
During a call, When the mobile unit moves out of the coverage area of a given cell
site, the reception becomes weak. At this point, the cell site in use requests a
handoff. The system switches the call to a stronger frequency channel in a new site
and the call continues as long as the user is talking, and the user does not notice the
handoff at all.
13
Fig.9
Fig.10
Fig.11
14
The MTSO is the central office for mobile switching. It houses the mobile switching
center (MSC), field monitoring and relay stations for switching calls from cell sites to
wireline central offices (PSTN).
The term cell site is used to refer to the physical location of radio equipments that
provide coverage within a cell. A list of hardware located at a cell site includes power
sources, interface equipment, radio frequency transmitters and receivers, and
antenna systems.
The mobile subscriber unit consists of a control unit and a transceiver that
transmits and receives radio transmissions to and from a cell site. Three types of
MSUs are available:
1. The mobile telephone (typical transmit power is 4.0 watts)
2. The portable (typical transmit power is 0.6 watts)
3. The transportable (typical transmit power is 1.6 watts)
The mobile telephone is installed in the trunk of a car, and the handset is installed
in a convenient location to the driver. Portable and transportable telephones are hand
held and can be used anywhere. The use of portable and transportable telephones
is limited to the charge life of the internal battery.
15
Fig.12
16
It occurs when the received signal becomes weaker and weaker due to
increasing distance between MS and BTS . Path loss is proportional to the square
of the distance and the square of the transmitted frequency .
Shadowing
It is due to obstacles being between the MS and the BTS , like buildings, hills
etc. When the MS moves around , the signal fluctuates normally around a mean
value depending on the obstacles.
Multipath fading
It occures when there is more than one transmission path to the MS or BTS ,
and therefore more than one signal is arriving at the receiver .This may be due to
buildings or mountains , either close to or far from the reciving device,Rayleigh
fading and time dispersion are forms of multipath fading.
1. Rayleigh fading
It occures when the signal takes more than one path between the MS and
BTS. Rayleigh fading occurs when the obstacles are near to the receiving antenna
2. Time dispersion
It contrasts to Rayleigh fading , the reflected signal comes from an object far
away from the receiving antenna .Since the bit rate on the air is 270 kbit/sec,one
bit corresponds to 3.7 sec or 1.1 km . If an obstacle is further than 500 m away,
then the reflected bit will interfere with the next transmitted bit (ISI).
17
Fig.13
Fig.14
18
Sometimes, when you are using a mobile phone, you will notice that the speech
quality breaks up or disappears completely for short periods of time. By moving
toward a window you can sometimes improve the situation. This loss of speech
quality is caused by errors. That means, the transmitter might send 1011, but
because of propagation problems, such as fast fading, the receiver gets 1001.The
third bit is said to be in error. This is a little like spelling something over the
phone.You might say S but the person at the other end might respond was that F?
An error was made because the line was not of sufficient quality.
Mobile phones contain advanced systems for correcting errors but However, these
systems are not always able to remove all the errors. Without error correction, the
speech quality would always be so terrible that you would never be able to
understand the other person.
Interference, fading, and random noise cause errors to be received, the level of
which will depend on the severity of the interference. The presence of errors can
cause problems. For speech coders such as ADPCM (Adaptive Defrential PCM), if
the bit error rate (BER) rises above 10-3 (that is, 1 bit in every 1000 is in error, or the
error rate is 0.1%) then the speech quality becomes unacceptable.
For near-perfect voice quality, error rates of the order of 10-6 are required. For data
transfers, users expect much better error rates, for example on computer files, error
rates higher than 10-9 are normally unacceptable.
If the only source of error on the channel was random noise, then it would be
possible, and generally efficient, to simply ensure that the received signal power was
sufficient to achieve the required error performance without any need for error
correction. However, where fast fading is present, fades can be momentarily as deep
as 40 dB. To increase the received power by 40 dB to overcome such fades would
be highly inefficient, resulting in a significantly reduced range and increased
interference to other cells. Instead, error correction coding accepts that bits will be
received in error during fades but attempts to correct these using extra bits
(redundant bits) added to the signal.
19
Fig.15
20
Antenna Diversity
Time Advance
Time Advance is introduced to overcome the effect of time alignment. When the
MS is moving far away from the BTS , this BTS tells the MS how much time ahead of
the synchronization time it must transmit the burst .
21
Fig.16
Fig.17
22
Channel Coding
Interleaving
Fig.18
23
7 Transmission Principles
7.1 Duplex Transmission
Two duplex methods are used for coordinating the uplink (UL) and downlink (DL)
components of a transmission between a base station and a mobile station, namely
Frequency Division Duplex (FDD) and Time Division Duplex (TDD).
UL and DL are implemented for FDD in different frequency bands. The gap
between the two frequency bands for UL and DL is known as the duplex distance. It
is constant for all mobile stations in a standard. Generally the DL frequency band is
positioned at the higher frequency than the UL band.
In the case of TDD, UL and DL are implemented in the same frequency band,
Uplink (UL) and Downlink (DL) takes place at different times. There is fast switching
between UL and DL transmission, so that the user has the impression of
simultaneous transmission and reception.
As a result, only a fraction of the time needed for analog transmission is required
for digital transmission of subscriber data.
24
Fig.19
Fig.20
25
26
Fig.21
27
28
29
Fig.22
30
Mobile Station MS
The SIM is a smart card that identifies the terminal. By inserting the SIM card into
the terminal, the user can have access to all the subscribed services. Without the
SIM card, the terminal is not operational. The SIM card is protected by a four-digit
Personal Identification Number (PIN). In order to identify the subscriber to the
system, the SIM card contains some parameters of the user such as its International
Mobile Subscriber Identity (IMSI).
Another advantage of the SIM card is the mobility of the users. In fact, the only
element that personalizes a terminal is the SIM card. Therefore, the user can have
access to its subscribed services in any terminal using its SIM card.
31
Fig.23
32
The BSS connects the Mobile Station and the NSS. It is in charge of the transmission
and reception. The BSS can be divided into two parts:
Fig.24
33
Its main role is to manage the communications between the mobile users and
other users, such as mobile users, ISDN users, fixed telephony users, etc. It also
includes data bases needed in order to store information about the subscribers and
to manage their mobility. The different components of the NSS are described below.
1. The Mobile services Switching Center (MSC)
It is the central component of the NSS. The MSC performs the switching functions
of the network. It also provides connection to other networks.
2. Home Location Register (HLR)
The HLR is considered as a very important database that stores information of the
suscribers belonging to the covering area of a MSC. It also stores the current location
of these subscribers and the services to which they have access. The location of the
subscriber corresponds to the SS7 address of the Visitor Location Register (VLR)
associated to the terminal.
3. Visitor Location Register (VLR)
The VLR contains information from a subscriber's HLR necessary in order to
provide the subscribed services to visiting users. When a subscriber enters the
covering area of a new MSC, the VLR associated to this MSC will request information
about the new subscriber to its corresponding HLR. The VLR will then have enough
information in order to assure the subscribed services without needing to ask the
HLR each time a communication is established. The VLR is always implemented
together with a MSC; so the area under control of the MSC is also the area under
control of the VLR.
4. The Authentication Center (AuC)
The AuC register is used for security purposes. It provides the parameters needed
for authentication and encryption functions. These parameters help to verify the
user's identity.
5. The Equipment Identity Register (EIR)
The EIR is also used for security purposes. It is a register containing information
about the mobile equipments. More particularly, it contains a list of all valid terminals.
It is identified by its International Mobile Equipment Identity (IMEI). The EIR allows
then to forbid calls from stolen or unauthorized terminals (e.g, a terminal which does
not respect the specifications concerning the output RF power).
6. The Operation and Support Subsystem (OSS)
The OSS is connected to the different components of the NSS and to the BSC, in
order to control and monitor the GSM system. It is also in charge of controlling the
traffic load of the BSS. However, the increasing number of base stations, due to the
development of cellular radio networks, has provoked that some of the maintenance
tasks are transfered to the BTS. This transfer decreases considerably the costs of the
maintenance of the system.
34
Fig.25
35
36
Fig.26
37
8 Data Transmission
8.1 Data Transmission Development
One of the problems of data transmission using GSM is posed by the current
comparatively user-unfriendly usage of data services in the terminals (e.g. SMS) or
the complicated connection of terminal equipment via adapter.
Terminal equipment in which different functions are integrated, as well as displays
optimized for each individual data transmission form provide an answer to this.
A decisive problem is posed by the comparatively low data transmission rates of
GSM Phase 1 and 2. Data transmission rates of 0.3 -9.6 kbit/s compared to 64 kbit/s
using ISDN are considerably too low.
To increase the data transmission rates in the Europian system new bearer
services are being developed in GSM Phase 2+, which will adapt the data
transmission rates to the ISDN transmission rates in various usage areas or even, be
considerably above them.
1. High Speed Circuit Switched Data HSCSD
2. General Packet Radio Service GPRS
3. Enhanced Data rates for the GSM Evolution EDGE
To increase the data transmission rates in American System after deployment of
CDMA techniques IS95B was developed, which will adapt the data transmission
rates to the ISDN transmission rates in various usage.
38
Fig.27
Fig.28
39
Chapter 2
Basic Concept of Spread
Spectrum Technology
Advantages of CDMA
Increased Capacity
Lowering Eb/NO
Voice Activity Detection
Power Control
Improved Call Quality
Simplified System Planning
Enhanced Privacy
Improved Coverage
Increased Portable Talk Time
Bandwidth on Demand
Spread Spectrum Technology
2.1
2.2
2.2.1
2.2.2
2.2.3
2.3
2.3.1
2.3.2
2.4
2.4.1
2.4.2
2.5
2.5.1
2.5.2
Properties of SS signals
Spread-Spectrum Multiple Access
Direct Sequence Spread Spectrum
Advantages of DS-SS
Disadvantages of DS-SS
Frequency Hopping Spread Spectrum
Advantages of FH-SS
Disadvantages of FH-SS
Time Hopping Spread Spectrum (TH-SS)
Advantages of TH-SS
Disadvantages of TH-SS
Hybrid Systems
Advantages of H-SS
Disadvantages of H-SS
2
2
2
2
2
4
4
4
4
4
4
6
8
10
10
10
10
12
12
12
14
14
14
16
16
16
1 Advantages of CDMA
When implemented in a cellular telephone system, CDMA technology offers
many benefits to meet Mobile Radio Requirements. The following is an overview
of the advantages of CDMA.
Fig.1
Fig.2
Fig.3
Fig.4
Fig.5
If multiple users transmit a spread-spectrum signal at the same time, the receiver will still
be able to distinguish between the users provided each user has a unique code that has a
sufficiently low cross-correlation with the other codes. Correlating the received signal with a
code signal from a certain user will then only despread the signal of this user, while the
other spread-spectrum signals will remain spread over a large bandwidth. Thus, within the
information bandwidth the power of the desired user will be larger than the interfering power
provided there are not too many interferers, and the desired signal can be extracted.
In a radio channel there is not just one path between a transmitter and receiver.
Due to reflections (and refractions) a signal will be received from a number of different
paths. The signals of the different paths are all copies of the same transmitted signal but
with different amplitudes, phases, delays, and arrival angles. Adding these signals at the
receiver will be constructive at some of the frequencies and destructive at others. In the
time domain, this results in a dispersed signal. Spread-spectrum modulation can combat
this multipath interference.
The transmitted signal can only be despread and the data recovered if the receiver
knows the code. Cross-correlating the code signal with a narrowband signal will spread the
power of the narrowband signal thereby reducing the interfering power in the information
bandwidth.
Anti-Jamming capability
This is more or less the same as interference rejection except the interference is now
willfully inflicted on the system. It is this property, together with the next one, that makes
spread-spectrum modulation attractive for military applications.
Because of its low power density, the spread-spectrum signal is difficult to detect and
intercept by a hostile listener.
Fig.6
Fig.7
10
Fig.8
Fig.9
11
12
Fig.10
13
14
Fig.11
15
Fig.12
16
Chapter 3
CDMA codes and its usage
2
2
4
4
6
8
9
9
9
11
12
14
16
18
20
Fig.1
Fig.2
Fig.3
Fig.4
Fig.5
Fig.6
Fig.7
10
Fig.8
11
12
Fig.9
Fig.10
13
14
Where SNRo and SNRi are the output and input SNR of the correlator, respectively.
Where BWD and BWSS are the bandwidth of the data before and after SS modulation.
Fig.11
15
16
Fig.12
17
Serial search
The first acquisition strategy we consider is serial search. In this method, the acquisition
circuit attempts to cycle through and test all possible phases one by one (serially) as shown
in Figure.
The circuit complexity for serial search is low. However, penalty time associated with a
miss is large.
Therefore we need to select a larger integration (dwell) time to reduce the miss
probability. This, together with the serial searching nature, gives a large overall acquisition
time (i.e., slow acquisition).
Fig.13
18
Parallel search
Unlike serial search, we test all the possible phases simultaneously in the parallel search
strategy as shown in figure. Obviously, the circuit complexity of the parallel search is high.
The overall acquisition time is much smaller than that of the serial search.
Fig.14
19
Fig.15
20
Chapter 4
CDMA Air Interface Overview
2
2
4
4
6
7
9
11
12
12
14
15
16
17
Fig.1
Fig.2
The active list contains base stations currently used for traffic channel
transmissions. In a soft handoff condition, there is more than one base station in this
list.
The candidate list consists of base stations classified by the terminal, on the basis
of measured signal quality, as available for traffic channel transmissions.
The neighbor list is a set of nearby base stations that could soon be available for
handoff.
The remaining list contains the base stations that are not in any of the other
categories.
Fig.3
Long-code state
System time
Fig.4
System Parameter message: such as base station identifier, the number of paging
channels, and the page channel number.
Access Parameters message: parameters required by the mobile to transmit on an
access channel.
Neighbor List Message: information about neighbor base station parameters, such
as the PN Offset.
CDMA Channel List message: provides a list of CDMA carriers.
Page message: provides a page to the mobile station.
Channel Assignment message: to inform the mobile station to tune to a new
frequency.
Data Burst message: data message sent by the base station to the mobile.
Authentication Challenge: allows the base station to validate the mobile identity.
Fig.5
When the data rate is 9.6 Kbps, the code symbol rate (at the output of the
convolutional encoder) is 19.2 Ksps. In this case, no repetition is performed.
When the data rate is 4.8 Kbps, the code symbol rate is 9.6 Ksps; each symbol is
repeated once, yielding a final modulation symbol rate of 19.2 Ksps.
When the data rate is 2.4 Kbps, the code symbol rate is 4.8 Ksps; each symbol is
repeated three times, yielding a final modulation symbol rate of 19.2 Ksps.
When the data rate is 1.2 Kbps, the code symbol rate is 2.4 Ksps; each symbol is
repeated seven times, yielding a final modulation symbol rate of 19.2 Ksps.
The reason for repeating symbols is to reduce overall interference power at a given time
when lower rate data are transmitted.
In a real CDMA system, when the vocoder is transmitting at 4.8 Kbps, the energy per
symbol transmitted is one-half that of 9.6 Kbps. When the vocoder is transmitting at 2.4
Kbps, the energy per symbol transmitted is oneforth that of 9.6 Kbps, and when the
vocoder is transmitting at 1.2 Kbps, the energy per symbol transmitted is one-eighth that of
9.6 Kbps.
After symbol repetition, the data is interleaved to combat fading (see Figure), and then
the interleaved data is scrambled by a decimated long PN sequence. A long PN code
generator generates the long PN sequence. The generator outputs a long PN sequence at
1.2288 Mcps. Because the data rate at the interleaver output is 19.2 Ksps, the PN
sequence is decimated by a ratio of 64:1 to also achieve a rate of 19.2 Kcps; the decimated
long PN sequence at 19.2 Kcps is then multiplied with the 19.2-Ksps data stream. Note that
the long-code generator produces the long PN sequence using a mask that is specific to
the mobile.
Fig.6
10
Fig.7
11
12
Fig.8
13
Registration Message: sends to the base station information necessary to page the
mobile, such as: location, status, and identification.
Order message: to transmit information such as base station challenge, mobile
station acknowledgement, local control response, and mobile station reject.
Data Burst message: user-generated data message sent by the mobile station to the
base station.
Origination message: allows the mobile station to place a call sending dialed digits.
Page Response message: used to respond to a page.
Authentication Challenge Response message: contains necessary information to
validate the mobile stations identity.
Fig.9
14
Fig.10
Fig.10
15
Fig.11
16
At the receiving side, the received signals are quantized (turned into bits) and run
through the Walsh code and PN sequence correlation receiver to recover the transmitted
bits of the original signal. When 20ms of voice data is received, a Viterbi decoder corrects
the errors using the convolutional code, and that all goes to the vocoder that turns the bits
back into waveforms (sound).
17
Fig.12
18
Chapter 5
CDMA System Aspects
1.1
Introduction
2
2
2
4
4
6
8
9
9
11
11
11
11
12
14
1.1.1
1.1.2
1.2
1.2.1
1.2.2
1.2.3
2
2.1
3
3.1
3.2
3.2.1
3.3
4
4
Fig.1
Fig.2
Fig.3
Fig.4
Fig.5
2 RAKE Receiver
2.1 RAKE Receiver Theory and Structure
A spread-spectrum signal waveform is well matched to the multipath channel. In a
multipath channel, the original transmitted signal reflects from obstacles such as buildings,
and mountains, and the receiver receives several copies of the signal with different delays.
If the signals arrive more than one chip apart from each other, the receiver can resolve
them. Actually, from each multipath signals point of view, other multipath signals can be
regarded as interference and they are suppressed by the processing gain. However, a
further benefit is obtained if the resolved multipath signals are combined using RAKE
receiver. Thus, the signal waveform of CDMA signals facilitates utilization of multipath
diversity. Expressing the same phenomenon in the frequency domain means that the
bandwidth of the transmitted signal is larger than the coherence bandwidth of the channel
and the channel is frequency selective (i.e., only part of the signal is affected by the fading).
RAKE receiver consists of correlators, each receiving a multipath signal. After
despreading by correlators, the signals are combined using, for example, maximal ratio
combining. Since the received multipath signals are fading independently, diversity order
and thus performance are improved.
After spreading and modulation the signal is transmitted and it passes through a
multipath channel, which can be modeled by a tapped delay line (i.e., the reflected signals
are delayed and attenuated in the channel).
It is necessary to measure the tapped delay line profile and to reallocate RAKE fingers
whenever there is need. Small-scale changes, less than one chip, are taken care of by a
code-tracking loop, which tracks the time delay of each multipath signal.
Fig.6
10
11
Fig.7
12
Fig.8
13
4 Multiuser Detection
The current CDMA receivers are based on the RAKE receiver principle, which
considers other users signals as interference. However, in an optimum receiver all signals
would be detected jointly or interference from other signals would be removed by
subtracting them from the desired signal. This is possible because the correlation
properties between signals are known (i.e., the interference is deterministic not random).
The capacity of a direct sequence CDMA system using RAKE receiver is interference
limited. In practice this means that when a new user, or interferer, enters the network, other
users service quality will go below the acceptable level. The more the network can resist
interference the more users can be served. Multiple access interference that disturbs a
base or mobile station is a sum of both intra- and inter-cell interference. Multiuser detection
(MUD), also called joint detection and interference cancellation (IC), provides a means of
reducing the effect of multiple access interference, and hence increases the system
capacity.
In the first place MUD is considered to cancel only the intra-cell interference, meaning
that in a practical system the capacity will be limited by the efficiency of the algorithm and
the inter-cell interference. In addition to capacity improvement, MUD alleviates the near/far
problem typical to DS-CDMA systems. A mobile station close to a base station may block
the whole cell traffic by using too high a transmission power. If this user is detected first and
subtracted from the input signal, the other users do not see the interference. Since optimal
multiuser detection is very complex and in practice impossible to implement for any
reasonable number of users, a number of suboptimum multiuser and interference
cancellation receivers have been developed. The suboptimum receivers can be divided into
two main categories: linear detectors and interference cancellation. Linear detectors apply
a linear transform into the outputs of the matched filters that are trying to remove the
multiple access interference using too high a transmission power. If this user is detected
first and subtracted from the input signal, the other users do not see the interference. Since
optimal multiuser detection is very complex and in practice impossible to implement for any
reasonable number of users, a number of suboptimum multiuser and interference
cancellation receivers have been developed. The suboptimum receivers can be divided into
two main categories: linear detectors and interference cancellation. Linear detectors apply
a linear transform into the outputs of the matched filters that are trying to remove the
multiple access interference (i.e., the interference due to correlations between user codes).
Examples of linear detectors are decorrelator and linear minimum mean square error
(LMMSE) detectors. In interference cancellation multiple access interference is first
estimated and then subtracted from the received signal. Parallel interference cancellation
(PIC) and successive (serial) interference cancellation (SIC) are examples of interference
cancellation.
14
Fig.9
15
Appendix
Appendix
Appendix
A
AC
Authentication Center
ACCH
ACE
ADC
AGCH
AMR
AMX
ATM MultipleXer
AMPS
ANSI
AP
Application Part
ARFCN
ARIB
ARQ
ASCI
ASN
ATM
AUC
Authentication Center
B
BA
BCCH Allocation
BCC
BCCH
BCH
Broadcast CHannel
BER
BPSK
BS
Base Station
BSC
BSIC
Appendix
BSS
BSSAP
BSSMAP
BTS
C
CA
Cell Allocation
CAMEL
CATT
CC
Call Control
CC
Country Code
CCH
Control CHannel
CCITT
CCS7
CCU
CDMA
CEPT
CGI
CI
Cell Identity
CN
Core Network
CP
Call Processing
CS
Coding Scheme
CUG
CWTS
D
D-AMPS
Digital AMPS
DCA
Appendix
DCS1800
DECT
DL
Down Link
DoA
Direction of Arrival
DRNS
Drift RNS
DRX
Discontinuous Reception
DS-CDMA
DSP
DTAP
DTX
Discontinuous Transmission
DwPTS
E
EDGE
EFR
EIR
ERC
ERMES
ESA
ESCD
ETSI
F
FAC
FACCH
FB
FCCH
FDD
FDMA
FEC
FN
Frame Number
Appendix
FPLMTS
FR
Frame Relay
FR
FRAMES
G
GEO
GEostationary Orbital
GGSN
GMM
GMPCS
GMSC
Gateway MSC
GMSK
GP
Guard Period
GPRS
GPS
GSM
H
HCR
HCS
HEO
HLR
HO(V)
HandOver
HR
HPLMN
Home PLMN
HSCSD
I
IAM
ICO
ID
IDentification
ID
IDentity
Appendix
IMEI
IMSI
IMT-2000
IN
Intelligent Network
Inmarsat
ITU
IP
Internet Protocol
IP
Intelligent Peripheral
ISDN
ISP
ISUP
IWE
InterWorking Equipment
IWF
InterWorking Function
IWUP
J
JD
Joint Detection
JDC
K
kbps
Kc
cipher Key
Ki
L
LA
Location Area
LAI
LAN
LAPDm
LCR
LEO
LES
Appendix
LIC
LMT
LR
Location Register
M
MAP
MAI
MARISAT
MARItime SATellite
MBS
MCC
Mcps
ME
Mobile Equipment
MExE
MM
Mobility Management
MMI
MML
MNC
MOC
MS
Mobile Station
MSC
MSISDN
MSP
MSRN
MSS
MT
Mobile Termination
MTP
MTC
MTP
MUD
Multiuser Detection
Appendix
MUX
MUltipleXer
N
NB
Normal Burst
NCC
NDC
NE
Network Element
NMT
NSS
O
O&M
OACSU
ODMA
OFDMA
OMC
OMC-B
OMC-S
OSS
Operation SubSystem
OVSF
P
PA
Power Amplifier
PACS
PC
Power Control
PCM
PCU
PDA
PDC
PDN
PHS
Appendix
PIN
PLMN
PMR
PP
Point-to-Point
PSTN
Q
QOS
Quality Of Service
QPSK
R
RA
Rate Adaptation
RACH
RAND
RANDom number
REQ
REQuest
RES
RESponse
RF
Radio Frequency
RFC
RFCH
RFCN
RNC
RNS
RRM
RSS
Radio SubSystem
RU
Resource Unit
RX / Rx
Receiver
S
SACCH
SAP
SAPI
SB
Synchronization Burst
Appendix
SCCP
SCE
SCH
Synchronization CHannel
SDCCH
SF
Spreading Factor
SFH
SGSN
SIM
SM
Security Management
SMG
SMP
SMS
SN
Subscriber Number
SN
Switching Network
SP
Signaling Point
SP
Switching Point
SS
Supplementary Services
SSF
SSP
STP
SW
Software
T
T1
TA
Terminal Adaptor
TAC
TACS
TB
Tail Bit
TCAP
TCH
Traffic CHannel
Appendix
TD-CDMA
TDD
TDMA
TE
Terminal Equipment
TETRA
THSS
TIA
TMN
TMSI
TRAU
TRX
TRansceiver
TS
Tele Service
TS
TimeSlot
TTA
TTC
TX / Tx
Transmitter
U
UE
User Equipment
UL
UpLink
UMTS
UP
User Part
USIM
UTRA
UTRAN
UWC-136
V
VAD
VBR
10
Appendix
VBS
VHE
VLR
VMSC
Visited MSC
VoIP
VPLMN
Visited PLMN
W
WAN
WAP
WARC
W-CDMA
Wideband CDMA
WLL
11
References
References
References
References
Useful links
http://www.3gpp.org
http://www.itu.int/imt
http://www.etsi.fr
http://www.umts-forum.org
http://www.gsmworld.com
http://www.cdg.org
Glossary
Glossary
Glossary
AMPS (Advanced Mobile Phone Service):
Developed by AT&Ts Bell Laboratories in the1970s and first used in the US in
1983. The AMPS Standard has been the foundation for the industry in the United
States.
CDMA (Code Division Multiple Access):
Known in the US as IS-95, a spread spectrum approach to digital transmission.
With CDMA, each conversation is digitized and then tagged with a code. The
mobile phone is then instructed to decipher only a particular code to pluck the
right conversation off the air. It has a 1.25Mhz spread spectrum air interface,
uses the same frequency bands as AMPS and supports AMPS operation,
employing spread-spectrum technology and a special coding scheme. It was
adopted by the Telecommunications Industry Association (TIA) in 1993.
DAMPS (Digital AMPS): The second generation of the AMPS standard.
FDMA (Frequency Division Multiple Access): FDMA is the division of the
frequency band allocated for wireless cellular communication into 30 KHz
channels, each of which can carry a two way voice conversation. FDMA is the
basic technology used in AMPS, the most widely installed cellular phone system
in North America. With FDMA, each channel can be assigned to only one user at
a time.
EDGE (Enhanced Data rate for GSM Evolution):
The next generation of data heading towards third generation and personal
multimedia environments. It builds on GPRS and is a technique to increase the
maximum data capacity of GSM radio channels. It will allow GSM operators to
use existing GSM radio bands to offer wireless multimedia IP-based services and
applications at theoretical maximum speeds of 384 kbps with a bit-rate of 48 kbps
per timeslot and up to 69.2 kbps per timeslot in good radio conditions.
GPRS (General Packet Radio Service):
A GSM data transmission technique that does not set up a continuous channel
from a portable terminal for the transmission and reception of data, but transmits
and receives data in packets, with users only paying for the volume of data sent
and received.
GPS (Global Positioning System):
A satellite navigation system, consisting of 24 geosynchronous satellites. Used in
personal tracking, navigation and automatic vehicle location technologies.
Glossary
Glossary
Cell Site:
The central radio transmitter/receiver that maintains communications with mobile
phones within a give range. Also called a Base Station.
Diversity:
The use of multiple antennas to receive or transmit the same signal, so that if one
of the antennas picks up a weak signal, another antenna should have a strong
signal.
Downlink:
The transmission of radio signals from the Base Station to the mobile handset.
EIR (Equipment Identity Register):
The component of a GSM system that retains information about the identity of
equipment such mobile phones. Assists network operator in discovering stolen
mobile phones and blocking them from using the network.
Fading:
A reduction in signal strength in a radio signal. Fading is usually caused by
reflected waves from the transmitter having different phases from the main signal
path.
GMSC (Gateway Mobile Switching Center):
The component of a GSM network, which provides a point of connection between
the GSM network and the PSTN.
Handoff:
The process of transferring a mobile phone conversation from one cell site to
another as a user crosses cell areas during the conversation.
HLR (Home Location Register):
The component of a GSM network responsible for maintaining the location of a
mobile.
IMEI (International Mobile Equipment Identity):
The unique serial number given to each phone, to help in tracking stolen mobile
phones.
IMSI (International Mobile Subscriber Identity):
A unique number used in GSM systems to identify individual subscribers.
MAHO (Mobile Assisted Handoff):
Similar to a basic handoff, except that the mobile also helps in finding a suitable
base station to handoff into by providing the network with measurements
indicating which base station provides the largest signal strength.
Glossary
Modulation:
Information on a carrier signal modulated by varying one or more of the signal's
basic characteristics - frequency, amplitude and phase. Different modulation
carries the information as the change from the immediately preceding state rather
than the absolute state.
MS (Mobile Station):
Another name for a cellular mobile phone.
MSC (Mobile Switching Center):
The switch in a GSM network, which connects calls from the GMSC to the
particular base station in which the mobile phone is currently located. The MSC
also manages call handovers.
MTSO (Mobile Telephone Switching Office):
The central computer that connects a wireless phone call to the public telephone
network. The MTSO controls the entire systems operations, including monitoring
calls, billing and handoffs.
POTS (Plain Old Telephone Service):
Standard household phone service. PSTN (Public Switched Telephone Network):
The worldwide telephone network which allows people to call anywhere in the
world. The PSTN mainly consists of copper cables and switches.
Roaming:
Roaming allows a user to operate their mobile phone in another countries
network.
The users network makes agreements with other networks worldwide to allow
this to happen.
Smart antenna:
An antenna system with technology that enables it to focus its beam on a desired
signal to reduce interference. A wireless network would employ smart antennas
at its base stations in an effort to reduce the number of dropped calls, improve
call quality and improve channel capacity.
Soft handoff:
Procedure in which two base stations, one in the cell site where the phone is
located and the other in the cell site to which the conversation is being passed,
both hold onto the call until the handoff is completed. The first cell site does not
cut off the conversation until it receives information that the second is maintaining
the call. This reduces the probability of the call being blocked.
Uplink:
The transmission of radio signals from the mobile handset to the Base Station.
VLR (Visitor Location register):
The component of a GSM network which keeps track of a mobile phones
position to the nearest location area.
Glossary
Walsh codes:
A family of orthogonal codes often preferred for CDMA transmission.
WLL Wireless Local Loop:
The use of radio to replace copper wiring as a means of connecting the home to
the PSTN.
TRAINING SECTOR
GENERAL DEPARTMENT FOR
PLANNING & DEVELOPING PROGRAMS
Sub-sections
Procedures
Abbreviations
GPRS Introduction
GPRS Introduction
Sub-section reference
Sub-section identification
1
2
3
4
5
Pages
1
1
1
1
1
15
35
18
10
10
Chapter 1
Introduction and Overview
Siemens
Contents
1
23
1.1
34
1.2
46
69
2.1
170
2.2
192
GSM Phase2+
115
3.1
126
3.2
138
4
5
Exercise
Solution
23
27
Siemen
100
10
1
2002
2000
1998
1996
1994
1992
1990
1988
1986
0,01
1984
0,1
1982
Subscriber [M.]
1000
Year
Fig. 1 Increase in the number of subscribers due to introduction of first and second generation of mobile communication
Siemens
1.1
2 G Trends:
Speech Data transmission
100
1 G:
speech transmission only
speech transmission
supplementary services
data transmission
data
80
traffic [%]
2 G:
speech
60
40
20
0
1996
2001
2005
2007
year
Fig. 2 Trend in the traffic to be transported by future mobile communications systems
1.2
Siemens
Currently there are numerous different standards for 1G and 2G mobile radio systems, each of which has specific characteristics, advantages and disadvantages, applications and users. Most of the standards are used merely on a national or regional
scale and are not compatible with each other. They cannot meet the requirements
which will be indispensable for future mobile radio systems, such as improved
speech quality, worldwide availability and particularly a fast transfer of large amounts
of data.
3G currently being standardized under the heading IMT-2000 (International Mobile
Telecommunication) designates a global system of compatible standards which indeed is able to meet the high demands placed on future mobile radio systems (see
above). The general aim is to enable communication with anyone, anywhere, anytime.
Beside speech transmission, high data rate services and multimedia applications are
to be provided to the customer across all operator-dependent, national and geographical borders at any place and any time.
The body in charge of IMT-2000 specification is the International Telecommunication
Union ITU. Thus, IMT-2000 shall become the worldwide guideline to which all standards of the 3G orient themselves. In the framework of IMT-2000 guidelines ETSI is
about to standardize a follow-up GSM standard based on the experiences with and
the success of GSM: the standard is known as UMTS (Universal Mobile Telecommunication Standard).
UMTS is a downward compatible to GSM; as such it shall provide worldwide multimedia access at any point in time and cover all current mobile radio applications.
Data rates of 8 kbit/s up to a maximum of 2Mbit/s shall be supported.
Apart from UMTS the regional standardization authorities draw up further 3G based
on the IMT-2000 guidelines.
Siemens
2G
Paging
Digital Paging
e.g. ERMES
analog
Cordless Telephone CT
e.g. CT1, 1+
Digital CT
e.g. DECT, PACS, PHS
Wireless booth
Wireless
Local Loop
WLL
analoge
Private Mobile Radio
PMR
digital
PMR
e.g. TETRA
analog
cellular systems
e.g. C450, NMT, AMPS
digital
cellular systems
e.g GSM, D-AMPS,
IS-95, PDC
analog MSS
e.g. INMARSAT
digital MSS
e.g. IRIDIUM
applications
countries / regions
3G
one standard (family)
for all
applications
countries / regions
IMT-2000:
UMTS, MC-CDMA,
TD-SCDMA,...
compatibility within 3G
downward compatibility to
2G (e.g. UMTS GSM)
resource efficiency
high data rates
Multimedia
Fig. 3 Intention of third generation as a common global standard for different applications, regions, and service areas
Siemens
Mobile Radio
Evolution
2.1
Siemens
The GSM standard was planned in the early 80ties and agreed upon in 1990 as first
2G standard. The GSM standard has been specified by ETSI as a consistent open
standard for cellular mobile radio systems. It consists of more than 100 recommendations, categorized into 12 series.
Within Rel. 99 the GSM standard is know specified by GERAN, a group of 3gpp. The
new series are now be found in series number 40-50.
Commercial operation of GSM networks started in 1992. Originally the systems were
planned for Europe only, but in the middle of 1999 there were already 340 GSM networks worldwide in 135 countries/regions. In 2001 there are about 45 million subscriber worldwide
Beside the originally planned GSM standard in the 900 MHz range (GSM900 / EGSM) further GSM adaptations were specified during the 90ties in the 1800 and 1900
MHz range (GSM1800 & GSM1900) as well as one adaptation for railway communication (GSM-R).
GSM900 / E-GSM
In 1990 the first GSM standard, known as GSM900 with 2x 25 MHz developed. An
extension of this, the E-GSM (Extended GSM), provides a further 20 MHz, i.e. a total
of 2 x 35 MHz for GSM, in the event that national authorizations to operate other systems expire.
GSM1800 (DCS1800)
In 1991 the DCS1800 (Digital Cellular System) standard, a GSM adaptation, was
agreed upon as result of a British initiative in view of the opening-up of a massmarket; in 1997 this standard was renamed GSM1800. For GSM1800 2 x 75 MHz is
available in the 1800 MHz area.
GSM1900 (PCS1900)
Since 1995 PCS1900 (Public Cellular System), renamed GSM1900 in 1997 represents the GSM adaptation for the American market. 2 x 60 MHz are available for
GSM1900 and other standards (D-AMPS, IS-95,..).
GSM-R
GSM-R (Railway) was specified as GSM Adaption for mobile radio communication. In
1995 ETSI decided to reserve 2 x 4 MHz in 900 MHz range for GSM-R. First GSM-R
systems are in operation since 1998
Siemens
890
GSM-R
935
GSM-Adaptations
GSM
900
GSM
900
E-GSM
E-GSM
876 880
960
GSM1800
GSM1900
GSM-R
GSM
1800
GSM
1800
GSM
1900
[MHz]
1710
Frequency Range
[MHZ]
GSM900
E-GSM
1880
Useable HF
channels
GSM
1900
1910 1930
1990 [MHz]
Application Area
124
174
Worldwide except
US
374
Worldwide except
US
Shares HF-channels
with other standards
19
US
European
railroads
2.2
Siemens
Siemens
Capabilities
Downward compatibility
Phase 2
Phase 1
Phase 1
1991
Speech FR,
standard services
Data: max. 9,6 kbit/s
Phase 2+
Phase 2
Phase 1
1995
multiple
Supplementary Services (SS)
comparable to ISDN;
decision downward compatibility
1997
year
Annual Releases !
new SS
IN-applications
new Bearer Services
(high data rates)
10
Siemens
GSM Phase2+
Mobile Radio
Evolution
GSM - Phase 2+
Fig. 7
11
Siemens
3.1
GSM phase 2+ develops solutions for numerous demands placed on future mobile
radio systems. Improved speech quality is realized through introduction of a new
speech code (Enhanced Full Rate Speech), worldwide availability is achieved
through multi-mode terminal equipment (satellite roaming). New features (e.g. Advanced Speech Call Items ASCI for GSM-R) and IN-integration (e.g. Customized Applications for Mobile network Enhanced Logic, CAMEL) supplement the portfolio of
applications. For the implementation of mobile Computing / Internet access, bearer
services such as High Speed Circuit Switched Data HSCSD, General Packet Radio
Service GPRS are standardized allowing for the adaptation of transmission rates to
those of ISDN. Also, transmission rates can be increased up to 100 kbit/s and more.
User-friendly equipment and comfortable connection options to the mobile equipment
(Blue Tooth) round off the offer and make it suited to meet future demands.
The importance of phase 2+ lies, however, also in the creation of a platform on which
the GSM follow-up standard UMTS can be based. Numerous features of phase 2+
(especially GPRS and CAMEL) are guidelines for UMTS and shall prepare UMTS
features. Thus, upward compatibility of GSM with the 3rd mobile generation is ensured and also downward compatibility of UMTS with GSM. To successfully introduce
UMTS this compatibility with GSM as quasi-world standard is indispensable, as is
the usage of a common GSM (Phase 2+)/UMTS infrastructure.
GSM
Phase2+
Satellite
Roaming
EFR
Enhanced
Full Rate
GPRS
Multiple further
features
ASCI
Advanced Speech
Call Items
CAMEL
Customized Application
for Mobile network
Enhanced Logic
HSCSD
High Speed Circuit
Switched Data
MultiBand / Mode
EDGE
Enhanced Data Rates
for the GSM evolution
General Packet
Radio Service
GSM
Phase 2+
Solutions
Fig. 8 Solutions for new demands and market trends offered by GSM phase 2+
12
3.2
Siemens
To increase the data transmission rates, in GSM phase 2+ new bearer services with
rates comparable to or higher as ISDN are developed:
HSCSD (High Speed Circuit Switched Data)
GPRS (General Packet Radio Services)
EDGE (Enhanced Data Rates for the GSM Evolution)
High Speed Circuit Switched Data HSCSD
HSCSD (Rec. 02.34) is a circuit switched data service (only point-to-point) for applications with higher bandwidth demands and continuous data stream, e.g. motion
pictures or video telephony. The higher bandwidth is achieved by combining 1-8
physical channels for one subscriber. Additionally, the data transmission codec was
changed such that a maximum of 14.4 kbit/s instead of 9.6 kbit/s can be transmitted
per physical channel. In this way, HSCSD theoretically enables transmission rates up
to 115.2 kbit/s. In order to implement HSCSD merely the GSM-PLMN software must
be modified. More problematic is the high volume of resources needed.
General Packet Radio Services GPRS
With GPRS it is possible to combine 1-8 physical channel for one user, just as with
HSCSD. Various new coding schemes with transmission rates of up to 21.4 kbit/s per
physical channel enable theoretical transmission rates up to 171.2 kbit/s. Opposite to
HSCSD, GPRS is a packet-switched bearer service, meaning that the same physical
channel can be used for different subscribers. GPRS is resource efficient for applications with a short-term need for high data rates (e.g. surfing the Internet, E-mail, ...).
GPRS also enables point-to-multipoint transmission and volume dependent charging.
Extensions of the GSM network and protocol architecture are necessary for GPRS
implementation.
13
Siemens
GPRS
circuit oriented
real time applications
(e.g. video telephone)
bundling of channels
(up to 8 time slots)
new coding scheme
(9.6 kbit/s 14.4 kbit/s)
point-to-point
small HW modifications
packet oriented
data applications
(e.g. internet surfing)
bundling of channels
(up to 8 time slots)
4 new coding schemes
(9.6 kbit/s 9.05 ... 21.4 kbit/s)
point-to-multipoint
new network elements/protocols
14
Siemens
EDGE
EDGE:
uses a new modulation method:
replaces GMSK by 8PSK
three bit of information can be transported
by one symbol of modulation (instead of one bit)
BTS has to be upgraded
hardware modifications are necessary
will possibly used only DL in the introduction phase
cheap mobile phones
asymmetric data rates in UL and DL
15
Chapter 2
GPRS General Packet Radio
Services
Sidemen's
Contents
1
23
1.1
34
1.2
Standardization
56
Basic Principles
79
2.1
180
2.2
102
2.3
124
GPRS-Architecture
1721
3.1
GPRS Architecture
1822
3.2
1924
3.3
216
Logical Functions
2735
4.1
2836
4.2
3544
5
6
Exercises
Solutions
47
55
Sidemen's
GPRS
General Packet Radio Services
Fig. 1
GPRS
- General Packet Radio Services
Sidemen's
1.1
Sidemen'
GPRS - General Packet Radio Services
The transmission of data is becoming increasingly important in the field of telecommunication. In the fixed network, the transmission of extensive data files and E-mail
and contacts to the Intra- and Internet is by far in excess of language transmission.
The need for mobile data transport is increasing at a similarly impressive rate, yet the
presently available mobile communication systems, even GSM, still present a number of shortcomings.
Disadvantages for the user in GSM Phase 1/2:
In GSM (phase 1/2), the data rate is limited to a peak value of 9.6 kbit/s
Links to the data networks need to be routed via PSTN/ISDN (Additional charging of
the user for using a transit network)
The user is billed for the connection duration instead of being billed for his/her actual
use of the network (data volume)
The set-up of a connection takes more time (ca. 20s if a modem is used)
The length of SMS is limited (160 alphanumerical characters)
Disadvantages for the provider in GMS Phase 1/2:
Inefficient resource management & the number of users is limited.
HSCSD (High Speed Circuit Switched Data)
In principle, transmission rates of up to 115.2 kbit/s can be achieved with HSCSD.
Combining 4 timeslots, the ISDN transmission rate can be matched. One problem of
HSCSD, however, is the circuit switched data transmission. Efficient resource management is impossible. Additional costs arise for the user. For this reason HSCSD is
essentially suited for applications involving high but constant transmission rates
(videotelephony).
GPRS (GENERAL PACKET RADIO SERVICES)
GPRS is, on the one hand, intended to provide the possibility of transmitting large
volumes of data in a very short time. On the other hand it is meant to ensure effective
management of available resources, which will increase the number of users and reduce the costs arising for the individual user (volume-oriented fees).
Another positive consequence of the introduction of GPRS is its direct access to the
Intra- and Internet and the possibility to use point-to-point and point-to-multipoint services side by side. An important aspect is that GSM networks are prepared for the introduction of UMTS.
Sidemen's
GPRS Objectives
& Advantages
SMSC
PDNs
SMS
BSS
SSS
BS-udi
ISDN
Modem
Service provider
access point
Modem
BS3.1 kHz
audio
IP
Internet
Intranet
PSPDN
PSTN
GPRS
- General Packet Radio Services
Sidemen's
1.2
Sidemen'
GPRS - General Packet Radio Services
Standardization
The introduction of GPRS into the GSM Recommendations is carried out in two
phases.
Phase 1 of GPRS introduction was completed by ETSI in the Annual Release 1997
(03/98) and includes all central GPRS functions.
Phase 1 supports:
Point-to-point transfer of user data
TCP/IP and X.25 bearer services
GPRS identities
GPRS safety (a new ciphering algorithm specially designed for packet data)
Support of volume-oriented billing
In Phase 2, further extensions are planned for all requirements to be met by GPRS:
Support of point-to multipoint (PTM) services
Support of special point-to-point and point-to-multipoint services for applications such
as traffic telematics and GSM-R (PTM-Group Call: PTM-Multicast)
Support of further additional services
Support of additional interworking functions (e.g. ISDN)
Phase 2 will be completed in 1998 or 1999.
GPRS Phase 1 includes the introduction of a number of new recommendations;
some of the existing recommendations have been modified to cover other GPRS
functions, too.
The following recommendations are of central importance:
Rec. 02.60 General GPRS Overview
Rec. 03.60 GPRS System and architecture description
Rec. 03.64 Radio architecture description
GPRS-Standardisation
Sidemen's
Phase 1:
(Rel.`97)
Phase 2:
(Rel.`98/99)
Rec. 02.60
ETSI/GERAN
Rec. 03.60
GPRS system &
architecture description
Rec. 03.64
Very important:
Sidemen's
Basic Principles
GPRS
General Packet Radio Services
Basics
Fig. 4
GPRS
- General Packet Radio Services
Sidemen's
2.1
Sidemen'
GPRS - General Packet Radio Services
Sidemen's
CS-1
CS-2
CS-3
CS-4
Coding
Schemes
GPRS-MSs:
combining 1-8 TS
GPRS-MSs:
sharing physical channel
GPRS-MSs:
asymmetric UL / DL
9,05 kbit/s
13,4 kbit/s
15,6 kbit/s
1-8
channel
Up to
171,2 kbit/s
(theoretically)
21,4 kbit/s
different
redundancy (FEC)
Um transmission quality
GPRS
- General Packet Radio Services
Sidemen's
2.2
Sidemen'
GPRS - General Packet Radio Services
The GPRS Subscriber Profile is the description of the services a subscriber is allowed to use. Essentially, it contains the description of the packet data protocol used.
A subscriber may also use different packet data protocols (PDPs), or one PDP with
different addresses. The following parameters are available for each PDP:
The packet network address is necessary to identify the subscriber in the public
data net. Either dynamically assigned (temporary) addresses or (in the future) static
addresses are used in case of IP. The problem of the dynamic addresses will be
overcome with the change from Ipv4 to IPv6. In GPRS is two layer 2 protocols are allowed, X.25 or IP.
The quality of service QoS: QoS describes various parameters. The subscriber profile defines the highest values of the QoS parameters that can be used by the subscriber.
The screening profile: This profile depends on the PDP used and on the capacity of
the GPRS nodes. It serves to restrict acceptance during transmission/reception of
packet data. For example, a subscriber can be restricted with respect to his possible
location, or with respect to certain specific applications.
The GGSN address: The GGSN address indicates which GGSN is used by the subscriber. In this way the point of access to external packet data networks PDN is defined. The internal routing of the data is done by IP protocol; the GSNs will have IP
addresses. A DNS function is needed to find the destination of the data packets (address translating: e.g. www.gsn-xxx.com 129.64.39.123)
10
Sidemen's
QoS
Quality of Service
Packet
network address
static/dynamic
IP address
PDP
Parameter
GGSN address
Access to external PDN
Screening
Profile
limits receiving / emission
of data packets
Fig. 6 Part of the GPRS subscriber profile are the PDPs and their parameters
11
GPRS
- General Packet Radio Services
Sidemen's
2.3
Sidemen'
GPRS - General Packet Radio Services
The different applications that will make use of packet-oriented data transmission via
GPRS require different qualities of transmission. GPRS can meet these different requirements because it can vary the quality of service (QoS) over a wide range of attributes. The quality of service profile (Rec. 02.60, 03.60) permits selection of the following attributes:
Precedence class
Delay class
Reliability class
Peak throughput class
Mean throughput class.
Peak
throughput
class
precedence class
reliability class
mean throughput
class
delay class
PLMN must support only
limited QoS service profile
12
GPRS
- General Packet Radio Services
Sidemen's
Sidemen'
GPRS - General Packet Radio Services
Precedence Class
Three different classes have been defined to allow assessment of the importance of
the data packets, in case of limited resources or overload:
1. High precedence
2. Normal precedence
3. Low precedence
Delay Class
GSM Rec.02.60 defines 4 delay classes (1 to 4). However, a PLMN only needs to realize part of these. The minimum requirement is the support of the so-called best effort delay class (Class 4). Delay requirements (maximum delay) concern the delay of
transported data through the entire GPRS network (the first two columns refer to data
packets 128 bytes in length, while the last two columns apply to packets 1024 bytes
in length).
Delay Class
mean transfer
delay (sec)
95% delay
(sec)
mean transfer
delay (sec)
95% delay
(sec)
< 0,5
< 1,5
<2
<7
<5
< 25
< 15
< 75
< 50
< 250
< 75
< 375
4 (Best Effort)
unspecified
unspecified
unspecified
unspecified
13
Sidemen's
Delay Class
Delay Class
mean transfer
delay (sec)
1
< 0,5
2
<5
3
< 50
4 (Best Effort) unspecified
minimum
requirements
95% delay
(sec)
< 1,5
< 25
< 250
unspecified
mean transfer
delay (sec)
<2
< 15
< 75
unspecified
95% delay
(sec)
<7
< 75
< 375
unspecified
1024 Byte
Fig. 8 QoS is an assumption of several parameters, which are defined in the recommendations
14
GPRS
- General Packet Radio Services
Sidemen's
Sidemen'
GPRS - General Packet Radio Services
Reliability Class
Transmission reliability is defined with respect to the probability of data loss, data delivery beyond/outside the sequence, twofold data delivery, and data falsification
(probabilities 10-2 to 10-9):. 5 reliability classes (1 to 5) have been defined, 1 guaranteeing the highest and 5 the lowest degree of reliability. Highest reliability (Class 1) is
required for error-sensitive, non-real-time applications, which have no possibility of
compensating for data loss; lowest reliability (Class 5) is needed for real-time applications which can get over data loss.
15
Sidemen's
Reliability Class
1 - 5 (lowest):
data loss probability
out of sequence probability
duplicate probability
corrupt data probability
probabilities 10 -9 - 10 -2
Fig. 9 QoS is an assumption of several parameters, which are defined in the recommendations
16
Sidemen's
GPRS-Architecture
GPRS
General Packet Radio Services
Architecture
Fig. 10
17
GPRS
- General Packet Radio Services
Sidemen's
3.1
Sidemen'
GPRS - General Packet Radio Services
GPRS Architecture
For introducing GPRS, the logical GSM architecture is extended by two functional
units:
The Serving GPRS Support Node SGSN is on the same hierarchic level as MSC
and has functions comparable to those of a Visited MSC (VMSC).
The Gateway GPRS Support Node GGSN has functions comparable with those of a
Gateway MSC (GMSC) and offers interworking functions for establishing contact between the GSM/GPRS-PLMN and external packet data networks PDN
A GPRS Support Node GSN includes the central functions required to support the
GPRS. One PLMN can contain one or more GSNs.
In addition to GSN, extensions of functions in other GSM functional units are necessary:
In the BSS a Packet Control Unit PCU ensures the reception/adaptation of packet
data from SGSN into BSS and vice versa.
GPRS subscriber data are added to the HLR. On the following pages of this script
this extension will be termed GPRS Register GR.
GPRS - Architecture
Channel Codec Unit CCU
in BTS
for channel coding
HLR
Mobile
DTE
BSS
PCU
VMSC /
VLR
GMSC
PSTN
ISDN
SGSN
GGSN
Serving GPRS
Support Node
Gateway GPRS
Support Node
Internet
Intranet
X.25
18
Sidemen's
GPRS
- General Packet Radio Services
3.2
Integration of functions GGSN and SGSN (which are necessary for GPRS) into a
GSM-PLMN makes it necessary to provide names for a series of new interfaces in
addition to interfaces A-G already defined in the GSM-PLMN:
Gb - between an SGSN and a BSS; Gb allows the exchange of signaling and user
data: Unlike the A-interface, in which a user is assigned a certain physical resource
for the entire/full duration of a connection, on Gb a resource is only assigned in case
of activity (i. e. when data are being transmitted/received). A large number of subscribers use the same physical resources. The same holds for interfaces Gi, Gn and
Gp.
Gc - between a GGSN and an HLR
Gd - between an SMS-GMSC / SMS-IWMSC and an SGSN
Gf - between an SGSN and an EIR
Gi - between GPRS and an external packet data network PDN
Gn - between two GPRS support nodes GSN within the same PLMN
Gp - between two GSN located in different PLMNs. The Gp interface allows the supporting of GPRS services over an area of cooperating GPRS PLMNs.
Gr - between an SGSN and an HLR
Gs - between an SGSN and an MSC/VLR; serves to support an MS using both
GPRS and circuit switched services (e.g. update of location information).
19
Sidemen's
BTS
(SIM)
Um
Uu
UE
(USIM)
Abis
BTS
B
S
C
T
R
A
U
VLR
A
A
IWF/
TC
Gb
CSE
GSM BSS
UMTS
Terrestrial
Radio
Access
Network
MSC
Gs
Iu(CS)
Iu(PS)
E
Gf
SGSN
Gd
SMS-GMSC
SMS-IWMSC
GMSC
PSTN
ISDN
EIR HLR/AC
Gr
Gc
GGSN G
Gn
i
SLR
IP
X.25
GSM Phase 2+
Core Network
IWF/TC: Interworking Function / Transcoder
Fig. 12 Common GSM/GPRS/UMTS core network, coexistence of two radio access networks (GSM BSS/UTRAN)
20
Sidemen's
GPRS
- General Packet Radio Services
3.3
3.3.1
Sidemen'
GPRS - General Packet Radio Services
3.3.2
Routing information serves to contact the respective SGSN in the providing area of
which an MS is momentarily located;
has a screening function;
can inquire about location informations from the HLR via the optional Gc interface
transfers data/signaling to SGSN via Gn interface.
21
Sidemen's
SGSN
GGSN
22
Sidemen'
GPRS - General Packet Radio Services
Sidemen's
GPRS
- General Packet Radio Services
3.3.3
SGSN and GGSN functions, respectively, can be located within the same physical
unit or at different locations in different physical units. SGSN and GGSN include the
internet protocol (IP) routing function and can be linked together/Interconnected with
IP routers (IP-based GPRS backbone network for Gn). The same holds for the Gp interface (SGSN and GGSN in different PLMNs); in addition there are safety functions
for inter-PLMN communication.
MSC/VLR
HLR (GR)
Gs
BSS
PCU
Gb
BSS
PCU
Gb
GPRS-MS
SGSN & GGSN
in same
physical entity
Gr
Gi
GGSN
SGSN
BSS PCU
GPRS-MS
SGSN
other
PLMN GGSN
External
IP Network
BSS PCU
SGSN
HLR:
Gn
IP-based
Backbone
Network
Gp
GGSN
GGSN
External
IP Network
External
X.25 Network
Security fu nctions
for Inte r-PLMN
co mmunication
23
GPRS
- General Packet Radio Services
Sidemen's
3.3.4
Sidemen'
GPRS - General Packet Radio Services
3.3.5
24
Sidemen's
MS
CCU
CCU
MS
BTS
BSC site
CCU
BTS
BSC site
GSN site
PCU
BTS
BSC site
GSN site
PCU
CCU
Um
GSN site
PCU
CCU
MS
optional:
PCU-location
Gb
Abis
Gb
Packet Control Unit PCU
Channel Access Control functions
Radio Channel Management functions
(Power Control, Congestion Control,...)
scheduling data transmission (UL/DL)
protocol conversion (Gb Um)
25
GPRS
- General Packet Radio Services
Sidemen's
3.3.6
Sidemen'
GPRS - General Packet Radio Services
A GPRS MS can work in three different operational modes. The operational mode
depends on the service an MS is attached to (GPRS or GPRS and other GSM services) and on the mobile stations capacity of simultaneously handling GPRS and
other GSM services.
Class A operational mode: The MS is attached to GPRS and other GMS services
and the MS supports the simultaneous handling of GPRS and other GSM services.
Class B operational mode: The MS is attached to GPRS and other GMS services,
but the MS cannot handle them simultaneously.
Class C operational mode: The MS is attached exclusively to GPRS services.
Note: Various GSM specifications use the terms GPRS Class-A MS, GPRS Class-B
MS, GPRS Class-C MS.
GPRS-Mobile Station
Class A
Simultaneously handling
of GPRS and other
GSM services
Class B
GPRS and GSM
services but not
simultaneously
Class C
Only GPRS services
26
Sidemen's
Logical Functions
GPRS
General Packet Radio Services
Logical Functions
Fig. 17
27
Sidemen's
GPRS
- General Packet Radio Services
4.1
The tasks required for the handling of processes in the GSM-/GPRS network are
structured into logical functions. These functions may contain a large number of individual functions. Logical functions are:
Network access control functions
Packet routing and transfer functions
Mobility management functions
Logical link management functions
Network management functions.
Logical functions
in GPRS networks
Network Access
Control
Functions
Mobility
Management
Functions
Radio Resource
Management
Functions
Packet Routeing
& Transfer
Functions
Logical Link
Management
Functions
Network
Management
Functions
28
Sidemen's
GPRS
- General Packet Radio Services
4.1.1
Sidemen'
GPRS - General Packet Radio Services
Network access means the way or manner in which a subscriber gains access to a
telecommunication network to make use of the services this network provides. An
access protocol consists of a defined set of procedures, which makes access to the
network possible. Network access can be obtained both from the MS and from the
fixed network part of the GPRS network. Depending on the provider, the interface to
external data networks can support various access protocols, e.g. IP or X.25. The following functions have been defined for access to the GPRS network:
Registration function: Registration stands for linking the identity of the mobile radio
subscriber to his packet data protocol (or protocols), the PLMN-internal addresses
and the point of access of the user to external data Protocol (PDP) networks. This
link can be static (HLR entry), or it can be effected on demand.
Authentication and authorization function: This function stands for the identification of the subscriber and for access legitimacy when a service is demanded. In addition, the legitimacy of the use of this particular service is controlled. The authentication function is carried out in conjunction with the mobility management functions.
Admission control function: Admission control is intended for determining the network resources required for performing the desired service (QoS). It also decides
whether these resources are available, and lastly it is used for reserving resources.
Admission control is effected in conjunction with the radio resource management
functions to enable assessment of radio resources requirements in each individual
cell.
Message screening function: A "screening" function is combined with the filtering of
unauthorized or undesirable information/messages. In the introduction stage of
GPRS a network-controlled screening function is supported. Subscription-controlled
and user-controlled screening may be additionally provided at a later stage.
Packet terminal adaptation function: This function adapts data packets received/transmitted from/to the terminal equipment TE to a form suited for transport
through the GPRS network.
Charging data collection function: This function is used for collecting data required
for billing
29
Sidemen's
Admission Control
*required resources
(available resouces)
(reservation of resources)
Authentication &
Authorisation
*user
*requested services
Message Screening
Filters unsolicited and
unauthorised messages
30
Sidemen's
GPRS
- General Packet Radio Services
4.1.2
Sidemen'
GPRS - General Packet Radio Services
A route consists of an orderly list of nodes used for the transfer of messages within
and between the PLMNs. Each route consists of the node of origin, no node, one or
several relay nodes, and the node of destination. Routing is the process of determining and using the route for the transmission of a message within or between PLMNs.
Relay function: Transferring data received by a node from another node to the next
node of the route.
*Routing function: Determining the transmission path for the next hop on the route
towards the GPRS support node (GSN) the message is intended for. Data transmission between GSNs can be effected via external data networks possessing their own
routing functions; e. g. X.25, Frame Relay or ATM networks.
Address translation and mapping function: Address translation means transforming
one address into another, different address. It can be used to transform addresses of
external network protocols into internal network addresses (for routing purposes).
Address mapping is used to copy a network address into another network address of
the same type (e.g. for the routing and transmitting of messages from one network
node to the next).
Encapsulation function: Encapsulation means supplementing address- and control information into one data unit for the routing of packets within or between PLMNs. The
opposite process is called decapsulation. Encapsulation and decapsulation is effected between the GSN of the GPRS-PLMN as well as between the SGSN and the
MS.
Tunneling Function: Tunneling means the transfer of encapsulated data units in the
PLMN. A tunnel is a two-way point-to-point path, only the endpoints of which are
identified.
Compression function: for the optimal use of radio link capacity.
Ciphering function: preventing eavesdropping
Domain name server function: Decoding logical GSN names in GSN addresses. This
function is a standard function of the internet.
31
Sidemen's
Relay
forward data packets
Address Mapping
&Translation
Routing
next hop
Encapsulation
Ciphering
Tunneling
Compression
Domain Name
Server
32
Sidemen's
GPRS
- General Packet Radio Services
4.1.3
Sidemen'
GPRS - General Packet Radio Services
Mobility management functions are used to enable tracing the actual location of a
mobile station in either the home-PLMN or a Visited-PLMN.
4.1.4
Logical link management functions concern maintenance of a communication channel between an MS and the PLMN via the radio interface Um. These functions include the coordination of link state information between the MS and the PLMN and
the monitoring of data transfer activities via the logical link.
Logical link establishment function: Building up a logical link by during GPRS attach.
Logical link maintenance function: Monitoring of the state of the logical link and
state modification control.
Logical link release function: De-allocation of resources associated with the logical
link.
4.1.5
Radio resource management functions include allocation and maintenance of communication channels via the radio interface. The GSM radio resources must be divided /distributed between circuit switched services and GPRS.
Um management function: Managing available physical channels of cells and determining the share of radio resources allocated for use in the GPRS. This share may
vary from cell to cell.
Cell selection function: Allows the MS to select the optimal cell for a communication
path. This includes measurement and evaluation of the signal quality of neighboring
cells and detection and avoidance of overload in the eligible cells.
Um-tranx function: Offers capacity for packet data transfer via Um. The function includes a. o. procedures for multiplexing packets via shared physical channels, for retaining packets in the MS, for error detection and correction, and for flow control.
Path management function: Management of packet data communication between
BSS and serving GSN node. Establishing and canceling these paths can be effected
either dynamically (amount of traffic data) or statically (maximum load to be expected
for each cell).
4.1.6
Network management functions provide mechanisms for the support of GPRSrelated operation & maintenance functions.
33
Sidemen's
Radio Resource
Management Functions
Logical Link
Management Functions
Management
Functions
Fig. 21 Mobility management, logical link, radio resource and network management functions
34
Sidemen's
GPRS
- General Packet Radio Services
4.2
Sidemen'
GPRS - General Packet Radio Services
The tasks described in the logical functions can be allocated to various functional
units of the GSM-/GPRS network. The mobile station MS, the base station subsystem BSS (with the packet control unit PCU and channel codec unit CCU), the serving
GPRS support node SGSN and the gateway GPRS support node GGSN participate
in handling the following functions:
Function
MS
BSS
SGSN
GGSN
HLR
Admission Control
X
X
Message Screening
Packet Terminal Adaptation
X
X
Routing
Encapsulation
Tunneling
Compression
Ciphering
X
X
Cell Selection
Um-Tranx
Path Management
35
Chapter 3
GPRS Radio Interface
Siemens
Contents
1
23
1.1
34
1.2
56
1.3
Radio Block
78
1.4
Coding Schemes:
190
1.5
134
1.6
Multiframes in GPRS
178
2
3
Exercises
Solutions
21
25
Siemens
GPRS:
Interfaces
Fig. 1
1.1
Siemen
Siemens
Transmission
of user &
signaling data
Measure
signal strength
GSM RF:
GPRS Layer 1 (Um)
Cell Selection
L1tasks
Power Control
functions
determinate &
actualise
Timing Advance
Resource optimization:
1 physical channel to be used
by many MSs simultaneously !!
asymmetrical traffic
UL / DL possible !!
29 multislot classes
1.2
Siemen
Sharing of Resources in a Cell: GSM circuit switched (CS) users will share the time
slots in a BTS with the GPRS packet switched (PS)users. A physical channel can either be used for GSM CS or GPRS PS traffic but not for both at the same time. Depending on the traffic load in the cell there will be more or less channels available for
GPRS, CS connections are dealt with priority.
Sharing of Physical Channels: It is a characteristic of a CS connection that the
physical resource (the time slot) is reserved for one subscriber. Therefore the
GSM CS users cannot share their channels with others. In contrast GPRS PS subscribers can share physical channels. The handling of the channels, the multiplexing
of subscribers onto the same time slots is done by software (protocol, MAC) and
hardware (PCU). Packet oriented connections are not only carried out through the
core network by usage of an appropriate hardware (ATM switches) and software
(protocols) but also on the air interface. This is an important feature of GPRS with regard to an optimized usage of resources on Um, which is the limiting bottleneck in the
PLMN.
Multislot Classes: The subscribers for GPRS will have different needs (applications,
data rates) and therefore the MS will have more or less capabilities. The network
(PCU) will have to identify these different MSs by their multislot class, which indicates
how many time slots (channels) can be bundled by the MS uplink and downlink. A
cheap GPRS mobile will be a GSM mobile that is able to handle the protocols and
coding schemes of GPRS. This will be multislot class 1: one time slot UL and one
time slot downlink can be "bundled". The other extreme is multislot class 29 which
will be able to receive and to transmit in eight time slots UL and DL simultaneously. In
consequence such a MS has to have two synthesizers, and a high battery capacity
because this is more or less continuous transmission and reception. The MS will
send its multislot class and the PCU will only assign time slot combinations which can
be handled by this equipment.
Siemens
Radio Blocks
Subscriber B
TS 0 TS 1 TS 2 TS 3 TS 4 TS 5 TS 6 TS 7
Radio Blocks
Subscriber C
DL
Radio Block
Subscriber D
TS 0 TS 1 TS 2 TS 3 TS 4 TS 5 TS 6 TS 7
1.3
Siemen
Radio Block
Channel coding was modified substantially for GPRS purposes (GSM Rec. 03.64).
Channel coding starts with the division of digital information into transferable blocks.
These radio blocks, i.e. the data to be transferred (prior to encoding) comprise:
a header for the Medium Access Control MAC (MAC Header)
signaling information (RLC/MAC Signaling Block) or user information (RLC Data
Block) and
a Block Check Sequence BCS.
The functional blocks (radio blocks) are protected in the framework of convolutional
coding against loss of data. Usually, this means inserting redundancy.
Furthermore, channel coding includes a process of interleaving, i.e. different arrangement in time. The convolutional radio blocks are interleaved to a specific number of bursts/burst blocks. In the case of GPRS, interleaving is carried out across four
normal bursts NB in consecutive TDMA frames and, respectively, to 8 burst blocks
with 57 bit each.
Four new coding schemes were introduced for GPRS (Rec. 03.64): CS-1 to CS-4.
These can be used alternatively depending on the information to be transferred and
on the radio interfaces quality.
Siemens
collect
BCS
user data
signaling
MAC Header
BCS
Channel Coding
Radio Block
Convolutional
(not CS-4)
Radio Block
Puncturing
(only CS-2, CS-3)
Interleaving
(Redundancy !)
coding
puncturing
Radio Block (456 Bits)
57 Bit
57 Bit
57 Bit
57 Bit
57 Bit
8 Burstblocks
1.4
Siemen
Coding Schemes:
CS-1: CS-1 uses the same coding scheme as specified by Rec. 05.03 for the
SDCCH. It comprises a half rate convolutional code for FEC forward error correction.
CS-1 corresponds to a data rate of 9.05 kbit/s.
CS-2 and CS-3 are punctured version of the same half rate convolutional code as
CS-1. The coded bits are numbered starting from 0 and certain punctured bits are
removed.
CS-2: With CS-2 the punctured bits have numbers 4 i + 3 with i = 3,...,146 (exception: i = 9, 21, 33, 45, 57, 69, 81, 93, 105, 117, 129, 141). This means that none of
the first 12 bits is punctured. CS-2 corresponds to a data rate of 13.4 kbit/s. Remark:
For CS-2 the puncturing pattern must be adapted to the future new TRAU frame format in order to be used via the Abis interface (e.g. more bits must be punctured to
make space for RLC signaling).
CS-3: With CS-3 the punctured bits have numbers 6 i + 3 and 6 i + 5 with i =
2,...,111. CS-3 corresponds to a data rate of 15.6 kbit/s.
CS-4: CS-4 has no redundancy (no FEC) and corresponds to a data rate of 21.4
kbit/s.
By bundling up to 8 packet data channels of one carrier into one MS, transmission
rates up to 171.2 kbit/s are possible.
Siemens
CS-2
CS-3
13,4 kbit/s
15,6 kbit/s
21,4 kbit/s
Radio
Block*
Coding Code
Scheme Rate
CS-4
Different
Redundancy
(FEC)
Quality Um
CS-1
1/2
181
456
CS-2
2/3
268
588
132
13,4
CS-3
3/4
312
676
220
15,6
CS-4
428
456
21,4
9,05
Fig. 6 Coding schemes of GPRS, CS1 with high redundancy, CS4 no redundancy, radio blocks
10
Siemen
11
Siemens
Channel Coding
20
18
CS1
CS2
CS3
CS4
16
14
12
10
8
6
4
2
0
18
17
16
15
14
13
12
11
10
Fig. 7 Comparison of the efficiency of the four coding schemes under realistic circumstances of the air interface
12
1.5
Siemen
13
Siemens
Logical Channel
(for GSM Circuit Switched)
BCCH
BCH
Broadcast Channel
DL
FCCH
Frequency Correction Channel
SCH
Synchronisation Channel
CCCH
Signaling
DL
PCH
Paging Channel
AGCH
Access Grant Channel
NCH
UL
Notification Channel
RACH
DCCH
Dedicated Control Channel
UL
+
DL
SDCCH
Stand Alone Dedicated
Control Channel
SACCH
Slow Associated
Control Channel
FACCH
Fast Associated
Control Channel
TCH/F
Traffic
User Data
UL + DL
Traffic Channe/Fl
TCH/H
Traffic Channel/H
Fig. 8 "Classical" logical channels of GSM may be used by GPRS users too
14
Siemen
15
Siemens
Logical channels
for GPRS
Broadcast channel DL
PBCCH
Packet Broadcast
Control Channel
PRACH
Packet
Signaling
Common
Control
channels
UL
Packet Random
Access Channel
PPCH
Packet Paging
Channel
DL
PNCH
Packet Notification
Channel
PAGCH
Packet Access
Grant Channel
PACCH
UL&DL
Packet Associated
Control Channel
Dedicated channels UL
PTCCH/U
DL
PTCCH/D
Packet
Traffic
UL&DL
Packet System
Information
Dedicated signaling
MS-network,
e.g.power control
PDTCH
Packet Data
Traffic Channel
Transmission of
User data
16
1.6
Siemen
Multiframes in GPRS
The GPRS packet data traffic is arranged in 52-type multiframes (GSM Rec. 03.64).
52 TDMA frames in each case are combined to form one GPRS traffic channel multiframe, which is subdivided into 12 blocks with 4 TDMA frames each. One block
(B0-B11) contains one radio block each (4 normal bursts, which are related to each
other by means of convolutional coding). Every thirteenth TDMA frame is idle. In the
idle frame the PTACCH is sent. The idles frames are used by the MS to be able to
determine the various base station identity codes BSIC, to carry out timing advance
updates procedures or interference measurements for the realization of power control.
For packet common control channels PCCH, conventional 51-type multiframes can
be used for signaling or 52-type multiframes. The GPRS users can use "classical"
common control channels of GSM before they will be directed onto their PTCHs. All
mobiles will read the BCCH anyway. Either in case of GSM mobiles to fulfill the same
tasks as before and for GPRS equipment this logical channel will indicate weather
GPRS service is available and if extra logical channels (PBCCH, PPCH, ...) are used.
GSM CS traffic and GPRS subscribers are clearly separated so that there is no conflict due to different signaling or multiframe structure.
It is important that there are no "visible" changes for "GSM only mobiles" due to the
introduction of GPRS. GSM CS connections will use for example the same 26 multiframe structure for TCH and the 51 multiframe structure for signaling.
17
Siemens
New multiframe
for GPRS
1 Frame
B0 B1 B2 i B3 B4 B5 i B6 B7 B8 i B9 B10 B11 i
B0 - B11 = Radio Blocks (Data / Signaling)
i = Idle frame (PTCCH)
BCCH indicates PDCH with PBCCH (in B0)
Idle frame:
Identification of BSICs
Timing Advance Update Procedure
Interference measurements
for Power Control
18
Chapter 4
Procedures
Procedures
Sidemen's
Procedures
Contents
1
23
1.1
GPRS Identities
34
1.2
68
1.3
192
1.4
101
1.5
1.6
1.7
2
3
16
18
20
23
27
Procedures
Sidemen's
GPRS:
Procedures
Activation of
GPRS services
Fig. 1
Sidemen's
Procedures
1.1
1.1.1
Sidemen'
Procedures
GPRS Identities
Regional Organization of GPRS
A set of identities were introduced in GSM and GPRS to identify a subscriber, as well
as to keep track of him. Following identities are well known in GSM:
LAI: (Location Area Identity) covers a set of cells, where a subscriber was "seen"
last.
CGI: (Cell Global Identity) the unique number of a cell of a PLMN, composed the LAI
and the CI (cell identity).
Next to the existing GSM identities there is also a new GPRS specific identity, the
RAI (Routing Area Identity). This identity, defined by an operator, comprises one or
several cells. It is broadcasted by the (P)BCCH. If a GPRS mobile leaves a routing
area, a Routing Area Update Procedure has to be taken place. The RAI is used in the
same way as the LAI. The Routing Area is more precise than the location area. A
Routing Area is a subset of one and only one Location Area.
RAI: LAI + RAC (Routing Area Code) = MCC + MNC + LAC + RAC
Routing area
cell
MCC
MNC
LAC
MCC
MNC
LAC
RAC
MCC
MNC
LAC
CI
Procedures
Sidemen's
1.1.2
Sidemen'
Procedures
Procedures
Sidemen's
Subscribers Identities
Who is the owner of one packet
G
G
S
N
S
G
S
N
TLLI
IMSI
G
G
S
N
1
3
2
4
S
G
S
N
G
G
S
N
NSAPI
Procedures
Sidemen's
Procedures
1.2
Sidemen'
States of
GPRS services
2 circles
regarding:
Idle
State
Inactive
State
Mobility
Management
Standby
State
Ready
State
Packet Data
Protocol
PDP
Active
State
Fig. 4 States of GPRS services with regard to mobility management and packet data protocols
Sidemen's
Procedures
Sidemen'
Procedures
"Idle" state
A mobile station MS in the idle state is detached from the GPRS. Only GPRS subscription data is available in the HLR. No further information exists in other network
units such as SGSN and GGSN. It is not possible to activate a packet data protocol
PDP or to maintain a PDP in its active state. The GPRS MS must monitor the BCCH
to determine the availability of cells, which support GPRS services. Accordingly, the
GPRS MS can carry out PLMN and cell selection procedures. To exit idle state, the
MS must execute the attach procedure. Upon successful completion of this procedure, the MS changes to ready state.
"Standby" state
In the standby state the GPRS MS is attached to the GPRS network. The GPRS and
the SGSN have a mobility management context comparable to the circuit switched
connections. The MS monitors the broadcast channel to determine the availability of
cells offering GPRS services and also the paging channel PCH, to be informed about
paging requests. The SGSN recognizes/stores the routing area RA of the GPRS-MS.
The routing area is a sub-unit of the location area LA, in other words a more detailed
determination of the GPRS-MS location. The GPRS-MS informs the SGSN about
changes of the routing area and answers paging requests.
"Ready" state
In the ready state, the SGSN detects the current cell of the GPRS-MS beyond the
routing area RA of the GPRS-MS. If the GPRS-MS changes cells, it informs the
SGSN. Paging is thus superfluous in the ready state. The DL packet data transfer
can be performed any time. Ready state does not mean that a physical connection is
established between SGSN and MS. Only in the ready state, SGSN and MS can
transfer data packets. MS and SGSN exit ready state upon expiry of a ready timer or
in case of a faulty packet data transmission and change to standby state. Upon logoff, i.e. execution of a detach procedure; MS and SGSN exit ready state and change
to idle state.
Procedures
Sidemen's
Mobility Management
States
IDLE
state
MS observes BCCH
PLMN- & Cell Selection
GPRS
detach
GPRS
attach
expiry of mobile
reachable timer
READY
state
SGSN: Paging /
MS: initiates Transfer
STANDBY
state
Procedures
Sidemen's
1.3
Sidemen'
Procedures
There are separate state circles for every authorized PDP of a GPRS-MS
"Inactive" State
The inactive state of a PDP means that this PDP is not operating at that moment.
There is no routing context in the MS, SGSN and GGSN. A transition in the active
state is only possible if there is a mobility management connection and if MS and
SGSN are in the standby or ready state.
No data transfer is possible in the inactive state. Data packets, which reach the
GPRS network are either rejected or ignored.
"Active" State
In the active state the MS, GGSN and SGSN are in a routing context. Data can be
transmitted or received by the MS. The active state is ended explicitly if the MS deactivates a certain PDP. With GPRS detach and expiry of the standby timer, all the activated PDP are deactivated, too.
PDP States
INACTIVE
state
Routing context
for MS, SGSN & GGSN
Activation
PDP context
ACTIVE
state
Procedures
Sidemen's
1.4
Sidemen'
Procedures
In the case of a mobile packet data transfer, a one or two-phase packet access is
added. This access procedure is necessary for packet data transfer.
10
Abbreviations
Abbreviations
Siemen
Abbreviations
Contents
1
Abbreviations
23
Siemen
Abbreviations
Abbreviations
AAL
AAL5
AAL Type 5
ABC
ACCG
ACIS
ACT
Active
ADET
AGCH
ALI
ALIB
ALM
AMP
AMX
ATM Multiplexer
AMXE
AP
Accounting Probe
APE
API
APS
ASIC
ASN
ASN.1
ASNF
ASNG
ASNH
ATM
ATM230
AUB
BAP
Base Processor
BCH
Broadcast Channel
BCCH
Siemens
Abbreviations
Abbreviations
Siemen
BCT
BG
Border Gateway
BigFUT
BIST
BOP
Basic Operation
BOST
BSC
BSS
BSSGP
BVC
C-ID
Charging Identifier
CAP
Coordination Processor
CBR
Constant Bitrate
CCCH
CCS7
CCS7E
CDB
CDC
CGI
CGU
CHILL
CI
Cell Identifier
CMISE
CP113
CT
Context Table
CTI
CU(-C)
DBLU
DBMS
DCCH
DLCI
DNS
DRAM
Dynamic RAM
Siemen
Abbreviations
DS1
DSDL
E1
ECC
EFD
EIR
EPC
EPROM
ESGEN
ETSI
EWSD
EWSD V13
EWSX
EWSXpress
FACCH
FAT
FCCH
FEPROM
Flash EPROM
FFS
FP
FPSM
FR
Frame Relay
FR-LIC
FT1
FT2
FT3
FTP
FUT
FW
Firmware
GDB
GPRS Database
GDMO
GGSN
GMM
GMM_AF
Siemens
Abbreviations
Abbreviations
Siemen
GMM_TF
GOAM
GPRS
GR
GPRS Release
GR1.0
GSN
GTP
GUI
HLR
HPDB
HW
Hardware
HWT
Hardware Tracer
I/O
Input / Output
ICA
ICMP
IDS
IMEI
IMSI
INT_CID
Internal Change ID
INT_CID
IOC
IOT
Interoperability-Test
IOT
Interoperability-Test
IP
Internet Protocol
IPC
IPv4
IP version 4
ISP
ITP
ITU
IWE
Interworking Entity
L&S
L&S
LA
Location Area
Siemen
Abbreviations
LAN
LCF
LCT
LDC
LED
LIC
LLC
LLE
LM
Layer Management
LPS
MAP
MBC
MBS
MCI
MDB
Maintenance Database
MDD
MIPS
MM
Mobility Management
MMU
MOD
MP
Main Processor
MP-AP
MP-SA
MP:ACC
MP:LM
MP:OAM
MP:PD
MPC
MPU
MPUB
MPUC
MS
Mobile Subscriber
MSC
Siemens
Abbreviations
Abbreviations
Siemen
MSU
MTP
N-PDU
Network PDU
NC
Node Commander
NNI
NS
Network Service
NS-VC
NS-VL
NSAPI
Network SAPI
NSS
Network Subsystem
O&M
OA&M
OMC
OMC-B
OMC-S
OS
Operations System
P-TMSI
PCB
PCH
Paging Channel
PCM
PCP
PCR
PCU
PD
Packet Dispatcher
PDET
PDN
PDP
PDU
PLL
PLMN
PM
Performance management
PRH
Protocol Handler
PRH:MGR
Siemen
Abbreviations
PRM
PRM-S
PRT
PSAX
PSU
PVC
Q3
QoS
Quality of Service
RA
Routing Area
RAC
RACH
RAI
RAM
RB
Record Builder
RF
Record Formatter
RPC
RSS
Radio Subsystem
SA
Stand Alone
SAAL
Signaling AAL
SACCH
SAPI
SAR
SCB
SCB
SCCP
SCE
SCB-extended
SCE
SCH
Synchronization Channel
SCR
SDL
SDR
SDRAM
Synchronous DRAM
SDRT
Siemens
Abbreviations
Abbreviations
Siemen
SGSN
SICAT
SLR
SM
SM
SMP
SMU
SNDCP
SP
Synchronization Point
SPOTS
SPU
SQS
Siemens Q3 Specification
SS7
Signaling System #7
SSNC
SST
STATS
Statistics Support
STB
Standby
STM-1
SVE
SW
Software
SWERR
TCH
Traffic Channel
TCP
TID
Tunnel Identifier
TLLI
TLM
TM
Traffic Measurements
TMN
TODE
TPL
Throughput Limiter
TSC
TTY
Teletype
Siemen
Abbreviations
UDP
UNI
VBR
Variable Bitrate
VC
Virtual Connection
VCPU
VGA
vGGSN
virtual GGSN
VLR
VOCOC
VP
Virtual Path
WAN
WWW
xGSN
SGSN or GGSN
10
TRAINING SECTOR
GENERAL DEPARTMENT FOR
PLANNING & DEVELOPING PROGRAMS
Sub-sections
UMTS Evolution
Security Features
UTRA Aspects
Appindex
UMTS Introduction
UMTS Introduction
Sub-section reference
Sub-section identification
1
2
3
4
5
6
7
Pages
1
1
1
1
1
1
1
32
10
39
36
19
41
17
Chapter 1
The Third Generation (3G)
Siemens
Contents
1
1.1
1.2
2
2.1
2.2
2.3
3
4
IMT-2000
3G / IMT-2000 Standardization
3G Frequency Ranges
UMTS
The UMTS Standard
3G / UMTS: 4 Zone Concept / Data Rates
UMTS Licenses
Exercise
Solution
23
34
1214
1721
1822
2732
3136
3339
3847
Siemens
IMT-2000
The 3rd Generation (3G)
Standardization:
International
Telecommunication
Union
Global Mobile
Personal
Communication
by Satellite
International Mobile
Telecommunications
IMT-2000
International Mobile Telecommunications
Fig. 1
The Third
Siemens
1.1
Generation (3G)
Siemen
The Third Generation
(3G)
3G / IMT-2000 Standardization
The third generation of mobile communication systems (3G) has been in discussion
since the beginning of the 1990's under the term FPLMTS (Future Public Land Mobile
Telecommunication Systems). This was taken to refer to the terrestrial branch of
mobile communications. In the mid-1990's, the term was changed to IMT-2000. IMT2000 stands for International Mobile Telecommunications. 2000 indicates not only the
time frame for introduction of the systems, but also the frequency band used (in
MHz). In addition to terrestrial systems, IMT-2000 also includes mobile satellite
systems. These were discussed under the term GMPCS for Global Mobile Personal
Communication by Satellite.
The International Telecommunication Union (ITU) is responsible for the IMT-2000
specification. The ITU derives from the International Telegraph Union founded in
Paris in 1865. In 1848 the ITU was included as a special organization in the United
Nations UN. The ITU is responsible for international coordination in the area of
telecommunications. E.g. for the allocation of frequency spectrum, coordination of the
development of telecommunication systems, promotion of bilateral agreement on low
charges, implementation of studies, issue of regulations and recommendations and
much more. The ITU is also in charge of the global 3G coordination, i.e. for IMT-2000
guidelines and frequency recommendations.
1G and 2G systems are characterized by a variety of different standards for various
applications. Each of the standards has specific technical attributes, advantages and
disadvantages, applications, ranges and costs, and has been optimized for different
subscriber groups. Many of these systems exist(ed) solely at regional or national
level and are incompatible with each other.
Different to 1G and 2G, 3G has been planed as a family of compatible standards,
allowing world-wide access, being used for diverse applications.
The IMT-2000 concept devised by the ITU includes the following major aspects:
l
Siemens
1G
2G
(analog)
(digital)
Paging Systems,
e.g. City Call
Paging Systems
e.g. ERMES
Cordless Telephone
e.g. CT1, 1+
Cordless Telephone
e.g. DECT, PACS, PHS
wireless
Telephone cell
Wireless
Local Loops
WLL
PMR
e.g. TETRA
Cellular systems
e.g. C450, NMT, AMPS
Cellular systems
e.g. GSM, D-AMPS,
IS-95, PDC
MSS
e.g. INMARSAT
MSS
e.g. IRIDIUM, ICO,
Globalstar
IMT-2000
3G
1 family of standards
for all
applications
countries
Fig. 2
Siemen
for Japan, the TTC (Telecommunication Technology Committee) and the ARIB
(Association of Radio Industries and Business), an organization for proposing and
promoting radio-based development
Siemens
IMT-2000 Development:
regional Standards Development Organisations
ETSI
TIA, T1
(Europe)
ARIB, TTC
(Japan)
(USA)
I
ITU:
0
0
0
2
MT-
CATT
(China)
TTA
(South Korea)
ESA, Iridium
(MSS)
ICO, Inmarsat
(MSS)
TIA: Telecommunication Industry Association
T1: Standards Committe T1 Telecommunications
ETSI: European Telecommunications Standardization Institute
ICO: Intermediate Circular Orbits
Inmarsat: International Maritime Satellite Organisation
Fig. 3
The
Third Generation (3G)
Siemens
Siemen
The Third Generation
(3G)
Finalized specification of the individual standards for the IMT-2000 family (1999)
Another significant date was June 30, 1998 the deadline for submission of Radio
Transmission Technology (RTT) proposals to the ITU. Different regional standards
development organizations SDOs were involved in the development of IMT-2000
systems. 15 proposals for implementing IMT-2000 radio transmission technologies
(RTT) were submitted to the ITU by the end of June `98 (deadline). Two further
proposals followed a few months later, but were still accepted.
The total of 17 proposals were devised and submitted by the worlds most important
SDOs i.e., from ETSI (Europe), ARIB (Japan), TIA (USA), T1 (USA), TTA (South
Korea) and CATT (China), as well as by the MSS operators ICO, Inmarsat, ESA and
Iridium. 11 proposals submitted by the various SDOs refer to terrestrial, cellular
systems. The other 6 proposals from the MSS operators concern satellite systems
that are intended to provide genuine global coverage for the 3G systems.
Siemens
ITU-Deadline
fr RTT Proposals:
30.06.98
RTT proposals
for IMT 2000
South Korea
Europe
ETSI:
TTA: CDMA II
CDMA I
SAT-CDMA
UTRA
DECT
China
CATT: TD-SCDMA
Japan
USA
TIA: UWC-136
WIMS W-CDMA
cdma2000
T1: NA: W-CDMA
T1, TIA: WP-CDMA
ARIB: W-CDMA
MSS
ICO:
ICO RTT
Inmarsat: Horizons
ESA:
SW-CDMA
SW-CTDMA
Iridium: INX
RTT: Radio Transmission Technology
Source: ITU
Fig. 4
The Third
Siemens
Siemen
The Third Generation
(3G)
Generation (3G)
RTT Proposals
11 of the total number of 17 RTT proposals referred to terrestrial, cellular systems.
They cover all commercially viable areas of the mainland including coastal areas in
other words, from indoor areas (i.e., quasi stationary or lowest speed, smallest range)
to pedestrian (i.e., low speed, small and medium ranges) to vehicular (i.e., wide
ranging at medium and high speeds).
Another 6 proposals from the area of mobile satellite systems (MSS) for covering the
remaining surface of the globe (sea, deserts, mountains, and sparsely populated,
inaccessible regions) were also submitted.
The greatest share of the RTT proposals, particularly for the terrestrial solutions,
have so-called CDMA (Code Division Multiple Access) solutions. Different variations
of this special multiple access method provide very efficient use of resources via the
radio interface and allow flexible, high data rates.
Other methods use conventional TDMA (Time Division Multiple Access) methods
with different optimization solutions to provide access to 3G systems at the high data
rates demanded by the ITU.
Proposal
Description
Indoor
Pedestrian
DECT
ETSI
UWC-136
USA TIA
WIMS
W-CDMA
USA TIA
TD-SCDMA
China CATT
W-CDMA
Wideband CDMA
Japan ARIB
CDMA II
Asynchronous DS-CDMA
UTRA
ETSI
NA: W-CDMA
USA T1P1
cdma2000
W-CDMA (IS-95+)
USA TIA
CDMA I
SAT-CDMA
SW-CDMA
ESA
ESA
VehiSatellite
cular
Source
ICO RTT
ICO
Horizons
Inmarsat
WP-CDMA
Wideband Packet-CDMA
T1 & TIA
INX
Iridium
R
T
T
P
r
o
p
o
s
a
l
s
Source: ITU
Fig. 5
The Third
Siemens
Generation (3G)
Siemen
The Third Generation
(3G)
10
Siemens
IMT-2000
RTT Harmonization
CDMA II, W-CDMA
NA: W-CDMA
UTRA, WIMS
Source: ITU
CDMA2000
CDMA I
UWC-136
DECT
TD-SCDMA
CDMA FDD
TDMA/CDMA
UTRA (FDD)
WP-CDMA
CDMA2000
(Hybrid TDD)
TD-CDMA
June `98
TDMA
UWC-136
DECT
March `99
(UTRA TDD)
TD-SCDMA
Paired:
Unpaired:
EDGE
UTRA TDD
UTRA FDD TD-SCDMA
MC-CDMA
(former
CDMA2000)
December `99
12/99 ITU:
TG 8/1 closed &
WP 8F founded: 3.5G / 4G studies
Fig. 6
11
The
Third Generation (3G)
Siemens
1.2
Siemen
The Third Generation
(3G)
3G Frequency Ranges
12
Siemens
Frequency reservation
0
Europe,
Africa,
Australia
250
500
1G & 2G systems
750
1G (NMT, C450,..)
possibly 2G: GSM450
1000
1250
1500
GSM900
+ GSM-R
1750
DECT
MSS
GSM1800
America
1G: AMPS,
2G: D-AMPS, IS-95
MSS
2G: GSM1900,
IS-95, D-AMPS
Japan
2G:
PDC
1G + 2G: PDC
Remaining frequencies < 2 GHz:
Military, Industry, Broadcast, TV, Research,
private (households, amateurs),...
PHS
MSS
WARC-92: 3G Plans
1980 2010
cellular
MSS
1885
1 8 5 0
1 9 00
2170
cellular MSS
2 0 0 0
2 0 5 0
2200
2110
2025
1 9 5 0
2 1 0 0
2 1 5 0
2 2 0 0
2 2 5 0
Fig. 7
13
The Third
Siemens
Siemen
The Third Generation
(3G)
Generation (3G)
Regional 3G reservation
Europe, Japan and South Korea complied for the most part with the
recommendations of the WARC-92 regarding reservation of frequency ranges for 3G
systems.
Europe: It was defined at European level after a decision taken by the ERC
(European Radiocommunications Committee) at the end of 1997 that the
corresponding (WARC-92) frequency range, with the exception of the frequency
range from 1880 1900 MHz (DECT range), is to be made available to 3G systems.
Many non-European countries also adopted this frequency reservation.
Japan: With the exception of the frequency range below 1918.1 MHz, which will
continue to be used for PHS systems, the entire WARC-92 frequency band was
reserved for 3G systems.
South Korea: The full WARC-92 frequency band was reserved for 3G systems.
North America: In 1995 the frequency range between 1850 MHz and 1990 MHz was
auctioned in the USA for use by 2G systems (e.g., IS-95, D-AMPS, GSM1900). As a
result, the introduction of 3G systems in the USA is experiencing great difficulty. The
same applies to Canada. However, smaller ranges (C, E blocks) were reserved here
for future applications.
Regional 3G Reservation
1850
1900
1950
2000
2050
2100
2150
2200
2250
2010 MHz
IMT 2000
WARC-92
2025 MHz
1885 MHz
Europe
PHS
2110 MHz
MSS
UMTS
1880 MHz
1918 MHz
Japan;
S. Korea
IMT 2000
MSS
2170 MHz
MSS
UMTS
1980 MHz
IMT 2000
MSS
2170 MHz
MSS
IMT 2000
like WARC-92
MSS
1895 MHz
USA,
Canada
PCS1900
MSS
A C B EF C
A CB E F C
(C,E reserved)
1910
1850
1900
1930
1950
reserved
1990 MHz
2000
MSS
2160 MHz
2050
2100
2150
2200
2250
Fig. 8
14
The
Third Generation (3G)
Siemens
Siemen
The Third Generation
(3G)
The bands, which had been identified for 3G in WARC92 remain unchanged:
l
The frequency ranges below 1GHz are especially useful for rural services and
developing countries. Some countries are planning to use the following frequency
range additionally for 3G implementation: 698 806 MHz.
The focus of the 3G extension is the frequency range between 2500 2690 MHz.
Reference is also made to the 2300 2400 MHz frequency range, which is the
preferred choice of China.
15
Siemens
WRC-2000
05/2000 in Istambul
world-wide Harmonisation
of 3G frequency ranges
only some
countries
Harmonisation / Extension:
Refarming 2G frequencies
cellular
698
806
960
Harmonisation / Extension:
Refarming 2G frequencies
cellular
1710
1885
1980 2010
cellular
1885
2170
WARC92
MSS
2025
cellular MSS
2110
cellular
2500
China only:
2300 - 2400 MHz
2200
Extension band
2690
Fig. 9
16
Siemens
UMTS
The 3rd Generation (3G)
Universal Mobile
World-wide,
seamless
Multimedia access
Telecommunication System
UMTS
Standardisation & Concept
Fig. 10
17
The Third
Siemens
2.1
Generation (3G)
Siemen
The Third Generation
(3G)
18
Siemens
ETSI
UMTS: GSM
successor standard
devised in SMGs
(Special Mobile Groups)
GSM900/1800/1900
GSM-R, UMTS
Fig. 11
19
The Third
Siemens
Generation (3G)
Siemen
The Third Generation
(3G)
20
Siemens
UMTS
Standardization
ETSI
European Telecommunication
Standards Institute
TTA
ARIB/TTC
Association of Radio Industries
& Business / Telecommunication
Technology Committee, Japan
Telecommunications Technology
Association, South Korea
TSACC
GSA
Telecommunication
Standards Advisory Council
of Canada
3GPP
TIA
3rd Generation
Partnership Project
Telecommunication
Industry Association,
USA
ACIF
UMTS
Forum
UWCC
WMF
Australian Communications
Industry Forum
IPv6
Forum
Universal Wireless
Communications
Consortium
Wireless Multimedia
Forum
CWTS
3G.IP
Forum
China Wireless
Telecommunications
Standards
ANSI T1
Committee T1
Telecommunications
MWIF
Mobile Wireless
Internet Forum
GSM
Association
Organisational Partner
MPR: Market Representation
Partner
Observership status
Fig. 12
21
The Third
Siemens
Siemen
The Third Generation
(3G)
Generation (3G)
3GPP structures
3GPP originally has been divided into a project coordinating group (PCG), originally
four, now five technical specification groups TSG's and many working groups WG's.
The PCG coordinates the work of the various TSG's and WG's.
The TSG's are writing the standard i.e., the recommendations for UMTS and
GSM/EDGE.
There are TSG's for each of the following UMTS topics: "Radio Access Network",
"Service & System Aspects", "Core Network" and "Terminals"."
A fifth TSG has been created in July 2000: "GERAN" (GSM/EDGE Radio Access
Network). Its principal responsibilities will be the maintenance and development of
GSM Technical Specifications and Technical Reports, including GSM evolved radio
access technologies such as GPRS and EDGE.
The Working Groups are working out studies regarding different aspects of the
standard. The studies are used by the TSG's as a basis for drafting the
recommendations.
3GPP
Structure
TSG CN
PCG
TSG SA
Core Network
CN WG 1
SA WG 1
MC/CC/CS (Iu)
Services
CN WG 2
SA WG 2
CAMEL
Architecture
CN WG 3
Interworking with
External Networks
SA WG 3
Security
CN WG 4
SA WG 4
MAP/GTP/BCH/SS
Codec
CN WG 5
OSA (Open
Service Architecture)
TSG: Technical
Specification Group
TSG RAN
TSG GERAN
Terminals
Radio Access
Network
GSM EDGE
RAN
T WG 1
RAN WG 1
Mobile Terminal
Conformance testing
Radio Layer 1
specification
TSG T
T WG 2
RAN WG 2
Mobile Terminal
Services & capabilities
T WG 3
RAN WG 3
USIM
(Universal SIM)
RAN WG 4
Radio performance &
Protocol aspects
GERAN WG 1
Radio Aspects
GERAN WG 2
Protocol Aspects
GERAN WG 3
BS Testing and O&M
GERAN WG 4
MS testing
SA WG 5
Telecom Management
Source: 3GPP
Fig. 13
22
The Third
Siemens
Generation (3G)
Siemen
The Third Generation
(3G)
23
Siemens
Numbering:
GSM
Rel. 99
Specification
3G only
3G TS ab.cde
Specification
TS: Technical Specification
ab.cde: Series . Number
3G
Release 1999
Specification
Fig. 14
24
The Third
Siemens
Generation (3G)
Siemen
The Third Generation
(3G)
3G Series
The UMTS specifications are divided into a total of 15 series.
Each of the series treats a particular aspect of the UMTS Standard.
21 series: Requirement specifications (overview: preliminary nature)
22 series: Service aspects
23 series: Technical realization
24 series: Signaling protocols (UE - CN network)
25 series: UTRA aspects
25.100 series: UTRA radio performance aspects
25.200 series: UTRA radio aspects (physical layer 1 of UTRA)
25.300 series: UTRA radio interface architecture, layer 2 and layer 3 aspects
25.400 series: UTRA network aspects (Iub, Iur, Iu Interface)
26 series: Codecs (speech, video, etc.)
27 series: Data (functions for support of data applications)
28 series: Signaling protocols (RSS - network part)
29 series: Signaling protocols (NSS)
30 series: Program management (3GPP plans and work programs, etc.)
31 series: UIM (User Identity Module)
32 series: Operation and Maintenance
33 series: Security aspects
34 series: Test specifications
35 series: Confidentiality & integrity algorithms
Work on the "classical" GSM series 1 - 12 is closed. The remaining work on
GSM/EDGE is done by TSG "GERAN" in the series 41 55, which are build up in
analogy to the 21 - 35 series of UMTS.
25
Siemens
3G TS: Series
21-Series: Requirements Specifications (Overview, Infos,..)
22-Series: Service Aspects
23-Series: Technical Realisation
24-Series: Signalling Protocols (UE - CN)
GSM
GSMSeries
Series11- -12
12
closed
closedwith
withRel.
Rel.99
99
GERAN:
GERAN:Series
Series41
41- -55
55
R4
(Rel.`2000)
onwards
R4 (Rel.`2000) onwards
27-Series: Data
28-Series: Signalling Protocols (RSS - CN)
29-Series: Signalling Protocols (NSS)
30-Series: Program Management
31-Series: USIM
32-Series: Operation & Maintenance
33-Series: Security Aspects
34-Series: Test Specifications
35-Series: Confidentiality & integrity algorithms
Fig. 15
26
The Third
Siemens
2.2
Generation (3G)
Siemen
The Third Generation
(3G)
The 4-zone concept in UMTS is based on the IMT-2000 specifications of the ITU.
The concept defines three terrestrially supplied zones (in-building, urban,
suburban/rural) and one zone (global) supplied by MSS's (Mobile Satellite Systems).
Zone 1: Indoor
Zone 1 is made up of pico cells and is used for servicing large offices, domestic
households, floors in skyscrapers, the stock exchange, etc. The service radius of the
pico cells is in the order of several tens of meters i.e., small areas with high user
densities and little mobility (max. 10 km/h) are supplied. Coupled with the restricted
mobility are high (ITU) requirements on the transfer rate (up to 2 Mbit/s). Up to 2
Mbit/s are theoretically possible with UMTS in Zone 1.
Zone 2: Urban
Zone 2 is made up of micro cells and is used to serve so-called hot spots. These are
inner city areas, public places, sports stadiums, exhibition and trade fair halls, airport
terminals, railway stations, etc. The service radius of the micro cells is in the order of
several hundreds of meters i.e., relatively small areas with high user densities and
low (max. 10 km/h) mobility are supplied. Up to 2 Mbit/s are theoretically possible
with UMTS in Zone 2.
Zone 3: Suburban/rural
Zone 3 is made up of macro cells and is used for servicing suburban and rural areas.
The service radius of the macro cells is in the order of several kilometers i.e.,
relatively large areas with medium-sized user densities and medium (max. 120 km/h)
or high (max. 500 km/h) mobility are supplied. The ITU requested up to 384 kbit/s for
medium speed support. In UMTS theoretically up to 480 kbit/s are foreseen for Zone
3. High mobility (max. 500 km/h), for which the ITU requested to support up to 144
kbit/s is not supported in initial UMTS.
Zone 4: Global
Zone 4 globally covers all rural, non-built-up, sparsely populated areas: In other
words, everything not covered by zones 1 3. This includes the oceans, deserts,
mountainous terrain and the polar regions. MSS's are to service these areas. They
can provide coverage for areas ranging from several tens of kilometers (via beam
spots) to areas with a radius of up to several thousands of kilometers. Supply for the
highest mobility (up to 1000 km/h) should be possible at data rates of up to 144 kbit/s
(ITU requirement). Satellite UMTS (S-UMTS) has been discussed but never
developed.
27
Siemens
UMTSconcept:
4 zones
Zone 4: Global
Zone 3:
Suburban / Rural
Zone 2:
Urban
MSS
Macro
Cell
Micro
Cell
Zone 1:
Indoor
Pico
Cell
max.
144 kbit/s
144 kbit/s
384 kbit/s
1000 km/h
500 km/h
120 km/h
10 km/h
max.
speed
Fig. 16
28
The Third
Siemens
Generation (3G)
Siemen
The Third Generation
(3G)
29
Siemens
UMTS
Fixed network
Terminal
100
Applications
Data rates
2G / 3G comparison
MBS
(Mobile Broad
Band System)
0.1
Fixed network
10
WLAN
3G
UMTS
(FDD & TDD Services)
2G TDD
2G FDD
Building, halls
Hot Spots
Pedestrian
Vehicles
stationary
stationary
stationary
Low mobility
High mobility
Indoor
Outdoor
Source: UMTS Task Force Report
Fig. 17
30
The Third
Siemens
Generation (3G)
2.3
Siemen
The Third Generation
(3G)
UMTS Licenses
Licensing
The licensing of UMTS was commenced in Finland in 03/1999. The remaining EU15
nations, other Western and Central European countries, Japan and South Korea,
South Africa, Australia and New Zealand have followed in 2000 and early 2001.
Different licensing methods are used. A number of countries (e.g. Finland, Spain)
prefer the distribution of licenses (more or less) free of charge, using a so-called
"beauty contest" to find out the most reliable network operators for the restricted
number of licenses.
Most other countries (e.g. Germany, the United Kingdom and the Netherlands)
preferred different auction systems (open and closed). The acquisition of licenses is
linked in most countries to different conditions. The conditions include guarantees for
commencement of UMTS operation and the requisite service level with UMTS after a
particular time (e.g., 50% of the population after 5 years). The lifetime of the licenses
will be limited to 15 years in most cases. In Germany they are limited to 20 years.
Regional licenses are not excluded. In general, however, operators prefer national
licenses.
Licenses
2 x 60 MHz are available for paired bands (FDD) and a total of 35 MHz for unpaired
bands (TDD) for the EU15. There are therefore 12 packets for paired bands and 7
packets for unpaired bands to be allocated for use with the UMTS 5-MHz bandwidth.
The UMTS Forum specified a minimum of 3 packets for paired bands (i.e., 2 x 15
MHz) and 1 packet for unpaired bands (i.e., 1 x 5 MHz) per operator for optimum
deployment of UMTS. If licenses have been granted in this way (2 x 15 MHz for
paired band), this implies a maximum of 4 operators in each country. For this reason,
licenses with 2 x 10 MHz for paired bands have been also allocated in countries with
high population densities, thereby allowing 5 or 6 licenses per country.
31
Siemens
UMTS
Licensing
Licensing in:
Finland 03/99
Spain, GB: 1Q2000
NL, D, F, I: 3Q2000
EU15: closed until
end of 2000
Japan: 1Q2001
Licenses
Licenses(EU15):
(EU15):
22xx60
60MHz
MHzpaired
pairedband
band(FDD)
(FDD)
35
MHz
unpaired
(TDD)
35 MHz unpaired (TDD)
bandwidth:
bandwidth:55MHz
MHz
12
12FDD
FDDpackets
packets++77TDD
TDDpackets
packets
UMTS
Forum
SAG
requests
UMTS Forum SAG requestsper
peroperator:
operator:
min.
min.22xx15
15MHz
MHzFDD
FDD++11xx55MHz
MHzTDD
TDD
EU15:
EU15:44- -66Licenses
Licenses
(e.g.:
(e.g.:F,F,Fin.,
Fin.,Spain:
Spain:4;4;GB,
GB,NL:
NL:5;5;D:
D:6)6)
UMTS
TDD
1900
1920
UMTS
TDD
1980 2010
2025
2170
Fig. 18
32
Chapter 2
UMTS Evolution
UMTS Evolution
Siemens
UMTS Evolution
Contents
1
1.1
1.2
1.3
2
3
23
34
78
190
1113
1317
Siemens
UMTS Evolution
UMTS
GSM
Phase
1/2
Phase
2+
Release
3
Release
4
Siemens
UMTS
1.1
Evolution
Siemen
UMTS Evolution
Siemens
UMTS Evolution
Evolutionary path:
GSM to UMTS
Original vision:
quantum leap from
GSM to UMTS
Capabilities
UMTS
GSM
1990
2000
2002
Zeit
Problems:
UMTS-costs (research, standardisation, development) >> GSM
creation of GSM-incompatible networks is not promising
Fig. 2
UMTS
Siemens Evolution
Siemen
UMTS Evolution
Siemens
UMTS Evolution
Evolutionary path:
GSM to UMTS
Save 2G Investments!
Reducing 3G Risks !
sales/marketing investments
2G
3G
Downward
compatible
GMM: Global Multimedia Mobility
Fig. 3
Siemens
UMTS Evolution
1.2
Siemen
UMTS Evolution
The original plans for GSM in the 1980's included all aspects of a 2G standard. In
1988 it became clear that this was not possible in the specified time frame. For this
reason, GSM was released in a preliminary version in 1990/91 as GSM Phase 1.
GSM Phase 1
Phase 1 contains everything required for the operation of GSM networks. Speech
data transfer is the core focus. Data transfer is defined, too (0.3 - 9.6 kbit/s). Only a
few supplementary services are included.
GSM Phase 2
After Phase 1completion, the GSM Standard was fully revised. Phase 2 includes a
wide range of supplementary services comparable with the ISDN standard.
GSM Phase 2+
Phase 2+ enhances in Annual Releases (`96, `97, `98, `99) the GSM standard and
prepares the UMTS introduction. Especially the GSM Core Network CN is enhanced
to be used as UMTS CN at UMTS start. Major Phase 2+ aspects are IN services,
flexible service definition, packet data transfer, high data rate transmission and
improved voice codes. GSM is limited by the narrowband radio access, the radio
resource efficiency and a lack of additionally available frequency bands.
UMTS Release `99 (also: Release 3)
With GSM Rel. `99, a handshake with the first UMTS Release (Rel.. `99 or Rel. 3)
according to many CN and service aspects is performed. UMTS introduces a new,
broadband radio access optimized for packet data transmission up to 2 Mibt/s.
UMTS Release 4
Unlike GSM Phase 2+, the enhancement of UMTS is not performed in annually
steps. Enhancements should be possible in flexible time schedules. Rel. 4 (late 2001)
introduces e.g. important CN modifications (bearer independent signaling flow) and
the Low Chip Rate LCR TDD mode as a third radio access option.
UMTS Release 5, 6,
For UMTS Rel. 5 major CN modifications, i.e. the IP Multimedia Subsystem IMS, are
planed. New network elements and protocol structures are defined.
For the future modifications of the UTRAN toward an All IP RAN, enhancements of
the radio resource efficiency, new frequency ranges (WRC'2000) and many more
enhancements toward 4G are expected
Siemens
UMTS Evolution
GSM Limits:
narrow-band radio access
resource efficiency
additional frequency bands
required
UMTS
Release
5
Release
4
Release
3
GSM
Phase
2+
Phase
1
Phase
2
Release
Release
97
96
Release
98
Release
99
Time
Fig. 4
Siemens
UMTS Evolution
1.3
Siemen
UMTS Evolution
In Phases 1 / 2 GSM allows data transfers at 0.3 to 9.6 kbit/s. In Phase 2+ HSCSD,
GPRS and EDGE are introduced to enhance the data transmission capabilities.
HSCSD: High Speed Circuit Switched Data
HSCSD defines bundling of up to 8 physical channels of one carrier. In practice,
however, only up to 4 channels are bundled together due to CN restrictions. The
maximum data rate per physical channel was increased from 9.6 kbit/s to 14.4 kbit/s,
introducing a new codec. As a result, up to 57.6 kbit/s can be reached (theoretically
up to 115.2 kbit/s). HSCSD, like conventional GSM, defines Circuit Switched CS data
transfer. For HSCSD, only minor modifications to the GSM network were necessary.
GPRS: General Packet Radio Services
GPRS also allows bundling of up to 8 physical channels to one user. Four new
Coding Schemes CS enable transfers at rates of 9.05 /13.4 / 15.6 / 21.4 kbit/s per
physical channel. GPRS introduces Packet Switched PS data transmission, which
allows efficient use of resources and direct access to Packet Data Networks PDN.
New network elements and protocols, paving the way for UMTS, have been defined.
EDGE: Enhanced Data Rate for the GSM Evolution
EDGE introduces a new modulation method over the radio interface: 8-Phase Shift
Keying 8PSK. This allows three times faster data transfer compared to the
conventional GSM modulation method Gaussian Minimum Shift Keying GMSK. In
this way, EDGE is used to enhance the performance of GPRS and HSCSD.
Transmission at up to 69.2 kbit/s per physical channel is possible. Theoretically, data
rate of up to 553.6 kbit/s are possible, granting ITU 3G requirements for Zone 3 (wide
area mobility.
UTRA: UMTS Terrestrial Radio Access
In UMTS, UTRA introduces a new multiple access method (WCDMA), modulation
principle (QPSK) and a 25 times larger bandwidth than GSM at new frequency
ranges. New RAN network elements and protocols are defined. The maximum data
transmission rate will be some 2 Mbit/s.
Siemens
UMTS Evolution
Data Transmission
Evolution
UTRA:
1920 kbit/s
EDGE:
553 kbit/s
GPRS:
171 kbit/s
HSCSD:
GSM
Phase 1/2:
9.6 kbit/s
new
no new
network elements &
115 kbit/s protocol architecture: network elements;
only changes
prerequisite
no new
in
modulation
for UMTS !!
network elements;
principle
SW-changes
4 / (8) x
14.4 kbit/s
8x
21.4 kbit/s
New:
transmission
principles
(WCDMA)
network
elements
protocols
8 x 69.2 kbit/s
9,6 kbit/s
GSM Phase 2+
HSCSD: High Speed Circuit Switched Data
GPRS: General Packet Radio Services
EDGE: Enhanced Data rates for the GSM Evolution
Fig. 5
10
Chapter 3
The UMTS Network
Siemens
Contents
1
2
3
4
5
6
7
8
23
69
1319
1929
2637
3347
4055
4765
Siemens
PSTN /
ISDN
Intra- /
Internet
Gb
Iu
Co-existence of
GSM & UMTS
network elements
BSS
GSM Base Station
Subsystem
Um
GSM
Uu
GSM / UMTS
UTRAN
UMTS Terrestrial
Radio Access Network
UMTS
Release `99
Network Overview
Fig. 1
Siemens
The UMTS
Network
Network Overview
RAN
TS 23.002:
CN
Network Architecture
Core Network
External
Networks
GSM BSS
CS Domain
Entities common
to the CS & PS Domain
UE
UTRAN
PS Domain
TS 23.060:
GPRS
Fig. 2
Siemens
The UMTS
Network
PS Domain
The PS Domain of the UMTS CN consists of the following functions:
l
Siemens
TS 23.002
UMTS
Network
GSM BSS
BTS
BTS
UE
T
R
A
U
B
S
C
UTRAN
Node B
R
(n x BTS)
N
Node B
C
(n x BTS)
Node B
(n x BTS)
TC: Transcoding
IWF: Interworking Functions
SM-SC: Short Message Service Centre
R
N
C
CS Domain
MSC /
VLR
IWF/
TC
CSE
EIR
PSTN
GMSC
ISDN
HLR AuC
X.25
SGSN
PS
Domain
GGSN
CGF
SMS-GMSC
SMS-IWMSC
IP
Billing
System
SM-SC
Fig. 3
Siemens
GSM BSS
BTS
BTS
UE
T
R
A
U
B
S
C
UTRAN
Node B
R
(n x BTS)
N
Node B
C
(n x BTS)
Node B
(n x BTS)
R
N
C
CS Domain
MSC /
VLR
IWF/
TC
CSE
EIR
GMSC
PSTN
ISDN
HLR AuC
X.25
SGSN
PS
Domain
GGSN
CGF
SMS-GMSC
IP
Billing
System
SM-SC
Fig. 4
Siemens
The
UMTS Network
Siemen
The UMTS Network
3G MSC
The Mobile-services Switching Center MSC constitutes the interface between the
radio system and the external fixed networks (ISDN / PSTN). The MSC performs all
necessary functions in order to handle the circuit switched services to and from the
Mobile Stations MS / User Equipment UE.
The MSC is an exchange which performs all the switching and signaling functions for
MSs / UEs located in a geographical area designated as the MSC area. The MSC
area is sub-divided into so-called Location Areas LA. The main difference between a
MSC and an exchange in a fixed network is that the MSC has to take into account
the impact of the subscribers mobility.
Several MSCs may be required to cover a country.
The MSC is connected to other network elements via the following interfaces
(Examples):
l
B-Interface: to the VLR. The MSC is always associated with a Visitor Location
Register. Therefore, the B-Interface is proprietary.
Gateway MSC (GMSC): If a network delivering a call to the PLMN cannot interrogate
the HLR, the call is routed to an MSC. This MSC will interrogate the appropriate HLR
and then route the call to the MSC where the mobile station is located. The MSC
which performs the routing function to the actual location of the MS / UE is called the
Gateway MSC. The choice of which MSCs can act as Gateway MSCs is for the
operator to decide (i.e. all MSCs or some designated MSCs).
Visited MSC (VMSC): For all the MSs / UEs in the MSCs area the serving MSC is
regarded as Visited MSC.
Siemens
SMS-GMSC
SMS-IWMSC
3G MSC
Mobile services
Switching Center
T
R
A
U
B
S
C
Iu(CS)
R
N
C
GMSC:
GMSC:
SGSN
MSC:
MSC:
always
alwaysassociated
associatedwith
withVLR
VLR
control
controlofofgeographical
geographicalarea:
area:
MSC
MSCArea
Area==11/ /several
several
Location
LocationArea
AreaLA
LA
MSC
Gs
V(isited)-MSC
V(isited)-MSCfor
forall
allUEs
UEs
ininMSC
MSCArea
Area
PSTN/ISDN
PSTN/ISDNInterface
Interface
Interrogating
InterrogatingHLR
HLR
routing
routingtotoactual
actual
UE
UElocation
location
VLR
VLR
IWF/
TC
SM-SC
GMSC
PSTN
ISDN
Main
MSC
HLR
EIR
LA2
LA1
LA3
tasks:
Switching
Handling CS Services
Call Setup / Release
Charging
Interfaces:
A, B, C, E, F,
Gs, Iu(CS)
LA4
MSC Area
Fig. 5
The UMTS
Siemens
Siemen
The UMTS Network
Network
SMS-GMSC
SMS-IWMSC
all or some designated
MSCs can act as
SMS-GMSC/IWMSC
(Network operator
dependent)
TS 23.002
CS
Domain
MSC /
VLR
External
Networks
SMS-GMSC
SMS Gateway MSC
SMS-IWMSC
SMS Interworking MSC
SM-SC
Short Message
Service Center
Gd
PS
SGSN
Domain
Fig. 6
Siemens
The UMTS
Network
Authentication Parameter
10
Siemens
VLR
Main
Visitor Location
Register
VLR
tasks:
for all UEs in MSC Area
storing Subscriber profiles
Mobility Management
storing Location Information
controlling
Security Features*
B
MSC
VLR
* e.g. Authentication, Authorization,
Cipher & Integrity Start
Location
LocationUpdates
Updates
Subscriber
SubscriberProfiles
Profiles
VLR
VLR
Security
SecurityParameter
Parameter
(via
(viaHLR
HLRVLR)
VLR)
Interrogation
Interrogation
(MSRN
(MSRNvia
viaHLR
HLRtotoGMSC)
GMSC)
D
HLR
AuC
Fig. 7
11
Siemens
The
UMTS Network
Siemen
The UMTS Network
Transcoding TC function
The Transcoding TC function is used to perform conversion between standard ISDN
64 kbit/s speech transmission and the UMTS Adaptive Multi-Rate AMR speech codec
(Specs: 26-series).
The AMR speech coder is a single integrated speech codec with eight source rates
from 4.75 kbit/s to 12.2 kbit/s, and a low rate background noise encoding mode. The
speech coder is capable of switching its bit-rate every 20 ms speech frame upon
command (TS 26.071).
Different to GSM, in UMTS the Transcoding function is not part of the Radio Access
Network RAN. It has been defined as part of the UMTS Core Network CN.
Some optimization procedures allow it to be passed through, without transcoding, in
the case of UE to UE communication for example, when double-transcoding would
be performed for nothing.
Interworking Function IWF
The "classical" Core Network CN interfaces (e.g. A G) are all Time Division
Multiplexed TDM based (E1/T1). Different to this, The Iu interface between UTRAN
and the UMTS CN is ATM-based. An Interworking Function IWF is necessary for
conversion between TDM-based and ATM-based interfaces.
Remark: IWF and TC function can be stand-alone network elements or be integrated
into the UMTS MSC, depending on the manufacturers / network operators decision /
demands.
TC
Transcoding
&
IWF
InterWorking Function
B
S
C
T
R
A
U
RAN
Radio Access
Network
Iu(CS)
VLR
B
E
MSC
IWF/
R
N
C
BlaBla
Bla
CN
Core Network
TC
C
Gs
IWF
TC
BlaBla
Bla
Transcoding
4.75 12.2 kbit/s
AMR: Adaptive MultiRate
UTRAN
Fig. 8
CN function in UMTS:
part of MSC or standalone N.E.
Conversion of Speech Data (CN RAN):
using AMR speech codec
CN: 64 kbit/s (ISDN)
RAN: 4.75 12.2 kbit/s (AMR)
64 kbit/s (ISDN)
CN
12
Siemens
GSM BSS
BTS
BTS
UE
T
R
A
U
B
S
C
UTRAN
Node B
R
(n x BTS)
N
Node B
C
(n x BTS)
Node B
(n x BTS)
CS Domain
MSC /
VLR
IWF/
TC
CSE
EIR
GMSC
PSTN
ISDN
HLR AuC
X.25
SGSN
PS
Domain
R
N
Release `99 CN:
C
Entities common
to CS & PS Domain
GGSN
CGF
SMS-GMSC
SMS-IWMSC
IP
Billing
System
SM-SC
Fig. 9
13
Siemens
The UMTS
Network
It supports the call setup in case of Mobile Terminating Calls MTC by sending
routing information to the Gateway MSC (Interrogation).
a list of all the group IDs a service subscriber is entitled to use to establish voice
group or broadcast calls
SMS flags
14
Siemens
HLR
AuC
Authentication Center
Subscriber Registration
Storing/Management
subscriber profiles
Deliver profiles to VLR/SGSN
Storing Location Information
(VLR / SGSN)
MTC: Deliver Routing
information to GMSC / GGSN
Associated with AuC
CS Domain
MSC /
VLR
GMSC
HLR
Gr
SGSN
AuC
Gc
GGSN
PS Domain
Subscriber data (Examples):
Semi-permanent Data: MSISDN, IMSI, Services
(BS, TS, SS), QoS Profile, CSI, Service Restrictions,..
Temporary Data: VLR / SGSN address,
MS Non-Reachable flag, MSRN, SMS flags,..
Fig. 10
15
The UMTS
Siemens
Siemen
The UMTS Networ
Network
EIR
Equipment Identity Register
CS Domain
MSC /
VLR
Storing IMEIs
(counterpart: ME)
on White / Gray / Black List
Performing IMEI Check
on VLR / SGSN request
optional network function
EIR
Gf
SGSN
IMEI
PS Domain
International
Mobile station
Equipment
Identity
Fig. 11
16
Siemens
The
UMTS Network
GSM Service Control Function gsmSCF: functional entity that contains the
CAMEL service logic to implement Operator-Specific Services OSS. It interfaces
e.g. with the gsmSSF, the gprsSSF and the HLR.
GSM Service Switching Function gsmSSF: functional entity that interfaces the
MSC/GMSC to the gsmSCF. The concept of the gsmSSF is derived from the IN
SSF, but uses different triggering mechanisms because of the nature of the mobile
network
GPRS Service Switching Function gprsSSF: functional entity that interfaces the
SGSN to the gsmSCF.
Home Location Register HLR: for subscribers requiring CAMEL support, the
HLR stores different types of CAMEL Subscriber Information CSI (e.g. O-CSI for
Mobile Originating Calls MOCs, T-CSI for Mobile Terminating Calls MTCs). The OCSI is sent to the VLR at Location Update, on data restoration or if the O-CSI is
updated by administrative action. The O/T-CSI is sent to the GMSC when the HLR
responds to a request for routing information.
MSC/VLR or SGSN: VLR or SGSN store the different CSI information as part of
the subscriber data for subscribers roaming in the MSC/VLR or SGSN area. MSC
or SGSN monitor the call states and communicate (internally) with the gsmSSF for
further proceeding.
CSE
CAMEL Service
Environment
CS
Domain
GSM Service
Control Function:
gsm
SSF
MSC /
VLR
gsm
SSF
E
gsm
contains CAMEL
service logic for
Operator-Specific
Services
HLR AuC
SCF
SGSN
PS
Domain
GMSC
Gn
stores CAMEL
Subscription
Information CSI
GGSN
gprs
SSF
MSC/VLR
MSC/VLR&&SGSN:
SGSN:
store
storeCSI
CSIas
aspart
partofof
subscriber
subscriberprofile
profile
Fig. 12
17
Siemen
The UMTS Network
The
UMTS Network
Siemens
CAMEL Protocols & Interfaces
The Mobile Application Part MAP and the CAMEL Application Part CAP (TS 29.078)
are used on the different interfaces (TS 23.078) applicable to CAMEL:
l
HLR - VLR interface (D-Interface): On this interface the MAP is used to send the
CAMEL related subscriber data to the VPLMN and for provision of Mobile Station
Roaming Numbers MSRN. The interface is also used to retrieve subscriber status
and location information of the mobile subscriber or to indicate suppression of
announcement for a CAMEL service.
gsmSCF - HLR interface (CAP Interface): On this interface the MAP is used by the
gsmSCF to request information from the HLR. As a network operator option the
HLR may refuse to provide the information requested by the gsmSCF.
GMSC - MSC interface (E-Interface): On this interface the MAP is used to transfer
control of a call from a VMSC back to a GMSC for optimal routing.
CAMEL
Data transfer
Protocols &
Interfaces
Signalling
O-CSI
T-CSI
HLR
gsmSCF
HPLMN
MAP
TS 23.078,
29.078
MAP
CAP
CSE
Interfaces
gsmSSF
gprsSSF
MSC/VLR
SGSN
gsmSSF
Fig. 13
UE
MSC/VLR
VPLMN
18
Siemens
GSM BSS
BTS
BTS
UE
T
R
A
U
B
S
C
UTRAN
Node B
R
(n x BTS)
N
Node B
C
(n x BTS)
Node B
(n x BTS)
R
N
C
CS Domain
MSC /
VLR
IWF/
TC
CSE
EIR
GMSC
PSTN
ISDN
HLR AuC
X.25
SGSN
PS
Domain
GGSN
CGF
SMS-GMSC
IP
Billing
System
SM-SC
Fig. 14
19
Siemenk
20
Siemens
GGSN
Gateway GPRS
Support Node
TS 23.060
HLR AuC
Gc
SGSN
Gn
IP-based
Backbone
Network
Gp
SGSN
PS
Domain
other
PLMN
SGSN
X.25
GGSN
Gi
IP
Ga
CGF
Billing
System
External
Networks
Fig. 15
21
Siemens
The UMTS
Network
Siemen
The UMTS Network
22
Siemens
SGSN
RA
2
LA RA
1
RA
3
Serving GPRS
Support Node
RA
4
RA
6
SGSN area
GSM BSS
Gb
CSE
EIR
CAP
Gs Gr
SGSN
RNC
RA
7
MSC /
VLR
Gs
TS 23.060
BSC
RA
5
Iu(PS)
SMS-GMSC
SMS-IWMSC
HLR AuC
Gd
Gn
IP-based
Backbone
Network
Gp
SGSN
UTRAN
PS
Domain
other
PLMN
GGSN
Ga
CGF
SGSN
Fig. 16
23
Siemens
The UMTS
Network
Siemen
The UMTS Network
-the collection of GPRS Charging Data Records CDRs from the GPRS nodes
generating CDRs;
The CGF acts as storage buffer for real-time CDR collection. It provides the CDR
data to the BS.
Details of the Charging Gateway Functionality, the principles and transmission of
CDRs and the protocol architecture of the Ga interface are given in TS 32.015.
24
Siemens
CGF
Charging Gateway
Functionality
TS 23.060
& 32.015
SGSN
PS
Domain
External
Networks
Gn
Ga
GGSN
Ga
CGF
TS32.015:
TS32.015:
Charging
Charging&&Billing
Billing
for
the
for thePS
PSDomain
Domain
Billing
System BS
GSNs
GSN
CGF
Charging
Gateway
CG
BS
BS
be integrated
in the GSNs
Fig. 17
25
Siemens
GSM BSS
BTS
BTS
UE
T
R
A
U
B
S
C
UTRAN
Node B
R
(n x BTS)
N
Node B
C
(n x BTS)
Node B
(n x BTS)
R
N
C
CS Domain
MSC /
VLR
IWF/
TC
CSE
EIR
GMSC
PSTN
ISDN
HLR AuC
X.25
SGSN
PS
Domain
Release `99:
UTRAN & UE
GGSN
CGF
SMS-GMSC
SMS-IWMSC
IP
Billing
System
SM-SC
Fig. 18
26
Siemens
The UMTS
Network
Siemen
The UMTS Network
Due to different protocol stacks, the Iu interface can be sub-divided into an Iu(ps)
interface and an Iu(cs) interface.
The Iu(ps) interface is used for data and signaling transmission to the PS Domain of
the CN, the Iu(cs) interface is used for data exchange with the CS Domain.
The main task of the RNC is to perform Radio Resource Management RRM for all
UEs in its service area. Therefore, it can be compared to the GSM BSC. Different to
the GSM BSC, it is 100% autonomously responsible for all RRM decisions.
RRM means to be that the RNC is responsible for signaling with the UEs via Radio
Resource Control RRC protocol, it is deciding about the allocation of resources,
Handover to other cells and release of resources,...
The RNC is holding the RRC connection to the UEs as long as data have to be
transmitted.
It is storing the UEs location information to transmit the data to the right location. The
location information can be requested by the CN for Location Based Services.
It is responsible for reliable transmission over the radio interface, performing
Backward Error Correction in acknowledged mode.
It is responsible for Ciphering / De-Ciphering and Integrity Check.
And it is responsible for many more WCDMA specific aspects shown in the following
chapters and TS 25.3xx and 25.4xx series.
27
Siemens
RNC
Radio Network
Controller
MSC /
VLR
CS
Domain
SGSN
IWF/ TC
Iu(CS)
RNS
Radio
Network
Sub
system
Iu(PS)
UTRAN
Iur
RNC
RNC
Radio Network
Controller
Iub
Node
B
PS
Domain
Iub
Node
B
Node
B
Node
B
Uu
UE
Fig. 19
28
Siemens
The UMTS
Siemen
The UMTS Network
Network
Node B
One or more Node B's are controlled and addressed by an RNC. A Node B is a
physical unit for implementation of the UMTS radio interface. It is converting the
physical transmission of the data from fixed network transmission (ATM based) to
WCDMA transmission.
As a central transmission and reception site, it serves one or more UMTS cells. It is
serving one UMTS cell in case of an omni cell with 360 service or, for example, 2, 3
or 6 sector cells with 180, 120 and 60 service respectively.
The Node B is connected:
l
To prepare the data for reliable transmission over the air interface Uu, the Node B
performs many WCDMA specific aspects, which are shown in the following chapters
and in the TS 25.3xx and 25.4xx series.
Node B
RNS
Radio
Network
Sub
system
RNC
ATM Termination
Forward Error Correction FEC
Radio Interface Measurements
(Quality & Strength)
U
T
R
A
N
RNC
Radio Network
Controller
Iub
Node
B
Node
B
Node
B
Node
B
Uu
UE
Sector-Cell
Omni-Cell
Node
B
Sector-Cell
Node
B
Sector-Cell
Fig. 20
29
Siemens
The UMTS
Siemen
The UMTS Network
Network
User Equipment UE
The User Equipment UE is responsible for similar functions as the GSM Mobiles
Station MS, i.e. it is a device allowing a user access to network services.
It consists of the:
l
Mobile Equipment ME, which means to be the Hardware and Software for
WCDMA air interface transmission. The ME is identified by an International Mobile
Equipment Identity IMEI.
UMTS Subscriber Identity Module USIM, which contains data and procedures,
which unambiguously and securely identify itself. These functions are typically
embedded in a stand-alone smart card. This device is associated to a given user
(subscriber license), and as such allows to identify this user regardless of the ME
he uses. The USIM stores the personal identities (e.g. IMSI, MSISDN, PIN),
security algorithm (for e.g. Ciphering, Authentication), the personal phone book,
the USIM Application Toolkit USAT (TS 22.038, 31.111) and many more
information.
The basic functions of the UE are given in the TS TS 23.101. More detailed
descriptions are given in the TS 31 series.
UE
User Equipment
TS 23.101 &
31series
MSC/VLR
Node
B
RNC
SGSN
Uu
UE = ME + USIM
USIM
UMTS Subscriber
Identity Module
ME
Mobile Equipment
Subscriber license
Personal Identities
(e.g.MSISDN, IMSI, TMSI, PIN,...)
Fig. 21
30
Siemens
The UMTS
Network
Siemen
The UMTS Network
Node B
Remark: This list of UMTS functions is not complete. Only the "most important"
functions are shown. A detailed overview is given in TS 23.002.
31
Siemens
UMTS Network
Summary
(Rel. `99)
GSM BSS
BTS
Abis
Um
Uu
UE
BTS
T
R
A
U
B
S
C
Iur
(n x BTS)
R
N
C
MSC /
VLR
IWF/
TC
CAP
Gb
UTRAN
Node B
R
(n x BTS)
Iub N
Node B
C
(n x BTS)
Node B
CS Domain
Iu(CS)
CAP
Iu(PS)
EIR
Gf
SGSN
PS
Domain
HLR AuC
Gr
Gn
X.25
Gc
GGSN
Ga
Gd
ISDN
C/D
CSE
GMSC
PSTN
Gi
CGF
SMS-GMSC
SMS-IWMSC
IP
Billing
System
SM-SC
Fig. 22
32
Siemens
PSTN /
ISDN
UMTS
Network
Intra- /
Internet
UMTS CN
GERAN
Co-existence of
GSM & UMTS
network elements
Further Evolution
Release 4 & 5
UTRAN
Fig. 23
33
Siemens
The UMTS
Network
Siemen
The UMTS Network
The IS-41 CN has been used recently as platform for AMPS, D-AMPS and IS-95.
The GSM CN has been used for the GSM BSS only.
Pure IP CN solutions have been developed by the 3G.IP Forum / IETF. These
ideas are incorporated now in UMTS Release 4 and 5 as additional CN options for
enhanced 3G networks.
UMTS includes the UTRA FDD and TDD mode, respectively from Release 4 on,
two TDD modes (one with a High Chip Rate HCR and one with a Low Chip Rate
LCR).
34
Siemens
3G modularity
& future options
3G RAN
EDGE
3G
Core
Network
Iu
UTRA TDD LCR
UTRA FDD
e.g.
enhanced
GSM / IS-41,
or
R`4, R`5
UMTS CN
MC- CDMA
3G-MSS
strict separation
CN - RAN tasks
flexibility in 3G
Hiperlan-2,
MBS,..
Fig. 24
35
Siemens
The UMTS
Network
Siemen
The UMTS Network
UMTS Release 4 CN
The UMTS CN CS domain is a central aspect of Release 4 modifications (TS
23.002). The intention of these modifications is a separation of the call control from
the transport user the user data.
In UMTS Release 4, the (G)MSC/VLR functions split into two different entities:
l
MSC Server: The MSC Server is responsible for e.g. Call Control CC and Mobility
Management MM. It stores temporarily the subscribers data and takes over the
"VLR functionality". It is interfacing and translating the user-network signaling (TS
24.008) and the network-network signaling and it is controlling one/several
MGW(s) via Mc interface. Furthermore, it is collecting charging data (Call Data
Records CDRs). As Gateway MSC Server, it is responsible for HLR interrogation.
Media Gateway MGW: The MGW is responsible for bearer control and
transmission resource management (e.g. QoS guarantee). It is responsible for the
conversion of the data formats from CN internal, i.e. Nb interface (IP, ATM,) to
either Iu interface (ATM based) or external CS ISDN/PSTN networks. Additionally,
the TC function is allocated to the MGWs interfacing Iu.
New Interfaces
l
Nc: between MSC Server and (G)MSC Server for Bearer-Independent Call Control
BICC.
Mc: between CS-MGW and (G)MSC Server to separate between call control and
bearer control. The ITU standard H.248 respectively its IETF standard equivalent
Media Gateway Control MEGACO is used on Mc.
Nb: between MGWs. Different options are possible on Nb for user data transfer
and bearer control signaling (e.g. ATM, IP).
36
Siemens
UMTS CN R`4
CS Domain
CAP
MSC
Server
Iu
(G-)MSC Server:
Call Control
Level
HLR
PS
PSDomain
Domain
unchanged
unchanged
compared
comparedto
toR`99
R`99
R`4
TS 23.002
GMSC
Server
Nc (e.g. BICC)
Mc
Call Control
Mobility Management
MGW Control
VLR functionality
CDRs
(HLR-Interrogation)
Mc (H.248/MEGACO)
Bearer Level
GERAN
A
UTRAN
Iu
CSMGW
CSMGW
PSTN/
ISDN
MGW:
Bearer Control
CDR: Call Data Records
BICC: Bearer Independent Call Control
MGW: Media Gateway
Fig. 25
37
Siemens
The UMTS
Network
Siemen
The UMTS Network
UMTS Release 5 CN
In Release 5, it should be possible to transmit all data only via one PS domain (the
so-called "All IP CN"). This PS domain can be split up logically into the GPRS CN
with its well known network elements and an IP Multimedia Subsystem IMS, which is
added to the GPRS CN like an external PDN (i.e. via Gi interface). Currently (late
2001) not all Release 5 network elements and functions are defined precisely.
For downward-compatibility reasons to GSM and UMTS Rel. `99 and Rel. `4 it might
be necessary, to support additionally a CS domain.
Here some central Release 5 aspects / functions:
l
Home Subscriber Server HSS: The HSS is used for mobility related aspects,
very similar to the "classical" HLR (storing subscription and routing information).
Media Gateway Control Function MGCF: The MGCF are used e.g. for MGW
control, Call Control and Signaling Protocol Conversion from external SS7 to
internal Session Initiation Protocol SIP.
Call State Control Function CSCF: The CSCF are responsible e.g. for Session
Flow Handling and Application Coordination. They are interfacing the IN /
Application Server/ IN and they are responsible to collect charging data (Charging
Data Records CDRs).
38
Siemens
CSCF:
UMTS CN R`5
IMS & PS Domain
WAP
HSS:
similar HLR
UTRAN
Uu
UE
(USIM)
Node
B
CSCF
HSS
R
Iub
Node
B
R
N
C
MGW
ISDN
IP R
Backbone
R
Iur Iu
SGSN
R
Node
N
B
Iub C
R
GGSN Gi
other
PLMN
IP
X.25
MGCF:
MGW control
PSTN
MGCF
Call Control
Signalling Protocol
Conversion (SS7 to SIP)
R`5
TS 23.002
IMS: IP Multimedia Subsystem
CSCF: Call State Control Function
R: IP Router/Switch
Fig. 26
39
Chapter 4
Security Features
Security Features
Siemens
Security Features
Contents
1
2
3
4
5
6
7
Overview
IMEI Check
(P-)TMSI Allocation
Authentication
Ciphering & Integrity Check
Exercise
Solution
23
79
11195
1521
2735
3747
4153
Siemens
Security Features
Overview
UMTS Security Features
I) Network Access Security:
provide users with secure access to 3G services &
protect against attacks on the radio access link
TS
TS33.102:
33.102:
Security
Security
Architecture
Architecture
II)
I)
I)
ME
I)
III)
III) User Domain
Security:
secures access to MS
(e.g. PIN)
USIM
I)
I)
AN
SN
HE
Access
Network
Serving
Network
Home
Environment
IV)
Overview
Fig. 1
Siemens
Security
Features
Siemen
Security Features
Siemens
Security Features
TS
TS21.133:
21.133:
Security
SecurityThreats
Threats&&Requirements
Requirements
TS
TS33.102
33.102
Security
SecurityArchitecture
Architecture
TS
TS33.120
33.120
Security
SecurityPrinciples
Principles&& Objectives
Objectives
Fig. 2
Siemens
Security
Features
Siemen
Security Features
Siemens
Security Features
Network Access
Security Features
CS Domain
Authentication
MSC/
VLR
- User Authentication:
ISDN
- Network Authentication:
IMEI Check
prevents usage of
stolen / not allowed ME
Node B
UE
=
ME
+
USIM
EIR
R
N
C
Ciphering
prevents eavesdropping of
user data / signaling on Uu
SGSN
PS Domain
HLR AuC
GGSN
IP
X.25
Fig. 3
Siemens
Security Features
IMEI Check
IMEI Check
EIR:
white / gray / black list
ME
ME
stolen
TS
TS23.002,
23.002,
23.003,
23.003,23.060,
23.060,
24.008,
24.008,29.002
29.002
ME
not
allowed
IMEI Check
Fig. 4
Siemens
Security
Features
Siemen
Security Features
IMEI Check
The IMEI Check is an optional feature, which can be used to prevent the usage of
stolen or not allowed mobile equipment. This feature remains the same as in GSM.
The International Mobile Equipment Identity IMEI identifies uniquely a Mobile
Equipment ME. Two versions of IMEI are defined (TS 23.003):
IMEI: The IMEI is composed of a Type Approval Code TAC (6 digits), a Final
Assembly Code FAC (2 digits) to identifies the place of manufacture/final assembly, a
Serial Number SNR (6 digits) as individual serial number uniquely identifying each
equipment within each TAC and FAC and a Spare digit (1 digit) being zero, when
transmitted by the MS / UE.
IMEISV (IMEI & Software Version number): The IMEISV is composed of the Type
Approval Code TAC, Final Assembly Code FAC, Serial Number SNR and a Software
Version Number SVN (2 digits), which identifies the ME software version number.
The security requirements of the IMEI are defined in 3GPP TS 22.016.
The IMEI should be surely stored in the ME. In certain cases, the Serving Network
SN may request the UE to send it the IMEI. This shall be done only after
authentication. In the case of emergency calls, no IMEI check should be performed.
The Equipment Identity Register EIR (TS 23.002) is responsible for storing the
IMEIs in the network. The ME is classified as "white listed", "gray listed", "black listed"
or it may be unknown as specified in TS 22.016 and TS 29.002.
The white list is composed of all number series of equipment identities that are
permitted for use. The black list contains all equipment identities that belong to
equipment that need to be barred. Besides the black and white list, administrations
have the possibility to use a gray list. Equipment on the gray list are not barred, but
are tracked by the network (for evaluation or other purposes).
An EIR shall as a minimum contain a "white list".
Siemens
Security Features
IMEI Check
IMEI Check
EIR:
(optional)
ME
EIR:
EIR:
TS
TS23.002
23.002
not in case of
emergency calls
IMEI(SV):
IMEI(SV):
TS
TS23.003
23.003
TAC
FAC
SNR
Serial Number
6 digits = 24 Bit
2 digits = 8 Bit
6 digits = 24 Bit
Spare
1 digit = 4 Bit
FAC
SNR
Serial Number
6 digits = 24 Bit
2 digits = 8 Bit
6 digits = 24 Bit
SVN
2 digit = 8 Bit
Fig. 5
Siemens
Security
Siemen
Security Features
Features
IMEI Check
Authentication
TS
TS33.102
33.102
IMEI
IMEICheck
Check
2) Identity Request
optional
optional
after
afterauthentication
authentication
totobe
beperformed
performedatatany
anyaccess
accessattempt
attempt
&&during
duringestablished
establishedcalls
callsatatany
anytime
time
not
in
case
of
emergency
calls
not in case of emergency calls
not
at
IMSI
Detach
not at IMSI Detach
1) Identity Request
[Identity Type]
3) Identity Response
[IMEI/IMEISV]
4) Identity Response
5) Check IMEI
[IMEI/IMEISV]
UE
SRNC
VLR
SGSN
TS
TS29.002
29.002
EIR
Fig. 6
10
Siemens
Security Features
(P-)TMSI Allocation
UMTS Security Features
MSC/VLR
TMSI
ME
P-TMS
IMSI?
Mr. / Ms. XY!
SGSN
TS
TS23.002,
23.002,
23.003,
23.003,23.060,
23.060,
24.008,
24.008,29.002
29.002
(P-)TMSI Allocation
Fig. 7
11
Siemens Features
Security
Security Features
Siemen
(P-)TMSI Allocation
A unique International Mobile Subscriber Identity IMSI shall be allocated to each
mobile subscriber in the GSM system.
To achieve user identity confidentiality and user location confidentiality, the user is
normally identified by a temporary identity (Temporary Mobile Subscriber Identity
TMSI or Packet-TMSI) by which he is known by the Serving Network SN. To avoid
user traceability, which may lead to compromise of user identity confidentiality, the
user should not be identified for a long period by means of the same (P-) TMSI (TS
33.102). (P-)TMSI should be used at any Location Update Request, Service Request,
Detach Request, connection re-establishment request, etc.
A (P-)TMSI has local significance only in the LAI or RAI in which to user is registered.
Outside that area it should be accompanied by an appropriate LAII or RAI in order
avoid ambiguities. The association between IMSI and TMSI / P-TMSI is kept by the
VLR / SGSN in which the user is registered.
IMSI structure
The IMSI is composed of three parts: Mobile Country Code MCC, Mobile Network
Code MNC and Mobile Subscriber Identity Code MSIN. The MCC (3 digits; CCITT
administered) identifies uniquely the country of the mobile subscriber. The MNC (2
digits) identifies the Home PLMN of the mobile subscriber. The MSIN identifies the
mobile subscriber within a GSM PLMN. The IMSI shall consist of numerical
characters (O through 9) only. The overall number of digits in IMSI shall not exceed
15 digits.
(P-)TMSI structure
Since the (P-)TMSI has only local significance (i.e. within a VLR/SGSN area), the
structure and coding of it can be chosen by agreement between operator and
manufacturer in order to meet local needs. The P-TMSI / TMSI consists of 3 / 4
octets. It can be coded using a full hexadecimal representation.
12
Siemens
Security Features
Subscriber Identity
TMSI
TMSI/ /P-TMSI
P-TMSI
IMSI
International Mobile Subscriber Identity
(15 digits)
MCC
MNC
MSIN
3 digits
2 digits
10 digits
protect
protectuser
useridentity
identityconfidentiality
confidentiality
normally
normallyused
usedinincase
caseofofunciphered
unciphered
user id. transmission
user id. transmission
allocated
by
VLR/SGSN
allocated by VLR/SGSN
local significance only in the LA/RA
local significance only in the LA/RA
where
wherethe
theuser
userisisregistered
registered
accompanied by LAI/RAI
accompanied by LAI/RAI
structure:
operator-dependent
structure: operator-dependent
Re-allocation
Re-allocationas
asoften
oftenas
aspossible
possible
(only
(onlyciphered
ciphered&&ininconjunction
conjunction
with
other
procedures)
with other procedures)
TS
TS33.102
33.102
TS
TS23.003
23.003
Packet-TMSI
3 bytes
TMSI
4 bytes
UE
SGSN
VLR
MCC: Mobile Country Code
MNC: Mobile Network Code
MSIN: Mobile Subscriber
Identification Number
Fig. 8
13
Siemens
Security
Siemen
Security Features
Features
TS
TS33.102
33.102
Paging
Paging
Paging
NAS Signaling
Connection
Establishment*
Initial UE Message
[IMSI]
[IMSI]
Identification
by (P-)TMSI
not possible
UE
SRNC
TS
TS23.060
23.060
(P-)TMSI
Re-Allocation
VLR
SGSN
NAS: Non-Access Stratum
Fig. 9
14
Siemens
Security Features
Authentication
UMTS Security Features
UMTS
Authentication:
chosen to achieve
maximum compatibility
with GSM security
architecture
AuC
USIM
ME
AN
SN
HE
Access
Network
Serving
Network
Home
Environment
enhanced
mechanism
& keys
TS
TS33.102
33.102
Authentication
Fig. 10
15
Siemens
Security
Siemen
Security Features
Features
Authentication
In UMTS different to GSM both sides of the radio transmission check the correct
identity of their counterpart. Not only the user identity is checked by the Serving
Network SN. Additionally, the authorization of the SN to provide services is checked
by the UE. Both, user and network authentication should occur at each connection
set-up (TS 33.102).
So the objective of the Authentication process is to enable User Authentication
similar to the GSM Authentication and additionally Network Authentication.
Furthermore, the Authentication process provides the keys for Ciphering and
Integrity Check to the User Equipment UE.
The authentication process should occur at each connection set-up between the user
and the network.
It has been chosen in such a way to achieve maximum compatibility with the GSM
security architecture and facilitate migration from GSM to UMTS.
Nevertheless, the security mechanism and keys for authentication have been
enhanced significantly.
User Authentication:
User identity alright?
Authentication
Basics
shouldoccur
occuratateach
each
should
connectionset-up
set-up
connection
AuC
USIM
New!
User&&Network
Network
User
Authentication
Authentication
AN
SN
HE
Access
Network
Serving
Network
Home
Environment
Ciphering
Signaling Data Integrity
SN authorised by HE
to provide me services?
Fig. 11
16
Siemens
Security
Features
Siemen
Security Features
17
Siemens
Security Features
Basic Principles
secret Key
128 bit length
IMSI K;
f1...f5
Authentication
Data Request [IMSI]
Authentication
Data Response
[AV(1..n)]
USIM
AuC
HLR
VLR / SGSN
Authentication Request
[Authentication Parameter]
Network
Authentication Authentication Response
Visited PLMN
Authentication Vector
/ Quintet
User
Authentication
Home PLMN
K: secret Key
SQN: Sequence Number
f1...f5: message authentication /
key generating Functions
Fig. 12
18
Siemens
Security
Features
Siemen
Security Features
Authentication Vector AV
Each Authentication Vector consists of the following components (TS 33.102):
l
a Cipher Key CK, which is necessary for Ciphering. It shall have a fixed length of
128 bit.
an Integrity Key IK, which is used for Signaling Data Integrity Check. Its length is
128 bit.
19
Siemens
Security Features
Authentication Vector AV
randomly generated,
i.e. non-predictable
Used for
integrity check
consisting of 3 parts
Used for network
authentication
RAND
XRES
CK
IK
AUTN
Random Number
128 bit
Expected Response
32 - 128 bit
Cipher Key
128 bit
Integrity Key
128 bit
Authentication Token
48 + 16 + 64 bit
VLR / SGSN
USIM
generate RES(i) =
f2(RAND(i),K)
AUTN(i) for
(store AV(1..n))
Authentication Request
[RAND(i), AUTN(i)]
Authentication Response
[RES(i)]
Network Authentication
User Authentication:
Compare
XRES(i) & RES(i)
RES: Response
Fig. 13
20
Siemens
Security
Features
Siemen
Security Features
21
Siemens
Security Features
AV Generation
AuC
Database
SQN Generator
RAND Generator
(IMSI;K)
AMF
SQN
Sequence Number
Authentication &
key Management
Field
f2
f1
MAC
Message Authentication
Code
Network Authentication
AV =
AMF
XRES
Expected Response
User
Authentication
RAND
Random number
XRES
Expected Response
RAND
secret Key
Random Number
f3
f5
f4
CK
IK
AK
Cipher Key
Ciphering
Integrity Key
Ciphering
Anonymity Key
SQN Anonymity
CK
Cipher Key
IK
Integrity Key
AUTN
Authentication Token
SQN AK AMF
48 bit
16 bit
MAC
64 bit
Fig. 14
22
Siemens
Security
Features
Siemen
Security Features
23
Siemens
Security Features
Authentication Request
[RAND(i), AUTN(i)]
Generate:
RES
XMAC
CK
IK
(stores AV(1..n))
Authentication Response
[RES(i)]
or Authentication Reject
[XMAC MAC]
RAND
VLR / SGSN
f5
Compare:
XRES(i) = RES(i) ?
User Authentication
SQN AK AMF
MAC
AUTN
AK
SQN
AMF:
Authentication &
key Management
Field
f4
f3
f2
f1
IK
CK
RES
XMAC
Integrity
Check
Ciphering
to network
User
Authentication
XMAC = MAC ?
Network
Authentication
XMAC:
Expected Message
Authentication Code
AK: Anonymity Key
Fig. 15
24
Siemens
Security
Features
Security Features
Siemen
Synchronization Failure
At the beginning of the Authentication process, the AuC generates the Sequence
Number SQN. SQN shall have a length of 48 bit. The structure & content of SQN is
operator-dependent. SQN may contain information used to restrict the Authentication
Vector AV validity time or to verify the Serving Network SN Identity.
SQN, being a part of AUTN, is transmitted via VLR/SGSN (Authentication Data
Response) to the USIM (Authentication Request).
The USIM regenerates SQN and verifies that the received SQN is in the correct
range.
If the USIM considers SQN to be not in the correct range, it sends the
Synchronization Failure message back to the VLR/SGSN including the appropriate
parameter, and abandons the connection set-up.
Upon receiving a Synchronization Failure message from the UE, the VLR/SGSN
sends an Authentication Data Request with a Synchronization Failure Indication to
the AuC of the users Home Environment HE together with RAND and the
appropriate parameter received from the UE.
The AuC checks the parameter, generates a fresh set of AVs and sends them with
an Authentication Data Response message to the VLR/SGSN.
Whenever the VLR/SGSN receives a new set of AVs from the AuC in an
Authentication Data Response to an Authentication Data Request with
Synchronization Failure Indication it deletes the old AVs for that UE. The VLR/SGSN
may now start a new authentication process to the UE based on a new AV from the
AuC.
25
Siemens
Security Features
SQN
Synchronisation Failure
generates SQN:
length = 48 bit
content operator-dependent
e.g. for restricted AV validity time,
verification of SN Id.
SQN AK AUTN
Re-generates SQN
SQN in correct range ?
No Synchronisation Failure
Yes continue
Authentication
AuC
USIM
VLR /
Authentication Request
[RAND(i), AUTN(i)]
Synchronisation Failure
or Authentication Response
[RES(i)]
Authentication
Data Request [IMSI]
HLR
Authentication Data
Response [AV(1..n)]
] ]
st tion ..n)
e
a
qu dic V(1
Re e In e [A
SGSN
ta r s
DaFailu pon
.
th n. es
Au hro a R
t
c
yn Da
[S th.
Au
&
Network
Fig. 16
26
Siemens
Security Features
AV Request:
Providing Keys
for Ciphering &
Integrity Check
Key
Setting
VLR /
SGSN
S-RNC
SN
UE
HLR
HE
Serving
Network
AuC
Home
Environment
Mandatory!!
Mandatory!!
27
Siemens Features
Security
Siemen
Security Features
28
Siemens
Security Features
Connection Set-up:
1
UMTS
UMTSIntegrity
IntegrityAlgorithm
AlgorithmUIA*
UIA*:1:
UIA1
UIA1==Kasumi
Kasumialgorithm
algorithm
2
UMTS
UMTSEncryption
EncryptionAlgorithm
AlgorithmUEA*
UEA*2: :
Connection Establishment
includes: UE security capabilities (UIAs / UEAs)
UEA0
UEA0==no
noencryption
encryption
UEA1
UEA1==Kasumi
Kasumiencryption
encryption
further
furtherUIA/UEA
UIA/UEAplaned
planed
Authentication Request
Authentication Request
generates:
RES, XMAC,
[RAND, AUTN]
[RAND, AUTN]
Authentication Response
Authentication Response
CK, IK
[RES]
[RES]
start Integrity
UE
*1 also denoted by f9
*2 also denoted by f8
Authentication
& Key
Generation
Security
Mode
Set-Up
start (De-)Ciphering
SRNC
VLR
SGSN
Fig. 18
29
Siemen
Security Features
Siemens Features
Security
Basic Principle
Control Data:
start of Integrity protection mandatory
nearly all control data Integrity protected*
UE
SRNC
*not in case of
emergency calls
Transmitter
Control Data
Receiver
Encrypted
check sum
IK dependent
check sum generator
IK
Encrypted
Control
Data Data
Control
check sum
check sum
generator
Expected
check sum
IK
Equal?
Encrypted
check sum
Fig. 19
30
Siemens
Security
Features
Security Features
Siemen
31
Siemens
Security Features
Transmitter
(UE or S-RNC)
Integrity
Sequence No.
UL = 0
DL = 1
COUNT-I
IK
Integrity Key
Control Data
encrypted
check sum
random value
S-RNC generated
valid for connection
duration
prevents replaying
of old MAC-Is
Receiver
(UE or S-RNC)
COUNT-I
FRESH
IK
Direction
direction bit
f9 (UIA)
f9 (UIA)
MAC-I Control Data
MAC-I
XMAC-I
Equal?
UE
Direction
Integrity Key
direction bit
verify MAC-I
start Integrity
- ...
FRESH
SRNC
[MAC-I]
Fig. 20
32
Siemens
Security
Features
Security Features
Siemen
33
Siemens
Security Features
Ciphering
UMTS Encryption Algorithm UEA
not in case of
emergency calls
SRNC
UE
UL = 0
DL = 1
Cipher
Sequence No.
COUNT-C
1 Bearer parameter /
user radio bearer
UE or S-RNC
Direction
Bearer
Length
direction bit
length indicator
indicate length
of required
keystream block
CK
f8 (UEA)
Cipher Key
cipher sequence
Keystream block
Plain text block
ciphered text block
Keystream block
Keystream block
=
=
Fig. 21
34
Siemens
Security
Features
Siemen
Security Features
35
Siemens
Security Features
Authentication
- User Authentication:
network checks real user identity;
prevents misuse / misappropriation
of network resources / services
- Network Authentication:
UE checks network authorisation
to provide service
Ciphering
prevents eavesdropping of
user data / signalling on Uu
IMEI Check
prevents usage of
stolen / not allowed ME
UE
SRNC Summary
VLR
SGSN
Fig. 22
36
Chapter 5
UTRA Aspects
UTRA Aspects
Siemens
UTRA Aspects
Contents
1
2
3
4
5
Power Control
RAKE Receiver
Handover
Exercise
Solution
23
181
1217
2027
2433
Siemens
UTRA Aspects
Power Control
UTRA Aspects
Power
P
Time t
3
2
1
Power
Control
Frequency f
Power Control
Fig. 1
Siemens Aspects
UTRA
Siemen
UTRA Aspects
Power Control
Principle
BTS
CDMA:
everyone
in the same
frequency band
everyone is
interferer
for everyone
UL & DL
Power Control
for
Interference limitation
P(UE2)
P(UE1)
UE2
UE1
BTS
near far
problem:
P(UE1) P(UE2)
at BTS-Receiver
Fig. 2
Siemens Aspects
UTRA
UTRA Aspects
Siemen
Siemens
UTRA Aspects
UTRA
Power Control
PC - Types:
Open Loop PC
Inner Loop PC
Outer Loop PC
S/N > (S/N)def
TPC = Down
else TPC = Up
DL:
Inner Loop PC
P(BTS) UE TPC
UL:
(C/I)def variation, to
guarantee QoS (BER,..)
Inner Loop PC
P(UE) BTS TPC
Open Loop PC
RNC
BTS
(Node B)
PC: Power Control
TPC: Transmit Power Control
S/N: Signal to Noise
P(UE) oriented at
BTS DL Power;
for initial transmission
UE
UE:
UE:TS
TS25.101/102
25.101/102(FDD/TDD)
(FDD/TDD)
BTS:
TS
25.104/105
BTS: TS 25.104/105(FDD/TDD)
(FDD/TDD)
PC-types:
PC-types:TS
TS25.401
25.401
Fig. 3
Siemens
UTRA Aspects
UTRA Aspects
Siemen
Siemens
UTRA Aspects
UTRA
Power Control
FDD:
FDD:1500
1500PC
PCcycles/s
cycles/s
(1(1TPC
TPCjejeTS)
TS)
Fast
Power Control
TDD:
TDD:100
100- -800
800cycles/s
cycles/s
(100/s:
(100/s:per
perframe;
frame;>100/s:
>100/s:
depends
on
depends onframe
frameconfiguration)
configuration)
BTS
max. power:
vendor specific
PC steps:
1, 2, 3 dB
Dynamic:
30 dB (= 1000)
UTRA Capacity
Interference limited
system stability
UE
max. power (4 classes):
UE:
UE:TS
TS25.101/102
25.101/102(FDD/TDD)
(FDD/TDD)
BTS:
BTS:TS
TS25.104/105
25.104/105(FDD/TDD)
(FDD/TDD)
Fig. 4
Siemens
UTRA Aspects
RAKE Receiver
UTRA Aspects
RAKE Receiver
CDMA Advantage
from
Multipath
propagation
Path 2
Path 1
Path 3
RAKE Receiver
Fig. 5
Siemens
UTRA Aspects
Siemen
UTRA Aspects
RAKE receiver
CDMA can benefit from multipath propagation of radio waves with the use of a socalled RAKE receiver. The information for transmission reaches the receiver in
practice not only by direct "line of sight", but also via echos from obstacles. Normally
this increases the noise level, a situation that is not desirable. The reflected
information passes over longer paths than the direct line of sight and is therefore
delayed. If the delay is longer than one chip, the receiver usually regards the
reflected information as undesirable noise. The use of RAKE receivers turns this
disadvantage to an advantage.
A RAKE receiver has a number of RAKE fingers. Each of these RAKE fingers
changes (by de-spreading) broadband signals with different delays from the same
source (i.e., with the same spreading code) back into user information by using the
spreading code. This can be done because the different RAKE fingers apply the
spreading code with delays.
The RAKE fingers obtain information from a so-called Matched Filter (MF) for the
synchronization required. The MF compares incoming information with predefined
data sequences. These sequences are shifted in time. If the incoming chip
sequences match the predefined sequences, a power peak is registered. Predefined
information and information in the UL / DL contain so-called pilot sequences or the
mid-ambles of the TDD bursts. The MF returns information on the delays of the
different user signals in this way. It also supplies information on the amplitude of the
different user signals.
The RAKE fingers are responsible for the de-spreading of the user signals received
by multipath propagation. The fingers also correct the information with regard to
phase and adapt the timing of the information.
Depending on the signal strength (MF information), the information components are
summed (Maximum Ratio Combining).
A strong signal consisting of multipath components is therefore obtained in this way
with a RAKE receiver.
Siemens
UTRA Aspects
RAKE
Receiver
RAKE Receiver:
several finger for multipath components
DeSpreading
Code (t-d1)
Finger 1
DeSpreading
Code (t-d2)
Finger 2
DeSpreading
Code (t-d3)
a1
a2
a3
Finger 3
Maximum
Ratio
Combining
d: delay
a: attenuation
RAKE finger:
Despreading ( MF-Info!)
Phase correction
Delay correction
Fig. 6
10
Siemens
UTRA Aspects
Siemen
UTRA Aspects
MultiUser
Detection MUD
UE 2:
Code 2
DeSpreading
Code 1
DeSpreading
Code 2
DeSpreading
UE n:
Code n
Code n
Node B
Data 1
Data 2
Data n
UE 1:
Code 1
BTS
(Node B)
MUD:
mainly for UL (in Node B)
reduces Intra-Cell interferences
increases capacity
reduces Near-Far problem
Fig. 7
11
Siemens
UTRA Aspects
Handover
UTRA Aspects
UE
Measurement:
Connection quality & strength
+ strength of own & surrounding BTS
Measurement:
Connection quality & strength
Measurement Report
BTS
Pre-processing of measurements
Measurement
Report
HOV
Decision
UMTS Handover
decision similar GSM
initiated by RNC
performed by UE
RNC
Handover
Fig. 8
12
Siemens
UTRA Aspects
Siemen
UTRA Aspects
UTRA handover
The criteria and procedures for performing handover in UMTS are similar to those in
GSM. The UE and BTS determine the quality and strength of a radio transmission.
The UE also determines the signal strength and quality of its own and the local
BTS's. The measurement values are compiled in a measurement report for use by
the RNC as a basis for deciding for or against handover. If handover is decided upon,
the new BTS is activated and included in the so-called active set. The RNC is
responsible for decisions regarding the acceptance or rejection of handovers, while
the execution (initiation of contact with the new BTS) is the responsibility of the UE.
Hard handover
Hard handovers refer to handovers in which a mobile station (MS) transmits its user
information only via one base station at any one time. Up until the time of the
handover command, the MS communicates with the old base station over a specific
physical channel. After the handover command, the MS changes the physical
channel and then communicates with the new base station.
Hard handovers are used in GSM and in the following cases in UMTS:
During TDD / TDD handovers
During FDD handovers if the frequency (interfrequency handover) or the Core
Network is changed
During inter-system handovers for example, when changing from FDD to TDD or
from UMTS to GSM.
Soft handover
Soft handovers refer to handovers in which a mobile station (MS) transmits its user
information via more than one base station at the same time. Soft handovers can be
used in CDMA systems in order to prevent an increase in power of the MS in
boundary areas between different cells. This reduces the interference level and
therefore increases the capacity of the system. Moreover, the contact with more than
one base station ensures the connection to a moving MS in difficult terrain.
Soft handovers are used in IS-95 and MC-CDMA and in the following cases in
UMTS:
During FDD / FDD handovers (without frequency changes).
13
Siemens
UTRA Aspects
DL
UL
DL
UL
DL
Hard Handover
Soft Handover
GSM
UTRA TDD
UTRA FDD at:
Interfrequency HoV (HCS)
CN-Change
Inter-System HoV
FDD - TDD
UMTS - GSM
IS-95
MC-CDMA
UTRA FDD
Fig. 9
14
Siemens
UTRA Aspects
UTRA Aspects
Siemen
Soft handover
UE can communicate with two or three BTS's during soft handovers in the UTRA
FDD mode due to the fact that all cells use the same frequency. If the mobile station
enters the boundary area between two or three cells, the RNC can decide that a
connection with two or three BTS's is advantageous. The RNC reserves
corresponding codes in the different cells for the UE and commands the UE to
implement handover to the new BTS (or BTS's). As of this time, the information is
handled by the relevant BTS's. The identity of the cells involved in the connection is
stored in the RNC as an active set.
The Node B's receive the transmission from the UE, despread it and forward the
information over the Iub interface to the RNC. The RNC combines this information
and forwards it via the Iu interface to the Core Network (CN). This procedure is
implemented frame for frame. The quality of the supplied frames is the basis for
assessment. Only information in frames with top quality is used.
The gain due to reception of additional signals in soft handovers is also known as
macro diversity.
In the opposite direction, the RNC splits the information from the Core Network and
forwards it to the different Node B's. During soft handover the UE receives the
transmission of the (apart from the TPC command) identical information from the
various Node B's / BTS's. The transmission information from the BTS's is despread
by different RAKE fingers and combined (Maximum Ratio Combining MRC).
Softer handover
Softer handovers are handovers between sector cells in the same Node B. The
transmission information received via the antennae of the different sector cells is
handled by different RAKE receivers and combined in the Node B itself (Maximum
Ratio Combining MRC). Softer handovers are internal Node B affairs. Additional
(Iub) transmission capacity to the RNC is not required.
The gain due to reception of additional signals in softer handovers is also known as
macro diversity.
15
Siemens
UTRA Aspects
Softer Handover
Node B
Sector cells
Node B
Iub
Node B
Node B
Iub
Combining /
Splitting
RNC Active
Iu
CN
Iub
Set
Active Set:
max. 3 Cells
RNC
Fig. 10
16
Siemens
UTRA Aspects
Siemen
UTRA Aspects
Soft Handover
S-RNC: Serving RNC
D-RNC: Drift RNC
RR: Radio Resource
Inter-RNC HoV
Node B
Iub
Node B
Node B
RNC
Iub
Iub
Iur
Combining /
Splitting
RNC Active
Iu
CN
Set
S-RNC: Combining/Splitting + RR allocation
D-RNC: only RR allocation
change D-RNC S-RNC possible
Fig. 11
17
Siemens
UTRA Aspects
UTRA Aspects
Siemen
Bandwidth B = 5 MHz
Re-use factor = 1
FDD and TDD both use the "OVSF code tree" for channelization codes.
Differences between TDD and FDD are mainly based on the different multiplex
methods used (and of course on the different UL/DL coordination/frequencies).
The FDD mode uses pure DS-CDMA thereby producing a continuous transmission.
The shortest transmission duration is one frame (10 ms).
The TDD mode uses a TDMA / DS-CDMA hybrid solution which produces
transmission of bursts.
The FDD mode uses 1500 power control cycles (1 TPC / TS).
The TDD mode uses 100 to 800 power control cycles/s depending on the frame
configuration.
The FDD mode mainly uses soft handovers (except for changes in frequency /
system).
The TDD mode uses hard handovers.
The FDD mode has advantages in its use of relatively large cells (macro and micro
cells), particularly for UE moving at high speed. The TDD mode offers advantages for
small-space, quasi-stationary applications (in pico and micro cells).
The main advantages of the TDD mode are as follows:
l
18
Siemens
UTRA Aspects
Zone 3: Suburban
Zone 2: Urban
Zone 1:
Indoor
Macro Cell
FDD
continuous transmission
SF = 4 - 256/512
1500 PC-cycles/s
Soft Handover
Micro Cell
Pico Cell
bandwidth B = 5 MHz
chip rate Rc = 3,84 Mchip/s
Re-Use = 1
OVSF Code tree
1 TS = 2/3 ms = 2560 chip
1 frame = 10 ms
TDD
bursty structure
SF = 1 - 16
100 - 800 PC cycles/s
Hard Handover
1 Superframe = 72 frames
Fig. 12
19
Chapter 6
UMTS Radio Access
Basic Principles
Siemens
Contents
1
2
3
3.1
3.2
3.3
3.4
3.5
4
5
6
23
191
2127
2228
2632
3036
3440
3642
3845
4251
4657
Siemens
DL
FDMA
Duplex
transmission
FDD
TDD
Multiple
Access
TDMA
CDMA
Transmission Principles
& 2G Examples
Fig. 1
Siemens
UMTS
Siemen
UMTS Radio Access: Basic Principles
Siemens
Duplex Transmission:
FDD & TDD
Time t
Time t
duplex distance
UL
TDD:
UL / DL
separated by
Time!
DL
UL
DL
UL
frequency f
DL
Frame
with n TS
FDD: UL / DL
separated by
Frequency!
FDD: Frequency Division Duplex
TDD: Time Division Duplex
TS: Time Slot
UL
frequency f
Fig. 2
Siemen
UMTS Radio Access: Basic Principles
Multiplex methods
Multiplex methods are used to divide the limited frequency resources of a cell
between the different subscribers and mobile stations in the cell. Three different
methods are mainly used today: Frequency Division Multiple Access (FDMA), Time
Division Multiple Access (TDMA) and Code Division Multiple Access (CDMA). Other
multiplex methods are currently being researched or developed (for example, Space
Division Multiple Access SDMA).
Siemens
Multiple Access
Power
P
Power
P
FDMA
time t
time t
TDMA
TS 3
TS 2
TS 1
1
frequency f
frequency f
Power
P
time t
CDMA
3
2
1
co-ordination of
restricted frequency resources
to different subscriber
Multiple
Access
FDMA
TDMA
CDMA
Frequency
Time
Code
frequency f
Fig. 3
Siemen
UMTS Radio Access: Basic Principles
Siemens
1,88
GHz
TS7
Example:
GSM900
TS6
TS5
frame
4.615
ms
2G
cellular:
TS4
TS3
FDD, TDMA
(&FDMA)
TS2
TS1
TS0
200 kHz
20
MHz
1,728
MHz
10
time
460
465,74
frequency [MHz]
455,74
DL
450
C450,
NMT,
AMPS
Example:
DECT
e.g.
DL
Example:
C450
UL
UL
FDD,
pure
FDMA
20 kHz
1G:
time
time
Examples
1 2 3 4 5 6 7 8 9 101112131415161718192021222324
1,90
GHz
frequency
[MHz]
2G CT:
TDD, TDMA e.g. DECT
e.g.
GSM, PDC,
D-AMPS
frequency [MHz]
2G Example CDMA:
IS-95 (later)
Fig. 4
Siemens
Code Division
Multiple Access
3
2
1
frequency f
CDMA
Basics & Example
Fig. 5
Siemens
UMTS
Power P
CDMA
Principle
user 1
user 2
CDMA:
Spread Spectrum Technology
every user with unique Code
high bit rate Code: Spreading / De-Spreading
user 1 & 2
frequency f
frequency f
Unspread
Signals
Fig. 6
Spread
Signals
Radio Transmission =
5 spread signals
after
De-Spreading
10
Siemens
UMTS
Advantages of CDMA
The CDMA principle is associated with many attributes that can have positive effects
for transmission of information.
The coded transmission and the low information concentration of the CDMA signals
were particularly important for the military applications. A transmitted signal can only
be despreaded, and the data regenerated, if the receiver has the correct spreading
code. The low information concentration allows information to be discretely
transmitted the signals are for all intents and purposes concealed in background
noise.
The high level of stability of the broadband information transmission against the
effects of narrowband background noise is vitally important for military and civil
utilization. Frequency hopping is used in narrowband systems (such as GSM) to
obtain this effect.
Yet another CDMA attribute is extremely important for civil applications in mobile
communications systems. CDMA in principle allows the re-use of the same frequency
band in all neighboring cells (re-use = 1). In contrast, the same frequency bands
cannot be re-used in neighboring cells in FDMA or TDMA systems. To prevent
interference by subscribers at the same frequencies or in the same timeslots, cells
with identical frequencies must be spatially separated. In FDMA and TDMA systems,
cells are arranged in a careful, complicated frequency planning process. Re-use
schemes of 1/7, 1/9, etc. are typical. As a result, only one part (1/7, 1/9, ...) of the
theoretically available frequency band can be used in the one cell.
CDMA can therefore in principle do without complicated frequency planning, and
allows efficient usage of the available (scarce) frequency resources.
The limits to transmission capacities in FDMA and TDMA systems are determined by
a fixed number of physical channels. With CDMA, however, there is a "soft" capacity
limit. The capacity of CDMA systems is mainly restricted by the interference of other
subscribers in a cell (so-called intra-cell interference) and interference from other
cells (inter-cell interference).
Another CDMA advantage is a stable transmission especially in severe environment.
This is caused by the so-called Multipath Advantage and Soft Handover. Both effects
are described later.
Due to an essential need for precise and fast Power Control, CDMA mobile stations
also need less transmission power than TDMA mobiles. The UMTS Power Control is
also described later on.
11
Siemens
CDMA
Advantages
Stability
narrow-band interference
Stability in severe environment
( Multipath Advantage, Soft HoV)
simple frequency planning (Re-Use: 1)
efficient radio resource usage
lower transmission power ( Power Control)
(UMTS; Reuse: 1)
1/1
3/7
4/7
2/7
1/1
1/7
5/7
7/7
1/1
1/1
1/1
6/7
Re-Use
Distance
1/1
1/1
2/7
Fig. 7
12
Siemens
UMTS
Siemen
UMTS Radio Access: Basic Principles
CDMA types
Signals can be spread for CDMA using a number of different methods. The following
three CDMA methods are most commonly used: TH-CDMA, FH-CDMA and
DS-CDMA.
13
Siemens
time t
CDMA
Types
Time
Hopping
(TH-CDMA)
Direct
Sequence
(DS-CDMA)
DS-CDMA
IS-95
Globalstar
UMTS
Frequency
Hopping
(FH-CDMA)
FH-CDMA
Bluetooth
frequency f
Fig. 8
14
Siemen
UMTS Radio Access: Basic Principles
DS-CDMA:
+1
Transmission /
Reception
Spreading
Code
-1
1
Chip
Air
Interface
Binary
Data
RB
Spreading
RC
Code
Generator
Wideband
Modulation
DeModulation
fT
Carrier
Generator
Binary
Data
DeSpreading R
B
RC
Carrier
Generator
timesynchronisation
!!!
Code
Generator
Fig. 9
15
Siemens
UMTS
Spreading / de-spreading
In UMTS, the binary, digital subscriber data (1, 0) is converted on the transmission
side to bipolar data (+1, 1) before the spreading process takes place. The spreading
code also consists of bipolar data. The value of a chip can be +1 or 1. The
subscriber data is then multiplied by the high chip rate spreading code. The result is
the coded data, which is then transmitted over the radio interface.
The receiver multiplies the received, code data sequence with the bipolar spreading
code to obtain a bipolar data sequence. The original subscriber data is recovered by
converting this data sequence to binary, digital data.
16
Siemens
Spreading / De-Spreading
1 Symbol
Binary Data
Bipolar
Data
+1
SF = Rc / RS
=B/W
-1
x
Spreading
Code
=
Spreaded
Data
+1
-1
Bit / Symbol
modulation principle
e.g.:
GMSK: 1 / 1 (Bit/Symbol)
BPSK: 1 / 1
QPSK: 2 / 1
8PSK: 3 / 1
+1
-1
x
Spreading
Code
=
Bipolar
Data
Binary Data
+1
-1
+1
-1
1
1 Chip
B = bandwidth, spreaded
W = bandwidth, un-spreaded
RS: Symbol Rate [symb/s]
RB: Bit Rate [bit/s]
RC: Chip Rate [chip/s]
SF = Spreading Factor
GMSK: Gaussian Minimum Shift Keying
BPSK: Binary Phase Shift Keying
QPSK: Quadrature PSK
8PSK: Eight PSK
Fig. 10
17
Siemen
UMTS Radio Access: Basic Principles
18
Siemens
Spreading /
De-Spreading
Bipolar
Data 1
Example:
SF = 2;
2 user
Code 1
Code 1
= ( 1 / -1)
Spread
Data 1
Code 2
= ( 1 / 1)
Data User 1
+1
Bipolar
Data 2
-1
+1
Code 2
-1
+1
Spread
Data 2
-1
Data User 2
+1
-1
+1
-1
+1
-1
x
Code 1
=
De-Spread
Data 1
S Signals
(Receiver)
+2
0
-2
+1
Code 2
-1
+2
0
-2
De-Spread
Data 2
+2
after
Integration
+1
-1
+2
0
-2
+2
after
Integration -2
-2
User Data 1
+2
0
-2
User Data 2
Fig. 11
19
Siemens
UMTS
Example CDMA:
IS-95 (2G)
Power P
time t
64 PN-Codes
1.25 MHz
IS-95 parameter:
FDD / CDMA
B = 1,25 MHz
Rc = 1,2288 Mchip/s
SF = 64
Modulation: QPSK / BPSK (DL / UL)
Power Control: 800 cycles/s
Duplex distance:
45 / 80 MHz at
800/1900 MHz
range (USA)
frequency f
Fig. 12
20
Siemens
Zone 2: Urban
Zone 1:
Indoor
Macro-cell
FDD
Micro-cell
Pico-cell
TDD
UTRA:
UMTS Terrestrial Radio Access
Fig. 13
21
Siemens
UMTS
3.1
22
Siemens
UTRA Conception
(ETSI)
Principle
Principle
Supported
Supported by
by
aa--
W-CDMA
W-CDMA
Ericsson,
Ericsson, Nokia,
Nokia, pure CDMA
NEC,
NEC, Panasonic,
Panasonic, pure CDMA
FDD;
FDD; 4.096
4.096Mchip/s;
Mchip/s;
Fujitsu,
Fujitsu,
4,4
4,4 --5,2
5,2 MHz
MHz
Mitsubishi
Mitsubishi
bb--
OFDMA
OFDMA
Sony,
Sony, Telia,
Telia,
Lucent,
Lucent, Bosch
Bosch
TDMA/FDMA
TDMA/FDMA
gg--
W-TDMA
W-TDMA
Philips,
Philips, Nokia,
Nokia,
France
France Telecom
Telecom
TDMA
TDMA
TDTDCDMA
CDMA
UMTS-Alliance:
UMTS-Alliance:
TDMA & CDMA
Siemens,
Siemens, Bosch,
Bosch, TDMA & CDMA
FDD/TDD
Alcatel,
T-Mobil,
Alcatel, T-Mobil, FDD/TDD
2.267Mchip/s;
Mchip/s; 1,6
1,6 MHz;
MHz;
Motorola,
Motorola, Nortel,
Nortel, 2.267
TS
TS // Frame
Frame wie
wie GSM
GSM
Italtel
Italtel
ODMA
ODMA
Vodaphone,
Vodaphone,
Swiss
SwissTelecom
Telecom
Phase 1:
UTRA studies
(1996 - 06/97)
concept
concept
Selection of
5 concepts:
concept
concept
a-e
Phase 2:
Evaluation
(06 - 12/97)
concept
concept
dd--
concept
concept
Selection of
a & d- Concept
(01/98)
ee--
concept
concept
Remarks
Remarks
option
option for
for
aa and
and dd
Fig. 14
23
UMTS
Siemens
Siemen
UMTS Radio Access: Basic Principles
24
Siemens
UTRA conception
& harmonisation
W-CDMA
a-concept
cdma2000
TD/CDMA
TDD
Phase 3:
harmonisation
(01 - 06/98)
ETSI-ARIB
harmonisation
(05/98)
TD/CDMA
d-concept
UTRA
FDD
UTRA
TDD
harmonisation
UTRA - cdma 2000
(05 - 07/99)
UTRA
FDD
UTRA
TDD
5 MHz
3,84 Mchip/s
MC-CDMA
(FDD)
3,6864 Mchip/s
IMT-2000
Fig. 15
25
Siemens
UMTS Radio
3.2
Pulse shape
26
Siemens
UTRA conception
& harmonisation
time t
TDD
FDD
15
Mode
Mode
Frame
Power P
Power P
time t
1
TS
frequency f
frequency f
TDD
WCDMA & TDMA
(continuous transmission)
SF = 4 - 256 (DL - 512)
Handover: Soft
(Bursts: 15 TS / Frame)
SF = 1 - 16
Handover: Hard
UTRA
UTRAL1
L1General
GeneralDescription:
Description:
3G
3GTS25.201
TS25.201
Fig. 16
27
Siemens
UMTS
Siemen
UMTS Radio Access: Basic Principles
28
Siemens
time t
Power P
Data Rate
Variation
15
2
TDD
flexible
Switching Point
Example: UL
Asymmetric
UL/DL allocation !!
frequency f
time t
Power P
FDD
Data rate variation:
SF = 4 - 256 (DL: 512)
SF =
Rc [chip/s] /
RS[symb/s]
frequency f
Fig. 17
29
3.3
UTRA Codes
The Spreading Code in UTRA is obtained multiplying two different code types: the
Channelization Code and the Scrambling Code.
Channelization Codes
Channelization codes are used to separate channels from the same source.
For DL this channelization means the separation of different users (or, to take it a
step further, different applications of different users) by the BTS.
For UL the channelization means the separation of different applications used
simultaneously by the same UE. Up to 6 different applications are theoretically
possible from individual UE.
The channelization codes for the TDD and FDD modes are Orthogonal Variable
Spreading Factor (OVSF) codes and have orthogonal attributes.
Scrambling Codes
Scrambling codes are used to separate different sources.
For DL this means the separation of different BTS's. Each cell has a scrambling code
to allow the UE to distinguish between neighboring cells. The scrambling codes are
not globally unique cell codes.
For UL the scrambling means the separation of different items of UE in a cell. The
scrambling codes are assigned to the UE by UTRAN.
FDD and TDD use different scrambling codes. So-called gold codes 10 ms in length
(= 38400 chips) are used periodically in FDD. In TDD, sequences of 16 chips are
used periodically.
TS 25.201 provide an overview of channelization and scrambling codes. Details on
the channelization and scrambling codes used for FDD and TDD can be found in TS
25.213 and TS 25.223.
30
Siemens
different
differentBTS:
BTS:
Scrambling
ScramblingCodes
Codes
UTRA
Codes
BTS
Channelisation
ChannelisationCode
Codeseparates
separates
UL
ULdifferent
differentapplications
applications
ofof11UE
UE(max.
(max.6;6;SF
SFvariable)
variable)
BTS
Channelisation
ChannelisationCode
Code
separates
separatesDL
DLdifferent
differentUE
UE
Spreading Code =
Channelisation Code
x Scrambling Code
different
differentUE:
UE:
Scrambling
ScramblingCodes
Codes
(RNC
(RNCallocated)
allocated)
(TS 25.201)
BTS
Spreading
Spreading&&Modulation:
Modulation:
TS
TS25.201
25.201(UTRA
(UTRAOverview)
Overview)
TS
TS25.213
25.213(FDD),
(FDD),
TS
TS25.223
25.223(TDD)
(TDD)
Channelization
ChannelizationCode:
Code:
separates
separatesphysical
physicalchannels
channels
DL:
channels
DL: channelsofofthe
thesame
sameBTS
BTS
UL:
channels
of
the
same
UL: channels of the sameUE
UE
Scrambling
ScramblingCode:
Code:
separates
separatessources
sources
DL:
DL:separates
separatesdifferent
differentBTS
BTS
UL:
separates
different
UL: separates differentUE
UEinin11cell
cell
Fig. 18
31
Siemens
UMTS Radio
32
Siemens
Scrambling Codes:
UTRA
Codes
SF = 1
SF = 2
SF = 4
SF = 256
CC256,0
CC256,1
CC4,0 = (1,1,1,1)
CC256,2
CC2,0 = (1,1)
CC4,1 = (1,1,-1,-1)
CC1,0 = (1)
CC4,2 = (1,-1,1,-1)
CC2,1 = (1,-1)
CC256,254
CC256,255
CC4,3 = (1,-1,-1,1)
CC1 = (1)
CC2 =
1 1
1 -1
CCn =
CCn/2 CCn/2
CCn/2 -CCn/2
OVSF =
Orthogonal Variable
Spreading Factor
Fig. 19
33
Siemens
UMTS
3.4
Chip
The shortest unit of time used in UTRA corresponds to the duration of a chip. Since a
chip rate of 3.84 Mchip/s is used, the duration of a chip is about 260.4 pico
seconds (ps).
Timeslot (TS)
A UTRA timeslot (TS) is defined as the length of 2560 chips: this corresponds to
duration of 2/3 ms. A timeslot is the shortest repetitive period in UTRA.
A timeslot for the TDD mode means the time frame allowed by an HF burst.
In the FDD mode specific information is exchanged cyclically between the UE and
network. An example of this is the power control information (Transmit Power Control
TPC).
Frame
A UTRA frame is defined by the duration of 10 ms. A frame therefore contains 15
timeslots.
In the TDD mode, a frame is identical with the TDMA frame i.e., the cyclical
repetitive pattern of the time slots.
In the FDD mode, a frame is the shortest possible transmission duration. Short data
packets for setting up a connection, for transmission of SMS messages or packetswitched data packets are at least one frame in duration.
UTRA is a radio access solution allowing data rates that are not only flexible, but that
can also be dynamically adapted. A frame is likewise (for TDD and FDD) the shortest
period of time for changing the transmission rate.
Superframe
A UTRA superframe is defined as the duration of 72 frames i.e., 720 ms.
A superframe is the counting period for defining physical channels. Since it exactly 6
times longer than a traffic channel (TCH) multiframe in GSM (= 120 ms), it enables
adaptation of the timing patterns between UMTS and GSM as is essential for intersystem handover between the two systems.
34
Siemens
UTRA
time
structure
Chip
1/3.840.000 s 260.4 ns
2560 chips
Time Slot
TS
2/3 ms
Frame f
TS#0 TS#i
TS#14
10 ms
Superframe
f#1
f#i
f#72
720 ms
Fig. 20
35
Siemens
UMTS
3.5
The spreading factors (SF) indicate the ratio between the user information
(symbol) and the number of chips used for spreading the symbol.
SF's from 1 16 are used in the TDD mode, SF's from 4 256 (UL) or 4 512
(DL) in the FDD mode for varying the data rates.
The main difference between the UTRA FDD and MDD modes is in the multiplex
methods used:
l
The FDD mode uses pure DS-CDMA i.e., broadband, continuous transmission
(minimum transmission duration: 1 frame = 10 ms).
The TDD mode uses a hybrid solution of TDMA and DS-CDMA i.e., broadband
but bursty transmission. The duration of a burst is one timeslot.
36
Siemens
UTRA
Key Parameters
bandwidth B = 5 MHz
chiprate Rc = 3,84 Mchip/s
SF = Rc / RS = 1 - 16 (TDD)
4 - 256/512 (FDD)
Spreading Code =
Channelisation Code x Scrambling Code
Fig. 21
37
Siemens
IS-95
Downward compatible/
Handover possible
Downward compatible/
Handover possible
UTRA
FDD
UTRA
TDD
MC-CDMA
(FDD)
harmonisation
(chipsets possible for UTRA TDD, FDD & MC-CDMA mode)
IMT-2000
38
Siemens
UMTS
Siemen
UMTS Radio Access: Basic Principles
39
Siemens
MC-CDMA / UTRA
MC-CDMA
Carrier
Guard Band
625 kHz
1,25 MHz
1,25 MHz
1,25 MHz
DL
625 kHz
Rc =
1,2288 Mchip/s
n Carrier
n = 1, 2, 3,
6, 9, 12
Rc =
2,4576 Mchip/s
Rc =
1,2288 Mchip/s
1
UL
Rc =
3,6864 Mchip/s
4
n-fold
chip rate
5
MHz
UL
&
DL
Rc =
3,84 Mchip/s
1
MHz
Fig. 23
40
Siemens
UMTS Radio
Spreading Factor: 1, 2, 4, 8, 16
Modulation: QPSK (Quadrature Phase Shift Keying) and 8PSK (8 Phase Shift
Keying)
TD-SCDMA
Carrier Bandwidth
1.6 MHz
TD-SCDMA =
UMTS R`4
Option
LCR-TDD
Mode
Chip Rate
1.28 Mchps
Spreading Factors
1, 2, 4, 8, 16
10 ms
(each sub-frame 5 ms)
675 ms
supported
QPSK & 8PSK
R`4
R`4
TS
TS25.223
25.223
Fig. 24
41
Appendix
Appendix
Siemens
Appendix
Contents
1
2
Appendix 1: References
Appendix 2: Abbreviations
23
45
Appendix
Siemens
Appendix 1: References
Books:
l
A.J. Viterbi: CDMA: Principles of Spread Spectrum for third Generation Mobile
Communication (1995), ISBN 0-201-63374-4
H. Holma, A. Toskala, WCDMA for UMTS, John Wiley & Sons, Ltd. (2000); ISBN
0-471-72051-8
Magazines:
l
Funkschau
Gateway
Mobilcom
pcmobil
Mobile Computer
Siemens
Appendix
Appendix
Siemen
3G Internet addresses:
l
http://www.3gpp.org
http://www.3gip.org
http://www.itu.int/imt
http://www.etsi.org
http://www.umts-forum.org
http://www.gsmworld.com
http://www.cdg.org
Siemens
Appendix
Appendix 2: Abbreviations
AC
Authentication Center
ACCH
ACE
ADC
AGCH
AICH
AMR
AMX
ATM MultipleXer
AMPS
ANSI
AP
Application Part
ARFCN
ARIB
ARQ
ASCI
ASN
ATM
AUC
AUthentication Center
Siemens
Appendix
Appendix
Siemen
BA
BCCH Allocation
BCC
BCCH
BCH
Broadcast CHannel
BER
BMC
BPSK
BS
Base Station
BSC
BSIC
BSS
BSSAP
BSSMAP
BTS
Siemens
Appendix
CA
Cell Allocation
CAMEL
CAP
CATT
CC
Call Control
CC
Country Code
CCCH
CCH
Control CHannel
CCITT
CCS7
CCU
CDMA
CEPT
CGI
CI
Cell Identity
CN
Core Network
CP
Call Processing
CPCH
CPICH
CS
Coding Scheme
CS
Circuit Switched
CSCF
CTCH
CUG
Siemens
Appendix
Siemen
Appendix
D-AMPS
Digital AMPS
DCCH
DCH
Dedicated Channel
DCS1800
DECT
DL
Down Link
DPCCH
DPCH
DPDCH
DRNS
Drift RNS
DRX
Discontinuous Reception
DS-CDMA
DSCH
DL Shared Channel
DTAP
DTCH
DTX
Discontinuous Transmission
EFR
EIR
ERC
ERMES
ESA
ETSI
Siemens
Appendix
FAC
FACCH
FACH
FB
FCCH
FDD
FDMA
FEC
FN
Frame Number
FPLMTS
FR
Frame Relay
FR
FRAMES
GEO
GEostationary Orbital
GGSN
GMM
GMPCS
GMSC
Gateway MSC
GMSK
GP
Guard Period
GPRS
GPS
GSM
GTP
Siemens
Appendix
Appendix
Siemen
HCR-CDMA
HCS
HEO
HLR
HO(V)
HandOver
HPLMN
Home PLMN
HSCSD
HSS
IAM
ICO
ID
IDentification
ID
IDentity
IMEI
IMSI
IMT-2000
IN
Intelligent Network
Inmarsat
IP
Internet Protocol
ITU
IP
Internet Protocol
IP
Intelligent Peripheral
ISDN
ISP
ISUP
IWE
InterWorking Equipment
IWF
InterWorking Function
IWUP
Siemens
Appendix
JD
Joint Detection
JDC
Kc
cipher Key
Ki
LA
Location Area
LAI
LAN
LAPDm
LCR-CDMA
LEO
LES
LIC
LMT
LR
Location Register
10
Siemens
Appendix
Appendix
Siemen
MAC
MAP
MARISAT
MARItime SATellite
MBS
MCC
ME
Mobile Equipment
MExE
MG
Media Gateway
MGCF
MM
Mobility Management
MMI
MML
MNC
MOC
MP
Main Processor
MS
Mobile Station
MSC
MSISDN
MSP
MSRN
MSS
MT
Mobile Termination
MTP
MTC
MTP
MUX
MUltipleXer
11
Siemens
Appendix
NB
Normal Burst
NBAP
NCC
NDC
NMT
NSS
O&M
OACSU
ODMA
OFDMA
OMC
OMC-B
OMC-S
OSS
Operation SubSystem
OVSF
12
Siemens
Appendix
Appendix
Siemen
PA
Power Amplifier
PACS
PC
Power Control
PCCH
P-CCPCH
PCH
Paging Channel
PCM
PCPCH
PCU
PDA
PDC
PDCP
PDN
PDSCH
PHS
PICH
PIN
PLMN
PMR
PP
Point-to-Point
PRACH
PSTN
QOS
Quality Of Service
QPSK
13
Siemens
Appendix
RA
Rate Adaptation
RACH
RANAP
RAND
RANDom number
REQ
REQuest
RES
RESponse
RF
Radio Frequency
RFC
RFCH
RFCN
RLC
RNC
RNS
RNSAP
RRC
RRM
RSS
Radio SubSystem
RX / Rx
Receiver
14
Siemens
Appendix
Siemen
Appendix
SACCH
SAP
SAPI
SB
Synchronization Burst
SCCP
S-CCPCH
SCE
SCH
Synchronization CHannel
SDCCH
SF
Spreading Factor)
SFH
SGSN
SIM
SM
Security Management
SMG
SMP
SMS
SN
Subscriber Number
SN
Switching Network
SP
Signaling Point
SP
Server Processor
SP
Switching Point
SS
Supplementary Services
SSF
SSP
STP
SW
Software
15
Siemens
Appendix
T1
TA
Terminal Adaptor
TAC
TACS
TB
Tail Bit
TCAP
TCH
Traffic CHannel
TCP
TD-CDMA
TDD
TDMA
Terminal Equipment
TETRA
THSS
TIA
TMN
TMSI
TRAU
TRX
TRansceiver
TS
Tele Service
TS
TimeSlot
TTA
TTC
TX / Tx
Transmitter
16
Siemens
Appendix
Siemen
Appendix
UDP
UE
User Equipment
UL
UpLink
UMTS
UP
User Part
USIM
UTRA
UTRAN
UWC-136
VAD
VBR
VBS
VHE
VLR
VMSC
Visited MSC
VoIP
VPLMN
Visited PLMN
WAN
WAP
WARC
W-CDMA
Wideband CDMA
WLL
17
physical downlink channel that carries the user data and layer 2 overhead bits over
the air interface.
physical downlink channel that carries control information how to decode the
information on HS-PDSCH and which UE that shall decode it.
physical uplink channel to send ACK/NAK reports and channel quality reports
uplink HS-DPCCH
y The uplink HS-DSCH-related physical-layer signaling
consists of:
y Acknowledgements for hybrid ARQ
y Channel Quality Indicator (CQI), i.e., information reflecting
the instantaneous downlink radio-channel conditions to assist
the Node B in the transport-format selection (fast link
adaptation) and the scheduling
y ACK/NAK
y single bit, repetition coded to 10 bits (1 slot)
y A-DCH UL
y 384 kbps (or 64 kbps) DCH
y 3.4 kbps SRB (control signalling: RRC & NAS)
y UL data transmission
HSDPA summary