Mobile Package-Telecom Egypt

TRAINING SECTOR
GENERAL DEPARTMENT FOR

PLANNING & DEVELOPING PROGRAMS
Contents
- GSM Introduction
- CDMA Overview
- GPRS Introduction
- UMTS Introduction
- HSDPA for WCDMA
TRAINING SECTOR
Sub-sections
Introduction
Transmission Principles
GSM PLMN
Procedures
Radio Interface
Appindex
GSM Introduction
GSM Introduction
Sub-section reference
Sub-section identification
1
2
3
4
5
6
Introduction
GSM PLMN
Procedures
Radio Interface
Appendix
This document consists of 196 pages.
Pages
1
1
1
1
1
1
44
37
32
38
31
14
Chapter 1
Introduction
Introduction
Introduction
Contents
1
2
3
History
GSM
Current Situation, Market & Trends
2
15
27
Siemens
Introduction
History
Introduction
History
Fig. 1
Siemens
Introduction
Introduction
Siemens
History of Mobile Communications

Mobile Communication is much older than many people think. There have been
diverse "acoustic and optic means of remote information transfer" in the most varied
cultures and stages of civilization on all populated continents. The range of
information transfer was very limited and the quality of the messages was affected by
outer conditions such as the weather. In order to increase the range of information
transfer in these times, transit stations were in part systematically constructed.
Beginnings of Electronic Communications
l
Telegraph: S.F.B. Morse: 1843 First experimental telegraph line: Washington Baltimore
Telephone: Phillip Reis 1861: First speech transmission by cable / A. G. Bell: 1876
World Exhibition, Philadelphia
At first electronic communications was possible only via wire i.e. by means of fixed
(immobile) connections, forerunners of today's Fixed Network Connections. Initially
an operator ("switchboard girl") was needed to establish these fixed physical
connections for the caller manually at the central office. The first automatic
exchanges were first put into service in the mid-1920s.
Radio Communications
Radio connections were first used for Wireless Communications in the late 19th
century; information was sent via "ether".
l
1873: J.C. Maxwell - electromagnetic wave theory
1887: H. Hertz - experimental proof of the existence of electromagnetic waves
1895: A. Popow - first receiver with antenna for weather reports
1895: G. M. Marconi - first wireless transmission using spark inductor generated

HF waves (Morse code)
1897: Marconi Wireless Telegraphy Company" founded
1901: First transatlantic transmission (Marconi)
1903: "Deutschen Telefunken GmbH" founded by AEG and Siemens & Halske
1906: First speech & sound transmission (Lorenz AG / Deutsche Telefunken

GmbH)
1909: First radio broadcast (New York, Caruso)
Siemens
Introduction
History of Mobile Communications

The beginnings: "archaic mobile communication"
visual transmission (smoke/light signals,...)
audible transmission (drums, horns,...)
Electronic
communication:
"terrestrial network"
Telegraph
1st telegraph line 1843
Washington - Baltimore
Telephone
P. Reis 1861
A.G. Bell 1876
World Exhibition Philadelphia
Radio transmission:
1873 Maxwells theory of electromagn. waves
1887 H. Hertz: experimental proof
1895 Marconi: 1st wireless transmission
1901 1st transatlantic transmission
1903 Dt. Telefunken GmbH: AEG, Siemens& Halske
1906 1st speech and sound transmission
1909 1st radio broadcast
1917 1st mobile transmission: radio station - train
Fig. 2
Siemens
Introduction
Siemens
Introduction
Connection Types
There are two principles for radio connections:
Simplex Connection
Simplex connections are a "one-way street" for communication in the form of (mostly
fixed) transmitters and mobile receivers. This has been realized as e.g. (broadcast)
radio and television. But simplex connections are also used for direct communication
exchange i.e. two-way communication using stations which can be used both as a
transmitter and a receiver (e.g. walkie-talkies). However the equipment (transmitting /
receiving stations) cannot transmit and receive simultaneously. The call cycles or call
intervals are determined by prior agreement or personal code words ("over").
Duplex Connections
Duplex connections signify two-way communication. Users can transmit and receive
messages simultaneously. An example of an early duplex connection is radio
telegraphy.
Over
Simplex Connection:
transmit or receive
Duplex Connection:
simultaneous
transmission and reception
Fig. 3
Siemens
Introduction
Introduction
Siemens
Single Cell Systems

The first Mobile Telephone Service to offer duplex connections comparable to fixed
network based telephone services started in 1946 as a car phone service in St.
Louis, Missouri. Comparable mobile telephone services appeared in post-war Europe
some years later.
Problems in early mobile (car) telephone services (late 1940s/early 1950s):
l
An operator was needed to connect calls within the wireless network.
The equipment required was extremely heavy, bulky (therefore only feasible as a
car phone service) and expensive.
The service range was limited to the area that could be covered by a single
transmitting or receiving station (single cell system).
The HF frequency range available was (is) very limited; it had to be (and still has
to be) distributed among competitors (e.g. the military, radio, and television).
The result was limited capacity, rapid market saturation, high equipment costs and
low service quality.
Single Cell Systems:

Low service and speech quality
Heavy, bulky and expensive equipment
Small coverage area
No handover
Manual exchange
Low capacity
First Mobile
Services:
Car telephone service
Since the late 40s
Fig. 4
Siemens
Introduction
Introduction
Siemens
Innovations in Mobile Radio Communications

Technical Innovations / Equipment
Fast development of new technologies such as semiconductor technology, diodes,
transistors, integrated circuitry, microprocessors,...
l
automatic switching
reduction of hardware costs
reduction of size and weight of equipment (in the 1950s/1960s a car phone took
up half of a car trunk; 1988: introduction of the mobile phone)
but:
l
very limited telephone network capacity.
During the 1970s large-scale integrated, electronic applications and the development
of microprocessors made the configuration of more complex systems possible. One
result of this was the development of single-cell transmitter systems with multiple
receiving stations. This made it possible to extend the range of the supply area, i.e.
the operational range of the subscriber because the mobile station's transmitter
power limits the size of the cell in Single Cell Systems. However no increase in
capacity resulted from this.
Cellular Mobile Radio Systems
The breakthrough in capacity, which resulted in a significant increase in the number
of subscribers, was achieved with the introduction of the Cellular Radio System in the
late 1970s/early 1980s. The coverage of the supply area of a mobile communication
operator involves many radio cells with cellular radio systems, in which the
aforementioned limitation of the available HF frequency range is neatly circumvented
through the repeated use of the HF channels.
Siemens
Introduction
Quantum Leap in Mobile Communications:

Single Cell Systems Cellular Systems
radius
r
Single Cell
System
re-use distance
Cellular
System
Fig. 5
Siemens
Introduction
Siemens
Introduction
First Generation (1G) Cellular Mobile Radio Systems

Information transmission of first generation cellular mobile radio system takes place
via analogue radio interface. These systems were tested in many countries in the end
of the 70s.
In 1979, mobile services were introduced for commercial operation; in the USA,
AMPS (Advanced Mobile Phone Service), and in Japan, NTT-MTS (Nippon
Telegraph & Telephone Co.).
In the early 80s, the NMT (Nordic Mobile Telephone) was introduced in Scandinavia,
in 1985 TACS (Total Access Communication System) was introduced in England and
the C450 System in Germany.
First Generation Cellular Mobile Radio Systems

Country
System
Frequency range
[MHz]
Introduced
in year
USA
AMPS
800
1979
Japan
NTT-MTS
800
1979
Sweden, Norway,
Finland, Denmark
NMT
450, 900
1981 - 86
Great Britain
TACS
900
1985
Germany
C450
450
1985
France
Radiocom2000
450
1985
NMT
900
1989
RTMS
450
1985
TACS
900
1990
Italy
Fig. 6
Siemens
Introduction
Siemens
Introduction
Second Generation (2G) Cellular Mobile Radio Systems

A further and very significant innovation in mobile radio communications took place
with the introduction of the second generation cellular mobile radio system (e.g.
GSM) in the early 90s. Transmission via radio interface is now digital. Along with a
significant improvement of transmission quality and expansion of services, there has
been a considerable increase in capacity. The increase in subscribers led to more
convenient, lighter and less expensive equipment with a wide range of possibilities
for use.
Portable Mobile Equipment

Mobile phones were first introduced in 1988. The weight of the equipment decreased
from 1 kg to less than a
100 g within few years. At the same time, mobility clearly improved despite
decreasing weight owing to improvements in rechargeable batteries. Standby times
of more than 5 days can be achieved.
2nd Quantum Leap:

Analog (1st Generation) Digital (2nd Generation)
Different Generations of Mobile Stations
First generation
mobile telephones
for fixed vehicle
installation and
analog mobile
telephones
Analog technology.
Terminal devices were
bulky and heavy.
Second generation
GSM mobile telephones
Digital GSM technology.

Terminal devices were less
bulky, but still too heavy
(battery capacity problems).
Second generation
GSM mobile telephones
Digital GSM technology.

Terminal devices are handier
and have greater battery capacity.
Fig. 7
10
Siemens
Introduction
Introduction
Siemens
Example: Mobile Subscriber in Germany

Since the early 50s there have been several regional networks at 30, 80, 100 MHz.
They were allocated only to public authorities and organizations with security tasks.
The regional networks (DBP) were combined in the so-called A-network in 1958 allowing private use for the first time.
A-network: in operation: 1958 - 1977; frequency range: 156 - 174 MHz; in the
beginning 16, later 37 radio carrier; analogue transmission, manual switching; max.
11,000 users (1971); closed in 1977; its frequencies were transferred to the Bnetwork.
B-network: in operation: 1972 - 1994; frequency range: 146 - 164 MHz; from 1977 to
174 MHz (from A-network); in the beginning 38, later 75 radio carrier; analogue
transmission, automatic switching; max. 27,000 users (1986); problem: max.
capacity, no further channels; closed in 1994.
C-network (C450): in operation: 1985 - 2000; frequency range: 451.3 - 455.74 MHz
& 461.3 - 465.74 MHz; 222/287 radio charier; system technology: Siemens. The
C450 system was the first German cellular system and led to an enormous increase
of subscribers (max. 850,000 users). The C-network was similar in structure to
modern digital networks.
D-networks (GSM900): Introduction in 1992 (D1 & D2); 900 MHz frequency range (+
minor extensions in the 1800 MHz range from 1999 on; system technology partly
from Siemens (D900).
E-networks (GSM1800): Introduction in 1994 (Eplus) and 1998 (E2); 1800 MHz
frequency range; System technology partly from Siemens (D1800).
The digital D and E networks, being GSM900 / GSM1800 networks, led to a rapid
and steady increase of the number of subscribers in Germany. In 12/2000, a total of
46 million mobile subscribers were registered in the 4 networks, D1, D2, Eplus & E2.
11
0,01
1988
1986
1984
Year
2000
1998
1996
1994
Germany
GSM (E2)
introduction
GSM (Eplus)
introduction
GSM (D1, D2)

introduction
100
1992
1990
C-network
introduction
10
1982
1980
0,1
B-network
introduction
1978
Subscriber [M.]
Introduction
Siemens
Subscriber trends (Example):

Germany 1978 - 2000
Fig. 8
12
Introduction
Siemens
Siemens
Introduction
Limits of the First Generation Mobile Radio Systems

1. Capacity: The capacity limits of analogue technology are reached quickly even
with cellular networks. The demand increases with the offer and the sinking
prices. A number of 850,000 subscribers, i.e. the maximum capacity of the
analogue C-network, corresponds to less than 7 % of the mobile subscribers in
1998 (only 6 years after introducing digital networks). The capacity of digital
networks has not yet been exhausted.
2. Quality: A second problem was the often inadequate transmission quality of the
analogue systems, which increased with the distance of the mobile subscriber. A
detailed description and discussion of the problems regarding the transmission
quality or the disadvantages of the analogue system in comparison to digital one
can be found in the next chapter.
3. Incompatibility: One or more analogue networks on frequency bands 450/900
MHz existed in most European states in the late 1980s. Every one of these
networks formed a mobile communication island since the individual standards of
these networks were incompatible in most cases (or still are, as far as they still
exist); they prevented mobile phone traffic across borders (International
Roaming). Europe thus looked liked a rag rug of incompatible systems.
The limits of existing analogue systems
1. Capacity: the number of potential mobile phone customers is larger than the
expected capacity of analogue systems,
2. Quality: insufficient transmission quality with increasing distance between the
mobile station and the base station,
3. Incompatibility: between different national standards,
were already recognized since the early 80s and were discussed on an international
European level. The need to develop a new, standard cellular system for Europe was
acknowledged.
The GSM Standard was developed for this purpose.
13
Siemens
Introduction
1G Limitations
Capacity
Quality
Incompatibility
European mobile
communication market
early 90s
Fig. 9
14
Siemens
Introduction
GSM
Introduction
GSM
Global System for
Mobile Communications
Fig. 10
15
Introduction
Siemens
Siemens
Introduction
The GSM History

The foundation for the GSM Standard was laid already in 1978, four years before the
name GSM was established. In 1978 the CEPT reserved a frequency range round
900 MHz for mobile communications in Europe. The limits of analog mobile
communications in Europe were recognizable in the early 80s. At that time the first
analog cellular networks were just beginning their operation and were still far from
their maximum capacity. Despite this a group of experts was formed to establish the
longer-term challenges of mobile communications and to develop a new binding
international standard for digital mobile communications in Europe. Thus the GSM
Standard became undoubtedly one of the most successful European products of the
past decades; its sphere of influence is extended far beyond the originally planned
European scope.
Milestones of the GSM Standard
l
1982: The CEPT forms a team of experts, the Group Special Mobile (GSM) with
the purpose of developing a binding international standard for mobile
communications in Europe.
1984 86: Various technical possibilities are compared in order to achieve an

optimal utilization of the predefined frequency ranges.
1986: A permanent core of experts is employed.
1987: Main transmission principles are selected; 13 countries agree in the MoU
(Memorandum of Understanding) to start GSM networks until 1991.
1988: The ETSI (European Telecommunication Standards Institute) is founded;

most of the standardizing activities of the CEPT, including GSM, are assumed by
this new body. Along with state-owned operators, industry, private network
operators and consumer groups participate in the ETSI, too.
1989: GSM is renamed from "Group Special Mobile" to "Global System for Mobile
Communications".
1990: GSM900 Standard (Phase 1) is adopted. DCS1800 Standard (Phase 1) is

developed as first GSM adaptation. The first GSM systems are in test operation.
1992: Commercial introduction of many large GSM900 networks.
1993: Work begins on updating the GSM900/DCS1800 standards: GSM Phase 2.
1995: GSM-R (Railway): The ETSI reserves further frequency range for a railway
networks; first test projects are started. GSM Phase 2 work is completed.
1996: Worldwide success of GSM Standard; used in more than 50 countries.

PCS1900 (Public Cellular Systems) as further GSM adaptation in the USA.
16
Siemens
Introduction
GSM Milestones
1978
CEPT reserves 2 x 25 MHz in 900 MHz range
1982
CEPT founds "Groupe Special Mobile" GSM
1984-86 Comparison of technical possibilities
Goals:
1986
1987
1988
1989
1990
1991
1992
1993
1995
1996
- free roaming
- international accessibility under 1 number (international roaming)
- large network capacity (bandwidth efficiency)
- flexibility ISDN
- broad service offering
- security mechanisms
Core of experts meets continuously

Selection of central transmission techniques
Memorandum of Understanding: MoU
ETSI founded
GSM Global System for Mobile Communication
GSM900 Standard (phase 1)
DCS1800 adaptation
Trials / "friendly user" operation
Start of commercial operation
Beginning of work on phase 2
Completion of work on phase 2 (GSM900/DCS1800)
Reservation of GSM-R frequencies (ETSI)
PCS1900 adaptation (USA)
Fig. 11
17
Siemens
Introduction
Siemens
Introduction
1997: GSM Phase 2+ Annual Release 96: CAMEL Stage 1, ASCI for GSM-R.
DCS1800 / PCS1900 are renamed to GSM1800 / GSM1900. Dual band
equipment for GSM900 / GSM1800; 10 years of MoU: 109 countries; 239
operators; 44 million GSM subscribers; 28 % share of the world market.
1998: Phase 2+ Annual Release 97: HSCSD, GPRS Stage 1, CAMEL Stage 2,...
08/98: 100 million GSM subscribers in 120 countries; 35 % share of the world
market; GSM is quasi world standard. GSM-R networks in operation. World-wide
servicing through co-operation with mobile satellite systems (IRIDIUM).
1999: Phase 2+ Annual Release '98; 250 million subscriber; 130 countries
2000: Phase 2+ Annual Release '99: GPRS Stage 2, CAMEL Stage 3, EDGE,
Virtual Home Environment VHE, Adaptive Multirate speech AMR,...GSM Rel. '99
services identical to UMTS Rel. '99 (first UMTS release); 410 million subscriber;
161 countries; approx. 60% of world-market
GSM Milestones
1997
1998
1999
2000
Phase 2+: Annual Release `96

DCS1800 / PCS1900 GSM1800 / GSM1900
Dual-band devices
GSM: practical world standard (109 countries/regions; 28 % market share)
Phase 2+: Annual Release `97: GPRS, CAMEL,....
First GSM-R networks
World-wide accessibility using dual mode GSM/IRIDIUM
35 % of world market
Phase 2+: Annual Release 98
250 M. subscriber, 130 countries
Phase 2+: Annual Release 99: AMR, VHE,... identical to UMTS Rel. 99
60% of world market; 410 M. subscriber, 161 countries
Fig. 12
18
Introduction
Siemens
Siemens
Introduction
The GSM Technical Guideline

Objective (1982): Development of a unified, international standard for mobile
communications. Guideline from the start:2 x 25 MHz frequency bands at 900 MHz
are reserved by the CEPT for mobile communications in Europe in 1978. 1982:
Roaming; the user can change location, keep the connection and be reached in the
entire range of a PLMN and in the entire GSM range (International Roaming) as long
as roaming agreements have been made. One user - one number; the subscriber
can be reached at a single personal number in the entire GSM range, i.e. in various
countries and PLMNs.
Late objectives: Maximum flexibility to other services, e.g. ISDN (Integrated Services
Digital Network; 1984)
Vast service offers, i.e. technical possibilities of the PSTN
/ ISDN and special features of mobile communications Safeguarding from
interception and subscriber license fraud; data protection.
The GSM Recommendations

The GSM Standard is a consistent and open standard for cellular mobile
communication systems established by the ETSI. All aspects of the realization of the
GSM Standard have been established in now more than 150 recommendations
(technical specifications). Subsystems, network components, interfaces, signaling,
tests and maintenance aspects etc. are described. This allows a harmonious
interaction of all elements of a mobile communication network designated as PLMN
(Public Land Mobile Network). At the same time the Recommendations are flexible
enough for the different realizations of various vendors. The Recommendations are
organized into 12 series according to different aspects. This structure reflects the
structure of the PLMN system and its interfaces.
19
Siemens
Introduction
GSM Recommendation
Series 01: General
12 Series; each max. 100 Rec.:
Series 02: Service Aspects
e.g. GSM Rec. 08.07
Series 08:
MSC-BSS Interface
PSTN
ISDN
MSC
BSS
Series 03: Network Aspects

Series 09:
Network Interworking
Series 04:
MS/BS Interface
& Protocols
MS
Series 05:
Um Radio
Transmission
Register
Series 10:
Service Interworking
Series 11: Equipment & Type Approval Specifications
Series 06:
Speech Coding
Series 067:
Terminal
Adaptors for MS
Series 12: Operation & Maintenance
Fig. 13
20
Introduction
Siemens
Siemens
Introduction
The Evolutionary Concept

The GSM Standard consists of multiple of recommendations. They are organized by
various aspects and already comprised 5230 pages when the first phase was
adopted in 1990. It was originally planned to comprise every specification in the GSM
Standard (with the exception of half rate speech") from the start, i.e. when the
standard was adopted. In 1988 it was recognized that not all of the planned services
could be specified in the expected time frame. This led to the important decision to
leave the GSM Standard incomplete and to leave space for further modifications and
technical developments. This evolutionary concept secures for GSM the possibility of
permanently adapting to the requirements of the market and thus ensures of not
becoming old-fashioned within a couple of years owing to the extremely fast
development in this market sector.
GSM Phase 1
The Phase 1 standardization was closed in 1990 for GSM900 and in 1991 for
GSM1800. The implementation of GSM systems Phase 1 comprises all of the most
important prerequisites for digital information transmission. Speech transmission is of
the greatest importance here. Data transmission is also defined by data transmission
rates of 0.3 to 9.6 kbit/s. GSM Phase 1 comprises only a few supplementary services
such as call forwarding and barring.
GSM Phase 2
The Phase 2 standardization work started shortly after completion of Phase 1 and
was closed in 1995. In Phase 2 Supplementary Services comparable to ISDN
(Integrated Services Digital Network) were included in the standard. Technical
improvements have been specified, e.g. the Half Rate Speech. In Phase 2, the
decision on future downward-compatibility with older versions is of high importance.
GSM Phase 2+
GSM Phase 2+ refers to a smooth transition in contrast to Phase 2. A new complete
update of the GSM Standard is not planned. Individual topics are discussed
separately and the update is added to the GSM standard in Annual Releases. Main
topics are new Supplementary Services as the ASCI services (Advanced Speech
Call Items). Furthermore, the IN feature Customized Applications for Mobile network
Enhanced Logic CAMEL and Virtual Home Environment VHE are very important.
Especially the introduction of features to achieve higher data rates, i.e. HSCSD (High
Speed Circuit Switched Data), GPRS (General Packet Radio Service) and EDGE
(Enhanced Data rates for the GSM Evolution) has received much attention. GSM
Phase 2+ thus paves the way to 3G (UMTS).
21
Siemens
Introduction
GSM: Evolutionary Concept

Services
Downward compatibility
Phase 1
1991
Full Rate Speech (FR),
Standard services
Data: max. 9.6 kbit/s
MTPy: Multiparty Service
CUG: Closed User Group
AoC: Advice of Charge
ASCI: Advanced Speech Call Items
SOR: Support of Optimal Routing
UUS: User to User Signalling
Phase 2+
Phase 2
Phase 1
Phase 2
Phase 1
1995
New services e.g.
MTPy, CUG, AoC;
Half Rate Speech (HR)
EFR:
Enhanced Full Rate Speech
IN:
Intelligent Network
CAMEL: Customized Applications for
Mobile network Enhanced Logic
HSCSD: High Speed Circuit Switched Data
GPRS: General Packet Radio Service
EDGE: Enhanced Data Rates for the GSM
Evolution
1997
Year
New services e.g.

ASCI, SOR, UUS
EFR;
IN: CAMEL
Data: HSCSD, GPRS,
EDGE (> 100 kbit/s)
Annual Releases !
Fig. 14
22
Introduction
Siemens
Siemens
Introduction
Adaptations of the GSM Standard

The GSM adaptations GSM900, GSM1800, GSM1900, GSM-R and GSM400 differ in
the frequency ranges used and the resulting different technical implementations.
GSM900 (GSM, E-GSM)
Originally 2 x 25 MHz in the frequency range around 900 MHz (890 - 915; 935 - 960
MHz) were provided for mobile communication applications. In an extension of this
range, called E-GSM (Extended GSM) these ranges will be increased to 2 x 35 MHz
(880 - 915; 925 - 960 MHz) on a national level when further operation licenses expire.
GSM1800 (DCS1800)
As an adaptation of the GSM900 Standard the DCS1800 Standard (Digital Cellular
System) was introduced in 1991. The DCS1800 was a British initiative with the
intention of opening mobile communications to all sections of population as a mass
market, especially in urban areas. The GSM1800 has 2 x 75 MHz in the frequency
range around 1800 MHz (1710 - 1785; 1805 - 1880 MHz). In 1997 the designation
DCS1800 was changed to GSM1800 in order to clarify the common standard.
GSM1900 (PCS1900)
The PCS1900 Standard (Public Cellular System) is the American branch of the GSM
Standard since 1995/96 in the frequency range around 1900 MHz. The frequency
range available between 1850 - 1910; 1930 - 1990 MHz in the USA was split up in
1995 and auctioned off to different net-work operators. In 1997 the PCS1900 was
renamed GSM1900 in order to clarify the common standard.
GSM-R (Railway)
For mobile communication of railway operators 2 x 4 MHz in the frequency range of
876 880 MHz & 921 925 MHz have been reserved.
GSM400
With Rel. '99 the frequency ranges between 450.4 457.6 MHz & 460.4 467.6 MHz
respectively the ranges (of former 1G systems) between 478.8 486 MHz & 488.8
496 MHz are foreseen for GSM400. The GSM400 frequency range enables large
area cells for rural environment.
23
Siemens
Introduction
890
GSM-R
935
GSM - Adaptations
1880
GSM
900
GSM
900
E-GSM
E-GSM
876 880
915 921 925
960
GSM
1800
GSM
1900
[MHz]
1710
Frequency Range
[MHZ]
GSM400
GSM
1800
450.4 457.6 / 460.4 467.6
1785 1805 1850
Useable HF
channels
35
GSM
1900
1910 1930
1990 [MHz]
Application Area
rural environment
478.8 486 / 488.8 - 496

GSM900
E-GSM
GSM1800
GSM1900
GSM-R
890 - 915 / 935 - 960

880 - 915 / 925 - 960
124
174
Worldwide except
America
1710 - 1785 / 1805 - 1880
374
Worldwide except
America
1850 - 1910 /1930 - 1990
299
America
876 - 880 / 921 - 925
19
Railway systems
Fig. 15
24
Introduction
Siemens
Siemens
Introduction
The GSM-PLMN
In the GSM System there must be a distinction between network operator, provider of
telecommunication services, supplier of terminal equipment and manufacturer of
network components. Especially the sale of telecommunication services and terminal
equipment differs from the conventional fixed network and mobile communication
network of the first generation, in which state-owned network operators, service
providers and equipment suppliers usually form a monopoly. In GSM the actual
network operator often transfers services to private providers who supply the
services to the mobile subscribers under different conditions. With the wide range of
products there is also great competition in the field of mobile equipment as well as of
mobile communication network components which should force further technical
development and keep the prices down.
PLMN - Public Land Mobile Network
A PLMN is a terrestrial mobile communication network set up and run by public and
private operators. It is used to provide public mobile communication services.
General Objectives of a GSM-PLMN (with respect to service aspects):
a) Provision of a wide range of speech and non-speech services and
compatibility to those services offered in fixed telecommunication networks
such as PSTN, ISDN and PDN;
b) Additional provision of specific services for mobile access environment;
c) Compatible access for mobile subscribers in all countries where the GSM
System is operated;
d) Provision of roaming (roaming agreement) and automatic updating;
e) Location registration of mobile subscribers in these countries;
f) Provision of sufficient quality of service;
g) Provision of services with a wide range of mobile stations, e.g. permanently installed in vehicles, so-called portables and hand stations (mobile phones).
General Objectives of a GSM-PLMN (with respect to performance aspects):
a) Guarantee of a high spectrum efficiency;
b) Provision of a system concept which will lead to attractive costs regarding
infra-structure and mobile equipment
25
Siemens
Introduction
Example:
Germany
GSM-PLMN
(Public Land Mobile Network)
D1
Telekom
Competition concept:
D2
different network operators,

providers and manufacturers
Mannesmann
Eplus
E2
Viag Intercom
Fig. 16
26
Siemens
Introduction
Current Situation, Market & Trends

Introduction
1000
100
10
1
2000
1998
1996
1994
1992
1990
1988
1986
1984
1982
0,01
1980
0,1
Current Situation,
Market & Trends
Fig. 17
27
Introduction
Siemens
Siemens
Introduction
Overview: Systems/Standards
At the time there is a wide spectrum of mobile communication systems of the first and
second generation along with the GSM Standard and its adaptations. Important
examples include:
l
Paging Systems
Cordless Telephone
Wireless Local Loop
Private Mobile Radio
Cellular Mobile Systems
Mobile Satellite Systems
These different systems differ in:

l
Target groups
Services offered
Prices
Coverage
Degree of mobility
Technical principles / realization
28
Siemens
Introduction
Current
Mobile
Communication
Systems
Differences:
target groups
services offered
prices
coverage
degree of mobility
transmission technique
...
analogue
paging systems
e.g. Citycall
digital
paging systems
e.g. ERMES
analogue cordless
telephone systems
e.g. CT1, CT1+
digital cordless
telephone systems
e.g. DECT, PACS, PHP
Cordless
telephone booth
Wireless Local Loop

WLL
analogue
PMR
digital
PMR
e.g. TETRA
analogue
cellular systems
e.g. C450, NMT, AMPS
digital
cellular systems
e.g. GSM, D-AMPS,
PDC, IS-95
analogue
satellite systems
e.g. INMARSAT
digital
satellite systems
e.g. IRIDIUM, ICO,
Globalstar
1G
2G
Fig. 18
29
Introduction
Siemens
Siemens
Introduction
1G Systems
C450: closed 12/2000
TACS (Total Access Communications System): closed 2001.
NMT (Nordic Mobile Telephone): closed 2001.
AMPS (Advanced Mobile Phone Service): The AMPS system was introduced in 1979
in the USA. The system, operated in the frequency range of 800 MHz, was the most
successful mobile radio system in the world until 1997. It still has an increasing
number of subscribers, because of its large coverage in the USA. 12/2000, more than
75 million AMPS subscribers were registered.
2G Systems
GSM (Global System for Mobile Communications): The GSM Standard was
adopted as the first digital mobile communication standard, as planned since the
early 80s. Commercial operation started in 1992. This led to the world-wide use of
GSM net-works, which were originally planned for the European system, in more than
120 countries and regions. GSM uses a hybrid solution of FDMA and TDMA as an
access technique. GSM used currently 900 / 1800 /1900 frequency ranges.
D-AMPS (Digital Advanced Mobile Phone System): The D-AMPS was conceived
as a supplementary system to the successful analogue AMPS in the USA and
Canada. The commercial start was 1991/92. D-AMPS as IS-136 standard is based
on a combined FDMA/TDMA access technique. It shares the 800 MHz range with
AMPS (824 - 849; 869 - 894 MHz). It expanded to the 1900 MHz range in 1995.
Multimode / multiband equipment is used for AMPS/D-AMPS.
PDC (Personal Digital Cellular): With the influence of D-AMPS, PDC (originally
called JDC - Japanese Digital Cellular) was standardized for the Japanese market.
The commercial start was 1993/94. A combined FDMA/TDMA procedure, similarly to
the D-AMPS, is used as an access procedure. Mobile stations transmit at the higher
frequency with PDC, in contrast to all other systems. Frequencies around 900 MHz
(810 - 826; 940 - 956 MHz) & 1500 MHz (1429 - 1453; 1477 - 1501 MHz) are used.
IS-95 CDMA IS-95 CDMA was developed in the early 90s based on CDMA spread
spectrum digital technology and was declared IS-95 standard in 1993. The
commercial start was 1995/96. IS-95 CDMA networks are emerging world-wide with
emphasis on North America and Eastern Asia. Frequencies in the 800 MHz and 1900
MHz range are used world-wide, and also in the 1700 MHz range in Korea.
30
Siemens
Introduction
Cellular Systems
First generation:
C450
NMT - Nordic Mobile Telephone
TACS - Total Access Communications System
AMPS - Advanced Mobile Phone System
Second generation:
GSM
D-AMPS
PDC
IS-95
Start
1992
1991/92
1993/94
1995
Coverage
worldwide
especially
USA, Canada
Japan
especially USA,
Canada, Eastern
Asia
Frequency
ranges [MHz]
900 / 1800 /
1900 (America)
800 / 1900
900 / 1500
800 / 1700 (Korea) /

1900
Multiple
Access
TDMA / FDMA
TDMA / FDMA
TDMA / FDMA
CDMA
Speech [kbit/s] 13 / 5.6
7.95
6.7
9.4 / 13
Data (max.)
[kbit/s]
9.6
(n14.4; n = 1...8)
4.8
4.8
9.6 / 14.4
Subscribers
(02/2001)
~ 410 million
~ 55 million
~ 85 million
~ 35 million +
75 million (AMPS)
Fig. 19
31
Introduction
Siemens
Siemens
Introduction
Mobile Satellite Systems MSS

Large areas of the earth's surface can not be covered by fixed or mobile networks.
Mobile Satellite Systems MSS are offered for supplying scarcely populated regions
and areas with weak infrastructure. Satellite supported mobile communication
systems are useful for high-sea ship transport, for catastrophe regions, and for
emergency supply.
Satellite systems can be distinguished with respect to their orbits:
l
GEostationary Orbit - GEO, with approx. 36,000 km altitude;
High Elliptic Orbit - HEO;
Medium Earth Orbital - MEO, from 10,000 - 20,000 km;
Low Earth Orbital - LEO, from 700 - 1,500 km.
1G MSS
MARISAT (Maritime Satellite): MARISAT went into operation in 1976 as the first
mobile satellite system, initiated by the USA.
INMARSAT (International Maritime Satellite Organization): INMARSAT is taking a
dominant role in 1G MSS. Founded in 1979, it is used by more than 100 membership
countries. The four INMARSAT (operation) satellites are in a geostationary orbit
(about 36,000 km altitude). With the exception of a the pole caps, a global
transmission to the world is achievable. Digital transmission is via INMARSAT
satellites since 1995., i.e. INMARSAT has turned over to a 2G MSS system
2G MSS
Digital information transmission and a larger number of satellites in lower orbits (LEO
and MEO satellites) allow considerably higher capacity. Several services similar to
those of GSM should be possible. A problem of the 2G systems is the comparable
high price and fast extension of 2G terrestrial networks
l
Iridium (closed 2000)
Globalstar
ICO
Ellipso
ORBCOMM
Teledesic
Skybridge
32
Siemens
Introduction
Mobile Satellite Systems MSS

Supply
Supplyto/
to/in
incase
caseof:
of:
- -inaccessible,
inaccessible,underpopulated
underpopulatedareas
areas
- -poor
infrastructure
poor infrastructure
- -high
highseas
seas
- -catastrophe
catastropheareas
areas
- -failure
failureofofother
othersupplies
supplies
10,000
- 20,000 km
MEO
Medium
Earth Orbit
700
- 1,500 km
Earth
LEO
Low Earth
Orbit
approx.
36,000 km
GEO
GEostationary
Orbit
HEO
High Elliptic
Orbit
1G:
MARISAT (USA) since 1976
INMARSAT (International Maritime
Satellite Organisation):
since 1979; > 80 member countries
4 GEO satellites;
global access
2G:
Iridium, ICO, Globalstar
private MSS operator
speech- & low data rate services
Fig. 20
33
Introduction
Siemens
Siemens
Introduction
The Mobile Market: Subscriber Trends 1980 - 2000

Before the introduction of first generation of cellular mobile communication systems,
the mobile communication market was unimportant. One-cell systems had only a few
thousand subscribers and slow annual growth rates in Europe, North America, and
Japan. Until the introduction of the first cellular systems in 1979 (AMPS: USA, NTTMTS: Japan) fewer than a million subscribers were registered worldwide.
The introduction of the first generation (analog) cellular mobile communication
systems led to a quantum leap on the mobile communication market. There were
annual growth rates of 10 to more than 50 %. In the early nineties, there were more
than a million subscribers registered in both the USA (AMPS) and Great Britain
(TACS) each. Several hundreds of thousands of subscribers were registered in other
countries with systems such as NMT, C450, NTT-MTS. The number of worldwide
sub-scribers exceeded 10 million in 1990. Simultaneously the limits of analogue
cellular systems were apparent in many countries owing to capacity problems,
especially in densely populated urban regions.
The introduction of GSM as the first mobile communication standard of the second
(digital) generation allowed an improved transmission quality, a larger offer of
service, various technical / organizational improvements, and a considerably more
efficient use of radio interface resources. A significant increase of capacity and thus
further growth of the mobile communication market became possible. Already shortly
after the start of GSM in 1992, subscriber numbers exceeded the million mark in
many countries. Other digital systems such as IS-95 followed. A development to a
genuine mass market has been evident since the introduction of the second
generation of mobile communications.
34
Siemens
Introduction
Subscriber trends:
1980 - 2000
Germany
100
World
10
1
Single cell
systems
1G
Introduction
2000
1998
1996
1994
Year
1992
1990
1988
1986
1984
0,01
1982
0,1
1980
Subscriber [M.]
1000
2G
Introduction
Fig. 21
35
Siemens
Introduction
Siemens
Introduction
Trends & Outlook

The mobile communication market will expand greatly in the future as well. In
contrast to the fixed network sector, which has developed slowly in the past decades
and has only recently become more dynamic, many predict unhindered growth for the
mobile communication sector beyond the year 2000. Only the growth of the Internet
is expected to exceed the growth of the mobile communication sector. It is generally
expected that the number of the mobile communication subscribers will rapidly
approach that of the fixed subscribers, and that in regions with a poorly set up infrastructure, the number of mobile communication subscribers will clearly exceed that of
fixed subscribers within the foreseeable future.
Almost three billion mobile communication subscribers world-wide are expected by
2015. This growth is apparent in the currently developing countries and newly
industrialized countries of the Asian / Pacific region. A 50 % share of the worldwide
mobile communication market is expected for the Asian / Pacific region by 2015; for
industrial nations in North America and Europe (EU15), a share of only about 7 % 11 % is expected.
Trends & Outlook

2 5 0 0'
Ro W
2 0 0 0'
A s ia / P a c ific
Subscriber [M.]
No rth A m e ric a
1 5 0 0'
E U 15
1 0 0 0'
5 0 0'
0'
1995
2000
2005
2 0 10
Year
2015
UMTS Forum
Report #1
Fig. 22
36
Introduction
Siemens
Siemens
Introduction
Mobile Trends
The mobile radio systems of the second generation have been optimized for speech
transmission. Data transmission is possible, but has previously been considered
secondary. Taking the increasing mobility in the professional world (work outside the
office, telework) into consideration, the need for mobile transmission of data is increasing. Comparatively user-unfriendly terminals (adapter solution) and relatively
low data transmission rates are problems for data transmission of the second
generation of mobile communications. The data rates for GSM are between 0.3 - 9.6
kbit/s, the transmission rates of other cellular standards are comparable or less. The
first mobile satellite systems of the second generation also have only low data
transmission rates (Iridium max. 2.4 kbit/s, Globalstar max. 9.6 kbit/s). These rates
are considerably lower than those of ISDN (64 kbit/s).
A large variety of demands are being placed on future mobile communications. Along
with improved world-wide service, user friendliness and cost reduction, mobile PC
Internet connection with a high data transmission rate is required.
Many of these demands are taken into account in GSM Phase 2+.
In this way bearer services were standardized with transmission rates in order to increase data transmission rates as well as to realize mobile computing and access
to the Internet. Data transmission rates can be adapted to the transmission rates of
ISDN and can be increased significantly further (up to more than 100 kit/s) by means
of these bearer services. User friendly equipment and cost-reduced features are also
planned, such as improvements in speech quality and world-wide availability by
means of satellite roaming. Furthermore flexible services adaptable to customer requests and intelligent network services are planned.
37
Siemens
Introduction
Mobile Trends
Trend:
Voice Data
100
Voice
Data
Traffic [%]
80
Requirements:
high data rates
user-friendliness
improved service offering
cost reduction
worldwide accessibility
60
40
GSM Phase 2+
20
0
data rates > 100 kbit/s
1996
Source:
UMTS Forum
2001
2005
Year
2007
mobile computing, Internet

new, integrating ME
new flexible services + IN
satellite roaming
& much more
Fig. 23
38
Introduction
Siemens
Siemens
Introduction
Mobile Forecast (Europe)

10 % of the traffic is expected to be on the data transport radio interface already in
2001, 30 % in 2005.
If further capacities and higher data transmission rates are achieved, there are hardly
any limits to a further growth of the mobile communication market even after the
number of subscribers reaches saturation.
The market share of speech transmission is as of 2007 expected to be less than 50
% in the entire volume of traffic.
An enormous change in the proportion of speech transmission to data transmission
has thus been predicted in the use of mobile communications in the first decade of
the 21st century.
It will be expected
l
change from speech to data transmission
high data rate multimedia applications.
Predictions assume a minor but slowly increasing share of multimedia users in

European mobile communications after the implementation of GSM Phase 2+
features, HSCSD and GPRS (as of 2000).
This is also the limit of GSM. Although the performance capacity of GSM Phase 2+
far exceeds the original expectations for the second generation of mobile
communications, neither the frequency ranges available nor the narrow-band
frequency use in GSM suffice for the predicted increases and demands regarding
data transmission, especially multimedia use.
The third generation of mobile communications with GSM's successor, the UMTS
(Universal Mobile Telecommunications System) is to deal with these applications and
demands as of 2002.
A considerable increase in multimedia use is expected with a wide-range expansion
of UMTS as of 2005. Predictions of the UMTS forum assume that of the approx. 260
million European mobile communication subscribers in 2010, approx. 90 million could
be multimedia users, while the rest of the users use only speech and low data rate
services. Multimedia users will produce more than 50 % of the entire traffic rate.
39
Siemens
Introduction
300'
Mobile communication
forecast (Europa)
Mobile subscriber
(total)
Subscriber [M.]
250'
Mobile subscriber
all applications from
voice to Multimedia
200'
150'
Mobile subscriber
Speech only/
low data rates
100'
mobile Multi Media:
50'
0'
1995
Source: UMTS-Forum
Start with GSM Ph2+

Breakthrough:
2000
2005
2010
3G (UMTS)
Year
Fig. 24
40
Introduction
Siemens
Siemens
Introduction
The Third Generation (3G)

There are at the time many mobile communication standards of both the second and
(still) first generations. Cellular mobile networks of the most different standards
complement one another or compete with private mobile radio systems, cordless
standards, paging systems and satellite systems, etc. Every one of these standards
has specific features, advantages and disadvantages, applications and user circles.
Many of these systems exist only on a national level and/or are incompatible. To a
certain extent this scenario reassembles on a world-wide level the situation of the
cellular systems in Europe before the introduction of GSM.
IMT-2000 (International Mobile Telecommunications 2000)
The third generation of mobile communications represents a world-wide system of
compatible standards, in which the most various current and future demands on
telecommunications have to be dealt with. The main task is to provide services to the
customer, independently of his location and the specific available infrastructure.
Smooth mobility should be guaranteed over all operator-dependent, national and
geographic borders at any location.
The demands on the third generation mobile communication systems have been
discussed since the early 90s under the term FPLMTS (Future Public Land Mobile
Tele-communications Systems). The term FPLMTS was changed into a term easier
to pronounce, IMT-2000, in the mid 90s for countries in which English is not a native
language. IMT stands for International Mobile Telecommunications 2000 indicates
both the approximate date of introduction and the frequency range.
The International Telecommunications Union - ITU - is responsible for the IMT-2000
specification. IMT-2000 is planned as the world-wide guideline of all standards of the
third generation of mobile communications. All of the "regional" standardization units
for developing standards must fulfil the ITU stipulations for IMT-2000. This ensures a
compatibility of the standards to be specified without hindering innovative individual
development and competition.
Many regional standardization committees create their own standards under the IMT
2000 "roof". Nevertheless, UMTS (Universal Mobile Telecommunication System) as
GSM successor system is expected to dominate the 3G market
41
Siemens
Introduction
1G
2G
(analog)
(digital)
Paging Systems,
e.g. City Call
Paging Systems
e.g. ERMES
Cordless Telephone
e.g. CT1, 1+
Cordless Telephone
e.g. DECT, PACS, PHS
wireless
Telephone cell
Wireless
Local Loops
WLL

PMR
PMR
e.g. TETRA
Cellular systems
Cellular systems
e.g. GSM, D-AMPS,
IS-95, PDC
MSS
e.g. INMARSAT
MSS
e.g. IRIDIUM, ICO,
Globalstar
IMT-2000
3G
1 family of
standards
for all
applications
countries
e.g. UMTS, cdma2000, UWC-136
different, incompatible standards for

different applications, countries & regions
Fig. 25
42
Introduction
Siemens
Siemens
Introduction
UMTS - Universal Mobile Telecommunications System

The ETSI (European Telecommunication Standards Institute) has specified UMTS as
the successor of GSM; a forum call Third Generation Partnership Project 3GPP, cooperating with the most important standardization organizations of the world is
responsible since 12/98. UMTS will fulfil the requirements for IMT-2000.
With UMTS world-wide multimedia access is possible at any time to all ranges which
are currently operated by various mobile communication systems of the first and
second generations.
Data rates of 8 kbit/s to 2 Mbit/s are to be supported. UMTS will support zone 1 3 of
the four zones of the IMT-2000 concept:
l
Zone 1 Indoor: for offices, private households,...; for low speed (stationary / up to
10 km/h) max. data rates up to 2 Mbit/s are theoretically possible.
Zone 2 Urban: for city, shopping malls, railway stations, subways, airport halls for
low speed (stationary / up to 10 km/h) max. data rates up to 2 Mbit/s are
theoretically possible.
Zone 3 Suburban/Rural: For wide range mobility (car, train) with higher / high
speeds (up to 120 / 500 km/h), 384 kbit/s 144 kbit/s should be possible. (Remark:
for UMTS only the lower speed value is currently planed)
Zone 4 Global: For rural, thinly populated areas with low user densities. All speeds
from stationary (individual buildings, measuring stations), to intermediate speeds
(car, train, ship), to 1000 km/h (airplanes). Mobile satellite systems (e.g.
INMARSAT: Horizons) which ensure up to 144 kbit/s are planned for servicing.
For IMT-2000 the frequency ranges from 1885 - 2025 MHz and from 2110 - 2200
MHz should be reserved (requested by ITU).
UMTS uses in Europe the frequency ranges of 1900 - 1980 MHz, 2010 - 2025 MHz
and 2110 - 2170 MHz.
The frequency ranges of 1980 - 2010 MHz and 2170 - 2200 MHz are reserved for 3G
MSS.
43
Siemens
Introduction
UMTS - Universal Mobile Telecommunications System

Zone 4: Global
Zone 3:
Suburban / Rural
Zone 2:
Urban
Macro
Cell
MSS
144 kbit/s
cellular
2010
2170
MSS
1885
cellular
2110
2025
1 9 0 0
1 9 5 0
2 0 0 0
max.
data rate
2048 kbit/s
384 kbit/s
144 kbit/s
1980
1 8 5 0
Micro
Cell
Zone 1:
Indoor
Pico
Cell
2 0 5 0
2 1 0 0
MSS
2200
2 1 5 0
2 2 0 0
2 2 5 0
Frequency range [MHz]
Fig. 26
44
Chapter 2
Contents
1
2
3
4
GSM Network Structure

Duplex Transmission & Multiple Access
GSM - Fixed Network Transmission
GSM Air Interface
2
14
21
25
Siemens


Fig. 1
Siemens
GSM: The Network Structure

The international GSM service area covers all countries in which there is a GSM
network.
Networks provisioned by an operator on a national level for public mobile
communication are called Public Land Mobile Networks PLMN. PLMNs built
together with public fixed networks, i.e. "conventional" PSTN (Public Switched
Telephone Network) or ISDN (Integrated Services Digital Network) networks the
telecommunication infrastructure of a country.
A Public Land Mobile Network is divided into mobile and fixed network components.
They are connected via air interfaces.
Fixed Network Components of the PLMN
The fixed network components of a GSM-PLMN consist of:
l
Base Station Subsystem BSS: The BSS is the fixed network part of the PLMN
radio access (Radio SubSystem RSS). It realizes the radio transmission via the
radio interface. Several fixed radio station, so-called Base Stations BS are coordinated by one control unit.
Network Switching Subsystem NSS: The NSS forms the interface between the
radio subsystem and the public fixed networks (PSTN, ISDN, PDN). It executes all
signaling functions for setting up connections from and to mobile subscribers. It is
similar to the exchanges of fixed network communication systems, but it
furthermore fulfils important mobile communication specific functions, e.g. keeping
track of the users / mobile stations location.
Mobile components of the PLMN

The Mobile Stations MSs are regarded as mobile part of the PLMN. The air or radio
interface represents the connection between the MS and the PLMN fixed network
components BSS and NSS. The organization of the radio interface is decisive for
advantages and disadvantages of different mobile systems.
Siemens
GSM Network Structure: Concept
PLMN
Mobile
terminal device
Public Land Mobile Network
Um
Fixed
network
Air Interface
PSTN
BSS
Public Switched
Telephone Network
Base Station
Subsystem
NSS
BSS
MS
Base Station
Subsystem
Mobile
Station
Network Switching
Subsystem
control/switching of
mobile services
BSS
Base Station
Subsystem
Mobile
components
ISDN
Integrated Services
Digital Network
PDN
Public Data
Network
Fixed network
components
Fig. 2
Siemens
Mobile Components
Mobile components are the Mobile Stations MS which transmit the users speech and
data to the PLMN. The Mobile Station MS consist of:
l
ME:
Mobile Equipment,
SIM:
Subscriber Identification Module,
The MS is not necessarily the termination point for the users data transmission. A
Terminal Equipment TE, e.g. laptop, fax machine,... can be connected to the MS for
final data handling.
The Mobile Station MS
An important difference between fixed network communications and mobile
communications is the separation of equipment and subscriber identity. It is possible
for the mobile subscriber to use various mobile terminal equipment with a personal
identity by means of the SIM card, which includes his subscriber identity. The mobile
station is defined as: MS = ME + SIM.
The SIM card is allocated and activated by the provider upon completion of the
contract. It is realized by means of a chip which contains a variety of permanent and
temporary information for the subscriber (e.g. personal telephone register) and about
him/her. Along with the personal (secret) ID numbers (IMSI - International Mobile
Subscriber Identity, TMSI - Temporary Mobile Subscriber Identity) these stored
information are for example algorithms and keys for ciphering the transmission.
The PIN (Personal Identity Number) is important for the subscriber; it must be
entered by the mobile subscriber before the start of the conversation in order to
prevent fraud by unauthorized intruders. As a rule, calls cannot be made without a
SIM card in the ME and without the PIN being entered. Emergency calls are an
exception.
Siemens
Mobile Components
MS = ME + SIM
SIM
Subscriber Identification Module
SIM card: the heart of MS

Different equipments, one SIM (one bill)
Security: PIN (exception: emergency call)
Chip with subscriber identification,
security algorithms,
personal phone book,...
Fig. 3
Siemens
The Cellular Network

The breakthrough in mobile communications with regards to subscriber numbers and
capacity was made possible by the introduction of the cellular radio system. The
cellular communication system was tested in various countries during the 1970s.
Cellular networks of the first generation were introduced, e.g.:
l
1979 in the USA: AMPS (Advanced Mobile Phone Service)
1981 in Scandinavia: NMT (Nordic Mobile Telephone)
1985 in Germany: C-450 (Siemens)
1985 in Great Britain: TACS (Total Access Communications System)
The successive digital systems of the second generation, and therefore GSM
systems, are structured as cellular communication systems in the same way as the
analogue systems.
Principle of the Cellular Communication System
PLMNs operating on a national level are divided by location into servicing areas, socalled cells, in which a Base Transceiver Station BTS supplies the mobile subscribers
of the area concerned. The cells represent the smallest service area in the PLMN
network.
A variety of cells ensures service of the total PLMN service area. The cells are
theoretically arranged in a so-called honeycomb pattern. Adaptations to the
population/ traffic density and the topography of the service area lead to a more
irregular pattern.
The service areas of the individual cells partially overlap. In order to avoid
interference of different subscribers in surrounding cells the cell structure is
organized according to the principle of cellular systems, frequency re-use. The
narrow available frequency range is divided into individual frequencies (channels).
Only some of these channels are used in a certain cell, the remaining channels are
used in the adjacent cells. The same frequency is used again in cells which are
sufficiently far apart from each other to avoid interchannel interference. This means
that any area can be covered and thus an enormous increase in network capacity
can be achieved with a small supply of channel frequencies.
Siemens
Principle:
The Cellular
Network
channels
x,y,z
channels
u, v, w
~4r
co-channel interference zone

= cluster area
channels
x,y,z
Principle:
Many cells (BTS)
Full coverage
Partial overlap of cells
Distribution of frequency resources
Only a few frequencies per cell
Frequency re-use
Solution:
r = cell radius
(cell parameter)
re-use distance
for HF channel frequency
cell,
radio cell
re-use distance
for
HF channel frequency
Fig. 4
Siemens
Cluster
A certain minimum distance must be maintained between cells using the same
frequencies in order to prevent interference or at least keep it to a bare minimum.
This minimum distance, the so-called frequency re-use distance, depends on the
concrete network planning and corresponds to approximately 4 times the cell radius.
On this principle, the available channels can be divided e.g. into 7 parts and
distributed over the PLMN area in such a way that each cell contains one of these 7
sets of frequency channels. The minimum area in which the whole range of HF
channels is used is described as a cluster. Planning a concrete network implies that
the population/traffic density, the topography of the area to be supplied, etc. must be
taken into account. This network planning is an extremely difficult process; there is
special network planning software for this purpose.
The Cellular Network / Principles of Network Planning
Frequency re-use distance: avoid inter-channel interferences

Cluster: smallest domain within which all frequency resource is used
(GSM900: typ. 7/9 cells)
Network planning: difficult
Fig. 5
Siemens
The GSM Cell

The higher the traffic density, the smaller the cell area since a limited number of HF
channels can only cope with a limited traffic volume. This can be carried out via a
reduction of the cell radius or by dividing the cells into sectors.
Cell Size / Hierarchical Cellular Structures HCS
The size and shape of the cell depend on:
l
The range of the MS radio contact (MS output peak power); topography (e.g.
mountains, buildings, vegetation etc) and climate play a role here.
Traffic density
The maximum radius of a cell broadcast channel is 35 km in the GSM900 system, 8

km in the GSM1800 system. The possibility of setting up "extended range cells" with
a radius of up to 100 km has been integrated into GSM Phase 2+ for GSM900
systems. This should allow coverage of sparsely populated areas and especially
coastal regions. The extended cell concept results in a reduced capacity.
Transmit power is limited for higher traffic densities in order to achieve a high degree
of re-use of frequencies over smaller cells: The size of clusters is inversely
proportional to the capacity of the radio system.
A Hierarchical Cell Concept (Rec. 05.22) is planned for towns, with an extremely high
density of mobile subscribers.
l
Macro-Cell: The "normal" cells are called Macro Cells. They have ranges from
approximately one km to several (extended cell concept: 100 km).
Micro Cell: Cells for the support of restricted areas with very high mobile user
density, e.g. shopping malls, railway and subway stations, airport terminals. Their
radius ranges from some 100 meters to approximately 1 km.
Pico Cell: Cells for the support of indoor applications, e.g. offices. Their range
should be several 10m.
Velocity dependent Handover are necessary in the Hierarchical Cellular Structures.

Cell Coverage
l
Omni Cells: The BTS is equipped with omni-directional antennae and serves a
360 angle.
Sector Cells: The BTS supplies the cells with directional antennae. The cell shape
is a circular segment. Sectors of e.g. 180 or 120 are covered.
10
Siemens
Cell Size and Coverage

Cell coverage
Maximum cell size
GSM900
35 km
(100 km)
omni cell
360
(extended cell)
GSM1800
cell 2
8 km
180
sector cells
180
cell 1
Hierarchical Cellular Concept:

Macro cells: min. 500 m
Micro cells: some 100 m
Pico cells: some 10 m
speed-dependent allocation
180
120 120
120
sector cells
cell 3
120
cell 1
cell 2
Fig. 6
11
Siemens
Roaming / Location Registration / Handover

Roaming
A further innovation of the cellular system was so called Roaming. This means that a
subscriber can move freely within the PLMN and remain reachable on a single
personal telephone number anywhere in this area. With GSM this concept of roaming
can be expanded to the international area (international roaming). A subscriber
whose home PLMN has a roaming agreement with other countries' GSM-PLMNs can
also be reached in these PLMNs (Visited PLMN - VPLMN) without dialing the
corresponding VPLMNs code; calls can also be made from that VPLMN. A
prerequisite is of course that subscribers authorization for international roaming.
Location Registration / Location Update / Location Area
The subscriber has to be located in the respective cellular network. A procedure
known as Location Registration or Location Update Procedure LUP carries out
this function. It is important that the subscriber's temporary location area is recorded /
registered with this procedure when the subscriber's mobile station is switched on
and checked in, to forward calls to him. The temporary Location Area LA is the area
in which the MS can move freely without having to carry out a location update. As a
rule, the location area consists of a multiple cells and is configured by the operator
according to the traffic or population density.
Handover
In cellular networks, it is not necessary for the subscriber to have his call interrupted
when changing from one cell's service area to the area of a surrounding cell, as long
as the cell areas overlap. This overlapping should be guaranteed with good planning.
If the MS can receive better supply from another cell than the one currently in use
during a call, the MS connection will be diverted to the relevant cell. This procedure
designed for system quality maintenance ideally takes place without the user being
able to notice and is known as handover.
12
Siemens
Roaming, Location Update

& Handover
MS
BS
Handover
BS
Location Update:
Location Area: most precise location information
stored in the network
Location Registration: initial registration
Location Update: update of registration
Fig. 7
13
Siemens
Duplex Transmission & Multiple Access

UL
DL
Duplex
transmission
FDD
FDMA
Multiple
Access
TDD
TDMA
CDMA
Duplex Transmission
& Multiple Access
Fig. 8
14
Siemens
Duplex Transmission and Multiplex Procedure

In a cell for access to a network two different principles have to be co-ordinated: The
way of co-ordinating UL and DL, i.e. the Duplex Transmission, and the way of
enabling the simultaneous access of several user to the same Base Station, i.e. the
multiple access principle.
Duplex Transmission: FDD & TDD
Modern cellular mobile radio systems of the first (1G) and second generation (2G)
enable full duplex transmission. Simultaneous communication on both sides, i.e.
(virtually) simultaneous transmission and reception is thus possible.
The transmission directions are designated as Uplink UL (MS to BTS) and Downlink
DL (BTS to MS).
There are two duplex transmission principles:
l
Frequency Division Duplex FDD: Transmission and reception take place in

different frequency ranges. The distance between the Uplink UL and Downlink DL
frequency range is designated as duplex distance.
Time Division Duplex TDD: Transmission and reception take place in the same
frequency band. Uplink UL and Downlink DL transmission take place at different
times. There is fast switching between UL and DL transmission, so that the user
has the impression of simultaneous transmission and reception.
FDD
Frequency
Division Duplex
Uplink UL
Duplex distance
Downlink DL
UL / DL
separated by
frequency !
Base Station BS
Mobile Station MS
frequency f
T
TDD
Time
Division
Duplex
MS
transmit
UL
BS
receive
receive
DL
transmit
transmit
UL
receive
receive
DL
transmit
Same
frequency
UL / DL
separated by
time!
time t
Fig. 9
15
Siemens
Multiplex Access: FDMA, TDMA and CDMA

Several subscribers in one cell must be able to use the frequency range available for
mobile communications together. Thus there must be procedures for regulating
simultaneous access of different subscribers without disturbances. There are three
different general procedures, partially in combination, which are used for coordinating the frequency resources:
l
FDMA - Frequency Division Multiple Access
TDMA - Time Division Multiple Access
CDMA - Code Division Multiple Access
FDMA - Frequency Division Multiple Access

FDMA is a multiple access principle used widely in the first (analogue) generation 1G
of mobile communications. It is however also used in the second (digital) generation
2G of mobile communications, usually in combination with TDMA and in the third
generation 3G together with CDMA.
The available frequency reserves are divided into channels of the same bandwidth
for FDMA. A certain frequency uplink and downlink is made available to an individual
subscriber. Simultaneous calls and information transmissions of various subscribers
thus take place on different frequencies. The transmitter and receiver must have a
common knowledge about the channel frequencies to use.
Co-ordination
of limited frequency resources
for different subscribers
Multiplex Access
FDMA
CDMA
Frequency Division
Multiple Access
Code Division
Multiple Access
TDMA
Time Division
Multiple Access
Fig. 10
16
Siemens
TDMA - Time Division Multiple Access

The allocation of the available frequency range is made with respect to time for
TDMA. A frequency band is not permanently available to one mobile station; it is
used by several different mobile stations. Time is therefore split into individual time
slots. The individual mobile stations are assigned the frequency range for the
duration of a TDMA time slot in a periodically exclusive manner.
A certain number of subscribers can use a certain frequency range virtually
simultaneously with TDMA. The message information of a subscriber is taken apart
and transmitted piece by piece to the corresponding time slots. The information
carrying HF transmission in an individual time slot designated as a "burst".
CDMA - Code Division Multiple Access
In CDMA systems the users of one cell are not separated by frequency or time.
Different to FDMA or TDMA simultaneously they take place in the same frequency
range. The users are separated by unique Codes. The Base Station and Mobile
Station must have common knowledge of the Codes used. The information of a
single user is spread up from a narrowband signal to a wideband signal using a highfrequency code (high so-called "chiprate"). This spread information is transmitted via
radio interface. After receiving the information, it is de-spread using the same code to
regenerate the original information.
The Codes in principal have orthogonal properties.
power
power
P
FDMA
time t
P
time t
TDMA
TS 3
TS 2
TS 1
1
frequency f
frequency f
power
Multiple Access methods
P
time t
CDMA
Multiple
method
FDMA
TDMA
CDMA
3
2
1
BS & MS share
knowledge about
Frequency
Time
PN code
frequency f
Fig. 11
17
Siemens
Transmission via GSM Radio Interface Um

A combination of FDMA and TDMA is used for GSM. The GSM physical channels are
defined by a pair of frequency bands (for UL and DL) and a Time Slot TS.
FDMA in GSM
In the GSM system, a band width of 200 kHz is defined for one frequency band.
These HF channel widths are perfectly suited to the demands for speech
transmission.
Allocation to (E-) GSM900, GSM-R, GSM1800 and GSM1900 is as follows:
l
GSM900: (880) 890 - 915 MHz; 925 (935) - 960 MHz; 124 (174) channel pairs ;
with a duplex distance of 45 MHz
GSM-R: 876 - 880 MHz; 921 - 925 MHz; 19 channel pairs; with a duplex distance
of 45 MHz
GSM1800:1710 - 1785 MHz; 1805 - 1880 MHz; 374 channel pairs; with a duplex
distance of 95 MHz
GSM1900: 1850 - 1910 MHz; 1930 - 1990 MHz; common use along with other
standards (e.g. IS-95; D-AMPS); with a duplex distance of 80 MHz
In GSM for DL the higher and for UL the lower frequency range is used in general.
Remark: In co-ordination with the frequency plan regulation, there is a 200 kHz
protective band inserted between the lower limit frequency and the first carrier of
every sub-band, i.e. the corresponding channels are not used. This protective band
known as the "guard band" is an accepted, virtually "unavoidable loss" for preventing
interference between different applications in the totally filled frequency range.
18
Siemens
FDMA in GSM
GSM900 / 1800 Frequency Allocation
(880) 890 MHz
1710 MHz
915 MHz
1785 MHz
(925) 935 MHz

1805 MHz
UPLINK (UL)
960 MHz
1880 MHz
GSM900
GSM1800
DOWNLINK (DL)
Transmit band
of the Base Station
Transmit band
of the Mobile Station
Duplex distance 45 MHz resp. 95 MHz

25 (35) MHz
75 MHz
25 (35) MHz
75 MHz
Guard band
C
124
(174)
374
C C C
1 2 3
200 kHz
C C C
1' 2' 3'
C
124'
(174')
374'
C - Radio Frequency Channel (RFC)
Fig. 12
19
Siemens
TDMA in GSM
Each of the 200 kHz frequency bands is further sub-divided by TDMA into 8 so called
Time Slots TS. This produces 8 physical channels within one frequency band. In
GSM a physical channel is thus defined by a determined frequency channel Uplink
UL and Downlink DL and a determined time slot TS
In the GSM system, up to 8 (with half-rate transmission even 16) calls can be
transmitted "simultaneously" on one frequency band.
A sequence of 8 time slots TS in one radio channel is referred to as a TDMA frame. A
TDMA frame has a duration of 4.615 ms, an individual time slot a duration of approx.
0.577 ms. The users data are transmitted virtually "piece by piece" on one specific
time slot every TDMA frame.
FDMA
GSM:
combined
FDMA/TDMA
1TS
1TS==577
577ms
ms
11TDMA
TDMAframe
frame==
88TS
TS==4.615
4.615ms
ms
TDMA
frame
7
5
4
3
0
200 kHz
time
frequency
Fig. 13
20
Siemens
GSM - Fixed Network Transmission

A/D conversion
0011
speech band 1
1011
Multiplexer
band
3
speech band 2
common line
1100
PCM
Pulse Code
Modulation
speech band 3
GSM - fixed network transmission

Fig. 14
21
Siemens
PCM30: Transmission in GSM fixed network part

Information (conversations, data, signaling) is exclusively transmitted digitally via
PCM30 lines in the GSM-PLMNs fixed network part.
Pulse Code Modulation - PCM
Sampling values of a speech information are transmitted using binary code words
(digitally) in PCM.
Due to the digital structure of the message, the PCM signals are less susceptible to
interference than analogue signals. Regenerators reconstruct the original digital
signal at the receiving end. Analogue signals, on the other hand, can only be
amplified (including noise peaks).
Amongst other things, during Pulse Code Modulation (PCM) an analogue oscillation
is converted into a digital signal. A PCM signal can be transmitted alone or be
embedded in a TDMA frame with other PCM signals (multiplexing).
The conversion of an analogue telephone signal into a digital signal is carried out in
three steps:
1. Band limitation: A bandpass filter restricts the incoming signal to the audible
frequencies, i.e. to 300 to 3400 Hz.
2. Sampling: Sampling values are taken at fixed intervals from the limited telephone
signal. The sampling frequency must be greater than twice the highest frequency
within the analogue signal (Shannon Theorem). Internationally specified: 8000 Hz.
3. 8-bit coding: Every amplitude value of the sampled (Pulse Amplitude Modulated PAM) signal is transformed into an 8-bit word. The 8-bit word enables the analogue
signal to be represented in 256 quantization intervals.
Since the transmission of an 8-bit word requires only a portion of the sampling
interval (125 ms) of the analogue signal, the 8-bit information is temporally
multiplexed (TDMA-procedure). 8 bits are transmitted in each time slot.
Using PCM30 transmission systems, a total of 30 digital user values can be
transmitted in the time frame of the sampling period of an analogue value, i.e. in 125
ms.
22
Siemens
Generation of a PCM Signal

1. Band limitation
(300-3400 Hz)
2. Sampling (8000 Hz)
3. 8-bit coding
signal 1
time slot
transmission of the coded

sample value of signal 1
0 1 0 0 1 1 0 1
coded sample value
signal 2
Fig. 15
23
Siemens
PCM30
PCM30 transmission systems use digital transmission lines or radio relay. A PCM30
frame consists of 32 time multiplexed time slots.
The 32 time slots can contain pulse code modulated message information (speech,
data) or signaling information in the form of 8-bit words.
The total bit rate of a PCM30 line is 2048 kbit/s
l
Time slot 0: alternately frame identification word and service word (alarms)
Time slots 1-15 and 17-31: calls or data
Time slot 16: signaling channel
The pulse frames are transmitted in a direct sequence.
PCM30: TDMA Principle

time
slot
telephone channels 1 - 15
frame alignment/
service word channel
telephone channels 17 - 31
signaling channel
PCM30
PCM30
pulse frame
pulse frame
pulse frame
Fig. 16
24
Siemens
GSM Air Interface

Advantage:
mobility
Single cell systems
Cellular mobile communication systems

1st generation
Limits:
cell
national
2nd generation
incl. satellite roaming
GSM (Ph1/2)
(GSM Ph2+)
GSM service area
unlimited
GSM Air Interface

Fig. 17
25
Siemens
Radio Interface: Advantages, Problems and Solutions

The air or radio interface, i.e. the connection between the MS and fixed network
components, represents the fundamental difference to a fixed network
telecommunication system. The radio interface has its specific advantages, but also
shows problems and disadvantages inherent to mobile communications.
Advantage: Mobility
The main advantage of mobile communications is the unrestricted mobility which can
be achieved only via a radio interface. Mobility was extremely restricted, especially in
the early years of mobile communications (one-cell systems). Mobility only reached
as far as the radio coverage between the MS and the transmission/receiving
installations would allow. These limits were stretched significantly by cellular mobile
communication networks of the first generation (since the early 1980s). National
borders and the degree of area coverage of a PLMN within a country formed the
borders. In the GSM system, national borders no longer represented restrictions to
mobility owing to inter-national roaming. It is still the case that nation-wide
connectivity is only offered around urban areas and along main traffic routes in large
areas of central Europe. Unlimited world-wide mobility is possible in co-operation
between GSM and MSS such as Iridium, Globalstar and ICO.
Problems & Solutions on the Radio Interface
l
Cost Aspect: Problem - The need to built up a new network architecture with
thousands of BTS. But: Compared with the costs for a fixed network ISDN / PSTN
infrastructure, a GSM PLMN is comparable cheap, because there is no need for
millions of lines into every private household.
Capacity: The capacity of transmission via radio interface is a great problem in

mobile communications. Optimized usage of radio resources reducing the cell
sizes, introducing sector cells and introducing the Hierarchical Cellular Structures
with Macro, Micro and Pico Cells solves this problem.
Data Rate: GSM (Phase 1/2) offers a maximum 9.6 kbit/s, compared to the 64
kbit/s of ISDN. Introduction of HSCSD, GPRS and EDGE enhances the GSM data
rates significantly.
Security Aspect: The radio interface can be intercepted with comparatively little
technical expenditure. 1G could be intercepted without any problem, while the
digital transmission of the second generation offers protective measures against
interception; the transmission is coded.
Health Aspect: The mobile radio frequencies lie near the resonance frequency of
water (2.45 GHz). In order to keep thermal exposure to the mobile radio user as
low as possible there are maximum power limitations for mobile phones, 2 W for
GSM900 and 1 W for GSM1800.
26
Siemens
The Air Interface Um:

Problems of radio transmission and possible solutions
Cost Aspect:
Capacity:
Data Transmission Rate:
Security Aspect:
Health Aspect:
Construction of mobile
communication network
cheaper than terrestrial network
GSM900 / E-GSM: 124 / 174 frequency bands
GSM1800: 374 frequency bands
increasing subscriber numbers, data transmission
Resource optimization / protection !!!
GSM Ph1/2: 9.6 kbit/s

Ph2+: HSCSD, GPRS, EDGE > 100 kbit/s
Eavesdropping easy!
GSM offers encryption
H2O resonance frequency (2.45 GHz)

Thermal load
Pmax = 2 / 1 W (GSM900/1800)
Fig. 18
27
Siemens
Problems of Physical Transmission

l
Screening: If there are hindrances between transmitter and receiver, the signals
will weaken. A connection can thus become problematic or impossible. In GSM
there is therefore the possibility of regulation of the transmitting power (Power
Control - PC) from mobile and base stations over several orders of magnitude.
Multipath Propagation: Multipath propagation through reflection and dispersion

of radio waves leads to phase-shifted reception of signals of different paths. The
interference can distort, amplify or erase the signal. An attempt to compensate for
negative effects of multipath propagation is given by power control, frequency
hopping, two antenna receivers for the base station (antenna diversity) and
redundancy of the transmitted information.
Distance MS - BTS: The distance between MS and BTS has proved to be

problematic in several ways. The receive power sinks with increasing distance
between transmitter and receiver theoretically with the square of the distance.
Various physical effects such as atmospheric attenuation (weather-dependent)
reduce the receive power even more. This attenuation depends on the frequency
and increases with increasing frequency in mobile radio relevant frequency
ranges. The distance furthermore causes a reception de-lay, which may lead to
interference between neighboring time slots in TDMA. GSM responds to this delay
by means of a regulation of the transmission time (Timing Advance TA). GSM900
cells (GSM Phase 1/2) are limited to maximum 35 km, GSM1800 cells to
maximum 8 km radius as a result of the distance-related problems. There is the
possibility in GSM Phase 2+ to realize "Extended Range Cells" with a maximum
radius of 100 km for GSM900.
MS Speed: Moving mobile stations can cause transmission distortions due to

Doppler effect. A compensation for this effect up to a maximum speed of 250 km/h
(130 km/h), for GSM-R a more powerful compensation for speeds of up to 450
km/h was deloped.
Interference with external systems: The receive quality can also be disturbed by
electromagnetic waves from outside systems (e.g. car ignition, generators, PCs).
A compensation is being tried out by means of the mechanisms described under
multipath propagation.
28
Siemens
Radio Transmission: Physical Disturbances
transmitted signal
Screening
Multipath propagation
Distance MS-BS
MS speed
External system interference
signal attenuation (Power Control PC)

interference (PC, f-hopping, diversity, regeneration)
power loss (f-dep.); delay (PC, TA, cell size)
Doppler effect (corrections)
quality loss (PC, f-hopping, regeneration)
received
signals
Digital systems offer many

error recognition and
correction mechanisms
signal to
antenna
Mobility
( redundancy)
Fig. 19
29
Siemens
Frequency Resources: Optimized Utilization

In order to be able to keep up with the increasing demands on mobile
communications despite the limited resources of the radio interface different
approaches are being pursued.
l
Additional Frequency Ranges: The simplest way to cope with the growing
demand for mobile communications is to expand the available frequency range.
This approach was pursued with E-GSM and GSM1800. Any further future
expansion would be problematic as other frequency ranges are already reserved
for other applications.
Speech Compression: Speech compression in GSM allows a reduction of voice

information from 64 kbit/s to 13 kbit/s in the so-called Full Rate FR speech and to
5.6 kbit/s with the Half Rate HR speech. HR speech thus leads to a considerable
increase in capacity. Central aspects of HR speech are described in the GSM Rec.
06.02, 06.20 - 22, 06.41 and 06.42.
Cell Size Reduction/Coverage: The most important measure for increasing the
capacity of GSM networks lies in a reduction of the cell size. The resources of a
radio cell are available to a small geographical area through the reduction of the
cell radius or through the limitation of the cell coverage (sector cell). By doing so,
the density of mobile communication subscribers and consequently the system
capacity can be considerably increased. By halving the cell radius, its capacity is
increased by a factor of four. Nevertheless the size of a (normal = macro) cell can
not be reduced indiscriminately. Hierarchical Cell Concepts (Rec. 05.22) with
macro, micro and pico cells are significantly enhancing efficiency.
OACSU (Off Air Call Set Up): Traffic channels are allocated only after a successfull call setup, that is after the called subscriber (delayed allocation). The OACSU
procedure thus serves to improve the frequency efficiency; it can be used for
overload handling.
Tariffs: Introduction of day- & night time tariffs can help to level down peak loads.
Discontinuous Transmission DTX: For a conversation, this will mean that just
speech phases are transmitted. Background noise, or so called comfort noise is
transmitted with a greatly reduced bitrate (500 bit/s instead of 13 kbit/s as with
speech phase) in phases in which a subscriber is silent. The other subscriber
should thus not worry that connection has been broken off. In order to make
discontinuous transmission possible, the presence of "useful" information for
transmission must be determined by means of Voice Activity Detection VAD. DTX
aspects are included in GSM-Rec.06.31 and 06.41, VAD aspects in Rec. 06.32
and 06.42.
30
Siemens
Frequency Resources: Expansion / Optimized Utilization

Extension of frequency range:
GSM900:
2 x 25 MHz
E-GSM:
2 x 35 MHz
Speech compression:
GSM1800
2 x 75 MHz
Digital speech information
Fixed network: 64 kbit/s
Cell size
reduction:
(Radius reduction
and sectorization)
35 / 8 km
FR:
HR:
13 kbit/s
5.6
kbit/s
Full Rate
speech
Half Rate
speech
500 m
omnicell
180 / 120
sector cell
OACSU (Off Air Call Set Up)

Time Balance / Tariffs
DTX (Discontinuous Transmission) / VAD (Voice Activity Detection)
Fig. 20
31
Siemens
Advantages of Digital Transmission

Digital transmission has many advantages over analog transmission:
l
Network Capacity: The capacity of mobile communication networks can be

considerably increased by the possibility of compressing digitalized speech
information. The disadvantage of speech compression is a loss of information
(reduction of speech quality).
Service Offer: Digital data transmission simplifies the transmission of signaling

information. This makes the introduction of a wide, quickly growing range of
services possible in GSM beyond pure speech or data transmission.
Cost Aspect: Digital equipment is less expensive to manufacture owing to better

possibilities for use in highly integrated microelectronics. Purchase costs as well
as operation and maintenance costs are thus less expensive and have allowed
GSM's breakthrough onto the mass market.
Miniaturization: Microelectronics used for digital information transmission allows

a relatively simple reduction of the hardware (in comparison to analog
transmission), especially of the mobile stations. Mobile phones have been used
with GSM since the start; their weight has been reduced from over 500 g to some
50g within a couple of years.
Security Aspect: Digital information can be ciphered much more easily than
analog information. Transmission via radio interface is protected from fraud and
unauthorized interception in GSM by the ciphering the digital user data (speech,
data) and signaling data.
Advantages of Digital Information Transmission

Network capacity speech compression
Service offer signaling
Cost aspect manufacture, operation, maintenance
Miniaturization microelectronics
Security aspect easily coded
Transmission quality regenerability
Code
sequence
Input data
(plain text)
ENCRYPTION
MODULE
Output data
(coded text)
Fig. 21
32
Siemens
Transmission Quality: Signal transmission via radio interface leads to considerable distortions and weakening of the transmitted signals. Digital signals are
fundamentally less susceptible to interference than analog signals and are better
suited to regeneration. Analog speech connections become increasingly worse
with increasing distance from the transmitter until they eventually disconnect.
Digital transmissions on the other hand maintain a constant good quality over a
long distance and then disconnect almost suddenly.
Quality of Digital & Analog Signal Transmission

S/N
signal
quality
distance to transmitter
analog signal
digital signal
Fig. 22
33
Siemens
Reliable Transmission via Um: Channel Coding

Various measures are taken in GSM to protect transmissions via radio interface from
interference, distortions and loss of information. These measures are taken by means
of channel coding.
The transmission is protected in such a way that a certain number of transmission
errors can be corrected by the error correction procedure, the so-called Forward
Error Correction (FEC). By means of FEC the Bit Error Rates (BER) of the radio
interface transmission are reduced to a rate of 10-5 to 10-6 from an unacceptable
value of 10-3 to 10-1. Redundancy is added to the information to be transmitted in
order to al-low recognition and correction of transmission errors.
Channel coding of information on the transmit side comprises three steps:
1. Adding of parity check bits and fill bits
2. Error protection (redundancy) with convolutional coding
3. Spreading by time: interleaving
The same steps are carried out in reverse order at the receiving side.
The added parity check bits serve to recognize incorrigible errors on the receiving
side. The parity check bits are of special use in speech transmission. If incorrigible
errors are indicated, the corresponding speech information is rejected and an attempt
is made to interpolate the information from the preceding speech information.
Convolutional coding serves to create redundancy. The original information (speech,
data, signaling) is coded along with the parity bits. Important information runs through
mathematical algorithms, where redundancy is added and the arrangement of the
information is changed.
Interleaving serves to temporally spread information. Information is collected up to a
determined number of bits and is spread by time. The interweaving of the redundant
information has the effect that information loss due to frequent short disturbances can
be compensated by means of temporal spreading of the information.
34
Siemens
Reliable Transmission via Um:
Channel Coding
Um
Addition of:
parity
and filler
bits
Convolutional
coding
redundancy
Interleaving
temporal
spreading
transmission side
De-interleaving
Convolutional
decoding
Parity
check
reception side
Fig. 23
35
Siemens
Speech Coding: FR, HR and EFR

Speech transmission is of central importance in GSM. Speech information is handled
especially by the radio interface for secure and resource-preserving transmission.
Speech information is compressed and then redundancy is added (channel coding).
There are three different speech codecs available in GSM for compression of speech
information: the Full Rate (FR) Speech Codec was specified for GSM Phase 1, i.e.
from the start, in Phase 2 the Half Rate (HR) Speech Codec and in Phase2+ the
Enhanced Full Rate (EFR) Speech Codec were added.
Full Rate FR and Enhanced Full Rate EFR Speech Codecs compress speech
information from 64 kbit/s - used in digital line connected telephone networks such as
ISDN - to 13 kbit/s respectively 12.2 kbit/s. So 13 kbit/s / 12.2 kbit/s are the net data
rate for speech transmission via the radio interface. The gross data rate after adding
redundancy in channel coding is 22.8 kbit/s with FR and EFR.
l
Half Rate HR Speech Codec compresses speech information from 64 kbit/s to 5.6
kbit/s. The gross data rate after adding redundancy is 11.4 kbit/s. The connections
of two Half Rate speech using subscribers can be realized in one physical channel
together, with a gross data rate of 22.8 kbit/s.
Models for speech generation are generally used for speech coding. Periodically returning elements of speech are identified as phonemata; redundancy is removed
from the speech information. Even the attributes of hearing, especially the spectral
covering effect, are taken into account in different ways.
More efficient speech recognition mechanisms are of use for the HR introduced in
GSM Phase 2 and EFR introduced in Phase 2+. The HR codec delivers a somewhat
lower speech quality in comparison to the FR codec if transmission is undisturbed. It
is more robust against radio specific disturbances owing to the relatively strong error
protection. The EFR codec offers a significant increase in quality in comparison to the
FR codec. It sounds more natural and "smoother" according to subjective test results.
36
Siemens
Speech Coding: FR, HR, EFR

Speech coding models of speech and hearing
Removal of redundant information (periodic)
Transmission of central speech information
Reduction of speech information: 64 kbit/s 13 / 5.6 kbit/s (net data rate)
Gross data rate via Um: 22.8 kbit/s
Full Rate (FR) Codec
Redundancy (channel coding)

9.8 kbit/s
GSM Ph1;
13 kbit/s
Enhanced Full Rate (EFR) Codec
GSM Ph2+;
12.2 kbit/s
Half Rate (HR)
Codec; GSM Ph2;
5.6 kbit/s
Redundancy
5.8 kbit/s
Gross data rate via Um: 11.4 kbit/s
Redundancy (channel coding)

10.6 kbit/s
HR & EFR:
improved, acoustically optimized
speech coding
HR, FR almost the

same quality
Fig. 24
37
Chapter 3
GSM PLMN
GSM PLMN
GSM PLMN
Contents
1
2
Overview
Network Elements
2
7
Siemens
GSM PLMN
Overview
GSM-PLMN
RSS
PLMN
Radio
SubSystem
fixed
network
PSTN
Public Switched
Telephone Network
ISDN
MS
Mobile
Station
BSS
NSS
Base Station
Subsystem
Network Switching
Subsystem
Integrated Services
Digital Network
PDN
OSS
Public Data
Network
Operation SubSystem
Overview
Fig. 1
GSM
PLMN
Siemens
GSM Siemens
PLMN
GSM PLMN: Subsystems

A GSM-PLMN is subdivided into the following subsystems:
l
Radio SubSystem RSS
Network Switching Subsystem NSS
Operation SubSystem OSS
Network Elements
The subsystems functions are grouped into functional units or network elements.
Functional units may be realized either as standalone Hardware HW units or
associated with other GSM functional units in one HW unit.
The Radio SubSystem RSS consists of the Mobile Stations MS and the Base
Station Subsystem BSS, which is composed of the following functional units:
l
Base Station Controller BSC
Base Transceiver Station BTS
Transcoding and Rate Adaption Unit TRAU
The Network Switching Subsystem NSS (Phase ) consists of the following

functional units:
l
Mobile services Switching Center MSC
Visitor Location Register VLR
Home Location Register HLR
Authentication Center AC
Equipment Identity Register EIR.
The Operation SubSystem OSS consists of Operation & Maintenance Centers

OMC; in the Siemens solution:
l
Operation & Maintenance Center for the Base Station Subsystem OMC-B
Operation & Maintenance Center for the Switching Subsystem OMC-S.
Siemens
GSM PLMN
GSM-PLMN
Radio
SubSystem
RSS =
Mobile
Station
MS
Base Station
+ Subsystem
BSS
BTS
BSC
OMC- B
MS =
ME + SIM
Network
Switching
Subsystem
NSS
AC
T
R
A
U
HLR
other
networks
EIR
VLR
PSTN
MSC
ISDN
OMC- S
Data
Networks
Fig. 2
GSM PLMN
Siemens
GSM Siemens
PLMN
Interfaces
The individual network elements are connected to each other for user data and/or
signaling transfer. Some of the interfaces are specified by ETSI as open interfaces,
allowing to connect equipment of different network manufacturer. Others are not
specified or "weakly" specified, so that only proprietary solutions are possible.
The following GSM Phase 1/2 interfaces are open interfaces:
l
Um: MS - BSS (Air interface)
A: MSC - BSS (BSC)
B: MSC - VLR
C: MSC - HLR
D: HLR - VLR
E: MSC - MSC
F: MSC - EIR
G: VLR - VLR.
The following interfaces are proprietary solutions:

l
Asub: BSC - TRAU
Abis: BSC - BTS
T: BSC, BTS, TRAU - Local Maintenance Terminal LMT
O: BSC - OMC-B
HLR - AC (no name)
Siemens
GSM PLMN
GSM (Phase 1/2)

Interfaces
other networks
MSC/xxx interworking interface
AC
Um
MS
A bis
A sub
TRAU
BTS
not specified
BSC
LMT
LMT
LMT
HLR
MSC
B
VLR
MSC
F
EIR
VLR
OMC - B
Fig. 3
Siemens
GSM PLMN
Network Elements
GSM-PLMN
PLMN
RSS
Radio
SubSystem
fixed
network
PSTN
Public Switched
Telephone Network
ISDN
MS
Mobile
Station
BSS
Base Station
Subsystem
NSS
Network Switching
Subsystem
Integrated Services
Digital Network
PDN
Public Data
Network
OSS
Operation SubSystem
Network Elements
Fig. 4
GSM PLMN
Siemens
GSM Siemens
PLMN

The Mobile Stations represent the mobile network components. They consist of the
Mobile Equipment ME and the Subscriber Identity Module SIM: MS = ME + SIM
The SIM card
The SIM consists of a microchip, which uses either a check card or a plate made of a
synthetic material as a carrier. Without a SIM card, the use of an MS is normally not
possible. An exception is the emergency call, which should always be possible with a
functioning ME. The SIM card carries the subscriber-related information and codes,
so that a GSM subscriber with a SIM card can use different ME. The main task of the
SIM is the storage of data: permanent and temporary administrative data as well as
data concerning security. Personal telephone lists may be stored and using the SIM
toolkit with enhanced memory space, it is possible to enable applications such as
Mobile Banking, etc.
Important stored codes are e.g.:
l
Personal Identity Number - PIN
PIN Unblocking Key - PUK
Mobile Station ISDN number - MSISDN
International Mobile Subscriber Identity - IMSI
Temporary Mobile Subscriber Identity - TMSI
Important data relating to security are, e.g.:

l
the individual key - Ki
the cipher key - Kc
the algorithms for authorization and ciphering (A3, A8).
Siemens
GSM PLMN

MS = ME + SIM
SIM card
Subscriber Identity Module:
Subscriber license
Personal Identities
(e.g.MSISDN, IMSI, TMSI, PIN,...)
Subscriber key (Ki, Kc)

Algorithms (A3, A8)
Personal phone book
SIM toolkits,...
ME:
MSISDN: Mobile Subscriber ISDN no.
IMSI: International Mobile Subscriber Identity
TMSI: Temporary Mobile Subscriber Identity
PIN: Personal Identity Number
Ki: individual key
Kc: cipher key
Mobile Equipment
Hardware & Software
for radio transmission
Cipher algorithm
Fig. 5
GSM Siemens
PLMN
GSM
PLMN
Siemens
The Mobile Equipment ME

The Mobile Equipment ME unites the tasks of many functional elements of the fixed
GSM-PLMN network.
By using the data of the SIM card, the speech is digitalized, compressed, secured
against loss of data (redundancy + interleaving), encrypted to prevent interception
and modulated onto the Radio Frequency (RF) created by the mobile station. Directly
after, the signal is amplified and transmitted.
In the opposite direction, the process runs inversely, beginning with the reception of
the radio frequency (RF).
The MS represents the counterpart to BSC, MSC, HLR, VLR and EIR as regards
signaling. As a whole, ME and SIM cards are almost a complete GSM system as
regards their functionality.
Radio transmission counterpart to

BTS, BSC & TRAU
Signaling counterpart to
BSC, MSC, HLR/AC, VLR & EIR
GSM Mobile Station
block diagram
reverse speech
conversion
speech
conversion
security check
de-interleaving
reformation
securing
interleaving
burst block formation
ciphering
de-ciphering
filtering
amplification
de-modulation
HF generation
modulation
amplification
Mobile Equipment ME
Subscriber Identity Module SIM
Fig. 6
10
GSM Siemens
PLMN
GSM PLMN
Siemens
The Base Station Subsystem BSS

The BSS consists of the following network elements:
l
BSC:
Base Station Controller
BTS:
Base Transceiver Station
TRAU:
Transcoding and Rate Adaption Unit
LMT:
Local Maintenance Terminal
The BSS architecture shall be selected to achieve maximum flexibility with regards to
the various operator requirements. All BSS components can be installed in the same
geographical location or in different locations where the transmission paths can be
used via public networks. The ability of the BSC to manage several BTSs in different
cell locations enables optimal adaptability to the traffic requirements in urban and
rural areas.
In terms of function, the main task of the BSC is the handling of the call connections
(switching), sampling of operational/maintenance information of all BSS (BSC, BTSs
and TRAUs), as well as their transfer to OMC-B. The BTS handles the radio specific
aspects.
Base Station Subsystem BSS

Architecture
BTS
BTS
TRAU
BSC
MSC
TRAU
LMT
BTS
OMC-B
Fig. 7
11
GSM Siemens
PLMN
GSM
PLMN
Siemens

The Base Station Controller BSC is, as the controlling element, the heart and center
element of the BSS.
BSC Location: between the interfaces Asub and Abis
BSC Functions:
l
switching of the user traffic between individual TRAUs and BTSs
control and monitoring of the connected TRAUs and BTSs
sampling of operation and maintenance information of BSC, TRAUs and BTSs as

well as transfer to OMC-B
evaluation of signaling information from MSC via TRAU and MS via BTS
Radio Resource Management for all connected BTSs
storage of the BSS configuration
back-up storage of the total BSS Software for fast system restart

BTS
TRAU
TRAU
Asub
Abis
TRAU
BSC
BSS
BSScontrol
control
Switched
Switchedbetween
betweenTRAU
TRAU
BTS
BTS
Radio
Resource
Management
Radio Resource Management
Collecting
Collectingerror
errormessages
messagesininBSS
BSS
Contact
to
OMC-B
Contact to OMC-B
Database
Databasestorage,
storage,SW
SWofofBSS
BSS
BTS
BTS
OMC- B
Fig. 8
12
GSM PLMN
Siemens
GSM Siemens
PLMN
Base Transceiver Station BTS

A BTS is the module which operates an individual cell and realizes the radio
interface. A BTS encompasses all applications concerning radio transmission
(sending, receiving), as well as the air interface specific signal processing. The BTS
is connected via the Abis interface with the BSC and via Um interface to the MSs.
Functions:
l
Channel coding: To protect the transmission, incoming information is provided with

parity check bits and redundancy (convolutional coding) and spread in time over
several HF bursts (interleaving).
Ciphering: After channel coding, the transmission of message information and the
subscriber data is coded to prevent illegal interception.
Burst block formation: The information is organized in blocks of a particular length

(burst blocks). A so-called training sequence is added for synchronization and
analysis of transmission quality.
Modulation: The carrier frequency is created in the 900/1800/1900 MHz range and
the information is modulated upon this carrier.
Power Control PC: Control of the power level of the BTS and MS.
Timing Advance TA: Calculation of the distance of the MSs from the BTS; the MSs
are informed of necessary transmission advance.
Frequency Hopping: a feature which enhances the reliability of information transfer
Synchronization: Providing of mobile stations with frequency and time

synchronization information.
13
Siemens
GSM PLMN

BTS
user and signaling

information
Abis
parity
bits
convolutional
coding
interleaving
channel coding
Um
max. 16 carrier/cell
ciphering
+
burst blocks
formation
HF generation
burst
multiplexing
modulation
Frequency hopping
Synchronization
(time and frequency)
Monitoring & optimization
of transmission quality
Power Control PC
Timing Advance TA
transmit
modulation
receive
Fig. 9
14
GSM
PLMN
Siemens
GSM Siemens
PLMN
Transcoding and Rate Adaptation Unit TRAU

The TRAU is used for speech compression (Transcoding) and adaptation of data to
the requirements of the air interface (Rate Adaptation). It lies between A and Asub
interface.
Functions:
l
Transcoding TC defines speech compression: compresses / decompresses the

incoming speech data from 64 kbit/s to 13 kbit/s, 12.2 or 5.6 kbit/s (embedded in
16 or 8 kbit/s channels).
Rate Adaptation RA filters out the useful data (0.3 9.6 kbit/s in Phase 1/2)
coming from the MSC (64 kbit/s) signal and forms a 16 kbit/s signal toward the
BSC
The user data are sub-multiplexed into 16 kbit/s subslots on the Asub interface
Remarks:
l
TC and RA are implemented as algorithms in the same hardware unit as the

TRAU (Siemens solution).
The TRAU is logically allocated to the BSC. Consequently, it belongs to the Base
Station Subsystem (BSS), but is generally installed at the MSC node in order to
keep line costs to a minimum.
In contrast to user information signaling information passes the TRAU

transparently.
The users information (data / speech) is embedded into 16 kbit/s channels. The
additional space is filled with proprietary inband-signaling (i.e. information, which
are directly exchanged between BTS and TRAU)
15
Siemens
GSM PLMN
TRAU
Transcoding & Rate Adaptation Unit
TRAU
B
S
C
A sub
64 64
16
64
64
64
64 kbit/s
16
64
64
64
64 kbit/s
16
64
64
64
64 kbit/s
16
64
64
64
64 kbit/s
M
S
C
64 64 kbit/s
16 16 16 16
submultiplexer
speech
speechcompression:
compression:
data
transmission:
data transmission:
signaling:
signaling:
64kbit/s
64kbit/s
13
13or
or5.6
5.6kbit/s
kbit/s++inband
inbandsignaling
signaling
"64
kbit/s"
0.3
9.6
kbit/s
+
inband
"64 kbit/s" 0.3 - 9.6 kbit/s + inbandsignaling
signaling
transparent
transparent
Fig. 10
16
GSM PLMN
Siemens
GSM Siemens
PLMN
The Network Switching Subsystem NSS

The NSS comprises the following functional elements:
l
MSC: Mobile services Switching Center
VLR: Visitor Location Register
HLR: Home Location Register
AC: Authentication Center
EIR: Equipment Identity Register
Mobile services Switching Center MSC

The MSC is concerned with the central tasks of the NSS and covers the service
areas of several BSSs. These tasks can be compared to those of an exchange in a
fixed network. These tasks are supplemented by mobile specific tasks of the subscriber administration. The MSC handles connection tasks in the PLMN, i.e. set-up of
circuit connections to the BSS, between each other and other networks (e.g. PSTN).
The MSC visited by a customer is described as a VMSC (Visited MSC). A MSC,
which represents an interface to other networks, is called GMSC (Gateway MSC).
MSCs connect the other networks with the Base Station Subsystem BSS, as well as
the other NSS units with the BSS via the signaling highways.
The MSC is a stored program controlled switching system for national and
international GSM-PLMN applications. The MSC is a switching center that carries out
all switching for the mobile stations which are actually located in the MSC area.
Other functional units of the NSS (e.g. HLR, VLR, AC,...) can be associated to the
MSC.
17
Siemens
GSM PLMN
NSS
other
MSC/VLRs
AC
Network &
Switching
Subsystem
Authentication Center
EIR
HLR
Equipment Identity
Register
Home Location
Register
VLR
Visitor Location
Register
MSC
other
networks
Mobile services
Switching Center
Fig. 11
18
GSM PLMN
Siemens
GSM Siemens
PLMN
Overview of call processing functions

The MSC follows the functions of a fixed network exchange as regards its
functionality. Consequently, varied proven call handling functions form the basis for
mobile specific supplementary services.
l
Switching of user connections
Routing functionality (path selection)
Signaling with other MSCs and external network exchanges
Evaluation of available signaling information for destination routing:
Digit translation
Legal interception
Coping with abnormal signaling conditions, e.g. loss of signaling information
Supplementary Service support
Processing of transmission path attributes, e.g. echo compensation
Call supervision
Overload protection
Control of priority calls, e.g. emergency call
Charging
Traffic measurement and traffic observation
Support of maintenance and administration functions, e.g. connection cut off, trunk
test and measurement
19
Siemens
GSM PLMN
MSC
Mobile services
Switching Center
NSS
NSSheart
heart&&center
center
Nodes
Nodesbetween
betweenNSS
NSSregisters,
registers,BSS,
BSS,
other
MSCs
and
external
other MSCs and externalnetworks
networks
Serves
Servesseveral
severalBSS
BSS(BSC)
(BSC)
Set-up
&
switching
Set-up & switchingofofuser
usertraffic
traffic&&signaling
signaling
Always
associated
with
VLR
Always associated with VLR
Association
Associationwith
withHLR/AC
HLR/ACand
andEIR
EIRpossible
possible
Gateway
MSC:
Gateway
to
external
Gateway MSC: Gateway to externalnetworks
networks
Visited
VisitedMSC:
MSC:MSC
MSCserving
servingcertain
certainMS
MS
call processing functions

(similar to fixed network exchange)
mobile communication specific functions
Fig. 12
20
GSM Siemens
PLMN
GSM
PLMN
Siemens
Mobile specific functions

Additional to normal fixed network exchanges, the MSC has many mobile specific
functions due to the users mobility.
Mobile specific functions are for example:
l
Signaling with BSC, MS & NSS databases (EIR, HLR, VLR)
Processing of mobile-specific services
Mobility Management, e.g. Paging, Inter-MSC Handover, Location Update,...
Overload handling, e.g. OACSU
Interworking Function for data services
Mobile specific Announcements
...
MSC
Mobile services
Switching Center
call processing functions

(similar to fixed network exchange)
Set-up of signaling / user connections
Signaling evaluation
destination determination
Connection path selection
Processing of abnormal
signaling information
Supplementary Service support
Call monitoring
Traffic monitoring & measurement
Overload protection
Billing
Priority control (e.g. emergency call)
Support of O&M functions
mobile specific functions

Signaling with BSC, MS & NSS databases
Processing of mobile-specific services
Mobility Management,
e.g. Paging, Inter-MSC Handover, Location Update,...
Overload handling, e.g. OACSU

Interworking Function for data services
Mobile specific announcements
Fig. 13
21
GSM
PLMN
Siemens
GSM Siemens
PLMN

The Visitor Location Register VLR is responsible to aid the MSC with information on
the subscriber, which are temporarily in the MSC service area. Therefor, in praxis it is
always associated with an MSC.
The VLR request the subscriber data of user with activated MS on the MSC service
area from the HLR and stores them temporarily. Temporarily means as long as the
subscriber is not registered in a new MSC/VLR, even if he deactivated the MS.
Additional to the semipermanent subscriber data received from the HLR the VLR
stores temporary data, e.g. information on the subscribers current location (the
Location Area), the state of activation (Attached / Detached),...
Furthermore, the VLR is responsible for the initiation of security functions, e.g. the
Authentication procedure, the start of ciphering and the TMSI re-allocation.
Examples of subscriber data in the VLR:
l
MSISDN: Mobile Subscriber ISDN number
HON: Handover Number
LMSI: Local Mobile Subscriber Identity
MSRN: Mobile Station Roaming Number
Triples (Authorization parameters )
....
22
Siemens
GSM PLMN
MSC
Mobile services
Switching Center
VLR
Visitor Location Register
Tasks:
Subscriber management in MSC area
Associated with MSC
Authentication co-ordination
commands start of ciphering
Subscriber data:
Subscriber data from HLR (MSISDN, IMSI,
services (BS, TS, SS), service restrictions,..)
Temporary subscriber information (LMSI, TMSI, LAI,
IMSI attach/detach, MSRN, HON, triples,...)
Entries valid until re-registration in another VLR!
Fig. 14
23
GSM PLMN
Siemens
GSM Siemens
PLMN

The Home Location Register HLR is the main data base of the mobile subscriber.
The subscription of a user / his subscription data is stored in one HLR only. There
may be one or more HLRs in a GSM PLMN.
The HLR is always associated with an Authentication Center AC.
The HLR performs the following important tasks:
l
It sends all necessary data to the VLR.
It supports the call setup in case of Mobile Terminating Calls MTC by sending
routing information to the Gateway MSC (Interrogation).
It transmits the Triples from AC to VLR on request
An HLR contains different semi-permanent mobile subscriber data, e.g.:

l
MSISDN: Mobile Station International ISDN number
Bearer Services BS
Tele Services TS
Supplementary Services SS
Restrictions
An HLR contains different temporary information of the mobile subscriber, e.g.:

l
VLR address
Local Mobile Subscriber Identity LMSI
Mobile Station Roaming Number MSRN
SMS flags
24
Siemens
GSM PLMN
AC
Tasks:
Security data storage (Ki)
Generation of triples (VLR request)
Associated with HLR
Data / algorithms:
Ki, IMSI, A3, A8
HLR
Home Location Register
Tasks:
Central storage/management of subscriber data
Delivery of data to VLR
Routing information at MTC
Associated with AC
Subscriber data:
Semipermanent data: MSISDN, IMSI,
services (BS, TS & SS), service restrictions,...
Temporary subscriber information: VLR address,
LMSI, MSRN, SMS flags,...
Fig. 15
25
GSM PLMN
Siemens
GSM Siemens
PLMN
Authentication Center AC
An Authentication Center AC contains all necessary means, keys and algorithms for
the creation of security related authorization parameters, the so-called Triples. The
Triples are created on VLR request and delivered via HLR to the VLR. An AC is
always associated with an HLR.
Central information contained in the AC are:
l
Ki: Individual Key (top secret mobile subscriber identity)
Algorithms for authentication and encryption: A3, A8.
Equipment Identity Register EIR

The Equipment Identity Register EIR contains the Mobile Equipment identity: the
International Mobile Equipment Identity IMEI. An IMEI clearly identifies a unique
Mobile Equipment ME and contains information about the place of manufacture,
device type and the serial number of the equipment.
EIR are an optional feature in GSM. They have been defined by ETSI to enable theft
prophylaxis. They carry out equipment identification functions: monitoring of stolen or
not allowed MEs.
There are three validity lists in EIRs: "white", "gray" and "black" lists for valid, to be
observed and to be blocked equipment.
A Common EIR (CEIR) in Dublin (Ireland) enables the world-wide identification of
stolen mobile equipment.
26
Siemens
GSM PLMN
CEIR
Common EIR
site: Dublin
Tasks:
Central, worldwide ME register
Worldwide ME theft prevention
EIR
Equipment Identity Register
Tasks:
Storage of ME data (IMEI)
Monitoring of IMEI: "white", "gray", "black" list
ME data:
IMEI = International Mobile Equipment Identity
= Type Approval Code TAC
+ Final Assembly Code FAC (manufacture site)
+ Serial Number SNR (device serial number)
+ Software Version Number SVR
Fig. 16
27
GSM PLMN
Siemens
GSM Siemens
PLMN
GSM Phase 2+: GPRS

For the introduction of GPRS the GSM PLMN has to be enhanced by:
l
Gateway GPRS Support Node GGSN
Serving GPRS Support Node SGSN
Packet Control Unit PCU
Channel Codec Unit CCU
HLR Extension
GPRS MS
Serving GPRS Support Node tasks:

l
serves all GPRS-MS in SGSN area
Routing / Traffic-Management
Mobility Management functions,
e.g. Location Update, Attach, Paging,..
storing Location information
Security & Access Control
collecting charging data
signaling with HLR, EIR, GGSN, MSC
Gateway GPRS Support Node GGSN tasks:

l
Gateway to PDNs
Protocol conversion
Routing / Traffic Management
Screening / Filtering
Packet Control Unit PCU tasks:

l
protocol conversion
radio resource management
The Channel Codec Unit CCU enables to transmit using the new Coding Schemes
CS-1, CS-2, CS-3 and CS-4.
The HLR has to be extended to include the new type of GPRS subscriber data.
28
Siemens
GSM PLMN
GSM Phase 2+: GPRS

HLR Extension::
Channel Codec Unit CCU:
GPRS subscriber data

(GPRS Register GR)
BTS-SW upgrade for new

Coding Schemes CS-1... CS-4
Mobile
DTE
CCU
VMSC /
VLR
BSS
HLR
PCU
Gb
extension
Gr
SGSN
Packet Control Unit PCU:
protocol conversion
PSTN
ISDN
GMSC
GGSN
Gn
Serving GPRS
Support Node
Gi
Gateway GPRS
Support Node
SGSN:
GGSN:
serves all GPRS-MS in SGSN area

Mobility Management functions,
e.g. Location Update, Attach, Paging,..
storing Location information
Security & Access Control
signaling with HLR, EIR, GGSN, MSC,..
Gateway to PDNs
Protocol conversion
Routing / Traffic Management
Internet
Intranet
X.25
For simplicity not all GPRS interfaces are shown
Fig. 17
29
GSM
PLMN
Siemens
GSM Siemens
PLMN

The Operation SubSystem OSS undertakes operation and maintenance tasks. The
functions of the network/ network elements may be centrally monitored and (remote)
controlled by the OSS. The control/operation & maintenance locally at each Network
Element NE (hardware implementation of functional elements) as local operation and
maintenance is distinguished by the central, remote-controlled functionality of the
OSS.
The functions of the OSS are performed by so-called Operation & Maintenance
Centers OMC. Depending on the manufacturer, there is sometimes spatial separation
between the operation & maintenance of BSS and NSS (Siemens: OMC-B and OMCS).
Important functions of the OSS:
l
Management and commercial operation (subscriber, mobile equipment, billing)
Sampling of information on network loads (statistical survey) for network

reorganization / optimization
Security management
Network configuration
Remote operation of network elements
Quality checks
Preparation of maintenance work
30
Siemens
GSM PLMN
OSS
Operation SubSystem
EIR
MSC/VLR
HLR/
AC
NSS
OMC
MSC/VLR
WS
Operation & Maintenance Center

Subscriber and equipment data
management
e.g. clearing services, bills
Network operation, configuration

& management
TRAU
Collecting network load information

& compiling statistics
BSC
BSS
BTS
Error detection & correction

Security management
Performance control
Fig. 18
31
GSM Siemens
PLMN
GSM PLMN
Siemens
Telecommunication Management Network TMN

CCITT guidelines for Telecommunication Management Network TMN (CCITT M.30)
designate the OSS as a telecommunication management system.
Seen from TMN level, the GMS-PLMN consists of a certain number of Network
Elements NE.
The TMN configuration of PLMN is ordered hierarchically into three levels:
l
the lowest level is displayed by a large number of network elements NE of the

PLMN
the middle level is realized by a certain number of regional Operation &

Maintenance Centers OMC
the highest level is represented by operation systems, such as network

management system, administration management, charging system, national
OMC, etc.
OSS
Telecommunication
Management System
according to
TMN
Operating systems
national
OMCs,
administration, billing,
network management system,..
regional
OMCs
Network Elements NEs
TMN: Telecommunication Management Network
Fig. 19
32
Chapter 4
Procedures
Procedures
Procedures
Contents
1
2
3
4
Codes & Identities

GSM Security Features
Location Update
Call Setup / Call Handling
2
8
19
24
Siemens
Procedures
Codes & Identities

Procedures
CGI
MCC
MNC
LAC
CI
LAI
IMSI
MCC
HLR-ID
MSISDN
CC
MNC
X1
X2
NDC
MSIN
X3
X4
X5
X6
X7
X8
SN
Codes & Identities

Fig. 1
Procedures
Siemens
Siemens
Procedures
GSM Service Areas & Codes

The GSM system is hierarchically ordered into service areas. To identify and address
a certain service areas codes are used.
International GSM Service Area
The international GSM service area is the sum of areas being served by GSM
networks. A GSM subscriber may use all these GSM networks if his HPLMN has
Roaming Agreements with the VPLMN and his ME supports the corresponding
frequency range (GSM900 / GSM1800 / GSM1900).
National GSM Service Area
A national GSM service area contains one or more GSM-PLMN. The PLMN of
different operators may supplement one another or overlap each other.
The following codes are important to identify a national GSM service area:
l
Mobile Country Code MCC: The MCC consists of 3 digits; it is used e.g. for the
International Mobile Subscriber Identity IMSI ,Location Area Identity LAI and Cell
Global Identity CGI.
Country Code CC: The CC is the dialing code of the country in which the mobile
subscriber is registered. The CC consists of 2 or 3 digits and is used e.g. in the
Mobile Subscriber International ISDN number.
PLMN Service Area

A PLMN service area is administered by an operator. Several PLMN service areas
can overlap within a country. Thus the individual PLMNs must have a clear
identification:
l
Mobile Network Code MNC: The MNC is the mobile specific PLMN identification;
it consists of 2 digits. The MNC is used in IMSI, LAI, CGI.
National Destination Code NDC: NDCs identify the dialing code of a PLMN; it
consist of 3 digits. The NDC is used in MSISDN.
Network Color Code NCC: The NCC is a PLMN discrimination code that is not
unambiguous. It is used as short identity (length: 3 bits) of a particular PLMN in
overlapping PLMN areas or in border regions; it is used e.g. in the Base Station
Identity Code BSIC.
Siemens
Procedures
Hierarchy
of GSM
Service Areas
/ Codes
Service
Area
Codes
International
MCC: Mobile Country Code

e.g.: Aus 505, D 262, Lux 270
National
CC: Country Code

e.g.: F 33, D 49, Lux 352
MNC: Mobile Network Code
PLMN
1 Operator
e.g.: D1 01, D2 02, Eplus 03
NDC: National Destination Code

e.g.: D1 171, D2 172, Eplus 177
MSC / SGSN
MCC:
CC:
MNC:
NDC:
NCC:
LAC:
LAI:
CI:
CGI:
Mobile Country Code

Country Code
Mobile Network Code
National Destination Code
Network Colour Code
Location Area Code
Location Area Identity
Cell Identity
Cell Global Identity
Location Area LA
Cell
Switch
MSC-Identity
LAC: Location Area Code
LA1
LA2
LAI: Location Area Identity
CI: Cell Identity

CGI: Cell Global Identity
Fig. 2
Procedures
Siemens
Siemens
Procedures
MSC/VLR Service Area

GSM-PLMN are subdivided into one or more MSC/VLR service areas. An attached
mobile subscriber is registered in the VLR, which is associated to his Visited MSC.
The MSC/VLR Id. is stored in the HLR, so that an MTC is possible.
Location Area LA
The LA is (in classical GSM) is stored as the most precise information of the
(attached) subscribers current location. This information is stored in the VLR
associated to the VMSC. If the MS turns from one LA to another, a Location Update
Procedure is necessary. The size of a LA is configured by the operator according to
the traffic or population density and the behavior of the mobile subscriber. A Location
Area can encompass one or more radio cells that are controlled by one or more BSC,
but never belong to different MSC areas. Location Area identities are:
l
Location Area Code LAC: The LAC serves to identify a LA within a GSM-PLMN.
The LAC length is 2 bytes.
Location Area Identity LAI = MCC + MNC + LAC; the LAI serves as an
unambiguous international identification of a location area.
BTS Service Area: the Cell

The cell is the smallest unit in the GSM-PLMN. A defined quality of the received
signal must be guaranteed within a cell. If a MS leaves the range of a cell during a
connection, a handover to the next cell is initiated. Cell identifications are:
l
Cell Identity CI: The CI allows identification of a cell within a location area. The CI
length is 2 bytes.
Cell Global Identity CGI = MCC + MNC + LAC + CI = LAI + CI; the CGI
represents an international unambiguous identification of a cell.
Base Transceiver Station Identity Code BSIC = NCC + BCC (Base Station Color
Code); The BSIC represents a non-unambiguous short identification (NCC: 3 bit;
BCC: 3 bit) of a cell. The BSIC is emitted at a regular rate by the BTS. It enables
the MS to differentiate between different surrounding cells and to identify the
requested cell in a random access.
Siemens
Procedures
National &
PLMN Codes
Example*:
Germany
CC = 49
MCC = 262
D1
NDC = 171
MNC = 01
Telekom
D2
Subscriber Identities
Mannesmann
IMSI
International Mobile Subscriber Identity
MCC
HLR-ID
MSIN
MNC
X1
X2
NDC = 172
MNC = 02
Eplus
Mobile Subscriber Id. No.
X3
X4
X5
X6
X7
X8
NDC = 177
MNC = 03
E2
MSISDN
Viag Intercom
Mobile Subscriber ISDN Number
CC
NDC
NDC = 178
MNC = 04
SN
Subscriber Number
* This figure has just an illustrative purpose

and does not reflect the actual MSC areas
of any German PLMN operator.
Fig. 3
Siemens
Procedures
Subscriber Identities:
l
International Mobile Subscriber Identity IMSI = MCC + MNC + MSIN (Mobile

Subscriber Identification Number); IMSI length = 3 + 2 + 10 digits. The IMSI is the
unique identity of a GSM subscriber. It is used for signaling and normally not
known to the subscriber. Often die first two MSIN digits are taken to specify the
users HLR in the PLMN (operator dependent).
Mobile Subscriber ISDN number MSISDN = CC + NDC + SN. MSISDN length: 2

/ 3 + 3 + max. 7 digits = max. 12 digits. The MSISDN is "the users telephone
number". A user has one IMSI (with one contract), but he can have different
MSISDN (e.g. for fax, phone,..).
Temporary Mobile Subscriber Identity TMSI: The TMSI is generated by the VLR
and temporarily allocated to one MS. It is only valid in this MSC/VLR service.
When changing to a new MSC area, a new TMSI has to be allocated. The TMSI
consists of a TMSI Code TIC with length 4 bytes. Often the TMSI is used together
with the LAI.
Principle:
MSC, Location
& Cell Area
MSC / VLR
MSC / VLR
MSC / VLR
Identifier:
MSC / VLR - Identity
LAI = MCC + MNC + LAC
CGI = LAI + CI
MCC
MNC
LAC
LA
Cell
LA
Cell
MSC / VLR
LA
MSC / VLR
CI
LA
LA
LAI
Fig. 4
Siemens
Procedures

Procedures
Security Features:
Authentication
Ciphering
TMSI allocation
IMEI check

Fig. 5
Siemens
Procedures
Procedures
Siemens
Security Features
In GSM the security of a mobile subscriber is ensured by several features.
l
Authentication: protects the network operator and mobile subscriber against

unauthorized network use.
Ciphering: is used to prevent eavesdropping of radio communications.
Temporary Mobile Subscriber Identity TMSI allocation: protects the

subscribers identity in the initial access phase, where no ciphering is possible.
IMEI check: prevents the usage of stolen/non-authorized mobile equipment.
Security aspects are described in the GSM Recommendations:

l
02.09:
Security Aspects"
02.17:
"Subscriber Identity Modules"
03.20:
"Security Related Network Functions"
03.21:
"Security Related Algorithm"
Prerequisites for Authentication and Ciphering

For authentication and ciphering, the Authentication Center AC and the SIM card are
important; they store the following data:
l
IMSI (International Mobile Subscriber Identity)
Ki (Individual Key)
A3, A8: Algorithms for the creation of authentication and ciphering parameters
Furthermore, for ciphering the algorithm A5 is stored in the Mobile Equipment. This
algorithm can be found in the BTS, too.
Siemens
Procedures
MSC / VLR
IMEI
NSS
BTS
ME
IMSI
Ki
A3, A8
EIR
HLR
IMEI
A5
Prerequisites
for Authentication
& Ciphering
AC
BSS
SIM
Fig. 6
10
Siemens
Procedures
Triples
The triples are parameters, which are necessary for authentication and ciphering.
They are produced in the Authentication Center AC and consist of:
l
RAND (RANDom number)
SRES (Signed RESponse): the reference value for the authentication
Kc (Cipher Key): key necessary for ciphering.
The calculation of a triple in the AC occurs in the following manner:

l
For the subscriber with a particular IMSI the reference value of authentication
SRES is calculated by the algorithm A3 from the users individual key Ki and the
random number RAND produced by a random number generator.
The cipher key Kc is calculated by the algorithm A8 from the individual key Ki and
the random number RAND.
RAND, Kc and SRES make together a complete triple.
At the request of the VLR, several triples are generated for each mobile subscriber in
the AC and transferred to the VLR via the HLR on request.
Remark: The individual key Ki is only stored in the AC and the SIM card. Different to
the IMSI and the triples, it is never transmitted through the network. For all signaling
procedures the users IMSI is used.
Triples
A3(Ki, RAND) = SRES
Calculation
A8(Ki, RAND) = Kc
Ki
Random
Number
Generator
RAND
RAND
IMSI
Database
Algorithm
A3
Algorithm
A8
SRES
Kc
SRES
Triple
AC
Authentication
Center
Kc
RAND = RANDom number
SRES = Signed RESponse
Kc
= Cipher Key
Fig. 7
11
Procedures
Siemens
Siemens
Procedures
Authentication
The authentication checks the real identity of a user, i.e. his authorization to take
access to the network. Actually it is checked, whether the secret individual Key Ki
stored on the SIM card is identically to the one stored for this user in the
Authentication Center or not. The authentication procedure is or can be initiated by
the VLR in the following cases:
l
IMSI Attach
Location Registration
Location update with VLR change
call setup (MOC, MTC)
activation of connectionless supplementary services
Short Message Service (SMS)
Authentication Procedure
1. the VLR recognizes the need for an authentication; in the case, that no / no more
Triples are available in the VLR it requests a set of Triples from the HLR
2. the Triples are generated in the AC (see above) and sent via HLR to the VLR
3. the VLR sends the RAND to the MS; the SIM card calculates the SRES using Ki,
A3 and RAND (see above)
4. the MS sends the SRES back to the VLR; the VLR compares the SRES in the
triple with the SRES calculated by the MS; if they coincide, the network access
will be authorized and the general procedure will continue, otherwise
5. the access will be refused and the "Authentication Refused" message will be sent
to the MS
12
Siemens
Procedures
Authentication
MS
Um
with:
Location Registration LR
LUP with VLR change
Call Setup: MOC / MTC / SMS
Activation of connectionless supplementary services
BSS
MSC
VLR
HLR/AC
*1
requests
triples
2
3
3
3
sends RAND
sends SRES
4
5
sends triples
sends
Authentication
refused"
coincidence
check
*2
*1 only if no more Triples
available in VLR
*2 only if coincidence
check negative
Fig. 8
13
Procedures
Siemens
Siemens
Procedures
Ciphering
Ciphering regards the security aspects of the information exchange between the
Mobile Station (MS) and the Base Station (BTS) on the air interface Um. User
information (speech/data) and signaling information are ciphered via air interface Um
(UL & DL). An exception is given by the initial signaling, before the cipher command
is sent from the network side. At initial signaling data exchange ciphering is not
possible, because the users identities are necessary prerequisite for the generation
of ciphering parameters. The cipher command is given after transmission of the user
identity (TMSI / IMSI) and the authentication procedure. Ciphering / Deciphering is
carried out in the BTS and in the MS.
The GSM Recommendation (02.16) of Phase 2 states that up to 8 logically different
encryption algorithms (incl. "no ciphering") should be used. The reason for this is the
intention
a) to assign different algorithms to different countries and
b) to provide MS, which do not use the A5-1 algorithm, with the possibility of
roaming in different GSM-PLMN networks.
Currently 3 algorithms are defined:
l
A5-0: no ciphering for COCOM countries
A5-1: "strict" cipher algorithm (originally MoU algorithm) for MoU-1 countries , A51comes from GB; due to military origin (NATO), high security arrangements are to
be regarded
A5-2: "simplified" cipher algorithm for MoU-2 countries (without COCOM

countries);
Remark: A5-0 is implemented in every MS and every BTS to enable access of every
MS in every network. Additionally A5-1 or A5-2 can be implemented.
14
Siemens
Procedures
Ciphering
Prevents eavesdropping in Um
Application in user information and signalling
Exception: initial signalling
MS
Cipher command
BTS
ciphered information
A5
A5
Rec.
Rec.02.16:
02.16:max.
max.88cipher
cipheralgorithms
algorithms
A5-0:
A5-0: no
nociphering;
ciphering;COCOM
COCOMcountries
countries
A5-1:
"strict"
ciphering;
MoU-1
A5-1:
"strict" ciphering; MoU-1countries
countries
A5-2:
"simple"
ciphering;
MoU-2
A5-2:
"simple" ciphering; MoU-2countries
countries(except
(exceptCOCOM)
COCOM)
Fig. 9
15
Siemens
Procedures
Ciphering process
Transmitter/receiver must use the same cipher algorithms.
In order to handle ciphering individually for every user, the individual key Ki (stored in
the SIM card and the AC) is used.
The cipher key Kc is transmitted after ciphering from the VLR to the BTS. The MS is
able to calculate Kc (after receiving RAND in the authentication procedure) by
algorithm A8 from RAND and Ki.
A 114 bit long cipher sequence is calculated using the cipher algorithm A5, the cipher
key Kc and the TDMA frame number (broadcasted cyclically by every BTS over the
cell area).
The speech, data and signaling information are ciphered / deciphered in 114 bit long
sequences being connected in a so-called "eXclusive OR" XOR operation.
Deciphering follows exactly the same scheme as ciphering, as the XOR operation
yields the original values after double application of XOR (using the same cipher
sequence).
To start ciphering, the network sends a cipher start command, which has to be
acknowledged by the MS (being the first ciphered information).
plain text
Ciphering
& Authentication
XOR
0 1 0 0 1 0 1 1 1 0 0 1...
cipher sequence 0 0 1 0 1 1 0 0 1 1 1 0...

ciphered text
XOR
0 1 1 0 0 1 1 1 0 1 1 1...
cipher sequence 0 0 1 0 1 1 0 0 1 1 1 0...

plain text
0 1 0 0 1 0 1 1 1 0 0 1...
Um
encoded
transmission !
ME:
A5
SIM:
A3, A8,
Ki, IMSI
RAND
BTS:
A5
SRES
SRES
MS
VLR:
RAND, Kc IMSI
Triples
Triples:
RAND,
SRES, Kc
AC:
A3, A8,
IMSI,Ki
BTS
VLR
AC
Authentication:
Ciphering:
Authentication:
A3(Ki, RAND) = SRES
A5(Kc,TDMA-No.) = CS
text XOR CS = ciphered text
SRES comparison
Authentication
& ciphering:
Ciphering:
A8(Ki, RAND) = Kc
A5(Kc,TDMA-No.) = CS
text XOR CS = ciphered text
generates RAND
A3(Ki, RAND) = SRES
A8(Ki, RAND) = Kc
CS: cipher sequence
Fig. 10
16
Siemens
Procedures
TMSI Allocation
Ciphering protects the user from being eavesdropped. However, the ciphering with
Kc requires that the network is aware of the identity of the mobile subscriber with
whom it is in contact. Thus, during the initial phase of communication setup, when the
identity of the mobile subscriber is still unknown, the transmitted signaling information
can not be ciphered. During this phase a third party may identify a subscriber and the
desired service.
In order to protect the identity of the subscriber in this phase, a temporary
identification of the subscriber is distributed: the Temporary Mobile Subscriber
Identity TMSI.
The TMSI is used instead of the real user identity, the International Mobile Subscriber
Identity IMSI. This TMSI is allocated by the VLR, which is associated to the VMSC.
The MS usually identifies itself with the TMSI in the initial access phase to the VLR.
The VLR uses this TMSI to re-identify the IMSI. This is only possible if the TMSI has
been allocated by the same VLR. If not, the VLR has to request the VLR, which has
allocated the TMSI to the MS, to deliver the IMSI. Therefore, the TMSI is in most
cases transmitted together with the old LAI, which identifies uniquely a VLR. The
request VLR - VLR is only possible, if both VLR belong to the same PLMN.
Therefore, the IMSI has to be transmitted via Um at the first registration in a new
PLMN and obviously at the very first usage of the SIM card (i.e. in the case of
Location Registrations).
A new TMSI (TMSI re-allocation) can optionally be allocated to the MS after every
authentication & cipher start (and the optional IMEI check).
TMSI
Allocation
sends
MS
TMSI
= LAI + TIC
Network
Networkrequires
requiressubscriber
subscriberId.
Id.for
forcall
callsetup
setup
Id.
necessary
for
triples
calculation
Id. necessary for triples calculation
Start
Startofoftransmission
transmissionofofId.
Id.uncoded
uncoded
TMSI
prevents
eavesdropping
TMSI prevents eavesdroppingofofsubscriber
subscriberId.
Id.(IMSI)
(IMSI)
New
TMSI
with
VLR
change
&
usually
at
call
setup
New TMSI with VLR change & usually at call setup
BSS
MSC
TMSI
Authentication
Ciphering
stores
new
TMSI
new
TMSI
VLR
TMSI
determines
IMSI from
TMSI
IMSI
Triples
HLR/
AC
IMSI
Ki
Triples
assigns
new
TMSI
For
ForLA
LAchange
changewith
withMSC/VLR
MSC/VLRchange:
change:
New
VLR
identifies
old
VLR
by
TMSI
New VLR identifies old VLR by TMSI
Subscriber
Subscriberdata:
data:query
queryofofold
oldVLR
VLR
Fig. 11
17
Siemens
Procedures
IMEI Check
In contrast to the other security mechanism authentication, ciphering and TMSI
allocation, the check of the International Mobile Equipment Identity IMEI is optional. It
depends on the operators decision whether a EIR is implemented and IMEI checks
are done.
IMEI check serves to identify stolen, expired or faulty mobile equipment. A IMEI
clearly identifies a particular mobile device and contains information about the place
of manufacture, type approval code and the serial number of the equipment.
The IMEI consists of: Type Approval Code TAC, Final Assembly Code FAC, Serial
Number SNR and a Software Version Number SVN.
If a IMEI check in the PLMN is intended, the Mobile Station MS will be requested to
submit the IMEI during call setup after authentication and cipher command. The MS
sends back its IMEI. The IMEI is routed to the EIR of the PLMN. A check occurs here
to find out whether the IMEI is registered on the black or gray list, i.e. whether the MS
is blocked from further use of the PLMN, or whether it has to be observed.
IMEI Check
Recognise
Recognisestolen,
stolen,expired
expiredand
andfaulty
faultyMEs
MEs
TAC
Type Approval Code
FAC
24 Bit
MS
ME
identified
by
IMEI
SNR
Final Assembly Code Serial Number

8 Bit
BSS
authentication
ciphering
IDENT_REQ
IDENT_RSP
SVN
Software Version Number
24 Bit
(spare) 4 Bit
MSC/VLR
EIR
Initiates
authentication
Ciphering
Initiates
IMEI Request
(Identity Request)
Checking
IMEI
(white, grey
or black list)
IMEI
Fig. 12
18
Siemens
Procedures
Location Update
Procedures
request
Location Update
MS
BTS
Location Update
Fig. 13
19
Procedures
Siemens
Siemens
Procedures
Location Registration / Location Update

Information of the current location of a mobile subscriber are necessary to built up a
connection to the subscriber, i.e. to start a Mobile Terminating Call MTC. To keep
track of the users current location the Location Registration / Update procedures are
used. Always the MS is responsible to initiate this Location Registration /
Update procedures. It informs the network on its current Location Area. The
Location Area information is stored in the currently responsible VLR. The identity of
this VLR is stored in the users HLR.
If a MS is "new" in a PLMN a Location Registration is performed. "New" is defined as
the very first usage of a SIM card or a first access after changing the PLMN.
In case of a Location Registration the network needs the IMSI of the MS, because
either no TMSI has been allocated before to the MS (in case of first SIM usage) or it
is impossible to regenerate the IMSI from the TMSI, because the new VLR is not able
to get into contact with the old VLR (e.g. in case of PLMN changes). After Location
Registration, in the following Location Updates are used to update the location
information in the PLMN. In a Location Update only the TMSI is transmitted via Um.
There are three reasons to perform a Location Update Procedure LUP:
l
Location Update with "IMSI Attach": If a MS is switched on / off, the network is

informed about the change of the current MS state, i.e. whether to be reachable or
not. Therefore, when being switched on / off, the MS performs an "IMSI Attach" /
"IMSI Detach" procedure. The information whether the MS is Attached / Detached
is stored in the VLR. If an "IMSI Attach is performed it is connected with a LUP.
Normal Location Update: Normally a LUP is performed after the MS has

recognized that it has crossed the boarder between two different Location Areas.
The MS is able to recognize the LA change, because it always listens around to
the broadcast information of all cells in its environment, which include the CGI
(and so the LAI). If the LAI of the strongest cell changes, a LUP is performed.
Periodical Location Update: A periodic LUP is initiated by a MS at regular

intervals. If the VLR does not receive the LUP after a certain time, a "Mobile
Station not reachable" flag is set.
The LUP is not performed during the duration of a connection. In this case, the LUP
is performed after call release.
20
Siemens
Procedures
Location
Registration/
Update
Location Registration: initial MS registration in PLMN

Location Update
no LU during connection!
BCCH:
CGI =
26205A64B...
LAI =
2620533
request
Location Update
MS
BTS
3 types of Location Update:

normal
periodic
with IMSI attach
Fig. 14
21
Siemens
Procedures
Location Update Procedure LUP without change of the MSC area

1. The MS recognizes that the LAI has changed. It requests a LUP, identifying itself
with the TMSI or IMSI. The request and the identity are forwarded to the VLR.
2. The VLR re-identifies the IMSI from the TMSI. If no / no more Triples are
available in the VLR, it requests triples from the AC via the HLR.
3. The AC generates a set of Triples and delivers them via HLR to the VLR.
4. The VLR stores the Triples and initiates the Authentication, then gives the cipher
start command and initiates an IMEI check (optional).
5. If the Authentication, cipher start and IMEI check are successful, the VLR needs
for call setups the subscriber data. In case of a LR, they are have not been
stored before in the VLR and so they have to be requested from the HLR.
Together with this request, the VLR delivers its identity and the information,
where this subscriber is stored in the VLR, i.e. the Local Mobile Subscriber
Identity, to the VLR.
6. The HLR stores the VLR identity and LMSI and transmits the requested
subscriber data to the VLR.
7. The VLR stores the subscriber data and assigns a TMSI (LR: mandatory) or a
new TMSI (LUP: only with MSC/VLR change) to the MS. This TMSI is transmitted
together with the VLRs acknowledgement, that the LUP has been successful, to
the MS. There, the new TMSI and LAI are stored on the SIM card.
Location Update LUP

MS
BSS
1
MSC
1
VLR
HLR/AC
requests LUP,
LR: IMSI
LUP: TMSI
2
*1
requests triples
3
triples
authentication, ciphering, (IMEI check)
requests
subscriber data;
sends VLR-Id.
& LMSI
6
7
7
7
sends TMSI =
LAI + TIC
sends data

available in VLR
Fig. 15
22
Siemens
Procedures
Location Update Procedure LUP with VLR change
1. The MS recognizes that the LAI has changed. It requests a LUP, identifying itself
with the TMSI. The request and the identity (TMSI in combination with the old
LAI) are forwarded to the new VLR.
2. The new VLR receives the TMSI and LAI. It recognizes from the LAI, that the
TMSI has been allocated by another VLR (old VLR). Thus, the VLR is not able to
re-identify the IMSI from the TMSI and has no chance to request the subscriber
data from the HLR. Therefor, the new VLR calculates the address of the old VLR
from the LAI and transmits the TMSI to the old VLR and requests it to deliver the
users IMSI. The old VLR delivers the IMSI and the remaining Triples to the new
VLR. Remark: If this step 2 is not possible (e.g. line break between old and new
VLR) the new VLR commands the MS to transmit the IMSI directly.
3. The new VLR uses the IMSI to calculate the users HLR. The new VLR transmit
its identity and LMSI to the HLR and requests the HLR to deliver the subscriber
data and, if necessary, a set of Triples.
4. The HLR stores the new VLRs identity and LMSI, confirms the information,
supplies the subscriber data and, if necessary, the Triples.
5. The HLR informs the old VLR to erase the stored data set of this subscriber.
6. The VLR now starts authentication, ciphering and (optionally) IMEI check.
7. The VLR allocates a new TMSI to the MS.
Location Update Procedure LUP

incl. MSC - VLR change
old
VLR
HLR
AC
3
4
new
VLR
7
MSC
MSC
7
BSS
BSS
Um
LA change
with MSC / VLR change
Fig. 16
23
Siemens
Procedures
Call Setup / Call Handling

Procedures
MOC
MS starts network access
(PLMN, ISDN, PSTN)
MTC
MS is contacted
MMC
MS1 starts network access
MS2 is contacted
MIC
Special case MMC:
both MSs in same MSC area
Call Setup
Fig. 17
24
Procedures
Siemens
Siemens
Procedures
Call Setup
Different procedures are necessary depending on the initiating and terminating party:
l
Mobile Originating Call MOC: Call setup, which are initiated by an MS
Mobile Terminating Call MTC: Call setup, where an MS is the called party
Mobile Mobile Call MMC: Call setup between two mobile subscribers; MMC thus
consists of the execution of a MOC and a MTC one after the other.
Mobile Internal Call MIC: a special case of MMC; both MSs are in the same MSC
area, possibly even in the same cell.
Mobile Originating Call MOC

1. Channel Request: The MS requests for the allocation of a dedicated signaling
channel to perform the call setup.
2. After allocation of a signaling channel the request for MOC call setup, included
the TMSI (IMSI) and the last LAI, is forwarded to the VLR
3. The VLR requests the AC via HLR for Triples (if necessary).
4. The VLR initiates Authentication, Cipher start, IMEI check (optional) and TMSI
Re-allocation (optional).
5. If all this procedures have been successful, MS sends the Setup information
(number of requested subscriber and detailed service description) to the MSC.
6. The MSC requests the VLR to check from the subscriber data whether the
requested service an number can be handled (or if there are restrictions which do
not allow further proceeding of the call setup)
7. If the VLR indicates that the call should be proceeded, the MSC commands the
BSC to assign a Traffic Channel (i.e. resources for speech data transmission) to
the MS
8. The BSC assigns a Traffic Channel TCH to the MS
9. The MSC sets up the connection to requested number (called party).
Remark: This MOC as well as the MTC described in the following describes only the
principles of an MOC / MTC, not the detailed signaling flow.
25
Siemens
Procedures

MS
BSS
MSC
VLR
Channel Request
sends
subscriber Id.
TMSI (IMSI)
identification +
authentication
request
*1
HLR/AC
3
requests
triples
3
4
triples
authentication + start ciphering + IMEI check + new TMSI
5
Setup (Phone No.,..)
6
requests call
information
6
8
Traffic Channel
assignment
7
commands
channel assignment

available in VLR
sends info
9
Setup connection to B-subscriber
Fig. 18
26
Procedures
Siemens
Siemens
Procedures
Mobile Terminating Call MTC

In the case of a MTC the mobile subscriber is the called party. The MTC call flow
differs in dependence on the initiating party. In this example the initiating party is
subscriber on an external network.
1. After analysis of the MSISDN (CC and NDC) a request to set up a call is
transmitted from an external exchange to the GMSC.
2. The GMSC identifies the users HLR from the MSISDN. It starts a so-called
Interrogation to the HLR to get information of the subscribers current location.
3. The HLR identifies the subscribers IMSI from the MSISDN and checks the
subscribers current location, i.e. the VLR address. The HLR informs the VLR
about the call and requests a Mobile Station Roaming Number MSRN (including
the VMSC address) from the VLR. The request to the VLR includes the LMSI,
which enables the fast access to the users data in the VLR.
4. The VLR transmits the MSRN to the HLR, which forwards this number and the
IMSI to the GMSC. If the VLR has information, that the MS is Detached currently,
the call is rejected / forwarded to the Mailbox.
5. The GMSC uses the MSRN (including the VMSC address) and IMSI to get into
contact with the VMSC.
6. The VMSC requests information (LAI, TMSI) for call setup from its VLR
7. The VLR sends these data.
8. The VMSC uses the LAI to start the Paging procedure. Paging means to search
to MS in the total Location Area (the precise cell is not known).
9. The MS responses the Paging, i.e. from now on its cell is known.
10. This topic includes: Authentication, cipher start, IMEI check and TMSI Reallocation.
11. The MSC transmits the Setup information to the MS, commands the BSC to
allocate a Traffic Channel to the MS and switches through the connection.
27
Siemens
Procedures

BTS
VMSC
VLR
HLR
GMSC
BTS
3
BTS
MS
sends IMSI
requests MSRN
2
Interrogation:
MSRN request
1
call
request
4
sends MSRN
8
8
Paging
9
Paging Response
10
Paging
6
7
5
connection request
requests data
(LAI, IMSI)
sends data
9
10
10
authentication + ciphering + IMEI check + new TMSI
11
11
11
11
call through switching
Assignment of Traffic Channel
Fig. 19
28
Siemens
Procedures
Mobile - Mobile Call MMC / Mobile Internal Call MIC

MMC and MIC are only special cases / combinations of the MOC and MTC.
Mobile Mobile Call MMC

The MMC is a call setup initiated by a MS and terminating at a MS. Thus, MOC and
MTC are executed one after the other.
For the call setup of a MMC the same procedures are valid as in the case of MOC
and MTC for the call setup between a mobile subscriber and a fixed subscriber. In
the case of PLMN internal MMC, instead of inquiring the GMSC the VMSC of the
calling party queries the HLR of the called party.
Mobile Internal Call MIC

A special case of the MMC is represented by the MIC. Here, both mobile subscribers
are in the same MSC area or even in the same cell. No shortening of the procedure
takes place here. MOC and MTC procedures are executed after each other, the only
difference is that the MSC involved is VMSC for both, the calling and called party.
Mobile Mobile Call MMC
traffic
channel
VLR
EIR
VMSC
BSC
BTS
VLR
HLR AC
VMSC
BTS
NSS Network Switching Subsystem
Mobile Internal Call MIC

EIR
BSC
RSS Radio Subsystem
traffic
channel
BSC
VLR
BTS
VMSC
HLR AC
NSS Network Switching Subsystem
BSC
BTS
RSS Radio Subsystem
Fig. 20
29
Siemens
Procedures
Off Air Call Set Up OACSU

The OACSU is used in case of overload on the radio interface (a lack of Traffic
Channels). It is helpful to overcome short term bottleneck situations without rejecting
call requests.
If there is currently a lack of Traffic Channels OACSU enables to delay the TCH
allocation until there is an answer of the called participant. In most cases this will
need several 10 s. There is a high probability that during this time another call is
finished and this TCH is then reserved for the delayed TCH allocation.
OACSU can theoretically be used for MOC and MTC.
In the case of OACSU so-called partial connections are set up. After the TCH is assigned, the partial connection is completed. The delay of the TCH assignment is
monitored by a timer. When the time frame has run out, a TCH is assigned. The
OACSU can lead to an announcement for the called party, if he/she picks up the
phone before the delayed assignment of the TCH.
Restraints for OACSU:
l
not for international calls
not for data connection
not for emergency calls
OACSU
Off Air Call Set Up
Delayed call setup

No traffic channel assignment until
B-subscriber answers / timer expires
A- subscriber
call setup:
B- subscriber
signaling
traffic channel
assignment
MS
B-subscriber
answers
BTS
B-subscriber
answers
Not for:
International calls
Data connection
Emergency calls
Fig. 21
30
Procedures
Siemens
Siemens
Procedures
Handover HO: Handover Types

Handover HO are a change of the physical channel during a current connection.
There are various types of handover:
l
Intra-Cell Handover: In the case of Intra-Cell Handover, a physical channel within

a cell is changed. A reason for this may be an interference in the frequency
currently being used. Frequency and/or Time Slot can be changed. Therefore it
differs from the feature "frequency hopping", in which the frequency is changed
after a certain algorithm, but the time slot is never changed. Frequency hopping
and Intra-Cell Handover exclude each other. The intra-cell handover is realized
internally in the BSS, i.e. the BSC decides without MSC involvement. Only the
message "handover performed" is sent to the MSC after the handover.
Intra-BSS Handover: An Intra-BSS Handover is carried out between two cells of

the same BSS. The procedure is decided and performed by the BSC (no MSC
involvement). The MSC is informed only after the handover ("handover
performed").
Intra-MSC Handover: An Intra-MSC handover is a handover between two BSSs

of the same MSC. The MSC decides about this Handover and switches between
the two BSCs.
Inter-MSC Handover: A Inter-MSC Handover include at least two MSCs. The
MSC has to decide and to switch. Inter-MSC handovers are one of the most
complicated GSM procedures, in particular in the case of MSCs made by different
manufacturers. One has to distinguish between "Basic Inter-MSC Handover" and
"Subsequent Inter-MSC Handover".
Basic Inter-MSC Handover: If a MS changes for the first time from the area of an
MSC (A) to the area of a MSC (B), this is described as Basic Handover.
Subsequent Handover: If the MS also leaves the MSC (B) area and moves into the
area of a further MSC (C) or returns to the area of the old MSC (A), this follow-on
handover is called Subsequent Inter-MSC Handover. The handover is controlled
by the initial MSC, which is called MSC (A) = Anchor MSC. In a Subsequent InterMSC Handover with MSC (C) for a short time three MSCs are connected for one
call. The connection MSC (A) - MSC (B) is released after successful set up of
connection between MSC (A)and MSC (C).
The Anchor MSC is responsible for billing. This is the reason, why Inter-PLMN
Handover, i.e. Handover between different PLMNs are normally not performed.
31
Siemens
Procedures
Handover Types
Intra-BSS
Intra-cell
BTS
f 1, TS 1
BTS
BSC
BSC
MSC
f 2, TS 2
Handover
performed
Intra-MSC
Handover
performed
BTS
MSC
Inter-MSC
basic
BSS
MSC - A
MSC - B
MSC
BSS
subsequent
MSC - C
Fig. 22
32
Procedures
Siemens
Siemens
Procedures
Handover Decision
The handover algorithm is based on periodically measurements of MS and BTS
concerning the strength and quality of the received signals. The MS measures quality
and strength of the connection and the strength of the serving BTS and that of the
surrounding BTSs. The BTS measures quality and strength of the connection as well
as the distance MS - BTS (Timing Advance TA).
The result of the MS measurements is transmitted to the BTS. The BTS adds its own
measurements and transmits the data as "Measurement Report" to the BSC.
The BSC has to decide, whether a handover is necessary or not. The decision is
determined by the comparison between the current measured values and the
threshold values. If no threshold values are exceeded, the BSC analyses whether an
other BTS as the current one would enable a better air interface quality. Different
other aspects have to be taken into account, e.g. the current load of the cells.
Furthermore, so-called "Ping-Pong Handover" should be prevented.
If an Inter-cell handover is initiated, the criterion of availability of surrounding cells is
used to set up a list of suitable handover destinations in a declining order of priority.
This list forms the basis for the final handover decision that is carried out by the BSC
(in case of Intra-BSS Handover) or by the MSC (in case of Inter-BSC / -MSC
Handover).
Handover criteria are e.g.:
l
Strength of the received signal (UL and DL)
Quality of the received signal (UL and DL)
Distance MS - BTS (Timing Advance, UL)
Signal strength of suitable surrounding cells (UL, BCCH)
Interference that decrease the signal quality (UL and DL)
33
Siemens
Procedures
Handover
Decision
BTS
MS
Timing Advance,
Power control
Measurement:
connection quality & strength,
distance measurement (TA)
Measurement:
connection quality & strength:
strength of serving BTS &
surrounding BTSs
Measurement report
Measurement value processing

(averaging, limit values,..)
Measurement
report
HO
decision
BSC
Evaluation list
(suitable BTSs for HO...)
Initiation of HO type
BSC/
MSC
Handover
Fig. 23
34
Siemens
Procedures
Handover Example: (Basic) Inter-MSC Handover

1. During an existing connection, the MS permanently measures the quality and
power level of the received information and measures the strength of its own and
the surrounding BTS. Furthermore, the BTS measures the quality and strength of
the connection and the Timing Advance. The results are as measurement report
to the BSC. The BSC analyses the need for Handover. If an Handover is
necessary, the BSC creates a list of preferable cells to which the Handover
should be performed. If an Handover to a cell of another BSC / MSC is
necessary, the information is forwarded to the MSC (A). In this example, a
Handover from Cell A to Cell B is preferable. On basis of the BSC information,
the MSC (A) decides to initiate a Basic Inter-MSC Handover to MSC (B),
because Cell B is in the service area of MSC (B).
2. MSC (B) requests the BSC, which is responsible for Cell B to allocate resources
for this connection and prepare network transmission capacities for the call. A
second connection is built up parallel to the existing connection. The DL
information is split and delivered to both BTS.
3. MSC (A) gives command to the MS (via BSC) to change the physical channel.
Changing the physical channel, the MS immediately is connected to Cell B.
4. The initial connection is released, the resources are set free for other
connections. The users data are still transmitted via MSC (A); it is the AnchorMSC.
BSC to MSC (A):

HO please!
Handover
example
BSC
VLR
cell B
MSC (B)
BTS
MSC (A)
BTS
VLR
BTS
BTS
MSC (B)
BTS
Level:
BTS
BSC
C
BTS
cell A
cell B
cell C
BTS
BTS
1. BSC: HO necessary
2. Parallel connection setup
3. MS changes phys. channel
4. Original connection released
Fig. 24
35
Siemens
Procedures
Emergency Call
The connection set up for the Tele Service "Emergency Call" is similar the that of the
Mobile Originating Call MOC.
The mobile subscriber starts this service either by pressing a SOS key or by dialing
an emergency service number (often: 112).
The setup follows the MOC signaling flow. Differences are:
l
no Authentication is necessary
no Ciphering will be used
no IMEI check is performed
no TMSI Re-allocation is performed
A short call setup is resulting in this lack of security features. Furthermore, the
Emergency Call should always be possible with any MS, even without a valid SIM
Card.
Emergency calls are treated with precedence. This may also lead to the release of
other existing connections.
The BSS always delivers the location of the emergency call to the MSC. Depending
on this origin, the emergency connection is then transmitted from the MSC to the
regionally responsible Emergency Call Center. The available location information can
be delivered to the Emergency Call Center, too (operator dependent).
Emergency
Call
Emergency Call
Center
SOS
call setup:
without:
Authentification
Ciphering
IMEI check
TMSI-Reallocation
MSC
Direct connection
Supplies location info
Emergency call:
MS
Priority treatment
no security features
fast call setup
usually always possible,
even without valid SIM card
Fig. 25
36
Procedures
Siemens
Short Message Service SMS transmission (MT-SMS)

MS attached (i.e. reachable):
l
A Short Message Service Center SM-SC (out of the scope of the GSM Rec.) tries
to transmit the SMS to the requested MS via GMSC.
The GMSC performs an Interrogation to the HLR to get knowledge about the
current VMSC.
The HLR requests the VLR for an MSRN and forwards this to the GMSC.
The GMSC gets into contact with the VMSC and the SMS is delivered to the MS.
Different to the MOC, no Traffic Channel allocation is necessary in case of SMS
transmission. The SMS can be transmitted via Signaling Channel.
MS Detached (not reachable):

l
The SM-SC tries to transmit the SMS to the requested MS via GMSC.
The GMSC performs an Interrogation to the HLR to get knowledge about the
current VMSC.
The HLR requests the VLR for an MSRN. This is not possible, because the
subscriber is Detached and the VLR stores this information.
In the following, a SMS flag is set in the VLR and in the HLR. Furthermore, the
HLR stores the address of the SMS-SC.
The HLR informs the GMSC that the SMS can not be delivered and the GMSC
rejects the request of the SM-SC. The SMS is still stored in the SM-SC.
If the MS is switched on again, an IMSI Attach procedure is performed to the VLR.
Due to the SMS flags, the VLR informs the HLR, that the MS is reachable again.
The HLR requests via GMSC the SM-SC to start the SMS transmission again.
37
Siemens
Procedures
MS
MSDetached
Detached
SMS /
no
noSMS
SMSdelivery
deliverypossible
possible
SMS
SMSstored
storedininSM-SC
SM-SC
flag
flagininVLR
VLR&&HLR
HLR
SMS-SC
IMSI
IMSIAttach
Attach
VLR
VLRinforms
informsHLR
HLR
HLR
requests
HLR requestsSM-SC
SM-SCvia
via
SMS-GMSC
SMS-GMSCtotoretransmit
retransmitSMS
SMS
SM-SC
SMS Service Center
SMSGMSC
HLR
HLR-flag
+ SM-SC Id(s)
VMSC
MS
VLR
VLR-flag
GSM-PLMN
Fig. 26
38
Chapter 5
Radio Interface
Radio Interface
Radio Interface
Contents
1
2
3
Physics of Layer 1
Logic of L1
MOC / MTC
2
14
25
Siemens
Radio Interface
Physics of Layer 1
Radio Interface (Layer 1)
time
Duplex distance: 45 MHz

TS7
Example:
GSM900
TS6
TS5
TDMA
frame
UL
DL
TS4
4.615
ms
TS3
Physical
Physicalchannel
channel(Um)
(Um)
TS2
TS
TS1
577
ms
TS0
890
915
200 kHz
935
Physics of Layer 1
960
Frequency
[MHz]
Fig. 1
Radio
SiemensInterface
Siemens
Radio Interface
The Radio Interface: Physics of Layer 1

The Layer 1 of Um is described in GSM Rec. 04.04. In the following, L1 is separated
for didactical reasons in the Physics of L1 transmission and the Logic of L1
transmission.
For the transmission of user data / signaling physical channels are allocated to the
users. A physical channel in GSM is defined by a frequency pair for UL/DL and a
Time Slot TS of the TDMA frame. The frequency bandwidth in GSM is 200 kHz. A
Time Slot TS has a duration of 0.577 ms. 8 TS form a TDMA frame; the duration of a
TDMA frame is 4.615 ms.
The Burst
In GSM, using FDMA & TDMA for multiple access, the transmission of data is not
continuously. In every Time Slot TS the HF has to be switched on, the data are
transmitted briefly and then the HF transmission is switched off again. This type of
HF transmission is called pulse or bursty operation. Therefore, the content of a TS
is called Burst.
The transmitter is only allowed to transmit the HF Burst within the duration of the TS.
If the HF transmission exceeds the duration of the TS, the transmission might
interfere with the transmission of the succeeding user. In this case, strong
disturbances of both connections follow. For this reason, the transmission must be
timed exactly. Furthermore, it is not possible to switch on / off immediately. To
prevent interference between neighboring TS, the GSM Rec. define a duration during
which the switching process must be closed. The BS and MS must be able to switch
the HF power on / off within 0.028 ms over a wide dynamic range. This range is 70
dB for BS and 36 dB for MS.
So the burst transmission can be explained as a maximum of 0.028 ms for switching
on HF to the necessary power level, 0.5428 ms for the HF transmission of the socalled useful part (corresponding with 147 bit) and 0.028 ms for switching off the HF
power level down to background noise level. Note: This useful part + flanks
exceeds the duration of a TS (0.577 ms) and often irritate readers of GSM literature.
The 0.028 ms are however only time maximum limits for the flanks. They carry no
valuable information and so they are allowed to interfere with the succeeding Bursts
in a negligible way.
Siemens
Radio Interface
The Burst
Power
Useful
Usefulpart
part
Time
28 ms
542,8 ms
28 ms
Fig. 2
Siemens
Radio Interface
Burst: Content
A Time Slot is defined as a duration of 0.577 ms (to be precise: 0.576923 ms). This
duration is divided per definition into 156.25 bit. This means an individual bit has a
duration of 3692.3 ns.
The 156.25 bit are used / defined as follows:
142 bit for the transmission of Information (not only users data / signaling but also
control information necessary for maintenance of the connection)
3 bit as Tail Bits TB for edge limitations of the TS. They are preventing, that useful
information are falling into the flanks of the burst. TB contain no useful information.
They are modulated as content 0.
8.25 bit as Guard Period GP. The GP is not part of the HF transmission. It is used to
compensate run-time effects in the cells. Note: There is one exception of GPs: The
first MS transmissions of the MS toward the network use special bursts (Access
Burst) with an extended GP of 68.25 bit.
Burst: Content
TS = 576 12/13 ms
= 156.25 bit
1 bit = 3.6923 ms
TB
Tail Bits
3 bit
Information
142 bit
TB
GP
Tail Bits Guard Period
3 bit
8.25 bit
HF transmission
Fig. 3
Siemens
Radio Interface
Example: Normal Burst NB

The Normal Burst is part of the Logic of Layer 1 and will be explained together with
the four other Burst Types later-on in detail. It is shown here for didactical reasons to
get an idea of the content of what has been determined as Information.
The 142 bit of Information (content: 0 or 1) are realized in the middle of the burst
to enable reliable transmission. The 3 TB (content: 0) on the edge provide buffer
against data loss at the flanks of the burst.
The Normal Burst NB contains:
l
2 x 3 bit as Tail Bits TB
2 x 57 bit as Information (User Data / Signaling)
2 x 1 bit as Stealing Flags which inform the receiving side if user data or user
related signaling is transmitted
26 bit as Training Sequence for time synchronization and transmission quality

analysis
Now the structure of a TS / burst is explained, the content has been described down
to bit level, but the question is now:
How are the 0 and 1 physically presented on the radio interface?
Normal Burst
55Burst
BurstTypes
Types
with
withdifferent
differentlogical
logicalcontent
content
(discussed
(discussedlater-on)
later-on)
Example:
Normal Burst
156.25 Bit = 576.9 ms
TB
Information-Bits
57
Training
Sequence
26
Information-Bits
57
TB
GP
3 8.25
Bit
142 bit Information
S: Stealing flag
TB: Tail Bits
GP: Guard Period
Fig. 4
Siemens
Radio Interface
GSM Modulation: Gaussian Minimum Shift Keying

For transmission of the binary data 0 and 1 in GSM a frequency modulation
method has been chosen. It is known as Gaussian Minimum Shift Keying GMSK.
Minimum Shift Keying MSK
The GMSK is based on Minimum Shift Keying MSK. MSK is a modulation principle,
where the information is transmitted in the instantaneous frequency of the HF signal.
The carrier frequency fT is shifted by the frequency difference ,f = 67.7 kHz to
indicate "1" or "0". This is achieved not by shifting the frequency directly, but by a
change of the phase velocity. This results in a frequency and phase variation.
Gaussian MSK
In GMSK, the phase transitions are smoothed by filtering the data with a gaussian
curve. This enables smooth phase shifts, keeping the bandwidth comparable narrow.
Thus, a bandwidth of only 200 kHz can be achieved.
Minimum Shift
Keying MSK
1
binary
signal
0
f
frequency
f
T f
T
+
T
+ 180
+ 90
t
phase
- 90
- 180
GMSK: Gaussian MSK
MSK signal x Gaussian curve

smaller band-width
Fig. 5
Radio
SiemensInterface
Siemens
Radio Interface
Frames
TDMA frames
A single frequency band in TDMA systems is subdivided into several Time Slots TS,
which can be used by different users. In GSM 8 TS form one TDMA frame (4.615
ms), i.e. 8 physical channels are using the same frequency band being cyclically
(every 4.615 ms) allocated to a certain user / application.
So the TDMA frame is a repetition cycle with a duration of 4.615 ms.
The TDMA frames themselves are again part of a repetition cycle of a larger duration.
Certain contains are always repeated after a certain duration. This repetition cycle is
called: Multiframe.
Multiframes
Here a separation has to be done according to the type of information a physical
channel is transmitting. The physical channels can be used to transmit either user
data or signaling.
Multiframes of physical channels allocated for user traffic (Traffic Channels TCH) are
repetition cycles of 26 TDMA frames.
Multiframes of physical channels allocated for signaling data (mostly on one / several
of the TS0 of the carrier of one cell) are repetition cycles of 51 TDMA frames.
Certain logical contents are repeated on certain TDMA frames of the 26 TDMA
frames of the TCH Multiframes or on the 51 TDMA frames of the signaling
Multiframe.
Siemens
Radio Interface
Signaling
Time
MultiFrames
7
6
5
4
3
2
1
0
Frames
User
Traffic
50
49
48
47
46
45
44
43
25
24
23
22
21
20
5
4
3
2
1
0
TDMA Multi Super Hyper7
Frames
Time
6
5
4
3
2
1
RFC RFC RFC 0

1
2
3
TDMA
frame
cyclical
cyclicalrepetition
repetition
of
certain
of certaincontents
contents
RFC
124
FDMA
Frequency
Fig. 6
Siemens
Radio Interface
Example: Traffic Channel TCH Multiframe

The TCH Multiframe consists of 26 TDMA frames with user data. Every one of this 26
TDMA frames contains a certain logical content. So certain contents are repeated
every 120 ms. This is necessary because the user data which are transmitted on
this Traffic Channel are not only the user information (Traffic Channel TCH = user
speech, fax, data) which he likes to transmit. Also user related control information
(so-called Slow Associated Control Channel SACCH) which are necessary to
maintain the connection are transmitted on the same physical channel. They are
transmitted every TCH Multiframe, i.e. every 120 ms on the 13th TDMA frame (Full
Rate TCH), respectively at Half Rate transmission for the first user of this physical
channel on the 13th and for the second user on the 26th TDMA frame.
In Full Rate transmission the 26th TDMA frame is empty (Idle I).
A general overview and description of the different logical contents which are
defined in GSM and the content of the Signaling Multiframes is given later-on in
Logic of L1.
Example:
TCH Multiframe
User related control data

to maintain connection
Full Rate (FR) TCH
T T T T T T T T T T T TAT T T T T T T T T T T T I
26 TDMA frame = 120 ms
T t T t T t T t T t T t A t T t T t T t T t T t T a
2 Half Rate (HR) TCH
T/t = TDMA frame for TCH
A/a = TDMA frame for SACCH/T
I = Idle
TCH: Traffic Channel

SACCH: Slow Associated Control Channel
Signaling Multiframe
Logic of L1
Fig. 7
10
Siemens
Radio Interface
Radio Interface
Siemens
Time Structure of the Radio Interface:

Bit: The shortest unit of the GSM radio interface is one bit. Its information is GMSK
modulated onto the HF. Its duration is 3692.3 ns.
Time Slot TS: The TS consists of 156.25 bit. It is the shortest possible transmission
time in GSM with a duration of 0.57688 ms.
TDMA frames: 8 TS form 1 TDMA frame with a duration of 4.615 ms. 8 physical
channels are using the same frequency band being cyclically (every 4.615 ms)
allocated to a certain user / application.
Multiframes: The TDMA frames themselves are again part of a repetition cycle of a
larger duration, the Multiframe. Certain contains are always repeated after a certain
duration. Multiframes for user traffic (Traffic Channels TCH) are repetition cycles of
26 TDMA frames with a duration of 120 ms. Multiframes for signaling are repetition
cycles of 51 TDMA frames with a duration of 235.4 ms.
Superframe: The TCH / Signaling Multiframes are summarized in longer repetition
cycles to Superframes. Superframes consist of 51 TCH / 26 Signaling Multiframes. A
Superframe (1326 TDMA frames) is the smallest common multiple of TCH and
signaling Multiframes with a duration of 6.12 s.
Hyperframe: The Hyperframe is the GSM numbering period. It comprises 2048
Superframes and is exactly 12,533.76 s or 3 h 28 min 56.76 s long. It is a multiple of
all cycles described up to now and determines all transmission cycles / periods on
the radio interface. The Hyperframe is the shortest cycle for repetition of the
frequency hopping algorithm and for ciphering.
Time
Structure
1 Superframe =
51 x 26
TDMA frames
6.12 ms
Hyperframe =
2048 Superframes 3h 29 min
e.g. repetition of
frequency hopping
ciphering
0 1 2 3
0
Numbering Period
4950
24
1 TCH Multiframe =
1 Signalling Multiframe =
26 TDMA frames = 120 ms
0 1 2 3
51 TDMA frames 235,4 ms
24 25
1 Burst = 156,25 bit = 576,88 us

(1 bit = 3,6923 us)
Fig. 8
25
Channel organisation
scheme
Repetition scheme
for TCH / Signaling
0 1 2 3
49 50
1 TDMA frame
= 8 TS = 4,615 ms
BURST = TS content
11
Siemens
Radio Interface
Adaptive Frame Alignment

In GSM the numbering of the Uplink UL and Downlink DL Time Slots TS is shifted by
three TS against each other. This prevents simultaneous transmission and reception
in GSM and enables to create simpler and cheaper Mobile Stations MS. Narrowband
filters are not necessary. This enabled to built GSM handhelds directly from
commercial start of GSM in the early 90th.
Timing Advance TA
The Guard Periods GP of the Normal Bursts are not able to compensate signal
delays in larger GSM cells. The MS receives synchronization signals from the BS,
synchronizes their transmission based on this signals, but it cannot recognize its
distance from the BS. The distance can be up to 35 km in a normal GSM cell. A
transmission without special compensation of this run-time delay would result in
interference with the succeeding TS.
Therefore, the BS analyses the delay of the MS transmission using the very first MS
burst (which has an extended GP). The BS adjusts its transmission in the DL and
informs the MS with the Timing Advance TA information how to adjust the UL
transmission (i.e. how much earlier the transmission has to start). Over the total
connection, the delay is analyzed by the BS and new TA values set for the MS. 64
TA values (difference: plus/minus 1 bit period) can be used to compensate run-time
effects.
Adaptive frame alignment /

Timing Advance TA
Adaptive frame alignment:

preventing simultaneous
transmission / receiving
UL/DL shifted by 3 TS
UL
DL
Timing Advance TA:

compensation of propagation delays
BTS commands MS to transmit earlier:
2 x propagation time MS - BTS
Fig. 9
12
Siemens
Radio Interface
Radio
SiemensInterface
Frequency Hopping
Frequency Hopping means to change the frequency used for transmission is

consequently changed every TDMA frame following a certain frequency hopping
algorithm. The Time Slot of the physical channel is still fixed.
The logic behind frequency hopping is to guarantee that all channels have the same
high degree of transmission quality by dividing possible short term interference over
all channels of the cell.
So a narrow-band interference does not disrupt the total transmission on one carrier,
i.e. on one frequency band, because the transmission is hopping from TDMA frame
to TDMA frame to other frequencies.
Nevertheless, now interference occurs for all the carrier of the cell from time to time
when transmitting on the disturbed frequency band. But this can be compensated in
GSM, because in classical GSM there is always redundancy on the transmitted data.
The redundant information is delivered in the next TS of the succeeding TDMA
frame, i.e. on another frequency (which is not disturbed).
Frequency hopping is optional in GSM. It is on the PLMN operators decision to use
frequency hopping or not. Frequency hopping significantly improves the quality /
reliability of transmission.
The carrier transmitting the Broadcast Control Channel BCCH (carrying information
necessary for MS synchronization to the network) does not participate in frequency
hopping.
Frequency hopping is done in the MS and BS, managed from the BSC. The
frequency hopping algorithm can be configured from an OMC.
Frequency Hopping
Compensation of
narrow-band interference
stable & reliable transmission
(redundant bits on different TDMA frames)
RFC 1
RFC2
RFC 3
RFC 4
RFC 5
TCH
Fig. 10
frame 0
frame 1
frame 2
frame 3
frame 4
frame 5
13
Siemens
Radio Interface
Logic of L1
BCCH
DL
BCH
Broadcast Channel
FCCH
SCH
DL
Signaling
CCCH
Common Control
Channel
PCH
AGCH
UL
RACH
SDCCH
DCCH
Dedicated Control
Channel
UL
+
DL
SACCH
FACCH
Traffic
User Data
TCH/F
UL + DL
TCH/H
Logic of L1
Fig. 11
14
Radio
SiemensInterface
Siemens
Radio Interface
Logical Channels
Different signaling and user data contents determine different Logical Channels in
GSM.
For user data transmission two different Logical Channels are used:
l
TCH/F Traffic Channels, Full rate (FR/EFR speech: 13 / 12.2 kbit/s; data: 9.6
kbit/s)
TCH/H Traffic Channels, Half rate (HR speech: 5.6 kbit/s; data: 4.8/2.4/1.2/0.6/0.3
kbit/s)
For signaling 3 types of Logical Channels are used: BCHs, CCCHs and DCCHs.
Broadcast Channels BCH are used DL only for MS synchronization & information:
l
FCCH Frequency Correction Channel: for MS frequency synchronization
SCH Synchronization Channel: for MS time synchronization; contains additionally

TDMA frame no., BSIC
BCCH Broadcast Control Channel: contains system & cell parameters, e.g. CGI
(i.e. PLMN, LAI), channel combining, frequency hopping algorithm, cipher mode,
cell capabilities: e.g. EFR/FR/HR, VAD/DTX, ASCI, HSCSD, GPRS, EDGE,..)
Common Control Channels CCCH are used uni-directional UL & DL for initial
access:
l
PCH Paging Channel: to search the MS in the LAI in case of an MTC
RACH Random Access Channel: MS request for dedicated signaling resources
AGCH Access Grant Channel: to grant a dedicated channel to the MS
Dedicated Control Channels DCCH are used bi-directional for dedicated signaling:
l
SDCCH Stand-alone Dedicated Control Channel: dedicated signaling between MS

& BS for Call Setup (Authentication, Cipher start, IMEI check, TMSI-Reallocation,
Setup,..) LUP procedures, SMS
SACCH Slow Associated Control Channel: allocated together with SDCCH or

TCH; control information to maintain connection (e.g. DL: Power Control, Timing
Advance, Comfort Noise; UL: Measurement Reports for Handover,..)
FACCH Fast Associated Control Channel: allocated instead of TCH in case of

enhanced demand for signaling resources (Handover, Call Release, IMSI-Detach,
OACSU..)
15
Siemens
Radio Interface
Logical channels
DL
BCH
Broadcast Channel
DL
Signaling
CCCH
Common Control
Channel
DCCH
Dedicated Control
Channel
Traffic
User Data
BCCH: Broadcast Control Channel
FCCH: Frequency Correction Channel
SCH: Synchronisation Channel
PCH: Paging Channel
UL
UL
+
DL
FCCH
Frequency synchronization
SCH
Time synchronization + BSIC, TDMA-No.
BCCH
CGI, FR/EFR/HR, VAD/DTX, HSCSD,

frequency hopping, channel combinations
PCH
Paging / Searching (MTC)
RACH
Request for signaling channel
AGCH
Allocation of signaling channel
SDCCH
Signaling MS BTSE for e.g. Call Setup

(Authentication, Cipher start, IMEI check,
Setup info,..) LUP, SMS,...
SACCH
Measurement Report,
TA, PC, cell parameters,...
FACCH
Signalling instead of TCH

(e.g. for HOV, IMSI Detach, Call Release)
TCH/F
User data Full Rate
TCH/H
User data Half Rate
UL + DL
AGCH: Access Grant Channel
RACH: Random Access Channel
SDCCH: Stand-alone Dedicated Control Channel
SACCH: Slow Associated Control Channel

FACCH: Fast Associated Control Channel
TCH: Traffic Channel
Fig. 12
16
Radio
SiemensInterface
Siemens
Radio Interface
Burst Types
The HF transmission, which is transmitted in a Time Slot with a pre-defined bit
sequence is call Burst. In GSM there are 5 different Burst types defined:
Normal Burst NB: The NB is used for most of the Logical Channels (TCH, BCCH,
PCH, AGCH, SDCCH, SACCH, FACCH). It consists of the following bit sequence:
l
2 x 3 bit as Tail Bits TB for edge limitation of the HF burst (content: 0),
2 x 57 bit as Data Bits (Information), which carry the users data or signaling
information.
2 x 1 bit as Stealing Flags S, which indicate whether user data (TCH) or user
related signaling (FACH) is transmitted in this Burst.
26 bit as Training Sequences, which are fixed bit pattern (8 different sequences
exist for NB) for synchronization of the transmitted burst & recognition of
transmission quality
8.25 bit as Guard Period GP, which is not part of the HF transmission; used as
guard period between succeeding TS.
Frequency Correction Burst: It is used for the FCCH only, consisting of:
l
142 Fixed Bits with content 0; it is used for MS frequency synchronization
2 x 3 bit as Tail Bits
8.25 bit Guard Period
Synchronization Burst: It is used for the SCH only, consisting of:

l
64 bit as Training Sequence for initial precise MS time synchronization
2 x 39 bit with Information necessary for initial MS access (BSIC, TDMA frame
number, NB training sequence used in this cell,..)
Random Access Burst: It is used for RACH only, consisting of:

l
36 bits Information for initial access (BSIC, MS random no., access reason)
41 bits as Synchronization Sequence
8 + 3 bits as Tail Bits
68.25 bits Guard Period GP; the extended GP prevents interference with the
succeeding TS occurring due to the run-time problem (the MS lacks of information
about its distance to the BS before starting access)
17
Siemens
Radio Interface
Dummy Burst: The Dummy Burst has NB structure; it is transmitted in special cases
if nothing else (useful) is to be transmitted (e.g. at the BCCH carrier, which has to be
transmitted continuously because it is the cell beacon).
156.25 Bit = 576.9 ms
Burst Types
Normal Burst
TB
3
bit
Information
57 bit
Training
Sequence
bit
26 bit
bit
TB
3
TCH, BCCH, PCH, AGCH,

SDCCH, SACCH, FACCH
Information
57 bit
bit
bit
TB GP
3 8.25
Fixed bits
142 bit
bit
TB GP
3 8.25
bit
bit
Frequency Correction Burst: FCCH

TB
3
bit
Training
Sequence
Information
39 bit
64 bit
Information
39 bit
TB GP
3 8.25
bit
bit
Synchronization Burst: SCH

TB Synchronization
Sequence
8
bit
41 bit
Information
36 bit
Random Access Burst: RACH
TB
3
GP
68.25
bit
bit
Dummy Burst: Structure Normal Burst
Fig. 13
18
Radio
SiemensInterface
Siemens
Radio Interface
Multiframe: Channel Combinations

There are seven different schemes to co-ordinate the logical channels in multiframes.
Three schemes are used for the co-ordination of Full rate and Half rate Traffic
Channels. Four schemes are used to co-ordinate signaling, depending on the
requirements of the individual cell. The network operator has do decide, which
channel combinations are used for a cell.
Combination I III are used for TCH Multiframe co-ordination (Full rate / Half rate).
Combination IV VII are used for Signaling Multiframe co-ordination.
Combination I: TCH/F + FACCH/F + SACCH/F
Combination I is used to transmit Full rate user data & speech. The frames 011
and 13-24 are used for user data, frame 12 is used for SACCH (user related
control data) and frame 25 is not used (I: Idle).
Combination II & III: TCH(0,1) + FACCH/H(0,1) + SACCH/H(0,1) respectively
TCH/H(0) + FACCH/H(0) + SACCH/H(0) + TCH/H(1) + FACCH/H(1) + SACCH/H(1)
Combination II & III are used to transmit Half rate user data & speech. 2 TCH/H
user have to share the 26 multiframes. Data from user 1 or user 2 are filled
alternately into the frames. The SACCH of user 1 is on frame 12, the SACCH of
user 2 is on frame 25.
Combination IV: FCCH +SCH + CCCH (PCH & AGCH) + BCCH
Combination IV offers much space for the Common Control Channels CCCH.
Therefore, this combination is used often for cells with many carrier. As BCCH
carrier it is the cell beacon and so it must be used exactly only on one carrier of
the cell. It is allocated on TS 0 of this carrier and has to be transmitted
continuously. If no useful information is to be transmitted, Dummy Bursts have to
be used. There is no Power Control used on the cells beacon. Combination IV
lacks of dedicated signaling channels (SDCCH and SACCH). Therefore, it has to
be used together with combination VII.
19
Siemens
Radio Interface
Multiframe: Channel Combinations

I)
TCH/F + FACCH/F + SACCH/F
II)
TCH/H(0,1) + FACCH/H(O,1) + SACCH/H(0,1)
III)
TCH/H(0) + FACCH/H(0) + SACCH/H(0) +
TCH-Combinations
TCH-Combinations
shown
shownbefore
before
TCH/H(1) + FACCH/H(1) + SACCH/H(1)

IV)
FCCH + SCH + CCCH + BCCH
V)
FCCH + SCH + CCCH + BCCH + SDCCH/4 + SACCH/4
VI)
CCCH + BCCH
VII)
SDCCH/8 + SACCH/8
Combination IV
DL
F S BCCH CCCH F S CCCH F S CCCH F S CCCH F S CCCH I

0 1 2-5
6 - 9 10 11 12 - 19 20 21 22 - 29 30 31 32 - 39 40 41 42 - 49 50
UL
R R
0 1
F:FCCH
S:SCH
B: BCCH
R R
10 11
R R
20 21
R R
30 31
R R
40 41
R
50
C: CCCH (PCH, AGCH)

I: Idle
R: RACH
Fig. 14
20
Radio
SiemensInterface
Siemens
Radio Interface
Combination V: FCCH + SCH + CCCH + BCCH + SDCCH/4 + SACCH/4

Combination V is the minimum configuration for a cell, because is contains all
logical channels necessary for signaling in a cell. It is often used for cells with only
one or two carrier. For combination V the same is valid as for combination IV: It is
the cell beacon, it must be allocated on TS 0 of exactly one carrier of the cell. It
has to be transmitted continuously. SDCCH/4 and SACCH/4 means that this
combination offers the capacity for 4 simultaneous dedicated signaling
connections.
Combination VI: CCCH + BCCH
Combination VI can be used together with combination IV and VII for cells with
very much traffic and many carriers (up to 16 carriers). This means to be an
increased demand for Common Control Channels, which are offered by
combination VI. The multiframe structure of combination VI is similar as the
structure of combination IV, without FCCHs and SCHs. In combination with IV,
combination IV is allocated on TS0 on the carrier and VI combinations can be
allocated at TS 2 / 4 / 6 depending on the traffic volume of the cell.
Combination VII: SDCCH/8 + SACCH/8
Combination IV and VI offer no dedicated signaling channels. Therefore, they have
to be used together with combination VII. Combination VII offers up to 8
simultaneous dedicated signaling channels. Combination VII can be allocated on
TS 0 of other carrier than the BCCH carrier. The BCCH indicates the allocation of
combination VII.
21
Siemens
Radio Interface
Signaling Multiframe: Combination V

DL: BCCH + CCCH + 4 SDCCH (SDCCH/4) + 4 SACCH (SACCH/4)
F S BCCH CCCH F S CCCH CCCH F S
SDCCH SDCCH
FS
SDCCH SDCCH
FS
SACCH SACCH
F S BCCH CCCH F S CCCH CCCH F S
SDCCH SDCCH
FS
SDCCH SDCCH
FS
SACCH SACCH
UL: CCCH + SDCCH/4 + SACCH/4

SDCCH
SDCCH
RR
SACCH SACCH
RR
SACCH SACCH
RRRRRRRRRRRRRRRRRRRRRRR
SDCCH SDCCH
RRRRRRRRRRRRRRRRRRRRRRR
SDCCH SDCCH
Combination VII
DL
RR
SDCCH
RR
SDCCH
2
2
SDCCH/8 + SACCH/8
SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH SACCH SACCH SACCH
I I I
SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH SACCH SACCH SACCH
I I I
0
0
1
1
2
2
UL
SACCH SACCH SACCH
I I I
SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH
SACCH SACCH SACCH
I I I
SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH
5
0
6
1
7
2
0
0
1
1
2
2
3
3
4
4
5
5
6
6
7
7
4
0
Fig. 15
22
Radio
SiemensInterface
Siemens
Radio Interface
L1 Summary: Physical Channels & GSM Data Rates

GSM uses combined TDMA and FDMA for multiple access.
GMSK has been chosen as modulation principle. The GSM channel bandwidth is 200
kHz, the modulation rate 270.833 kbit/s (derived from the GSM frequency normal 13
MHz: 13 MHz/48).
According to the GSM TDMA principle chosen with 8 physical channels on one
carrier the total gross data rate for 1 physical channel is 270,833 / 8 = 33,85 kbit/s.
1 physical channel consists of 1 TS (UL/DL) on 1 carrier. 1 TS consists of 156.25 bit.
In the Normal Burst, used for TCH transmission, only 114 bit of these 156.25 bit are
information bits (user data & user related signaling). Therefore, only 24.7 kbit/s of the
33.85 kbit/s are information.
In a TCH Multiframe, only 24 of the 26 frames are filled with TCH, i.e. user data. The
other frames are filled with SACCH (frame 12) or Idle (frame 25). Therefore, the real
gross rate of user data in GSM is 22.8 kbit/s.
The net rate in GSM is 13 kbit/s for FR speech, 12.2 kbit/s for EFR, 9.6 kbit/s for data
transmission (+ different other rates for HSCSD and GPRS). The difference between
the GSM net rate of user data and the gross rate of 22.8 kbit/s is used for data
redundancy to enable a reliable transmission.
The GSM modulation rate is 270,833 kbit/s. I.e. one single bit has a duration of
3692.3 ns.
156.25 bit form one Time Slot TS, i.e. the duration of one TS is 0.5769 ms.
8 TS form one TDMA frame, i.e. the duration of one TDMA frame is 4.615 ms; it
contains 1250 bit.
23
Siemens
Radio Interface
L1 Summary: Physical Channel / GSM Data Rates

UL: 890 MHz
915 MHz
RFC RFC RFC

1
2
3
FDMA
GMSK
270.833
Modulation kbit/s
RFC
i
RFC RFC
123 124
200 kHz
1 TDMA Frame: 4.615 ms / 1250 bit

TDMA
1 TS: 33.85 kbit/s

1 Normal Burst: 576.9 ms / 156.25 bit
TB
Information
57
S Training Seq. S
1
26
Information
57
TB GP
3
8.25
1 Bit = 3.6923 ms
24.7 kbit/s = 22.8 kbit/s TCH data (incl. redundancy)
+ 0.95 kbit/s SACCH + 0.95 kbit/s Idle
Fig. 16
24
Siemens
Radio Interface
MOC / MTC
RACH: Channel Request
AGCH: Immediate Assign
SDCCH: CM Service Request
SDCCH: Authentication Request
SDCCH: Authentication Response
SDCCH: Cipher Mode Command
SDCCH: Cipher Mode Complete
SDCCH: Setup
SDCCH: Call Proceeding
SDCCH: Assign Command
MOC / MTC
Fig. 17
25
Radio Interface
Siemens
Siemens
Radio Interface

The MOC is defined as an MS initiated call setup. Several procedures are necessary
between the MS and the BSS respectively the CN to set up a call. In the following the
L1 messages on Um necessary for a normal MOC (without Off Air Call Setup
OACSU; no emergency call) are shown:
l
Channel Request (RACH):MS requests the assignment of a dedicated signaling

channel
Immediate Assignment (AGCH): the network assigns a dedicated signaling

channel (SDCCH & SACCH). Additionally, a first TA information and Power
Control PC is included.
CM Service Request (SDCCH): the MS provides information on the requested

service (Basic Call, Emergency Call, SMS,...) and transmits the subscribers
identity (TMSI / IMSI).
Authentication Request (SDCCH): the networks checks the real identity (Ki) of the
SIM transmitting RAND.
Authentication Response (SDCCH): the MS answers with the SRES on the

Authentication Request
Cipher Mode Command (SDCCH): the network commands the MS to start

ciphering
Cipher Mode Complete (SDCCH): the MS acknowledges the cipher start (first
ciphered message)
Setup (SDCCH): the MS transmits the Setup information including the desired TS /
BS and number of the B-subscriber.
Call Proceeding (SDCCH): the network acknowledges the authorization for the
requested service and confirms the call proceeding.
Assign Command (SDCCH): a TCH is allocated to the MS
Assign Complete (FACCH): the MS confirms the TCH allocation (using TCH
resources)
Alerting (FACCH): the network informs the MS on successful call setup (i.e. the
phone of the B subscriber rings). This starts generation of the ringing signals in the
MS, too.
Connect (FACCH): the MS is informed, that the B subscriber accepted the call
Connect Acknowledge (FACCH): the MS confirms the Connect message
TCH: now network switch over to data transfer; the communication is able to start
26
Siemens
Radio Interface
MS requests for signaling channel
Signalling channel allocation [SDCCH x, TA]
Request MOC (SMS, Emergency Call,..)

[TMSI/IMSI]
MOC
Mobile
Originating
Call
Request Authentication [RAND]
Authentication Response [SRES]
Start Ciphering [A5-X]
Acknowledgement; 1st ciphered message
SDCCH: Setup
SDCCH: Call Proceeding
FACCH: Assign Complete
FACCH: Alerting
FACCH: Connect
FACCH: Connection Ackn.
Setup Message [Called No.]

Requested Service possible
(after subscriber profile check in VLR)
TCH-Allocation [frequency, TS]

Acknowledgement on TCH resource
Ringing at B-Subscriber,
start ringing signal in MS
B-Subscriber accept call
Acknowledgement
Start of user data transmission & charging
TCH
Fig. 18
27
Radio
SiemensInterface
Siemens
Radio Interface

The basic MOC includes at least 14 messages. As a rule, this signaling requires less
than 2 s.
Optional further messages are:
IMEI Request, IMEI Response to check the equipment identity
TMSI Reallocation: to allocate a new TMSI to the MS
IMEI check and TMSI reallocation are proceeded after start of ciphering
OACSU:
In case of (TCH) overload on Um OACSU can be used. In this case, the Assign
Command / Assign Complete messages are sent after the Alert message, wasting no
TCH resources during this time (only SDCCH resources).
Emergency Call
In case of an Emergency Call, Authentication and Cipher are skipped. Call setup is
faster and allows usage of every Mobile Equipment (even without valid SIM card;
IMEI on black list).
MOC Part I & Part II

The two slides MOC Part I & Part II are optional for the TM2100 GSM Introduction
course. They show the full message flow for a Basic MOC between MS and BSS /
NSS, including IMEI check and TMSI reallocation as well as the Call Release.
The SS7 message flow using L4 protocols MAP & BSSAP and L3 Radio Interface
messages of RR, MM and CM can be used for self-study.
28
Siemens
Radio Interface
MOC
MS
BSS
Part I
ISDN
MSC
VLR
Channel Request CHAN_REQ

Immediate Assign IMM_ASS_CMD)
CM Service Request CM_SERV_REQ
CM_SERV_REQ
Process Access Request

PROC_ACCESS_REQ
Authentication Request AUTH_REQ

AUTH_REQ
Authentication Response AUTH_RSP
AUTH_RSP
AUTH_RSP
Cipher Mode Command CIPH_CMD
CIPH_CMD
Set Cipher Mode

SET_CIPH_MODE
Cipher Mode Complete CIPH_MOD_COM
EIR
CIPH_MOD_COM
Check IMEI
TMSI Re-allocation TMSI_REAL_COM
TMSI-REAL-CMD
Forward New TMSI

FORW_NEW_TMSI
TMSI_REAL_COM
TMSI_REAL_COM
SETUP
SETUP
TSMI Acknowledged
TMSI_ACK
SEND INFO
Fig. 19
29
Siemens
Radio Interface
MOC
MS
BSS
Part II
Call Proceeding CALL_PROC
ISDN
MSC
VLR
Complete Call CALL_CMP
CALL_PROC
Assign Command ASS_CMD
Assign Request ASS_REQ
Assign Complete ASS_COM

ASS_COM
ALERT
ALERT
Connect CON
Initial Address Message IAM

Address Complete Message ACM
Answer Message ANM
CON
Connect Acknowledged CON_ACK
CON_ACK
User data
Disconnect DISC
REL
DISC
Release REL
Release REL
Release Complete RLC
Release Command REL_COM
Release phys. Channel CHAN_REL

Disconnect DISC
REL_COM
Clear Command CLR_CMD
Clear Complete CLR_CMP
Fig. 20
30
Siemens
Radio Interface

The MTC is initiated by the network if there is a call for the subscriber. The MTC
message flow is very similar to the MOC message flow. The most important
difference on Um is the start. The MS has to paged in all cells of a Location Area LA,
using the Paging message.
Paging (PCH): The MS is paged in all LA cells using the TMSI / IMSI.
Setup (SDCCH): Another difference between MTC and MOC is the Setup message.
In an MTC it is transmitted from the network to the MS, giving information on the
requested service (TS, BS) and the ISDN / MSISDN number of the calling party.
Call Confirmed (SDCCH): After checking its capabilities to support the requested
service, the MS acknowledges the Setup message with Call Confirmed.
Alerting (FACCH): Different to the MOC, in the MTC the Alerting message is
transmitted from the MS to the network, to indicate the start of ringing in the MS.
Connect (FACCH) & Connection Acknowledge: Different to the MOC, in the MTC
both messages have opposite direction, too.
PCH: Paging Request

Mobile
Terminating
Call
MS requests for signaling channel
Signalling channel allocation [SDCCH x, TA]
Request MOC (SMS, Emergency Call,..)

[TMSI/IMSI]
Request Authentication [RAND]
MTC
Searching MS in Location Area
Authentication Response [SRES]
Start Ciphering
Acknowledgement; 1st ciphered message
SDCCH: Call Confirmed
Setup Message
[Bearer Service, Calling No.]
Requested Service possible in MS
TCH-Allocation [frequency, TS]
SDCCH: Setup
FACCH: Assign Complete
Acknowledgement (on TCH resource)
FACCH: Alerting
Ringing signal started in MS
FACCH: Connect
Mobile subscriber accept call
FACCH: Connection Ackn.
Acknowledgement
Start of user data transmission & charging
TCH
Fig. 21
31
Appendix
Appendix
Appendix
Contents
1
2
References
Abbreviations
2
3
Appendix
Siemens
References
M. Mouly, M.B. Pautet, "The GSM System for Mobile Communications", Cell & Sys
(1992), ISBN 2-9507190-0-7
S. Redl, M. Weber, K. Oliphant, "An introduction to GSM", Artech House Inc.

(1995), ISBN 0-89006-785-6
A. Mehrotra, "GSM System Engineering", Artech House Inc. (1997), ISBN 089006-860-7
G. Heine, "GSM-Signalisierung", Funkschau: Funktechnik, Franzis-Verlag GmbH

(1998), ISBN 3-528-15302
G. Heine, "GSM Networks: Protocols, Terminology and Implementation", Artech

House Inc. (1999), ISBN 0-89006-471-7
G. Heine, "GPRS from A Z", Artech House Inc. (2000), ISBN 1-58053-181-4
G. Heine, "GPRS, EDGE, HSCSD and the Path to 3G", Artech House Inc. (2001),
CD-ROM, ISBN 1-58053-275-6
"System Description D900/D1800 - GSM PLMN" A50016-D1109-V11-2-7618
"Technical Description D900/D1800 - Switching Subsystem (SSS)" A50016D1109-V2-1-7618
"Base Station System (TED-BSS)" A30808-X3247-H10-1-7618
Siemens
Appendix
Abbreviations
AB
access burst
AC
authentication center
ACCH
associated control channel
ACE
antenna coupling equipment
ACE-Rx
ACE receive side
ACE-Tx
ACE transmit side
ACG
auxiliary clock generator
ACM
address complete message
ACU
antenna combining unit
ADC
analog to digital converter
AEF
additional elementary function
AF
audio frequency
AFC
automatic frequency control
AGC
automatic gain control
AGCH
access grant channel
AMA
automatic message accounting
AMPC
ATM bridge Processor C
ANT-COMB antenna combiner

AoC
advice of charge
AP
application part
APS
application program system
ARFCN
absolute radio frequency number
ARQ
automatic repeat request
ASN
ATM Switching Network
ATB
all trunks busy
ATE
automatic test equipment
AUC
authentication center
AUT(H)
authentication
BA
BCCH allocation
BAIC
barring of all incoming calls
BAOC
barring of all outgoing calls
BAP
base processor (CP113)
BCC
base transceiver station color code
Siemens
Appendix
BCCH
broadcast control channel
BCH
broadcast channel
BER
bit error rate
BHCA
busy hour call attempts
BIC- Roam
barring of incoming calls when roaming outside the HPLMN country
BNHO
barring all outgoing calls except those to HPLMN
BOIC
barring of outgoing international calls
BOIC-exHC barring of outgoing international calls except those directed to the

HPLMN
BS
base station
BSC
base station controller
BSCU
base station control unit
BSIC
base transceiver station identity code
BSS
base station system
BSSAP
base station system application part
BSSMAP
base station system management application part
BSSOMAP
base station system operation and maintenance application part
BSU
base station system switch unit
BTS
base transceiver station
CA
cell allocation
CAS
channel associated signaling
CAP
call processor (CP113)
CBCH
cell broadcast channel
CBS
cell broadcast service
CC
call control
CC
channel coding
CC
country code
CCBS
completion of calls to busy subscribers
CCC
common channel control
CCG
central clock generator
CCH
control channel
CCITT
Comit Consulatif International Tlphonique et Tlgraphique
CCNC
common channel signaling network control
CCNP
common channel signaling network processor
Siemens
Appendix
Appendix
Siemens
CCS7
common channel signaling system No. 7
CCS
common channel signaling
CCU
channel coding unit
CdPA
called party address
CF
call forwarding
CFB
call forwarding on mobile subscriber busy
CFNRc
call forwarding on mobile subscriber not reachable
CFNRy
call forwarding on no reply
CFU
call forwarding unconditional
CGI
cell global identity
CgPA
calling party address
CHA
component handling
CI
cell identity
CIC
circuit Identification code
CKSN
cipher key sequence number)
CLIP
calling line identification
CLIR
calling line identification restriction
CMD
command
CMY
common memory
CNI
comfort noise insertion
COLI
calling line identification
CoLP
connected line identification presentation
CoLR
connected line identification restriction
CP
call processing
CP
coordination processor
CPU
central processing unit
CR
code receiver
CRC
cyclic redundancy check
CT
call transfer
CT
Craft Terminal
CTC
continuity check
CUG
closed user group
CW
call waiting
DAS
digital announcement system
Siemens
Appendix
DB
dummy burts
DBMS
data base management system
DCCH
dedicated control channel
DCN
data communication network
DCP
data communication processor
DCS1800
digital communication system
DE
digital exchange
DEC
digital echo compensator
DEMUX
demultiplexer
DHA
dialogue handling
DIU
digital interface unit
Dm
control/data channel
DL
down link
DPC
destination point code)
DPPC
data post processing computer
DPPS
data post processing system
DRX
discontinuous reception
DSMX
digital signal multiplexer
DTAP
direct transfer application part
DTMF
dual tone multi frequency
DTX
discontinuous transmission
EIR
equipment identification register
EMML
extended man machine language
ERP
effective radiated power
EWSD
Digitales Elektronisches Whlsystem
FAC
final assembly code
FACCH
fast associated control channel
FACCH/F
full rate FACCH
FACCH/H
half rate FACCH
FB
frequency correction burst
FC
filter coupler
FCCH
frequency correction channel
FDMA
frequency division multiple access
FEC
forward error correction)
Siemens
Appendix
Appendix
Siemens
FHE
frequency hopping equipment
FN
frame number
FPLMTS
future public land mobile telecommunication system (CCITT)
GCR
Group Call Register
GMSC
gateway MSC
GMSK
gaussian minimum shift keying
GOS
grade of service
GP
guard period
GP
group processor
GSM
Global System for Mobile communications
GSM PLMN GSM public land mobile network

HANDO
handover
HC
hard copy
HF
history file
HLR
home location register
HLR-ID
home location register identity
HMSC
home MSC
HO
HANDO
HOLD
call hold
HPA
high power amplifier
HPLMN
home PLMN
HSN
hopping sequence number
IAM
initial address message
ICB
incoming calls barred
ID
identification
ID
identity
IMEI
international mobile equipment identity
IMN
installation manual
IMSI
international mobile subscriber identity
IMT-2000
International Mobile Telecommunications
IN
intelligent network
IOC
input/output controller
IOP
input/output processor
IOP: AUC
input/output processor for the authentication center
Siemens
Appendix
ISC
international switching center
ISDN
integrated services digital network
ISUP
OSDN user part
IWE
interworking equipment
IWF
interworking function
IWUP
interworking user part
Kc
cipher key (ciphering key)
Ki
individual subscriber authentication key
LA
location area
LAC
Location area code
LAI
location area identity
LAN
local area network
LAPDm
link access protocol on the Dm channel
LE
local exchange
LIC
Line Interface Circuit
Lm
TCH with capacity lower than Bm
LMSI
local mobile station identity
LMT
local maintenance terminal
LR
location register
LTG
line/trunk group
MA
mobile allocation
MAP
mobile application part
MAH
mobile access hunting
MB
message buffer
MBG
message buffer group
MBU
message buffer unit
MCC
mobile country code)
MCI
malicious call identification
ME
mobile equipment
MFC
multifrequency code
MGT
mobile global title
MIB
management information base
MM
mobility management
MMI
man machine interface
Siemens
Appendix
Appendix
Siemens
MMI
man machine interpreter
MMN
maintenance manual
MML
man machine language
MNAP
management network access point
MNC
mobile network code
MOC
mobile originating call
MP
Main Processor
MPTY
multi party service
MPU
Main Processor Unit
MS
mobile station
MS
mobile subscriber
MSC
mobile services switching center
MSIN
mobile subscriber identification number
MSISDN
mobile station international ISDN number
MSRN
mobile station roaming number
MT
mobile termination
MTC
mobile termination call
MTE
mobile termination equipment
MTP
message transfer part
NB
normal burst
NCC
network color code (PLMN color code)
NDC
national destination code
NE
network entity, network element
NEF
network element function
NF
network function
NI
national Indicator)
NM
network management
NMC
network management center
NMSI
national mobile station identification
O&M
operation and maintenance
OACSU
off air call set up
OCB
outgoing calls barred
ODAGEN
office date area generator
OMAP
operation & maintenance application part
Siemens
Appendix
OMC
operation & maintenance center
OMC- B
operation & maintenance center for BSS
OMC- S
operation & maintenance center for SSS
OMP
operation & maintenance processor
OMP- B
operation & maintenance processor for BSS
OMP- S
operation & maintenance processor for SSS
OMS
operation & maintenance subsystem
OMT
operation & maintenance terminal
OMT- B
operation & maintenance terminal for BSS
OMT- S
operation & maintenance terminal for SSS
OPC
originating point code
PA
power Amplifier
PCH
paging channel
PCM
pulse code modulation
PCM- INT
PCM interface
PCS
personalization center for SIM
PDN
public data network
PIN
personal identification number
PLMN
public land mobile network
PM
performance management
PSPDN
packet switched public data network
PSTN
public switched telephone network
PSU
power supply unit
QA
Q (interface adapter)
QOS
quality of service
RA
rate adaptation
RAB
random access burst
RACH
random access channel
RAE
recorded announcement equipment
RAND
random number
REC
recommendation
REQ
request
RES
response
RF
radio frequency
10
Siemens
Appendix
Appendix
Siemens
RFC
radio frequency channel
RFCH
radio frequency channel
RFCN
radio frequency channel number
RFM
radio frequency management
RFN
reduced TDMA frame number
RLP
radio link protocol
RMA
regional maintenance area
RMC
regional maintenance center
ROI
remote operation interface
ROSE
remote operation service element
RPE- LTP
regular pulse excited long term prediction
RR
RSE
radio system entity
RSS
radio subsystem
RT
radio terminal
RX or Rx
receiver
RXLEV
received signal level
RxMC
receiver multicoupler
RXQUAL
received signal quality
SACCH
Slow Associated Control Channel
SACCH/T
slow, TCH- associated control channel
SACCH/TF
slow, TCH/FS- associated control channel
SACCH/TH
slow, TCH/HS associated control channel
SAP
service access point
SAPI
service access point indicator
SB
synchronization burst
SC
Switch Commander
SCCP
signaling connection control part
SCF
Signaling Control Function
SCP
Signaling Control Point
SCH
synchronization channel
SCN
sub- channel number
SCP
service control point (IN)
SDCCH
standalone dedicated control channel
11
Siemens
Appendix
SFH
slow frequency hopping
SG
safeguarding
SGC
switch group control
SGL
service guidelines
SI
service indicator
SIM
subscriber identity module
SM
security management
SMC
submultiplex channel
SMG
Special Mobile Group
SMS
service management system
SN
subscriber number
SN
switching network
SNR
serial number
SP
signaling point
SPC
signaling point code
SPC
stored program control
SRES
signed response
SSF
Signaling Switching Function
SSG
space stage group
SSM
space stage module
SSNC
Signaling System Network Control
SSP
Service Switching Point
SSS
switching subsystem
STP
signaling transfer point
SW
software
SYP
system panel
SYPC
system panel control
SYPD
system panel display
TA
Terminal Adaptation
TAC
Type Approval Code
TAC
technical assistance center
TB
tail bit
TC
transaction capability
TCAP
transaction capability Part
12
Siemens
Appendix
Appendix
Siemens
TCB
transcoder board
TCG
transcoder group
TCGQ
transcoder group quartet
TCH
traffic channel
TCH/F
full rate traffic channel
TCH/FS
TCH full rate speech
TCH/H
half rate traffic channel
TCH/HS
TCH half rate speech
TDMA
time division multiple access
TE
terminal equipment
TETRA
Terrestrial Trunked Radio Access
THA
transaction handling
TMN
telecommunication management network
TMRP
tower mounted receiver preamplifier
TMS
telecommunication management system
TMS
test mobile station
TMSI
temporary mobile subscriber identity
TN
telecommunication network
TN
timeslot number
TRAU
transcoding and rate adaptation unit
TRX
transceiver
TS
tele service
TS
timeslot
TSM
time stage module
TSG
time stage group
TUP
telephony user part
TX or Tx
transmitter
UL
uplink
UMTS
universal mobile telecommunication system
UP
user part
UUS
user to user signaling
VAD
Voice Activity Detection
VBR
Variable Bit Rate
VE
exchange equipment
13
Siemens
Appendix
VBS
Voice Broadcast Service
VGCS
Voice Group Call Services
VHE
Virtual Home Environment
VLR
Visitor Location Register
VMSC
Visited MSC
VoIP
Voice over IP
VPLMN
Visited PLMN
WAN
Wide Area Network
WAP
Wireless Application Protocol
WARC
World Administrative Radio Conference
WLL
Wireless Local Loop
WS
Work Station
14
TRAINING SECTOR
Sub-sections
The way to CDMA Technology
Basic Concept of Spread Spectrum Technology
CDMA codes and its usage
CDMA Air Interface Overview
CDMA System Aspects
Appindex
Reference
Glossary
CDMA Overview
CDMA Overview
1
2
3
4
5
6
7
8
The Way to CDMA Technology

CDMA System Aspects
Appendix
References
Glossary
Pages
1
1
1
1
1
1
1
1
39
16
20
18
15
11
2
5
Chapter 1
The Way To CDMA Technology

Contents
1
1.1
1.2
1.3
2
2.1
2.2
3
3.1
3.2
4
4.1
5
5.1
5.2
6
6.1
6.2
7
7.1
7.2
7.2.1
7.2.1.1
7.2.2
7.2.2.1
7.2.3
8
8.1
Introduction to Cellular Technology

Progress in Radio Communications
The Growth in Cellular Market & its demands
Why is it called cellular?
Advantages of Digital Communications
Digital Communication
Digital Mobile Systems
Cellular System Architecture
System Architecture
Types of cells
Cellular System Components
Cellular System Components
Wireless Digital Transmission Problems
Reasons leading to Wireless Digital Transmission Problems
Result of Wireless Digital Transmission Problems
Solutions against Air transmission Problems
Solutions for Wireless Digital Transmission Problems
Solutions for Bit Error Rate
Duplex Transmission
Multiple Access Techniques
Frequency Division Multiple Access
The Advanced Mobile Phone Service (AMPS)
Time Division Multiple Access
The GSM network
Code Division Multiple Access
Data Transmission
Data Transmission Development
2
2
4
6
8
8
10
11
11
13
15
15
17
17
19
21
21
23
24
24
26
26
28
29
31
36
38
38
1 Introduction to Cellular Technology

1.1 Progress in Radio Communications
The quest to know the unknown and see the unseen is inherent in human nature.
It is this restlessness that has propelled mankind to ever-higher pinnacles and everdeeper depths. This insatiable desire led to the discovery of light as being
electromagnetic, paving the way to discovery of the radio.
The origin of radio can be traced back to the year 1680 to Newton theory of
composition of white light of various colors. This theory brought the importance as
light as an area of study to the attention of many scientists, especially those in
Europe, who began to pursue experiments with light which lead to
importantdiscoveries connected to the eventual development of the radio.
These discoveries are the foundation of todays wireless cimmunicaton systems.
Experiments with light are still being carried out today in many universities, and
industries. One of the outcomes of light experiments in the 1970s is the optical fiber,
which is currently being used for long haul voice and data transmission. It is
believed that the use of optical fiber technology will increase dramatically the
introduction of wideband networks for voice, data, and video transmission, which is
based on the Asynchronous Transfer Mode (ATM) switch.
Radio connections were first used for Wireless Communications in the late 19th
century; information was sent via "ether" as follows:
Progress in Radio communications
1873 Electromagnetic wave theory by J.C. Maxwell

1887 Experimental proof of the existence of electromagnetic waves by H. Hertz
1895 First receiver with antenna for weather reports by A. Popow
1895 First wireless transmission using spark inductor generated by G. M. Marconi
1897 Marconi Wireless Telegraphy Company founded
1901 First transatlantic transmission by Marconi
1909 First radio broadcast at New York, Caruso
1917 First mobile transmission, BS - train
1952 Usage of Analogue Mobile Systems in USA and Europe
1978 CEPT reserved 2x25MHz for GSM
1992 Commercial use of GSM
Fig.1
1.2 The Growth in Cellular Market & its demands

The cellular telephone industry has enjoyed phenomenal growth since its inception
in 1983. In just one more example of the impossibility of projecting the adoption of
new technologies, a widely accepted 1985 prediction held that the total number of
cellular subscribers might reach as many as 900,000 by the year 2000. In fact, by the
end of 1994 there were well over 20 million subscribers in the United States alone,
and approximately 50 million worldwide. Recent annual subscriber growth rates have
been as high as 40%, and it is believed that this growth rate could continue through
the rest of the 1990s.
In order to meet this increasing demand for service, new digital cellular telephone
systems have been introduced during the first half of the 1990s. As today's cellular
operators move to adopt these new technologies in their systems, they demand:
l
Increased capacity within their existing spectrum allocation and easy

deployment of any technology it takes to get them that capacity increase.
Higher capacities and lower system design costs (plus lower infrastructure
costs) which will lead to a lower cost per subscriber.
A lower cost per subscriber combined with new subscriber features, which
will help the operators to increase their market penetration.
An increased market penetration, which will lead to an increase in number of

subscribers and a system, which offers support for that, increased capacity.
High quality calls must be maintained during the change to or migration to any
new digital technology.
Avdantages of cellular communications
Fig.2
lower cost per subscriber

Increased market penetration
Higher capacities
lower system design costs
1.3 Why is it called cellular?

Everyone is familiar with the usage of the term cellular in describing mobile radio
systems. You probably know that it is called cellular because the network is
composed of a number of cells. Mobile radio systems work on the basis of cells for
two reasons.
The first reason is that radio signals at the frequencies used for cellular travel
only a few kilometers (kms) from the point at which they are transmitted.
They travel more or less equal distances in all directions; hence, if one transmitter
is viewed in isolation, the area around it where a radio signal can be received is
typically approximately circular. If the network designer wants to cover a large area,
then he must have a number of transmitters positioned so that when one gets to the
edge of the first cell there is a second cell overlapping slightly, providing radio signal.
Hence the construction of the network is a series of approximately circular cells.
The second reason has to do with the availability of something called radio
spectrum. Simply, radio spectrum is what radio signals use to travel through space.
Using a mobile radio system, it consumes a certain amount of radio spectrum for
the duration of the call. An analogy here is car parks. When you park your car in a car
park it takes up a parking space. When you leave the car park, the space becomes
free for someone else to use. The number of spaces in the car park is strictly limited
and when there are as many cars as there are spaces nobody else can use the car
park until someone leaves.
Radio spectrum in any particular cell is rather like this. However, there is an
important difference. Once you move far enough away from the first cell, the radio
signal will have become much weaker and so the same bit of radio spectrum can be
reused in another cell without the two interfering with each other. By this means, the
same bit of radio spectrum can be reused several times around the country. So
splitting the network into a number of small cells increases the number of users who
can make telephone calls around the country.
So, in summary, cellular radio systems are often called cellular because the
network is composed of a number of cells, each with radius of a few kilometers,
spread across the country. This is necessary because the radio signal does not travel
long distances from the transmitter, but it is also desirable because it allows the radio
frequency to be reused, thus increasing the capacity of the network.
Fig. 3
2 Advantages of Digital Communications

2.1 Digital Communication
First of all we can say that a digital communication system is one where the voice
signal has been digitized prior to wireless transmission.
Digitizing is aprocess where the voice signal is sampled and discrete, numiric
representation of the signal are transmitted ,rather than the original signal itself.
This is much different from analog systems where the original,continuous voice
signal is transmitted using a standard form of FM modulation.
As the term Digital implies, the voice signal is digitized for transmission within the
cellular networks.Once digitized, Advanced coding , transmission,and error correction
techniques are employed. These additional techniques make it possible to detect and
correct transmission errors at the receiving end.
Another advantage of digital wireless communications is that digital provides more
traffic capacity per given RF spectrum. This is made possible by using the channel
bandwidth more efficiently .
In digital systems, multible users occupy the same frequency, and they are
separated by time or codes. This is more efficient than assigning each user to a
separate frequency , which is efficient than assigning each user to a separate
frequency, which is common in analog systems.
Digital systems also use techniques to reduce, or compress the amount of
information to be transmitted over the air from each user.
These compression techniques can take advantage of the probability that not
every user needs maximum bandwidth at exactly the same moment.
Another advantage of digital communication system is that they have ah inherent
level of security . Unothorized listeners must have complex receivers, they must
decode the digital information, and then they must convert the digital signal into
analog signal.
Digital has better built-in support for non-voice services and user data traffic.
By bypassing the voice signal compression process, user data can be processed
directly in their digital formats.
With digital systems, there is no need to convert the signal. The data is simply
passed through as digital information. This digital information can usually be
processed through the system at higher speeds.
Lastly , Analog sytems, on the other hand, use much simpler transmission
techniques, which require a receiver no more complex than an inexpensive FM radio.
Avdantages of digital communications

Signal
Quality
Digital Signal
Analogue
Signal
Transmission
Quality:
Easy to regenerate
Distance to BS
Fig. 4
Fig. 5
Security
Higher capacities
Easily Maintainance
Minaturization an friendleness
High Quality with low cost
Worlwide Availability
New Service Implementation
High Fidility
2.2 Digital Mobile System

As demand for mobile telephone service has increased, service providers found
that basic engineering assumptions borrowed from wireline (landline) networks did
not hold true in mobile systems and the early analogue systems quickly became
saturated, and the quality of service decreased rapidly.
The components of a typical digital cellular system is shown in fig..
The advantages of digital cellular technologies over analog cellular networks
include increased capacity and security. Technology options such as TDMA and
CDMA offer more channels in the same analog cellular bandwidth and encrypted
voice and data.
Fig.6
10
3 Cellular System Architecture

3.1 System Architecture
Increases in demand and the poor quality of old service led mobile service
providers to research ways to improve the quality of service and to support more
users in their systems. Because the amount of frequency spectrum available for
mobile cellular use was limited, efficient use of the required frequencies was needed
for mobile cellular coverage. In modern cellular telephony, rural and urban regions
are divided into areas according to specific provisioning guidelines.
Deployment parameters, such as amount of cell-splitting and cell sizes, are
determined by engineers experienced in cellular system architecture.
Provisioning for each region is planned according to an engineering plan that
includes cells, clusters, frequency reuse, and handovers.
Cells and Cell Splitting
A cell is the basic geographic unit of a cellular system.The term cellular comes
from the honeycomb shape of the areas into which a coverage region is divided.
Cells are base stations transmitting over small geographic areas that are represented
as hexagons. Each cell size varies depending on the landscape. Because of
constraints imposed by natural terrain and man-made structures, the true shape of
cells is not a perfect hexagon.
Unfortunately, economic considerations made the concept of creating full systems
with many small areas impractical. To overcome this difficulty, system operators
developed the idea of splitting cells into sectors to form sector cells
.
Clusters
A cluster is a group of cells in which all available frequencies have been used
once. No channels are reused within a cluster.
Frequency Reuse
The concept of frequency reuse is based on assigning to each cell a group of radio
channels used within a small geographic area. Cells are assigned a group of
channels that is completely different from neighboring cells. The coverage area of
cells are called the footprint. This footprint is limited by a boundary so that the same
group of channels can be used in different cells that are far enough away from each
other so that their frequencies do not interfere.Cells with the same number have the
same set of frequencies.
11
Cluster
Fig.7
Fig.8
12
3.2 Types of cells

Different types of cells are used due to the density variation of population.
Macrocells
The macrocells are large cells for remote and sparsely populated areas.
Microcells
These cells are used for densely populated areas. By splitting the existing areas
into smaller cells, the number of channels available is increased as well as the
capacity of the cells. The power level of the transmitters used in these cells is then
decreased, reducing the possibility of interference between neighboring cells.
Selective cells
It is not always useful to define a cell with a full coverage of 360 degrees. In some
cases, cells with a particular shape and coverage are needed. These cells are called
selective cells.
A typical example of selective cells is the cells that may be located at the
entrances of tunnels where coverage of 360 degrees is not needed. In this case, a
selective cell with coverage of 120 degrees is used.
Umbrella cells
A freeway crossing very small cells produces an important number of handovers

among the different small neighboring cells. In order to solve this problem, the
concept of umbrella cells is introduced. An umbrella cell covers several microcells.
The power level inside an umbrella cell is increased comparing to the power levels
used in the microcells that form the umbrella cell. When the speed of the mobile is
too high, the mobile is handed off to the umbrella cell. The mobile will then stay
longer in the same cell (in this case the umbrella cell). This will reduce the number of
handovers and the work of the network .A too important number of handover
demands and the propagation characteristics of a mobile can help to detect its high
speed.
Handoff
The final obstacle in the development of the cellular network involved the problem
created when a mobile subscriber traveled from one cell to another during a call. As
adjacent areas do not use the same radio channels, a call must either be dropped or
transferred from one radio channel to another when a user crosses the line between
adjacent cells. Because dropping the call is unacceptable, the process of handoff
was created. Handoff occurs when the mobile telephone network automatically
transfers a call from radio channel to radio channel as a mobile crosses adjacent
cells.
During a call, When the mobile unit moves out of the coverage area of a given cell
site, the reception becomes weak. At this point, the cell site in use requests a
handoff. The system switches the call to a stronger frequency channel in a new site
and the call continues as long as the user is talking, and the user does not notice the
handoff at all.
13
Fig.9
Fig.10
Fig.11
14
4 Cellular System Components

4.1 Cellular System Components
The cellular system offers mobile and portable telephone stations the same
service provided fixed stations over conventional wired loops. It has the capacity to
serve tens of thousands of subscribers in a major metropolitan area. The cellular
communications system consists of the following four major components that work
together to provide mobile service to subscribers:
1. Mobile telephone switching office (MTSO)
2. Cell site with antenna system
3. Mobile Station (MS)
Mobile Telephone Switching Office (MTSO)
The MTSO is the central office for mobile switching. It houses the mobile switching
center (MSC), field monitoring and relay stations for switching calls from cell sites to
wireline central offices (PSTN).
The Cell Site
The term cell site is used to refer to the physical location of radio equipments that
provide coverage within a cell. A list of hardware located at a cell site includes power
sources, interface equipment, radio frequency transmitters and receivers, and
antenna systems.
Mobile Station (MS)
The mobile subscriber unit consists of a control unit and a transceiver that
transmits and receives radio transmissions to and from a cell site. Three types of
MSUs are available:
1. The mobile telephone (typical transmit power is 4.0 watts)
2. The portable (typical transmit power is 0.6 watts)
3. The transportable (typical transmit power is 1.6 watts)
The mobile telephone is installed in the trunk of a car, and the handset is installed
in a convenient location to the driver. Portable and transportable telephones are hand
held and can be used anywhere. The use of portable and transportable telephones
is limited to the charge life of the internal battery.
15
Fig.12
16
5 Wireless Digital Transmission Problems

5.1 Reasons leading to Wireless Digital Transmission
Problems
Wireless communication channels suffer from severe attenuation and signal
fluctuations and this is mainly due to three important reasons which are:
1. Velocity of Mobile Station within the area of the Base Tranciever Station.
2. Distance between Mobile Station and the Base Tranciever Station.
3. Obstacles between the Mobile Station and the Base Tranciever Station.
Large attenuation is due to the users mobility through the propagation
environment that causes almost no direct signal from the transmitter can reach the
receiver. Even if so, the line-of-sight signal may be superimposed by its reflected
or scattered duplicates that reach the receiver at different time instant causing
signal fluctuations. When a mobile station moves from one location to another, all
propagation scenario may change completely and the received signal changes
accordingly. Three different models that are commonly used to characterise a
wireless channel are:
Propagation path loss (near-far attenuation) .
Shadowing (variation on the average power) .
Multipath fading (fast signal fluctuation).
Propagation path loss
It occurs when the received signal becomes weaker and weaker due to
increasing distance between MS and BTS . Path loss is proportional to the square
of the distance and the square of the transmitted frequency .
Shadowing
It is due to obstacles being between the MS and the BTS , like buildings, hills
etc. When the MS moves around , the signal fluctuates normally around a mean
value depending on the obstacles.
Multipath fading
It occures when there is more than one transmission path to the MS or BTS ,
and therefore more than one signal is arriving at the receiver .This may be due to
buildings or mountains , either close to or far from the reciving device,Rayleigh
fading and time dispersion are forms of multipath fading.
1. Rayleigh fading
It occures when the signal takes more than one path between the MS and
BTS. Rayleigh fading occurs when the obstacles are near to the receiving antenna
2. Time dispersion
It contrasts to Rayleigh fading , the reflected signal comes from an object far
away from the receiving antenna .Since the bit rate on the air is 270 kbit/sec,one
bit corresponds to 3.7 sec or 1.1 km . If an obstacle is further than 500 m away,
then the reflected bit will interfere with the next transmitted bit (ISI).
17
Fig.13
Fig.14
18
5.2 Result of Wireless Digital Transmission Problems
Bit Error Rate
Sometimes, when you are using a mobile phone, you will notice that the speech
quality breaks up or disappears completely for short periods of time. By moving
toward a window you can sometimes improve the situation. This loss of speech
quality is caused by errors. That means, the transmitter might send 1011, but
because of propagation problems, such as fast fading, the receiver gets 1001.The
third bit is said to be in error. This is a little like spelling something over the
phone.You might say S but the person at the other end might respond was that F?
An error was made because the line was not of sufficient quality.
Mobile phones contain advanced systems for correcting errors but However, these
systems are not always able to remove all the errors. Without error correction, the
speech quality would always be so terrible that you would never be able to
understand the other person.
Interference, fading, and random noise cause errors to be received, the level of
which will depend on the severity of the interference. The presence of errors can
cause problems. For speech coders such as ADPCM (Adaptive Defrential PCM), if
the bit error rate (BER) rises above 10-3 (that is, 1 bit in every 1000 is in error, or the
error rate is 0.1%) then the speech quality becomes unacceptable.
For near-perfect voice quality, error rates of the order of 10-6 are required. For data
transfers, users expect much better error rates, for example on computer files, error
rates higher than 10-9 are normally unacceptable.
If the only source of error on the channel was random noise, then it would be
possible, and generally efficient, to simply ensure that the received signal power was
sufficient to achieve the required error performance without any need for error
correction. However, where fast fading is present, fades can be momentarily as deep
as 40 dB. To increase the received power by 40 dB to overcome such fades would
be highly inefficient, resulting in a significantly reduced range and increased
interference to other cells. Instead, error correction coding accepts that bits will be
received in error during fades but attempts to correct these using extra bits
(redundant bits) added to the signal.
19
Fig.15
20
6 Solutions of Air transmission problems

6.1 Solutions for Wireless Digital Transmission
Problems
Antenna Diversity
It increases the received signal strength by taking advantage of the nature

properties of radio waves , there are two diversity methods, they are :1. Space diversity .
2. Polarization diversity .
Space diversity
can be achieved by mounting two receivers instead of one . If the two receivers
are physically separated , the probability that both of them are affected by a deep
fading dip at the same time is low .
Polarization diversity
With this technique the two space diversity receivers are replased by one dual
polarized antenna , the antenna contains two differently polarized antenna arrays.
Time Advance
Time Advance is introduced to overcome the effect of time alignment. When the
MS is moving far away from the BTS , this BTS tells the MS how much time ahead of
the synchronization time it must transmit the burst .
21
Fig.16
Fig.17
22
6.2 Solutions for Bit Error Rate
Channel Coding
Error correction is widely deployed in mobile radio, where fast fading is

almost universally present. Error correction systems all work by adding redundancy
to the transmitted signal. The receiver checks that the redundant information is as it
would have expected and, if not, can make error correction decisions. In an error
detection scheme, the receiver requests that the block that was detected to be in
error is retransmitted. Such schemes are called automatic request repeat
(ARQ).Some of the more advanced coding systems can perform error correction and
also detect if there were too many errors for it to be possible to correct them all and
hence request retransmission in this case.
Interleaving
Signals traveling through a mobile communication channel are susceptible

to fading. The error-correcting codes are designed to combat errors resulting from
fades and, at the same time, keep the signal power at a reasonable level. Most errorcorrecting codes perform well in correcting random errors. However, during periods
of deep fades, long streams of successive or burst errors may render the errorcorrecting function useless. Interleaving is a technique for randomizing the bits in a
message stream so that burst errors introduced by the channel can be converted to
random errors.
Fig.18
23
7 Transmission Principles
7.1 Duplex Transmission
FDD and TDD
Two duplex methods are used for coordinating the uplink (UL) and downlink (DL)
components of a transmission between a base station and a mobile station, namely
Frequency Division Duplex (FDD) and Time Division Duplex (TDD).
UL and DL are implemented for FDD in different frequency bands. The gap
between the two frequency bands for UL and DL is known as the duplex distance. It
is constant for all mobile stations in a standard. Generally the DL frequency band is
positioned at the higher frequency than the UL band.
In the case of TDD, UL and DL are implemented in the same frequency band,
Uplink (UL) and Downlink (DL) takes place at different times. There is fast switching
between UL and DL transmission, so that the user has the impression of
simultaneous transmission and reception.
As a result, only a fraction of the time needed for analog transmission is required
for digital transmission of subscriber data.
24
Fig.19
Fig.20
25
7.2 Multiple Access Techniques

Wireless telecommunications has drastic increase in popularity, resulting in the
need for technologies that allow multiple users to share the same spectrum, called
Multiple Access techniques.
FDMA, TDMA and CDMA are the three major technologies available, along with
variations of each.
All three technologies have one goal in common that is the most important concept
to any cellular telephone systems which is Multiple Access, meaning that multiple,
simultaneous users can be supported. In other words, a large number of users share
a common pool of radio channels. The technologies differ significantly in the manner
by which they accomplish this sharing.
7.2.1 Frequency Division Multiple Access

FDMA is used for standard analog cellular. Each user is assigned a discrete band
of the RF spectrum.The voice signal of each user is modulated on a separate
channel frequency, which is assigned 100% of the time to that user.
For example:
AMPS systems use 30 kHz "slices" of spectrum for each channel. Narrowband
AMPS (NAMPS) requires only 10 kHz per channel. TACS channels are 25 kHz wide.
With FDMA, only one subscriber at a time is assigned to a channel. No other
conversations can access this channel until the subscriber's call is finished, or until
that original call is handed off to a different channel by the system. In order to
overcome this inefficiency, digital access technologies were introduced.
FDMA requires NO system timing.
FDMA requires NO timing accuracy.
FDMA based Analog system generally considered as a low capacity system.
26
Fig.21
27
7.2.1.1 The Advanced Mobile Phone Service (AMPS)

AMPS was released in 1983 using the 800-MHz to 900-MHz frequency band and
the 30 kHz bandwidth for each channel as a fully automated mobile telephone
service. It was the first standardized cellular service in the world and is currently the
most widely used standard for cellular communications. Designed for use in cities,
AMPS later expanded to rural areas. It maximized the cellular concept of frequency
reuse by reducing radio power output. The AMPS telephones (or handsets) have the
familiar telephone-style user interface and are compatible with any AMPS base
station. This makes mobility between service providers (roaming) simpler for
subscribers. Limitations associated with AMPS include:
1. Low calling capacity
2. Limited spectrum
3. No room for spectrum growth
4. Poor data communications
5. Minimal privacy
6. Inadequate fraud protection
AMPS is used throughout the world and is particularly popular in the United
States, South America, China, and Australia. AMPS uses frequency modulation (FM)
for radio transmission. In the United States, transmissions from mobile to cell site use
separate frequencies from the base station to the mobile subscriber.
28
7.2.2 Time Division Multiple Access

In TDMA users are still assigned a discrete slice of RF spectrum, but multiple
users now share that RF channel on a time slot basis. Each of the users alternate
their use of the RF channel . Frequency Division is still used, but these carriers are
now further subdivided into some number of time slots ber carrier.
A user is assigned a particular time slot in a carrier and can only send or receive
information at those times. This is true wether or not the other time slots are being
used. Information flow is not continuous for any user, but rather is sent and received
in bursts . The bursets are re-assembled at the receiving end , and appear to
provide continuous sound because the process is very fast.
TDMA digital standards include North American Digital Cellular (known by its
standard number IS-54), Global System for Mobile Communications (GSM), and
Personal Digital Cellular (PDC).
For example, IS -54 based TDMA system, a 30 kHz channel is divided into 6 time
slots each with 30 kHz band modulated signal. Although there are 6 time slots, each
user needs 2 time slots, so there are a total of 3 users per 30 kHz channel. This is
three times more efficient than AMPS
PDC divides 25 kHz slices of spectrum into three channels.
GSM system uses both FDMA and TDMA operates with a 200 Khz bandwidth,
divided into 8 timeslots, where each user is assigned a single timeslot, thus allowing
8 users per channel frequency.
TDMA requires timing synchronization
TDMA requires millisecond accuracy.
GSM and TDMA are about 3 times more spectral efficient than analog.
29
Fig.22
30
7.2.2.1 The GSM network

The GSM technical specifications define the different entities that form the GSM
network by defining their functions and interface requirements.
The GSM network can be divided into four main parts:
The Mobile Station (MS).
The Base Station Subsystem (BSS).
The Network and Switching Subsystem (NSS).
The Operation and Support Subsystem (OSS).
Mobile Station MS
A Mobile Station consists of two main elements:

1. The Mobile Equipment Terminal.
2. The Subscriber Identity Module (SIM).
There are different types of terminals distinguished principally by their power and
application: The `fixed' terminals are the ones installed in cars. Their maximum
allowed output power is 20 W.The GSM portable terminals can also be installed in
vehicles. Their maximum allowed output power is 8W.
The handhels terminals have experienced the biggest success thanks to their
weight and volume, which are continuously decreasing. These terminals can emit up
to 2 W. The evolution of technologies allows decreasing the maximum allowed power
to 0.8 W.
The SIM (Subscriber Identity Module)
The SIM is a smart card that identifies the terminal. By inserting the SIM card into
the terminal, the user can have access to all the subscribed services. Without the
SIM card, the terminal is not operational. The SIM card is protected by a four-digit
Personal Identification Number (PIN). In order to identify the subscriber to the
system, the SIM card contains some parameters of the user such as its International
Mobile Subscriber Identity (IMSI).
Another advantage of the SIM card is the mobility of the users. In fact, the only
element that personalizes a terminal is the SIM card. Therefore, the user can have
access to its subscribed services in any terminal using its SIM card.
31
Fig.23
32
The Base Station Subsystem
The BSS connects the Mobile Station and the NSS. It is in charge of the transmission
and reception. The BSS can be divided into two parts:
The Base Transceiver Station (BTS).
The Base Station Controller (BSC).
1. The Base Transceiver Station:

The BTS corresponds to the transceivers and antennas used in each cell of the
network. A BTS is usually placed in the center of a cell. Its transmitting power defines
the size of a cell. Each BTS has between one and sixteen transceivers depending on
the density of users in the cell.
2. The Base Station Controller:
The BSC controls a group of BTS and manages their radio ressources. A BSC is
principally in charge of handovers, frequency hopping, exchange functions and
control of the radio frequency power levels of the BTSs.
Fig.24
33
The Network and Switching Subsystem
Its main role is to manage the communications between the mobile users and
other users, such as mobile users, ISDN users, fixed telephony users, etc. It also
includes data bases needed in order to store information about the subscribers and
to manage their mobility. The different components of the NSS are described below.
1. The Mobile services Switching Center (MSC)
It is the central component of the NSS. The MSC performs the switching functions
of the network. It also provides connection to other networks.
2. Home Location Register (HLR)
The HLR is considered as a very important database that stores information of the
suscribers belonging to the covering area of a MSC. It also stores the current location
of these subscribers and the services to which they have access. The location of the
subscriber corresponds to the SS7 address of the Visitor Location Register (VLR)
associated to the terminal.
3. Visitor Location Register (VLR)
The VLR contains information from a subscriber's HLR necessary in order to
provide the subscribed services to visiting users. When a subscriber enters the
covering area of a new MSC, the VLR associated to this MSC will request information
about the new subscriber to its corresponding HLR. The VLR will then have enough
information in order to assure the subscribed services without needing to ask the
HLR each time a communication is established. The VLR is always implemented
together with a MSC; so the area under control of the MSC is also the area under
control of the VLR.
4. The Authentication Center (AuC)
The AuC register is used for security purposes. It provides the parameters needed
for authentication and encryption functions. These parameters help to verify the
user's identity.
5. The Equipment Identity Register (EIR)
The EIR is also used for security purposes. It is a register containing information
about the mobile equipments. More particularly, it contains a list of all valid terminals.
It is identified by its International Mobile Equipment Identity (IMEI). The EIR allows
then to forbid calls from stolen or unauthorized terminals (e.g, a terminal which does
not respect the specifications concerning the output RF power).
6. The Operation and Support Subsystem (OSS)
The OSS is connected to the different components of the NSS and to the BSC, in
order to control and monitor the GSM system. It is also in charge of controlling the
traffic load of the BSS. However, the increasing number of base stations, due to the
development of cellular radio networks, has provoked that some of the maintenance
tasks are transfered to the BTS. This transfer decreases considerably the costs of the
maintenance of the system.
34
Fig.25
35
7.2.3 Code Division Multiple Access

CDMA is a general category of digital wireless radio technologies that uses spread
spectrum techniques to modulate information across given bandwidth.
IS-95 was the first application of CDMA, where information signals from all users
are simultaneously modulated across the entire channel band width (1.23 Mhz).
Unique digital codes keep users separated on the 1.23 Mhz channel.
All the three multiple Access technologies take advantage of the fact that radio
signals travel only a finite distance. The result is that frequencies can be reused with
minimal interference after a minimum distance. The resulting assignment of
frequencies is referred to reuse pattern.
CDMA doesnt require frequency reuse pattern i.e. every code can be used in
every sector of every cell.
In CDMA, timing is critical and aquired from the Global Positioning systemGPS
as accurate synchronization between cells is critical to CDMA operation.
CDMA also requires microsecond accuracy.
The major advantage of CDMA when compared to the other technologies is its
efficient use of available spectrum, as bandwidth efficiecy directly to system capacity.
The greater the efficiency, the more users can share the same spectrum, but it also
can impact the amount of infrastructure equipment required to support a given
number of users. This indirectly impacts the cost of operation.
In recent times, CDMA has gained widespread international acceptance by cellular
radio system operators as an upgrade that will increase both their system capacity
and the service quality.
36
Fig.26
37
8 Data Transmission
8.1 Data Transmission Development
One of the problems of data transmission using GSM is posed by the current
comparatively user-unfriendly usage of data services in the terminals (e.g. SMS) or
the complicated connection of terminal equipment via adapter.
Terminal equipment in which different functions are integrated, as well as displays
optimized for each individual data transmission form provide an answer to this.
A decisive problem is posed by the comparatively low data transmission rates of
GSM Phase 1 and 2. Data transmission rates of 0.3 -9.6 kbit/s compared to 64 kbit/s
using ISDN are considerably too low.
To increase the data transmission rates in the Europian system new bearer
services are being developed in GSM Phase 2+, which will adapt the data
transmission rates to the ISDN transmission rates in various usage areas or even, be
considerably above them.
1. High Speed Circuit Switched Data HSCSD
2. General Packet Radio Service GPRS
3. Enhanced Data rates for the GSM Evolution EDGE
To increase the data transmission rates in American System after deployment of
CDMA techniques IS95B was developed, which will adapt the data transmission
rates to the ISDN transmission rates in various usage.
38
Fig.27
Fig.28
39
Chapter 2
Basic Concept of Spread
Spectrum Technology
Basic Concept of Spread Spectrum

Technology
Contents
1
1.1
1.1.1
1.1.2
1.1.3
1.2
1.3
1.4
1.5
1.6
1.7
2
Advantages of CDMA
Increased Capacity
Lowering Eb/NO
Power Control
Improved Call Quality
Simplified System Planning
Enhanced Privacy
Improved Coverage
Increased Portable Talk Time
Bandwidth on Demand
Spread Spectrum Technology
2.1
2.2
2.2.1
2.2.2
2.2.3
2.3
2.3.1
2.3.2
2.4
2.4.1
2.4.2
2.5
2.5.1
2.5.2
Properties of SS signals
Spread-Spectrum Multiple Access
Direct Sequence Spread Spectrum
Advantages of DS-SS
Disadvantages of DS-SS
Frequency Hopping Spread Spectrum
Advantages of FH-SS
Disadvantages of FH-SS
Time Hopping Spread Spectrum (TH-SS)
Advantages of TH-SS
Disadvantages of TH-SS
Hybrid Systems
Advantages of H-SS
Disadvantages of H-SS
2
2
2
2
2
4
4
4
4
4
4
6
8
10
10
10
10
12
12
12
14
14
14
16
16
16
1 Advantages of CDMA
When implemented in a cellular telephone system, CDMA technology offers
many benefits to meet Mobile Radio Requirements. The following is an overview
of the advantages of CDMA.
1.1 Increased Capacity

Capacity can be increased in cellular systems in one of two ways:
1. By getting more channels per MHz of spectrum
2. By getting more channels reuse per unit of geographic area
With CDMA, signals can be received in the presence of high levels of interference, All
users on a carrier share the same RF spectrum. The same CDMA RF carrier frequency is
used in every cell site, and in every sector of a sector cell site.
Increasing capacity in CDMA can be done by the following techniques: -
1.1.1 Lowering Eb/No

Eb/No provides a measure of the performance of a CDMA link between the mobile and
the cell. It is the ratio in dB between the energy of each information bit and the noise
spectral density. The noise is a combination of background interference and the
interference created by other users on the system.
CDMA describes Eb/No noise interference in terms of the Frame Erasure Rate (FER).
Using an interference threshold, the CDMA system erases frames of information that
contain too many errors. The FER, then, describes the number of frames that were erased
due to poor quality. Therefore, as the E b/No level increases, the FER decreases, and
system voice quality is improved.
1.1.2 Voice Activity Detection

When no voice activity is detected, the vocoder will drop its encoding rate, because there
is no reason to have high speed encoding of silence. The encoded rate can drop to1 kbps
or less. Thus the variable rate vocoder uses up channel capacity only as needed. Since the
level of "interference" created by all of the users directly determines system capacity, and
voice activity detection reduces the noise level in the system, capacity can be maximized.
1.1.3 Power Control

CDMA can also increase system capacity by using POWER CONTROL, which will be
discussed later.
Fig.1
Fig.2
1.2 Improved Call Quality

Cellular telephone systems using CDMA are able to provide higher quality sound and
fewer dropped calls than systems based on other technologies. Advanced error detection
and error correction schemes greatly increase the likelihood that frames are interpreted
correctly. Sophisticated vocoders offer high speed coding and reduce background noise.
CDMA takes advantage of various types of diversity to improve speech quality.
1.3 Simplified System Planning

All users on a CDMA carrier share the same RF spectrum.
1.4 Enhanced Privacy

CDMA is an Anti Jamming system. In addition, since the digitized frames of information
are spread across a wide slice of spectrum, it is unlikely that a casual eavesdropper will be
able to listen in on a conversation.
1.5 Improved Coverage

A CDMA cell site has a greater range than a typical analog or digital cell site. Therefore
fewer CDMA cell sites are required to cover the same area. Depending on system loading
and interference, the reduction in cells could be as much as 50% when compared to GSM!
CDMA's greater range is due to the fact that CDMA uses a more sensitive receiver than
other technologies.
1.6 Increased Portable Talk Time

Because of precise power control and other system characteristics, CDMA subscriber
units normally transmit at only a fraction of the power of analog and TDMA phones. This will
enable portables to have longer talk and standby time. (This direct comparison assumes, of
course, similar cell sizes between the CDMA and analog or TDMA systems.)
1.7 Bandwidth on Demand

A wideband CDMA channel provides a common resource that all mobiles in a system
utilize based on their own specific needs. At any given time, the portion of this "bandwidth
pool" that is not used by a given mobile is available for use by any other mobile. This
provides a tremendous amount of flexibility - a flexibility that can be exploited to provide
powerful features, such as higher data rate services. In addition, because mobiles utilize
the "bandwidth pool" independently, these features can easily coexist on the same CDMA
Fig.3
2 Spread Spectrum Technology

The major concern in Wireless is digital communication is efficient use of
Bandwidth and power. But there are scenarios where it is necessary to sacrifice
the efficient use for design considerations. One such scenario is secure communication in
hostile environment. This design objective is met using a modulation technique called as
Spread Spectrum (SS).
Defining Spread Spectrum
A complete definition to Spread Spectrum is in two parts
1. Spread Spectrum is a means of transmission in which the data sequences occupy a
bandwidth in excess of the minimum bandwidth necessary to send it.
2. Spread Spectrum is accomplished before transmission through the use of a code
that is independent of data sequences .The same code is used at the receiver to
despread the received signal so that the original data sequence may be recovered.
In CDMA each user is assigned a unique code sequence it uses to encode its
information-bearing signal. The receiver, knowing the code sequences of the user, decodes
a received signal after reception and recovers the original data. This is possible since the
crosscorrelations between the code of the desired user and the codes of the other users
are small. Since the bandwidth of the code signal is chosen to be much larger than the
bandwidth of the information-bearing signal, the encoding process enlarges (spreads) the
spectrum of the signal and is therefore also known as spread-spectrum modulation. The
resulting signal is also called a spread-spectrum signal, and CDMA is often denoted as
spread-spectrum multiple access (SSMA) the spectral spreading of the transmitted signal
gives to CDMA its multiple access capability. It is therefore important to know the
techniques necessary to generate spread-spectrum signals and the properties of these
signals. A spread-spectrum modulation technique must be fulfill two criteria:
The transmission bandwidth must be much larger than the information bandwidth.
The resulting radio-frequency bandwidth is determined by a function other than the
information being sent (so the bandwidth is statistically independent of the information
signal).
The ratio of transmitted bandwidth to information bandwidth is called the processing
gain, Gp, of the spread-spectrum system; the receiver correlates the received signal with a
synchronously generated replica of the spreading code to recover the original informationbearing signal. This implies that the receiver must know the code used to modulate the
data.
Because of the coding and the resulting enlarged bandwidth, SS signals have a number
of properties that differ from the properties of narrowband signals. The most interesting
ones, from the communication systems point of view, are discussed below.
Fig.4
Fig.5
2.1 Properties of SS signals
Multiple Access Capability
If multiple users transmit a spread-spectrum signal at the same time, the receiver will still
be able to distinguish between the users provided each user has a unique code that has a
sufficiently low cross-correlation with the other codes. Correlating the received signal with a
code signal from a certain user will then only despread the signal of this user, while the
other spread-spectrum signals will remain spread over a large bandwidth. Thus, within the
information bandwidth the power of the desired user will be larger than the interfering power
provided there are not too many interferers, and the desired signal can be extracted.
Protection Against Multipath Interference
In a radio channel there is not just one path between a transmitter and receiver.
Due to reflections (and refractions) a signal will be received from a number of different
paths. The signals of the different paths are all copies of the same transmitted signal but
with different amplitudes, phases, delays, and arrival angles. Adding these signals at the
receiver will be constructive at some of the frequencies and destructive at others. In the
time domain, this results in a dispersed signal. Spread-spectrum modulation can combat
this multipath interference.
Privacy & Interference Rejection
The transmitted signal can only be despread and the data recovered if the receiver
knows the code. Cross-correlating the code signal with a narrowband signal will spread the
power of the narrowband signal thereby reducing the interfering power in the information
bandwidth.
Anti-Jamming capability
This is more or less the same as interference rejection except the interference is now
willfully inflicted on the system. It is this property, together with the next one, that makes
spread-spectrum modulation attractive for military applications.
Low Propability of Interception
Because of its low power density, the spread-spectrum signal is difficult to detect and
intercept by a hostile listener.
Fig.6
Fig.7
2.2 Spread-Spectrum Multiple Access (SS-MA)

2.2.1 Direct Sequence Spread Spectrum (DS-SS)
In DS-CDMA the modulated information bearing signal (the data signal) is directly
modulated by a digital, discrete-time, discrete-valued code signal. The data signal can be
either analog or digital; in most cases it is digital.
In the case of a digital signal the data modulation is often omitted and the data signal is
directly multiplied by the code signal and the resulting signal modulates the wideband
carrier. It is from this direct multiplication that the direct sequence CDMA gets its name.
After transmission of the signal, the receiver uses coherent demodulation to despread
the SS signal, using a locally generated code sequence. To be able to perform the
dispreading operation, the receiver must not only know the code sequence used to spread
the signal, but the codes of the received signal and the locally generated code must also be
synchronized. This synchronization must be accomplished at the beginning of the reception
and maintained until the whole signal has been received. The code
synchronization/tracking block performs this operation. After despreading a data modulated
signal results, and after demodulation the original data can be recovered.
2.2.2 Advantages of DS-SS:

The generation of the coded signal is easy. It can be performed by a simple
multiplication.
Since only one carrier frequency has to be generated, the frequency synthesizer (carrier
generator) is simple.
Coherent demodulation of the DS signal is possible.
No synchronization among the users is necessary.
2.2.3 Disdvantages of DS-SS:

It is difficult to acquire and maintain the synchronization of the locally generated code
signal and the received signal. Synchronization has to be kept within a fraction of the chip
time.
For correct reception the synchronization error of locally generated code sequence and
the received code sequence must be very small, a fraction of the chip time.
The power received from users close to the base station is much higher than that
received from users further away. Since a user continuously transmits over the whole
bandwidth, a user close to the base will constantly create a lot of interference for users far
from the base station, making their reception impossible. This near-far effect can be solved
by applying a power control algorithm so that all users are received by the base station with
the same average power. However this control proves to be quite difficult.
10
Fig.8
Fig.9
11
2.3 FREQUENCY HOPPING Spread Spectrum (FH-SS)

In frequency hopping CDMA, the carrier frequency of the modulated information signal
is not constant but changes periodically. During time intervals T the carrier frequency
remains the same, but after each time interval the carrier hops to another (or possibly the
same) frequency. The hopping pattern is decided by the code signal.
If the hopping rate is (much) greater than the symbol rate, one speaks of a fast
frequency hopping (F-FH). In this case the carrier frequency changes a number of times
during the transmission of one symbol, so that one bit is transmitted in different
frequencies. If the hopping rate is (much) smaller than the symbol rate, one speaks of slow
frequency hopping (S-FH).
2.3.1 Advantages of FH-SS:

Synchronization is much easier with FH-CDMA than with DS-CDMA. With FH CDMA
synchronization has to be within a fraction of the hop time. Since spectral spreading is not
obtained by using a very high hopping frequency but by using a large hop-set, the hop time
will be much longer than the chip time of a DS-CDMA system. Thus, an FH-CDMA system
allows a larger synchronization error.
The different frequency bands that an FH signal can occupy do not have to be
contiguous because we can make the frequency synthesizer easily skip over certain parts
of the spectrum. Combined with the easier synchronization, this allows much higher
spread-spectrum bandwidths.
The probability of multiple users transmitting in the same frequency band at the same
time is small. A user transmitting far from the base station will be received by it even if
users close to the base station are transmitting, since those users will probably be
transmitting at different frequencies. Thus, the near-far performance is much better than
that of DS.
Because of the larger possible bandwidth a FH system can employ, it offers a higher
possible reduction of narrowband interference than a DS system.
2.3.2 Disdvantages of FH-SS:

A highly sophisticated frequency synthesizer is necessary.
An abrupt change of the signal when changing frequency
12
Fig.10
13
2.4 TIME HOPPING Spread Spectrum (TH-SS)

In time hopping CDMA the data signal is transmitted in rapid bursts at time intervals
determined by the code assigned to the user. The time axis is divided into frames, and
each frame is divided into M time slots. During each frame the user will transmit in one of
the M time slots. Which of the M time slots is transmitted depends on the code signal
assigned to the user. Since a user transmits all of its data in one, instead of M time slots,
the frequency it needs for its transmission has increased by a factor M.
2.4.1 Advantages of TH-SS:

Implementation is simpler than that of FH-CDMA and the near-far problem is much less
of a problem since TH-CDMA is an avoidance system, so most of the time a terminal far
from the base station transmits alone, and is not hindered by transmissions from stations
close by.
The multiple access capability of THSS signals is acquired in the same manner as that of
the FH-SS signals; namely, by making the probability of users transmissions in the same
frequency band at the same time small. In the case of time hopping all transmissions are in
the same frequency band, so the probability of more than one transmission at the same
time must be small. This is again achieved by assigning different codes to different users. If
multiple transmissions do occur, error-correcting codes ensure that the desired signal can
still be recovered. If there is synchronization among the users, and the assigned codes are
such that no more than one user transmits at a particular slot, then the THCDMA reduces
to a TDMA scheme where the slot in which a user transmits is not fixed but changes from
frame to frame.
2.4.2 Disdvantages of TH-SS:

In the time hopping CDMA, a signal is transmitted in reduced time. The signaling rate,
therefore, increases and dispersion of the signal will now lead to overlap of adjacent bits.
Therefore, no advantage is to be gained with respect to multipath interference rejection.
It takes a long time before the code is synchronized, and the time in which the receiver
has to perform the synchronization is short.
If multiple transmissions occur, a large number of data bits are lost, so a good errorcorrecting code and data interleaving are necessary.
14
Fig.11
15
2.5 HYBRID SYSTEMS

The hybrid CDMA systems include all CDMA systems that employ a combination of two
or more of the above-mentioned spread-spectrum modulation techniques or a combination
of CDMA with some other multiple access technique. By combining the basic spreadspectrum modulation techniques, we have four possible hybrid systems:
DS/FH, DS/TH, FH/TH, and DS/FH/TH; and by combining CDMA with TDMA or
multicarrier modulation we get two more:
CDMA/TDMA and MC-CDMA. The idea of the hybrid system is to combine the specific
advantages of each of the modulation techniques.
2.5.1 Advantages of H-SS:

If we take, for example, the combined DS/FH system we have the advantage of the antimultipath property of the DS system combined with the favorable near-far operation of the
FH system.
2.5.2 Disdvantages of H-SS:

Of course, the disadvantage lies in the increased complexity of the transmitter and
receiver.
Coherent demodulation is difficult because of the problems in maintaining phase
relationships during hopping.
Fig.12
16
Chapter 3

Contents
1
1.1
2
2.1
2.1.1
2.1.2
2.2
2.2.1
2.2.2
2.2.3
2.3
2.4
2.5
2.5.1
2.5.2
Iterium Standard-95 System

IS 95
Pseduo Random Noise Sequence
PN Sequence
PN Sequence generation
PN Generator Example
Types of PN Sequences in CDMA
Short Code
Long Code
Walsh Code
Correlation Between PN Sequences
Process Gain and Its Benefits
Spreading Code Acquisition and Tracking
Initial Code Acquisition
Code Tracking
2
2
4
4
6
8
9
9
9
11
12
14
16
18
20
1 Iterium Standard-95 System

1.1 IS-95
Interim Standard 95 (IS -95) is a U.S. digital cellular system based on CDMA that
allows each user within a cell and in adjacent cells to use the same radio channel.
Each IS-95 channel occupies 1.23MHz of spectrum in each one-way link; the user
data is spread to a channel chip rate of 1.2288MHz. IS -95 uses a different modulation and
spreading technique for the forward and reverse links. On the forward link, the base station
simultaneously transmits the user data for all mobiles in the cell by using different
spreading sequence for each mobile. The user data is encoded, interleaved, and spread by
one of sixty-four orthogonal spreading sequences (Walsh functions).
To avoid interference, all signals in a particular cell are scrambled using a
pseudorandom sequence of length 2 15-1 chips.
CDMA base stations transmit information in four logical channel formats:
Pilot channels, sync channels, paging channels, and traffic channels.
On the reverse link, all mobiles respond in an asynchronous fashion. The user data
is encoded, interleaved, and then blocks of 6 bits are mapped to one of the 64 orthogonal
Walsh functions. Finally, the data is spread by a user specific code of 42 bits (channel
identifier) and the base station pseudorandom sequence of length 2 15 chips. The reverse
channel is organized in:
Access channels and traffic channels.
At both the base station and the terminal, Rake receivers are used to resolve and
combine multipath components, in order to improve the link quality.
In IS-95, a three-finger Rake receiver is used at the base station.
Fig.1
2 Pseduo Random Noise Sequence

2.1 PN Sequences
What are PN sequences?
A Pseudo-random Noise (PN) sequence is a sequence of binary numbers, e.g. 1, which
appears to be random; but is in fact perfectly deterministic. The sequence appears to be
random in the sense that the binary values and groups or runs of the same binary value
occur in the sequence in the same proportion they would if the sequence were being
generated based on a fair "coin tossing" experiment. In the experiment, each head could
result in one binary value and a tail the other value. The PN sequence appears to have
been generated from such an experiment. A software or hardware device designed to
produce a PN sequence is called a PN generator.
Pseudo-random noise sequences or PN sequences are known sequences that exhibit
the properties or characteristics of random sequences. They can be used to logically isolate
users on the same frequency channel. They can also be used to perform scrambling as
well as spreading and despreading functions. The reason we need to use PN sequences is
that if the code sequences were deterministic, then everybody could access the channel. If
the code sequences were truly random on the other hand, then nobody, including the
intended receiver, would be able to access the channel. Thus, using a pseudo-random
sequence makes the signal look like random noise to everybody except to the transmitter
and the intended receiver.
Why PN sequence is chosen as a noise like waveform?
To know that we have to understand what is called white Noise.
The adjective white is used in the sense that white light contains equal amounts of all
frequencies within the visible band of electromagnetic radiation.
It has power spectral density independent of the operating frequency. We express the
power spectral density of white noise by
Sw (f) = No/2 ... No = KT0 watts /Hz. where K is Boltzman constant &
T0 is the equivalent noise temperature.
Equivalent noise temperature of a system T0: It is the temperature at which a noisy resistor has to be maintained such that, by
connecting the resistor to the input of a noiseless version of the system, it produces the
same available noise in the actual system it depends only on the parameters of the system
Since the auto correlation function is the inverse Fourier of the power spectral density it
follows that for white noise, the auto correlation function of white noise consists of a delta
function weighted by the factor No/2 and occurring at = 0.
Accordingly, any two different samples of white noise, no matter how closely together in
time, they are taken, are uncorrelated. So we have to search for a code sequence has a
noise like wave or almost has autocorrelation function near that of white noise.
Fig.2
2.1.1 PN Sequence Generation

These sequences are easily generated by using an M-bit linear feedback shift register
with the appropriate feedback taps, e.g. as shown in Fig. For M = 5. With the appropriate
taps, the length (N) of the serial bit stream at the output will be a maximum (Lmax):
N = Lmax = 2M - 1
The meaning of bit-stream length in this context is the maximum length of the bit
sequence before it starts repeating itself. PN sequences of maximum length are called
maximal linear code sequences, but because non-maximal PN sequences are rarely used
in SS systems, PN sequences will be used to denote maximal linear code sequences for
this document. Also PN codes or PN code sequences will be used synonymously with
PN sequences. The feedback taps are added modulo-2 (exclusive ORed) and fed to the
input of the initial shift register. Only particular tap connections will yield a maximum length
for a given shift register length. These maximal length PN codes have the following
properties:
1. Code balance:
The number of ones and the number of zeros differ by only 1, i.e., there is 1 more one
than the number of zeros. This particularly useful when the channel is AC coupled (no DC
transmission).
2. Autocorrelation:
Using signaling values of 1, the autocorrelation of a PN sequence has a value of 1 or
all phase shifts of more than one bit time. For no has shift (perfect alignment with itself), the
autocorrelation has a value of N, the sequence length.
3. Modulo-2 addition:
Modulo-2 addition of a PN sequence with a shifted version of itself results in a differently
shifted version of itself.
4. Shift Register States:
The binary number represented by the M bits in the shift register randomly cycle through
all 2M values, except for 0, in successive 2M-1 clocks.
If the value of 0 (all shift register bits are 0) is ever present in the shift register, it will
stay in that state until reloaded with a nonzero value.
Fig.3
Fig.4
2.1.2 A PN Generator Example

A PN generator is typically made of N cascaded flip-flop circuits and a specially selected
feedback arrangement. The flip-flop circuits when used in this way are called a shift register
since each clock pulse applied to the flip-flops causes the contents of each flip-flop to be
shifted to the right. The feedback connections provide the input to the left-most flip-flop.
With N binary stages, the largest number of different patterns the shift register can have is
2N. The all-binary-zero state, however, is not allowed because it would cause all remaining
states of the shift register and its outputs to be binary zero. The all-binary-ones state does
not cause a similar problem of repeated binary ones provided the number of flip-flops input
to the modulo-2 adder is even. The period of the PN sequence is therefore 2N -1. For
example, starting with the register in state 001, the next 7 states are 100, 010,101, 110,
111, 011, and then 001 again and the states continue to repeat. The output taken from the
right-most flip-flop is 1001011 and then repeats. With the three-stage shift register, the
period is 23-1 or 7.
Fig.5
2.2 Types of PN Sequences in CDMA

There are two different types of PN codes and one output of Hadamard Matrix
used in IS-95 CDMA Technology:
1. Short PN code
2. Long PN code
3. Walsh codes
IS-95 uses the two types of maximum-length PN generators to spread the signal power
uniformly over the physical bandwidth of about 1.25 MHz. The PN spreading on the reverse
link also provides near orthogonality of and hence, minimal interference between signals
from each mobile. This allows reuse of the band of frequencies available, which is a major
advantage of CDMA.
2.2.1 Short Code:

A 15-stage linear shift register generates the short PN code. Therefore, the maximum
length of the Short PN Code is
L = 2 N-1 = 2 15-1 = 32,768-1 chips.
By implementation, an extra chip is inserted at the end of the sequence, yielding a
sequence of length L=32,768 chips. The short PN code runs at a speed of 1,228,800 chips
per second. This yields a repetition cycle of 32,768/1,228,800=26.67 ms.
The short PN code consist of two PN Sequences I and Q each 32,768 chips long
generated in similar but differently tapped 15 bit shift register, the two sequences scramble
the information on the I and Q phase channels.
These codes are used for cell identification in a reused cell.
The chip rate of the short PN code is 1.2288 Mcps.
2.2.2 Long Code:

The PN chips from the long code are used to provide several randomizing functions in
the IS-95 system. These include providing chips for message-scrambling on the forward
and reverse links, for identifying individual mobiles and access channels on the reverse
links by using unique offsets for each entity and for randomizing the location of the power
control bits on the forward traffic channels. A 42-stage linear shift register generates the
long PN code. Therefore, the maximum length of the long PN code is
L = 2 N-1 = 2 42-1 = 4.4 x 1012 = 4.4 trillion chips.
The Long PN Code also runs at a speed of 1,228,800 chips per second. This yields a
repetition cycle of 4.4 x 1012/1,228,800 = 41-42 days.
The long PN code is generated in a 42-stage linear shift register generator with the
output of the 42nd stage input into the first stage and modulo-2 added with the outputs of
stages 1, 2, 3, 5, 6, 7, 10, 16, 17, 18, 19, 21, 22, 25, 26, 27, 31, 33, and 35. The output of
the long code generator is taken after the output of each flip-flop in the generator has been
added with a corresponding bit in a 42-bit mask, which is unique to each user, access, and
paging channel.
Base band data scrambling in the forward link
Base band data spreading in the reverse link
Fig.6
Fig.7
10
2.2.3 Walsh code:

In 1923, J.L. Walsh introduced a complete set of orthogonal codes, based on rearranging
the Rademacher code. These codes are also binary valued codes.
The Walsh code, also known as the Hadamard code, is a set of 64 orthogonal codes, there
purpose is to provide:
1. Forward channel spreading over the 1.2288MHz band;
2. Unique identification to a mobile.
The chip rate (code rate) of a Walsh code is 1.2288 Mchips per second (Mcps).
The four different types of forward channels are designated as follows:
1.
2.
3.
4.
Pilot channel: W0 (Walsh code 0);

Paging channel: W1 to W7 (unused paging codes can be used for traffic);
Sync channel: W32;
Traffic channel: W8 to W31 and W33 to W63.
Fig.8
11
2.3 Correlation between PN sequences

The correlation of two random variables x(t) and y(t), is a time-shift comparison which
expresses the degree of similarity or the degree of likeness between the two variables. The
Auto-Correlation function R, provides the degree of similarity between a random variable
x(t) and a time-shifted version of x(t).
Likewise, the cross-correlation function provides the degree of similarity, or the degree of
likeness between a random variable x(t) and time-shifted version of another random
variable y(t). To get the average value of the auto-correlation or cross-correlation, a
normalization by the sequence length L is required.
Consider Ci(t) and the time-shifted version of itself, say C i(t-1)
Ci(t) = 1 0 0 1 1 1 0
Ci(t-1) = 0 0 1 1 1 0 1
When corresponding bits from the two sequences have the same parity (or match each
other), we call the match an agreement "A". Likewise, when corresponding bits from the
two sequences do not have the same Parity (do not match each other), we call the
mismatch a disagreement "D" .By counting all the agreements and all the disagreements
over the full length L of the sequence, a measure of correlation can be estimated as:
Correlation = Total number of "A" - Total number of "D"
Now, consider the reference PN code C i(t) and its time-shifted versions as shown.
Now let us compute the correlation of C i(t) and Ci(t-t), for all suitable values of t (here
from 0 to 7).
In general, it can be shown that the full-length auto-correlation function (R) of PN codes
or PN sequences is characterized by a large positive number equal to the length of the PN
sequence (R=2n-1) when time shift=0, and -1 for all time-shifts equal or greater than the
duration of one chip. So when normalized by the length, the auto-correlation function is
equal to 1 at time-shift zero and is very small (-1/L) for all values of time shifts equal or
greater than one chip.
In summary, the auto-correlation function of PN codes is a two-value function. Its
maximum value occurs when the time-shift parameter is zero. For all other values equal to
or greater than one chip, the correlation function is -1.
Orthogonality of PN sequences
Consider the reference PN Code Cj(t) and the time-shifted versions of another code Ci(t)
as shown. Let us compute the cross-correlation of Cj(t) and Ci(t-t) for all suitable values of t
(0 to 7).
Two PN sequences Ci(t) and Cj(t) are said to be orthogonal if and only if their respective
normalized correlation function is equal to 1 at a time-shift of zero and their cross
correlation function is equal to zero for all time-shift values. As shown above, averaged
over the code length, the cross-correlation function of PN sequences is not zero. As a
result, PN sequences are not perfectly orthogonal.
12
Fig.9
Fig.10
13
2.4 Process Gain and its Benefits

The primary benefit of processing gain is its contribution towards jamming resistance to
the DSSS signal. The PN code spreads the transmitted signal in bandwidth and it makes it
less susceptible to narrowband interference within the spread BW. The receiver of a DSSS
system can be viewed as unspreading the intended signal and at the same time spreading
the interfering waveform. This operation is best illustrated on Figure, which, depicts the
power spectral density (psd) functions of the signals at the receiver input, the despread
signal, the band pass filter power transfer function, and the band pass filter output. The
figure graphically describes the effect of the processing gain on a jammer. The jammer is
narrow, and has a highly peaked psd, while the psd of the DSSS is wide and low. The
despreading operation spreads the jammer power psd and lowers its peak, and the BPF
output shows the effect on the signal to jammer ratio.
If for example, BPSK modulation is used and an E b/No of lets say 14dB is required to
achieve a certain BER performance, when this waveform is spread with a processing gain
of 10dB then the receiver can still achieve its required performance with the signal having a
4dB power advantage over the interference. This is derived from the 14dB required minus
the 10dB of PG.
The higher the processing gain of the DS-SS waveform the more the resistance to
interference of the DSSS signal. If a code with a length of 16 bits is to be used then the
processing gain is equivalent to 10 Log[16] dB or 12.04dB.
14
We can define GP as:
Where SNRo and SNRi are the output and input SNR of the correlator, respectively.
Where BWD and BWSS are the bandwidth of the data before and after SS modulation.
Fig.11
15
2.5 Spreading Code Acquisition and Tracking

No matter which form of spread spectrum technique we employ, we need to have the
timing information of the transmitted signal in order to despread the received signal and
demodulate the despread signal. For a DS-SS system, we see that if we are off even by a
single chip duration, we will be unable to despread the received spread spectrum signal,
since the spread sequence is designed to have a small out-of-phase autocorrelation
magnitude. Therefore, the process of acquiring the timing information of the transmitted
spread spectrum signal is essential to the implementation of any form of spread spectrum
technique. Usually the problem of timing acquisition is solved via a two-step approach:
Initial code acquisition (coarse acquisition or coarse synchronization), which
synchronizes the transmitter and receiver.
Code tracking, which performs and maintains fine synchronization between the
transmitter and receiver.
Given the initial acquisition, code tracking is a relatively easy task and is usually
accomplished by a delay lock loop (DLL). The tracking loop keeps on operating during the
whole communication period. If the channel changes abruptly, the delay lock loop will lose
track of the correct timing and initial acquisition will be reperformed. Sometimes, we
perform initial code acquisition periodically no matter whether the tracking loop loses track
or not.
Compared to code tracking, initial code acquisition in a spread spectrum system is
usually very difficult. First, the timing uncertainty, which is basically determined by the
transmission time of the transmitter and the propagation delay, can be much longer than a
chip duration. As initial acquisition is usually achieved by a search through all possible
phases (delays) of the sequence, a larger timing uncertainty means a larger search area.
Beside timing uncertainty, we may also encounter frequency uncertainty that is due to
Doppler shift and mismatch between the transmitter and receiver oscillators. Thus this
necessitates a two-dimensional search in time and frequency. Moreover, in many cases,
initial code acquisition must be accomplished in low signal-to-noise-ratio environments and
in the presence of jammers. The possibility of channel fading and the existence of multiple
access interference in CDMA environments can make initial acquisition even harder to
accomplish.
The problem of achieving synchronization in various fading channels and CDMA
environments is difficult and is currently under active investigation. In many practical
systems, side information such as the time of the day and an additional control channel, is
needed to help achieve synchronization.
16
Fig.12
17
2.5.1 Initial Code Acquisition

As mentioned before, the objective of initial code acquisition is to achieve a coarse
synchronization between the receiver and the transmitted signal. In a DS-SS system, this is
the same as matching the phase of the reference-spreading signal in the despreader to the
spreading sequence in the received signal. We are going to introduce several acquisition
techniques, which perform the phase matching just described.
Acquisition strategies
Serial search
The first acquisition strategy we consider is serial search. In this method, the acquisition
circuit attempts to cycle through and test all possible phases one by one (serially) as shown
in Figure.
The circuit complexity for serial search is low. However, penalty time associated with a
miss is large.
Therefore we need to select a larger integration (dwell) time to reduce the miss
probability. This, together with the serial searching nature, gives a large overall acquisition
time (i.e., slow acquisition).
Fig.13
18
Parallel search
Unlike serial search, we test all the possible phases simultaneously in the parallel search
strategy as shown in figure. Obviously, the circuit complexity of the parallel search is high.
The overall acquisition time is much smaller than that of the serial search.
Fig.14
19
2.5.2 Code Tracking

The purpose of code tracking is to perform and maintain fine synchronization. A codetracking loop starts its operation only after initial acquisition has been achieved. Hence, we
can assume that we are off by small amounts in both frequency and code phase. A
common fine synchronization strategy is to design a code tracking circuitry, which can track
the code phase in the presence of a small frequency error. After the correct code phase is
acquired by the code tracking circuitry, a standard phase lock
Loop (PLL) can be employed to track the carrier frequency and phase. In this section, we
give a brief introduction to a common technique for code tracking, namely, the early-late
gate delay-lock loop (DLL).
Fig.15
20
Chapter 4

Contents
1
1.1
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.3
1.3.1
1.3.1
1.3.2
1.3.2
1.4
CDMA Air Links and Channels

CDMA Air Links
Forward Link Channels
Pilot Channel
Sync Channel
Paging Channel
Rate Set 1Traffic Channel
Rate Set 2 Traffic Channel
Reverse Link Channels
Access Channel
Access Channel (Cont.)
Traffic Channel
Traffic Channel (Cont.)
How calls from a BTS are encoded and transmitted to a cellphone
2
2
4
4
6
7
9
11
12
12
14
15
16
17
1 CDMA Air- Links and Channels

1.1 CDMA Air- Links
The IS-95 CDMA system is unique in that its forward and reverse links have different link
structure. This is necessary to accommodate the requirements of a land-mobile
communication system. The forward link consists of four types of logical channels: pilot,
sync, paging, and traffic channels. There is one pilot channel, one sync channel, up to
seven paging channels, and several traffic channels. Each of these forward-link channels is
first spread orthogonally by its Walsh function, and then a quadrature pair of short PN
sequences spreads it.
All channels are added together to form the composite SS signal to be transmitted on the
forward link.
The reverse link consists of two types of logical channels: access and traffic channels.
Each of these reverse-link channels is spread orthogonally by a unique long PN sequence;
hence, each channel is identified using the distinct long PN code. The reason that a pilot
channel is not used on the reverse link is that it is impractical for each mobile to broadcast
its own pilot sequence.
Forward Link
We defined the structure of a Hadamard matrix and described how Walsh codes are
generated using such a matrix. The IS -95 CDMA system uses a 64 by 64 Hadamard matrix
to generate 64 Walsh functions that are orthogonal to each other, and each of the logic
channels on the forward link is identified by its assigned Walsh function.
Reverse Link
The reverse link supports two types of logical channels: Access channels and Traffic
channels.
Because of the noncoherent nature of the reverse link, Walsh functions are not used for
channelization. Instead, Long PN sequences are used to distinguish the users from one
another.
Fig.1
Fig.2
1.2 Forward Link Channels

1.2.1 Pilot Channel
The pilot channel is is used by the base station to provide a reference for all mobile
stations. It provides a phase reference for coherent demodulation at the mobile receiver to
enable coherent detection. It is assigned the Walsh code W0.
The pilot signal level for all base stations is kept about 4 to 6 dB higher than the traffic
channel with a constant signal power. The pilot is used for comparisons of signal strength
between different base stations to decide when to perform handoff. The pilot signals from
all base stations use the same PN sequences, but each base station is identified by a
unique time offset. These offsets are in increments of 64 chips to provide 512 unique
offsets.
Each terminal segregates the set of PN Offset values (and implicitly the set of base
stations) in a system into four categories:
The active list contains base stations currently used for traffic channel
transmissions. In a soft handoff condition, there is more than one base station in this
list.
The candidate list consists of base stations classified by the terminal, on the basis
of measured signal quality, as available for traffic channel transmissions.
The neighbor list is a set of nearby base stations that could soon be available for
handoff.
The remaining list contains the base stations that are not in any of the other
categories.
Fig.3
1.2.2 Sync Channel

Unlike the pilot channel, the sync channel carries baseband information. The information
is contained in the sync channel message that notifies the mobile of important information
about system synchronization and parameters.
The baseband information is error protected and interleaved, it is then spread by Walsh
function 32 and further spread by the PN sequence that is identified with the serving sector.
The baseband information is at a rate of 1.2 Kbps.
The Sync Channel is used with the pilot channel to acquire initial time synchronization.
The Sync channel message parameters are:
System Identification (SID)
Network Identification (NID)
Pilot short PN sequence offset index
Long-code state
System time
Offset of local time
Daylight saving time indicator
Paging Channel data rate (4.8 or 9.6kbps).
Fig.4
1.2.3 Paging Channel

Similar to the sync channel, the paging channel also carries baseband information.
But unlike the sync channel, the paging channel transmits at higher rates; it can transmit
at either 4.8 or 9.6 Kbps. As shown in Figure, the baseband information is first error
protected, and then if the data rate is at 4.8 Kbps, the bits are repeated once. Otherwise,
they are not repeated. Following interleaving, the data is first scrambled by a decimated
long PN sequence, then it is spread by a specific Walsh function assigned to that paging
channel and further spread by the short PN sequence assigned to the serving sector. Also
note from Figure that the long PN code undergoes a decimation ratio of 64:1 (i.e., from
1.2288 Mcps to 19.2 Ksps). The long-code generator itself is masked with a mask specific
to each unique paging channel number (i.e., 1 through 7). Therefore, the longcode mask
used for paging channel 1 (spread by Walsh function 1) is different from that used for
paging channel 3 (spread by Walsh function 3).
Some of the messagescarried by the paging channel include:
System Parameter message: such as base station identifier, the number of paging
channels, and the page channel number.
Access Parameters message: parameters required by the mobile to transmit on an
access channel.
Neighbor List Message: information about neighbor base station parameters, such
as the PN Offset.
CDMA Channel List message: provides a list of CDMA carriers.
Page message: provides a page to the mobile station.
Channel Assignment message: to inform the mobile station to tune to a new
frequency.
Data Burst message: data message sent by the base station to the mobile.
Authentication Challenge: allows the base station to validate the mobile identity.
Fig.5
1.2.4 Rate Set1 Traffic Channel

The forward traffic channel is used to transmit user data and voice; signaling messages
are also sent over the traffic channel.
For Rate Set 1, the vocoder is capable of varying its output data rate in response to
speech activities. Four different data rates are supported: 9.6, 4.8, 2.4, and 1.2 Kbps. For
example, during quiet periods of speech, the vocoder may elect to code the speech at the
lowest rate of 1.2 Kbps.
The baseband data from the vocoder is convolutionally encoded for error protection. For
Rate Set 1, a rate 1/2 convolutional encoder is used. The encoding effectively doubles the
data rate. After convolutional encoding, the data undergoes symbol repetition, which
repeats the symbols when lower rate data are produced by the vocoder. The following is
the repetition scheme:
When the data rate is 9.6 Kbps, the code symbol rate (at the output of the
convolutional encoder) is 19.2 Ksps. In this case, no repetition is performed.
When the data rate is 4.8 Kbps, the code symbol rate is 9.6 Ksps; each symbol is
repeated once, yielding a final modulation symbol rate of 19.2 Ksps.
repeated three times, yielding a final modulation symbol rate of 19.2 Ksps.
repeated seven times, yielding a final modulation symbol rate of 19.2 Ksps.
The reason for repeating symbols is to reduce overall interference power at a given time
when lower rate data are transmitted.
In a real CDMA system, when the vocoder is transmitting at 4.8 Kbps, the energy per
symbol transmitted is one-half that of 9.6 Kbps. When the vocoder is transmitting at 2.4
Kbps, the energy per symbol transmitted is oneforth that of 9.6 Kbps, and when the
vocoder is transmitting at 1.2 Kbps, the energy per symbol transmitted is one-eighth that of
9.6 Kbps.
After symbol repetition, the data is interleaved to combat fading (see Figure), and then
the interleaved data is scrambled by a decimated long PN sequence. A long PN code
generator generates the long PN sequence. The generator outputs a long PN sequence at
1.2288 Mcps. Because the data rate at the interleaver output is 19.2 Ksps, the PN
sequence is decimated by a ratio of 64:1 to also achieve a rate of 19.2 Kcps; the decimated
long PN sequence at 19.2 Kcps is then multiplied with the 19.2-Ksps data stream. Note that
the long-code generator produces the long PN sequence using a mask that is specific to
the mobile.
Fig.6
10
1.2.5 Rate Set 2 Traffic Channel

The forward traffic channel structure is similar for Rate Set 2. The Rate Set 2 vocoder
codes speech at higher rates, and it delivers a better voice quality than that of Rate Set 1.
The Rate Set 2 vocoder supports four variable rates: 14.4, 7.2, 3.6, and 1.8 Kbps.
Note that in order to maintain the output of the block interleaver at 19.2 Ksps, the
rate of the convolutional encoder is increased to R = 3/4.
Fig.7
11
1.3 Reverse Link channels

The reverse link supports two types of logical channels: Access channels and Traffic
channels.
Because of the noncoherent nature of the reverse link, Walsh functions are not used for
channelization. Instead, Long PN sequences are used to distinguish the users from one
another.
1.3.1 Access Channel

The mobile communicates with the base station when it doesnt have a traffic channel
assigned using the access channel. The mobile uses this channel to make call originations
and respond to pages and orders. The baseband data rate of the access channel is fixed at
4.8 Kbps.
The baseband information is first error protected by an R = 1/3 convolutional encoder.
The lower encoding rate makes error protection more robust on the reverse link, which is
often the weaker of the two links. The symbol repetition function repeats the symbol once,
yielding a code symbol rate of 28.8 Ksps. The data is then interleaved to combat fading.
Following interleaving, the data is coded by a 64-ary orthogonal modulator.
The set of 64 Walsh functions is used, but here the Walsh functions are used to
modulate, or represent, groups of six symbols. The reason for orthogonal modulation of the
symbols is again due to the noncoherent nature of reverse link. When a users transmission
is not coherent, the receiver (at the base station) still has to detect each symbol correctly.
Making a decision of whether or not a symbol is +1 or -1 may be difficult during one symbol
period.
However, if a group of six symbols is represented by a unique Walsh function, then the
base station can easily detect six symbols at a time by deciding which Walsh function is
sent during that period. The receiver can easily decide which Walsh function is sent by
correlating the received sequence with the set of 64 known Walsh functions. Note that on
the forward link, Walsh functions are used to distinguish among the different channels. On
the reverse link, Walsh functions are used to distinguish among the different symbols (or
among groups of six symbols). The orthogonally modulated data at 4.8 Ksps (modulation
symbols) or at 307.2 Ksps (code symbols) are then spread by the long PN sequence. The
long PN sequence is running at 1.2288 Mcps, and the bandwidth of the data after
spreading is 1.2288 Mcps. Remember that the long PN sequence is used to distinguish the
access channel from all other channels that occupy the reverse link. The data is further
scrambled in the I and the Q paths by the short PN sequences (also running at 1.2288
Mcps) defined in the IS -95 standard.
12
Fig.8
13
1.3.1 Access Channel (Cont.)

Is used by a terminal without a call in progress to send messages to the base station for
three principal purposes: to originate a call, to respond to a paging message, and to
register its location. Each base station operates with up to 32 access channels. The
messages carried by the access channel include:
Registration Message: sends to the base station information necessary to page the
mobile, such as: location, status, and identification.
Order message: to transmit information such as base station challenge, mobile
station acknowledgement, local control response, and mobile station reject.
Data Burst message: user-generated data message sent by the mobile station to the
base station.
Origination message: allows the mobile station to place a call sending dialed digits.
Page Response message: used to respond to a page.
Authentication Challenge Response message: contains necessary information to
validate the mobile stations identity.
Fig.9
14
1.3.2 Traffic Channel

The reverse traffic channel is used to transmit user data and voice; signaling messages
are also sent over the traffic channel. The structure of the reverse traffic channel is similar
to that of the access channel. The major difference is that the reverse traffic channel
contains a data burst randomizer.
The orthogonally modulated data is fed into the data burst randomizer. The function of
the data burst randomizer is to take advantage of the voice activity factor on the reverse
link. Recall that the forward link uses a different scheme to take advantage of the voice
activity factor, when the vocoder is operating at a lower rate, the forward link transmits the
repeated symbols at a reduced energy per symbol and thereby reduces the forward-link
power during any given period.
The approach taken to reduce reverse-link power during quieter periods of speech is to
pseudorandomly mask out redundant symbols produced by symbol repetition.
This is accomplished by the data burst randomizer. The data burst randomizer generates
a masking pattern of 0s and 1s that randomly masks out redundant data. The masking
pattern is partially determined by the vocoder rate. If the vocoder is operating at 9.6 Kbps,
then no data is masked. If the vocoder is operating at 1.2 Kbps, then the symbols are
repeated seven times, and the data burst randomizer masks out, on average, seven out of
eight groups of symbols.
Fig.10
Fig.10
15
1.3.2 Traffic Channel (Cont.)

This channel can multiplex primary (voice) and secondary (data) or signaling traffic.
Some of the typical messages that the reverse traffic channel carries are:
Order messages: include base station challenge, parameter update confirmation,
mobile station acknowledgement, service option request and response, release,
connect, DTMF tone, etc.
Authentication Challenge Response message: information to validate the mobile
station.
Data Burst message: a user-generated data message sent by the mobile to the base
station.
Pilot Strength Measurement message: information about the strength of other pilot
signals that are not associated with the serving base station.
Power Measurement Report message: sends FER statistics to the base station.
Handoff Completion message: is the mobile response to a Handoff Direction
message.
Parameter Response message: is the mobile response to the base station to a
Retrieve Parameters message.
Fig.11
16
1.4 How calls from a base station are encoded

1.4 How calls
from a base station are encoded
and transmitted
to a cellphone
and transmitted to a cellphone
At the base station, each voice conversation is converted into digital code and
compressed with a vocoder. The vocoder output is doubled by a convolutional encoder that
adds redundancy for error checking. Each bit from the encoder is replicated 64 times and
exclusive OR'd with a Walsh code that is used to identify that call from the rest.
The output of the Walsh code is exclusive OR'd with the next string of bits (PN sequence)
from a pseudo-random number generator, which is used to identify all the calls in a
particular cell's sector. At this point, there is 128 times as many bits as there were from the
vocoder's output. All the calls are combined and modulated onto a carrier frequency in the
800 MHz range.
At the receiving side, the received signals are quantized (turned into bits) and run
through the Walsh code and PN sequence correlation receiver to recover the transmitted
bits of the original signal. When 20ms of voice data is received, a Viterbi decoder corrects
the errors using the convolutional code, and that all goes to the vocoder that turns the bits
back into waveforms (sound).
17
Fig.12
18
Chapter 5
CDMA System Aspects
CDMA System Aspects
CDMA System Aspects

Contents
1
Power Control in CDMA
1.1
Introduction
2
2
2
4
4
6
8
9
9
11
11
11
11
12
14
1.1.1
1.1.2
1.2
1.2.1
1.2.2
1.2.3
2
2.1
3
3.1
3.2
3.2.1
3.3
4
4
Effect of No Power Control

The NEAR FAR Problem
Classification of Power Control Techniques
According to update strategies
According to direction of transmission
According to techniques
Rake Receiver
Rake Receiver Theory and Structure
Handoff Versus Handover
Handoff Versus Handover
Soft Handover
The Importance Of Soft Handoff
Softer Handover
Multiuser Detection
CDMA System Aspects
1 Power Control in CDMA

1.1 Introduction
Power control is one of the most important system requirement, and it is analyzed for
cellular networks based on FDMA and TDMA, and for DS-CDMA cellular networks, In most
modern systems, both base stations and mobiles have the capability of real-time (dynamic)
adjustment of their transmit powers.
1.1.1 Effect of NO Power Control:

In case of no power control, if a mobile station signal is received at the base station with
a too low level of received power [MS is far from the cell site, or in an unusual high
attenuation channel], High level of interference is experienced by this mobile and its
performance (BER) will be degraded.
On the other hand, if the received power level is too high, the performance of this mobile
is acceptable, but increases interference to all other mobile stations that are using the same
channel.
Fast power control greatly optimizes the system capacity,but since many subscribers
transmit in the same frequency band and the same frequency can be used in each cell
(re-use = 1), each user can cause interference for the others.
The power control is used to solve the called NEAR-FAR problem.
1.1.2 The (NEAR FAR) Problem

In ideal cases, the power received at the BTS is identical for all UE served by the BTS
(assuming the transfer rates are identical). This ideal situation also represents the
maximum capacity of the cell.
Genuine fast power control is necessary because of the mobility of the UE. This mobility
causes rapid variation in the attenuation of the power of the UE. Let us consider the shown
example:
If the mobiles are permitted to transmit the same power from two different distances, the
ratio of the received signals at the base station will be not equal. Therefore, the objective of
the mobile power control is to produce a nominal received power from all mobiles in a given
cell or a sector. Because of that, well-defined power control is essential for proper
functioning of the DS-CDMA system. In the absence of power control the capacity of the
DS-CDMA mobile system is very low, even lower than that of mobile systems based on
FDMA.
One of the reasons for the use of power control both in FDMA/TDMA and in DS-CDMA
networks is to prolong battery life by using a minimum of transmitter power to achieve the
required transmission quality. According to the above-mentioned facts, for proper operation
of a modern high-capacity cellular radio system, power control is an essential feature.
CDMA System Aspects
Fig.1
Fig.2
CDMA System Aspects
1.2 Classification of Power Control Techniques

According to what is measured to determine power control command, power
control techniques can be classified into:
1. Strength-based.
2. SIR-based.
3. BER-based.
1. Strength-based.
The strength of a signal arriving at the base station from a mobile is measured to
determine whether it is higher or lower than the desired strength and then it is adjusted so it
is considered the easiest method.
2. SIR-based.
The measured quantity is the Signal to Interference Ratio where interference consists of
channel noise and multi-user interference. SIR-based power control reflects better system
performance such as QoS and capacity. A serious problem associated with SIR-based
power control is the potential to get positive feedback to endanger the stability of the
system.
3. BER-based.
Bit Error Rate is defined as an average number of erroneous bits compared to the
original sequence of bits. If the signal and interference powers are constant, the BER will
be a function of the SIR, and in this case the QoS is equivalent. However, in reality the SIR
is time-variant and thus the average SIR will not correspond to the average BER. In this
case the BER is a better quality measure.
1.2.1 According to update strategies, power control

algorithms can be classified as follows:
1. Fixed step size algorithm
2. Adaptive step size to the channel variation
1. Fixed step size algorithm
Power control command in fixed step size algorithms is a simple 1-bit command. It has
been shown that the inverse algorithm is superior to the fixed step size algorithm. However,
the fixed step size algorithm is easier to implement because the inverse algorithm needs
additional bandwidth on the return channel to carry the power control step size instead of
the1-bit control command as in fixed step size algorithm. A compromise would be to use an
adaptive delta-modulation algorithm.
2. Adaptive step size to the channel variation
A specific example of the adaptive step size approach is the inverse update algorithm,
which increases or decreases the mobile users' transmit power by the actual difference
between the received signal power and the desired received signal power.
CDMA System Aspects
Fig.3
CDMA System Aspects
1.2.2 According to direction of transmission

, power control can be classified into:
1. Forward link (from mobiles to base stations).
2. Reverse link (from base stations to mobiles).
1. Forward link power control:
Forward link (base station to mobile) power control is a one step process .The base
station controls its transmitting power so that a given mobile receives extra power to
overcome fading, interference, BER, etc. In this mechanism, the cell site reduces its
transmitting power while the mobile computes the frame error rate (FER). Once the mobile
detects 1% FER, it sends a request to stop the power reduction.
2. Reverse Link Power Control
Power control for the reverse link is a combined technique consisting of closed-loop and
open-loop power controls. Also, it is a fixed step size algorithm and strength-based
distributed algorithm. The goal of open-loop power control is the estimation of a path loss
and a loss due to shadowing between the base and the mobile station. According to this
process, the mobiles transmit the initial power control signal.
However, multipath fading in a reverse and a forward DS-CDMA link is an independent
process since the frequency separation of these links is 45MHz and it greatly exceeds the
coherent bandwidth of the channel. Thus, closed-loop power control is used. Every cell site
demodulator measures the received signal-to-noise ratio (SNR) from each mobile station.
The measured SNR is compared to the desired SNR for that mobile station and a power
adjustment command is sent to the mobile station. This power adjustment command is
combined with the mobile station open-loop estimate to obtain the final value of the mobile
station transmit power. The base station measures the signal quality (BER) and based on
that determines the desired SNR for specific mobile station. In previously described power
control technique, the subscribers are power controlled by the base station of their own cell.
However, the interference level from subscribers in other cells varies not only according to
the attenuation in the path to the subscriber's cell site, but also inversely to the attenuation
from the interfering user to his own cell site, which through power control by that cell site
may increase or decrease the interference to the desired cell site. It has been shown that
the maximal number of subscribers in the cell is the highest when there are no subscribers
in the neighboring cells. As the number of subscribers in the neighboring cells increases the
maximal number of subscribers in the cell decreases.
Power control for DS-CDMA reverse link is the single most important system
requirement because of the Near/ Far effect. In this case, it is necessary to have a dynamic
range for control. For the forward link, no power control is required in a single cell system,
since all signals are transmitted together and hence vary together. However in multiple cell
systems, interference from neighboring cell sites fades independently from the given cell
site and thereby degrades performance. Thus it is necessary to apply power control in this
case also, to reduce intercell interference.
CDMA System Aspects
Fig.4
CDMA System Aspects
1.2.3 According to techniques, power control

can be classified as follows:
1. Open-loop power control.
2. Closed-loop power control.
3. Outer loop power control
1. Open-loop power control
Reverse link (mobile to base station) open loop power control is accomplished by
adjusting the mobile transmit power so that the received signal at the base station is
constant irrespective of the mobile distance; where each mobile computes the relative path
loss and compensates the loss by adjusting its transmitting power. The total received power
at the cell site is the sum of all powers, which determines the system capacity.
2. Closed-loop power control
Closed-loop power control is accomplished by means of power up or power down
command originating from the cell site. A single power control bit is inserted into the
forward encoded data stream, the mobile responds by adjusting the power. In order to
lower processing delay and to save bandwidth in the forward link, command bits for power
control from the base to the mobile station are not coded and they are susceptible to errors.
3. Outer Loop PC
Signal to interference ratio is varied, to guarantee QoS (BER,..)
Fig.5
CDMA System Aspects
2 RAKE Receiver
2.1 RAKE Receiver Theory and Structure
A spread-spectrum signal waveform is well matched to the multipath channel. In a
multipath channel, the original transmitted signal reflects from obstacles such as buildings,
and mountains, and the receiver receives several copies of the signal with different delays.
If the signals arrive more than one chip apart from each other, the receiver can resolve
them. Actually, from each multipath signals point of view, other multipath signals can be
regarded as interference and they are suppressed by the processing gain. However, a
further benefit is obtained if the resolved multipath signals are combined using RAKE
receiver. Thus, the signal waveform of CDMA signals facilitates utilization of multipath
diversity. Expressing the same phenomenon in the frequency domain means that the
bandwidth of the transmitted signal is larger than the coherence bandwidth of the channel
and the channel is frequency selective (i.e., only part of the signal is affected by the fading).
RAKE receiver consists of correlators, each receiving a multipath signal. After
despreading by correlators, the signals are combined using, for example, maximal ratio
combining. Since the received multipath signals are fading independently, diversity order
and thus performance are improved.
After spreading and modulation the signal is transmitted and it passes through a
multipath channel, which can be modeled by a tapped delay line (i.e., the reflected signals
are delayed and attenuated in the channel).
It is necessary to measure the tapped delay line profile and to reallocate RAKE fingers
whenever there is need. Small-scale changes, less than one chip, are taken care of by a
code-tracking loop, which tracks the time delay of each multipath signal.
CDMA System Aspects
Fig.6
10
CDMA System Aspects
3 Handoff Versus Handover

3.1 Handoff versus Handover
The act of transferring support of a mobile from one base station to another is termed
handover or Handoff. It occurs when a call has to be handed over or off from one cell to
another as the user moves between cells. In GSM system it is termed hard handoff or
Handover where the connection to the current cell is broken, and then the connection to the
new cell is made. This is known as a "break-before-make" handoff.
But in a CDMA system the same frequency band is shared between all the cells. Thus
there is well-defined efficient bandwidth utilization. Though there is frequency reuse, the
orthogonal nature of the waveforms serves to distinguish between the signals that occupy
the same frequency band so it is called soft Handover or Handoff.
3.2 Soft Handover

In soft handover a mobile station is connected to more than one base station
simultaneously. Soft handover is used in CDMA to reduce the interference into other cells
and to improve performance through macro diversity.
3.2.1 The Importance Of Soft Handover

In power controlled CDMA systems soft handoff is preferred over hard handoff
strategies. This is more pronounced when the IS -95 standard is considered wherein the
transmitter power is adjusted dynamically during the operation. Here the power control and
soft handoff are used as means of interference-reduction, which is the primary concern of
such an advanced communication system. The previous and the new wideband channels
occupy the same frequency band in order to make an efficient use of bandwidth, which
makes the use of soft handoff very important. The primary aim is to maintain a continuous
link with the strongest signal base station otherwise a positive power control feedback
would result in system problems. Soft handoff ensures a continuous link to the base station
from which the strongest signal is issued. Soft handoff requires less power, which reduces
interference and increases capacity.
11
CDMA System Aspects
Fig.7
3.3 Softer Handover

Is a soft handover between two sectors of a cell. As known that, in a cellular system
there is spatial separation between cells using the same frequencies). This is called the
frequency reuse concept.
Because of the processing gain, such spatial separation is not needed in CDMA, and
frequency reuse factor of one can be used. Usually, a mobile station performs a handover
when the signal strength of a neighboring cell exceeds the signal strength of the current cell
with a given threshold. Since in a CDMA system the neighboring cell frequencies are the
same as in the given cell, this type of approach would cause excessive interference into the
neighboring cells and thus a capacity degradation. In order to avoid this interference, an
instantaneous handover from the current cell to the new cell would be required when the
signal strength of the new cell exceeds the signal strength of the current cell. This is not,
however, feasible in practice. The handover mechanism should always allow the mobile
station to connect into a cell, which it receives with the highest power (i.e., with the lowest
pathloss).
12
CDMA System Aspects
Fig.8
13
CDMA System Aspects
4 Multiuser Detection
The current CDMA receivers are based on the RAKE receiver principle, which
considers other users signals as interference. However, in an optimum receiver all signals
would be detected jointly or interference from other signals would be removed by
subtracting them from the desired signal. This is possible because the correlation
properties between signals are known (i.e., the interference is deterministic not random).
The capacity of a direct sequence CDMA system using RAKE receiver is interference
limited. In practice this means that when a new user, or interferer, enters the network, other
users service quality will go below the acceptable level. The more the network can resist
interference the more users can be served. Multiple access interference that disturbs a
base or mobile station is a sum of both intra- and inter-cell interference. Multiuser detection
(MUD), also called joint detection and interference cancellation (IC), provides a means of
reducing the effect of multiple access interference, and hence increases the system
capacity.
In the first place MUD is considered to cancel only the intra-cell interference, meaning
that in a practical system the capacity will be limited by the efficiency of the algorithm and
the inter-cell interference. In addition to capacity improvement, MUD alleviates the near/far
problem typical to DS-CDMA systems. A mobile station close to a base station may block
the whole cell traffic by using too high a transmission power. If this user is detected first and
subtracted from the input signal, the other users do not see the interference. Since optimal
multiuser detection is very complex and in practice impossible to implement for any
reasonable number of users, a number of suboptimum multiuser and interference
cancellation receivers have been developed. The suboptimum receivers can be divided into
two main categories: linear detectors and interference cancellation. Linear detectors apply
a linear transform into the outputs of the matched filters that are trying to remove the
multiple access interference using too high a transmission power. If this user is detected
first and subtracted from the input signal, the other users do not see the interference. Since
optimal multiuser detection is very complex and in practice impossible to implement for any
reasonable number of users, a number of suboptimum multiuser and interference
cancellation receivers have been developed. The suboptimum receivers can be divided into
two main categories: linear detectors and interference cancellation. Linear detectors apply
a linear transform into the outputs of the matched filters that are trying to remove the
multiple access interference (i.e., the interference due to correlations between user codes).
Examples of linear detectors are decorrelator and linear minimum mean square error
(LMMSE) detectors. In interference cancellation multiple access interference is first
estimated and then subtracted from the received signal. Parallel interference cancellation
(PIC) and successive (serial) interference cancellation (SIC) are examples of interference
cancellation.
14
CDMA System Aspects
Fig.9
15
Appendix
Appendix
Appendix
A
AC
ACCH
Associated Control CHannel
ACE
Antenna Coupling Equipment
ADC
Analog to Digital Converter
AGCH
Access Grant Channel
AMR
Adaptive MultiRate speech
AMX
ATM MultipleXer
AMPS
Advanced Mobile Phone Services
ANSI
American National Standards Institute (USA)
AP
Application Part
ARFCN
Absolute Radio Frequency Channel Number
ARIB
Association of Radio Industries and Business (Japan)
ARQ
Automatic Repeat reQuest
ASCI
Advanced Speech Call Items
ASN
ATM
Asynchronous Transfer Mode
AUC
B
BA
BCCH Allocation
BCC
Base transceiver station Color Code
BCCH
Broadcast Control CHannel
BCH
Broadcast CHannel
BER
Bit Error Rate
BPSK
Binary Phase Shift Keying
BS
Base Station
BSC
BSIC
Base transceiver Station Identity Code
Appendix
BSS
Base Station System
BSSAP
Base Station System Application Part
BSSMAP
Base Station System Management Application Part
BTS
C
CA
Cell Allocation
CAMEL
Customized Applications for Mobile network Enhanced

Logic
CATT
China Academy of Telecommunication Technology

(China)
CC
Call Control
CC
Country Code
CCH
Control CHannel
CCITT
Comit Consulatif International Tlphonique et

Tlgraphique
CCS7
Common Channel signaling System No. 7
CCU
Channel Coding Unit
CDMA
CEPT
Conference Europene des Postes et

Telecommunication
CGI
CI
Cell Identity
CN
Core Network
CP
Call Processing
CS
Coding Scheme
CUG
Closed User Group
CWTS
Chinese Wireless Telecommunication Standardization

Institute
D
D-AMPS
Digital AMPS
DCA
Dynamic Channel Allocation
Appendix
DCS1800
Digital Cellular System in the 1800 MHz band
DECT
Digital Enhanced Cordless Telephone
DL
Down Link
DoA
Direction of Arrival
DRNS
Drift RNS
DRX
Discontinuous Reception
DS-CDMA
Direct Sequence CDMA
DSP
Digital Signal Processor
DTAP
Direct Transfer Application Part
DTX
Discontinuous Transmission
DwPTS
Downlink Pilot Time Slot
E
EDGE
Enhanced Data Rates for GSM
EFR
Enhanced Full Rate speech
EIR
Equipment Identification Register
ERC
European Radio communication Committee
ERMES
European Radio MEssage System
ESA
European Space Agency
ESCD
Enhanced Circuit Switched Data
ETSI
European Telecommunications Standard Institute
F
FAC
Final Assembly Code
FACCH
Fast Associated Control CHannel
FB
Frequency correction Burst
FCCH
Frequency Correction CHannel
FDD
Frequency Division Duplex
FDMA
FEC
Forward Error Correction
FN
Frame Number
Appendix
FPLMTS
Future Public Land Mobile Telecommunication System
FR
Frame Relay
FR
Full Rate speech
FRAMES
Future RAdio wideband MultiplE access Systems
G
GEO
GEostationary Orbital
GGSN
Gateway GPRS Support Node
GMM
Global Multimedia Mobility
GMPCS
Global Mobile Personal Communication Systems
GMSC
Gateway MSC
GMSK
Gaussian Minimum Shift Keying
GP
Guard Period
GPRS
General Packet Radio Service
GPS
Global Positioning System
GSM
H
HCR
High Chip Rate
HCS
Hierarchical Cellular Structures
HEO
High Elliptic Orbit
HLR
HO(V)
HandOver
HR
Half Rate speech
HPLMN
Home PLMN
HSCSD
High Speed Circuit Switched Data
I
IAM
Initial Address Message
ICO
Intermediate Circular Orbits
ID
IDentification
ID
IDentity
Appendix
IMEI
International Mobile Equipment Identity
IMSI
IMT-2000
International Mobile Telecommunications-2000
IN
Intelligent Network
Inmarsat
INternational MARitime SATellite
ITU
International Telecommunication Union
IP
Internet Protocol
IP
Intelligent Peripheral
ISDN
Integrated Services Digital Network
ISP
Internet Service Provider
ISUP
ISDN User Part
IWE
InterWorking Equipment
IWF
InterWorking Function
IWUP
InterWorking User Part
J
JD
Joint Detection
JDC
Japanese Digital Cellular
K
kbps
Kilo Bits per second
Kc
cipher Key
Ki
individual subscriber authentication Key
L
LA
Location Area
LAI
LAN
Local Area Network
LAPDm
Link Access Protocol on the Dm channel
LCR
Low Chip Rate
LEO
Low Earth Orbital
LES
Land Earth Station
Appendix
LIC
LMT
LR
Location Register
M
MAP
Mobile Application Part
MAI
Multiple Access Interference
MARISAT
MARItime SATellite
MBS
Mobile Broadband System
MCC
Mobile Country Code
Mcps
Mega Chips per Second
ME
Mobile Equipment
MExE
Mobile station application Execution

Environment
MM
Mobility Management
MMI
Man Machine Interface
MML
Man Machine Language
MNC
Mobile Network Code
MOC
Mobile Originating Call
MS
Mobile Station
MSC
Mobile services Switching Center
MSISDN
Mobile Station international ISDN number
MSP
Multiple Subscriber Profile
MSRN
Mobile Station Roaming Number
MSS
MT
Mobile Termination
MTP
Message Transfer Part
MTC
Mobile Termination Call
MTP
MUD
Multiuser Detection
Appendix
MUX
MUltipleXer
N
NB
Normal Burst
NCC
Network Color Code (PLMN color code)
NDC
NE
Network Element
NMT
Nordic Mobile Telephone
NSS
Network Switching Subsystem
O
O&M
Operation and Maintenance
OACSU
Off Air Call Set Up
ODMA
Opportunity Driven Multiple Access
OFDMA
Orthogonal Frequency Division Multiple

Access
OMC
OMC-B
Operation & Maintenance Center for BSS
OMC-S
Operation & Maintenance center for SSS
OSS
Operation SubSystem
OVSF
Orthogonal Variable Spreading Factor codes
P
PA
Power Amplifier
PACS
Personal Access Communication System
PC
Power Control
PCM
Pulse Code Modulation
PCU
Packet Control Unit
PDA
Personal Data Assistant
PDC
Personal Digital Cellular (Japan)
PDN
Packet Data Network
PHS
Personal Handy System (Japan)
Appendix
PIN
Personal Identification Number
PLMN
PMR
PP
Point-to-Point
PSTN
Public Switched Telephone Network
Q
QOS
Quality Of Service
QPSK
Quaternary Phase Shift Keying
R
RA
Rate Adaptation
RACH
Random Access CHannel
RAND
RANDom number
REQ
REQuest
RES
RESponse
RF
Radio Frequency
RFC
Radio Frequency Channel
RFCH
Radio Frequency CHannel
RFCN
Radio Frequency Channel Number
RNC
Radio Network Controller
RNS
Radio Network Subsystem
RRM
RSS
Radio SubSystem
RU
Resource Unit
RX / Rx
Receiver
S
SACCH
Slow Associated Control CHannel
SAP
Service Access Point
SAPI
Service Access Point Indicator
SB
Synchronization Burst
Appendix
SCCP
Signaling Connection Control Part
SCE
Service Creation Environment
SCH
Synchronization CHannel
SDCCH
Stand- alone Dedicated Control CHannel
SF
Spreading Factor
SFH
Slow Frequency Hopping
SGSN
Service GPRS Support Node
SIM
Subscriber Identity Module
SM
Security Management
SMG
SMP
Service Management Point
SMS
Short Message Service
SN
Subscriber Number
SN
Switching Network
SP
Signaling Point
SP
Switching Point
SS
Supplementary Services
SSF
Service Switching Function
SSP
STP
Signaling Transfer Point
SW
Software
T
T1
Standards Committee T1 Telecommunications
TA
Terminal Adaptor
TAC
Type Approval Code
TACS
Total Access Communication System
TB
Tail Bit
TCAP
Transaction CApability Part
TCH
Traffic CHannel
Appendix
TD-CDMA
Time Division CDMA
TDD
Time Division Duplex
TDMA
TE
Terminal Equipment
TETRA
TErrestrial Trunked Radio Access
THSS
Time-Hopping Spread Spectrum
TIA
Telecommunication Industry Association
TMN
Telecommunication Management Network
TMSI
Temporary Mobile Subscriber Identity
TRAU
Transcoding and Rate Adaptation Unit
TRX
TRansceiver
TS
Tele Service
TS
TimeSlot
TTA
Telecommunications TechnologyAssociation (South

Korea)
TTC
Telecommunication Technology Committee (Japan)
TX / Tx
Transmitter
U
UE
User Equipment
UL
UpLink
UMTS
Universal Mobile Telecommunications System
UP
User Part
USIM
UMTS Subscriber Identity Module
UTRA
UMTS Terrestrial Radio Access
UTRAN
UMTS Terrestrial Radio Access Network
UWC-136
Universal Wireless Communication
V
VAD
Voice Activity Detection Sprachsteuerung
VBR
Variable Bit Rate
10
Appendix
VBS
VHE
VLR
Visited (visitor) Location Register
VMSC
Visited MSC
VoIP
Voice over Internet Protocol
VPLMN
Visited PLMN
W
WAN
Wide Area Network
WAP
WARC
W-CDMA
Wideband CDMA
WLL
Wireless Local Loop
11
References
References
References
M. Mouly, M.B. Pautet, "The GSM System for Mobile Communications",

Cell & Sys (1992), ISBN 2-9507190-0-7
S. Redl, M. Weber, K. Oliphant, "An introduction to GSM", Artech House
Inc.(1995), ISBN 0-89006-785-6
Mehrotra, "GSM System Engineering", Artech House Inc. (1997), ISBN 089006-860-7
G. Heine, "GPRS from A Z", Artech House Inc. (2000), ISBN 1-58053181-4V.K.G. Garg, K.F. Smolik, J.E. Wilkes, Applications of CDMA in
Wireless/Personal Communications, Feher / Prentice Hall digital and
wireless communications series (1997) ISBN 0-13-572157-1
A.J. Viterbi: CDMA: Principles of Spread Spectrum for third Generation
Mobile Communication (1995), ISBN 0-201-63374-4
T. Ojanper, R. Prasad: Wideband CDMA for third Generation Mobile
Communication, (1998) ISBN 0-89006-735-X
R. Prasad, W. Mohr, W. Konhuser, Third Generation Mobile
Communications Systems, Artech House Publishers (04/2000)
G. Calhoun, Third Generation Wireless Communications: Post Shannon
Architectures, Artech House Publishers (07/2000)
Authentication and Security in Mobile Phones by Greg Rose, Qualcomm
Inc., Australia.
Security in CDMA Wireless Systems by Frank Quick, Qualcomm Inc.,
February 1997
Security Aspects of Mobile Wireless Networks, by Mullaguru Naidu, July
2002.
CDMA RF System Engineering, by Samuel C. Yang
Understanding Cellular Radio, by WILLIAM WEBB
B. J. Wysocki and T. A. Wysocki, Power Spectra of Signal Formats for
DS-SS CDMA Wireless LANs, IEEE TENCON, pp. 329-332, 1996
M.Y. Rhee, CDMA Cellular Mobile Communications Network Security.
Prentice Hall, 1998
G. Allen and S. Raymond, Encryption of Analog Signals - A Perspective,
IEEE Journal on selected area in communications, vol. SAC-2, No. 3, pp.
423-425, 1984.
James A. Davis, Security Aspects in Mobile Phone Telephony: Focus on
GSM, White Paper, Jan. 2000.
CDMA System Analysis II, by Timothy X Brown, Silvana Susi, Sukhjinder
Singh University Of Colorado, Boulder
References
Useful links
http://www.3gpp.org
http://www.itu.int/imt
http://www.etsi.fr
http://www.umts-forum.org
http://www.gsmworld.com
http://www.cdg.org
Glossary
Glossary
Glossary
AMPS (Advanced Mobile Phone Service):
Developed by AT&Ts Bell Laboratories in the1970s and first used in the US in
1983. The AMPS Standard has been the foundation for the industry in the United
States.
CDMA (Code Division Multiple Access):
Known in the US as IS-95, a spread spectrum approach to digital transmission.
With CDMA, each conversation is digitized and then tagged with a code. The
mobile phone is then instructed to decipher only a particular code to pluck the
right conversation off the air. It has a 1.25Mhz spread spectrum air interface,
uses the same frequency bands as AMPS and supports AMPS operation,
employing spread-spectrum technology and a special coding scheme. It was
adopted by the Telecommunications Industry Association (TIA) in 1993.
DAMPS (Digital AMPS): The second generation of the AMPS standard.
FDMA (Frequency Division Multiple Access): FDMA is the division of the
frequency band allocated for wireless cellular communication into 30 KHz
channels, each of which can carry a two way voice conversation. FDMA is the
basic technology used in AMPS, the most widely installed cellular phone system
in North America. With FDMA, each channel can be assigned to only one user at
a time.
EDGE (Enhanced Data rate for GSM Evolution):
The next generation of data heading towards third generation and personal
multimedia environments. It builds on GPRS and is a technique to increase the
maximum data capacity of GSM radio channels. It will allow GSM operators to
use existing GSM radio bands to offer wireless multimedia IP-based services and
applications at theoretical maximum speeds of 384 kbps with a bit-rate of 48 kbps
per timeslot and up to 69.2 kbps per timeslot in good radio conditions.
GPRS (General Packet Radio Service):
A GSM data transmission technique that does not set up a continuous channel
from a portable terminal for the transmission and reception of data, but transmits
and receives data in packets, with users only paying for the volume of data sent
and received.
GPS (Global Positioning System):
A satellite navigation system, consisting of 24 geosynchronous satellites. Used in
personal tracking, navigation and automatic vehicle location technologies.
Glossary
GSM (Global System for Mobile communications):

A digital cellular or PCS network used throughout the world. Developed by ETSI
in Europe. NAMPS (Narrowband AMPS): NAMPS combines cellular voice
processing with digital signaling to increase the capacity and functionality of
AMPS systems.
PCS (Personal Communications Services):
A two-way, 1900 MHz digital voice, messaging and data service designed as the
second generation of cellular.
TDMA (Time Division Multiple Access):
A method of digital wireless communications transmission allowing a large
number of users to access (in sequence) a single radio frequency channel
without interference by allocating unique time slots to each user within each
channel
UMTS (Universal Mobile Telecommunications System):
Europe's approach to standardization for third-generation cellular systems, it will
be based on W-CDMA. UMTS will offer a wide range of voice, data and
multimedia services with data rates from 114 Kbps to 2 Mbps, depending on
whether the user is stationary or in motion.
W-CDMA (Wideband Code Division Multiple Access):
The European third generation wireless standard. The wideband represents the
increase of the frequency band to 5 MHz, in comparison to the 1.25 MHz band
used in conventional CDMA (also known as cdmaOne).
AuC (Authentication Center):
The component of a GSM network that authenticates subscriber and mobile
equipment identities. Baseband: The signaling of a digital or analog signal at its
original frequencies, i.e. not changed by modulation.
BSC (Base Station Controller):
The component of a GSM system that controls a group of base stations and acts
as a node for connecting base stations to the mobile switching center.
BSS (Base Station Subsystem):
The combination of BSCs and base stations that together provide the radio
functionality in a mobile system.
Cell:
The basic geographic unit of a cellular system. Also, the basis for the generic
industry term "cellular". The mobile networks geographic area is divided into
smaller cells, each of which is equipped with a low-powered radio
transmitter/receiver. The cells can vary in size depending upon terrain and
capacity demands. By controlling the transmission power, the radio frequencies
assigned to one cell can be limited to the boundaries of that cell.
Glossary
Cell Site:
The central radio transmitter/receiver that maintains communications with mobile
phones within a give range. Also called a Base Station.
Diversity:
The use of multiple antennas to receive or transmit the same signal, so that if one
of the antennas picks up a weak signal, another antenna should have a strong
signal.
Downlink:
The transmission of radio signals from the Base Station to the mobile handset.
EIR (Equipment Identity Register):
The component of a GSM system that retains information about the identity of
equipment such mobile phones. Assists network operator in discovering stolen
mobile phones and blocking them from using the network.
Fading:
A reduction in signal strength in a radio signal. Fading is usually caused by
reflected waves from the transmitter having different phases from the main signal
path.
GMSC (Gateway Mobile Switching Center):
The component of a GSM network, which provides a point of connection between
the GSM network and the PSTN.
Handoff:
The process of transferring a mobile phone conversation from one cell site to
another as a user crosses cell areas during the conversation.
HLR (Home Location Register):
The component of a GSM network responsible for maintaining the location of a
mobile.
IMEI (International Mobile Equipment Identity):
The unique serial number given to each phone, to help in tracking stolen mobile
phones.
IMSI (International Mobile Subscriber Identity):
A unique number used in GSM systems to identify individual subscribers.
MAHO (Mobile Assisted Handoff):
Similar to a basic handoff, except that the mobile also helps in finding a suitable
base station to handoff into by providing the network with measurements
indicating which base station provides the largest signal strength.
Glossary
Modulation:
Information on a carrier signal modulated by varying one or more of the signal's
basic characteristics - frequency, amplitude and phase. Different modulation
carries the information as the change from the immediately preceding state rather
than the absolute state.
MS (Mobile Station):
Another name for a cellular mobile phone.
MSC (Mobile Switching Center):
The switch in a GSM network, which connects calls from the GMSC to the
particular base station in which the mobile phone is currently located. The MSC
also manages call handovers.
MTSO (Mobile Telephone Switching Office):
The central computer that connects a wireless phone call to the public telephone
network. The MTSO controls the entire systems operations, including monitoring
calls, billing and handoffs.
POTS (Plain Old Telephone Service):
Standard household phone service. PSTN (Public Switched Telephone Network):
The worldwide telephone network which allows people to call anywhere in the
world. The PSTN mainly consists of copper cables and switches.
Roaming:
Roaming allows a user to operate their mobile phone in another countries
network.
The users network makes agreements with other networks worldwide to allow
this to happen.
Smart antenna:
An antenna system with technology that enables it to focus its beam on a desired
signal to reduce interference. A wireless network would employ smart antennas
at its base stations in an effort to reduce the number of dropped calls, improve
call quality and improve channel capacity.
Soft handoff:
Procedure in which two base stations, one in the cell site where the phone is
located and the other in the cell site to which the conversation is being passed,
both hold onto the call until the handoff is completed. The first cell site does not
cut off the conversation until it receives information that the second is maintaining
the call. This reduces the probability of the call being blocked.
Uplink:
The transmission of radio signals from the mobile handset to the Base Station.
VLR (Visitor Location register):
The component of a GSM network which keeps track of a mobile phones
position to the nearest location area.
Glossary
Walsh codes:
A family of orthogonal codes often preferred for CDMA transmission.
WLL Wireless Local Loop:
The use of radio to replace copper wiring as a means of connecting the home to
the PSTN.
TRAINING SECTOR
Sub-sections
Introduction and Overview
GPRS - General Packet Radio Services
GPRS Radio Interface
Procedures
Abbreviations
GPRS Introduction
GPRS Introduction
1
2
3
4
5

Procedures
Abbreviations
Pages
1
1
1
1
1
15
35
18
10
10
Chapter 1
Siemens
Contents
1
Mobile Radio Evolution
23
1.1
Trend: from Speech to Data Transmission
34
1.2
The 3rd Mobile Radio Generation (3G)
46
GSM Current Situation, Services & Applications
69
2.1
170
2.2
GSM Implementation in an evolutionary Concept
192
GSM Phase2+
115
3.1
GSM Phase 2+ Solutions for Meeting Current and Future Mobile

Requirements
126
3.2
Data Transmission in GSM Phase2+
138
4
5
Exercise
Solution
23
27
Siemen
Mobile Radio Evolution

Subscriber trends:
1982 - 2002
Germany
World
100
10
1
2002
2000
1998
1996
1994
1992
1990
1988
1986
0,01
1984
0,1
1982
Subscriber [M.]
1000
Year
Fig. 1 Increase in the number of subscribers due to introduction of first and second generation of mobile communication
Siemens
1.1
Trend: from Speech to Data Transmission
1G offered mainly speech transmission based on analog transmission modes.

Due to the digital transmission mode it uses, 2G offers not only pure speech transmission but also a number of supplementary services and low rate data transmission.
However, mobile radio systems of 2G are suited optimally to the needs of speech
transmission, primarily; the share of data transmitted via the radio interface will not
exceed 2% even towards the end of the 90ties.
Nevertheless, growth rates in the area of data transmission are much higher than in
the area of speech transmission due to the fact that the need for mobile data transmission is becoming acute in the mobile working world of tomorrow (work outside the
office, teleworking).
Forecasts predict the following figures: in the year 2001, 10% of the total traffic volume will be allotted to data transport via the radio interface, in 2005 this will already
rise to 30%, and just two years later, in 2007, data transmission will make up 50% of
the total traffic volume and will thus range equal to speech transmission.
Note that there is an underlying rapid increase in the total amount of traffic.
2 G Trends:
Speech Data transmission
100
1 G:
speech transmission only
speech transmission
supplementary services
data transmission
data
80
traffic [%]
2 G:
speech
60
40
20
0
1996
2001
2005
2007
year
Fig. 2 Trend in the traffic to be transported by future mobile communications systems
1.2
Siemens
The 3rd Mobile Radio Generation (3G)
Currently there are numerous different standards for 1G and 2G mobile radio systems, each of which has specific characteristics, advantages and disadvantages, applications and users. Most of the standards are used merely on a national or regional
scale and are not compatible with each other. They cannot meet the requirements
which will be indispensable for future mobile radio systems, such as improved
speech quality, worldwide availability and particularly a fast transfer of large amounts
of data.
3G currently being standardized under the heading IMT-2000 (International Mobile
Telecommunication) designates a global system of compatible standards which indeed is able to meet the high demands placed on future mobile radio systems (see
above). The general aim is to enable communication with anyone, anywhere, anytime.
Beside speech transmission, high data rate services and multimedia applications are
to be provided to the customer across all operator-dependent, national and geographical borders at any place and any time.
The body in charge of IMT-2000 specification is the International Telecommunication
Union ITU. Thus, IMT-2000 shall become the worldwide guideline to which all standards of the 3G orient themselves. In the framework of IMT-2000 guidelines ETSI is
about to standardize a follow-up GSM standard based on the experiences with and
the success of GSM: the standard is known as UMTS (Universal Mobile Telecommunication Standard).
UMTS is a downward compatible to GSM; as such it shall provide worldwide multimedia access at any point in time and cover all current mobile radio applications.
Data rates of 8 kbit/s up to a maximum of 2Mbit/s shall be supported.
Apart from UMTS the regional standardization authorities draw up further 3G based
on the IMT-2000 guidelines.
Siemens
Third Generation (3G)

1G
2G
Paging
Digital Paging
e.g. ERMES
analog
Cordless Telephone CT
e.g. CT1, 1+
Digital CT
Wireless booth
Wireless
Local Loop
WLL
analoge
PMR
digital
PMR
e.g. TETRA
analog
cellular systems
digital
cellular systems
e.g GSM, D-AMPS,
IS-95, PDC
analog MSS
e.g. INMARSAT
Multiple incompatible standards

for different
digital MSS
e.g. IRIDIUM
applications
countries / regions
3G
one standard (family)
for all
applications
countries / regions
IMT-2000:
UMTS, MC-CDMA,
TD-SCDMA,...
compatibility within 3G
downward compatibility to
2G (e.g. UMTS GSM)
resource efficiency
high data rates
Multimedia
Fig. 3 Intention of third generation as a common global standard for different applications, regions, and service areas
Siemens
GSM Current Situation, Services & Applications
Mobile Radio
Evolution
GSM - current situation,

services & applications
Fig. 4
2.1
Siemens
The GSM standard was planned in the early 80ties and agreed upon in 1990 as first
2G standard. The GSM standard has been specified by ETSI as a consistent open
standard for cellular mobile radio systems. It consists of more than 100 recommendations, categorized into 12 series.
Within Rel. 99 the GSM standard is know specified by GERAN, a group of 3gpp. The
new series are now be found in series number 40-50.
Commercial operation of GSM networks started in 1992. Originally the systems were
planned for Europe only, but in the middle of 1999 there were already 340 GSM networks worldwide in 135 countries/regions. In 2001 there are about 45 million subscriber worldwide
Beside the originally planned GSM standard in the 900 MHz range (GSM900 / EGSM) further GSM adaptations were specified during the 90ties in the 1800 and 1900
MHz range (GSM1800 & GSM1900) as well as one adaptation for railway communication (GSM-R).
GSM900 / E-GSM
In 1990 the first GSM standard, known as GSM900 with 2x 25 MHz developed. An
extension of this, the E-GSM (Extended GSM), provides a further 20 MHz, i.e. a total
of 2 x 35 MHz for GSM, in the event that national authorizations to operate other systems expire.
GSM1800 (DCS1800)
In 1991 the DCS1800 (Digital Cellular System) standard, a GSM adaptation, was
agreed upon as result of a British initiative in view of the opening-up of a massmarket; in 1997 this standard was renamed GSM1800. For GSM1800 2 x 75 MHz is
available in the 1800 MHz area.
GSM1900 (PCS1900)
Since 1995 PCS1900 (Public Cellular System), renamed GSM1900 in 1997 represents the GSM adaptation for the American market. 2 x 60 MHz are available for
GSM1900 and other standards (D-AMPS, IS-95,..).
GSM-R
GSM-R (Railway) was specified as GSM Adaption for mobile radio communication. In
1995 ETSI decided to reserve 2 x 4 MHz in 900 MHz range for GSM-R. First GSM-R
systems are in operation since 1998
Siemens
890
GSM-R
935
GSM-Adaptations
GSM
900
GSM
900
E-GSM
E-GSM
876 880
915 921 925
960
GSM1800
GSM1900
GSM-R
GSM
1800
GSM
1800
GSM
1900
[MHz]
1710
Frequency Range
[MHZ]
GSM900
E-GSM
1880
1785 1805 1850
Useable HF
channels
GSM
1900
1910 1930
1990 [MHz]
Application Area
890 - 915 / 935 - 960

880 - 915 / 925 - 960
124
174
Worldwide except
US
1710 - 1785 / 1805 - 1880
374
Worldwide except
US
1850 - 1910 /1930 - 1990
Shares HF-channels
with other standards
876 - 880 / 921 - 925
19
US
European
railroads
Fig. 5 Adaptations of GSM in frequency due to trend to mobile communication
2.2
Siemens
GSM Implementation in an evolutionary Concept
Originally, the GSM standard was intended as a completed, non-modifiable standard

to be used until the standardization of a 3G follow-up system. However, in 1988 already it became obvious that it was not possible to standardize all the technical details and service offers requested within the time frame set. This resulted in the important decision to leave the GSM standard incomplete and develop and work on it
permanently instead. The evolutionary GSM concept thus provides enough scope for
technical evolutions and can be quickly adapted to the rapidly changing market conditions. GSM developed in various phases.
GSM Phase1
Phase 1 (agreed upon in 1990/91) includes all central prerequisites for mobile, digital
transmission of information. Speech transfer plays an important role. Data transmission was also defined with transmission rates of 0.3 to 9.6 kbit/s. GSM phase 1 includes only a few supplementary services.
GSM Phase2
Research on GSM phase 2 was concluded in 1995. Mainly supplementary services
comparable to ISDN were specified, but also technical improvements such as half
rate speech were considered. Of central importance was the agreement on downward compatibility, meaning that all networks and terminal equipment of phase 2
were compatible to the networks and terminal equipment of phase 1.
GSM Phase2+
Phase2+ marks a smooth transition as opposed to phase2. The standard is not entirely re-worked. Since 1996 annual releases take place and current themes relate to
new supplementary services relevant mainly for special groups of users, as well as to
connection and call control issues, IN applications and data services with high transmission rates.
Siemens
GSM: evolutionary concept

Early concept:
closed standard
life time: until successor standardisation (3G)
Capabilities
Downward compatibility
Phase 2
Phase 1
Phase 1
1991
Speech FR,
standard services
Data: max. 9,6 kbit/s
Phase 2+
Phase 2
Phase 1
1995
multiple
Supplementary Services (SS)
comparable to ISDN;
decision downward compatibility
1997
year
Annual Releases !
new SS
IN-applications
new Bearer Services
(high data rates)
Fig. 6 Evolutionary concept of the GSM standard
10
Siemens
GSM Phase2+
Mobile Radio
Evolution
GSM - Phase 2+
Fig. 7
11
Siemens
3.1
GSM Phase 2+ Solutions for Meeting Current and

Future Mobile Requirements
GSM phase 2+ develops solutions for numerous demands placed on future mobile
radio systems. Improved speech quality is realized through introduction of a new
speech code (Enhanced Full Rate Speech), worldwide availability is achieved
through multi-mode terminal equipment (satellite roaming). New features (e.g. Advanced Speech Call Items ASCI for GSM-R) and IN-integration (e.g. Customized Applications for Mobile network Enhanced Logic, CAMEL) supplement the portfolio of
applications. For the implementation of mobile Computing / Internet access, bearer
services such as High Speed Circuit Switched Data HSCSD, General Packet Radio
Service GPRS are standardized allowing for the adaptation of transmission rates to
those of ISDN. Also, transmission rates can be increased up to 100 kbit/s and more.
User-friendly equipment and comfortable connection options to the mobile equipment
(Blue Tooth) round off the offer and make it suited to meet future demands.
The importance of phase 2+ lies, however, also in the creation of a platform on which
the GSM follow-up standard UMTS can be based. Numerous features of phase 2+
(especially GPRS and CAMEL) are guidelines for UMTS and shall prepare UMTS
features. Thus, upward compatibility of GSM with the 3rd mobile generation is ensured and also downward compatibility of UMTS with GSM. To successfully introduce
UMTS this compatibility with GSM as quasi-world standard is indispensable, as is
the usage of a common GSM (Phase 2+)/UMTS infrastructure.
GSM
Phase2+
Satellite
Roaming
EFR
Enhanced
Full Rate
GPRS
Multiple further
features
ASCI
Advanced Speech
Call Items
CAMEL
Customized Application
for Mobile network
Enhanced Logic
HSCSD
High Speed Circuit
Switched Data
MultiBand / Mode
EDGE
Enhanced Data Rates
for the GSM evolution
General Packet
Radio Service
GSM
Phase 2+
Solutions
Fig. 8 Solutions for new demands and market trends offered by GSM phase 2+
GSM solutions for

demands to
mobile radio:
enhanced speech quality

user friendly equipment
world-wide connectivity /
home PLMN service
specific services
fast transfer of large
data volumes
platform for UMTS:

compatibility GSM UMTS
common infrastructure
12
3.2
Siemens
Data Transmission in GSM Phase2+
To increase the data transmission rates, in GSM phase 2+ new bearer services with
rates comparable to or higher as ISDN are developed:
HSCSD (High Speed Circuit Switched Data)
GPRS (General Packet Radio Services)
EDGE (Enhanced Data Rates for the GSM Evolution)
High Speed Circuit Switched Data HSCSD
HSCSD (Rec. 02.34) is a circuit switched data service (only point-to-point) for applications with higher bandwidth demands and continuous data stream, e.g. motion
pictures or video telephony. The higher bandwidth is achieved by combining 1-8
physical channels for one subscriber. Additionally, the data transmission codec was
changed such that a maximum of 14.4 kbit/s instead of 9.6 kbit/s can be transmitted
per physical channel. In this way, HSCSD theoretically enables transmission rates up
to 115.2 kbit/s. In order to implement HSCSD merely the GSM-PLMN software must
be modified. More problematic is the high volume of resources needed.
General Packet Radio Services GPRS
With GPRS it is possible to combine 1-8 physical channel for one user, just as with
HSCSD. Various new coding schemes with transmission rates of up to 21.4 kbit/s per
physical channel enable theoretical transmission rates up to 171.2 kbit/s. Opposite to
HSCSD, GPRS is a packet-switched bearer service, meaning that the same physical
channel can be used for different subscribers. GPRS is resource efficient for applications with a short-term need for high data rates (e.g. surfing the Internet, E-mail, ...).
GPRS also enables point-to-multipoint transmission and volume dependent charging.
Extensions of the GSM network and protocol architecture are necessary for GPRS
implementation.
13
Siemens
Comparison HSCSD / GPRS

HSCSD
GPRS
circuit oriented
real time applications
(e.g. video telephone)
bundling of channels
(up to 8 time slots)
new coding scheme
(9.6 kbit/s 14.4 kbit/s)
point-to-point
small HW modifications
packet oriented
data applications
(e.g. internet surfing)
bundling of channels
(up to 8 time slots)
4 new coding schemes
(9.6 kbit/s 9.05 ... 21.4 kbit/s)
point-to-multipoint
new network elements/protocols
TDMA-frame 8 Time Slots

Time Slot
HSCSD
GPRS
up to
up to
14.4 kbit/s 21.4 kbit/s
Fig. 9 Comparison of HSCSD and GPRS
Enhanced Data rates for the GSM Evolution EDGE

EDGE (Release`99) is able to realize up to 69.2 kbit/s per physical channel though
the change of the GSM modulation procedure (8PSK instead of GMSK). Theoretically, transmission rates of up to 553.6 kbit/s (meeting 3G requirements) would be
possible by combining up to 8 channels. A combination of GPRS and EDGE could offer optimum usage of Inter- and Intranet, ensuring highest economy in frequency resource utilization at the same time.
The change of the modulation method will require hardware changes in the BSS (the
BTS have to be upgraded) and the MS. The mobile equipment has to be small and
cheap but on the other hand high quality linear amplifiers are needed for 8PSK. The
solution to this problem could be that in the introduction phase EDGE is only used in
the downlink.
14
Siemens
EDGE
(Enhanced Data Rates for GSM Evolution)
EDGE:
uses a new modulation method:
replaces GMSK by 8PSK
three bit of information can be transported
by one symbol of modulation (instead of one bit)
BTS has to be upgraded
hardware modifications are necessary
will possibly used only DL in the introduction phase
cheap mobile phones
asymmetric data rates in UL and DL
Fig. 10 EDGE replaces GMSK modulation method to enhance data rates
15
Chapter 2
GPRS General Packet Radio
Services
Sidemen's
Contents
1
GPRS Objectives and Advantages
23
1.1
34
1.2
Standardization
56
Basic Principles
79
2.1
Management of Radio Resources/ Coding Schemes
180
2.2
GPRS Subscriber Profile
102
2.3
Quality of Service (QoS) Profiles
124
GPRS-Architecture
1721
3.1
GPRS Architecture
1822
3.2
GSM Phase 2+, Interfaces
1924
3.3
New Network Elements for GPRS
216
Logical Functions
2735
4.1
Logical Functions in the GPRS Network
2836
4.2
Allocation of Logical Functions
3544
5
6
Exercises
Solutions
47
55
Sidemen's
GPRS
General Packet Radio Services
Objectives & Standardization
Fig. 1
GPRS
- General Packet Radio Services
Sidemen's
1.1
Sidemen'
The transmission of data is becoming increasingly important in the field of telecommunication. In the fixed network, the transmission of extensive data files and E-mail
and contacts to the Intra- and Internet is by far in excess of language transmission.
The need for mobile data transport is increasing at a similarly impressive rate, yet the
presently available mobile communication systems, even GSM, still present a number of shortcomings.
Disadvantages for the user in GSM Phase 1/2:
In GSM (phase 1/2), the data rate is limited to a peak value of 9.6 kbit/s
Links to the data networks need to be routed via PSTN/ISDN (Additional charging of
the user for using a transit network)
The user is billed for the connection duration instead of being billed for his/her actual
use of the network (data volume)
The set-up of a connection takes more time (ca. 20s if a modem is used)
The length of SMS is limited (160 alphanumerical characters)
Disadvantages for the provider in GMS Phase 1/2:
Inefficient resource management & the number of users is limited.
HSCSD (High Speed Circuit Switched Data)
In principle, transmission rates of up to 115.2 kbit/s can be achieved with HSCSD.
Combining 4 timeslots, the ISDN transmission rate can be matched. One problem of
HSCSD, however, is the circuit switched data transmission. Efficient resource management is impossible. Additional costs arise for the user. For this reason HSCSD is
essentially suited for applications involving high but constant transmission rates
(videotelephony).
GPRS (GENERAL PACKET RADIO SERVICES)
GPRS is, on the one hand, intended to provide the possibility of transmitting large
volumes of data in a very short time. On the other hand it is meant to ensure effective
management of available resources, which will increase the number of users and reduce the costs arising for the individual user (volume-oriented fees).
Another positive consequence of the introduction of GPRS is its direct access to the
Intra- and Internet and the possibility to use point-to-point and point-to-multipoint services side by side. An important aspect is that GSM networks are prepared for the introduction of UMTS.
Sidemen's
GPRS Objectives
& Advantages
SMSC
PDNs
SMS
BSS
SSS
BS-udi
ISDN
Modem
Service provider
access point
Modem
BS3.1 kHz
audio
IP
Internet
Intranet
PSPDN
PSTN
GPRS: high data rates
reducing costs (volume dependent charging)

resource efficient
Point-to-Multipoint services for PMR market
no SMS restrictions
direct IP/X.25 connection
prerequisite for UMTS introduction future proof solution
Fig. 2 Limitations of the network architecture
GPRS
Sidemen's
1.2
Sidemen'
Standardization
The introduction of GPRS into the GSM Recommendations is carried out in two
phases.
Phase 1 of GPRS introduction was completed by ETSI in the Annual Release 1997
(03/98) and includes all central GPRS functions.
Phase 1 supports:
Point-to-point transfer of user data
TCP/IP and X.25 bearer services
GPRS identities
GPRS safety (a new ciphering algorithm specially designed for packet data)
Support of volume-oriented billing
In Phase 2, further extensions are planned for all requirements to be met by GPRS:
Support of point-to multipoint (PTM) services
Support of special point-to-point and point-to-multipoint services for applications such
as traffic telematics and GSM-R (PTM-Group Call: PTM-Multicast)
Support of further additional services
Support of additional interworking functions (e.g. ISDN)
Phase 2 will be completed in 1998 or 1999.
GPRS Phase 1 includes the introduction of a number of new recommendations;
some of the existing recommendations have been modified to cover other GPRS
functions, too.
The following recommendations are of central importance:
Rec. 02.60 General GPRS Overview
Rec. 03.60 GPRS System and architecture description
Rec. 03.64 Radio architecture description
GPRS-Standardisation
Sidemen's
Phase 1:
(Rel.`97)
GPRS Standardisation in 2 Phases
PtP Data transmission

TCP/IP & X.25 Bearer Services
GPRS Identities
GPRS Security (Ciphering)
SMS via GPRS
volume dependent charging
Phase 2:
(Rel.`98/99)
PtM data transmission

Broadcast & Group Call
traffic telematic, GSM-R
further interworking
functionality
further services
Rec. 02.60
ETSI/GERAN
General GPRS Overview
Rec. 03.60
GPRS system &
architecture description
Rec. 03.64
Very important:
Radio architecture description
Fig. 3 Standardization of GPRS in phases
Sidemen's
Basic Principles
GPRS
Basics
Fig. 4
GPRS
Sidemen's
2.1
Sidemen'
Management of Radio Resources/ Coding

Schemes
In a GPRS-supported cell, one or several physical channels can be allocated to

GPRS transmission. These physical channels (Packet Data Channels PDCHs) are
shared by GPRS mobile stations and are taken from the common/shared pool of all
available physical channels of the cell.
Distribution of the physical channels for various logical packet data channels is based
on blocks of 4 normal bursts each. Uplink (UL) and downlink (DL) for GPRS packet
data are assigned separately (consideration of asymmetrical traffic peaks). Allocation
of circuit switched services and GPRS is achieved dynamically, depending on what
capacities are required (capacity on demand). PDCHs need not be allocated permanently; however, it is possible for the operator to permanently or temporarily reserve a number of physical channels for GPRS traffic.
New GPRS coding schemes (CS) - CS1 - CS4 - have been defined for the transmission of packet data traffic channel PDTCH (Rec. 03.64). Coding schemes can be assigned as a function of the quality of the radio interface. Normally, groups of 4 burst
blocks each are coded together.
CS-1 makes use of the same coding scheme as has been specified for SDCCH in
GSM Rec. 05.03. It consists of a half rate convolutional code for forward error correction FEC. CS-1 corresponds to a data rate of 9.05 kbit/s.
CS-4 has no redundancy in transmission (no FEC) and corresponds to a data rate of
21.4 kbit/s.
CS-2 and CS-3 represent punctured versions of the same half rate convolutional
code as CS-1.
CS-2 corresponds to a rate of 13.4 kbit/s, while CS-3 corresponds to a data rate of
15.6 kbit/s.
In principle, 1 to 8 time slots TS of a TDMA frame can be combined dynamically for a
user for the transmission of GPRS packet data. Theoretically it is thus possible to
achieve peak performances of up to 171.2 kbit/s (8x21.4 kbit/s) with GPRS.
Sidemen's
Radio Resource Management / Coding Schemes

Physical channel of one cell
CS & PS (GPRS):
capacity on demand
CS-1
CS-2
CS-3
CS-4
Coding
Schemes
GPRS-MSs:
combining 1-8 TS
GPRS-MSs:
sharing physical channel
GPRS-MSs:
asymmetric UL / DL
9,05 kbit/s
13,4 kbit/s
15,6 kbit/s
1-8
channel
Up to
171,2 kbit/s
(theoretically)
21,4 kbit/s
different
redundancy (FEC)
Um transmission quality
Fig. 5 Management of radio resources: coding schemes, FEC, and redundancy
GPRS
Sidemen's
2.2
Sidemen'
The GPRS Subscriber Profile is the description of the services a subscriber is allowed to use. Essentially, it contains the description of the packet data protocol used.
A subscriber may also use different packet data protocols (PDPs), or one PDP with
different addresses. The following parameters are available for each PDP:
The packet network address is necessary to identify the subscriber in the public
data net. Either dynamically assigned (temporary) addresses or (in the future) static
addresses are used in case of IP. The problem of the dynamic addresses will be
overcome with the change from Ipv4 to IPv6. In GPRS is two layer 2 protocols are allowed, X.25 or IP.
The quality of service QoS: QoS describes various parameters. The subscriber profile defines the highest values of the QoS parameters that can be used by the subscriber.
The screening profile: This profile depends on the PDP used and on the capacity of
the GPRS nodes. It serves to restrict acceptance during transmission/reception of
packet data. For example, a subscriber can be restricted with respect to his possible
location, or with respect to certain specific applications.
The GGSN address: The GGSN address indicates which GGSN is used by the subscriber. In this way the point of access to external packet data networks PDN is defined. The internal routing of the data is done by IP protocol; the GSNs will have IP
addresses. A DNS function is needed to find the destination of the data packets (address translating: e.g. www.gsn-xxx.com 129.64.39.123)
10
Sidemen's

Subscription profile
used Packet Data Protocols PDP
possible: 1 Subscriber - different PDPs / 1 PDP with different addresses
QoS
Quality of Service
Packet
network address
highest QoSparameter values in

Subscriber Profile
static/dynamic
IP address
PDP
Parameter
GGSN address
Access to external PDN
Screening
Profile
limits receiving / emission
of data packets
Fig. 6 Part of the GPRS subscriber profile are the PDPs and their parameters
11
GPRS
Sidemen's
2.3
Sidemen'
Quality of Service (QoS) Profiles
The different applications that will make use of packet-oriented data transmission via
GPRS require different qualities of transmission. GPRS can meet these different requirements because it can vary the quality of service (QoS) over a wide range of attributes. The quality of service profile (Rec. 02.60, 03.60) permits selection of the following attributes:
Precedence class
Delay class
Reliability class
Peak throughput class
Mean throughput class.
By combining the variation possibilities of the individual attributes a large number of

QoS profiles can be achieved. Only a limited proportion of the possible QoS profiles
need PLMN-specific support.
Quality of Service QoS - Profile

Different requirements for different applications
multiple GPRS QoS profiles
Peak
throughput
class
precedence class
reliability class
mean throughput
class
delay class
PLMN must support only
limited QoS service profile
Fig. 7 Quality of service parameters
12
GPRS
Sidemen's
Sidemen'
Precedence Class
Three different classes have been defined to allow assessment of the importance of
the data packets, in case of limited resources or overload:
1. High precedence
2. Normal precedence
3. Low precedence
Delay Class
GSM Rec.02.60 defines 4 delay classes (1 to 4). However, a PLMN only needs to realize part of these. The minimum requirement is the support of the so-called best effort delay class (Class 4). Delay requirements (maximum delay) concern the delay of
transported data through the entire GPRS network (the first two columns refer to data
packets 128 bytes in length, while the last two columns apply to packets 1024 bytes
in length).
Delay Class
mean transfer
delay (sec)
95% delay
(sec)
mean transfer
delay (sec)
95% delay
(sec)
< 0,5
< 1,5
<2
<7
<5
< 25
< 15
< 75
< 50
< 250
< 75
< 375
4 (Best Effort)
unspecified
unspecified
unspecified
unspecified
13
Sidemen's

Precedence Class
1: high priority
2: normal priority
3: low priority
Delay Class
Delay Class
mean transfer
delay (sec)
1
< 0,5
2
<5
3
< 50
4 (Best Effort) unspecified
minimum
requirements
95% delay
(sec)
< 1,5
< 25
< 250
unspecified
SDU size: 128 Byte
mean transfer
delay (sec)
<2
< 15
< 75
unspecified
95% delay
(sec)
<7
< 75
< 375
unspecified
1024 Byte
Fig. 8 QoS is an assumption of several parameters, which are defined in the recommendations
14
GPRS
Sidemen's
Sidemen'
Reliability Class
Transmission reliability is defined with respect to the probability of data loss, data delivery beyond/outside the sequence, twofold data delivery, and data falsification
(probabilities 10-2 to 10-9):. 5 reliability classes (1 to 5) have been defined, 1 guaranteeing the highest and 5 the lowest degree of reliability. Highest reliability (Class 1) is
required for error-sensitive, non-real-time applications, which have no possibility of
compensating for data loss; lowest reliability (Class 5) is needed for real-time applications which can get over data loss.
Peak Throughput Class

The peak throughput class defines the maximum data rate to be expected (in
bytes/s). However, there is no guarantee that this data rate/throughput can be
achieved over a certain period of time. This depends on the capacity of the MS and
the availability of radio resources. 9 throughput classes have been defined, ranging
from Class 1 with 1000 bytes/s (8 kbit/s) to 256,000 bytes (2048 kbit/s). The maximum data rate doubles from one class to the next.
Mean Throughput Class

The mean throughput class represents the mean data rate /throughput to be expected for data transport via the GPRS network during an activated link. A total of 19
classes have been defined. Class 1 is best effort and means that the data rate for
the MS is made available on the basis of demand and availability of resources.
Class 2 stands for 100 bytes/h (0.22 bit/s), class 3 for 200 bytes/h, class 4 for 500
bytes/h and class 5 for 1000 bytes/h, etc. till Class 19 which stands for 50000000
bytes/h (111 kbit/s).
15
Sidemen's
Reliability Class
1 - 5 (lowest):
data loss probability
out of sequence probability
duplicate probability
corrupt data probability
probabilities 10 -9 - 10 -2
peak throughput Class

1 - 9: > 8 kbit /s - >2048 kbit /s
maximum data rate
no guarantee for this data rates
over a longer period of time
mean throughput Class

medium, guaranteed data rate; Class 1-19
1: best effort
100 Byte/h (0,22 bit/s) / 200 / 500 / 1000 / ... /
50 Mio. Byte/h (111 kbit/s)
Fig. 9 QoS is an assumption of several parameters, which are defined in the recommendations
16
Sidemen's
GPRS-Architecture
GPRS
Architecture
Fig. 10
17
GPRS
Sidemen's
3.1
Sidemen'
GPRS Architecture
For introducing GPRS, the logical GSM architecture is extended by two functional
units:
The Serving GPRS Support Node SGSN is on the same hierarchic level as MSC
and has functions comparable to those of a Visited MSC (VMSC).
The Gateway GPRS Support Node GGSN has functions comparable with those of a
Gateway MSC (GMSC) and offers interworking functions for establishing contact between the GSM/GPRS-PLMN and external packet data networks PDN
A GPRS Support Node GSN includes the central functions required to support the
GPRS. One PLMN can contain one or more GSNs.
In addition to GSN, extensions of functions in other GSM functional units are necessary:
In the BSS a Packet Control Unit PCU ensures the reception/adaptation of packet
data from SGSN into BSS and vice versa.
GPRS subscriber data are added to the HLR. On the following pages of this script
this extension will be termed GPRS Register GR.
GPRS - Architecture
in BTS
for channel coding
GPRS subscription data

(GPRS Register GR)
HLR
Mobile
DTE
BSS
PCU

for
protocol conversion &
radio resource
management
VMSC /
VLR
GMSC
PSTN
ISDN
SGSN
GGSN
Serving GPRS
Support Node
Gateway GPRS
Support Node
Internet
Intranet
X.25
New network entities:

SGSN
(access to BSS)
GGSN
(access to PDN)
Fig. 11 Outline of the GPRS architecture
18
Sidemen's
GPRS
3.2

Sidemen'
GSM Phase 2+, Interfaces
Integration of functions GGSN and SGSN (which are necessary for GPRS) into a
GSM-PLMN makes it necessary to provide names for a series of new interfaces in
addition to interfaces A-G already defined in the GSM-PLMN:
Gb - between an SGSN and a BSS; Gb allows the exchange of signaling and user
data: Unlike the A-interface, in which a user is assigned a certain physical resource
for the entire/full duration of a connection, on Gb a resource is only assigned in case
of activity (i. e. when data are being transmitted/received). A large number of subscribers use the same physical resources. The same holds for interfaces Gi, Gn and
Gp.
Gc - between a GGSN and an HLR
Gd - between an SMS-GMSC / SMS-IWMSC and an SGSN
Gf - between an SGSN and an EIR
Gi - between GPRS and an external packet data network PDN
Gn - between two GPRS support nodes GSN within the same PLMN
Gp - between two GSN located in different PLMNs. The Gp interface allows the supporting of GPRS services over an area of cooperating GPRS PLMNs.
Gr - between an SGSN and an HLR
Gs - between an SGSN and an MSC/VLR; serves to support an MS using both
GPRS and circuit switched services (e.g. update of location information).
19
Sidemen's
Common GSM/GPRS/UMTS Network:

Interfaces, Network Elements
Asub
MS
BTS
(SIM)
Um
Uu
UE
(USIM)
Abis
BTS
B
S
C
T
R
A
U
VLR
A
A
IWF/
TC
Gb
CSE
GSM BSS
UMTS
Terrestrial
Radio
Access
Network
MSC
Gs
Iu(CS)
Iu(PS)
E
Gf
SGSN
Gd
SMS-GMSC
SMS-IWMSC
GMSC
PSTN
ISDN
EIR HLR/AC
Gr
Gc
GGSN G
Gn
i
SLR
IP
X.25
GSM Phase 2+
Core Network
IWF/TC: Interworking Function / Transcoder
Fig. 12 Common GSM/GPRS/UMTS core network, coexistence of two radio access networks (GSM BSS/UTRAN)
20
Sidemen's
GPRS
3.3
3.3.1
Sidemen'
New Network Elements for GPRS

Serving GPRS Support Node (SGSN) Functions
SGSN realizes a large number of functions for performing GPRS services.

SGSN is on the same hierarchic level as an MSC and handles many functions comparable to a Visited MSC (VMSC).
SGSN
is the node serving GPRS mobile stations in a region assigned to it;
traces the location of the respective GPRS MSs (Mobility Management functions);
is responsible for the paging of MS;
performs security functions and access control (authentication/cipher setting procedures,...) Procedures are based on the same algorithm, ciphers and criteria as in the
former GSM. Ciphering algorithms have been optimized for the transmission of
packet data;
has routing/traffic-management functions;
collects data connected with fees/charges;
realizes the interfaces to GGSN (Gn), PCU (Gb), other PLMNs (Gp), HLR (Gr),
VLR (Gs), SMS-GMSC (Gd), EIR (Gf).
3.3.2
Gateway GPRS Support Node (GGSN) Functions
GGSN realizes functions comparable to those of a gateway MSC.

GGSN
is the node allowing contact/interworking between a GSM PLMN and a packet
data network PDN (realization Gi-interface);

contains the routing information for GPRS subscribers available in the PLMN.
Routing information serves to contact the respective SGSN in the providing area of
which an MS is momentarily located;
has a screening function;
can inquire about location informations from the HLR via the optional Gc interface
transfers data/signaling to SGSN via Gn interface.
21
Sidemen's
SGSN & GGSN

SGSN
serves MSs in SGSN area

Mobility Management functions, e.g
Update Location, Attach, Paging,..
Security and access control:
Authentication, Cipher setting, IMEI Check...
New cipher algorithm
realises Interfaces: Gn, Gb, Gd, Gp, Gr, Gs, Gf
controls subscribers in its service area (SLR)

Gi-,Gn-Interface: Interworking PLMN PDN
Routing Information for attached GPRS user
optional Gc interface
GGSN
Fig. 13 Tasks of GGSN and SGSN
22
Sidemen'
Sidemen's
GPRS
3.3.3
Physical Realization SGSN/GGSN
SGSN and GGSN functions, respectively, can be located within the same physical
unit or at different locations in different physical units. SGSN and GGSN include the
internet protocol (IP) routing function and can be linked together/Interconnected with
IP routers (IP-based GPRS backbone network for Gn). The same holds for the Gp interface (SGSN and GGSN in different PLMNs); in addition there are safety functions
for inter-PLMN communication.
HLR (GPRS Register GR)

HLR includes the GPRS subscriber information (GPRS Register GR) and routing information. Access to HLR is possible from SGSN via Gr and from GGSN via Gc interface.
SGSN & GGSN:

physical location
MSC/VLR
HLR (GR)
Gs
BSS
PCU
Gb
BSS
PCU
Gb
GPRS-MS
SGSN & GGSN
in same
physical entity
Gr
Gi
GGSN
SGSN
BSS PCU
GPRS-MS
SGSN
other
PLMN GGSN
GPRS subscriber data

(GPRS Register GR)
Routing information
External
IP Network
SGSN & GGSN

in different
physical entities /
location
BSS PCU
SGSN
HLR:
Gn
IP-based
Backbone
Network
Gp
GGSN
GGSN
External
IP Network
External
X.25 Network
Security fu nctions
for Inte r-PLMN
co mmunication
Fig. 14 Different physical locations of SGSN and GGSN
23
GPRS
Sidemen's
3.3.4
Sidemen'
In the BSS, the PCU serves

for the management of GPRS radio channels (Radio Channel Management functions), e.g. power control, congestion control, broadcast control information
for the temporal organization of the packet data transfer for uplink and downlink
it has channel access control functions, e.g. access request and grants
it serves for converting protocols from the Gb interface to the radio interface Um.
Three options for positioning the PCU are provided in Rec. 03.60:
Option A: In the BTS
Option B: in the BSC
Option C: In spatial connection with the SGSN
The different positions may be used due to the different solutions of the vendors and
with regard to the traffic, which has to be handled by the PCU/BSS.
3.3.5
The CCU contains the following functions:

Channel coding, including forward error correction FEC and interleaving
Radio channel measurements, including received quality and signal level, timing advance measurements
24
Sidemen's
PCU, CCU, GPRS - MS

CCU
MS
CCU
CCU
MS
BTS
BSC site
CCU
BTS
BSC site
GSN site
PCU
BTS
BSC site
GSN site
PCU
CCU
Um
GSN site
PCU
CCU
MS
optional:
PCU-location
Gb
Abis

Channel Coding (FEC, Interleaving,..)
Radio Channel Measurementfuncions
(received quality & signal level, TA,..)
Gb
Channel Access Control functions
Radio Channel Management functions
(Power Control, Congestion Control,...)
scheduling data transmission (UL/DL)
protocol conversion (Gb Um)
Fig. 15 Positioning of the new network elements in the GSM BSS
25
GPRS
Sidemen's
3.3.6
Sidemen'
GPRS Mobile Stations MS
A GPRS MS can work in three different operational modes. The operational mode
depends on the service an MS is attached to (GPRS or GPRS and other GSM services) and on the mobile stations capacity of simultaneously handling GPRS and
other GSM services.
Class A operational mode: The MS is attached to GPRS and other GMS services
and the MS supports the simultaneous handling of GPRS and other GSM services.
Class B operational mode: The MS is attached to GPRS and other GMS services,
but the MS cannot handle them simultaneously.
Class C operational mode: The MS is attached exclusively to GPRS services.
Note: Various GSM specifications use the terms GPRS Class-A MS, GPRS Class-B
MS, GPRS Class-C MS.
GPRS-Mobile Station
Class A
Simultaneously handling
of GPRS and other
GSM services
Class B
GPRS and GSM
services but not
simultaneously
Class C
Only GPRS services
Fig. 16 GPRS mobile stations
26
Sidemen's
Logical Functions
GPRS
Logical Functions
Fig. 17
27
Sidemen's
GPRS
4.1

Sidemen'
Logical Functions in the GPRS Network
The tasks required for the handling of processes in the GSM-/GPRS network are
structured into logical functions. These functions may contain a large number of individual functions. Logical functions are:
Network access control functions
Packet routing and transfer functions
Mobility management functions
Logical link management functions
Network management functions.
Logical functions
in GPRS networks
Network Access
Control
Functions
Mobility
Management
Functions
Radio Resource
Management
Functions
Packet Routeing
& Transfer
Functions
Logical Link
Management
Functions
Network
Management
Functions
Fig. 18 Logical functions of the GPRS network
28
Sidemen's
GPRS
4.1.1
Sidemen'
Network Access Control Functions
Network access means the way or manner in which a subscriber gains access to a
telecommunication network to make use of the services this network provides. An
access protocol consists of a defined set of procedures, which makes access to the
network possible. Network access can be obtained both from the MS and from the
fixed network part of the GPRS network. Depending on the provider, the interface to
external data networks can support various access protocols, e.g. IP or X.25. The following functions have been defined for access to the GPRS network:
Registration function: Registration stands for linking the identity of the mobile radio
subscriber to his packet data protocol (or protocols), the PLMN-internal addresses
and the point of access of the user to external data Protocol (PDP) networks. This
link can be static (HLR entry), or it can be effected on demand.
Authentication and authorization function: This function stands for the identification of the subscriber and for access legitimacy when a service is demanded. In addition, the legitimacy of the use of this particular service is controlled. The authentication function is carried out in conjunction with the mobility management functions.
Admission control function: Admission control is intended for determining the network resources required for performing the desired service (QoS). It also decides
whether these resources are available, and lastly it is used for reserving resources.
Admission control is effected in conjunction with the radio resource management
functions to enable assessment of radio resources requirements in each individual
cell.
Message screening function: A "screening" function is combined with the filtering of
unauthorized or undesirable information/messages. In the introduction stage of
GPRS a network-controlled screening function is supported. Subscription-controlled
and user-controlled screening may be additionally provided at a later stage.
Packet terminal adaptation function: This function adapts data packets received/transmitted from/to the terminal equipment TE to a form suited for transport
through the GPRS network.
Charging data collection function: This function is used for collecting data required
for billing
29
Sidemen's
Network Access Control Function

Registration:
Users mobile ID associated with
*users PDP
*address
*access points
Admission Control
*required resources
(available resouces)
(reservation of resources)
Packet Terminal Adaption

Adaption of data packets
between
MS-TE and GPRS-network
Authentication &
Authorisation
*user
*requested services
Message Screening
Filters unsolicited and
unauthorised messages
Charging Data Collection

Subscription fees + traffic fees
Fig. 19 Network access control functions
30
Sidemen's
GPRS
4.1.2
Sidemen'
Packet Routing and Transfer Functions
A route consists of an orderly list of nodes used for the transfer of messages within
and between the PLMNs. Each route consists of the node of origin, no node, one or
several relay nodes, and the node of destination. Routing is the process of determining and using the route for the transmission of a message within or between PLMNs.
Relay function: Transferring data received by a node from another node to the next
node of the route.
*Routing function: Determining the transmission path for the next hop on the route
towards the GPRS support node (GSN) the message is intended for. Data transmission between GSNs can be effected via external data networks possessing their own
routing functions; e. g. X.25, Frame Relay or ATM networks.
Address translation and mapping function: Address translation means transforming
one address into another, different address. It can be used to transform addresses of
external network protocols into internal network addresses (for routing purposes).
Address mapping is used to copy a network address into another network address of
the same type (e.g. for the routing and transmitting of messages from one network
node to the next).
Encapsulation function: Encapsulation means supplementing address- and control information into one data unit for the routing of packets within or between PLMNs. The
opposite process is called decapsulation. Encapsulation and decapsulation is effected between the GSN of the GPRS-PLMN as well as between the SGSN and the
MS.
Tunneling Function: Tunneling means the transfer of encapsulated data units in the
PLMN. A tunnel is a two-way point-to-point path, only the endpoints of which are
identified.
Compression function: for the optimal use of radio link capacity.
Ciphering function: preventing eavesdropping
Domain name server function: Decoding logical GSN names in GSN addresses. This
function is a standard function of the internet.
31
Sidemen's
Packet Routing & Transfer Function
Relay
forward data packets
Address Mapping
&Translation
Routing
next hop
Encapsulation
Ciphering
Tunneling
Compression
Domain Name
Server
Fig. 20 Packet routing and transfer functions in the GPRS network
32
Sidemen's
GPRS
4.1.3
Sidemen'
Mobility Management Functions
Mobility management functions are used to enable tracing the actual location of a
mobile station in either the home-PLMN or a Visited-PLMN.
4.1.4
Logical Link Management Functions
Logical link management functions concern maintenance of a communication channel between an MS and the PLMN via the radio interface Um. These functions include the coordination of link state information between the MS and the PLMN and
the monitoring of data transfer activities via the logical link.
Logical link establishment function: Building up a logical link by during GPRS attach.
Logical link maintenance function: Monitoring of the state of the logical link and
state modification control.
Logical link release function: De-allocation of resources associated with the logical
link.
4.1.5
Radio Resource Management Functions
Radio resource management functions include allocation and maintenance of communication channels via the radio interface. The GSM radio resources must be divided /distributed between circuit switched services and GPRS.
Um management function: Managing available physical channels of cells and determining the share of radio resources allocated for use in the GPRS. This share may
vary from cell to cell.
Cell selection function: Allows the MS to select the optimal cell for a communication
path. This includes measurement and evaluation of the signal quality of neighboring
cells and detection and avoidance of overload in the eligible cells.
Um-tranx function: Offers capacity for packet data transfer via Um. The function includes a. o. procedures for multiplexing packets via shared physical channels, for retaining packets in the MS, for error detection and correction, and for flow control.
Path management function: Management of packet data communication between
BSS and serving GSN node. Establishing and canceling these paths can be effected
either dynamically (amount of traffic data) or statically (maximum load to be expected
for each cell).
4.1.6
Network Management Functions
Network management functions provide mechanisms for the support of GPRSrelated operation & maintenance functions.
33
Sidemen's
Mobility Management Functions

Keep track of current MS-location
Radio Resource
Management Functions
Logical Link
Management Functions
Maintenance of communication channel,

co-ordination Link state information & supervision of
data transfer activity over the logical link MS - SGSN
Logical Link Establishment
Logical Link Maintenance
Logical Link Release
Allocation & maintenance of radio communication path

Um Management: manage resources GPRS / non GPRS
Cell Selection:select optimal cell (by MS)
Um-tranx: MAC via Um, user multiplexing, packet discrimination
within MS, error detection & correction, flow control procedures
Path Management:
manages packet data communication
BSSSGSN
Network
(dynamic data traffic or static)
Management
Functions
mechanism to support O&M

functions related to GPRS
Fig. 21 Mobility management, logical link, radio resource and network management functions
34
Sidemen's
GPRS
4.2
Sidemen'
Allocation of Logical Functions
The tasks described in the logical functions can be allocated to various functional
units of the GSM-/GPRS network. The mobile station MS, the base station subsystem BSS (with the packet control unit PCU and channel codec unit CCU), the serving
GPRS support node SGSN and the gateway GPRS support node GGSN participate
in handling the following functions:
Function
MS
BSS
SGSN
GGSN
HLR
Network Access Control:

Registration
Authentication & Authorization
Admission Control
X
X
Message Screening
Packet Terminal Adaptation
X
X
Charging Data Collection
Packet Routing & Transfer:

Relay
Routing
Address Translation & Mapping
Encapsulation
Tunneling
Compression
Ciphering
Domain Name Server

Mobility Management
X
X
Logical Link Establishment
Logical Link Maintenance
Logical Link Release
Logical Link Management:
Radio Resource Management:

Um Management
Cell Selection
Um-Tranx
Path Management
35
Chapter 3
Siemens
Contents
1
The Radio Interface (Layer 1)
23
1.1
Layer 1 of the GSM-/GPRS-Radio Interface Um
34
1.2
Channel Bundling, Sharing of Channels
56
1.3
Radio Block
78
1.4
Coding Schemes:
190
1.5
Logical GPRS Radio Channels
134
1.6
Multiframes in GPRS
178
2
3
Exercises
Solutions
21
25
Siemens
The Radio Interface (Layer 1)
GPRS:
Interfaces
The Radio Interface Um

(Layer 1)
Fig. 1
1.1
Siemen
Layer 1 of the GSM-/GPRS-Radio Interface Um
By introducing GPRS services into the GSM-PLMN, worldwide modifications are

necessary also in the area of physical transmission (layer1) via the air or radio interface Um. The tasks of layer 1 radio interface relate to the transmission of user and
signaling data as well as to the measuring of receiver performance, cell selection, determination and updating of the delayed MS transmission (timing advance TA), power
control PC and channel coding.
In the GPRS, a decisive difference to the realization of the connection-oriented services (circuit-switched services) relates to the fact that a physical channel and a socalled packet data channel can be used by several mobile stations at the same time.
One packet data channel is allocated per radio block, i.e. for four consecutive TDMA
frames and not for a specific time interval. This means that signaling and the packet
data traffic of several mobile stations can be statistically multiplexed into one packet
data channel. Furthermore, the packet data channel can be seized asymmetrically.
On the other hand it is also possible for a mobile station to use more than one packet
data channel at the same time, i.e. to combine several physical channels of one radio
carrier. In principle, up to 8 packet data channels can be seized simultaneously. The
number of channels that are combined for reception (DL) and transmission (UL) can
be different to achieve asymmetric data rates for certain applications (e.g. file transfer
protocol FTP, internet surfing).
The assignment of radio resources can be done dynamically or in a fixed allocation.
In case of the fixed allocation a message with a bit pattern is sent downlink to indicate which channels can be used by this MS for UL transmission.
If dynamic allocation is applied the MS will be receive a temporary flow identifier (TFI)
and an uplink state flag (USF) for each of the time slots it is allowed to use. The TFI
is part of the control information in the DL packet and identifies the "owner" of the
packet. Each packet also includes an USF that indicates which of the MSs (that has
been assigned to use this time slot UL) is allowed to transmit the next radio block UL.
Siemens
Transmission
of user &
signaling data
Measure
signal strength
GSM RF:
GPRS Layer 1 (Um)
Cell Selection
L1tasks
Power Control
functions
determinate &
actualise
Timing Advance
Allocation of physical channel

(Packet Data Channel PDCH)
dynamically: 1 or 4 Radio Blocks

(1 Radio Block = 4 Normal Burst
in 4 consecutive TDMA-frames)
User & signaling data of several MSs
Resource optimization:
1 physical channel to be used
by many MSs simultaneously !!
asymmetrical traffic
UL / DL possible !!
High data rate traffic

up to 171.2 kbit/s:
combining 1..8 PDCH for 1 MS !!
statistically to be multiplexed into 1 PDCH

(also fixed allocation possible)
29 multislot classes
Fig. 2 Tasks of the GSM air interface, layer 1 (GSM RF)
1.2
Siemen
Sharing of Resources in a Cell: GSM circuit switched (CS) users will share the time
slots in a BTS with the GPRS packet switched (PS)users. A physical channel can either be used for GSM CS or GPRS PS traffic but not for both at the same time. Depending on the traffic load in the cell there will be more or less channels available for
GPRS, CS connections are dealt with priority.
Sharing of Physical Channels: It is a characteristic of a CS connection that the
physical resource (the time slot) is reserved for one subscriber. Therefore the
GSM CS users cannot share their channels with others. In contrast GPRS PS subscribers can share physical channels. The handling of the channels, the multiplexing
of subscribers onto the same time slots is done by software (protocol, MAC) and
hardware (PCU). Packet oriented connections are not only carried out through the
core network by usage of an appropriate hardware (ATM switches) and software
(protocols) but also on the air interface. This is an important feature of GPRS with regard to an optimized usage of resources on Um, which is the limiting bottleneck in the
PLMN.
Multislot Classes: The subscribers for GPRS will have different needs (applications,
data rates) and therefore the MS will have more or less capabilities. The network
(PCU) will have to identify these different MSs by their multislot class, which indicates
how many time slots (channels) can be bundled by the MS uplink and downlink. A
cheap GPRS mobile will be a GSM mobile that is able to handle the protocols and
coding schemes of GPRS. This will be multislot class 1: one time slot UL and one
time slot downlink can be "bundled". The other extreme is multislot class 29 which
will be able to receive and to transmit in eight time slots UL and DL simultaneously. In
consequence such a MS has to have two synthesizers, and a high battery capacity
because this is more or less continuous transmission and reception. The MS will
send its multislot class and the PCU will only assign time slot combinations which can
be handled by this equipment.
Siemens

Radio Blocks
Subsriber A
UL
Radio Blocks
Subscriber B
TS 0 TS 1 TS 2 TS 3 TS 4 TS 5 TS 6 TS 7
Radio Blocks
Subscriber C
DL
Radio Block
Subscriber D
TS 0 TS 1 TS 2 TS 3 TS 4 TS 5 TS 6 TS 7
Fig. 3 Channel bundling, sharing of channels
1.3
Siemen
Radio Block
Channel coding was modified substantially for GPRS purposes (GSM Rec. 03.64).
Channel coding starts with the division of digital information into transferable blocks.
These radio blocks, i.e. the data to be transferred (prior to encoding) comprise:
a header for the Medium Access Control MAC (MAC Header)
signaling information (RLC/MAC Signaling Block) or user information (RLC Data
Block) and
a Block Check Sequence BCS.
The functional blocks (radio blocks) are protected in the framework of convolutional
coding against loss of data. Usually, this means inserting redundancy.
Furthermore, channel coding includes a process of interleaving, i.e. different arrangement in time. The convolutional radio blocks are interleaved to a specific number of bursts/burst blocks. In the case of GPRS, interleaving is carried out across four
normal bursts NB in consecutive TDMA frames and, respectively, to 8 burst blocks
with 57 bit each.
Four new coding schemes were introduced for GPRS (Rec. 03.64): CS-1 to CS-4.
These can be used alternatively depending on the information to be transferred and
on the radio interfaces quality.
Siemens
Radio Block Strucure

Radio Block
MAC Header
collect
RLC Data Block
BCS
user data
signaling
MAC Header
RLC/MAC Control Block
BCS
One Radio Block = 4 normal bursts
BCS: Block Code Sequence

(for error recognition)
MAC: Medium Access Control
RLC: Radio Link Control
Fig. 4 Radio block
Channel Coding
4 new Coding Schemes:
CS-1, -2, -3, -4
Radio Block
Convolutional
(not CS-4)
Radio Block
Puncturing
(only CS-2, CS-3)
Interleaving
(Redundancy !)
rate 1/2 convolutional coding
coding
puncturing
Radio Block (456 Bits)
57 Bit
57 Bit
57 Bit
57 Bit
57 Bit
8 Burstblocks
Um: Allocation of PDCH for 1 / 4 Radio Blocks = 4 / 16 Normal Bursts

Fig. 5 Channel coding schemes
1.4
Siemen
Coding Schemes:
CS-1: CS-1 uses the same coding scheme as specified by Rec. 05.03 for the
SDCCH. It comprises a half rate convolutional code for FEC forward error correction.
CS-1 corresponds to a data rate of 9.05 kbit/s.
CS-2 and CS-3 are punctured version of the same half rate convolutional code as
CS-1. The coded bits are numbered starting from 0 and certain punctured bits are
removed.
CS-2: With CS-2 the punctured bits have numbers 4 i + 3 with i = 3,...,146 (exception: i = 9, 21, 33, 45, 57, 69, 81, 93, 105, 117, 129, 141). This means that none of
the first 12 bits is punctured. CS-2 corresponds to a data rate of 13.4 kbit/s. Remark:
For CS-2 the puncturing pattern must be adapted to the future new TRAU frame format in order to be used via the Abis interface (e.g. more bits must be punctured to
make space for RLC signaling).
CS-3: With CS-3 the punctured bits have numbers 6 i + 3 and 6 i + 5 with i =
2,...,111. CS-3 corresponds to a data rate of 15.6 kbit/s.
CS-4: CS-4 has no redundancy (no FEC) and corresponds to a data rate of 21.4
kbit/s.
By bundling up to 8 packet data channels of one carrier into one MS, transmission
rates up to 171.2 kbit/s are possible.
Siemens
Channel Coding: Coding Schemes

CS-1
9,05 kbit/s
CS-2
CS-3
13,4 kbit/s
15,6 kbit/s
21,4 kbit/s
Radio
Block*
Coded Punctured Data Rate

Bits
Bits
kbit/s
Coding Code
Scheme Rate
CS-4
Different
Redundancy
(FEC)
Quality Um
CS-1
1/2
181
456
CS-2
2/3
268
588
132
13,4
CS-3
3/4
312
676
220
15,6
CS-4
428
456
21,4
9,05
* Radio Block without

Uplink State Flag USF &
Block Check Sequence BCS
Fig. 6 Coding schemes of GPRS, CS1 with high redundancy, CS4 no redundancy, radio blocks
10
Siemen
GPRS Channel Coding

Existing channel coding procedures have been modified with a view to introducing
the GPRS. New coding schemes CS 1-4 were specified from ETSI 4. Basically, they
make it possible to transmit 9.05 kbit/s (CS-1), 13.4 kbit/s (CS-2), 15.6 kbit/s (CS-3)
and 21.4 kbit/s (CS-4) per timeslot, respectively.
On the Abis interface, transport capacity is restricted to 16 kbit/s owing to the fact that
existing TRAU frames are used. The transmission of data for CS-3 and CS-4 would
require larger transport capacities via Abis and would thus involve serious modifications in the existing network architecture. For this reason, only coding schemes CS-1
and CS-2 are supported in GR2.0/BR5.5. Of these two, CS-1 is particularly important.
Due to the unrestricted redundancy in data transmission, CS-1 is well suited to serve
as a safe basic coding for RLC/MAC data and control blocks. With a high-quality radio interface CS-1 data transmission rates of up to 8 kbit/s are possible. Even if the
air interface quality (the C/I ratio) decreases, the rate of transmission decreases very
slowly.
Under favorable radio transmission conditions, CS-2 achieves higher transmission
rates, with a maximum at 12 kbit/s. However, the rate of transmission depends more
strongly on the C/I ratio than with CS-1.
This is even truer of coding schemes CS-3 and CS-4, respectively, whose transmission rates are considerably higher than those of CS-1 and CS-2 under good radio
transmission conditions; but they rapidly decrease if the quality of the radio transmission interface gets worse.
11
Siemens
Introduction: CS-1 (9,05 kbit/s & CS-2 (13,4 kbit/s)

CS-1: basic coding for RLC/MAC data & control blocks
no CS-3 (15,6 kbit/s), CS-4 (21,4 kbit/s)
Abis limitation (current TRAU frames: 16 kbit/s)
Channel Coding
CS 1 - 4: Bit Rate Comparison
20
18
CS1
CS2
CS3
CS4
Net Throughput (kbit/s)
16
14
12
10
8
6
4
2
0
18
17
16
15
14
13
12
11
10
Carrier / Interference C/I (dB)
Fig. 7 Comparison of the efficiency of the four coding schemes under realistic circumstances of the air interface
12
1.5
Siemen
Logical GPRS Radio Channels
Use of "classical" logical channels for GSM-CS

A Logical channel is used for a special purpose/contents. For example the MSs have
to find out if this cell is a suitable one (operated by the "right" network operator),
which features are offered (e.g. HR/FR/EFR, GPRS, ...), what is the structure of Um
(channel combination), ... This is provided by the BCCH which is naturally only
transmitted in the downlink. Some resources have to be given for initial access for the
MS (RACH). For these reasons logical channels have been defined to fulfill all tasks,
which are necessary in a GSM network on the air interface (see figure 13).
The GPRS subscribers will share the air interface with the circuit switched users. On
the other hand the protocol structure of GPRS is different from "classical" GSM-CS.
Therefore the user traffic and (part of) the signaling will have to be separated. Before
this separation can take place the different MS (GPRS/non-GPRS) have to be handled by signaling procedures for access (channel assignment. There are two solution
of this problem. The first one is to use (some of) the logical channels for GSM-CS:
The GPRS-MS detects the BCCH of this particular cell and looks for the system information to find out if GPRS is available. If this is a cell belonging to the same routing area the MS can choose this cell and wait for paging or for the user to use the
RACH for activating a PDP. In case that the user wants to run an PS application the
GPRS MS will use an access burst (RACH) which indicates that this is a GPRS MS
and the request will be answered by the PCU assigning resources for packet
switched traffic (time slots reserved for GPRS). Signaling (e.g. for authentication) will
then take place using these resources indicated by the message in the AGCH.
So GPRS uses some of the logical channels of GSM-CS. On one hand this can be
an advantage if the resources are sufficient. On the other hand if in the future more
and more GPRS traffic has to be handled, separate logical channels reserved for
GPRS MS will have to be given. This is the second solution. In any case the GPRS
MS will have to look for the BCCH of the cell to find out if GPRS is available. If the
second solution has been chosen the GPRS MS will also read information where a
PBCCH (Packet Broadcast Control Channel) is to be found (which time slot). This
second solution will be explained in figure 14.
13
Siemens
Logical Channel
(for GSM Circuit Switched)
BCCH
BCH
Broadcast Channel
Broadcast Control Channel
DL
FCCH
Frequency Correction Channel
SCH
Synchronisation Channel
CCCH
Signaling
DL
PCH
Paging Channel
AGCH
Common Control Channel
NCH
UL
Notification Channel
RACH
CGI, FR/EFR/HR, GPRS available

frequency hopping, channel combination,...)
frequency synchronisation
Time synchronisation + BSIC, TDMA-No.
Paging / Searching (MTC)
Allocation of dedicated signalling channel
Notifying MSs
Request for access
Random Access Channel
DCCH
Dedicated Control Channel
UL
+
DL
SDCCH
Stand Alone Dedicated
Control Channel
SACCH
Slow Associated
Control Channel
FACCH
Fast Associated
Control Channel
TCH/F
Traffic
User Data
UL + DL
Traffic Channe/Fl
TCH/H
Dedicated signaling MS BTSE (Call

Setup, LUP, Security, SMS, CBCH,...)
Measurement Report,
TA, PC, cell parameters,...
Signaling instead of TCH
User traffic (Full Rate)
User traffic (Half Rate)
Traffic Channel/H
Fig. 8 "Classical" logical channels of GSM may be used by GPRS users too
14
Siemen
Use of new logical channels for GPRS

In addition to the nine existing logical radio channels used for signaling (BCCH, SCH,
FCCH, PCH, RACH, AGCH as well as SDCCH, SACCH and FACCH) and the Traffic
Channel (TCH) for circuit switched user information, a new set of logical channels
was defined for GPRS.
Packet traffic is realized by means of the Packet Traffic Channel (PTCH), which includes the following:
Packet Data Traffic Channel PDTCH.
Packet Associated Control Channel PACCH
Packet Timing advance Control Channel PTCCH
The PDTCH is temporarily assigned to the mobile stations MS. Via the PDTCH, user
data (point-to-point or point-to-multipoint) or GPRS mobility management and session
management GMM/SM information is transmitted.
The PACCH was defined for the transmission of signaling (low level signaling) to a
dedicated GPRS-MS. It carries information relating to data confirmation, resource allocation and exchange of power control information.
New GPRS signaling channels are mainly specified analogously to GSM Phase1/2.
The Packet Common Control Channel PCCCH has been newly defined. It consists
of a set of logical channels, which are used for common control signaling to start the
connection set-up:
Packet Random Access Channel PRACH
Packet Paging Channel PPCH
Packet Access Grant Channel PAGCH
Packet Notification Channel PNCH
PRACH and PAGCH fulfill GPRS-MS functions, which are analogue to the classical
logical channels RACH and AGCH for non-GPRS-users. The PNCH is used for the
initiation of point-to-multipoint multicast (PtM multicast).
For the transmission of system information to the GPRS mobile stations, the
Packet Broadcast Control Channel PBCCH
was defined analogue to the classical BCCH.
In a physical channel all different types of logical channels can be contained (no
separation into traffic and signaling channels respectively as is done in conventional
GSM). The differentiation of channel contents is carried out per radio block using the
MAC header, i.e. contents are specified for the four normal bursts of a radio block
sent in each case.
The MAC function, which distributes the physical channel to the various mobile stations and allocates radio resources to an MS can also use the conventional logical
channels in GSM.
15
Siemens
Logical channels
for GPRS
Broadcast channel DL
PBCCH
Packet Broadcast
Control Channel
PRACH
Packet
Signaling
Common
Control
channels
UL
Packet Random
Access Channel
PPCH
Packet Paging
Channel
DL
PNCH
Packet Notification
Channel
PAGCH
Packet Access
Grant Channel
PACCH
UL&DL
Packet Associated
Control Channel
Dedicated channels UL
PTCCH/U
DL
PTCCH/D
Packet
Traffic
UL&DL
Packet System
Information
Access request for

UL packet data
transmission
Paging GPRS-MS
(PtP)
Paging GPRS-MS
(PtM)
Resource allocation
Dedicated signaling
MS-network,
e.g.power control
Packet Timing Advance Control Timing advance

Determination and
Channel Uplink/Downlink
Control
PDTCH
Packet Data
Traffic Channel
Transmission of
User data
Fig. 9 New logical channels for GPRS
16
1.6
Siemen
Multiframes in GPRS
The GPRS packet data traffic is arranged in 52-type multiframes (GSM Rec. 03.64).
52 TDMA frames in each case are combined to form one GPRS traffic channel multiframe, which is subdivided into 12 blocks with 4 TDMA frames each. One block
(B0-B11) contains one radio block each (4 normal bursts, which are related to each
other by means of convolutional coding). Every thirteenth TDMA frame is idle. In the
idle frame the PTACCH is sent. The idles frames are used by the MS to be able to
determine the various base station identity codes BSIC, to carry out timing advance
updates procedures or interference measurements for the realization of power control.
For packet common control channels PCCH, conventional 51-type multiframes can
be used for signaling or 52-type multiframes. The GPRS users can use "classical"
common control channels of GSM before they will be directed onto their PTCHs. All
mobiles will read the BCCH anyway. Either in case of GSM mobiles to fulfill the same
tasks as before and for GPRS equipment this logical channel will indicate weather
GPRS service is available and if extra logical channels (PBCCH, PPCH, ...) are used.
GSM CS traffic and GPRS subscribers are clearly separated so that there is no conflict due to different signaling or multiframe structure.
It is important that there are no "visible" changes for "GSM only mobiles" due to the
introduction of GPRS. GSM CS connections will use for example the same 26 multiframe structure for TCH and the 51 multiframe structure for signaling.
17
Siemens
New multiframe
for GPRS
PDCH follows 52 multiframe structure

52 Multiframe: 12 Blocks 4 TDMA-frames
PCCCHs: classical 51er Multiframes
or 52er Multiframes
52 TDMA Frames = PDCH Multiframe

4 Frames
1 Frame
B0 B1 B2 i B3 B4 B5 i B6 B7 B8 i B9 B10 B11 i
B0 - B11 = Radio Blocks (Data / Signaling)
i = Idle frame (PTCCH)
BCCH indicates PDCH with PBCCH (in B0)
Idle frame:
Identification of BSICs
Timing Advance Update Procedure
Interference measurements
for Power Control
DL: this PDCH bears PDCCH & PBCCH

PBCCH in B0 (+ max. 3 further blocks; indicated in B0)
PBCCH indicates PCCCH blocks & further PDCHs with PCCCH
UL: PDCH with PCCCH: all blocks to be used for PRACH, PDTCH, PACCH
PDCH without PCCCH: PDTCH & PACCH only
Fig. 10 Multiframes for GPRS consist of a certain time slot in 52 consequent TDMA frames
18
Chapter 4
Procedures
Procedures
Sidemen's
Procedures
Contents
1
Activation of GPRS Services
23
1.1
GPRS Identities
34
1.2
Mobility Management States
68
1.3
Packet Data Protocol PDP States
192
1.4
GPRS Packet Data Transmission
101
1.5
1.6
1.7
2
3
Combined GPRS & IMSI Attach

PDP Context Activation Procedure
Start of Mobile Originated Packet Transfer
Exercise
Solution
16
18
20
23
27
Procedures
Sidemen's
Activation of GPRS Services
GPRS:
Procedures
Activation of
GPRS services
Fig. 1
Sidemen's
Procedures
1.1
1.1.1
Sidemen'
Procedures
GPRS Identities
Regional Organization of GPRS
A set of identities were introduced in GSM and GPRS to identify a subscriber, as well
as to keep track of him. Following identities are well known in GSM:
LAI: (Location Area Identity) covers a set of cells, where a subscriber was "seen"
last.
CGI: (Cell Global Identity) the unique number of a cell of a PLMN, composed the LAI
and the CI (cell identity).
Next to the existing GSM identities there is also a new GPRS specific identity, the
RAI (Routing Area Identity). This identity, defined by an operator, comprises one or
several cells. It is broadcasted by the (P)BCCH. If a GPRS mobile leaves a routing
area, a Routing Area Update Procedure has to be taken place. The RAI is used in the
same way as the LAI. The Routing Area is more precise than the location area. A
Routing Area is a subset of one and only one Location Area.
RAI: LAI + RAC (Routing Area Code) = MCC + MNC + LAC + RAC
Regional Organisation of GPRS

Location Area
Routing area
cell
MCC
MNC
LAC
MCC
MNC
LAC
RAC
MCC
MNC
LAC
CI
Fig. 2 Regional organization of GPRS
Procedures
Sidemen's
1.1.2
Sidemen'
Procedures
Subscriber Identities and Subscriber Services
IMSI (International Mobile Subscriber Identity):

This is an unique number allocated to each subscriber in GSM. This was adapted
also for GRPS-only mobile subscribers.
PTMSI (Packet Temporary Mobile Subscriber Identity):
This identity is allocated to each GPRS attached mobile. Its task is similar to the
TMSI. The discrimination between the TMSI and P-TMSI is realized by allocation to
the two most significant bits to 11 for GPRS and to 00, 01, 10 for GSM.
PDP Address:
On the network layer, the subscriber may identified by one or more network layer addresses, so-called PDP Addresses, which are allocated to the subscriber temporally
or permanently.
One central question in GPRS is: how can a logical link between a mobile and a
SGSN be identified uniquely? This is done with the NSAPI/TLLI pair, which are
unique within a routing area.
NSAPI (Network layer Service Access Point Identifier):
The NSAPI is used as a service access point between the higher level and the
SNDCP. The NSAPI is used to identify the corresponding PDP context, which is associated with the GPRS MS PDP address on the side of the GSN.
TLLI (Temporary Logical Link Identity):
The TTLI is used to define a one to one correspondence within a Routing Area between the MS and the SGSN. This is only known by the MS and the SGSN.
TID (Tunnel Identifier):
This identity is used by the GTP to identify a PDP context. The TID is a combination
of the IMSI and the NSAPI. The IMSI/NSAPI pair uniquely identifies a PDP context.
GSN-Address:
The GSN Address is the IP-no. of GSN for the GPRS IP backbone.
The GSN-number is the ISDN-no. for a GSN
Access Point Name:
This name indicates in the NSS backbone, which GGSN shall be used. Furthermore
it can indicate the external network, the subscriber wants to be attached to, for instance the "Internet Service Provider" Name.
Procedures
Sidemen's
Subscribers Identities
Who is the owner of one packet
G
G
S
N
S
G
S
N
TLLI
IMSI
G
G
S
N
Which application does the packet belong to
1
3
2
4
S
G
S
N
G
G
S
N
NSAPI
Fig. 3 Subscribers identities in the network
Procedures
Sidemen's
Procedures
1.2
Sidemen'
Mobility Management States
States of the GPRS services

With regard to point-to-point PtP packet data transmission the GPRS service operates in two independent state models/circles. One circle describes the mobility management behavior whereas the other is assigned to the activation of a packet data
protocol PDP.
The circle related to mobility management states in the MS and the associated SGSN
consist of the:
"Idle" state
"Standby" state
"Ready" state
The circle related to a specific packet data protocol has the:
"Inactive" state
"Active" state
States of
GPRS services
2 circles
regarding:
Idle
State
Inactive
State
Mobility
Management
Standby
State
Ready
State
Packet Data
Protocol
PDP
Active
State
Fig. 4 States of GPRS services with regard to mobility management and packet data protocols
Sidemen's
Procedures
Sidemen'
Procedures
"Idle" state
A mobile station MS in the idle state is detached from the GPRS. Only GPRS subscription data is available in the HLR. No further information exists in other network
units such as SGSN and GGSN. It is not possible to activate a packet data protocol
PDP or to maintain a PDP in its active state. The GPRS MS must monitor the BCCH
to determine the availability of cells, which support GPRS services. Accordingly, the
GPRS MS can carry out PLMN and cell selection procedures. To exit idle state, the
MS must execute the attach procedure. Upon successful completion of this procedure, the MS changes to ready state.
"Standby" state
In the standby state the GPRS MS is attached to the GPRS network. The GPRS and
the SGSN have a mobility management context comparable to the circuit switched
connections. The MS monitors the broadcast channel to determine the availability of
cells offering GPRS services and also the paging channel PCH, to be informed about
paging requests. The SGSN recognizes/stores the routing area RA of the GPRS-MS.
The routing area is a sub-unit of the location area LA, in other words a more detailed
determination of the GPRS-MS location. The GPRS-MS informs the SGSN about
changes of the routing area and answers paging requests.
"Ready" state
In the ready state, the SGSN detects the current cell of the GPRS-MS beyond the
routing area RA of the GPRS-MS. If the GPRS-MS changes cells, it informs the
SGSN. Paging is thus superfluous in the ready state. The DL packet data transfer
can be performed any time. Ready state does not mean that a physical connection is
established between SGSN and MS. Only in the ready state, SGSN and MS can
transfer data packets. MS and SGSN exit ready state upon expiry of a ready timer or
in case of a faulty packet data transmission and change to standby state. Upon logoff, i.e. execution of a detach procedure; MS and SGSN exit ready state and change
to idle state.
Procedures
Sidemen's
Mobility Management
States
SGSN & GGSN without

MS information
only HLR contains subscription data
no PDP context can be activated
IDLE
state
MS observes BCCH
PLMN- & Cell Selection
GPRS
detach
GPRS
attach
SGSN knows Routing Area & cell!!

UL & DL packet transmission possible
expiry of mobile
reachable timer
READY
state
SGSN: Paging /
MS: initiates Transfer
SGSN MS: MM-Context

SGSN knows Routing Area
STANDBY
state
MS initiates Cell Update
expire READY Timer /

Transmission errors
MS observes BCCH, PCH
initiates RA-Update
reacts to Paging Request
Fig. 5 Mobility management states
Procedures
Sidemen's
1.3
Sidemen'
Procedures
Packet Data Protocol PDP States
There are separate state circles for every authorized PDP of a GPRS-MS
"Inactive" State
The inactive state of a PDP means that this PDP is not operating at that moment.
There is no routing context in the MS, SGSN and GGSN. A transition in the active
state is only possible if there is a mobility management connection and if MS and
SGSN are in the standby or ready state.
No data transfer is possible in the inactive state. Data packets, which reach the
GPRS network are either rejected or ignored.
"Active" State
In the active state the MS, GGSN and SGSN are in a routing context. Data can be
transmitted or received by the MS. The active state is ended explicitly if the MS deactivates a certain PDP. With GPRS detach and expiry of the standby timer, all the activated PDP are deactivated, too.
PDP States
PDP not activated

no Routing-context
for MS, SGSN & GGSN
INACTIVE
state
no data transmission possible !

De-activation PDP context /
GPRS detach
expiry STANDBY timer
Routing context
for MS, SGSN & GGSN
Transition to Active State

only if MM-context exists
( MS & SGSN: STANDBY / READY)
Activation
PDP context
ACTIVE
state
Data transmission possible !
Fig. 6 States of a packet data protocol
Procedures
Sidemen's
1.4
Sidemen'
Procedures
GPRS Packet Data Transmission
The transmission of GPRS packet data presupposes the execution of

GPRS Attach Procedure as well as of the
PDP Context Activation Procedure.
In the case of a mobile packet data transfer, a one or two-phase packet access is
added. This access procedure is necessary for packet data transfer.
Common Mobility Management / MS-Location

To reduce the signaling load via the radio interface during GPRS and non-GPRS operation, important mobility management MM procedures are carried out jointly (common MM). This regards the procedures for: attachment / detachment, location & routing area update and paging.
The result of a GPRS routing area update procedure is stored in the SGSN. The routing area represents a more exact indication of the MS location, than is actually
needed for non-GPRS services. Triggered by the MS (in the framework of a RA update) the SGSN informs the MSC/VLR via the Gs interface of a change in the location areas, which has taken place simultaneously.
Further mobility management procedures are also executed via GPRS procedures. If
possible, all messages containing mobility management information are transferred
through signaling data packets. The MM procedures are defined in the GGM/SM
(GPRS Mobility Management & Session Management).
10
Abbreviations
Abbreviations
Siemen
Abbreviations
Contents
1
Abbreviations
23
Siemen
Abbreviations
Abbreviations
AAL
ATM Adaptation Layer
AAL5
AAL Type 5
ABC
Administration and Billing Center
ACCG
ASN Controller and Clock Generator
ACIS
ATM Communication Interface Simulator
ACT
Active
ADET
Application Database Engineering Team
AGCH
ALI
Alarm and Interface Module
ALIB
Alarm and Interface Module Type B
ALM
ATM Layer Module
AMP
ATM Bridge Processor
AMX
ATM Multiplexer
AMXE
AMX Module type E
AP
Accounting Probe
APE
Abgesetzte Peripherie Einheit (Remote Peripheral Unit)
API
Application Programming Interface
APS
Application Program System
ASIC
Application Specification Integrated Circuit
ASN
ASN.1
Abstract Syntax Notation 1
ASNF
ASN Module Type F
ASNG
ASN Module Type G
ASNH
ASN Module Type H
ATM
ATM230
ATM Interface Asic with 200- and 30-Mbit Interfaces
AUB
Access Unit Broadband
BAP
Base Processor
BCH
Broadcast Channel
BCCH
Broadcast Control Channel
Siemens
Abbreviations
Abbreviations
Siemen
BCT
Basic Craft Terminal
BG
Border Gateway
BigFUT
a FUT (functional unit test) including all functional units
BIST
Built In Self Test
BOP
Basic Operation
BOST
Board Self Test
BSC
BSS
Base Station System
BSSGP
Base Station System GPRS Protocol
BVC
Base Station Virtual Connection
C-ID
Charging Identifier
CAP
Coordination Processor
CBR
Constant Bitrate
CCCH
CCS7
Common Channel Signaling System No. 7
CCS7E
Common Channel Signaling System No. 7 Enhanced
CDB
Database for C-based Peripherals
CDC
Central Data Collector
CGI
CGU
Clock Generator Unit
CHILL
CCITT High Level Language
CI
Cell Identifier
CMISE
Common Management Information Service Element
CP113
Co-ordination Processor 113
CT
Context Table
CTI
Context Table Index
CU(-C)
Control Unit (shelf type C)
DBLU
DBMS less Unit
DBMS
Database Management System
DCCH
DLCI
Data Link Connection Identifier
DNS
Domain Name Server
DRAM
Dynamic RAM
Siemen
Abbreviations
DS1
Digital Signal, level 1
DSDL
DBMS Specific Definition Language
E1
European PDH Signal, Level 1
ECC
Echo Cancellation Circuit
EFD
Event Forwarding Discriminator
EIR
EPC
External Processor Communication
EPROM
Erasable Programmable Read Only Memory
ESGEN
Extended MML Syntax Generator
ETSI
EWSD
Siemens Digital Electronic Switching System
EWSD V13
Elektronisches Whlsystem Digital Version 13
EWSX
EWSXpress
FACCH
Fast Associated Control Channel
FAT
Functional Area Test
FCCH
Frequency Correction Channel
FEPROM
Flash EPROM
FFS
For Further Study
FP
Frame Relay Processor
FPSM
Frame Relay Processor Shared Memory
FR
Frame Relay
FR-LIC
Frame Relay Line Interface Card
FT1
Functional Test 1 (offline-test)
FT2
Functional Test 2 (online-test)
FT3
FT2 including the HLR
FTP
File Transfer Protocol
FUT
Functional Unit Test
FW
Firmware
GDB
GPRS Database
GDMO
Guidelines for definition of Managed Objects
GGSN
GMM
GPRS Mobility Management
GMM_AF
GMM Application Function
Siemens
Abbreviations
Abbreviations
Siemen
GMM_TF
GMM Transport Function
GOAM
GPRS Operation and Maintenance Applications
GPRS
General Packet Radio System
GR
GPRS Release
GR1.0
GPRS Release 1.0
GSN
GPRS Support Node
GTP
GPRS Tunnel Protocol
GUI
Graphical User Interface
HLR
HPDB
High Performance Database
HW
Hardware
HWT
Hardware Tracer
I/O
Input / Output
ICA
IDS Communication via ATM
ICMP
Internet Control Message Protocol
IDS
Interactive Debugging System
IMEI
IMSI
INT_CID
Internal Change ID
INT_CID
Internal Charging Identifier
IOC
Input Output Controller
IOT
Interoperability-Test
IOT
Interoperability-Test
IP
Internet Protocol
IPC
Internal Processor Communication
IPv4
IP version 4
ISP
ITP
Internal Transfer Protocol
ITU
IWE
Interworking Entity
L&S
Load and Stress Test
L&S
Load and Stress Test
LA
Location Area
Siemen
Abbreviations
LAN
Local Area Network
LCF
Log Control Function
LCT
Local Craft Terminal
LDC
Local Data Collector
LED
Light Emitting Diode
LIC
Line Interface Card
LLC
Logical Link Control
LLE
Logical Link Entity
LM
Layer Management
LPS
LIC Protection Switch
MAP
MBC
Message Based Communication
MBS
Maximum Burst Size
MCI
Maintenance Craft Interface
MDB
Maintenance Database
MDD
Magnetic Disk Device
MIPS
Million Instructions Per Second
MM
Mobility Management
MMU
Memory Management Unit
MOD
Magneto Optical Disk
MP
Main Processor
MP-AP
Main Processor used for application SW processing
MP-SA
Main Processor with Standalone Capabilities
MP:ACC
Main Processor for Accounting Management
MP:LM
Main Processor for Layer Management
MP:OAM
Main Processor for Operation and Maintenance
MP:PD
Main Processor for Packet Dispatching
MPC
Main Processor (Version C)
MPU
Main Processor Unit
MPUB
Main Processor Unit B
MPUC
Main Processor Unit C
MS
Mobile Subscriber
MSC
Mobile Services Switching Center
Siemens
Abbreviations
Abbreviations
Siemen
MSU
Message Signaling Unit
MTP
N-PDU
Network PDU
NC
Node Commander
NNI
Node Network Interface
NS
Network Service
NS-VC
Network Service Virtual Connection
NS-VL
Network Service Virtual Link
NSAPI
Network SAPI
NSS
Network Subsystem
O&M
OA&M
Operation, Administration and Maintenance
OMC
Operation and Maintenance Center
OMC-B
OMC for the BSS
OMC-S
OMC for the SSS
OS
Operations System
P-TMSI
Packet Temporary Mobile Subscriber Identity
PCB
Printed Circuit Board
PCH
Paging Channel
PCM
PCP
Peripheral Control Platform
PCR
Peak Cell Rate
PCU
Packet Control Unit
PD
Packet Dispatcher
PDET
Project Database Engineering Team
PDN
Packet Data Network
PDP
Packet Data Protocol
PDU
Packet Data Unit
PLL
Phase Locked Loop
PLMN
Public Lands Mobile Network
PM
Performance management
PRH
Protocol Handler
PRH:MGR
Protocol Handler Manager
Siemen
Abbreviations
PRM
Packet Routing Management
PRM-S
Packet Routing Manager SGSN
PRT
Packet Routing and Transfer Function
PSAX
Power Supply 5V for Fibre Optic Transceiver type X
PSU
Power Supply Unit
PVC
Permanent Virtual Connection
Q3
Q interface at the GSN nodes
QoS
Quality of Service
RA
Routing Area
RAC
Routing Area Code
RACH
Random Access Channel
RAI
Routing Area Identity
RAM
Random Access Memory
RB
Record Builder
RF
Record Formatter
RPC
Remote Procedure Call
RSS
Radio Subsystem
SA
Stand Alone
SAAL
Signaling AAL
SACCH
Slow Associated Control Channel
SAPI
Service Access Point Identifier
SAR
Service Access Routines
SCB
Sequencer Control Block
SCB
SSNC Control Shelf Basic
SCCP
SCE
SCB-extended
SCE
SSNC Control Shelf Extended
SCH
Synchronization Channel
SCR
Sustainable Cell Bitrate
SDL
System Description Language
SDR
Symptom Data Recording
SDRAM
Synchronous DRAM
SDRT
Symptom Data Transport
Siemens
Abbreviations
Abbreviations
Siemen
SGSN
Serving GPRS Support Node
SICAT
SDL Integrated Computer Aided Tool set
SLR
SGSN Location Register
SM
Session Management (GPRS)
SM
Signaling Manager (part of #7 application)
SMP
Standard Maintenance Protocol
SMU
Statistical Multiplexing Unit
SNDCP
Subnetwork Dependent Convergence Protocol
SP
Synchronization Point
SPOTS
Support for Planning, Operation & Maintenance and Traffic analysis
SPU
Service Provision Unit
SQS
Siemens Q3 Specification
SS7
Signaling System #7
SSNC
Signaling System Network Control
SST
Sub System Test
STATS
Statistics Support
STB
Standby
STM-1
Synchronous Transport Module Level 1
SVE
System Verification Environment (a tool for proving the formal

correctness of a design)
SW
Software
SWERR
Software Error Report
TCH
Traffic Channel
TCP
Transmission Control Protocol
TID
Tunnel Identifier
TLLI
Temporary Logical Link Identifier
TLM
Trunk Line Management
TM
Traffic Measurements
TMN
Telecommunications Management Network
TODE
Total Outage Detection
TPL
Throughput Limiter
TSC
Through Switched Connection
TTY
Teletype
Siemen
Abbreviations
UDP
User Datagram Protocol
UNI
User Network Interface
VBR
Variable Bitrate
VC
Virtual Connection
VCPU
Virtual Central Processing Unit
VGA
Video Graphics Adapter
vGGSN
virtual GGSN
VLR
Visited Location Register
VOCOC
Vision O.N.E. Chill Operating System
VP
Virtual Path
WAN
Wide Area Network
WWW
World Wide Web
xGSN
SGSN or GGSN
10
TRAINING SECTOR
Sub-sections
UMTS Evolution
The UMTS Network
Security Features
UTRA Aspects
UMTS Radio Access: Basic Principles
Appindex
UMTS Introduction
UMTS Introduction
1
2
3
4
5
6
7

UMTS Evolution
The UMTS Network
Security Features
UTRA Aspects
Appendix
Pages
1
1
1
1
1
1
1
32
10
39
36
19
41
17
Chapter 1
Siemens
Contents
1
1.1
1.2
2
2.1
2.2
2.3
3
4
IMT-2000
3G / IMT-2000 Standardization
3G Frequency Ranges
UMTS
The UMTS Standard
3G / UMTS: 4 Zone Concept / Data Rates
UMTS Licenses
Exercise
Solution
23
34
1214
1721
1822
2732
3136
3339
3847
Siemens
IMT-2000
The 3rd Generation (3G)
Standardization:
International
Telecommunication
Union
Global Mobile
Personal
Communication
by Satellite
Time & Frequency

Future Public Land Mobile
Telecommunication Systems
International Mobile
Telecommunications
IMT-2000
International Mobile Telecommunications
Fig. 1
The Third
Siemens
1.1
Generation (3G)
Siemen
The Third Generation
(3G)
3G / IMT-2000 Standardization
The third generation of mobile communication systems (3G) has been in discussion
since the beginning of the 1990's under the term FPLMTS (Future Public Land Mobile
Telecommunication Systems). This was taken to refer to the terrestrial branch of
mobile communications. In the mid-1990's, the term was changed to IMT-2000. IMT2000 stands for International Mobile Telecommunications. 2000 indicates not only the
time frame for introduction of the systems, but also the frequency band used (in
MHz). In addition to terrestrial systems, IMT-2000 also includes mobile satellite
systems. These were discussed under the term GMPCS for Global Mobile Personal
Communication by Satellite.
The International Telecommunication Union (ITU) is responsible for the IMT-2000
specification. The ITU derives from the International Telegraph Union founded in
Paris in 1865. In 1848 the ITU was included as a special organization in the United
Nations UN. The ITU is responsible for international coordination in the area of
telecommunications. E.g. for the allocation of frequency spectrum, coordination of the
development of telecommunication systems, promotion of bilateral agreement on low
charges, implementation of studies, issue of regulations and recommendations and
much more. The ITU is also in charge of the global 3G coordination, i.e. for IMT-2000
guidelines and frequency recommendations.
1G and 2G systems are characterized by a variety of different standards for various
applications. Each of the standards has specific technical attributes, advantages and
disadvantages, applications, ranges and costs, and has been optimized for different
subscriber groups. Many of these systems exist(ed) solely at regional or national
level and are incompatible with each other.
Different to 1G and 2G, 3G has been planed as a family of compatible standards,
allowing world-wide access, being used for diverse applications.
The IMT-2000 concept devised by the ITU includes the following major aspects:
l
Global, seamless access to mobile communications systems
Compatibility between all members of the IMT-2000 family
Downward-compatibility with the major 2G systems (e.g., GSM, IS-95)
Convergence between mobile and fixed networks
High data rates for mobile communications
Circuit- and packet-switched (CS & PS) transfer of data
Facilitation of multimedia applications
Inexpensive, flexible telecommunications access also for developing countries
Siemens
1G
2G
(analog)
(digital)
Paging Systems,
e.g. City Call
Paging Systems
e.g. ERMES
Cordless Telephone
e.g. CT1, 1+
Cordless Telephone
wireless
Telephone cell
Wireless
Local Loops
WLL

PMR
PMR
e.g. TETRA
Cellular systems
Cellular systems
e.g. GSM, D-AMPS,
IS-95, PDC
MSS
e.g. INMARSAT
MSS
e.g. IRIDIUM, ICO,
Globalstar
different, incompatible standards for

different applications, countries & regions
IMT-2000
3G
1 family of standards
for all
applications
countries
e.g. UMTS, cdma2000, UWC-136

worldwide, seamless access
terrestrial & MSS component
Compatibility: IMT-2000 family
downwards-compatible with 2G
Fixed Mobile Convergence FMC
high data rates
Multi Media applications
CS & PS
low price & flexible access for
developing countries!
Fig. 2
Siemen
IMT-2000 RTT Standardization

IMT-2000 is pledged to enabling global mobile communications. In this respect, the
ITU drew up guidelines for IMT-2000 systems and requested the regional
standardization organizations (Standards Development Organizations SDO's) to
submit proposals based on the guidelines. These are to be examined in conjunction
with the ITU and adapted correspondingly in order to assure compatibility between
the individual members of the IMT-2000 family.
Many regional and national SDO's throughout the world participated in the drafting of
proposals. They include the following:
l
for Europe, the ETSI (European Telecommunication Standardization Institute)
for Japan, the TTC (Telecommunication Technology Committee) and the ARIB
(Association of Radio Industries and Business), an organization for proposing and
promoting radio-based development
for South Korea, the TTA (Telecommunication Technology Association)
for the USA, the T1 (Standards Committee T1 Telecommunications) and TIA

(Telecommunication Industry Association) which represent the interests of many
American companies in the information and telecommunications sector and
develop standards for the ANSI (American National Standards Institute)
for China, the CATT (China Academy of Telecommunication Technology)
and a number of international companies that develop mobile satellites (Inmarsat,

ICO, ESA, Iridium,..)
Siemens
IMT-2000 Development:
regional Standards Development Organisations
ETSI
TIA, T1
(Europe)
ARIB, TTC
(Japan)
(USA)
I
ITU:
0
0
0
2
MT-
CATT
(China)
TTA
(South Korea)
ESA, Iridium
(MSS)
ICO, Inmarsat
(MSS)
TIA: Telecommunication Industry Association
T1: Standards Committe T1 Telecommunications
ETSI: European Telecommunications Standardization Institute
ICO: Intermediate Circular Orbits
Inmarsat: International Maritime Satellite Organisation
1985: Start ITU studies on FPLMTS (IWP8/13)

1992: Frequency reservation in WARC`92
1990 - 95: TG 8/1 defines FPLMTS requirements
ESA: European Space Agency
TTA: Telecommunications Technology Association
CATT: China Academy of Telecommunication Technology
ARIB: Association of Radio Industries and Business
Fig. 3
The
Siemens
Siemen
(3G)
RTT proposals for IMT-2000

Studies on FPLMTS commenced in 1985 with the founding of a work group in the
ITU designated as the Interim Working Party IWP8/13. Questions regarding the
necessary bandwidths and frequency bands as well as the level of similarities
required to ensure compatibility were discussed here. Guidelines for FPLMTS / IMT2000 were defined in the 1990's by the ITU task group TG8/1.
Further development stages were as follows:
l
Drafting of proposals for IMT-2000 systems (3Q1996 end of 1997)
Evaluation of the proposals (2Q1997 3Q1998)
Consensus on Intellectual Property Rights IPR and compatibility (2Q1997

1Q1999)
Finalized specification of the individual standards for the IMT-2000 family (1999)
Another significant date was June 30, 1998 the deadline for submission of Radio
Transmission Technology (RTT) proposals to the ITU. Different regional standards
development organizations SDOs were involved in the development of IMT-2000
systems. 15 proposals for implementing IMT-2000 radio transmission technologies
(RTT) were submitted to the ITU by the end of June `98 (deadline). Two further
proposals followed a few months later, but were still accepted.
The total of 17 proposals were devised and submitted by the worlds most important
SDOs i.e., from ETSI (Europe), ARIB (Japan), TIA (USA), T1 (USA), TTA (South
Korea) and CATT (China), as well as by the MSS operators ICO, Inmarsat, ESA and
Iridium. 11 proposals submitted by the various SDOs refer to terrestrial, cellular
systems. The other 6 proposals from the MSS operators concern satellite systems
that are intended to provide genuine global coverage for the 3G systems.
Siemens
ITU-Deadline
fr RTT Proposals:
30.06.98
RTT proposals
for IMT 2000
South Korea
Europe
ETSI:
TTA: CDMA II
CDMA I
SAT-CDMA
UTRA
DECT
China
CATT: TD-SCDMA
Japan
USA
TIA: UWC-136
WIMS W-CDMA
cdma2000
T1: NA: W-CDMA
T1, TIA: WP-CDMA
ARIB: W-CDMA
MSS
ICO:
ICO RTT
Inmarsat: Horizons
ESA:
SW-CDMA
SW-CTDMA
Iridium: INX
RTT: Radio Transmission Technology
Source: ITU
Fig. 4
The Third
Siemens
Siemen
(3G)
Generation (3G)
RTT Proposals
11 of the total number of 17 RTT proposals referred to terrestrial, cellular systems.
They cover all commercially viable areas of the mainland including coastal areas in
other words, from indoor areas (i.e., quasi stationary or lowest speed, smallest range)
to pedestrian (i.e., low speed, small and medium ranges) to vehicular (i.e., wide
ranging at medium and high speeds).
Another 6 proposals from the area of mobile satellite systems (MSS) for covering the
remaining surface of the globe (sea, deserts, mountains, and sparsely populated,
inaccessible regions) were also submitted.
The greatest share of the RTT proposals, particularly for the terrestrial solutions,
have so-called CDMA (Code Division Multiple Access) solutions. Different variations
of this special multiple access method provide very efficient use of resources via the
radio interface and allow flexible, high data rates.
Other methods use conventional TDMA (Time Division Multiple Access) methods
with different optimization solutions to provide access to 3G systems at the high data
rates demanded by the ITU.
Proposal
Description
Indoor
Pedestrian
DECT
Digital Enhanced Cordless

Telecommunications
ETSI
UWC-136
Universal Wireless Communications
USA TIA
WIMS
W-CDMA
Wireless Multimedia and Messaging

Services Wideband CDMA
USA TIA
TD-SCDMA
Time-Division Synchronous CDMA
China CATT
W-CDMA
Wideband CDMA
Japan ARIB
CDMA II
Asynchronous DS-CDMA
South Korea TTA
UTRA
UMTS Terrestrial Radio Access:

W-CDMA
ETSI
NA: W-CDMA
North American: W-CDMA
USA T1P1
cdma2000
W-CDMA (IS-95+)
USA TIA
CDMA I
Multiband synchronous DS-CDMA
South Korea TTA
SAT-CDMA
49 LEO sats in 7 planes at 2000 km
South Korea TTA
SW-CDMA
Satellite wideband CDMA
ESA
ESA
SW-CTDMA Satellite wideband hybrid CDMA/TDMA
VehiSatellite
cular
Source
ICO RTT
10 MEO sats in 2 planes at 10390 km
ICO
Horizons
Horizons satellite system
Inmarsat
WP-CDMA
Wideband Packet-CDMA
T1 & TIA
INX
Iridium Next Generation
Iridium
R
T
T
P
r
o
p
o
s
a
l
s
Source: ITU
Fig. 5
The Third
Siemens
Generation (3G)
Siemen
(3G)
Harmonization of the RTTs

Due to the demand for global compatibility of the IMT-2000 systems and as a result
of the improved chances of the individual proposals, many of the RTT solutions
proposed were harmonized. The harmonization reduced in particular for the
terrestrial, cellular systems the number of RTTs during the period from the middle
of 1998 until the end of 1999. The ARIB (W-CDMA) and ETSI (UTRA) proposals
were harmonized and further jointly developed as UTRA FDD and TDD components
(as a GSM successor system). The IS-95 successor system, CDMA2000, and the
UTRA FDD/TDD components were also harmonized. This new IMT-2000 RTT
component referred to now as MC-CDMA (instead of CDMA2000) is for the most part
harmonized with the UTRA TDD and FDD (now also known as DS-CDMA)
components with the result that roaming is possible in theory between the system
components. The Chinese TD-SCDMA proposal has also been retained as an IMT2000 component.
At the same time, UWC-136 remains as a step toward optimization of D-AMPS in the
direction of high data rates. UWC-136 is equivalent to EDGE for GSM). Therefore,
EDGE has been renamed to Enhanced Data Rates for the Global Evolution,
consisting of an "EDGE Classic" component (for GSM enhancement) and an "EDGE
Compact" component (for D-AMPS enhancement).
So in general four 3G standards are expected to be more or less important on 3G
market: UMTS (FDD mode and TDD mode), MC-CDMA, EDGE and TD-SCDMA.
Now, having finished 3G standardization (ITU TG8/1 closed in 12/99), further plans
are made to enhance 3G (denominated as 3.5G) and first studies are planed for 4G
development (e.g. in the ITU Working Party WP8F).
10
Siemens
IMT-2000
RTT Harmonization
CDMA II, W-CDMA
NA: W-CDMA
UTRA, WIMS
Source: ITU
CDMA2000
CDMA I
UWC-136
DECT
TD-SCDMA
CDMA FDD
TDMA/CDMA
UTRA (FDD)
WP-CDMA
CDMA2000
(Hybrid TDD)
TD-CDMA
June `98
TDMA
UWC-136
DECT
March `99
(UTRA TDD)
TD-SCDMA
Paired:
Unpaired:
EDGE
UTRA TDD
UTRA FDD TD-SCDMA
MC-CDMA
FDD: Frequency Division Duplex

TDD: Time Division Duplex
DS-CDMA: Direct Sequence CDMA
MC-CDMA: Multicarrier CDMA
TD-SCDMA: Time-Division Synchronous CDMA
(former
CDMA2000)
December `99
12/99 ITU:
TG 8/1 closed &
WP 8F founded: 3.5G / 4G studies
Fig. 6
11
The
Siemens
1.2
Siemen
(3G)
3G Frequency Ranges
A significant disadvantage of mobile communications is the limited availability of

frequency resources. The radio interface can be likened to the eye of a needle for
information transfers. The radio interface in most industrial nations has hardly any
unused gaps in the range from KHz to GHz. A variety of diverse applications (e.g.,
radio, TV, radar, mobile communications, radio relay systems, microwave
applications, etc.) for industrial, military and private use are competing for the
available frequency bands. Licenses are granted at national level.
1G mobile communications systems in Europe were mostly positioned in the 450
MHz and 900 MHz frequency bands. 1G and 2G successor systems in America and
Japan occupy the 800 MHz range. Expansions in Japan were implemented for the
1500 MHz range and in America for the 1900 MHz range. For GSM, frequency bands
around 900 MHz were reserved for GSM900 and GSM-R, and frequencies around
1800 MHz for GSM1800 in most European countries and in many non-European
countries (outside America). The 1800 MHz band is available for different 2G
systems (including GSM1900) in different American states.
The European 2G cordless standard DECT is used globally in many countries in the
range 1880 1900 MHz. The Japanese PHS equivalent used in the South Asian
area uses the range 1895 1918 MHz.
Frequencies in the range of 1600 MHz are also available to 2G MSS's. Other MSS
bands are located between 2.5 and 30 GHz.
A recommendation for the national authorities for reserving frequencies for 3G
applications was passed on the initiation of the ITU-R at the World Administrative
Radio Conference in February 1992 (WARC-92). The frequency ranges from 1885
2025 MHz and from 2110 2200 MHz are to be reserved globally for 3G systems.
They include frequency ranges for MSS's: 1980 - 2010 MHz and 2170 - 2200 MHz.
12
Siemens
Frequency reservation
0
Europe,
Africa,
Australia
250
500
1G & 2G systems
750
1G (NMT, C450,..)
possibly 2G: GSM450
1000
1250
1500
GSM900
+ GSM-R
1750
2000 frequency [MHz]
DECT
MSS
GSM1800
America
1G: AMPS,
2G: D-AMPS, IS-95
MSS
2G: GSM1900,
IS-95, D-AMPS
Japan
2G:
PDC
1G + 2G: PDC
Remaining frequencies < 2 GHz:
Military, Industry, Broadcast, TV, Research,
private (households, amateurs),...
PHS
MSS
WARC-92: 3G Plans
1980 2010
cellular
MSS
1885
1 8 5 0
1 9 00
2170
cellular MSS
2 0 0 0
2 0 5 0
2200
2110
2025
1 9 5 0
2 1 0 0
2 1 5 0
2 2 0 0
2 2 5 0
WARC: World Administrative Radio Conference
Fig. 7
13
The Third
Siemens
Siemen
(3G)
Generation (3G)
Regional 3G reservation
Europe, Japan and South Korea complied for the most part with the
recommendations of the WARC-92 regarding reservation of frequency ranges for 3G
systems.
Europe: It was defined at European level after a decision taken by the ERC
(European Radiocommunications Committee) at the end of 1997 that the
corresponding (WARC-92) frequency range, with the exception of the frequency
range from 1880 1900 MHz (DECT range), is to be made available to 3G systems.
Many non-European countries also adopted this frequency reservation.
Japan: With the exception of the frequency range below 1918.1 MHz, which will
continue to be used for PHS systems, the entire WARC-92 frequency band was
reserved for 3G systems.
South Korea: The full WARC-92 frequency band was reserved for 3G systems.
North America: In 1995 the frequency range between 1850 MHz and 1990 MHz was
auctioned in the USA for use by 2G systems (e.g., IS-95, D-AMPS, GSM1900). As a
result, the introduction of 3G systems in the USA is experiencing great difficulty. The
same applies to Canada. However, smaller ranges (C, E blocks) were reserved here
for future applications.
Regional 3G Reservation
1850
1900
1950
2000
2050
2100
2150
2200
2250
2010 MHz
IMT 2000
WARC-92
2025 MHz
1885 MHz
Europe
GSM 1800 DECT
PHS
2110 MHz
MSS
UMTS
1880 MHz
1918 MHz
Japan;
S. Korea
IMT 2000
MSS
2170 MHz
MSS
UMTS
1980 MHz
IMT 2000
MSS
2170 MHz
MSS
IMT 2000
like WARC-92
MSS
1895 MHz
USA,
Canada
PCS1900
MSS
A C B EF C
A CB E F C
(C,E reserved)
1910
1850
1900
1930
1950
reserved
1990 MHz
2000
MSS
2160 MHz
2050
2100
2150
2200
2250
Source: UMTS Forum Report #5
Fig. 8
14
The
Siemens
Siemen
(3G)
World Radiocommunication Conference WRC 2000

The WRC 2000 in Istanbul, Turkey, was looking for additional 160 MHz spectrum on
top of the today available 2G and 3G frequency ranges. Furthermore, a central
aspect of the WRC2000 has been to provide a global harmonization of frequency
ranges for 3G. The ability to roam world-wide on 3G frequency ranges is very
beneficial for a real 3G mass market. A third aspect has been the extension of 3G
frequency ranges to lower frequencies for the deployment of 3G services in rural
areas, i.e. in larger cells.
One key principle, which helped in the process of identification of 3G spectrum in
WRC2000 was that the identified 3G spectrum would not preclude the use of these
bands by any other services to which they are allocated. Regulators will be reminded
at regular intervals that when licensing services in those bands sufficient resources
must be provided for 3G services.
The additional bands identified for 3G terrestrial components are:
l
806 960 MHz
1710 1885 MHz
2500 2690 MHz
The bands, which had been identified for 3G in WARC92 remain unchanged:
l
1885 2025 MHz
2110 2200 MHz
The frequency ranges below 1GHz are especially useful for rural services and
developing countries. Some countries are planning to use the following frequency
range additionally for 3G implementation: 698 806 MHz.
The focus of the 3G extension is the frequency range between 2500 2690 MHz.
Reference is also made to the 2300 2400 MHz frequency range, which is the
preferred choice of China.
15
Siemens
WRC-2000
additional 3G frequency ranges

to be used from 2005
05/2000 in Istambul
world-wide Harmonisation
of 3G frequency ranges
only some
countries
Harmonisation / Extension:
Refarming 2G frequencies
cellular
698
806
(important for rural service areas)
960
Harmonisation / Extension:
Refarming 2G frequencies
cellular
1710
1885
1980 2010
cellular
1885
2170
WARC92
MSS
2025
cellular MSS
2110
cellular
2500
China only:
2300 - 2400 MHz
2200
Extension band
2690
Fig. 9
16
Siemens
UMTS
The 3rd Generation (3G)
Universal Mobile
World-wide,
seamless
Multimedia access
Telecommunication System
UMTS
Standardisation & Concept
Fig. 10
17
The Third
Siemens
2.1
Generation (3G)
Siemen
(3G)
The UMTS Standard
The European telecommunications standards institute ETSI began with the

development of a successor standard to GSM in the mid-1990's. This standard,
referred to as UMTS (Universal Mobile Telecommunication System), is intended to
be a European 3G system that meets all IMT-2000 requirements stipulated by the
ITU.
ETSI SMG's (Special Mobile Groups) were charged with drafting the UMTS standard.
The SMG's also devised GSM and are responsible for its updating.
Different studies on the implementation of the UMTS radio interface, UTRA (UMTS
Terrestrial Radio Access), were completed in 1996 and 1997. These studies are
regarded as the 1st phase of the UTRA conception.
A total of five concepts were selected in mid-1997 for the implementation of UTRA.
These five concepts were named after the first five letters in the Greek alphabet:
alpha, beta, gamma, delta and epsilon. The various concepts were evaluated from
the middle of 1997 until the end of that year. The evaluation is referred to as the 2nd
phase in the UTRA conception. That phase was completed in 01/1998 with the
selection of the alpha and delta concepts for UTRA.
In the 3rd phase of the UTRA conception, these two UTRA concepts were
harmonized with each other. The harmonization was concluded in 06/1998. Since
then the two concepts are known as UTRA FDD and UTRA TDD. At the same time,
UTRA was submitted to the ITU as the ETSI proposal for IMT-2000. The ITU
accepted UTRA as an IMT-2000 system at the start of 1999.
The Japanese standards association, ARIB, with observer status in the ETSI, also
participated in the evaluation and harmonization of UTRA.
As a result, the submissions made by ETSI (UTRA) and ARIB (WCDMA) to the ITU
closely match each other in many respects. In view of this similarity, ETSI and ARIB
agreed in 05/1998 on a joint venture for 3G development.
This cooperation resulted in 12/1998 in the founding of the 3GPP (Third Generation
Partnership Project). Many other major organizations participate in the 3GPP for
development and promotion of 3G standards. Since then, 3GPP is responsible for the
production, testing and further development of a global UMTS standard (often
referred to as WCDMA in Asian areas).
18
Siemens
Start of UMTS Standardization
ETSI
UMTS: GSM
successor standard
devised in SMGs
(Special Mobile Groups)
GSM900/1800/1900
GSM-R, UMTS
1996/97: studies on UMTS

(1. Phase UTRA conception)
06 - 12/97: Evaluation of
5 Concepts
(2. Phase UTRA conception)
01/98: Select a & d concept
01 - 06/98: Harmonisation
FDD & TDD
(3. Phase UTRA Conception)
06/98: Submission of UTRA
RTT proposal to ITU
05/98: Harmonisation by
ETSI / ARIB
12/98: 3GPP founded

for
developing, approving
& maintaining
common UMTS specification
Fig. 11
19
The Third
Siemens
Generation (3G)
Siemen
(3G)
3GPP: Third Generation Partnership Project

In December 1998, five regional standards organizations (Japan: ARIB and TTC,
Europe: ETSI, South Korea: TTA, USA: T1) agreed to found a new global
standardization body. The objective of this body, known as 3GPP, is the joint
standardization, testing and continued development of UMTS.
The cooperation between many of these globally important standards organizations
is intended to assure that UMTS can establish itself as the dominating 3G standard
thereby facilitating global roaming and a genuine mass market for 3G.
The 3GPP guidelines were completed by March 1999.
From the year 2000 on, the remaining GSM/EDGE standardization work has been
taken over by 3GPP from the ETSI.
3GPP members
3GPP distinguishes between "organizational partners, "market representation
partners" and "observership status.
Organizational partners delegate experts to 3GPP to work on the development of the
standard. Market representation partners can make submissions to 3GPP, and
engage in the investigation of market demands, services, compilation of studies, etc.
Observership status is given to organizations with access to the 3GPP committees
but without any voting power.
Since the founding of the 3GPP many other organizations have agreed to active
involvement in the project.
For instance, by the beginning of the year 2000, the CWTS (China) joined as an
organizational partner; the UMTS Forum, GSM Association, GSA,UWCC and Ipv6
Forum as market representation partners MPRs and TIA and TSACC are engaged
under observership status. Several other organizations joined 3GPP in the following
as MPRs.
20
Siemens
UMTS
Standardization
ETSI
European Telecommunication
Standards Institute
TTA
ARIB/TTC
Association of Radio Industries
& Business / Telecommunication
Technology Committee, Japan
Telecommunications Technology
Association, South Korea
TSACC
GSA
Telecommunication
Standards Advisory Council
of Canada
Global Mobile Supplier

Association
3GPP
TIA
3rd Generation
Partnership Project
Telecommunication
Industry Association,
USA
ACIF
UMTS
Forum
UWCC
WMF
Australian Communications
Industry Forum
IPv6
Forum
Universal Wireless
Communications
Consortium
Wireless Multimedia
Forum
CWTS
3G.IP
Forum
China Wireless
Telecommunications
Standards
ANSI T1
Committee T1
Telecommunications
MWIF
Mobile Wireless
Internet Forum
GSM
Association
Organisational Partner
MPR: Market Representation
Partner
Observership status
Fig. 12
21
The Third
Siemens
Siemen
(3G)
Generation (3G)
3GPP structures
3GPP originally has been divided into a project coordinating group (PCG), originally
four, now five technical specification groups TSG's and many working groups WG's.
The PCG coordinates the work of the various TSG's and WG's.
The TSG's are writing the standard i.e., the recommendations for UMTS and
GSM/EDGE.
There are TSG's for each of the following UMTS topics: "Radio Access Network",
"Service & System Aspects", "Core Network" and "Terminals"."
A fifth TSG has been created in July 2000: "GERAN" (GSM/EDGE Radio Access
Network). Its principal responsibilities will be the maintenance and development of
GSM Technical Specifications and Technical Reports, including GSM evolved radio
access technologies such as GPRS and EDGE.
The Working Groups are working out studies regarding different aspects of the
standard. The studies are used by the TSG's as a basis for drafting the
recommendations.
3GPP
Structure
TSG CN
PCG
TSG SA
Core Network
Services & System

Aspects
CN WG 1
SA WG 1
MC/CC/CS (Iu)
Services
CN WG 2
SA WG 2
CAMEL
Architecture
CN WG 3
Interworking with
External Networks
SA WG 3
Security
CN WG 4
SA WG 4
MAP/GTP/BCH/SS
Codec
CN WG 5
OSA (Open
Service Architecture)
TSG: Technical
Specification Group
Project Co-ordinating Group
TSG RAN
TSG GERAN
Terminals
Radio Access
Network
GSM EDGE
RAN
T WG 1
RAN WG 1
Mobile Terminal
Conformance testing
Radio Layer 1
specification
TSG T
T WG 2
RAN WG 2
Mobile Terminal
Services & capabilities
Radio Layer 2 & 3

(RR) spec.
T WG 3
RAN WG 3
USIM
(Universal SIM)
Iub, Iur, Iu spec. &

UTRAN O&M requirem.
RAN WG 4
Radio performance &
Protocol aspects
GERAN WG 1
Radio Aspects
GERAN WG 2
Protocol Aspects
GERAN WG 3
BS Testing and O&M
GERAN WG 4
MS testing
SA WG 5
Telecom Management
Source: 3GPP
Fig. 13
22
The Third
Siemens
Generation (3G)
Siemen
(3G)
The UMTS Standard

The UMTS (3G) Standard drafted by the 3GPP is based on the success and
experiences of the GSM Standard.
The first UMTS (3G) Release completed at the beginning of the year 2000 and
known as the UMTS Annual Release 1999 is based in many areas on the GSM
Annual Release 1999. This is true in particular for the Core Network (CN) and the
service aspects. There are also very many '3G-only' specifications. This refers
particularly to the implementation of the UTRA radio interface.
The UMTS (3G) Standard is divided into different series (Series 21 to 34). These are
in turn subdivided into individual specifications.
Recommendations of the UMTS (3G) Standard as known as technical specifications.
Their numbering is derived from the numbering system of the GSM Standard. A
technical specification (TS) is numbered as "3G TS ab.cde", where "ab" represents
the series and "cde" the particular specification. Up to 1000 specifications are
therefore possible in any one series. This is a larger scale than is the case for GSM.
Specifications derived from the GSM Rel. '99 are numbered after the corresponding
GSM series plus 20. The "c" in the TS is set to "0" here. For example: 3G TS 27.007
is a technical specification deriving from the GSM Rec. 07.07.
The numbering system is explained in detail in the 3G TS 21.101.
The 3G TS 21.101 also provides an overview of all series and individual 3G technical
specifications.
23
Siemens
The UMTS Standard
Numbering:
GSM
Rel. 99
Specification
3G only
3G TS ab.cde
Specification
TS: Technical Specification
ab.cde: Series . Number
3G
Release 1999
Specification
Derived from GSM-Spec.:

GSM-Series +20; c = 0
e.g.: GSM 07.07 3GTS 27.007
Fig. 14
24
The Third
Siemens
Generation (3G)
Siemen
(3G)
3G Series
The UMTS specifications are divided into a total of 15 series.
Each of the series treats a particular aspect of the UMTS Standard.
21 series: Requirement specifications (overview: preliminary nature)
22 series: Service aspects
23 series: Technical realization
24 series: Signaling protocols (UE - CN network)
25 series: UTRA aspects
25.100 series: UTRA radio performance aspects
25.200 series: UTRA radio aspects (physical layer 1 of UTRA)
25.300 series: UTRA radio interface architecture, layer 2 and layer 3 aspects
25.400 series: UTRA network aspects (Iub, Iur, Iu Interface)
26 series: Codecs (speech, video, etc.)
27 series: Data (functions for support of data applications)
28 series: Signaling protocols (RSS - network part)
29 series: Signaling protocols (NSS)
30 series: Program management (3GPP plans and work programs, etc.)
31 series: UIM (User Identity Module)
32 series: Operation and Maintenance
33 series: Security aspects
34 series: Test specifications
35 series: Confidentiality & integrity algorithms
Work on the "classical" GSM series 1 - 12 is closed. The remaining work on
GSM/EDGE is done by TSG "GERAN" in the series 41 55, which are build up in
analogy to the 21 - 35 series of UMTS.
25
Siemens
3G TS: Series
21-Series: Requirements Specifications (Overview, Infos,..)
22-Series: Service Aspects
23-Series: Technical Realisation
24-Series: Signalling Protocols (UE - CN)
25-Series: UTRA Aspects

26-Series: Codecs (Speech, Video,..)
GSM
GSMSeries
Series11- -12
12
closed
closedwith
withRel.
Rel.99
99
GERAN:
GERAN:Series
Series41
41- -55
55
R4
(Rel.`2000)
onwards
R4 (Rel.`2000) onwards
27-Series: Data
28-Series: Signalling Protocols (RSS - CN)
29-Series: Signalling Protocols (NSS)
30-Series: Program Management
31-Series: USIM
32-Series: Operation & Maintenance
33-Series: Security Aspects
34-Series: Test Specifications
35-Series: Confidentiality & integrity algorithms
TS: Technical Specifications
Fig. 15
26
The Third
Siemens
2.2
Generation (3G)
Siemen
(3G)
3G / UMTS: 4 Zone Concept / Data Rates
The 4-zone concept in UMTS is based on the IMT-2000 specifications of the ITU.
The concept defines three terrestrially supplied zones (in-building, urban,
suburban/rural) and one zone (global) supplied by MSS's (Mobile Satellite Systems).
Zone 1: Indoor
Zone 1 is made up of pico cells and is used for servicing large offices, domestic
households, floors in skyscrapers, the stock exchange, etc. The service radius of the
pico cells is in the order of several tens of meters i.e., small areas with high user
densities and little mobility (max. 10 km/h) are supplied. Coupled with the restricted
mobility are high (ITU) requirements on the transfer rate (up to 2 Mbit/s). Up to 2
Mbit/s are theoretically possible with UMTS in Zone 1.
Zone 2: Urban
Zone 2 is made up of micro cells and is used to serve so-called hot spots. These are
inner city areas, public places, sports stadiums, exhibition and trade fair halls, airport
terminals, railway stations, etc. The service radius of the micro cells is in the order of
several hundreds of meters i.e., relatively small areas with high user densities and
low (max. 10 km/h) mobility are supplied. Up to 2 Mbit/s are theoretically possible
with UMTS in Zone 2.
Zone 3: Suburban/rural
Zone 3 is made up of macro cells and is used for servicing suburban and rural areas.
The service radius of the macro cells is in the order of several kilometers i.e.,
relatively large areas with medium-sized user densities and medium (max. 120 km/h)
or high (max. 500 km/h) mobility are supplied. The ITU requested up to 384 kbit/s for
medium speed support. In UMTS theoretically up to 480 kbit/s are foreseen for Zone
3. High mobility (max. 500 km/h), for which the ITU requested to support up to 144
kbit/s is not supported in initial UMTS.
Zone 4: Global
Zone 4 globally covers all rural, non-built-up, sparsely populated areas: In other
words, everything not covered by zones 1 3. This includes the oceans, deserts,
mountainous terrain and the polar regions. MSS's are to service these areas. They
can provide coverage for areas ranging from several tens of kilometers (via beam
spots) to areas with a radius of up to several thousands of kilometers. Supply for the
highest mobility (up to 1000 km/h) should be possible at data rates of up to 144 kbit/s
(ITU requirement). Satellite UMTS (S-UMTS) has been discussed but never
developed.
27
Siemens
UMTSconcept:
4 zones
Zone 4: Global
Zone 3:
Suburban / Rural
Zone 2:
Urban
MSS
Macro
Cell
Micro
Cell
Zone 1:
Indoor
Pico
Cell
max.
144 kbit/s
144 kbit/s
384 kbit/s
2048 kbit/s data rate
1000 km/h
500 km/h
120 km/h
10 km/h
max.
speed
Fig. 16
28
The Third
Siemens
Generation (3G)
Siemen
(3G)
Data rates and applications: UMTS compared to other transmission systems

In the indoor area, UMTS with its greater flexibility and faster data rates will assume
control of the functions currently implemented by 2nd generation systems such as
DECT, W-PBX and WLL. These 2G systems work in TDD mode (Time Division
Duplex) and theoretically enable data rates of more than 100 kbit/s. UMTS has a
TDD mode for this area that allows data rates of up to 2 Mbit/s. These speeds
provide capability for image transmission that goes beyond the performance of
previous applications (for example, video-on-demand, games-on-demand, video
conferences, etc.). Applications that were previously inconceivable or extremely
unlikely are now possible in this area.
Fixed network links or special mobile transmission systems such as WLAN (Wireless
Local Area Network) or MBS (Mobile Broadband Systems) will still be required in the
future for applications with extremely demanding capacity requirements. These
systems are either in the trial or development phases (4G).
Cellular 2G systems such as GSM, IS-95, D-AMPS or PDC and 3G PMR systems
such as TETRA are used in the outdoor area i.e., suburban and rural areas with
low to medium speeds. These 2G systems work in FDD mode (Frequency Division
Duplex). Generally only voice and data transfer rates of about 10 kbit/s (in GSM
Phase 2+ with over 100 kbit/s) are reached. UMTS possesses an FDD mode for this
area that allows data rates of up to 480 kbit/s for medium speed in outdoor areas.
Terrestrial, cellular UMTS components (TDD and FDD modes) will therefore be
responsible for the functions of today's 2G indoor systems (TDD mode) and 2G
outdoor systems (FDD mode). Much higher data rates are possible with the new
generation.
3G systems will also represent a quantum leap in the number and variety of potential
applications in the global area, which with 1G and the first 2G MSS systems could
only offer relatively low data rates.
29
Siemens
UMTS
Fixed network
Terminal
100
Applications
Data rates
2G / 3G comparison
MBS
(Mobile Broad
Band System)
0.1
Fixed network
Data rates [Mbit/s]
10
WLAN
3G
UMTS
(FDD & TDD Services)
2G TDD
(DECT, W-PBX, WLL)
2G FDD
cellular systems (GSM, IS-95,..)

0.01
office / floor
Building, halls
Hot Spots
Pedestrian
Vehicles
stationary
stationary
stationary
Low mobility
High mobility
Indoor
Outdoor
Source: UMTS Task Force Report
Fig. 17
30
The Third
Siemens
Generation (3G)
2.3
Siemen
(3G)
UMTS Licenses
Licensing
The licensing of UMTS was commenced in Finland in 03/1999. The remaining EU15
nations, other Western and Central European countries, Japan and South Korea,
South Africa, Australia and New Zealand have followed in 2000 and early 2001.
Different licensing methods are used. A number of countries (e.g. Finland, Spain)
prefer the distribution of licenses (more or less) free of charge, using a so-called
"beauty contest" to find out the most reliable network operators for the restricted
number of licenses.
Most other countries (e.g. Germany, the United Kingdom and the Netherlands)
preferred different auction systems (open and closed). The acquisition of licenses is
linked in most countries to different conditions. The conditions include guarantees for
commencement of UMTS operation and the requisite service level with UMTS after a
particular time (e.g., 50% of the population after 5 years). The lifetime of the licenses
will be limited to 15 years in most cases. In Germany they are limited to 20 years.
Regional licenses are not excluded. In general, however, operators prefer national
licenses.
Licenses
2 x 60 MHz are available for paired bands (FDD) and a total of 35 MHz for unpaired
bands (TDD) for the EU15. There are therefore 12 packets for paired bands and 7
packets for unpaired bands to be allocated for use with the UMTS 5-MHz bandwidth.
The UMTS Forum specified a minimum of 3 packets for paired bands (i.e., 2 x 15
MHz) and 1 packet for unpaired bands (i.e., 1 x 5 MHz) per operator for optimum
deployment of UMTS. If licenses have been granted in this way (2 x 15 MHz for
paired band), this implies a maximum of 4 operators in each country. For this reason,
licenses with 2 x 10 MHz for paired bands have been also allocated in countries with
high population densities, thereby allowing 5 or 6 licenses per country.
31
Siemens
UMTS
Licensing
Licensing in:
Finland 03/99
Spain, GB: 1Q2000
NL, D, F, I: 3Q2000
EU15: closed until
end of 2000
Japan: 1Q2001
Licensing methods / conditions

free of charge / beauty contest
(e.g. Finland, Spain)
Auctioning: e.g. GB, D, NL, I
annual fee: e.g. France
available (mostly) for 15 years
Licenses
Licenses(EU15):
(EU15):
22xx60
60MHz
MHzpaired
pairedband
band(FDD)
(FDD)
35
MHz
unpaired
(TDD)
35 MHz unpaired (TDD)
bandwidth:
bandwidth:55MHz
MHz

12
12FDD
FDDpackets
packets++77TDD
TDDpackets
packets
UMTS
Forum
SAG
requests
UMTS Forum SAG requestsper
peroperator:
operator:
min.
min.22xx15
15MHz
MHzFDD
FDD++11xx55MHz
MHzTDD
TDD
EU15:
EU15:44- -66Licenses
Licenses
(e.g.:
(e.g.:F,F,Fin.,
Fin.,Spain:
Spain:4;4;GB,
GB,NL:
NL:5;5;D:
D:6)6)
UMTS
TDD
1900
1920
UMTS FDD (UL)
UMTS
TDD
1980 2010
2025
UMTS FDD (DL)

2110
2170
frequency range [MHz]
Fig. 18
32
Chapter 2
UMTS Evolution
UMTS Evolution
Siemens
UMTS Evolution
Contents
1
1.1
1.2
1.3
2
3
Background & Principle

Evolutionary Path: GSM to UMTS
GSM & UMTS Evolution
Evolution: Data Transmission
Exercise
Solution
23
34
78
190
1113
1317
Siemens
UMTS Evolution

UMTS Evolution
UMTS
GSM
Phase
1/2
Phase
2+
Release
3
Release
4

Fig. 1
Siemens
UMTS
1.1
Evolution
Siemen
UMTS Evolution
Evolutionary Path: GSM to UMTS
Original UMTS planning

The original considerations regarding a 3rd generation of mobile communications at
the start of the 1990's represented a decisive leap in comparison to the 2nd
generation. The general opinion expressed at the so-called "zero meeting" held by
the ETSI SMG5 responsible for UMTS conception and coordination in December
1991 was that all downward compatibility of UMTS with GSM be avoided. UMTS was
to be a system fully independent of GSM in order not to limit the capability of UMTS
with compromises regarding the existing GSM infrastructure.
This point of view was revised in the mid-1990's. The costs of research,
standardization and development of UMTS exceeded those of GSM many-fold.
Moreover, GSM proved to be much more successful than even the most optimistic
forecasts predicted. GSM networks providing total coverage were erected not only in
Europe, but also in most other countries in the world. In view of this situation, it would
have been extremely expensive with little chance of success to establish UMTS
networks that are fully incompatible with existing GSM networks.
Downward compatibility of UMTS
The UMTS strategy was changed with the publication of the ETSI GMN (Global
Multimedia Mobility) Reports 1996.
UMTS networks are now to be designed on the basis of the existing GSM
infrastructure and are to be downward compatible with GSM. UMTS has a modular
design for this reason. The first module to be centrally changed for the UMTS
introduction with regard to GSM is the broadband radio interface. Further
modifications are to follow in subsequent phases.
Siemens
UMTS Evolution
Evolutionary path:
GSM to UMTS
Original vision:
quantum leap from
GSM to UMTS
Capabilities
UMTS
GSM
1990
2000
2002
Zeit
Problems:
UMTS-costs (research, standardisation, development) >> GSM
creation of GSM-incompatible networks is not promising
Fig. 2
UMTS
Siemens Evolution
Siemen
UMTS Evolution
The evolutionary path: GSM to UMTS

The ETSI GMM (Global Multimedia Mobility) Report from 1996 pointed the way for
the development not only of UMTS, but also of GSM. GSM was to be further evolved
in the GSM Phase 2+ in such a manner that its capabilities progressed toward
UMTS. The GSM network and protocol structures were developed so that they can
be used as a platform not only for high level GSM services, but also for UMTS.
UMTS will continue the GSM success story. The existing infrastructure of the GSM
operators will be more intensively used, and also for UMTS. This reduces the
financial risks involved in the introduction of UMTS. In other words, the 2G
investments will continue to be utilized.
The experience gained by GSM with regard to the core network and the
protocols/procedures (e.g., the MAP protocol, call control, mobility management,
handover, etc.) will also be used either directly or in a modified form. This approach
will also reduce the risks involved in the technical 3G implementation.
Also of great importance is the introduction of dual and multimode terminals that will
be able to use the entire area serviced by GSM from the very beginning by handover
between UMTS and GSM, thereby paving the way for UMTS (reduction of 3G risks).
This new evolutionary plan gives 2G operators a chance to reconfigure their networks
for upward compatibility, and UMTS operators can avail of the downward
compatibility to assure successful UMTS launching.
In this way GSM will slowly evolve along a migration path toward the original
objectives of UMTS to obtain the smoothest possible transition from the 2nd to the
3rd generation of mobile communications.
Siemens
UMTS Evolution
Evolutionary path:
GSM to UMTS
ETSI GMM Report 1996:
UMTS downward compatible
Save 2G Investments!
Reducing 3G Risks !
Technical investments of operators
Minimize technical risks

Minimize implementation risks
sales/marketing investments
Based on global GSM success & experience

Common Core Network (for GSM & UMTS)
based on GSM Non-Access Stratum protocols (CM, MM, SM,..)
based on GSM CN protocols (MAP)
re-use GSM Supplementary Services
production experience of 2G equipment vendors
shorter paths for marketing 3G products
faster reduction of costs
Migration path for 2G operators toward 3G

Upward
compatible
2G
3G
Downward
compatible
GMM: Global Multimedia Mobility
Fig. 3
Siemens
UMTS Evolution
1.2
Siemen
UMTS Evolution
GSM & UMTS Evolution
The original plans for GSM in the 1980's included all aspects of a 2G standard. In
1988 it became clear that this was not possible in the specified time frame. For this
reason, GSM was released in a preliminary version in 1990/91 as GSM Phase 1.
GSM Phase 1
Phase 1 contains everything required for the operation of GSM networks. Speech
data transfer is the core focus. Data transfer is defined, too (0.3 - 9.6 kbit/s). Only a
few supplementary services are included.
GSM Phase 2
After Phase 1completion, the GSM Standard was fully revised. Phase 2 includes a
wide range of supplementary services comparable with the ISDN standard.
GSM Phase 2+
Phase 2+ enhances in Annual Releases (`96, `97, `98, `99) the GSM standard and
prepares the UMTS introduction. Especially the GSM Core Network CN is enhanced
to be used as UMTS CN at UMTS start. Major Phase 2+ aspects are IN services,
flexible service definition, packet data transfer, high data rate transmission and
improved voice codes. GSM is limited by the narrowband radio access, the radio
resource efficiency and a lack of additionally available frequency bands.
UMTS Release `99 (also: Release 3)
With GSM Rel. `99, a handshake with the first UMTS Release (Rel.. `99 or Rel. 3)
according to many CN and service aspects is performed. UMTS introduces a new,
broadband radio access optimized for packet data transmission up to 2 Mibt/s.
UMTS Release 4
Unlike GSM Phase 2+, the enhancement of UMTS is not performed in annually
steps. Enhancements should be possible in flexible time schedules. Rel. 4 (late 2001)
introduces e.g. important CN modifications (bearer independent signaling flow) and
the Low Chip Rate LCR TDD mode as a third radio access option.
UMTS Release 5, 6,
For UMTS Rel. 5 major CN modifications, i.e. the IP Multimedia Subsystem IMS, are
planed. New network elements and protocol structures are defined.
For the future modifications of the UTRAN toward an All IP RAN, enhancements of
the radio resource efficiency, new frequency ranges (WRC'2000) and many more
enhancements toward 4G are expected
Siemens
UMTS Evolution
GSM & UMTS

Evolution
Capabilities
GSM Limits:
narrow-band radio access
resource efficiency
additional frequency bands
required
UMTS
Release
5
Release
4
Release
3
GSM
Phase
2+
Phase
1
Phase
2
Release
Release
97
96
Ph1: TeleServices TS,

BS max. 9.6 Kbit/s
Ph2: Supplementary
Services SS (= ISDN)
Release
98
Release
99
new SS, flexible

new WCDMA new CN solutions
Service Concept
Radio Interface (R4: CS domain
modification
(CAMEL, MExE,..),
(large bandwidth,
R5: IMS);
higher data rates
Flexible data rates;
(HSCSD, GPRS, EDGE) optimized for PS); new RTT options
(LCR-TDD)
new network elements
new RAN
close to original
3G plans
Time
IMS: IP Multimedia Subsystem

LCR: Low Chip Rate
RTT: Radio Transmission Technology
Fig. 4
Siemens
UMTS Evolution
1.3
Siemen
UMTS Evolution
Evolution: Data Transmission
In Phases 1 / 2 GSM allows data transfers at 0.3 to 9.6 kbit/s. In Phase 2+ HSCSD,
GPRS and EDGE are introduced to enhance the data transmission capabilities.
HSCSD defines bundling of up to 8 physical channels of one carrier. In practice,
however, only up to 4 channels are bundled together due to CN restrictions. The
maximum data rate per physical channel was increased from 9.6 kbit/s to 14.4 kbit/s,
introducing a new codec. As a result, up to 57.6 kbit/s can be reached (theoretically
up to 115.2 kbit/s). HSCSD, like conventional GSM, defines Circuit Switched CS data
transfer. For HSCSD, only minor modifications to the GSM network were necessary.
GPRS: General Packet Radio Services
GPRS also allows bundling of up to 8 physical channels to one user. Four new
Coding Schemes CS enable transfers at rates of 9.05 /13.4 / 15.6 / 21.4 kbit/s per
physical channel. GPRS introduces Packet Switched PS data transmission, which
allows efficient use of resources and direct access to Packet Data Networks PDN.
New network elements and protocols, paving the way for UMTS, have been defined.
EDGE: Enhanced Data Rate for the GSM Evolution
EDGE introduces a new modulation method over the radio interface: 8-Phase Shift
Keying 8PSK. This allows three times faster data transfer compared to the
conventional GSM modulation method Gaussian Minimum Shift Keying GMSK. In
this way, EDGE is used to enhance the performance of GPRS and HSCSD.
Transmission at up to 69.2 kbit/s per physical channel is possible. Theoretically, data
rate of up to 553.6 kbit/s are possible, granting ITU 3G requirements for Zone 3 (wide
area mobility.
UTRA: UMTS Terrestrial Radio Access
In UMTS, UTRA introduces a new multiple access method (WCDMA), modulation
principle (QPSK) and a 25 times larger bandwidth than GSM at new frequency
ranges. New RAN network elements and protocols are defined. The maximum data
transmission rate will be some 2 Mbit/s.
Siemens
UMTS Evolution
max. Data rate
Data Transmission
Evolution
UTRA:
1920 kbit/s
HSCSD, GPRS & EDGE: combining 1-8 TS

HSCSD: Circuit Switched
GPRS: Packet Switched; new Infrastructure
EDGE: 8PSK instead of GMSK
UMTS: UTRA (WCDMA) optimised for PS
EDGE:
553 kbit/s
GPRS:
171 kbit/s
HSCSD:
GSM
Phase 1/2:
9.6 kbit/s
new
no new
network elements &
115 kbit/s protocol architecture: network elements;
only changes
prerequisite
no new
in
modulation
for UMTS !!
network elements;
principle
SW-changes
4 / (8) x
14.4 kbit/s
8x
21.4 kbit/s
New:
transmission
principles
(WCDMA)
network
elements
protocols
8 x 69.2 kbit/s
9,6 kbit/s
GSM Phase 2+
GPRS: General Packet Radio Services
EDGE: Enhanced Data rates for the GSM Evolution
8PSK: Phase Shift Keying

GMSK: Gaussian Minimum Shift Keying
UTRA: UMTS Terrestrial Radio Access
Fig. 5
10
Chapter 3
The UMTS Network
The UMTS Network
Siemens
The UMTS Network
Contents
1
2
3
4
5
6
7
8
Release `99: Network Overview

Release `99 CN: CS Domain
Release `99 CN: Entities common to CS & PS Domain
Release `99: PS Domain
Release `99: UTRAN & UE
Further Evolution: Release 4 & 5
Exercise
Solution
23
69
1319
1929
2637
3347
4055
4765
Siemens
The UMTS Network

UMTS
Network
PSTN /
ISDN
Intra- /
Internet
Enhanced GSM Phase 2+

Core Network
A
Gb
Iu
Co-existence of
GSM & UMTS
network elements
BSS
GSM Base Station
Subsystem
Um
GSM
Uu
GSM / UMTS
GSM UMTS Evolution

saves investment costs
reduces implementation risks
UTRAN
UMTS Terrestrial
Radio Access Network
UMTS
Release `99
Network Overview
Fig. 1
Siemens
The UMTS
The UMTS Network

Siemen
Network

UMTS networks are based on GSM Phase 2+ Core Networks. This approach
safeguards the investments made by today's GSM network operators and reduces
the 3G implementation risks. The UMTS Terrestrial Radio Access Network UTRAN is
connected to the enhanced Phase 2+ CN via Iu interface. The GSM Base Station
Subsystem BSS and UTRAN can be connected to the same CN. The GSM Mobile
Station MS is connected to the GSM BSS via GSM radio interface Um, the UMTS
User Equipment UE to UTRAN via UMTS radio interface Uu.
An overview of the UMTS network architecture is given in TS 23.002.
The UMTS CN
The enhanced GSM Phase 2+ Core Network consists of a Circuit Switched CS
Domain for speech, video telephony and real-time data transfer and a Packet
Switched PS Domain for Non real-time data transfer. Furthermore, several network
elements are necessary respectively optional for both domains, here determined as
"Entities common to the CS & PS Domain".
An overview of the PS Domain is given in TS 23.060.
Network Overview
RAN
Radio Access Network
TS 23.002:
CN
Network Architecture
Core Network
External
Networks
GSM BSS
CS Domain
Entities common
to the CS & PS Domain
UE
UTRAN
PS Domain
TS 23.060:
GPRS
Fig. 2
Siemens
The UMTS
Network
The UMTS Network

Siemen
The UMTS Network

CS Domain
The CS Domain of the UMTS CN consists of the following functions:
l
MSC: Mobile Services switching Center
GMSC: Gateway MSC
SMS-GMSC: Short Message Services Gateway MSC
SMS-IWMSC: Short Message Services Interworking MSC
TC/IWF: Transcoding & Interworking function
PS Domain
The PS Domain of the UMTS CN consists of the following functions:
l
GGSN: Gateway GPRS Support Node
SGSN: Serving GPRS Support Node
CGF: Charging Gateway Function
Entities common to the CS & PS Domain:

l
AuC: Authentication Center
CSE: CAMEL Service Environment
UMTS Terrestrial Radio Access Network UTRAN & UE

The UTRAN consists of the following functions:
RNC: Radio Network Controller
Node B
UE: User Equipment
Remark: This list of UMTS functions is not complete (see TS23.002). Only the "most
important" functions are shown. The listed functions are described in the following.
Siemens
The UMTS Network
TS 23.002
UMTS
Network
GSM BSS
BTS
BTS
UE
T
R
A
U
B
S
C
UTRAN
Node B
R
(n x BTS)
N
Node B
C
(n x BTS)
Node B
(n x BTS)
TC: Transcoding
IWF: Interworking Functions
SM-SC: Short Message Service Centre
R
N
C
CS Domain
MSC /
VLR
IWF/
TC
CSE
EIR
PSTN
GMSC
ISDN
HLR AuC
X.25
SGSN
PS
Domain
GGSN
CGF
SMS-GMSC
SMS-IWMSC
IP
Billing
System
SM-SC

Fig. 3
Siemens
The UMTS Network
Release `99 CN: CS Domain

UMTS
Network
GSM BSS
BTS
BTS
UE
T
R
A
U
B
S
C
UTRAN
Node B
R
(n x BTS)
N
Node B
C
(n x BTS)
Node B
(n x BTS)
R
N
C
CS Domain
MSC /
VLR
IWF/
TC
CSE
EIR
GMSC
PSTN
ISDN
HLR AuC
X.25
SGSN
PS
Domain
GGSN
CGF
SMS-GMSC
Release `99 CN: SMS-IWMSC

CS Domain
IP
Billing
System
SM-SC
Fig. 4
Siemens
The
UMTS Network
Siemen
The UMTS Network
3G MSC
The Mobile-services Switching Center MSC constitutes the interface between the
radio system and the external fixed networks (ISDN / PSTN). The MSC performs all
necessary functions in order to handle the circuit switched services to and from the
Mobile Stations MS / User Equipment UE.
The MSC is an exchange which performs all the switching and signaling functions for
MSs / UEs located in a geographical area designated as the MSC area. The MSC
area is sub-divided into so-called Location Areas LA. The main difference between a
MSC and an exchange in a fixed network is that the MSC has to take into account
the impact of the subscribers mobility.
Several MSCs may be required to cover a country.
The MSC is connected to other network elements via the following interfaces
(Examples):
l
A-Interface: to the GSM Base Station Controller BSC
B-Interface: to the VLR. The MSC is always associated with a Visitor Location
Register. Therefore, the B-Interface is proprietary.
C-Interface: to the HLR
E-Interface: to other MSCs
F-Interface: to the EIR
Gs-Interface: to the SGSN (for common Mobility Management)
Iu(CS)-Interface: to the RNC
Gateway MSC (GMSC): If a network delivering a call to the PLMN cannot interrogate
the HLR, the call is routed to an MSC. This MSC will interrogate the appropriate HLR
and then route the call to the MSC where the mobile station is located. The MSC
which performs the routing function to the actual location of the MS / UE is called the
Gateway MSC. The choice of which MSCs can act as Gateway MSCs is for the
operator to decide (i.e. all MSCs or some designated MSCs).
Visited MSC (VMSC): For all the MSs / UEs in the MSCs area the serving MSC is
regarded as Visited MSC.
Siemens
The UMTS Network
SMS-GMSC
SMS-IWMSC
3G MSC
Mobile services
Switching Center
T
R
A
U
B
S
C
Iu(CS)
R
N
C
GMSC:
GMSC:
SGSN
MSC:
MSC:
always
alwaysassociated
associatedwith
withVLR
VLR
control
controlofofgeographical
geographicalarea:
area:
MSC
MSCArea
Area==11/ /several
several
Location
LocationArea
AreaLA
LA
MSC
Gs
V(isited)-MSC
V(isited)-MSCfor
forall
allUEs
UEs
ininMSC
MSCArea
Area
PSTN/ISDN
PSTN/ISDNInterface
Interface
Interrogating
InterrogatingHLR
HLR
routing
routingtotoactual
actual
UE
UElocation
location
VLR
VLR
IWF/
TC
SM-SC
GMSC
PSTN
ISDN
Main
MSC
HLR
EIR
LA2
LA1
LA3
tasks:
Switching
Handling CS Services
Call Setup / Release
Charging
Interfaces:
A, B, C, E, F,
Gs, Iu(CS)
LA4
MSC Area
Fig. 5
The UMTS
Siemens
Siemen
The UMTS Network
Network
Short Message Service SMS Gateway MSC (SMS-GMSC)

The SMS-GMSC acts as an interface between an external Short Message Service
Center SMS-SC and the PLMN, to allow short messages to be delivered to MS / UE
from the Service Center.
The choice of which MSCs can act as SMS Gateway MSCs is a network operator
matter (e.g. all MSCs or some designated MSCs).
SMS Interworking MSC (SMS-IWMSC)
The SMS Interworking MSC acts as an interface between the PLMN and a SMS-SC
to allow short messages to be submitted from MS / UE to the SMS-SC.
The choice of which MSCs can act as SMS Interworking MSCs is a network operator
matter (e.g. all MSCs or some designated MSCs).
SMS-GMSC and SMS-IWMSC description can be found in TS 23.002.
SMS-GMSC
SMS-IWMSC
all or some designated
MSCs can act as
SMS-GMSC/IWMSC
(Network operator
dependent)
TS 23.002
CS
Domain
MSC /
VLR
External
Networks
SMS-GMSC
SMS Gateway MSC
SMS-IWMSC
SMS Interworking MSC
SM-SC
Short Message
Service Center
Gd
PS
SGSN
Domain
Fig. 6
Siemens
The UMTS
Network
The UMTS Network

Siemen

The Visitor Location Register VLR is responsible to aid the MSC with information on
the subscriber, which are temporarily in the MSC service area. Therefore, in praxis it
is always associated with an MSC.
The VLR request the subscriber profiles of subscriber with activated MS / UE in the
MSC service area from the Home Location Register HLR and stores them
temporarily. Temporarily means as long as the subscriber is not registered in a new
MSC/VLR, even if he deactivated the MS / UE.
Additional to the semi-permanent subscriber data received from the HLR the VLR
stores temporary data, e.g. information on the subscribers current location (the
Location Area), the state of activation (Attached / Detached),...
Furthermore, the VLR is responsible for the initiation of security functions, e.g. the
Authentication procedure, the start of ciphering and the TMSI re-allocation.
Examples of subscriber data in the VLR:
l
MSISDN: Mobile Subscriber ISDN No.
LAI: Location Area Identity
Authentication Parameter
the identity of the SGSN where the MS has been registered
The organization of the subscriber data is outlined in TS 23.008.
10
Siemens
The UMTS Network
VLR
Main
Visitor Location
Register
VLR
tasks:
for all UEs in MSC Area
storing Subscriber profiles
Mobility Management
storing Location Information
controlling
Security Features*
VLR as MSCs Data Base:

Subscriber Profile,
e.g. IMSI, MSISDN,
Services (TS, BS, SS),..
Temporary Subscriber Data

e.g. LMSI, TMSI, MSRN,
Security Parameter,
Location Information,
IMSI attach/detach,..
B
MSC
VLR
* e.g. Authentication, Authorization,
Cipher & Integrity Start
Location
LocationUpdates
Updates
Subscriber
SubscriberProfiles
Profiles
VLR
VLR
Security
SecurityParameter
Parameter
(via
(viaHLR
HLRVLR)
VLR)
Interrogation
Interrogation
(MSRN
(MSRNvia
viaHLR
HLRtotoGMSC)
GMSC)
TS: Tele Services

BS: Bearer Services
SS: Supplementary Services
D
HLR
AuC

Fig. 7
11
Siemens
The
UMTS Network
Siemen
The UMTS Network
Transcoding TC function
The Transcoding TC function is used to perform conversion between standard ISDN
64 kbit/s speech transmission and the UMTS Adaptive Multi-Rate AMR speech codec
(Specs: 26-series).
The AMR speech coder is a single integrated speech codec with eight source rates
from 4.75 kbit/s to 12.2 kbit/s, and a low rate background noise encoding mode. The
speech coder is capable of switching its bit-rate every 20 ms speech frame upon
command (TS 26.071).
Different to GSM, in UMTS the Transcoding function is not part of the Radio Access
Network RAN. It has been defined as part of the UMTS Core Network CN.
Some optimization procedures allow it to be passed through, without transcoding, in
the case of UE to UE communication for example, when double-transcoding would
be performed for nothing.
Interworking Function IWF
The "classical" Core Network CN interfaces (e.g. A G) are all Time Division
Multiplexed TDM based (E1/T1). Different to this, The Iu interface between UTRAN
and the UMTS CN is ATM-based. An Interworking Function IWF is necessary for
conversion between TDM-based and ATM-based interfaces.
Remark: IWF and TC function can be stand-alone network elements or be integrated
into the UMTS MSC, depending on the manufacturers / network operators decision /
demands.
TC
Transcoding
&
IWF
B
S
C
T
R
A
U
RAN
Radio Access
Network
Iu(CS)
VLR
B
E
MSC
IWF/
R
N
C
BlaBla
Bla
CN
Core Network
TC
C
Gs
IWF
TC
Interworking: TDM ATM

all classical CN-Interfaces (A-G):
TDM based (E1/T1 PCM30/PCM24)
Iu(CS): ATM based
BlaBla
Bla
Transcoding
4.75 12.2 kbit/s
AMR: Adaptive MultiRate
UTRAN
Fig. 8
CN function in UMTS:
part of MSC or standalone N.E.
Conversion of Speech Data (CN RAN):
using AMR speech codec
CN: 64 kbit/s (ISDN)
RAN: 4.75 12.2 kbit/s (AMR)
64 kbit/s (ISDN)
CN
12
Siemens
The UMTS Network
Release `99 CN: Entities common to CS &

PS Domain
UMTS
Network
GSM BSS
BTS
BTS
UE
T
R
A
U
B
S
C
UTRAN
Node B
R
(n x BTS)
N
Node B
C
(n x BTS)
Node B
(n x BTS)
CS Domain
MSC /
VLR
IWF/
TC
CSE
EIR
GMSC
PSTN
ISDN
HLR AuC
X.25
SGSN
PS
Domain
R
N
Release `99 CN:
C
Entities common
to CS & PS Domain
GGSN
CGF
SMS-GMSC
SMS-IWMSC
IP
Billing
System
SM-SC
Fig. 9
13
Siemens
The UMTS
Network
The UMTS Network

Siemen

The HLR is a database in charge of the management of mobile subscribers There
may be one or more HLRs in a GSM PLMN.
The HLR is always associated with an Authentication Center AC (proprietary
interface). It participates in different procedures, for e.g.:
l
It sends all necessary data to the VLR.
It supports the call setup in case of Mobile Terminating Calls MTC by sending
routing information to the Gateway MSC (Interrogation).
It transmits the security parameters from AuC to VLR on request
An HLR contains different semi-permanent mobile subscriber data, e.g.:

l
MSISDN: Mobile Station International ISDN number
Packet Data Protocol (PDP) address(es), e.g. IP address
Services: Bearer Services BS, Tele Services TS, Supplementary Services SS
a list of all the group IDs a service subscriber is entitled to use to establish voice
group or broadcast calls
CAMEL Subscription Information(s)
Service Restrictions (e.g. roaming limitations)
Additionally, the HLR contains different temporary information of the mobile

subscriber, e.g.:
l
VLR and SGSN addresses
Mobile Station Roaming Number MSRN
SMS flags
The organization of the subscriber data is outlined in GSM 23.008.

Authentication Center AuC
The AuC is responsible to store the secret Keys of the subscribers and the security
algorithm, which are necessary for the generation of the GSM and UMTS security
parameters. On request of the VLR respectively the SGSN the AuC generates the
security parameters. They are delivered via HLR to VLR / SGSN to enable
Authentication, Ciphering and Integrity Check.
The AuC is always associated with an HLR (communication via a proprietary
interface).
14
Siemens
The UMTS Network
HLR
AuC
Subscriber Registration
Storing/Management
subscriber profiles
Deliver profiles to VLR/SGSN
Storing Location Information
(VLR / SGSN)
MTC: Deliver Routing
information to GMSC / GGSN
Associated with AuC
CS Domain
MSC /
VLR
GMSC
HLR
Gr
SGSN
Storing secret Keys

(counterpart: USIM) &
Security Algorithm
Generating Security Parameter
(GSM: Triples; UMTS: Quintets)
Deliver Parameter to VLR /
SGSN (via HLR)
Associated with HLR
AuC
Gc
GGSN
PS Domain
Subscriber data (Examples):
Semi-permanent Data: MSISDN, IMSI, Services
(BS, TS, SS), QoS Profile, CSI, Service Restrictions,..
Temporary Data: VLR / SGSN address,
MS Non-Reachable flag, MSRN, SMS flags,..
BS: Bearer Service

TS: Tele Service
SS: Supplementary Service
CSI: CAMEL Subscription Information
QoS: Quality of Service
MSISDN: Mobile Station ISDN Number
Fig. 10
15
The UMTS
Siemens
Siemen
The UMTS Networ
Network
Equipment Identity Register EIR

The EIR is an optional feature in GSM and UMTS. It has been defined to enable theft
prophylaxis. Stolen or non-valid Mobile Equipment ME can be blocked from further
usage.
The Equipment Identity Register EIR is the logical entity, which is responsible for
storing in the network the International Mobile Equipment Identities IMEIs (TS
23.002). An IMEI clearly identifies a unique Mobile Equipment ME and contains
information about the place of manufacture, device type and the serial number of the
equipment.
The Mobile Equipment ME is classified as "white listed", "grey listed", "black listed" or
it may be unknown as specified in TS 22.016 and TS 29.002.
The EIR performs IMEI Checks on VLR respectively SGSN request to check whether
the ME is stolen or non-valid.
The EIR is connected to:
l
the SGSN via Gf interface
the VLR via F interface
EIR
CS Domain
MSC /
VLR
Storing IMEIs
(counterpart: ME)
on White / Gray / Black List
Performing IMEI Check
on VLR / SGSN request
optional network function
EIR
Gf
SGSN
IMEI
PS Domain
International
Mobile station
Equipment
Identity
Fig. 11
16
Siemens
The
UMTS Network
The UMTS Network

Siemen
CAMEL Service Environment CSE

For the introduction of CAMEL services, some network elements have to be
enhanced and new functional entities have to be introduced (TS 23.078):
l
GSM Service Control Function gsmSCF: functional entity that contains the
CAMEL service logic to implement Operator-Specific Services OSS. It interfaces
e.g. with the gsmSSF, the gprsSSF and the HLR.
GSM Service Switching Function gsmSSF: functional entity that interfaces the
MSC/GMSC to the gsmSCF. The concept of the gsmSSF is derived from the IN
SSF, but uses different triggering mechanisms because of the nature of the mobile
network
GPRS Service Switching Function gprsSSF: functional entity that interfaces the
SGSN to the gsmSCF.
Home Location Register HLR: for subscribers requiring CAMEL support, the
HLR stores different types of CAMEL Subscriber Information CSI (e.g. O-CSI for
Mobile Originating Calls MOCs, T-CSI for Mobile Terminating Calls MTCs). The OCSI is sent to the VLR at Location Update, on data restoration or if the O-CSI is
updated by administrative action. The O/T-CSI is sent to the GMSC when the HLR
responds to a request for routing information.
MSC/VLR or SGSN: VLR or SGSN store the different CSI information as part of
the subscriber data for subscribers roaming in the MSC/VLR or SGSN area. MSC
or SGSN monitor the call states and communicate (internally) with the gsmSSF for
further proceeding.
GSM Service Switching Function
CSE
interfaces MSC/VLR to gsmSCF

derived from IN SSF
CAMEL Service
Environment
CS
Domain
GSM Service
Control Function:
gsm
SSF
MSC /
VLR
gsm
SSF
E
gsm
contains CAMEL
service logic for
Operator-Specific
Services
HLR AuC
SCF
SGSN
PS
Domain
GMSC
Gn
stores CAMEL
Subscription
Information CSI
GGSN
gprs
SSF
MSC/VLR
MSC/VLR&&SGSN:
SGSN:
store
storeCSI
CSIas
aspart
partofof
subscriber
subscriberprofile
profile
GPRS Service Switching Function

interfaces SGSN to gsmSCF
Fig. 12
17
Siemen
The UMTS Network
The
UMTS Network
Siemens
CAMEL Protocols & Interfaces
The Mobile Application Part MAP and the CAMEL Application Part CAP (TS 29.078)
are used on the different interfaces (TS 23.078) applicable to CAMEL:
l
HLR - VLR interface (D-Interface): On this interface the MAP is used to send the
CAMEL related subscriber data to the VPLMN and for provision of Mobile Station
Roaming Numbers MSRN. The interface is also used to retrieve subscriber status
and location information of the mobile subscriber or to indicate suppression of
announcement for a CAMEL service.
GMSC - HLR interface (C-Interface): This interface is used at terminating calls to

exchange routing information, subscriber status, location information, subscription
information and suppression of announcements. The O/T-CSI that is passed to the
IPLMN is sent over this interface using the MAP.
SGSN / MSC or GMSC gprsSSF / gsmSSF interface: These are internal

interfaces. These interfaces are described in the specification to make it easier to
understand the handling of Detection Points DPs.
gprsSSF / gsmSSF - gsmSCF interface (CAP Interfaces): On these interfaces the

CAP is used by the gsmSCF to control a call in a certain gprsSSF / gsmSSF.
gsmSCF - HLR interface (CAP Interface): On this interface the MAP is used by the
gsmSCF to request information from the HLR. As a network operator option the
HLR may refuse to provide the information requested by the gsmSCF.
GMSC - MSC interface (E-Interface): On this interface the MAP is used to transfer
control of a call from a VMSC back to a GMSC for optimal routing.
CAMEL
Data transfer
Protocols &
Interfaces
Signalling
O-CSI
T-CSI
HLR
gsmSCF
HPLMN
MAP
TS 23.078,
29.078
MAP
CAP
CSE
Interfaces
gsmSSF
gprsSSF
MSC/VLR
SGSN
gsmSSF

gsmSSF: GSM Service Switching Function
gsmSCF: GSM Service Control Function
CAP: CAMEL Application Part
MAP: Mobile Application Part
O-CSI: CAMEL Subscription Information (MOC)
T-CSI: CAMEL Subscription Information (MTC)
Fig. 13
UE
MSC/VLR
VPLMN
18
Siemens
The UMTS Network
Release `99: PS Domain

UMTS
Network
GSM BSS
BTS
BTS
UE
T
R
A
U
B
S
C
UTRAN
Node B
R
(n x BTS)
N
Node B
C
(n x BTS)
Node B
(n x BTS)
R
N
C
CS Domain
MSC /
VLR
IWF/
TC
CSE
EIR
GMSC
PSTN
ISDN
HLR AuC
X.25
SGSN
PS
Domain
GGSN
CGF
SMS-GMSC
Release `99 CN: SMS-IWMSC

PS Domain
IP
Billing
System
SM-SC
Fig. 14
19
The UMTS Network
Siemenk
PS Domain - Main Concept

The PS domain uses a packet-mode technique to transfer high-speed and low-speed
data and signaling in an efficient manner. The PS domain optimizes the use of
network and radio resources. Strict separation between the radio subsystem and
network subsystem is maintained, allowing the network subsystem to be reused with
other radio access technologies. (TS 23.060)

The GGSN is the first point of Packet Data Network PDN interconnection with a GSM
/ UMTS PLMN (i.e. it supports the Gi interface). GGSN functionality is common for
GSM and UMTS.
The Gateway GPRS Support Node GGSN provides interworking with external
Packet-switched Data Networks PDNs and it is connected with SGSNs via an IPbased backbone network (Gn interface). When the SGSN and the GGSN are in
different PLMNs, they are interconnected via the Gp interface. The Gp interface uses
the same protocols as the Gn interface. Additional security features are necessary.
The GGSN is the node that is accessed by the PDN due to evaluation of the Packet
Data Protocol PDP address. It contains routing information for PS-attached users.
The routing information is used to tunnel packet data to the MS / UE's current point of
attachment, i.e., the Serving GPRS Support Node SGSN. The GGSN may request
location information from the HLR via the optional Gc interface.
Furthermore, the GGSN is responsible for message screening and it is collecting
charging data. The GGSN forwards the charging data via Charging Gateway
Functionality CGF (Ga interface) to the Billing Center.
The SGSN and GGSN functionalities may be combined in the same physical node, or
they may reside in different physical nodes.
20
Siemens
The UMTS Network
GGSN
Gateway GPRS
Support Node
TS 23.060
Interworking PLMN PDN (Gi)

Storing Routing Information (current SGSN)
Requesting Location Information from HLR
(Gc optional; for MTC)
Routing Packets SGSN (Gn)
Collecting Charging Data & forwarding
to CGF (Ga)
HLR AuC
Gc
SGSN
Gn
IP-based
Backbone
Network
Gp
SGSN
PS
Domain
other
PLMN
SGSN
X.25
GGSN
Gi
IP
Ga
CGF
Billing
System
External
Networks
Fig. 15
21
Siemens
The UMTS
Network
Siemen
The UMTS Network

The Serving GPRS Support Node SGSN is responsible to provide service for all
activated MS / UE in a certain geographical area, the so-called SGSN service area.
The SGSN service area is subdivided into different Routing Area RA (a sub-set of the
Location Area LA). A Routing Area consists of one or several cells.
The SGSN keeps track of the location of an individual MS / UE and stores it location
(the Routing Area). It is responsible for the MS / UE Mobility Management (Location
Updates, Attach, Paging,..). Furthermore, the SGSN performs security functions and
access control.
The SGSN pulls the subscriber profiles via Gr interface from the HLR and stores it as
long as the subscriber has not been registered in another SGSN.
It is signaling with MS / UE and GGSN to set up PDP Contexts to transmit packet
data from MS / UE via RNC, SGSN and GGSN to external PDNs.
It is transmitting SMS via SMS IWF-/G-MSC (Gd interface) to the SM-SC.
It is controlling the QoS to be guaranteed for the subscribers service.
The SGSN also interfaces via the GPRS Service Switching Function gprsSSF with
the GSM Service Control Function gsmSCF for optional CAMEL session and cost
control service support.
The SGSN is connected to the GSM Base Station Subsystem BSS through the Gb
interface and/or to the UMTS Terrestrial Radio Access Network UTRAN through the
Iu interface.
It is interfaced with the MSC/VLR via Gs interface (optional) for Common Mobility
Management. E.g. the SGSN may receive paging requests from the MSC/VLR via
the Gs interface.
To provide Roaming it is connected via Gn / Gp (into other PLMNs) interface to other
SGSNs. The Gp interface provides the functionality of the Gn interface, plus security
functionality required for inter-PLMN communication. The security functionality is
based on mutual agreements between operators.
The SGSN is collecting charging data and transmitting them via Ga interface to the
Charging Gateway Function CGF.
The SGSN and GGSN functionalities may be combined in the same physical node, or
they may reside in different physical nodes.
22
Siemens
The UMTS Network
SGSN
RA
2
LA RA
1
RA
3
Serving GPRS
Support Node
RA
4
RA
6
SGSN area
GSM BSS
Gb
CSE
EIR
CAP
Gs Gr
SGSN
RNC
RA
7
MSC /
VLR
Gs
TS 23.060
BSC
RA
5
Iu(PS)
Serving all UEs in SGSN area =

1 / several Routing Area(s) RA
Storing subscriber profiles
(requested from HLR)
Mobility Management, e.g
Update Location, Attach, Paging,..
Security & Access Control:
Authentication, Cipher start, IMEI Check...
Collecting charging data
SMS-GMSC
SMS-IWMSC
HLR AuC
Gd
Gn
IP-based
Backbone
Network
Gp
SGSN
UTRAN
PS
Domain
other
PLMN
GGSN
Ga
CGF
SGSN
Fig. 16
23
Siemens
The UMTS
Network
Siemen
The UMTS Network
Charging Gateway Functionality CGF

Charging in GSM / UMTS should be flexible and allow to bill according to the amount
of data transferred, the QoS supported, and the duration of the connection. The
GGSNs and SGSNs are collecting the charging data.
The Charging Gateway Functionality CGF provides a mechanism to transfer charging
information from the SGSN and GGSN nodes to the network operator's chosen
Billing Systems BS.
The Charging Gateway concept enables an operator to have just one logical interface
between the CGF and the BS. The CGF may be supported in one of the following
ways:
l
-as a centralized separate Network Element, i.e. the Charging Gateway CG
-as a distributed functionality resident in the SGSNs and GGSNs.
Support of the centralized or distributed CGF in a network is implementation

dependent, and subject to vendor/manufacturer agreement. Regardless of the way in
which the CGF is supported in the network, the functionality of the CGF is similar.
The main functions of the CGF are:
l
-the collection of GPRS Charging Data Records CDRs from the GPRS nodes
generating CDRs;
-intermediate CDR storage buffering;
-the transfer of the CDR data to the Billing Systems BS
The CGF acts as storage buffer for real-time CDR collection. It provides the CDR
data to the BS.
Details of the Charging Gateway Functionality, the principles and transmission of
CDRs and the protocol architecture of the Ga interface are given in TS 32.015.
24
Siemens
The UMTS Network
CGF
Charging Gateway
Functionality
TS 23.060
& 32.015
SGSN
PS
Domain
External
Networks
Gn
Ga
GGSN
Ga
CGF
TS32.015:
TS32.015:
Charging
Charging&&Billing
Billing
for
the
for thePS
PSDomain
Domain
collect CDRs from SGSNs & GGSNs

intermediate CDR storage buffering
CDR data transfer to the BS
Billing
System BS
The CGF can:
GSNs
GSN
CGF
Charging
Gateway
CG
BS
BS
reside in a separate N.E.:

Charging Gateway CG
be integrated
in the GSNs
CDR: Charging Data Record

N.E.: Network Element
Fig. 17
25
Siemens
The UMTS Network
Release `99: UTRAN & UE

UMTS
Network
GSM BSS
BTS
BTS
UE
T
R
A
U
B
S
C
UTRAN
Node B
R
(n x BTS)
N
Node B
C
(n x BTS)
Node B
(n x BTS)
R
N
C
CS Domain
MSC /
VLR
IWF/
TC
CSE
EIR
GMSC
PSTN
ISDN
HLR AuC
X.25
SGSN
PS
Domain
Release `99:
UTRAN & UE
GGSN
CGF
SMS-GMSC
SMS-IWMSC
IP
Billing
System
SM-SC
Fig. 18
26
Siemens
The UMTS
Network
Siemen
The UMTS Network
Radio Network Controller RNC

The UMTS Terrestrial Radio Access Network UTRAN is sub-divided into Radio
Network Subsystems RNS. The Radio Network Controller RNC is the central
controlling unit of a RNS. It is controlling itself and all the Node Bs of the RNS.
The RNC is connected via the following ATM based interfaces:
l
Iub interface: to the connected Node Bs
Iur interface: to neighboring RNCs
Iu interface: to the Core Network CN
Due to different protocol stacks, the Iu interface can be sub-divided into an Iu(ps)
interface and an Iu(cs) interface.
The Iu(ps) interface is used for data and signaling transmission to the PS Domain of
the CN, the Iu(cs) interface is used for data exchange with the CS Domain.
The main task of the RNC is to perform Radio Resource Management RRM for all
UEs in its service area. Therefore, it can be compared to the GSM BSC. Different to
the GSM BSC, it is 100% autonomously responsible for all RRM decisions.
RRM means to be that the RNC is responsible for signaling with the UEs via Radio
Resource Control RRC protocol, it is deciding about the allocation of resources,
Handover to other cells and release of resources,...
The RNC is holding the RRC connection to the UEs as long as data have to be
transmitted.
It is storing the UEs location information to transmit the data to the right location. The
location information can be requested by the CN for Location Based Services.
It is responsible for reliable transmission over the radio interface, performing
Backward Error Correction in acknowledged mode.
It is responsible for Ciphering / De-Ciphering and Integrity Check.
And it is responsible for many more WCDMA specific aspects shown in the following
chapters and TS 25.3xx and 25.4xx series.
27
Siemens
The UMTS Network
RNC
100% autonomously RRM

(e.g. Radio Resource Control, Access Control,
Admission Control, Handover Control,)
Radio Network
Controller
MSC /
VLR
CS
Domain
(De-)Ciphering & BEC (Layer 2 tasks)

storing UEs location information
RNS-Control (RNC & Node Bs)
ATM Switching
(Iu, Iur & Iub: ATM Interfaces)
SGSN
WCDMA specific tasks
IWF/ TC
Iu(CS)
RNS
Radio
Network
Sub
system
Iu(PS)
UTRAN
Iur
RNC
RNC
Radio Network
Controller
Iub
Node
B
PS
Domain
Iub
Node
B
Node
B
Node
B
Uu
UE
Fig. 19
28
Siemens
The UMTS
Siemen
The UMTS Network
Network
Node B
One or more Node B's are controlled and addressed by an RNC. A Node B is a
physical unit for implementation of the UMTS radio interface. It is converting the
physical transmission of the data from fixed network transmission (ATM based) to
WCDMA transmission.
As a central transmission and reception site, it serves one or more UMTS cells. It is
serving one UMTS cell in case of an omni cell with 360 service or, for example, 2, 3
or 6 sector cells with 180, 120 and 60 service respectively.
The Node B is connected:
l
via Iub interface to its controlling RNC
via Uu interface to the UEs
To prepare the data for reliable transmission over the air interface Uu, the Node B
performs many WCDMA specific aspects, which are shown in the following chapters
and in the TS 25.3xx and 25.4xx series.
Support of 1or several cells

WCDMA Transmission
Node B
RNS
Radio
Network
Sub
system
RNC
ATM Termination
Forward Error Correction FEC
Radio Interface Measurements
(Quality & Strength)
U
T
R
A
N
RNC
Radio Network
Controller
Iub
Node
B
Node
B
Node
B
Node
B
Uu
UE
Sector-Cell
Omni-Cell
Node
B
Sector-Cell
Node
B
Sector-Cell
Fig. 20
29
Siemens
The UMTS
Siemen
The UMTS Network
Network
User Equipment UE
The User Equipment UE is responsible for similar functions as the GSM Mobiles
Station MS, i.e. it is a device allowing a user access to network services.
It consists of the:
l
Mobile Equipment ME, which means to be the Hardware and Software for
WCDMA air interface transmission. The ME is identified by an International Mobile
Equipment Identity IMEI.
UMTS Subscriber Identity Module USIM, which contains data and procedures,
which unambiguously and securely identify itself. These functions are typically
embedded in a stand-alone smart card. This device is associated to a given user
(subscriber license), and as such allows to identify this user regardless of the ME
he uses. The USIM stores the personal identities (e.g. IMSI, MSISDN, PIN),
security algorithm (for e.g. Ciphering, Authentication), the personal phone book,
the USIM Application Toolkit USAT (TS 22.038, 31.111) and many more
information.
The basic functions of the UE are given in the TS TS 23.101. More detailed
descriptions are given in the TS 31 series.
UE
User Equipment
TS 23.101 &
31series
MSC/VLR
Node
B
RNC
SGSN
Uu
UE = ME + USIM
USIM
UMTS Subscriber
Identity Module
ME
Mobile Equipment
HW & SW for WCDMA

Radio Transmission
Man-Maschine-Interface MMI
Subscriber license
Personal Identities
(e.g.MSISDN, IMSI, TMSI, PIN,...)
Security Algorithm & Keys

(for Authentication, Ciphering,..)
Personal phone book

USIM Application Toolkit
USAT
TS 31.1xx
series
Fig. 21
30
Siemens
The UMTS
Network
Siemen
The UMTS Network
UMTS Network Summary (Release `99)

The UMTS PLMN consists of an UMTS Terrestrial Radio Access Network UTRAN,
The User Equipments UE and an enhanced GSM Phase 2+ Core Network CN.
The Core Network consists of a Circuit Switched CS Domain for speech, video
telephony and real-time data transfer, a Packet Switched PS Domain for Non realtime data transfer and Entities common to the CS & PS Domain.
The CS Domain of the UMTS CN consists of the following functions:
l
MSC: Mobile Services switching Center
GMSC: Gateway MSC
SMS-IW-/G-MSC: Short Message Services Interworking-/Gateway-MSC
TC/IWF: Transcoding & Interworking function
The PS Domain of the UMTS CN consists of the following functions:

l
GGSN: Gateway GPRS Support Node
SGSN: Serving GPRS Support Node
Entities common to the CS & PS Domain:

l
AuC: Authentication Center
The UTRAN consists of the following functions:

l
RNC: Radio Network Controller
Node B
The UE consists of the following functions

l
ME: Mobile Equipment
USIM: UMTS Subscriber Identity Module
Remark: This list of UMTS functions is not complete. Only the "most important"
functions are shown. A detailed overview is given in TS 23.002.
31
Siemens
The UMTS Network
UMTS Network
Summary
(Rel. `99)
GSM BSS
BTS
Abis
Um
Uu
UE
BTS
T
R
A
U
B
S
C
Iur
(n x BTS)
R
N
C
MSC /
VLR
IWF/
TC
CAP
Gb
UTRAN
Node B
R
(n x BTS)
Iub N
Node B
C
(n x BTS)
Node B
CS Domain
Iu(CS)
CAP
Iu(PS)
EIR
Gf
SGSN
PS
Domain
HLR AuC
Gr
Gn
X.25
Gc
GGSN
Ga
Gd
ISDN
C/D
CSE
GMSC
PSTN
Gi
CGF
SMS-GMSC
SMS-IWMSC
IP
Billing
System
SM-SC
Fig. 22
32
Siemens
The UMTS Network
Further Evolution: Release 4 & 5
PSTN /
ISDN
UMTS
Network
Intra- /
Internet
UMTS CN
GERAN
Co-existence of
GSM & UMTS
network elements
Further Evolution
Release 4 & 5
UTRAN
GERAN: GSM/EDGE Radio Access Network
Fig. 23
33
Siemens
The UMTS
Network
Siemen
The UMTS Network
3G modularity and further options

In 3G networks, the functions of the Core Network CN and the Radio Access Network
RAN will be strictly separated. This separation will allow modularity in the
composition of networks. The objective is to be able to combine any 3G CN with any
3G RAN. In addition, technical enhancements and upgrades of individual modules
will be able to be introduced more easily, quicker and at less expensively due to the
separation of functions.
Core Network CN options
In the initial phase of 3G, the different RANs are based on two different CN platforms:
These are the GSM CN platform and the IS-41 platform. The different protocol
architecture has been harmonized to enable the demanded modularity.
l
The IS-41 CN has been used recently as platform for AMPS, D-AMPS and IS-95.
The GSM CN has been used for the GSM BSS only.
Pure IP CN solutions have been developed by the 3G.IP Forum / IETF. These
ideas are incorporated now in UMTS Release 4 and 5 as additional CN options for
enhanced 3G networks.
Radio Access Network RAN options

Different options for 3G RAN's have been developed and will be developed in 3G
respectively for enhanced 3.5G networks.
l
EDGE Classic / Compact is the 3G enhancements for GSM and D-AMPS
UMTS includes the UTRA FDD and TDD mode, respectively from Release 4 on,
two TDD modes (one with a High Chip Rate HCR and one with a Low Chip Rate
LCR).
MC-CMDA is used as IS-95 successor
Different 3G proposals for MSS's
3.5G enhancements of 3G systems toward higher data rates might be Wireless

Local Loop WLL or Mobile Broadband Systems MBS
34
Siemens
The UMTS Network
3G modularity
& future options
3G RAN
EDGE
3G
Core
Network
UTRA TDD HCR
Iu
UTRA TDD LCR
UTRA FDD
e.g.
enhanced
GSM / IS-41,
or
R`4, R`5
UMTS CN
MC- CDMA
3G-MSS
strict separation
CN - RAN tasks
flexibility in 3G
Hiperlan-2,
MBS,..
Fig. 24
35
Siemens
The UMTS
Network
Siemen
The UMTS Network
UMTS Release 4 CN
The UMTS CN CS domain is a central aspect of Release 4 modifications (TS
23.002). The intention of these modifications is a separation of the call control from
the transport user the user data.
In UMTS Release 4, the (G)MSC/VLR functions split into two different entities:
l
MSC Server: The MSC Server is responsible for e.g. Call Control CC and Mobility
Management MM. It stores temporarily the subscribers data and takes over the
"VLR functionality". It is interfacing and translating the user-network signaling (TS
24.008) and the network-network signaling and it is controlling one/several
MGW(s) via Mc interface. Furthermore, it is collecting charging data (Call Data
Records CDRs). As Gateway MSC Server, it is responsible for HLR interrogation.
Media Gateway MGW: The MGW is responsible for bearer control and
transmission resource management (e.g. QoS guarantee). It is responsible for the
conversion of the data formats from CN internal, i.e. Nb interface (IP, ATM,) to
either Iu interface (ATM based) or external CS ISDN/PSTN networks. Additionally,
the TC function is allocated to the MGWs interfacing Iu.
New Interfaces
l
Nc: between MSC Server and (G)MSC Server for Bearer-Independent Call Control
BICC.
Mc: between CS-MGW and (G)MSC Server to separate between call control and
bearer control. The ITU standard H.248 respectively its IETF standard equivalent
Media Gateway Control MEGACO is used on Mc.
Nb: between MGWs. Different options are possible on Nb for user data transfer
and bearer control signaling (e.g. ATM, IP).
36
Siemens
The UMTS Network
UMTS CN R`4
CS Domain
Applications and Services

CAP
CAP
MSC
Server
Iu
(G-)MSC Server:
Call Control
Level
HLR
PS
PSDomain
Domain
unchanged
unchanged
compared
comparedto
toR`99
R`99
R`4
TS 23.002
GMSC
Server
Nc (e.g. BICC)
Mc
Call Control
Mobility Management
MGW Control
VLR functionality
CDRs
(HLR-Interrogation)
Mc (H.248/MEGACO)
Bearer Level
GERAN
A
UTRAN
Iu
CSMGW
Nb (e.g. ATM, IP)
CSMGW
PSTN/
ISDN
MGW:
Bearer Control
CDR: Call Data Records
BICC: Bearer Independent Call Control
MGW: Media Gateway
Transmission Resource Management

Data Format Conversion
Transcoding
MEGACO: IETF Media Gateway Control protocol

H.248: ITU protocol for Media Gateway Control
Fig. 25
37
Siemens
The UMTS
Network
Siemen
The UMTS Network
UMTS Release 5 CN
In Release 5, it should be possible to transmit all data only via one PS domain (the
so-called "All IP CN"). This PS domain can be split up logically into the GPRS CN
with its well known network elements and an IP Multimedia Subsystem IMS, which is
added to the GPRS CN like an external PDN (i.e. via Gi interface). Currently (late
2001) not all Release 5 network elements and functions are defined precisely.
For downward-compatibility reasons to GSM and UMTS Rel. `99 and Rel. `4 it might
be necessary, to support additionally a CS domain.
Here some central Release 5 aspects / functions:
l
Home Subscriber Server HSS: The HSS is used for mobility related aspects,
very similar to the "classical" HLR (storing subscription and routing information).
Media Gateway MGW: The MGW ensures interoperability and interworking

between an All IP CN and the external fixed CS networks PSTN or ISDN. The
MGW enables conversion from CS data transmission, e.g. voice transmission, to
PS data transmission, e.g. Voice over IP VoIP. Echo cancellation and Transcoding
functionality will take place in the MGW. The MGWs are connected via Gi interface
towards the GGSNs.
Media Gateway Control Function MGCF: The MGCF are used e.g. for MGW
control, Call Control and Signaling Protocol Conversion from external SS7 to
internal Session Initiation Protocol SIP.
Call State Control Function CSCF: The CSCF are responsible e.g. for Session
Flow Handling and Application Coordination. They are interfacing the IN /
Application Server/ IN and they are responsible to collect charging data (Charging
Data Records CDRs).
This description of Release 5 is regarded as a very first overview, giving an idea on

the future UMTS options. It is not complete and needs to be extended in additional
courses.
38
Siemens
The UMTS Network
CSCF:
UMTS CN R`5
IMS & PS Domain
Intelligent & Application Servers

CSE
WAP
Session Flow Handling

Application Coordination
interfaces IN/Application
Servers
CDR`s
HSS:
similar HLR
UTRAN
Uu
UE
(USIM)
Node
B
CSCF
HSS
R
Iub
Node
B
R
N
C
MGW
ISDN
IP R
Backbone
R
Iur Iu
SGSN
R
Node
N
B
Iub C
R
GGSN Gi
other
PLMN
IP
X.25
MGCF:
MGW control
HSS: Home Subscriber Server

MGW: Media Gateway
MGCF: Media Gateway Control Function
SIP: Session Initiation Protocol
PSTN
MGCF
Call Control
Signalling Protocol
Conversion (SS7 to SIP)
R`5
TS 23.002
IMS: IP Multimedia Subsystem
CSCF: Call State Control Function
R: IP Router/Switch
Fig. 26
39
Chapter 4
Security Features
Security Features
Siemens
Security Features
Contents
1
2
3
4
5
6
7
Overview
IMEI Check
(P-)TMSI Allocation
Authentication
Ciphering & Integrity Check
Exercise
Solution
23
79
11195
1521
2735
3747
4153
Siemens
Security Features
Overview
UMTS Security Features
I) Network Access Security:
provide users with secure access to 3G services &
protect against attacks on the radio access link
TS
TS33.102:
33.102:
Security
Security
Architecture
Architecture
II) Network Domain Security:

enables secure signaling data exchange &
protects against attacks on the wireline network
II)
I)
I)
ME
I)
III)
III) User Domain
Security:
secures access to MS
(e.g. PIN)
USIM
I)
I)
AN
SN
HE
Access
Network
Serving
Network
Home
Environment
IV) Application Domain Security:

enables applications in the user & provider domain to
securely exchange messages (e.g. USIM ATK messages)
IV)
Overview
*also: User Services Identity Module
Fig. 1
Siemens
Security
Features
Siemen
Security Features
UMTS Security Features: Overview

Five security feature groups are defined in UMTS (TS 21.133, 33.102, 31.120). Each
of these feature groups meets certain threats and accomplishes certain security
objectives:
I) Network Access Security
The network access security features, which are defined more precisely in the
following chapter, provide users with secure access to UMTS services. Additionally,
some of them protect the user and the network against attacks on the radio access
link. Currently, User Identity Confidentiality (P-TMSI, TMSI Allocation), Entity
Authentication (User / Network Authentication), Confidentiality (Ciphering), Data
Integrity and Mobile Equipment Identification (IMEI Check) are defined as Network
Access Security features.
II) Network Domain Security:
The network domain security features will be defined in future to enable nodes in the
provider domain to securely exchange signaling data and protect against attacks on
the wire-line network.
III) User Domain Security:
The user domain security features have been defined to enable secure access to the
user equipment UE. Currently User-to-USIM Authentication (e.g. PIN; see TS 31.101)
and USIM-Terminal Link security (restricting an ME to an authorized USIM by sharing
a secret; see TS 22.022) are defined.
IV) Visibility and Configurability of Security:
The visibility & configurability of security features have been defined to enable the
user to inform him whether a security feature is in operation. Additionally, the user
should be able to decide whether the use and provision of services should depend on
the security feature. Examples for visibility are the indication of access network
encryption and the indication of the level of security (e.g. 3G or 2G network).
Examples for configurability are enabling/disabling User-USIM authentication,
accepting/rejecting incoming non-ciphered calls, setting-up or not setting-up nonciphered calls, accepting/rejecting the use of certain ciphering algorithm.
Siemens
Security Features
Network Access Security Features

IMEI Check
(P-)TMSI Allocation
Authentication
Ciphering
providing users with

secure access
to 3G services &
protect against
attacks on the
radio access link
Data Integrity Check
TS
TS21.133:
21.133:
Security
SecurityThreats
Threats&&Requirements
Requirements
TS
TS33.102
33.102
Security
SecurityArchitecture
Architecture
TS
TS33.120
33.120
Security
SecurityPrinciples
Principles&& Objectives
Objectives
Fig. 2
Siemens
Security
Features
Siemen
Security Features
Network Access Security Features

Similar to GSM, the UMTS system provides some mechanism to guarantee the
network access security. Some features are still the same as in GSM, others have
been enhanced, and also two new aspects have been additionally defined. The
following network access security features have been defined in Rel. 99:
IMEI Check: To prevent the usage of stolen or not allowed mobile equipment, the
mobile equipment identification can be checked by the network. This feature remains
the same as in GSM.
P-TMSI / TMSI Allocation: To guarantee the user identity confidentiality respectively
the user location confidentiality the permanent user identity IMSI is normally not
transmitted over the radio interface. The user is normally identified by the temporary
identity TMSI / P-TMSI, by which he is known in the serving network. This feature
remains the same as in GSM.
Authentication: In UMTS authentication is extended compared to GSM. Additionally
to the User Authentication a Network Authentication is introduced. User
Authentication is the property that the Serving Network SN checks the real identity of
the user, preventing non-authorized access to the network. Network Authentication is
a check whether the connected SN is really authorized by the users Home PLMN to
provide him services. This includes the guarantee that this authorization is recent.
Ciphering: Ciphering prevents eavesdropping of user data and signaling over the
radio interface. UMTS ciphering has been enhanced compared to GSM/GPRS.
Data Integrity Check: The Data Integrity Check has been introduced as a new
security feature in UMTS. It provides security against unauthorized modification of
signaling data respectively the change of data origin.
As in GSM/GPRS, user (temporary) identification, authentication and key agreement
will take place independently in the PS and CS domain. User traffic will be ciphered
using the cipher key agreed for the corresponding service domain. Control data will
be ciphered and integrity protected using the cipher and integrity keys form either one
of the service domains.
The Serving RNC has distribution functionality for the PS and CS domain. Two Iu
signaling connections exist, but only one RRC connection.
Siemens
Security Features
Network Access
Security Features
CS Domain
TMSI / P-TMSI Allocation

- allocated by VLR / SGSN instead of IMSI
- protects user identity & location confidentiality
Authentication
MSC/
VLR
- User Authentication:
network checks real PSTN

user identity;
prevents misuse / misappropriation
GMSC
of network resources / services
ISDN
- Network Authentication:
UE checks network authorisation

to provide service
IMEI Check
prevents usage of
stolen / not allowed ME
Node B
UE
=
ME
+
USIM
EIR
R
N
C
Ciphering
prevents eavesdropping of
user data / signaling on Uu
SGSN
PS Domain
HLR AuC
GGSN
IP
X.25
provides security against unauthorised

modification of signaling data /
change of data origin
Fig. 3
Siemens
Security Features
IMEI Check
IMEI Check
EIR:
white / gray / black list
ME
ME
stolen
TS
TS23.002,
23.002,
23.003,
23.003,23.060,
23.060,
24.008,
24.008,29.002
29.002
ME
not
allowed
IMEI Check
Fig. 4
Siemens
Security
Features
Siemen
Security Features
IMEI Check
The IMEI Check is an optional feature, which can be used to prevent the usage of
stolen or not allowed mobile equipment. This feature remains the same as in GSM.
The International Mobile Equipment Identity IMEI identifies uniquely a Mobile
Equipment ME. Two versions of IMEI are defined (TS 23.003):
IMEI: The IMEI is composed of a Type Approval Code TAC (6 digits), a Final
Assembly Code FAC (2 digits) to identifies the place of manufacture/final assembly, a
Serial Number SNR (6 digits) as individual serial number uniquely identifying each
equipment within each TAC and FAC and a Spare digit (1 digit) being zero, when
transmitted by the MS / UE.
IMEISV (IMEI & Software Version number): The IMEISV is composed of the Type
Approval Code TAC, Final Assembly Code FAC, Serial Number SNR and a Software
Version Number SVN (2 digits), which identifies the ME software version number.
The security requirements of the IMEI are defined in 3GPP TS 22.016.
The IMEI should be surely stored in the ME. In certain cases, the Serving Network
SN may request the UE to send it the IMEI. This shall be done only after
authentication. In the case of emergency calls, no IMEI check should be performed.
The Equipment Identity Register EIR (TS 23.002) is responsible for storing the
IMEIs in the network. The ME is classified as "white listed", "gray listed", "black listed"
or it may be unknown as specified in TS 22.016 and TS 29.002.
The white list is composed of all number series of equipment identities that are
permitted for use. The black list contains all equipment identities that belong to
equipment that need to be barred. Besides the black and white list, administrations
have the possibility to use a gray list. Equipment on the gray list are not barred, but
are tracked by the network (for evaluation or other purposes).
An EIR shall as a minimum contain a "white list".
Siemens
Security Features
IMEI Check
IMEI Check
EIR:
(optional)
white / gray / black list
ME
EIR:
EIR:
TS
TS23.002
23.002
not in case of
emergency calls
IMEI: International Mobile station Equipment Identity
IMEI(SV):
IMEI(SV):
TS
TS23.003
23.003
TAC
FAC
SNR
Type Approval Code
Final Assembly Code
Serial Number
6 digits = 24 Bit
2 digits = 8 Bit
6 digits = 24 Bit
Spare
1 digit = 4 Bit
IMEISV: IMEI & Software Version number

TAC
FAC
SNR
Type Approval Code
Final Assembly Code
Serial Number
6 digits = 24 Bit
2 digits = 8 Bit
6 digits = 24 Bit
SVN
2 digit = 8 Bit
SVN: Software Version Number
Fig. 5
Siemens
Security
Siemen
Security Features
Features
IMEI Check Procedure

The IMEI(SV) shall only be send after authentication (TS 33.102).
It shall be possible to perform the IMEI check at any access attempt, except IMSI
detach, and during an established call at any time when a dedicated radio resource is
available, in accordance with the security policy of the PLMN operator (TS 22.016).
The network shall terminate any access attempt or ongoing call when receiving any
of the answers "black-listed" (i.e., on the black list) or "unknown" equipment (i.e. not
on the white list) from the EIR. An indication of "illegal ME" shall in these cases be
given to the user. Furthermore this is equivalent to an authentication failure hence
any call establishment or any location updating is forbidden for the MS / UE, it cannot
answer to paging, it is just allowed to perform Emergency Calls.
Emergency calls must never be terminated as a result of the IMEI check procedure.
The procedures to check the IMEI are described in TS 23.060 and TS 29.002.
IMEI Check
Authentication
TS
TS33.102
33.102
IMEI
IMEICheck
Check
2) Identity Request
optional
optional
after
afterauthentication
authentication
totobe
beperformed
performedatatany
anyaccess
accessattempt
attempt
&&during
duringestablished
establishedcalls
callsatatany
anytime
time
not
in
case
of
emergency
calls
not in case of emergency calls
not
at
IMSI
Detach
not at IMSI Detach
1) Identity Request
[Identity Type]
3) Identity Response
[IMEI/IMEISV]
4) Identity Response
5) Check IMEI
[IMEI/IMEISV]
6) Check IMEI Ack.

[status: white/gray/black]
Decision:
Continue / Block
UE
SRNC
VLR
SGSN
TS
TS29.002
29.002
EIR
Fig. 6
10
Siemens
Security Features
(P-)TMSI Allocation
MSC/VLR
TMSI
ME
P-TMS
IMSI?
Mr. / Ms. XY!
SGSN
TS
TS23.002,
23.002,
23.003,
23.003,23.060,
23.060,
24.008,
24.008,29.002
29.002
(P-)TMSI Allocation
Fig. 7
11
Siemens Features
Security
Security Features
Siemen
(P-)TMSI Allocation
A unique International Mobile Subscriber Identity IMSI shall be allocated to each
mobile subscriber in the GSM system.
To achieve user identity confidentiality and user location confidentiality, the user is
normally identified by a temporary identity (Temporary Mobile Subscriber Identity
TMSI or Packet-TMSI) by which he is known by the Serving Network SN. To avoid
user traceability, which may lead to compromise of user identity confidentiality, the
user should not be identified for a long period by means of the same (P-) TMSI (TS
33.102). (P-)TMSI should be used at any Location Update Request, Service Request,
Detach Request, connection re-establishment request, etc.
A (P-)TMSI has local significance only in the LAI or RAI in which to user is registered.
Outside that area it should be accompanied by an appropriate LAII or RAI in order
avoid ambiguities. The association between IMSI and TMSI / P-TMSI is kept by the
VLR / SGSN in which the user is registered.
IMSI structure
The IMSI is composed of three parts: Mobile Country Code MCC, Mobile Network
Code MNC and Mobile Subscriber Identity Code MSIN. The MCC (3 digits; CCITT
administered) identifies uniquely the country of the mobile subscriber. The MNC (2
digits) identifies the Home PLMN of the mobile subscriber. The MSIN identifies the
mobile subscriber within a GSM PLMN. The IMSI shall consist of numerical
characters (O through 9) only. The overall number of digits in IMSI shall not exceed
15 digits.
(P-)TMSI structure
Since the (P-)TMSI has only local significance (i.e. within a VLR/SGSN area), the
structure and coding of it can be chosen by agreement between operator and
manufacturer in order to meet local needs. The P-TMSI / TMSI consists of 3 / 4
octets. It can be coded using a full hexadecimal representation.
12
Siemens
Security Features
Subscriber Identity
TMSI
TMSI/ /P-TMSI
P-TMSI
IMSI
(15 digits)
MCC
MNC
MSIN
3 digits
2 digits
10 digits
protect
protectuser
useridentity
identityconfidentiality
confidentiality
normally
normallyused
usedinincase
caseofofunciphered
unciphered
user id. transmission
user id. transmission
allocated
by
VLR/SGSN
allocated by VLR/SGSN
local significance only in the LA/RA
local significance only in the LA/RA
where
wherethe
theuser
userisisregistered
registered
accompanied by LAI/RAI
accompanied by LAI/RAI
structure:
operator-dependent
structure: operator-dependent
Re-allocation
Re-allocationas
asoften
oftenas
aspossible
possible
(only
(onlyciphered
ciphered&&ininconjunction
conjunction
with
other
procedures)
with other procedures)
TS
TS33.102
33.102
TS
TS23.003
23.003
Packet-TMSI
3 bytes
TMSI
4 bytes
UE
SGSN
VLR
MCC: Mobile Country Code
MNC: Mobile Network Code
MSIN: Mobile Subscriber
Identification Number
Fig. 8
13
Siemens
Security
Siemen
Security Features
Features
(P-)TMSI Usage & Re-Allocation

The (P-)TMSI, when available, is normally used to identify the user on the radio
access path, for instance in paging request, Location Area / Routing Area LA / RA
Update Requests, Attach / Detach requests, Service Requests, Connection Reestablishment Requests,...
If the user cannot be identified by means of a (P-)TMSI, he is requested to identify
himself by his permanent identity IMSI (User Identity Request / Response).
(P-)TMSI Re-Allocation ((P-)TMSI Allocation Command / Complete) is performed to
allocate a new TMSI/LAI respectively P-TMSI/RAI pair to a user by which he may
subsequently be identified on the radio access link. It should be performed after
initiation of ciphering. The Re-Allocation is initiated by the VLR / SGSN.
The procedures P-(TMSI) usage & re-allocation procedures and mechanism are
described e.g. in TS 23.060 and TS 31.102.
Examples of (P-)TMSI Usage / Re-Allocation
TS
TS33.102
33.102
Paging
Paging
Paging
[(IMSI) / (P-)TMSI, Paging Cause]
Initial Direct Transfer
NAS Signaling
Connection
Establishment*
Initial UE Message
[Establ. Cause*; old RAI/LAI & (P-)TMSI]
User Identity Request
User Identity Request

User Identity Response
User Identity Response
[IMSI]
[IMSI]
Identification
by (P-)TMSI
not possible
Authentication & Cipher Start

(P-)TMSI Allocation Command
(P-)TMSI Allocation Command

[(P-)TMSI + LAI/RAI]
(P-)TMSI Allocation Complete
UE
*e.g. LUP, RUP, Attach,

Detach, Service Request
(P-)TMSI Allocation Complete
SRNC
TS
TS23.060
23.060
(P-)TMSI
Re-Allocation
VLR
SGSN
NAS: Non-Access Stratum
Fig. 9
14
Siemens
Security Features
Authentication
UMTS
Authentication:
chosen to achieve
maximum compatibility
with GSM security
architecture
AuC
USIM
ME
AN
SN
HE
Access
Network
Serving
Network
Home
Environment
enhanced
mechanism
& keys
TS
TS33.102
33.102
Authentication
Fig. 10
15
Siemens
Security
Siemen
Security Features
Features
Authentication
In UMTS different to GSM both sides of the radio transmission check the correct
identity of their counterpart. Not only the user identity is checked by the Serving
Network SN. Additionally, the authorization of the SN to provide services is checked
by the UE. Both, user and network authentication should occur at each connection
set-up (TS 33.102).
So the objective of the Authentication process is to enable User Authentication
similar to the GSM Authentication and additionally Network Authentication.
Furthermore, the Authentication process provides the keys for Ciphering and
Integrity Check to the User Equipment UE.
The authentication process should occur at each connection set-up between the user
and the network.
It has been chosen in such a way to achieve maximum compatibility with the GSM
security architecture and facilitate migration from GSM to UMTS.
Nevertheless, the security mechanism and keys for authentication have been
enhanced significantly.
User Authentication:
User identity alright?
Authentication
Basics
shouldoccur
occuratateach
each
should
connectionset-up
set-up
connection
AuC
USIM
New!
User&&Network
Network
User
Authentication
Authentication
AN
SN
HE
Access
Network
Serving
Network
Home
Environment
Providing Keys for:

Network Authentication:
Ciphering
Signaling Data Integrity
SN authorised by HE
to provide me services?
Fig. 11
16
Siemens
Security
Features
Siemen
Security Features
Authentication Basic Principle

For Authentication, Ciphering and Integrity Check a secret Key K is the pre-requisite.
This secret Key K is shared between and available only to the USIM and the AuC in
the users Home PLMN (TS 33.102). The function of K is similar to the GSM
individual Key Ki, but it is of enhanced length (K: 128 bit; Ki: 64 bit).
Additionally, several different operator-dependent functions are necessary in the
HPLMNs AuC and in the USIM to generate the so-called Authentication Vector AV,
which is necessary for Authentication, Ciphering and Integrity Check. AV is often also
denoted as Quintet, in analogy to the GSM Authentication Triples.
Authentication is performed independently in the CS or PS domain.
If no Authentication Vectors correlated to the user are stored in the serving
VLR/SGSN, VLR/SGSN are initiating the Authentication process with an
Authentication Data Request via the HLR of the users HPLMN to the AuC. The
Authentication Data Request shall include the IMSI. On basis of this order, the AuC
generates a set of n Authentication Vectors AVs. This AVs are send back in an
Authentication Data Response from Auc via HLR to the VLR/SGSN.
The VLR/SGSN stores the Authentication Vectors AVs and continues the
Authentication sending some Authentication parameter to the USIM (Authentication
Request). The UE stores the parameter, calculates keys for ciphering and integrity
check and performs the network authentication. If the network authentication is
successfully completed the UE answers with Authentication Response to the
VLR/SGSN request, delivering a parameter for user authentication. VLR/SGSN
perform user authentication.
If user authentication is successful, VLR/SGSN continue with connection set-up.
If users AVs are already stored in the VLR/SGSN, Authentication Data Request
and Authentication Data Response are not necessary in the Authentication process.
17
Siemens
Security Features
Basic Principles
secret Key
128 bit length
IMSI K;
f1...f5
Authentication
Data Request [IMSI]
Authentication
Data Response
[AV(1..n)]
USIM
AuC
HLR
VLR / SGSN
[Authentication Parameter]
Network
Authentication Authentication Response
Visited PLMN
Authentication Vector
/ Quintet
User
Authentication
Home PLMN
K: secret Key
SQN: Sequence Number
f1...f5: message authentication /
key generating Functions
Fig. 12
18
Siemens
Security
Features
Siemen
Security Features
Authentication Vector AV
Each Authentication Vector consists of the following components (TS 33.102):
l
a Random Number RAND, which is randomly generated, i.e. non-predictable. Its

length is 128 bit.
an Expected Response XRES, which is used for User Authentication. It shall

have a flexible length of 32 128 bit.
a Cipher Key CK, which is necessary for Ciphering. It shall have a fixed length of
128 bit.
an Integrity Key IK, which is used for Signaling Data Integrity Check. Its length is
128 bit.
an Authentication Token AUTN, which is used for Network Authentication. AUTN

consists of three different parts, described later on. Its total length is 128 bit.
A set of n Authentication Vectors AVs is send on VLR/SGSN request from HLR/AuC

to VLR/SGSN. The AVs are stored in the VLR/SGSN. Each AV is good for one
authentication and key agreement (for ciphering & integrity check) between the
VLR/SGSN and the USIM.
When the VLR/SGSN initiates an Authentication and key agreement, it selects the
next AV and sends the parameters RAND and AUTN to the UE. The USIM checks
whether AUTN can be accepted (Network Authentication) and computes a
Response RES. RES is send back to the VLR/SGSN. The VLR/SGSN compare the
received RES with the AV parameter XRES (User Authentication). If they are equal,
User Authentication is successfully completed.
19
Siemens
Security Features
Authentication Vector AV
randomly generated,
i.e. non-predictable
Used for user

authentication
Used for data

encryption
Used for
integrity check
consisting of 3 parts
Used for network
authentication
RAND
XRES
CK
IK
AUTN
Random Number
128 bit
Expected Response
32 - 128 bit
Cipher Key
128 bit
Integrity Key
128 bit
Authentication Token
48 + 16 + 64 bit
VLR / SGSN
USIM
generate RES(i) =
f2(RAND(i),K)
AUTN(i) for
(store AV(1..n))
[RAND(i), AUTN(i)]
Authentication Response
[RES(i)]
Network Authentication
User Authentication:
Compare
XRES(i) & RES(i)
RES: Response
Fig. 13
20
Siemens
Security
Features
Siemen
Security Features
Generation of Authentication Vectors AVs

After receiving the Authentication Data Request from the VLR/SGSN, the AuC
generates new Avs (TS 33.102). Every AV consists of the following five parameters:
Random Number RAND, Expected Response RES, Cipher Key CK, Integrity Key IK
and Authentication Token AUTN.
Random Number RAND: The AuC starts with generating a fresh sequence number
SQN and an unpredictable challenge RAND.
Expected Response XRES: The secret Key K, RAND and f2 are necessary to
compute XRES. XRES = f2(K,RAND); f2 is a (possibly truncated) message
authentication function. XRES is used for User Authentication.
Cipher Key CK: K, RAND and f3 are used to compute CK. CK = f3(K,RAND); f3 is a
key generating function. CK is used for Ciphering.
Integrity Key IK: K, RAND and f4 are used to compute IK. IK = f4(K,RAND); f4 is a
key generating function. IK is used for Signaling Data Integrity Check.
Authentication Token AUTN: K, RAND, SQN, AMF and f5 are necessary to
compute AUTN. AUTN consists of three parts: AUTN = SQN * AK || AMF || MAC.
The first part of AUTN is calculated by an exclusive or (XOR) connection of the
Sequence Number SQN and the Anonymity Key AK. AK = f5(K,RAND); f5 is a key
generating function or f5 = 0. AK is used to conceal SQN as the latter may expose
the identity and location of the user. The concealment of SQN is to protect against
passive attacks only. If no concealment is needed then f5 = 0 (AK = 0).
The second part of AUTN is the Authentication and key Management Field AMF.
AMF is part of the users database in the AuC. Operator-dependent, different f1..f5
algorithm may be defined. AMF may be used to indicate the algorithm and key used
to generate a particular authentication vector.
The third part of AUTN is the Message Authentication Code MAC. MAC =
f1(K,SQN,RAND,AMF); f1 is a message authentication function.
21
Siemens
Security Features
AV Generation
AuC
Database
SQN Generator
RAND Generator
(IMSI;K)
AMF
SQN
Sequence Number
Authentication &
key Management
Field
f2
f1
MAC
Message Authentication
Code
Network Authentication
AV =
AMF
XRES
Expected Response
User
Authentication
RAND
Random number
selection of f1-5 version

different f1-5 versions possible
(operator-dependent)
XRES
Expected Response
RAND
secret Key
Random Number
f3
f5
f4
CK
IK
AK
Cipher Key
Ciphering
Integrity Key
Ciphering
Anonymity Key
SQN Anonymity
CK
Cipher Key
IK
Integrity Key
AUTN
Authentication Token
SQN AK AMF
48 bit
16 bit
MAC
64 bit
Fig. 14
22
Siemens
Security
Features
Siemen
Security Features
Authentication in the USIM

With the Authentication Request message, the authentication parameter RAND and
AUTN are transmitted from the VLR/SGSN to the USIM. The purpose of this
procedure is to authenticate user & network and to establish a new pair of cipher and
integrity keys CK & IK between the VLR/SGSN and the USIM.
Upon receipt of RAND and AUTN the USIM first computes the Anonymity Key AK =
f5(K,RAND) and retrieves the Sequence Number SQN. SQN = (SQN XOR AK) XOR
AK.
Second, the USIM calculates the Expected Message Authentication Code XMAC.
XMAC = f1(K,SQN,RAND,AMF). For network authentication, XMAC is compared with
MAC (included in AUTN). If they are different, the USIM sends back the
Authentication Reject message to the VLR/SGSN and abandons the connection
set-up. Authentication Reject includes an indication of the cause for the rejection. In
the case of Authentication Reject, the VLR/SGSN shall initiate an Authentication
Failure Report procedure towards the HLR.
If the network authentication is all right, the USIM verifies that the received SQN is in
the correct range.
If the USIM considers SQN to be not in the correct range, it sends Synchronization
Failure back to the VLR/SGSN including the appropriate parameter, and abandons
the connection set-up.
If SQN is in the correct range, the USIM computes RES. RES = f2(K,RAND).
Furthermore, the USIM calculates the Cipher Key CK = f3(K,RAND) and the Integrity
Key IK = f4(K,RAND). CK and IK are stored in the USIM for the following ciphering of
user data and integrity check of signaling data.
Finally, RES is included in the Authentication Response message and sends back
from the USIM to the VLR/SGSN. The VLR/SGSN needs the RES for User
Authentication. If RES = XRES from the selected AV, the authentication of the user
has been successful. If they are different, the VLR/SGSN shall initiate an
Authentication Failure Report procedure towards the HLR.
23
Siemens
Security Features
Authentication in the USIM

USIM
[RAND(i), AUTN(i)]
Generate:
RES
XMAC
CK
IK
(stores AV(1..n))
[RES(i)]
or Authentication Reject
[XMAC MAC]
RAND
VLR / SGSN
f5
Compare:
XRES(i) = RES(i) ?
User Authentication
SQN AK AMF
MAC
AUTN
AK
SQN
AMF:
Authentication &
key Management
Field
f4
f3
f2
f1
IK
CK
RES
XMAC
Integrity
Check
Ciphering
to network
User
Authentication
XMAC = MAC ?
Network
Authentication
XMAC:
Expected Message
Authentication Code
AK: Anonymity Key
Fig. 15
24
Siemens
Security
Features
Security Features
Siemen
Synchronization Failure
At the beginning of the Authentication process, the AuC generates the Sequence
Number SQN. SQN shall have a length of 48 bit. The structure & content of SQN is
operator-dependent. SQN may contain information used to restrict the Authentication
Vector AV validity time or to verify the Serving Network SN Identity.
SQN, being a part of AUTN, is transmitted via VLR/SGSN (Authentication Data
Response) to the USIM (Authentication Request).
The USIM regenerates SQN and verifies that the received SQN is in the correct
range.
If the USIM considers SQN to be not in the correct range, it sends the
Synchronization Failure message back to the VLR/SGSN including the appropriate
parameter, and abandons the connection set-up.
Upon receiving a Synchronization Failure message from the UE, the VLR/SGSN
sends an Authentication Data Request with a Synchronization Failure Indication to
the AuC of the users Home Environment HE together with RAND and the
appropriate parameter received from the UE.
The AuC checks the parameter, generates a fresh set of AVs and sends them with
an Authentication Data Response message to the VLR/SGSN.
Whenever the VLR/SGSN receives a new set of AVs from the AuC in an
Authentication Data Response to an Authentication Data Request with
Synchronization Failure Indication it deletes the old AVs for that UE. The VLR/SGSN
may now start a new authentication process to the UE based on a new AV from the
AuC.
25
Siemens
Security Features
SQN
Synchronisation Failure
generates SQN:
length = 48 bit
content operator-dependent
e.g. for restricted AV validity time,
verification of SN Id.
SQN AK AUTN
Re-generates SQN
SQN in correct range ?
No Synchronisation Failure
Yes continue
Authentication
AuC
USIM
VLR /
[RAND(i), AUTN(i)]
Synchronisation Failure
or Authentication Response
[RES(i)]
Authentication
Data Request [IMSI]
HLR
Authentication Data
Response [AV(1..n)]
] ]
st tion ..n)
e
a
qu dic V(1
Re e In e [A
SGSN
ta r s
DaFailu pon
.
th n. es
Au hro a R
t
c
yn Da
[S th.
Au
&
Network
Fig. 16
26
Siemens
Security Features

Ciphering
prevents eavesdropping
of user data / signalling
AV Request:
Providing Keys
for Ciphering &
Integrity Check
Key
Setting
VLR /
SGSN
S-RNC
SN
UE
provides security against

unauthorised modification of
signalling data /
HLR
HE
Serving
Network
AuC
Home
Environment
Mandatory!!
Mandatory!!

Fig. 17
27
Siemens Features
Security
Siemen
Security Features

To start the security features Ciphering (optional) & Integrity Check (mandatory),
three steps are necessary:
Connection Establishment
At the connection start the RRC Connection Establishment also informs the network
about the UEs security capabilities. They include the MEs UMTS Encryption
Algorithms UEAs and UMTS Integrity Algorithms UIAs. In Rel. 99 only 2 UEAs and 1
UIA are defined (TS 33.102): UEA0 = no encryption, UEA1 = Kasumi encryption,
UIA1 = Kasumi algorithm. The S-RNC stores the UEs security capabilities.
Authentication & Key Generation in UE
Authentication & key setting may be initiated by the network as often as the network
operator wishes. Key setting can occur as soon as the identity of the mobile
subscriber, i.e. (P-)TMSI or IMSI, is known by the VLR/SGSN.
The security parameter RAND is transmitted with the "Authentication Request"
message from the VLR / SGSN to the UE. The USIM uses RAND to generate the
Cipher Key CK for ciphering and the Integrity Key IK for integrity check. Now CK & IK
are available in the USIM and in the VLR/SGSN.
Security Mode Set-Up
Sending the "Security Mode Command" to the S-RNC, the VLR/SGSN initiate
integrity & ciphering. This command includes the IK & CK to be used.
The S-RNC decides which UEA & UIA will be used, taking into account the UEs
security capabilities. If the requirements in the Security Mode Command cannot be
fulfilled, the S-RNC sends a Security Mode Reject message to the VLR/SGSN.
Next, the S-RNC starts the DL integrity protection. It is mandatory to start integrity
protection of signaling messages at each new signaling connection establishment
between the UE and the VLR/SGSN (exceptions listed in TS 33.102).
The S-RNC sends the Security Mode Command to the UE. This message includes
the selected UIA and also UEA, if ciphering shall be started. Furthermore, parameter
for integrity check, an indication on the core domain (CS/PS) and optionally the time
of cipher start are included.
The UE verifies the received Security Mode Command message (Integrity Check)
and starts UL integrity protection.
Finally, the UE sends Security Mode Complete to the S-RNC. The security mode
set-up is terminated with the Security Mode Complete" message, which is send from
the S-RNC to the VLR/SGSN. This message includes the selected UIA & UEA.
28
Siemens
Security Features
Connection Set-up:
1
UMTS
UMTSIntegrity
IntegrityAlgorithm
AlgorithmUIA*
UIA*:1:
UIA1
UIA1==Kasumi
Kasumialgorithm
algorithm
Key Setting & Security Mode Set-Up
2
UMTS
UMTSEncryption
EncryptionAlgorithm
AlgorithmUEA*
UEA*2: :
Connection Establishment
includes: UE security capabilities (UIAs / UEAs)
stores UIAs, UEAs
UEA0
UEA0==no
noencryption
encryption
UEA1
UEA1==Kasumi
Kasumiencryption
encryption
further
furtherUIA/UEA
UIA/UEAplaned
planed
generates:
RES, XMAC,
[RAND, AUTN]
[RAND, AUTN]
CK, IK
[RES]
[RES]
Security Mode Command

[ IK, CK, UIAs, UEAs]
Security Mode Command

start
Integrity
[UIA, UEA*, CN domain,

Integrity Parameter, Cipher Start]
Select UIA & UEA
start Integrity
Security Mode Complete

start (De-)Ciphering
UE
*1 also denoted by f9
*2 also denoted by f8
Authentication
& Key
Generation
Security
Mode
Set-Up
Security Mode Complete
start (De-)Ciphering
SRNC
VLR
SGSN
Fig. 18
29
Siemen
Security Features
Siemens Features
Security
Data Integrity Check: Basic Principle

The Data Integrity Check is used between the UE and the VLR/SGSN to protect
signaling data against unauthorized modification and change of data origin.
It is mandatory to start integrity protection at each new signaling connection
establishment between the UE and the VLR/SGSN. Exceptions (e.g. emergency call)
are listed in TS 33.102.
Integrity protection starts after the Security Mode Command. The messages
Security Mode Command, Security Mode Complete and all following messages
are integrity protected.
The principle of the Integrity Check is the following:
The signaling data to be protected and the Integrity Key IK are used in the transmitter
(UE or S-RNC) as input for the UMTS Integrity Algorithm UIA. The result of this
calculation is a kind of a check sum of this data. This check sum is appended to the
signaling data to be transmitted.
Signaling data and appended check sum are send from transmitter (UE or S-RNC) to
receiver (S-RNC or UE).
In the receiver, the signaling data and the IK (stored in the receiver) are again used
as input for the same UIA. The newly generated check sum (expected check sum) is
compared to the transmitted check sum.
If during transmission signaling data are modified or someone tries to simulate the
users signaling, the expected check sum and the transmitted check sum differ and
the non-authorized modification becomes visible.

provides security against:
unauthorised modification of control data
Basic Principle
Control Data:
start of Integrity protection mandatory
nearly all control data Integrity protected*
UE
SRNC
*not in case of
emergency calls
Transmitter
Control Data
Receiver
Encrypted
check sum
IK dependent
check sum generator
IK
Encrypted
Control
Data Data
Control
check sum
check sum
generator
Expected
check sum
IK
Equal?
Encrypted
check sum
* exceptions listed in TS33.102 (6.5.1)
Fig. 19
30
Siemens
Security
Features
Security Features
Siemen
Data Integrity Check UMTS Integrity Algorithm UIA

The UMTS Integrity Algorithm UIA (different types of UIA can be used; currently only
UIA1 using a Kasumi algorithm is defined; see TS 33.102/6.5.6) is often also denoted
as f9.
The transmitter (UE or S-RNC) uses the Control Data and the integrity parameter
Integrity Key IK, Integrity Sequence Number COUNT-I, a random value generated
by the network side FRESH and the direction bit DIRECTION as input for f9.
Based on these input parameters the transmitter computes the Message
Authentication Code for data Integrity MAC-I (i.e. the check sum):
MAC-I = f9(Control Data,IK,COUNT-I,FRESH,DIRECTION).
The MAC-I is appended to the control data and transmitted over the radio link.
The receiver computes the Expected Message Authentication Code for data Integrity
XMAC-I in the same way as the transmitter computed MAC-I. The data integrity of
the control data is checked by comparing XMAC-I with the received MAC-I.
Remarks to the integrity parameter:
Integrity Key IK: There may be one IK for CS connections IK(CS) and one for PS
connections IK(PS). The data integrity of radio bearers for user data is not protected.
FRESH: There is only one FRESH parameter value per user. The input parameter
FRESH protects the network against replay of signaling messages by the UE. At
connection set-up the S-RNC generates a random value FRESH and sends it to the
UE in the RRC Security Mode Command message. The value FRESH is
subsequently used by the UE and S-RNC throughout the duration of a single
connection. This mechanism assures the network that the user is not replaying any
old MAC-Is.
COUNT-I: the integrity sequence number COUNT-I is composed on basis of the RRC
sequence number RRC SN and the RRC Hyperframe Number RRC HFN.
DIRECTION: the direction identifier bit indicates UL or DL direction (DIRECTION = 0
for UL and 1 for DL).
31
Siemens
Security Features

UMTS Integrity Algorithm UIA
Transmitter
(UE or S-RNC)
Integrity
Sequence No.
UL = 0
DL = 1
COUNT-I
IK
Integrity Key
Control Data
encrypted
check sum
random value
S-RNC generated
valid for connection
duration
prevents replaying
of old MAC-Is
Receiver
(UE or S-RNC)
COUNT-I
FRESH
IK
Direction
direction bit
f9 (UIA)
f9 (UIA)
MAC-I Control Data
MAC-I
XMAC-I
Equal?
RRC: Security Mode Command
UE
Direction
Integrity Key
direction bit
(X)MAC-I: (Expected) Message Authentication Code for Integrity
verify MAC-I
start Integrity
- ...
FRESH
[UIA, UEA, CN domain, Cipher Start,

FRESH, MAC-I]
RRC: Security Mode Complete
Select UIA & UEA

start Integrity
- compute MAC-I,
- generate FRESH
SRNC
[MAC-I]
Fig. 20
32
Siemens
Security
Features
Security Features
Siemen
Ciphering UMTS Encryption Algorithm UEA

Similar to GSM, UMTS performs encryption of user data and signaling to prevent
eavesdropping on the radio interface.
For CS and PS data encryption is performed between the S-RNC and the UE.
Like in GSM the plain text is ciphered in the transmitter connecting it via XOR
operation with a cipher sequence (UMTS: Keystream Block). The ciphered text block
is transmitted via radio interface. In the receiver the plain text is recovered connecting
the ciphered text block via XOR operation with the cipher sequence / Keystream
Block.
The algorithm producing the Keystream Block is the UMTS Encryption Algorithm
UEA. UEA is often denoted as f8. Different UEA implementations are possible.
Currently only UEA0 (no ciphering) and UEA1 (Kasumi encryption) are available.
The UMTS keystream block is generated in the UE and S-RNC feeding the cipher
parameter Cipher Key CK, Ciphering Sequence Number COUNT-C, bearer
identity BEARER, transmission direction DIRECTION and the length of the
keystream LENGTH into f8.
Keystream Block = f8(CK,COUNT-C,BEARER,DIRECTION,LENGTH).
Remarks on the cipher parameter:
Cipher Key CK: There may be one CK for CS connections CK(CS) and one for PS
connections CK(PS).
COUNT-C: The ciphering sequence number COUNT-C is generated by MAC or RLC
frame and sequence information.
BEARER: the radio bearer identifier BEARER is input to avoid that for different
keystream an identical set of input parameter values is used.
DIRECTION: the direction identifier bit indicates UL or DL direction (DIRECTION = 0
for UL and 1 for DL).
LENGTH: The length indicator LENGTH indicates the length of the required
keystream block. LENGTH shall affect only the length of the Keystream block, not the
actual bits in it.
33
Siemens
Security Features
Ciphering
UMTS Encryption Algorithm UEA
not in case of
emergency calls
SRNC
UE
UL = 0
DL = 1
Cipher
Sequence No.
COUNT-C
1 Bearer parameter /
user radio bearer
UE or S-RNC
Direction
Bearer
Length
direction bit
radio bearer id.
length indicator
indicate length
of required
keystream block
CKPS & CKCS
CK
f8 (UEA)
Cipher Key
cipher sequence
Keystream block
Plain text block
ciphered text block
Keystream block
Keystream block
=
=
ciphered text block

Plain text block
Fig. 21
34
Siemens
Security
Features
Siemen
Security Features
UMTS Security Features: Summary

The UMTS system provides some mechanism to guarantee the network access
security. Some features are still the same as in GSM, others have been enhanced,
and two new aspects have been additionally defined. The following network access
security features have been defined in Rel. 99:
IMEI Check:
To prevent the usage of stolen or not allowed mobile equipment, the mobile
equipment identification can be checked by the network. This feature remains the
same as in GSM.
P-TMSI / TMSI Allocation:
To guarantee the user identity confidentiality respectively the user location
confidentiality the permanent user identity IMSI is normally not transmitted over the
radio interface. The user is normally identified by the temporary identity TMSI / PTMSI, by which he is known in the serving network. This feature remains the same as
in GSM.
Authentication:
In UMTS authentication is extended compared to GSM. Additionally to the User
Authentication a Network Authentication is introduced.
User Authentication is the property that the Serving Network SN checks the real
identity of the user, preventing non-authorized access to the network.
Network Authentication is a check whether the connected SN is really authorized
by the users Home PLMN to provide him services. This includes the guarantee that
this authorization is recent.
Ciphering
Ciphering prevents eavesdropping of user data and signaling over the radio interface.
UMTS ciphering has been enhanced compared to GSM/GPRS.
The Data Integrity Check has been introduced as a new security feature in UMTS. It
provides security against unauthorized modification of signaling data respectively the
change of data origin.
35
Siemens
Security Features

TMSI / P-TMSI Allocation
Authentication
- allocated by VLR / SGSN instead of IMSI

- protects user identity & location confidentiality
- User Authentication:
network checks real user identity;
prevents misuse / misappropriation
of network resources / services
- Network Authentication:
UE checks network authorisation
to provide service
Ciphering
prevents eavesdropping of
user data / signalling on Uu
IMEI Check
provides security against unauthorised

modification of signalling data /
prevents usage of
stolen / not allowed ME
UE
SRNC Summary
VLR
SGSN
Fig. 22
36
Chapter 5
UTRA Aspects
UTRA Aspects
Siemens
UTRA Aspects
Contents
1
2
3
4
5
Power Control
RAKE Receiver
Handover
Exercise
Solution
23
181
1217
2027
2433
Siemens
UTRA Aspects
Power Control
UTRA Aspects
Power
P
Time t
3
2
1
Power
Control
Frequency f
Power Control
Fig. 1
Siemens Aspects
UTRA
Siemen
UTRA Aspects
Power control principle

Fast power control is essential in CDMA systems. Since many subscribers transmit in
the same frequency band and as the same frequency can be used in principle in
each cell (re-use = 1), each user can cause interference for the others. The power
control is used to limit interferences. The capacity of the CDMA system is mainly
limited by the level of the (inter- and intra-cell) interferences. As a result, an optimized
power control greatly optimizes the system capacity.
UL power control reduces the interference between different UE, DL power control
the interference between neighboring base stations, BTS.
The power control is also used to solve the so-called "near-far" problem. For different
UE with identical transmission power, the power received at the BTS of UE located
near the BTS is more powerful than the power of the more remote UE. This may
mean that only the information of the UE near to the BTS can be interpreted. This
must be prevented as much as possible. In ideal cases, the power received at the
BTS is identical for all UE served by the BTS (assuming the transfer rates are
identical). This ideal situation also represents the maximum capacity of the cell.
Genuine fast power control is necessary because of the mobility of the UE. This
mobility causes rapid variation in the attenuation of the power of the UE. Let us
consider an example: the power of UE received at the BTS can increase by several
factors in milliseconds because the UE, for example, has moved away from the "radio
shadow" of a building and has a direct line of sight to the BTS. The interference of the
UE can then disrupt the communication between the BTS and all other UE the
situation must be governed by a fast power control.
Power Control
Principle
BTS
CDMA:
everyone
in the same
frequency band
everyone is
interferer
for everyone
UL & DL
Power Control
for
Interference limitation
P(UE2)
P(UE1)
UE2
UE1
BTS
near far
problem:
P(UE1) P(UE2)
at BTS-Receiver
Fig. 2
Siemens Aspects
UTRA
UTRA Aspects
Siemen
UTRA Power control types

Three different power control types are used in UTRA for efficient power control:
Open Loop Power Control, Inner Loop Power Control and Outer Loop Power Control.
Open Loop Power Control

Open Loop Power Control is used for UL transmissions to control the initial
transmission power (e.g., for random access) of UE. The attenuation of the
transmission power of the BTS is analyzed by the UE as part of the control. The
original power of the BTS is radiated together with other system parameters as
broadcast information. The UE power is initially controlled on the basis of the
analyzed attenuation.
This initial control can only be coarse because the UL and DL attenuations (for FDD)
can differ.
Inner Loop Power Control

For Inner Loop Power Control the BTS or UE compare the quality of the received
signals with a specified value. This value describes the ratio of the (wanted) received
signal power (the signal) and the (unwanted) interference from other sources (the
noise) called the signal-to-noise ratio (S/N) or (S/N)def.
In the FDD mode, the Inner Loop Power Control is also referred to as a Closed Loop
Power Control because of the different frequencies used for UL and DL.
If the analyzed S/N value is better than the defined value, (S/N)def, the BTS or UE
transmit a command to the corresponding opposite side to reduce transmission
power. If the S/N is poorer, an increase in transmission power is ordered. The
commands are covered by the term Transmit Power Control (TPC). Values for TPC
are "Up" and "Down".
In the TDD mode, the BTS and UE independently control the power for themselves
according to the completed S/N measurements and specified values (S/N)def
because of the different frequencies used for UL and DL.
Outer Loop Power Control
The specification of the (S/N)def values used in the Inner Power Control is made by
the Serving RNC (SRNC). The SRNC has access to estimates of the actual
transmission quality using measurement reports for Node B's and UE. The quality
can vary due to modified transmission conditions (e.g., UE speed). To assure
transmission quality, the SRNC must be able to vary the (S/N)def values.
Siemens
UTRA Aspects
UTRA
Power Control
PC - Types:
Open Loop PC
Inner Loop PC
Outer Loop PC
S/N > (S/N)def
TPC = Down
else TPC = Up
DL:
Inner Loop PC
P(BTS) UE TPC
Outer Loop PC:
UL:
(C/I)def variation, to
guarantee QoS (BER,..)
Inner Loop PC
P(UE) BTS TPC
Open Loop PC
RNC
BTS
(Node B)
PC: Power Control
TPC: Transmit Power Control
S/N: Signal to Noise
P(UE) oriented at
BTS DL Power;
for initial transmission
UE
UE:
UE:TS
TS25.101/102
25.101/102(FDD/TDD)
(FDD/TDD)
BTS:
TS
25.104/105
BTS: TS 25.104/105(FDD/TDD)
(FDD/TDD)
PC-types:
PC-types:TS
TS25.401
25.401
Fig. 3
Siemens
UTRA Aspects
UTRA Aspects
Siemen
UTRA power control Parameters

The UTRA FDD and TDD modes have different power control cycles and maximum
power stages of the UE.
Power control cycles

The UTRA FDD mode uses 1500 PC cycles/s for the Inner Loop Power Control.
Each timeslot (TS) has a Transmit Power Control (TPC) command.
The UTRA TDD mode flexibly uses 100 to 800 PC cycles/s for the Inner Loop Power.
The minimum number of 100 PC cycles/s is correlated with the duration of a frame
(10 ms). Depending on the frame configuration, up to 800 PC cycles may be required
for a subscriber.
Power classes and dynamic performance

The maximum power of the Node B (FDD & TDD) is vendor-specific. Dynamic
performance of 30 dB must be ensured. The power can be provided in PC stages of
1, 2 or 3 dB.
The UE has 4 power classes that differ in the FDD and TDD modes.
In the FDD mode, the maximum power of the UE classes is 2000 mW, 500 mW,
250 mW and 125 mW.
In the TDD mode, the maximum power of the UE classes is 1000 mW, 250 mW,
125 mW and 10 mW. The 10 mW class is used for unlicensed operation.
The minimum UE power should be about 0.04 W. The power can be provided in PC
stages of 1, 2 or 3 dB.
3G TS 25.410 provides an overview of the different PC types. Power classes and
dynamic performance are described in TS 25.101 or 25.102 for UE (FDD or TDD), in
TS 25.104 or 25.105 for Node B (FDD or TDD).
Siemens
UTRA Aspects
UTRA
Power Control
FDD:
FDD:1500
1500PC
PCcycles/s
cycles/s
(1(1TPC
TPCjejeTS)
TS)
Fast
Power Control
TDD:
TDD:100
100- -800
800cycles/s
cycles/s
(100/s:
(100/s:per
perframe;
frame;>100/s:
>100/s:
depends
on
depends onframe
frameconfiguration)
configuration)
BTS
max. power:
vendor specific
PC steps:
1, 2, 3 dB
Dynamic:
30 dB (= 1000)
UTRA Capacity
Interference limited
system stability
UE
max. power (4 classes):
FDD: 2000 / 500 / 250 / 125 mW
TPC: Transmit Power Control

* for unlicensed operation
UE:
UE:TS
TS25.101/102
25.101/102(FDD/TDD)
(FDD/TDD)
BTS:
BTS:TS
TS25.104/105
25.104/105(FDD/TDD)
(FDD/TDD)
TDD: 1000 / 250 / 125 / 10* mW

PC steps: 1, 2, 3 dB
min. power: 0,04 mW
Receiver Sensitivity: -110 dBm
Fig. 4
Siemens
UTRA Aspects
RAKE Receiver
UTRA Aspects
RAKE Receiver
CDMA Advantage
from
Multipath
propagation
Path 2
Path 1
Path 3
RAKE Receiver
Fig. 5
Siemens
UTRA Aspects
Siemen
UTRA Aspects
RAKE receiver
CDMA can benefit from multipath propagation of radio waves with the use of a socalled RAKE receiver. The information for transmission reaches the receiver in
practice not only by direct "line of sight", but also via echos from obstacles. Normally
this increases the noise level, a situation that is not desirable. The reflected
information passes over longer paths than the direct line of sight and is therefore
delayed. If the delay is longer than one chip, the receiver usually regards the
reflected information as undesirable noise. The use of RAKE receivers turns this
disadvantage to an advantage.
A RAKE receiver has a number of RAKE fingers. Each of these RAKE fingers
changes (by de-spreading) broadband signals with different delays from the same
source (i.e., with the same spreading code) back into user information by using the
spreading code. This can be done because the different RAKE fingers apply the
spreading code with delays.
The RAKE fingers obtain information from a so-called Matched Filter (MF) for the
synchronization required. The MF compares incoming information with predefined
data sequences. These sequences are shifted in time. If the incoming chip
sequences match the predefined sequences, a power peak is registered. Predefined
information and information in the UL / DL contain so-called pilot sequences or the
mid-ambles of the TDD bursts. The MF returns information on the delays of the
different user signals in this way. It also supplies information on the amplitude of the
different user signals.
The RAKE fingers are responsible for the de-spreading of the user signals received
by multipath propagation. The fingers also correct the information with regard to
phase and adapt the timing of the information.
Depending on the signal strength (MF information), the information components are
summed (Maximum Ratio Combining).
A strong signal consisting of multipath components is therefore obtained in this way
with a RAKE receiver.
Siemens
UTRA Aspects
RAKE
Receiver
RAKE Receiver:
several finger for multipath components
Matched Filter MF:

measures Pilot
Delay estimation
Path 2 (d2, a2)

Path 1
(d1,a1)
DeSpreading
Code (t-d1)
Finger 1
DeSpreading
Code (t-d2)
Finger 2
DeSpreading
Code (t-d3)
a1
a2
a3
Finger 3
Maximum
Ratio
Combining
Path 3 (d3, a3)
d: delay
a: attenuation
RAKE finger:
Despreading ( MF-Info!)
Phase correction
Delay correction
Fig. 6
10
Siemens
UTRA Aspects
Siemen
UTRA Aspects
MultiUser Detection (MUD)

MultiUser Detection (MUD) and Interference Cancellation (IC) can be used for
clearing intra-cell noise. In doing so, the MUD / IC can
1. increase the capacity of the system. Different models indicate that MUD / IC can
theoretically increase the system capacity by a factor of 2.8 and
2. reduce the "near-far" problem.
The broadband information of all UE in a cell generated with the use of different
spreading codes is received by the receiver of a BTS (Node B). The information
is despread in the receiver using the same spreading code. MUD processes the
signals jointly in order to separate undesirable interference due to the other users
in the cell from the signal wanted. In this way, large parts of the intra-cell
interference can be separated from the overall signal and canceled: hence
Interference Cancellation (IC). The desired signal of a specific user is clearly
distinguishable from the background. MUD therefore provides a much better
signal to noise ratio (S/N).
Since the capacity of CDMA systems is mainly limited by interference (there is
however also a restriction regarding the number of available orthogonal codes),
MUD / IC contributes to an increase in capacity.
MUD / IC is a relatively complex method. It is consequently mainly to recommend
for applications in the UL direction i.e., in Node B. However, there are also
studies on the use of MUD / IC in user equipment (UE). The interferences of the
most powerful "disturbers" can be canceled at least.
MultiUser
Detection MUD
UE 2:
Code 2
DeSpreading
Code 1
DeSpreading
Code 2
DeSpreading
UE n:
Code n
Code n
MultiUser Detection MUD &

Interference Cancellation IC
Node B
Data 1
Data 2
Data n
UE 1:
Code 1
BTS
(Node B)
MUD:
mainly for UL (in Node B)
reduces Intra-Cell interferences
increases capacity
reduces Near-Far problem
Fig. 7
11
Siemens
UTRA Aspects
Handover
UTRA Aspects
UE
Measurement:
Connection quality & strength
+ strength of own & surrounding BTS
Measurement:
Connection quality & strength
Measurement Report
BTS
Pre-processing of measurements
Measurement
Report
HOV
Decision
UMTS Handover
decision similar GSM
initiated by RNC
performed by UE
RNC
Activation of new BTS

Active Set Update
Handover
Fig. 8
12
Siemens
UTRA Aspects
Siemen
UTRA Aspects
UTRA handover
The criteria and procedures for performing handover in UMTS are similar to those in
GSM. The UE and BTS determine the quality and strength of a radio transmission.
The UE also determines the signal strength and quality of its own and the local
BTS's. The measurement values are compiled in a measurement report for use by
the RNC as a basis for deciding for or against handover. If handover is decided upon,
the new BTS is activated and included in the so-called active set. The RNC is
responsible for decisions regarding the acceptance or rejection of handovers, while
the execution (initiation of contact with the new BTS) is the responsibility of the UE.
Hard handover
Hard handovers refer to handovers in which a mobile station (MS) transmits its user
information only via one base station at any one time. Up until the time of the
handover command, the MS communicates with the old base station over a specific
physical channel. After the handover command, the MS changes the physical
channel and then communicates with the new base station.
Hard handovers are used in GSM and in the following cases in UMTS:
During TDD / TDD handovers
During FDD handovers if the frequency (interfrequency handover) or the Core
Network is changed
During inter-system handovers for example, when changing from FDD to TDD or
from UMTS to GSM.
Soft handover
Soft handovers refer to handovers in which a mobile station (MS) transmits its user
information via more than one base station at the same time. Soft handovers can be
used in CDMA systems in order to prevent an increase in power of the MS in
boundary areas between different cells. This reduces the interference level and
therefore increases the capacity of the system. Moreover, the contact with more than
one base station ensures the connection to a moving MS in difficult terrain.
Soft handovers are used in IS-95 and MC-CDMA and in the following cases in
UMTS:
During FDD / FDD handovers (without frequency changes).
13
Siemens
UTRA Aspects
Hard & Soft Handover
DL
UL
DL
UL
DL
Hard Handover
Soft Handover
GSM
UTRA TDD
UTRA FDD at:
Interfrequency HoV (HCS)
CN-Change
Inter-System HoV
FDD - TDD
UMTS - GSM
IS-95
MC-CDMA
UTRA FDD
Fig. 9
14
Siemens
UTRA Aspects
UTRA Aspects
Siemen
Soft handover
UE can communicate with two or three BTS's during soft handovers in the UTRA
FDD mode due to the fact that all cells use the same frequency. If the mobile station
enters the boundary area between two or three cells, the RNC can decide that a
connection with two or three BTS's is advantageous. The RNC reserves
corresponding codes in the different cells for the UE and commands the UE to
implement handover to the new BTS (or BTS's). As of this time, the information is
handled by the relevant BTS's. The identity of the cells involved in the connection is
stored in the RNC as an active set.
The Node B's receive the transmission from the UE, despread it and forward the
information over the Iub interface to the RNC. The RNC combines this information
and forwards it via the Iu interface to the Core Network (CN). This procedure is
implemented frame for frame. The quality of the supplied frames is the basis for
assessment. Only information in frames with top quality is used.
The gain due to reception of additional signals in soft handovers is also known as
macro diversity.
In the opposite direction, the RNC splits the information from the Core Network and
forwards it to the different Node B's. During soft handover the UE receives the
transmission of the (apart from the TPC command) identical information from the
various Node B's / BTS's. The transmission information from the BTS's is despread
by different RAKE fingers and combined (Maximum Ratio Combining MRC).
Softer handover
Softer handovers are handovers between sector cells in the same Node B. The
transmission information received via the antennae of the different sector cells is
handled by different RAKE receivers and combined in the Node B itself (Maximum
Ratio Combining MRC). Softer handovers are internal Node B affairs. Additional
(Iub) transmission capacity to the RNC is not required.
The gain due to reception of additional signals in softer handovers is also known as
macro diversity.
15
Siemens
UTRA Aspects
Soft / Softer Handover

Soft Handover
Softer Handover
Node B
between sector cells

Combining via RAKE
Node B internal
Sector cells
Node B
Iub
Node B
Node B
Iub
Combining /
Splitting
RNC Active
Iu
CN
Iub
Set
Active Set:
max. 3 Cells
RNC
Fig. 10
16
Siemens
UTRA Aspects
Siemen
UTRA Aspects
Inter-RNC Soft Handover

An interesting special case of soft handover is the inter-RNC handover. In this case,
the Node B's involved in the soft handover belong to different RNC's.
The RNC responsible for control of the soft handover is referred to as the serving
RNC (SRNC). It combines information received from the different Node B's in the
direction of the Core Network (CN) or splits the information transmitted in the
opposite direction. It also stores information regarding the cells involved in the soft
handover (in an active set).
The other RNC responsible only for allocating radio resources is known as the drift
RNC (D-RNC).
Since the handover is to be controlled autonomously in UMTS by the UTRAN as part
of the Radio Resource Management (RRM), an interface is required between both of
the RNC's participating in the soft handover. D-RNC and S-RNC exchange signaling
information and user information via the Iur interface.
The S-RNC has no anchor functionality (comparable to an anchor MSC). The D-RNC
can adopt the function of the S-RNC with an S-RNC relocation procedure if
necessary. The previous S-RNC is then released. The link between both RNC's over
the Iur interface is no longer required. The link is directly handled by the participating
Node B (or Node B's) via the Iub interface using the new S-RNC and sent from there
to the CN via the Iu interface.
Soft Handover
S-RNC: Serving RNC
D-RNC: Drift RNC
RR: Radio Resource
Inter-RNC HoV
Node B
Iub
Node B
Node B
RNC
Iub
Iub
Iur
Combining /
Splitting
RNC Active
Iu
CN
Set
S-RNC: Combining/Splitting + RR allocation
D-RNC: only RR allocation
change D-RNC S-RNC possible
Fig. 11
17
Siemens
UTRA Aspects
UTRA Aspects
Siemen
UTRA FDD & TDD Key parameters

The UTRA FDD and TDD modes have many common key parameters:
l
Bandwidth B = 5 MHz
Chip rate Rc = 3.84 Mchip/s
Re-use factor = 1
The timing structures are identical:
1 TS = 2560 chips (=2/3 ms)
1 frame = 15 TS = 10 ms (= 38400 chips)
1 superframe = 72 frames = 720 ms (= 6 GSM TCH multiframes)
FDD and TDD both use the "OVSF code tree" for channelization codes.
Differences between TDD and FDD are mainly based on the different multiplex
methods used (and of course on the different UL/DL coordination/frequencies).
The FDD mode uses pure DS-CDMA thereby producing a continuous transmission.
The shortest transmission duration is one frame (10 ms).
The TDD mode uses a TDMA / DS-CDMA hybrid solution which produces
transmission of bursts.
The FDD mode uses 1500 power control cycles (1 TPC / TS).
The TDD mode uses 100 to 800 power control cycles/s depending on the frame
configuration.
The FDD mode mainly uses soft handovers (except for changes in frequency /
system).
The TDD mode uses hard handovers.
The FDD mode has advantages in its use of relatively large cells (macro and micro
cells), particularly for UE moving at high speed. The TDD mode offers advantages for
small-space, quasi-stationary applications (in pico and micro cells).
The main advantages of the TDD mode are as follows:
l
Flexible use in new frequency areas (reframing); only 1 x 5 MHz required
Unlicensed operation with low power equipment (power class 4) possible
Asymmetric distribution of resources for UL & DL (higher resource efficiency).
18
Siemens
UTRA Aspects
UTRA FDD & TDD

Key Parameter
Zone 3: Suburban
Zone 2: Urban
Zone 1:
Indoor
Macro Cell
FDD
continuous transmission
SF = 4 - 256/512
1500 PC-cycles/s
Soft Handover
Micro Cell
Pico Cell
FDD & TDD
bandwidth B = 5 MHz
chip rate Rc = 3,84 Mchip/s
Re-Use = 1
OVSF Code tree
1 TS = 2/3 ms = 2560 chip
1 frame = 10 ms
TDD
bursty structure
SF = 1 - 16
100 - 800 PC cycles/s
Hard Handover
1 Superframe = 72 frames
Fig. 12
19
Chapter 6
UMTS Radio Access
Basic Principles
Siemens
Contents
1
2
3
3.1
3.2
3.3
3.4
3.5
4
5
6
Transmission Principles & Examples

Principle of CDMA & Example
UTRA: The UMTS Terrestrial Radio Access
UTRA Conception & Harmonization
FDD / TDD Technical Parameters
UTRA Codes
UTRA Timing Structures
Summary Key UTRA Parameters
MC-CDMA / UTRA / TD-SCDMA Comparison
Exercise
Solution
23
191
2127
2228
2632
3036
3440
3642
3845
4251
4657
Siemens
Transmission Principles & Examples

UTRA Basics
UL
DL
FDMA
Duplex
transmission
FDD
TDD
Multiple
Access
TDMA
CDMA
& 2G Examples
Fig. 1
Siemens
UMTS
Radio Access: Basic Principles
Siemen
Transmission principles and examples

The mobile transfer of information in a cell between base stations and mobile stations
requires coordination of the information transmission. Two different aspects require
coordination. Firstly, during today's typical full duplex transmission, the two
transmission directions (uplink and downlink) must be coordinated between a mobile
station and the base station. Two different principles are applied for duplex
transmissions: Time Division Duplex (TDD) and Frequency Division Duplex (FDD).
Secondly, the transmission between the different mobile stations of a cell and the
base station must be coordinated. Three different multiplex methods are mainly used
for this purpose: Frequency Division Multiple Access (FDMA), Time Division Multiple
Access (TDMA) and Code Division Multiple Access (CDMA).
Duplex transmission: FDD & TDD
Two duplex methods are used for coordinating the uplink (UL) and downlink (DL)
components of a transmission between a base station and a mobile station, namely
Frequency Division Duplex (FDD) and Time Division Duplex (TDD).
UL and DL are implemented for FDD in different frequency bands. The gap between
the two frequency bands for UL and DL is known as the duplex distance. It is
constant for all mobile stations in a standard. Generally the DL frequency band is
positioned at the higher frequency than the UL band.
In the case of TDD, UL and DL are implemented in the same frequency band. This is
done by dividing the band into timeslots (TS) and frames. A frame contains a specific
number, n, of timeslots, TS. A number of these n timeslots is reserved for UL
transmission (half of the timeslots in 2G systems) and the remaining for DL
transmission. The duration of a frame determines the cyclical repetition of the
corresponding UL / DL transmission. The UL and DL transmission occurs quasi
simultaneously i.e., the duration of a frame is generally in the range of a number of
ms.
TDD transmission is mainly used as of the 2nd mobile communications generation (in
digital transmissions). Digital transmission simplifies speech and data compression.
As a result, only a fraction of the time needed for analog transmission is required for
digital transmission of subscriber data.
Siemens
Duplex Transmission:
FDD & TDD
Time t
Time t
duplex distance
UL
TDD:
UL / DL
separated by
Time!
DL
UL
DL
UL
frequency f
DL
Frame
with n TS
FDD: UL / DL
separated by
Frequency!
FDD: Frequency Division Duplex
TDD: Time Division Duplex
TS: Time Slot
UL
frequency f
Fig. 2
Siemens Radio Access: Basic Principles

UMTS
Siemen
Multiplex methods
Multiplex methods are used to divide the limited frequency resources of a cell
between the different subscribers and mobile stations in the cell. Three different
methods are mainly used today: Frequency Division Multiple Access (FDMA), Time
Division Multiple Access (TDMA) and Code Division Multiple Access (CDMA). Other
multiplex methods are currently being researched or developed (for example, Space
Division Multiple Access SDMA).
Frequency Division Multiple Access (FDMA)

FDMA divides the available frequency range into channels with a specific bandwidth
(frequency band). One of these frequency bands is made available to a single
subscriber without restriction throughout the entire duration of a connection. Each
subscriber in a cell therefore uses a different frequency band than the other
subscribers. In this way undesirable noise can be avoided (or reduced as much as
possible or as required).
Time Division Multiple Access (TDMA)

Unlike FDMA, a single frequency band is available to a number of different
subscribers with TDMA. The frequency band is divided into TDMA frames for this
purpose. Each frame is divided into n timeslots (TS). Each of the n timeslots of a
frame can be assigned to a different subscriber. In this way, a single frequency band
can carry up to n subscribers. The transmission of a single subscriber comprises
individual timeslots assigned cyclically to the subscriber (generally 1 TS per frame;
longer cycles are also possible). With TDMA, each frequency band is also used only
by a single subscriber at a particular time. This prevents interference occurring
between different subscribers (or prevents noise as much as possible or as required).
Code Division Multiple Access (CDMA)

In contrast to TDMA and FDMA, multiple subscribers can use the same frequency
band at the same time with CDMA. Each subscriber is provided with a unique (in the
cell) code for this purpose. The transmitter links the original information with the
code. The coded information is then transmitted over the radio interface. The original
information is regenerated in the receiver using the same code.
Siemens
Multiple Access
Power
P
Power
P
FDMA
time t
time t
TDMA
TS 3
TS 2
TS 1
1
frequency f
frequency f
Power
P
time t
CDMA
3
2
1
co-ordination of
restricted frequency resources
to different subscriber
Multiple
Access
BS & MS with common

knowledge according
FDMA
TDMA
CDMA
Frequency
Time
Code
frequency f
Fig. 3

UMTS
Siemen
Duplex & multiplex methods Examples

FDD / FDMA
Systems belonging to the 1st mobile communications generation (1G) generally use
FDD methods for duplex transmission and FDMA for multiplex access. Subscriber UL
and DL are in different frequency ranges. One frequency band in the frequency
ranges is available without restrictions to individual subscribers in each case.
Examples of cellular FDD / FDMA systems are the 1G systems AMPS, NMT, TACS
and C450.
The C450 system, for example, uses the frequency ranges 450 455.74 MHz and
460 465.74 MHz for UL and DL transmissions respectively. The frequency
bandwidth is 20 kHz, the duplex distance 10 MHz.
FDD / TDMA
Systems belonging to the 2nd mobile communications generation (2G) generally use
FDD for duplex transmission and TDMA for multiplex access. Subscriber UL and DL
are therefore in different frequency ranges. Usually one timeslot (TS) is cyclically
available to individual subscribers in a frequency band in the frequency ranges. To
enable faster data rates, multiple TS's of a frequency band can be grouped together
for a subscriber in some cases. Examples of FDD / TDMA systems are the cellular
2G systems GSM, D-AMPS and PDC.
GSM900, for example, uses the frequency ranges 890 915 MHz and 935
960 MHz for UL and DL transmissions respectively. The frequency bandwidth is
200 kHz and the duplex distance 45 MHz. The frequency bands are divided into
TDMA frames, each 4.615 ms in duration. Each TDMA frame is divided into 8 TS's.
TDD / TDMA
Low-range 2G systems sometimes use TDD for duplex transmission and TDMA for
multiplex access. An example of TDD / TDMA transmission is DECT.
DECT uses 10 frequency bands, each with a bandwidth of 1.728 MHz, in the
frequency range 1880 1900 MHz. The frequency bands are divided into TDMA
frames, each 10 ms in duration. Each TDMA frame is divided into 24 TS's. 12 TS's in
a frame are used for UL transmission, 12 for DL.
FDD / CDMA
CDMA is used by a number of 2G systems, but mainly by 3G systems. An example
of a 2G system that uses FDD for duplex transmission and CDMA for multiplex
transmission is the IS-95 system (described later).
Siemens
1,88
GHz
TS7
Example:
GSM900
TS6
TS5
frame
4.615
ms
2G
cellular:
TS4
TS3
FDD, TDMA
(&FDMA)
TS2
TS1
TS0
200 kHz
20
MHz
1,728
MHz
Duplex distance: 45 MHz
10
time
460
465,74
frequency [MHz]
455,74
DL
450
C450,
NMT,
AMPS
Example:
DECT
e.g.
DL
Example:
C450
UL
UL
FDD,
pure
FDMA
20 kHz
1G:
TDMA frame (10 ms)
Duplex distance:10 MHz
time
time
Examples
1 2 3 4 5 6 7 8 9 101112131415161718192021222324
1,90
GHz
frequency
[MHz]
2G CT:
TDD, TDMA e.g. DECT
e.g.
GSM, PDC,
D-AMPS
frequency [MHz]
2G Example CDMA:
IS-95 (later)
Fig. 4
Siemens
Principle of CDMA & Example

UTRA Basics
Power
P
time t
Code Division
Multiple Access
3
2
1
frequency f
CDMA
Basics & Example
Fig. 5
Siemens
UMTS

Siemen
The CDMA principle

CDMA is a Spread Spectrum Technology (SST). The origins of SST go back to the
1920's. SST's were used from the 1950's to the 1980's in the military sector for
example, for satellite navigation. CDMA has been released as an SST for civilian use
since the mid-1980's. The first cellular mobile communications system to use CDMA
for multiplex transmission was IS-95. It began commercial operation at the end of
1995.
In SST's a narrowband signal with high information concentration is transformed to a
broadband signal with low information concentration this is known as spreading.
The signals are very stable against the influence of narrowband natural or technical
interference (background noise) and interfering transmitters (intentional jamming).
There are different ways of performing the spreading.
For spreading subscriber information for CDMA, a unique (in the cell) code is
provided for each subscriber. This code is referred to as the spreading code. The
linkage of the high bit rate code with the original subscriber information transforms
the original signal into a broadband signal. This broadband signal is transmitted
together with broadband signals from other subscribers using the same frequency
band over the radio interface. The receiver receives the sum of all of these signals.
By relinking the summation signal with the (synchronized) subscriber code the
original subscriber information is regenerated (a process known as de-spreading).
The remaining information stays in its broadband form and therefore constitutes an
underlying signal. The information remains useful as long as the underlying signal
does not dominate the despread signal. The information for the different subscribers
can be separated because of the orthogonal (or quasi orthogonal) attributes of the
code used.
Power P
CDMA
Principle
user 1
user 2
CDMA:
Spread Spectrum Technology
every user with unique Code
high bit rate Code: Spreading / De-Spreading
user 1 & 2
frequency f
frequency f
Unspread
Signals
Fig. 6
Spread
Signals
Radio Transmission =
5 spread signals
after
De-Spreading
10
Siemens
UMTS

Siemen
Advantages of CDMA
The CDMA principle is associated with many attributes that can have positive effects
for transmission of information.
The coded transmission and the low information concentration of the CDMA signals
were particularly important for the military applications. A transmitted signal can only
be despreaded, and the data regenerated, if the receiver has the correct spreading
code. The low information concentration allows information to be discretely
transmitted the signals are for all intents and purposes concealed in background
noise.
The high level of stability of the broadband information transmission against the
effects of narrowband background noise is vitally important for military and civil
utilization. Frequency hopping is used in narrowband systems (such as GSM) to
obtain this effect.
Yet another CDMA attribute is extremely important for civil applications in mobile
communications systems. CDMA in principle allows the re-use of the same frequency
band in all neighboring cells (re-use = 1). In contrast, the same frequency bands
cannot be re-used in neighboring cells in FDMA or TDMA systems. To prevent
interference by subscribers at the same frequencies or in the same timeslots, cells
with identical frequencies must be spatially separated. In FDMA and TDMA systems,
cells are arranged in a careful, complicated frequency planning process. Re-use
schemes of 1/7, 1/9, etc. are typical. As a result, only one part (1/7, 1/9, ...) of the
theoretically available frequency band can be used in the one cell.
CDMA can therefore in principle do without complicated frequency planning, and
allows efficient usage of the available (scarce) frequency resources.
The limits to transmission capacities in FDMA and TDMA systems are determined by
a fixed number of physical channels. With CDMA, however, there is a "soft" capacity
limit. The capacity of CDMA systems is mainly restricted by the interference of other
subscribers in a cell (so-called intra-cell interference) and interference from other
cells (inter-cell interference).
Another CDMA advantage is a stable transmission especially in severe environment.
This is caused by the so-called Multipath Advantage and Soft Handover. Both effects
are described later.
Due to an essential need for precise and fast Power Control, CDMA mobile stations
also need less transmission power than TDMA mobiles. The UMTS Power Control is
also described later on.
11
Siemens
CDMA
Advantages
Stability
narrow-band interference
Stability in severe environment
( Multipath Advantage, Soft HoV)
simple frequency planning (Re-Use: 1)
efficient radio resource usage
lower transmission power ( Power Control)
Frequency & radio network planning

CDMA
TDMA
(UMTS; Reuse: 1)
(e.g. GSM with Reuse 1/7)
1/1
3/7
4/7
2/7
1/1
1/7
5/7
7/7
1/1
1/1
1/1
6/7
Re-Use
Distance
1/1
1/1
2/7
Fig. 7
12
Siemens
UMTS
Siemen
CDMA types
Signals can be spread for CDMA using a number of different methods. The following
three CDMA methods are most commonly used: TH-CDMA, FH-CDMA and
DS-CDMA.
Time Hopping CDMA (TH-CDMA)

The information-carrying signal is not continuously transmitted in the TH-CDMA
method. Instead, information is transferred in bursts. The burst transmission time is
specified by the spreading code.
TH-CDMA was developed at the end of the 1940's as the first CDMA method, and
was used for military purposes.
Frequency Hopping CDMA (FH-CDMA)

The carrier frequency of the information-carrying signal is changed constantly during
FH-CDMA. Very fast as well as slow changes are possible. The bandwidth at any
particular time is relatively narrow. When considered over a longer period, FH-CDMA
is just as much a broadband method as TH-CDMA and DS-CDMA. The change in
carrier frequency is specified by the spreading code.
An example of the civil use of FH-CDMA is the so-called Bluetooth standard.
Bluetooth allows the transmission of information at high data rates over small
distances in the unlicensed frequency range around 2.4 GHz.
Direct Sequence CDMA (DS-CDMA)

In DS-CDMA, subscriber information (digital in 2G and 3G systems) is spread directly
by linking with a sequence of the spreading code. This results in continuous (in
contrast to TH-CDMA) transmission of the broadband signal over the entire
bandwidth (in contrast to FH-CDMA).
DS-CDMA is used for IS-95 and the Globalstart satellite system, for example. In 3G,
UMTS is based on DS-CDMA.
13
Siemens
time t
CDMA
Types
Time
Hopping
(TH-CDMA)
Direct
Sequence
(DS-CDMA)
DS-CDMA
IS-95
Globalstar
UMTS
Frequency
Hopping
(FH-CDMA)
FH-CDMA
Bluetooth
frequency f
Fig. 8
14

UMTS
Siemen
Direct Sequence CDMA Transmission and reception

Digital, binary subscriber information is linked in the transmitter with the spreading
code generated by a code generator this process is termed spreading. The
spreading code consists of a high bit rate code sequence. The smallest unit of
information in the spreading code is referred to as a chip to distinguish it from the
smallest unit of subscriber information, the bit. The rate of the spreading code is
known as the chip rate. The information obtained by spreading is modulated to a
carrier frequency. The higher the information rate (i.e. the chip rate), the wider the
bandwidth of the resulting signal.
The broadband signal is transmitted over the radio interface.
The receiver demodulates the signal and links the resulting information with the same
spreading code used in the transmitter. This process is known as de-spreading. Despreading produces the original subscriber information. It is vital for de-spreading that
the code in the receiver be exactly synchronized in time with the code in the
transmitter. A shift by just one chip prevents information from being regenerated.
DS-CDMA:
+1
Transmission /
Reception
Spreading
Code
-1
1
Chip
Air
Interface
Binary
Data
RB
Spreading
RC
Code
Generator
Wideband
Modulation
DeModulation
fT
Carrier
Generator
Binary
Data
DeSpreading R
B
RC
Carrier
Generator
timesynchronisation
!!!
Code
Generator
RB: Bit Rate

RC: Chip Rate
fT: Carrier frequency
Fig. 9
15
Siemens
UMTS

Siemen
Spreading / de-spreading
In UMTS, the binary, digital subscriber data (1, 0) is converted on the transmission
side to bipolar data (+1, 1) before the spreading process takes place. The spreading
code also consists of bipolar data. The value of a chip can be +1 or 1. The
subscriber data is then multiplied by the high chip rate spreading code. The result is
the coded data, which is then transmitted over the radio interface.
The receiver multiplies the received, code data sequence with the bipolar spreading
code to obtain a bipolar data sequence. The original subscriber data is recovered by
converting this data sequence to binary, digital data.
Spreading Factor (SF)

The spreading factor (SF also frequently known as the Processing Gain, Gp)
indicates the number of chips that spread a symbol each time (see below). The SF
therefore states the relationship between the chip rate, Rc (chip/s) and the data rate
of the subscriber (symbol/s or bit/s). SF also gives the relationship between the
spread bandwidth B and unspread bandwidth W.
Information units: chips, bits, symbols

The smallest unit of digital information is generally called a bit (an abbreviation
derived from "binary digit"). To distinguish the smallest units in the original subscriber
information, spreading code and data transmitted over the radio interface, different
terms are used, namely: bit, chip and symbol respectively.
A symbol can have different numbers of bits depending on the modulation method
used for transmission over the radio interface. Symbols have one bit each in the
Gaussian Minimum Shift Keying (GMSK) method used in GSM and in the Binary
Phase Shift Keying (BPSK) method used for UMTS UL (FDD only) transmission. In
the Quadrature Phase Shift Keying (QPSK) method used generally for UMTS, a
symbol has two bits, and in the 8 Phase Shift Keying (8PSK) methods used in EDGE
even three bits.
16
Siemens
Spreading / De-Spreading
1 Symbol
Binary Data
Bipolar
Data
+1
SF = Rc / RS
=B/W
-1
x
Spreading
Code
=
Spreaded
Data
+1
-1
Bit / Symbol
modulation principle
e.g.:
GMSK: 1 / 1 (Bit/Symbol)
BPSK: 1 / 1
QPSK: 2 / 1
8PSK: 3 / 1
+1
-1
x
Spreading
Code
=
Bipolar
Data
Binary Data
+1
-1
+1
-1
1
1 Chip
B = bandwidth, spreaded
W = bandwidth, un-spreaded
RS: Symbol Rate [symb/s]
RB: Bit Rate [bit/s]
RC: Chip Rate [chip/s]
SF = Spreading Factor
GMSK: Gaussian Minimum Shift Keying
BPSK: Binary Phase Shift Keying
QPSK: Quadrature PSK
8PSK: Eight PSK
Fig. 10
17

UMTS
Siemen
Spreading / de-spreading An example

The example portrays CDMA transmission for two users. Orthogonal spreading
codes with a spreading factor of 2 are used for both users (1/2).
The original information of the two users (data users 1 and 2) are converted to bipolar
data (1 / 2) and multiplied by the spreading code (1 / 2).
The coded signals interfere with each other during transfer over the radio interface.
The receivers receive the overall signal (of both users). By multiplying the overall
signals with the spreading code (1 / 2) different data sequences (de-spread data
1 / 2) are obtained for users 1 and 2. The sequences are integrated during the
duration of a symbol. The information is interpreted as 1 for positive results and 0 for
negative results. The final result is the original information of the two users 1 / 2.
Integration / capacity restrictions

The integration of the data signals is an important component of the de-spreading
process. If a single coded signal of a user is multiplied by the correct code and then
integrated during the length of a symbol, information is obtained that can be clearly
interpreted. The higher the spreading factor, the clearer ("stronger") the information.
A high spreading factor therefore assures a high level of transmission security (but at
a lower data rate however).
If the coded signal of a user is multiplied by a different code and then integrated, a
zero is obtained for strict orthogonality of the codes i.e., the result cannot be
interpreted. With the quasi orthogonality used in practice there is little
"misinformation" when compared with the process of multiplying with the correct code
followed by integration. Care must be taken in practical applications to prevent the
sum of the "misinformation" from outweighing the strong (correct) information i.e.,
the system capacity is limited by the background noise from the transmissions of
other users.
18
Siemens
Spreading /
De-Spreading
Bipolar
Data 1
Example:
SF = 2;
2 user
Code 1
Code 1
= ( 1 / -1)
Spread
Data 1
Code 2
= ( 1 / 1)
Data User 1
+1
Bipolar
Data 2
-1
+1
Code 2
-1
+1
Spread
Data 2
-1
Data User 2
+1
-1
+1
-1
+1
-1
Receiver: 5 Spreaded Data; hier: 5 = 0 -2 -2 0 2 0

S Signals
(Receiver)
x
Code 1
=
De-Spread
Data 1
S Signals
(Receiver)
+2
0
-2
+1
Code 2
-1
+2
0
-2
De-Spread
Data 2
+2
after
Integration
+1
-1
+2
0
-2
+2
after
Integration -2
-2
User Data 1
+2
0
-2
User Data 2
Fig. 11
19
Siemens
UMTS

Siemen
2G CDMA example: IS-95

IS-95 was developed at the end of the 1980's/beginning of the 1990's and released in
1993 as the TIA standard (USA) for the 800-MHz range. The standard was revised in
1995 (IS-95A). The system was taken into commercial operation at the end of 1995.
Other TIA and ANSI standards are available as IS-95 variants for the 1900-MHz
range and for transmissions at higher data rates (up to 115.2 kbit/s).
MC-CDMA, one of the 3G systems evolving from IS-95, is based on IS-95
parameters.
IS-95 uses FDD for duplex transmission. The duplex distance in the 800-MHz range
is 45 MHz and 80 MHz in the 1900-MHz range.
IS-95 uses CDMA for multiplex access. The bandwidth B is 1.25 MHz. In practice, 3
carriers can be accommodated in 5 MHz of bandwidth under consideration of guard
bands.
The network is synchronized to within a few s using GPS signals.
The chip rate, Rc, used for IS-95 is 1.2288 Mchip/s. Orthogonal Walsh codes are
used as spreading codes. The spreading factor is 64. The spread information is
overlaid with so-called pseudo noise codes specific for the BTS and MS (the chip rate
is also 1.2288 Mchip/s). These pseudo noise codes have quasi orthogonal attributes.
QPSK is used for modulation in DL transmissions and BPSK in UL transmissions.
Fast Power Control is required for IS-95 CDMA. 800 power control cycles are carried
out per second.
Example CDMA:
IS-95 (2G)
Power P
time t
64 PN-Codes
1.25 MHz
IS-95 parameter:
FDD / CDMA
B = 1,25 MHz
Rc = 1,2288 Mchip/s
SF = 64
Modulation: QPSK / BPSK (DL / UL)
Power Control: 800 cycles/s
Duplex distance:
45 / 80 MHz at
800/1900 MHz
range (USA)
frequency f
Fig. 12
20
Siemens
UTRA: The UMTS Terrestrial Radio Access

UTRA Basics
Zone 4: Global
Zone 3: Suburban
MSS
Zone 2: Urban
Zone 1:
Indoor
Macro-cell
FDD
Micro-cell
Pico-cell
TDD
UTRA:
Fig. 13
21
Siemens
UMTS
3.1

Siemen
UTRA Conception & Harmonization
UTRA was technically conceived in different phases.
1st phase of the UTRA conception: Studies on UTRA

In the 1st phase proposals for multiplex methods were collected by the ETSI SMG2
and analyzed with regard to their possibilities and common features. The 1st phase
ended with the SMG#23 Plenary Session in 06/1997.
2nd phase of the UTRA conception: Concept evaluation

Based on the results of the 1st phase, 5 concepts were selected and named after the
first five letters in the Greek alphabet. Concept groups were assigned the task of
evaluating the different concepts. In addition, the SMG2 specified the general
requirements for UTRA in more detail in the 2nd phase. The phase ended with the
SMG#24 Plenary Session held in 12/1997. The 5 concepts were supported by
different groups with different interests (vendors, operators, regulatory bodies, etc.).
The >-concept (orthogonal FDMA: narrowband FDMA/TDMA allowing combination of
different carriers) and the C-concept (broadband TDMA with 1.6 MHz bandwidth and
an option for TS combination) were withdrawn even before this plenary session. It
was decided to adopt the A-concept (Opportunity Driven Multiple Access) as an
optional solution for subsequent supplementation of UTRA. ODMA supports packet
data transfer between the originating and destination locations via a network of
intermediate relay nodes.
The =-concept (pure CDMA with Rc = 4.096 Mchip/s) and @-concept (TDMA/CDMA
with a bandwidth of 1.6 MHz, Rc = 2.167 Mchip/s and GSM timing structure)
presented themselves at the SMG#24 session as UTRA solutions. In the SMG#24A
Plenary Session held on January 28 and 29, 1998, it was decided to use both
concepts for UTRA.
22
Siemens
UTRA Conception
(ETSI)
Principle
Principle
Supported
Supported by
by
aa--
W-CDMA
W-CDMA
Ericsson,
Ericsson, Nokia,
Nokia, pure CDMA
NEC,
NEC, Panasonic,
Panasonic, pure CDMA
FDD;
FDD; 4.096
4.096Mchip/s;
Mchip/s;
Fujitsu,
Fujitsu,
4,4
4,4 --5,2
5,2 MHz
MHz
Mitsubishi
Mitsubishi
bb--
OFDMA
OFDMA
Sony,
Sony, Telia,
Telia,
Lucent,
Lucent, Bosch
Bosch
TDMA/FDMA
TDMA/FDMA
gg--
W-TDMA
W-TDMA
Philips,
Philips, Nokia,
Nokia,
France
France Telecom
Telecom
TDMA
TDMA
TDTDCDMA
CDMA
UMTS-Alliance:
UMTS-Alliance:
TDMA & CDMA
Siemens,
Siemens, Bosch,
Bosch, TDMA & CDMA
FDD/TDD
Alcatel,
T-Mobil,
Alcatel, T-Mobil, FDD/TDD
2.267Mchip/s;
Mchip/s; 1,6
1,6 MHz;
MHz;
Motorola,
Motorola, Nortel,
Nortel, 2.267
TS
TS // Frame
Frame wie
wie GSM
GSM
Italtel
Italtel
ODMA
ODMA
Vodaphone,
Vodaphone,
Swiss
SwissTelecom
Telecom
Phase 1:
UTRA studies
(1996 - 06/97)
concept
concept
Selection of
5 concepts:
concept
concept
a-e
Phase 2:
Evaluation
(06 - 12/97)
concept
concept
dd--
concept
concept
Selection of
a & d- Concept
(01/98)
ee--
concept
concept
Remarks
Remarks
option
option for
for
aa and
and dd
Fig. 14
23
UMTS
Siemens
Siemen
3rd phase of the UTRA conception: Harmonization

It was decided during the SMG#24A Plenary Session to use the =-concept for the
paired bands in UMTS i.e., as UTRA FDD mode. The @-concept was to be used for
the UMTS unpaired bands i.e., as UTRA TDD mode. Both modes were harmonized
with each other by 06/1998 with the consequence that dual mode operation
(FDD/TDD) presents no problems. Both modes were designed in such a way that
handover to GSM is unproblematic. The bandwidth of both modes is 5 MHz, including
the guard bands. 4.096 Mchip/s was selected as the Rc.
The modes were also harmonized in the 3rd phase with the IMT-2000 proposal from
ARIB (Japan), who supported the original =-concept as observers in ETSI.
The 3rd phase ended with the submission of the harmonized proposals by ETSI
(UTRA FDD & TDD) and ARIB (WCDMA) to the ITU.
In the period following, the newly founded standardization project, the 3GPP, in which
experts from ETSI (Europe), ARIB (Japan), TTA (South Korea), ANSI T1P1 (USA)
and CWTS (China) participate, took over responsibility for completion of the UMTS
Standard.
Harmonization of UTRA with cdma2000
The TIA (USA) proposal 'cdma2000' is intended as the 3G successors standard to
IS-95. The technical parameters of cdma2000 and IS-95 are therefore very similar
and ensure downward compatibility and handover between 2G IS-95 and 3G
cdma2000. 3.6864 Mchip/s (for DL) and 1.2288 Mchip/s (for UL) were selected as the
chip rates for cdma2000. In 06/1998 cdma2000 was also submitted as an IMT-2000
proposal to the ITU.
In the period following, major economic and patent law-related difficulties arose
between the groups involved in IS-95 / cdma2000 and GSM / UMTS (WCDMA). For
example, the different patents for CDMA and the 3G licensing in Europe and Asia
were contentious points. The USA threatened to invoke the WTO (World Trade
Organization) and block the work for approval of the IMT-2000 proposals in the ITU.
In order to put an end to the wrangling and to satisfy the requirements of an Operator
Harmonization Group (OHG), the 3GPP accepted an OHG proposal in 07/1999 for
harmonization of UTRA and cdma2000.
The result of the harmonization was as follows: UTRA TDD and FDD along with
cdma2000 are given similar parameters to allow the development of chipsets for
mobile stations for all three modes. The three modes are based on DS-CDMA and
can be accommodated in 5 MHz of bandwidth. The signaling is harmonized. The
following core differences still exist: UTRA can be used for non-synchronized
networks, MC-CDMA for synchronized. UTRA TDD and FDD use 3.84 Mchip/s as
chip rate; MC-CDMA n x 1.2288 Mchip/s.
24
Siemens
UTRA conception
& harmonisation
W-CDMA
a-concept
cdma2000
TD/CDMA
TDD
Phase 3:
harmonisation
(01 - 06/98)
ETSI-ARIB
harmonisation
(05/98)
TD/CDMA
d-concept
UTRA
FDD
UTRA
TDD
4,096 Mchip/s 5 MHz

Submission to ITU
(06/98)
harmonisation
UTRA - cdma 2000
(05 - 07/99)
UTRA
FDD
UTRA
TDD
5 MHz
3,84 Mchip/s
MC-CDMA
(FDD)
3,6864 Mchip/s
IMT-2000
Fig. 15
25
Siemens
UMTS Radio
3.2
Access: Basic Principles

Siemen
FDD / TDD Technical Parameters
UTRA TDD / FDD Common features

UTRA FDD and TDD modes were harmonized in many central areas for example:
l
Bandwidth B = 5 MHz (including guard bands)
Chip rate Rc = 3.84 Mchip/s
Modulation method: QPSK
Re-use = 1 (i.e., same frequency possible in neighboring cells)
Pulse shape
Timing structure (frame & TS duration described below)
Spreading codes: based on OVSF (Orthogonal Variable Spreading Factor) codes
UTRA TDD / FDD Differences

There are also differences in the following central aspects:
FDD uses pure WCDMA (DS-CDMA) for multiplexing. The information is transmitted
continuously spread over the entire bandwidth. The shortest duration of a
transmission is represented by a frame (10 ms).
TDD uses a hybrid solution of TDMA and WCDMA (DS-CDMA) as multiplex access.
Like in GSM, the subscriber information is sent in the form of single bursts. A TDMA
frame (10 ms) contains 15 timeslots (TS) that can contain bursts from different users
(CDMA component).
FDD uses spreading factors of 256 to 4 (UL) or 512 to 4 (DL); TDD uses factors of 16
to 1.
FDD mostly uses soft handover and TDD hard handover (described later).
The 3G TS 25.201 provides an overview of the major common features and
differences along with references to individual aspects.
26
Siemens
UTRA conception
& harmonisation
time t
TDD
FDD
15
Mode
Mode
Frame
Power P
Power P
time t
1
TS
frequency f
FDD & TDD harmonised in:

bandwidth: 5 MHz
chiprate: 3,84 Mchip/s
modulation: QPSK
Re-Use = 1
pulse form
time structure
Spreading Codes (OVSF)
OVSF: Orthogonal Variable Spreading Factor Codes
frequency f
FDD & TDD differences:

FDD
pure WCDMA
TDD
WCDMA & TDMA
(continuous transmission)
SF = 4 - 256 (DL - 512)
Handover: Soft
(Bursts: 15 TS / Frame)
SF = 1 - 16
Handover: Hard
UTRA
UTRAL1
L1General
GeneralDescription:
Description:
3G
3GTS25.201
TS25.201
Fig. 16
27
Siemens
UMTS
Siemen
Variation in data rate

UMTS allows flexible, dynamic variation of the data rate. The data rate can be varied
in different ways in the TDD and FDD modes.
In the FDD mode, the data rate can be varied by SF variation. SF can vary from 256
4 (UL) or from 512 4 (DL). This gives rise to symbol rates from 15 ksymb/s (UL)
or 7.5 ksymb(s) (DL) to 960 ksymb/s. This data rate can include the simultaneous
transmission of data belonging to different applications of the same subscriber. In
other words, multimedia applications are possible.
The data rate can be varied in the TDD mode by SF variation and combination of
timeslots (TS). SF can vary from 16 1, thus yielding symbol rates of 240 ksymb/s to
3.84 Msymb/s. These symbol rates must be regarded under consideration of the 15
timeslots, TS (TDMA component of the TDD mode). In this way, symbol rates from
16 ksymb/s to 256 ksymb/s are available to a subscriber using one TS by varying the
SF from 16 to 1. This transmission rate can be increased by combining multiple
timeslots in a TDMA frame for one user.
The data rate can also be increased in the TDD and FDD modes by allocating
multiple codes to one user (if the UE is capable of doing so). The allocation of
multiple codes is useful for different applications belonging to the same user that are
served simultaneously. A fine level of granularity of the data rate can be obtained in
this way.
Asymmetric allocation of frequency resources

Strongly asymmetric data streams in the UL and DL directions are expected,
particularly with regard to the mobile use of the Internet in 3G. Both UTRA modes
allow asymmetric transmission of subscriber data. The TDD mode enables network
operators to respond in a flexible manner to the asymmetry and to optimize how they
use their frequency resources. Different numbers of TS's can be used for UL and DL.
However, at least two of the 15 TS's must remain reserved for UL or DL (for different
TDD configuration options, refer to TS 25.221).
28
Siemens
time t
Power P
Data Rate
Variation
15
2
Data rate variation:

SF = 1 - 16
TS - combining
TDD
flexible
Switching Point
Example: UL
Asymmetric
UL/DL allocation !!
(min. 2 TS for DL/UL)

DL
frequency f
time t
Power P
FDD
Data rate variation:
SF = 4 - 256 (DL: 512)
SF =
Rc [chip/s] /
RS[symb/s]
frequency f
Fig. 17
29

UMTS
3.3

Siemen
UTRA Codes
The Spreading Code in UTRA is obtained multiplying two different code types: the
Channelization Code and the Scrambling Code.
Channelization Codes
Channelization codes are used to separate channels from the same source.
For DL this channelization means the separation of different users (or, to take it a
step further, different applications of different users) by the BTS.
For UL the channelization means the separation of different applications used
simultaneously by the same UE. Up to 6 different applications are theoretically
possible from individual UE.
The channelization codes for the TDD and FDD modes are Orthogonal Variable
Spreading Factor (OVSF) codes and have orthogonal attributes.
Scrambling Codes
Scrambling codes are used to separate different sources.
For DL this means the separation of different BTS's. Each cell has a scrambling code
to allow the UE to distinguish between neighboring cells. The scrambling codes are
not globally unique cell codes.
For UL the scrambling means the separation of different items of UE in a cell. The
scrambling codes are assigned to the UE by UTRAN.
FDD and TDD use different scrambling codes. So-called gold codes 10 ms in length
(= 38400 chips) are used periodically in FDD. In TDD, sequences of 16 chips are
used periodically.
TS 25.201 provide an overview of channelization and scrambling codes. Details on
the channelization and scrambling codes used for FDD and TDD can be found in TS
25.213 and TS 25.223.
30
Siemens
different
differentBTS:
BTS:
Scrambling
ScramblingCodes
Codes
UTRA
Codes
BTS
Channelisation
ChannelisationCode
Codeseparates
separates
UL
ULdifferent
differentapplications
applications
ofof11UE
UE(max.
(max.6;6;SF
SFvariable)
variable)
BTS
Channelisation
ChannelisationCode
Code
separates
separatesDL
DLdifferent
differentUE
UE
Spreading Code =
Channelisation Code
x Scrambling Code
different
differentUE:
UE:
Scrambling
ScramblingCodes
Codes
(RNC
(RNCallocated)
allocated)
(TS 25.201)
BTS
Spreading
Spreading&&Modulation:
Modulation:
TS
TS25.201
25.201(UTRA
(UTRAOverview)
Overview)
TS
TS25.213
25.213(FDD),
(FDD),
TS
TS25.223
25.223(TDD)
(TDD)
Channelization
ChannelizationCode:
Code:
separates
separatesphysical
physicalchannels
channels
DL:
channels
DL: channelsofofthe
thesame
sameBTS
BTS
UL:
channels
of
the
same
UL: channels of the sameUE
UE
Scrambling
ScramblingCode:
Code:
separates
separatessources
sources
DL:
DL:separates
separatesdifferent
differentBTS
BTS
UL:
separates
different
UL: separates differentUE
UEinin11cell
cell
Fig. 18
31
Siemens
UMTS Radio

Siemen
UTRA codes Structure of channelization codes

The channelization codes in the FDD and TDD modes are used for the actual
spreading process. The UTRA channelization codes are based on Orthogonal
Variable Spreading Factor (OVSF) codes of different lengths. A symbol of user
information is spread by a channelization code sequence with a specified length (=
spreading factor, SF) i.e., number of chips. Different data rates are obtained by
using different spreading factors, SF.
Channelization codes are generated as shown in the next diagram. The (1x1) start
matrix with the value "1" represents the channelization code with SF = 1. All other
matrices are successively constructed by 4-fold insertion of the preceding matrix.
Three of these matrices (top left and right, and bottom left) contain the original values
of the preceding matrix while the fourth (bottom right) contains the inverted matrix
value. The channelization codes of length n (SF = n) are obtained from the columns
of the corresponding matrix (n x n).
A code tree arises in which all codes of a particular length (SF = 1, 2, 4, 8,..., 512)
are orthogonal to each other.
If you take codes that are 256 long, there are 256 different orthogonal codes for 256
different users / applications for FDD DL, for example (ignoring the codes for
signaling), with 15 ksymb/s. In contrast, there are only 4 orthogonal codes of length 4
(SF = 4) with which 960 ksymb/s can be obtained.
Note the following: codes of different lengths in the same branch of a code tree are
not orthogonal. For this reason, codes of different lengths from the same branch are
not permitted to be allocated. A code assigned from a branch of the code tree blocks
all other codes of increasing or decreasing length on the same branch.
32
Siemens
Scrambling Codes:
UTRA
Codes
SF = 1
FDD: for BTS / UE Gold Codes;

10 ms period (1 frame = 38400 chip)
TDD: for BTS / UE 16 Chip long,
pre-defined sequences
SF = 2
SF = 4
SF = 256
CC256,0
CC256,1
CC4,0 = (1,1,1,1)
CC256,2
CC2,0 = (1,1)
CC4,1 = (1,1,-1,-1)
CC1,0 = (1)
CC4,2 = (1,-1,1,-1)
CC2,1 = (1,-1)
CC256,254
CC256,255
CC4,3 = (1,-1,-1,1)
Channelization Codes (CCn,m) = OVSF Codes

CCn,m generation:
from columns in CCn
CC1 = (1)
CC2 =
1 1
1 -1
CCn =
CCn/2 CCn/2
CCn/2 -CCn/2
OVSF =
Orthogonal Variable
Spreading Factor
Fig. 19
33
Siemens
UMTS
3.4

Siemen
UTRA Timing Structures
Chip
The shortest unit of time used in UTRA corresponds to the duration of a chip. Since a
chip rate of 3.84 Mchip/s is used, the duration of a chip is about 260.4 pico
seconds (ps).
Timeslot (TS)
A UTRA timeslot (TS) is defined as the length of 2560 chips: this corresponds to
duration of 2/3 ms. A timeslot is the shortest repetitive period in UTRA.
A timeslot for the TDD mode means the time frame allowed by an HF burst.
In the FDD mode specific information is exchanged cyclically between the UE and
network. An example of this is the power control information (Transmit Power Control
TPC).
Frame
A UTRA frame is defined by the duration of 10 ms. A frame therefore contains 15
timeslots.
In the TDD mode, a frame is identical with the TDMA frame i.e., the cyclical
repetitive pattern of the time slots.
In the FDD mode, a frame is the shortest possible transmission duration. Short data
packets for setting up a connection, for transmission of SMS messages or packetswitched data packets are at least one frame in duration.
UTRA is a radio access solution allowing data rates that are not only flexible, but that
can also be dynamically adapted. A frame is likewise (for TDD and FDD) the shortest
period of time for changing the transmission rate.
Superframe
A UTRA superframe is defined as the duration of 72 frames i.e., 720 ms.
A superframe is the counting period for defining physical channels. Since it exactly 6
times longer than a traffic channel (TCH) multiframe in GSM (= 120 ms), it enables
adaptation of the timing patterns between UMTS and GSM as is essential for intersystem handover between the two systems.
34
Siemens
UTRA
time
structure
Chip
shortest information unit in CDMA
1/3.840.000 s 260.4 ns
2560 chips
Time Slot
TS
TDD: TS contains 1 Burst

FDD: cyclic repetition of
control information (e.g. TPC)
2/3 ms
Frame f
TS#0 TS#i
TS#14
10 ms
Superframe
f#1
f#i
f#72
TDD: TDMA frame

FDD: shortest transmission duration
TDD & FDD: shortest pattern
data rate adaptation
TDD & FDD: Counting period for

Def. Physical channels
Handover to GSM
(GSM TCH Multiframe = 120 ms)
720 ms
Fig. 20
35
Siemens
UMTS
3.5

Siemen
Summary Key UTRA Parameters
Both UTRA modes (FDD and TDD) require a bandwidth B = 5 MHz.
Both modes have the same chip rate: Rc = 3.84 Mchip/s.
Both modes use a spreading code consisting of a channelization code and

scrambling code for spreading user data.
The spreading factors (SF) indicate the ratio between the user information
(symbol) and the number of chips used for spreading the symbol.
SF's from 1 16 are used in the TDD mode, SF's from 4 256 (UL) or 4 512
(DL) in the FDD mode for varying the data rates.
The TDD and FDD use the same timing structures:
a timeslot (TS) has 2560 chips and a duration of 2/3 ms
a frame has 15 TS's and a duration of 10 ms
a superframe has 72 frames and a duration of 720 ms.
The main difference between the UTRA FDD and MDD modes is in the multiplex
methods used:
l
The FDD mode uses pure DS-CDMA i.e., broadband, continuous transmission
(minimum transmission duration: 1 frame = 10 ms).
The TDD mode uses a hybrid solution of TDMA and DS-CDMA i.e., broadband
but bursty transmission. The duration of a burst is one timeslot.
36
Siemens
UTRA
Key Parameters
bandwidth B = 5 MHz
chiprate Rc = 3,84 Mchip/s
SF = Rc / RS = 1 - 16 (TDD)
4 - 256/512 (FDD)
Spreading Code =
Channelisation Code x Scrambling Code
1 TS = 2/3 ms = 2560 chip

1 frame = 10 ms
1 Superframe = 72 frames
TDD: bursty structure (TS)
FDD: continuous transmission ( 10 ms)
Fig. 21
37
Siemens
MC-CDMA / UTRA / TD-SCDMA Comparison

UTRA Basics
GSM
IS-95
Downward compatible/
Handover possible
Downward compatible/
Handover possible
UTRA
FDD
UTRA
TDD
MC-CDMA
(FDD)
harmonisation
(chipsets possible for UTRA TDD, FDD & MC-CDMA mode)
IMT-2000
MC-CDMA / UTRA / TD-SCDMA

Comparison
Fig. 22
38
Siemens
UMTS
Siemen
MC-CDMA / UTRA comparison

UMTS as the 3G successor standard to GSM and MC-CDMA as the 3G successor
standard to IS-95 have been harmonized with each other as much as possible. The
harmonization is intended to facilitate the development of chipsets for UE that can
access these three major terrestrial IMT-2000 modes.
MC-CDMA is downward-compatible with IS-95 B. As in IS-95, the chip rate is
1.2288 Mchip/s and the carrier bandwidth is 1.25 MHz. However, n carriers (where
n = 1, 3, 6, 9, 12) can be commonly used for a user connection in DL transmissions.
The data is demultiplexed in this case on n carriers and can therefore be transmitted
simultaneously.
In contrast for UL, the DS-CDMA principle is used with a carrier transmission rate of
n x 1.2288 Mchip/s and a bandwidth of n x 1.25 MHz.
3 MC-CDMA carriers, including two guard bands, each 625 kHz wide, can be used in
a 5-MHz frequency band. Frequency bands that until now were used for 2G systems
can therefore be replaced in this way by MC-CDMA.
MC-CDMA uses the same modulation method as UTRA (QPSK).
Orthogonal Walsh codes of variable length (comparable to UTRA) are used as
channelization codes for spreading.
The result is finally superimposed with a PN sequence to distinguish it from
neighboring base stations. This PN sequence is identical to that used for IS-95. This
also represents a reason for the compatibility between IS-95 and MC-CDMA. One
sequence is sufficient to distinguish between the base stations in IS-95 and MCCDMA since both systems (Global Positioning System GPS) have synchronized
networks. The offset of the PN sequence is used for clear distinction of the
neighboring base stations.
In contrast to this, UTRA FDD and TDD networks are, like GSM networks, not
synchronized. As a result, they are not dependent on other systems (e.g., GPS).
Consequently, different scrambling codes are needed to distinguish between
neighboring base stations.
39
Siemens
MC-CDMA / UTRA
MC-CDMA
Carrier
Guard Band
625 kHz
1,25 MHz
1,25 MHz
1,25 MHz
DL
625 kHz
Rc =
1,2288 Mchip/s
n Carrier
n = 1, 2, 3,
6, 9, 12
Rc =
2,4576 Mchip/s
Rc =
1,2288 Mchip/s
1
UL
Rc =
3,6864 Mchip/s
4
n-fold
chip rate
5
MHz
DS-CDMA: UTRA TDD & FDD

Carrier
UL
&
DL
Rc =
3,84 Mchip/s
1
MHz
Fig. 23
40
Siemens
UMTS Radio

Siemen
TD-SCDMA / LCR-TDD mode

From UMTS Release 4 on, a new RTT option, which has originally been developed
by the Chinese SDO CATT, is included into the UMTS standard: Time Division Synchronous CDMA. TD-SCDMA is included as a second TDD option with a lower
chip rate. Therefore, it is called Low Chip Rate TDD mode (LCR-TDD).
The key characteristics of LCR-TDD are:
l
Bandwidth: 1.6 MHz
Chip Rate: 1.28 Mchip/s
Spreading Factor: 1, 2, 4, 8, 16
Radio Frame Length: 10 ms, subdivided into two 5 ms sub-frames
Time Slot: 0.675 ms duration; 7 TS per sub-frame
Data Rate Variation: SF-variation; TS combining; change of modulation;

theoretically, a maximum of 2 Mbit/s can be supported
Modulation: QPSK (Quadrature Phase Shift Keying) and 8PSK (8 Phase Shift
Keying)
These key parameters are taken from UMTS R'4 TS 25.223.
TD-SCDMA
Carrier Bandwidth
1.6 MHz
TD-SCDMA =
UMTS R`4
Option
LCR-TDD
Mode
Chip Rate
1.28 Mchps
Spreading Factors
1, 2, 4, 8, 16
Radio Frame Length (divided into 2 sub-frames)

Timeslots
Variable Data Rates
Modulation
10 ms
(each sub-frame 5 ms)
675 ms
supported
QPSK & 8PSK
R`4
R`4
TS
TS25.223
25.223
Fig. 24
41
Appendix
Appendix
Siemens
Appendix
Contents
1
2
Appendix 1: References
Appendix 2: Abbreviations
23
45
Appendix
Siemens
Appendix 1: References
Books:
l
V.K.G. Garg, K.F. Smolik, J.E. Wilkes, Applications of CDMA in Wireless/Personal

Communications, Feher / Prentice Hall digital and wireless communications series
(1997) ISBN 0-13-572157-1
A.J. Viterbi: CDMA: Principles of Spread Spectrum for third Generation Mobile
Communication (1995), ISBN 0-201-63374-4
T. Ojanper, R. Prasad: Wideband CDMA for third Generation Mobile

Communication, (1998) ISBN 0-89006-735-X
R. Prasad, W. Mohr, W. Konhuser, Third Generation Mobile Communications

Systems, Artech House Publishers (2000) ISBN 1-58053-082-6
H. Holma, A. Toskala, WCDMA for UMTS, John Wiley & Sons, Ltd. (2000); ISBN
0-471-72051-8
T. Ojanper, R. Prasad, "Wideband CDMA: Towards IP Mobility and Mobile

Internet", Artech House Publishers (2001) ISBN 1-58053-180-6
J. Korhonen: "Introduction to 3G Mobile Communications", Artech House

Publishers (2001) ISBN 1-58053-287-X
Heikki Kaaranen, Naghian Siamak, "UMTS Network: Architecture, Mobility and

Services", Wiley, (2001) ISBN 0-47148-654-X
Magazines:
l
Funkschau
Gateway
Mobilcom
pcmobil
Mobile Computer
Amtsblatt der Regulierungsbehrde fr Telekommunikation und Post
SMG News (ETSI)
Siemens
Appendix
Appendix
Siemen
3G Internet addresses:
l
http://www.3gpp.org
http://www.3gip.org
http://www.itu.int/imt
http://www.etsi.org
http://www.umts-forum.org
http://www.gsmworld.com
http://www.cdg.org
Siemens
Appendix
Appendix 2: Abbreviations
Abbreviations used in this document or other documents according to the theme

UMTS.
AAL
ATM Adaptation Layer
AC
ACCH
Associated Control CHannel
ACE
Antenna Coupling Equipment
ADC
Analog to Digital Converter
AGCH
AICH
Acquisition Indication Channel
AMR
Adaptive MultiRate speech
AMX
ATM MultipleXer
AMPS
Advanced Mobile Phone Services
ANSI
American National Standards Institute (USA)
AP
Application Part
ARFCN
Absolute Radio Frequency Channel Number
ARIB
Association of Radio Industries and Business (Japan)
ARQ
Automatic Repeat reQuest
ASCI
Advanced Speech Call Items
ASN
ATM
AUC
AUthentication Center
Siemens
Appendix
Appendix
Siemen
BA
BCCH Allocation
BCC
Base transceiver station Color Code
BCCH
Broadcast Control CHannel
BCH
Broadcast CHannel
BER
Bit Error Rate
BMC
Broadcast / Multicast Control
BPSK
Binary Phase Shift Keying
BS
Base Station
BSC
BSIC
Base transceiver Station Identity Code
BSS
Base Station System
BSSAP
Base Station System Application Part
BSSMAP
Base Station System Management Application Part
BTS
Siemens
Appendix
CA
Cell Allocation
CAMEL
Customized Applications for Mobile network Enhanced Logic
CAP
CAMEL Application Part
CATT
China Academy of Telecommunication Technology (China)
CC
Call Control
CC
Country Code
CCCH
CCH
Control CHannel
CCITT
Comit Consulatif International Tlphonique et Tlgraphique
CCS7
Common Channel signaling System No. 7
CCU
Channel Coding Unit
CDMA
CEPT
Conference Europene des Postes et Telecommunication
CGI
CI
Cell Identity
CN
Core Network
CP
Call Processing
CPCH
Common Packet Channel
CPICH
Common Pilot Channel
CS
Coding Scheme
CS
Circuit Switched
CSCF
Call State Control Function
CTCH
Common Traffic Channel
CUG
Closed User Group
Siemens
Appendix
Siemen
Appendix
D-AMPS
Digital AMPS
DCCH
DCH
Dedicated Channel
DCS1800
Digital Cellular System in the 1800 MHz band
DECT
Digital Enhanced Cordless Telephone
DL
Down Link
DPCCH
Dedicated Physical Control Channel
DPCH
Dedicated Physical Channel
DPDCH
Dedicated Physical Data Channel
DRNS
Drift RNS
DRX
Discontinuous Reception
DS-CDMA
Direct Sequence CDMA
DSCH
DL Shared Channel
DTAP
Direct Transfer Application Part
DTCH
Dedicated Traffic Channel
DTX
Discontinuous Transmission
EFR
Enhanced Full Rate speech
EIR
Equipment Identification Register
ERC
European Radiocommunication Committee
ERMES
European Radio MEssage System
ESA
European Space Agency
ETSI
Siemens
Appendix
FAC
Final Assembly Code
FACCH
Fast Associated Control CHannel
FACH
Forward Access Channel
FB
Frequency correction Burst
FCCH
Frequency Correction CHannel
FDD
Frequency Division Duplex
FDMA
FEC
Forward Error Correction
FN
Frame Number
FPLMTS
Future Public Land Mobile Telecommunication System (
FR
Frame Relay
FR
Full Rate speech
FRAMES
Future RAdio wideband MultiplE access Systems
GEO
GEostationary Orbital
GGSN
GMM
Global Multimedia Mobility
GMPCS
Global Mobile Personal Communication Systems
GMSC
Gateway MSC
GMSK
Gaussian Minimum Shift Keying
GP
Guard Period
GPRS
General Packet Radio Service
GPS
Global Positioning System
GSM
GTP
GPRS Tunneling Protocol
Siemens
Appendix
Appendix
Siemen
HCR-CDMA
High Chip Rate CDMA
HCS
Hierarchical Cellular Structures
HEO
High Elliptic Orbit
HLR
HO(V)
HandOver
HPLMN
Home PLMN
HSCSD
High Speed Circuit Switched Data
HSS
Home Subscriber Server
IAM
Initial Address Message
ICO
Intermediate Circular Orbits
ID
IDentification
ID
IDentity
IMEI
IMSI
IMT-2000
International Mobile Telecommunications-2000
IN
Intelligent Network
Inmarsat
INternational MARitime SATellite
IP
Internet Protocol
ITU
IP
Internet Protocol
IP
Intelligent Peripheral
ISDN
Integrated Services Digital Network
ISP
ISUP
ISDN User Part
IWE
InterWorking Equipment
IWF
IWUP
InterWorking User Part
Siemens
Appendix
JD
Joint Detection
JDC
Japanese Digital Cellular
Kc
cipher Key
Ki
individual subscriber authentication Key
LA
Location Area
LAI
LAN
Local Area Network
LAPDm
Link Access Protocol on the Dm channel
LCR-CDMA
Low Chip Rate CDMA
LEO
Low Earth Orbital
LES
Land Earth Station
LIC
LMT
LR
Location Register
10
Siemens
Appendix
Appendix
Siemen
MAC
Medium Access Control
MAP
MARISAT
MARItime SATellite
MBS
Mobile Broadband System
MCC
Mobile Country Code
ME
Mobile Equipment
MExE
Mobile station application Execution Environment
MG
Media Gateway
MGCF
Media Gateway Control Function
MM
Mobility Management
MMI
Man Machine Interface
MML
Man Machine Language
MNC
Mobile Network Code
MOC
Mobile Originating Call
MP
Main Processor
MS
Mobile Station
MSC
Mobile services Switching Center
MSISDN
Mobile Station international ISDN number
MSP
Multiple Subscriber Profile
MSRN
Mobile Station Roaming Number
MSS
MT
Mobile Termination
MTP
MTC
Mobile Termination Call
MTP
MUX
MUltipleXer
11
Siemens
Appendix
NB
Normal Burst
NBAP
Node B Application Part
NCC
Network Color Code (PLMN color code)
NDC
NMT
Nordic Mobile Telephone
NSS
Network Switching Subsystem
O&M
OACSU
Off Air Call Set Up
ODMA
Opportunity Driven Multiple Access
OFDMA
Orthogonal Frequency Division Multiple Access
OMC
OMC-B
Operation & Maintenance Center for BSS
OMC-S
Operation & Maintenance center for SSS
OSS
Operation SubSystem
OVSF
Orthogonal Variable Spreading Factor codes
12
Siemens
Appendix
Appendix
Siemen
PA
Power Amplifier
PACS
Personal Access Communication System
PC
Power Control
PCCH
Paging Control Channel
P-CCPCH
Primary Common Control Physical Channel
PCH
Paging Channel
PCM
PCPCH
Physical Common Packet Channel
PCU
Packet Control Unit
PDA
Personal Data Assistant
PDC
Personal Digital Cellular (Japan)
PDCP
Packet Data Convergence Protocol
PDN
Packet Data Network
PDSCH
Physical DL Shared Channel
PHS
Personal Handy System (Japan)
PICH
Page Indication Channel
PIN
Personal Identification Number
PLMN
PMR
PP
Point-to-Point
PRACH
Physical Random Access Channel
PSTN
Public Switched Telephone Network
QOS
Quality Of Service
QPSK
Quaternary Phase Shift Keying
13
Siemens
Appendix
RA
Rate Adaptation
RACH
Random Access CHannel
RANAP
Radio Access Network Application Part
RAND
RANDom number
REQ
REQuest
RES
RESponse
RF
Radio Frequency
RFC
Radio Frequency Channel
RFCH
Radio Frequency CHannel
RFCN
Radio Frequency Channel Number
RLC
Radio Link Control
RNC
Radio Network Controller
RNS
Radio Network Subsystem
RNSAP
Radio Network Subsystem Application Part
RRC
Radio Resource Control
RRM
RSS
Radio SubSystem
RX / Rx
Receiver
14
Siemens
Appendix
Siemen
Appendix
SACCH
Slow Associated Control CHannel
SAP
Service Access Point
SAPI
Service Access Point Indicator
SB
Synchronization Burst
SCCP
S-CCPCH
Secondary Common Control Channel
SCE
Service Creation Environment
SCH
Synchronization CHannel
SDCCH
Stand- alone Dedicated Control CHannel
SF
Spreading Factor)
SFH
Slow Frequency Hopping
SGSN
Service GPRS Support Node
SIM
Subscriber Identity Module
SM
Security Management
SMG
SMP
Service Management Point
SMS
Short Message Service
SN
Subscriber Number
SN
Switching Network
SP
Signaling Point
SP
Server Processor
SP
Switching Point
SS
Supplementary Services
SSF
Service Switching Function
SSP
STP
Signaling Transfer Point
SW
Software
15
Siemens
Appendix
T1
Standards Committee T1 Telecommunications
TA
Terminal Adaptor
TAC
Type Approval Code
TACS
Total Access Communication System
TB
Tail Bit
TCAP
Transaction CApability Part
TCH
Traffic CHannel
TCP
Transmission Control Protocol
TD-CDMA
Time Division CDMA
TDD
Time Division Duplex
TDMA
TS-SCDMA Time Division Synchronous CDMA

TE
Terminal Equipment
TETRA
TErrestrial Trunked Radio Access
THSS
Time-Hopping Spread Spectrum
TIA
Telecommunication Industry Association
TMN
Telecommunication Management Network
TMSI
Temporary Mobile Subscriber Identity
TRAU
Transcoding and Rate Adaptation Unit
TRX
TRansceiver
TS
Tele Service
TS
TimeSlot
TTA
Telecommunications TechnologyAssociation (South Korea)
TTC
Telecommunication Technology Committee (Japan)
TX / Tx
Transmitter
16
Siemens
Appendix
Siemen
Appendix
UDP
User Datagram Protocol
UE
User Equipment
UL
UpLink
UMTS
Universal Mobile Telecommunications System
UP
User Part
USIM
UMTS Subscriber Identity Module
UTRA
UTRAN
UMTS Terrestrial Radio Access Network
UWC-136
Universal Wireless Communication
VAD
VBR
Variable Bit Rate
VBS
VHE
VLR
Visited (visitor) Location Register
VMSC
Visited MSC
VoIP
Voice over Internet Protocol
VPLMN
Visited PLMN
WAN
Wide Area Network
WAP
WARC
W-CDMA
Wideband CDMA
WLL
Wireless Local Loop
17
Fast link dependent scheduling

methods
y Round Robin (RR)
y Cyclically assign the channel to users without taking channel
conditions into account

y Simple but poor performance
y Proportional Fair (PF)

y Assign the channel to the user with the best relative channel quality
y High throughput, fair
y Max C/I Ratio

y Assign the channel to the user with the best channel quality
y High system throughput but not fair
Fast hybrid ARQ
Fast hybrid ARQ schemes

y Chase combining : each retransmission is an identical copy
of the original transmission.
y Incremental Redundancy : each retransmission may add
new redundancy
Fast link dependent scheduling
HSDPA channel structure
HSDPA channel structure

y HS-DSCH - High-Speed Downlink Shared Channel:
y
transport channel that carries the user data.
y HS-PDSCH - High-Speed Physical Downlink Shared Channel:

y
physical downlink channel that carries the user data and layer 2 overhead bits over
the air interface.
y HS-SCCH - High-Speed Shared Control Channel (s):

y
physical downlink channel that carries control information how to decode the
information on HS-PDSCH and which UE that shall decode it.
y HS-DPCCH - High-Speed Dedicated Physical Control Channel:

y
physical uplink channel to send ACK/NAK reports and channel quality reports
y A-DCH (DPDCH+DPCCH) - Associated Dedicated Channel
uplink HS-DPCCH
y The uplink HS-DSCH-related physical-layer signaling
consists of:
y Acknowledgements for hybrid ARQ
y Channel Quality Indicator (CQI), i.e., information reflecting
the instantaneous downlink radio-channel conditions to assist
the Node B in the transport-format selection (fast link
adaptation) and the scheduling
Information carried on HS-DPCCH

y HS-DPCCH carries ACK/NAK and CQI from UE to RBS
y one HS-DPCCH for each user in the cell
y ACK/NAK
y single bit, repetition coded to 10 bits (1 slot)
y CQI (Channel Quality Indicator)

y 5 bits coded to 20 bits (2 slots)
y channel quality measurements based on CPICH
y reporting rate is configurable through RRC/NBAP signaling
y ACK/NAK and CQI can be repeated in multiple subframes

y controlled by RRC/NBAP signaling
y useful in soft handover scenarios
HS-DPCCH power control

y Important to secure good success rate of ACK/NAK and CQI
transmission while keeping UL interference under control

y ACK, NAK, CQI power offsets with relation to DPCCH set by RRC
signaling
y Two independent mechanisms:
1. Two sets of power offsets (ACK, NAK and CQI) are configured per
cell in RNC
y
y
RNC reconfigures UE depending on number of RBS involved

Configuration changed at cell change and possibly after active set update
2. RBS initiates update of ACK/NAK and CQI feedback cycles based

on CQI detection performance
Hybrid ARQ Processes

y One HARQ entity per user
y Each HARQ entity consist of up to 8 HARQ processes
y multiple HARQ processes allows continuous transmission to a single user
y separate reordering function needed to support in-order delivery
y (P2 correctly received before P1 in figure below)
A-DCH, Associated Dedicated

Channel
y One A-DCH per HSDPA enabled terminal in the cell
y A-DCH is mapped on physical channels DPDCH and
DPCCH
y A-DCH DL
y 3.4 kbps SRB (control signalling: RRC & NAS)
y A-DCH UL
y 384 kbps (or 64 kbps) DCH
y 3.4 kbps SRB (control signalling: RRC & NAS)
y UL data transmission
Dedicated Physical Control and Data

Channel (Uplink)
Dedicated Physical Control and Data

Channel
DPCCH/DPDCH (Downlink)
Transport Channels and Physical

Channels
Transport Channels and Physical

Channels
HSDPA summary

Mobile Package-Telecom Egypt

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Mobile Package-Telecom Egypt

Încărcat de

Drepturi de autor:

Formate disponibile

TRAINING SECTOR

GENERAL DEPARTMENT FOR

This document consists of 196 pages.

History of Mobile Communications

1873: J.C. Maxwell - electromagnetic wave theory

1887: H. Hertz - experimental proof of the existence of electromagnetic waves

1895: A. Popow - first receiver with antenna for weather reports

1895: G. M. Marconi - first wireless transmission using spark inductor generated

1897: Marconi Wireless Telegraphy Company" founded

1901: First transatlantic transmission (Marconi)

1906: First speech & sound transmission (Lorenz AG / Deutsche Telefunken

1909: First radio broadcast (New York, Caruso)

History of Mobile Communications

Single Cell Systems

An operator was needed to connect calls within the wireless network.

Single Cell Systems:

Innovations in Mobile Radio Communications

reduction of hardware costs

very limited telephone network capacity.

Quantum Leap in Mobile Communications:

First Generation (1G) Cellular Mobile Radio Systems

First Generation Cellular Mobile Radio Systems

Second Generation (2G) Cellular Mobile Radio Systems

Portable Mobile Equipment

2nd Quantum Leap:

Digital GSM technology.

Digital GSM technology.

Example: Mobile Subscriber in Germany

GSM (D1, D2)

Subscriber trends (Example):

Limits of the First Generation Mobile Radio Systems

The GSM History

1984 86: Various technical possibilities are compared in order to achieve an

1986: A permanent core of experts is employed.

1988: The ETSI (European Telecommunication Standards Institute) is founded;

1990: GSM900 Standard (Phase 1) is adopted. DCS1800 Standard (Phase 1) is

1992: Commercial introduction of many large GSM900 networks.

1993: Work begins on updating the GSM900/DCS1800 standards: GSM Phase 2.

1996: Worldwide success of GSM Standard; used in more than 50 countries.

Core of experts meets continuously

Phase 2+: Annual Release `96

The GSM Technical Guideline

The GSM Recommendations

Series 01: General

12 Series; each max. 100 Rec.:

Series 02: Service Aspects

e.g. GSM Rec. 08.07

Series 03: Network Aspects

Series 12: Operation & Maintenance

The Evolutionary Concept

GSM: Evolutionary Concept

New services e.g.

Adaptations of the GSM Standard

915 921 925

450.4 457.6 / 460.4 467.6

1785 1805 1850

478.8 486 / 488.8 - 496

890 - 915 / 935 - 960

1710 - 1785 / 1805 - 1880

1850 - 1910 /1930 - 1990

876 - 880 / 921 - 925

different network operators,

Current Situation, Market & Trends

Wireless Local Loop