Mobile Package 2010

TRAINING SECTOR
GENERAL DEPARTMENT FOR

PLANNING & DEVELOPING PROGRAMS
Contents
- GSM Introduction
- CDMA Overview
- GPRS Introduction
- UMTS Introduction
- HSDPA for WCDMA

TRAINING SECTOR
Introduction 1
Transmission Principles 2
GSM PLMN 3
Sub-sections
Procedures 4
GSM Introduction
Radio Interface 5
Appindex 6
GSM Introduction
Sub-section reference
Sub-section identification Pages

1 Introduction 1 - 44
2 Transmission Principles 1 - 37
3 GSM PLMN 1 - 32
4 Procedures 1 - 38
5 Radio Interface 1 - 31
6 Appendix 1 - 14
This document consists of 196 pages.

Chapter 1
Introduction
Introduction
Introduction
Contents
1 History 2
2 GSM 15
3 Current Situation, Market & Trends 27
Introduction Siemens
1 History
Introduction
History
Fig. 1
2
Siemens Introduction
History of Mobile Communications

“Mobile Communication” is much older than many people think. There have been
diverse "acoustic and optic means of remote information transfer" in the most varied
cultures and stages of civilization on all populated continents. The range of
information transfer was very limited and the quality of the messages was affected by
outer conditions such as the weather. In order to increase the range of information
transfer in these times, transit stations were in part systematically constructed.
Beginnings of Electronic Communications

l Telegraph: S.F.B. Morse: 1843 First experimental telegraph line: Washington -
Baltimore
l Telephone: Phillip Reis 1861: First speech transmission by cable / A. G. Bell: 1876
World Exhibition, Philadelphia
At first electronic communications was possible only via wire i.e. by means of fixed
(immobile) connections, forerunners of today's Fixed Network Connections. Initially
an operator ("switchboard girl") was needed to establish these fixed physical
connections for the caller manually at the central office. The first automatic
exchanges were first put into service in the mid-1920s.
Radio Communications
Radio connections were first used for Wireless Communications in the late 19th
century; information was sent via "ether".
l 1873: J.C. Maxwell - electromagnetic wave theory
l 1887: H. Hertz - experimental proof of the existence of electromagnetic waves
l 1895: A. Popow - first receiver with antenna for weather reports
l 1895: G. M. Marconi - first wireless transmission using spark inductor generated
HF waves (Morse code)
l 1897: “Marconi Wireless Telegraphy Company" founded
l 1901: First transatlantic transmission (Marconi)
l 1903: "Deutschen Telefunken GmbH" founded by AEG and Siemens & Halske
l 1906: First speech & sound transmission (Lorenz AG / Deutsche Telefunken
GmbH)
l 1909: First radio broadcast (New York, Caruso)
3
History of Mobile Communications

Electronic
The beginnings: "archaic mobile communication" communication:
• visual transmission (smoke/light signals,...) "terrestrial network"
• audible transmission (drums, horns,...)
• Telegraph
1st telegraph line 1843
Washington - Baltimore
• Telephone
P. Reis 1861
A.G. Bell 1876
World Exhibition Philadelphia
Radio transmission:
1873 Maxwell‘s theory of electromagn. waves
1887 H. Hertz: experimental proof
1895 Marconi: 1st wireless transmission
1901 1st transatlantic transmission
1903 Dt. Telefunken GmbH: AEG, Siemens& Halske
1906 1st speech and sound transmission
1909 1st radio broadcast
1917 1st mobile transmission: radio station - train
Fig. 2
4
Connection Types
There are two principles for radio connections:
Simplex Connection
Simplex connections are a "one-way street" for communication in the form of (mostly
fixed) transmitters and mobile receivers. This has been realized as e.g. (broadcast)
radio and television. But simplex connections are also used for direct communication
exchange i.e. two-way communication using stations which can be used both as a
transmitter and a receiver (e.g. walkie-talkies). However the equipment (transmitting /
receiving stations) cannot transmit and receive simultaneously. The call cycles or call
intervals are determined by prior agreement or personal code words ("over").
Duplex Connections
Duplex connections signify two-way communication. Users can transmit and receive
messages simultaneously. An example of an early duplex connection is radio
telegraphy.
Simplex Connection:
Over transmit or receive
Duplex Connection:
simultaneous
transmission and reception
Fig. 3
5
Single Cell Systems

The first Mobile Telephone Service to offer duplex connections comparable to fixed
network based telephone services started in 1946 as a car phone service in St.
Louis, Missouri. Comparable mobile telephone services appeared in post-war Europe
some years later.
Problems in early mobile (car) telephone services (late 1940s/early 1950s):
l An operator was needed to connect calls within the wireless network.
l The equipment required was extremely heavy, bulky (therefore only feasible as a
car phone service) and expensive.
l The service range was limited to the area that could be covered by a single
transmitting or receiving station (single cell system).
l The HF frequency range available was (is) very limited; it had to be (and still has
to be) distributed among competitors (e.g. the military, radio, and television).
The result was limited capacity, rapid market saturation, high equipment costs and
low service quality.
Single Cell Systems:

• Low service and speech quality
• Heavy, bulky and expensive equipment
• Small coverage area
• No handover
• Manual exchange
• Low capacity
First Mobile
Services:
• Car telephone service
• Since the late 40‘s
Fig. 4
6
Innovations in Mobile Radio Communications

Technical Innovations / Equipment
Fast development of new technologies such as semiconductor technology, diodes,
transistors, integrated circuitry, microprocessors,...
l automatic switching
l reduction of hardware costs
l reduction of size and weight of equipment (in the 1950s/1960s a car phone took
up half of a car trunk; 1988: introduction of the mobile phone)
but:
l very limited telephone network capacity.
During the 1970s large-scale integrated, electronic applications and the development
of microprocessors made the configuration of more complex systems possible. One
result of this was the development of single-cell transmitter systems with multiple
receiving stations. This made it possible to extend the range of the supply area, i.e.
the operational range of the subscriber because the mobile station's transmitter
power limits the size of the cell in Single Cell Systems. However no increase in
capacity resulted from this.
Cellular Mobile Radio Systems

The breakthrough in capacity, which resulted in a significant increase in the number
of subscribers, was achieved with the introduction of the Cellular Radio System in the
late 1970s/early 1980s. The coverage of the supply area of a mobile communication
operator involves many radio cells with cellular radio systems, in which the
aforementioned limitation of the available HF frequency range is neatly circumvented
through the repeated use of the HF channels.
7
Quantum Leap in Mobile Communications:

Single Cell Systems ® Cellular Systems
radius
r
Single Cell Cellular

re-use distance
System System
Fig. 5
8
First Generation (1G) Cellular Mobile Radio Systems

Information transmission of first generation cellular mobile radio system takes place
via analogue radio interface. These systems were tested in many countries in the end
of the 70s.
In 1979, mobile services were introduced for commercial operation; in the USA,
AMPS (Advanced Mobile Phone Service), and in Japan, NTT-MTS (Nippon
Telegraph & Telephone Co.).
In the early 80s, the NMT (Nordic Mobile Telephone) was introduced in Scandinavia,
in 1985 TACS (Total Access Communication System) was introduced in England and
the C450 System in Germany.
First Generation Cellular Mobile Radio Systems
Country System Frequency range Introduced

[MHz] in year
USA AMPS 800 1979
Japan NTT-MTS 800 1979
Sweden, Norway, NMT 450, 900 1981 - 86
Finland, Denmark
Great Britain TACS 900 1985
Germany C450 450 1985
France Radiocom2000 450 1985
NMT 900 1989
Italy RTMS 450 1985
TACS 900 1990
Fig. 6
9
Second Generation (2G) Cellular Mobile Radio Systems

A further and very significant innovation in mobile radio communications took place
with the introduction of the second generation cellular mobile radio system (e.g.
GSM) in the early 90s. Transmission via radio interface is now digital. Along with a
significant improvement of transmission quality and expansion of services, there has
been a considerable increase in capacity. The increase in subscribers led to more
convenient, lighter and less expensive equipment with a wide range of possibilities
for use.
Portable Mobile Equipment

Mobile phones were first introduced in 1988. The weight of the equipment decreased
from 1 kg to less than a
100 g within few years. At the same time, mobility clearly improved despite
decreasing weight owing to improvements in rechargeable batteries. Standby times
of more than 5 days can be achieved.
2nd Quantum Leap:

Analog (1st Generation) ® Digital (2nd Generation)
Different Generations of Mobile Stations

First generation
mobile telephones
for fixed vehicle
installation and
analog mobile
telephones Second generation
GSM mobile telephones Second generation
GSM mobile telephones
Analog technology. Digital GSM technology.

Terminal devices were Terminal devices were less
bulky, but still too heavy Digital GSM technology.
bulky and heavy. Terminal devices are handier
(battery capacity problems).
and have greater battery capacity.
Fig. 7
10
Siemens
Introduction Introduction
Siemens
Example: Mobile Subscriber in Germany

Since the early 50s there have been several regional networks at 30, 80, 100 MHz.
They were allocated only to public authorities and organizations with security tasks.
The regional networks (DBP) were combined in the so-called A-network in 1958 al-
lowing private use for the first time.
A-network: in operation: 1958 - 1977; frequency range: 156 - 174 MHz; in the
beginning 16, later 37 radio carrier; analogue transmission, manual switching; max.
11,000 users (1971); closed in 1977; its frequencies were transferred to the B-
network.
B-network: in operation: 1972 - 1994; frequency range: 146 - 164 MHz; from 1977 to
174 MHz (from A-network); in the beginning 38, later 75 radio carrier; analogue
transmission, automatic switching; max. 27,000 users (1986); problem: max.
capacity, no further channels; closed in 1994.
C-network (C450): in operation: 1985 - 2000; frequency range: 451.3 - 455.74 MHz
& 461.3 - 465.74 MHz; 222/287 radio charier; system technology: Siemens. The
C450 system was the first German cellular system and led to an enormous increase
of subscribers (max. 850,000 users). The C-network was similar in structure to
modern digital networks.
D-networks (GSM900): Introduction in 1992 (D1 & D2); 900 MHz frequency range (+
minor extensions in the 1800 MHz range from 1999 on; system technology partly
from Siemens (D900).
E-networks (GSM1800): Introduction in 1994 (Eplus) and 1998 (E2); 1800 MHz
frequency range; System technology partly from Siemens (D1800).
The digital D and E networks, being GSM900 / GSM1800 networks, led to a rapid
and steady increase of the number of subscribers in Germany. In 12/2000, a total of
46 million mobile subscribers were registered in the 4 networks, D1, D2, Eplus & E2.
11
Fig. 8
Subscriber [M.]
Introduction
0,01
0,1
1
10
100
1978 B-network
introduction
1980
1982
1984
C-network
Germany
introduction
1986
1988
Year
1990
GSM (D1, D2)
1992 introduction
Germany 1978 - 2000
1994 GSM (Eplus)

introduction
Subscriber trends (Example):
1996
GSM (E2)
1998 introduction
2000
Siemens
12
Limits of the First Generation Mobile Radio Systems

1. Capacity: The capacity limits of analogue technology are reached quickly even
with cellular networks. The demand increases with the offer and the sinking
prices. A number of 850,000 subscribers, i.e. the maximum capacity of the
analogue C-network, corresponds to less than 7 % of the mobile subscribers in
1998 (only 6 years after introducing digital networks). The capacity of digital
networks has not yet been exhausted.
2. Quality: A second problem was the often inadequate transmission quality of the
analogue systems, which increased with the distance of the mobile subscriber. A
detailed description and discussion of the problems regarding the transmission
quality or the disadvantages of the analogue system in comparison to digital one
can be found in the next chapter.
3. Incompatibility: One or more analogue networks on frequency bands 450/900
MHz existed in most European states in the late 1980s. Every one of these
networks formed a mobile communication island since the individual standards of
these networks were incompatible in most cases (or still are, as far as they still
exist); they prevented mobile phone traffic across borders (International
Roaming). Europe thus looked liked a rag rug of incompatible systems.
The limits of existing analogue systems

1. Capacity: the number of potential mobile phone customers is larger than the
expected capacity of analogue systems,
2. Quality: insufficient transmission quality with increasing distance between the
mobile station and the base station,
3. Incompatibility: between different national standards,
were already recognized since the early 80s and were discussed on an international
European level. The need to develop a new, standard cellular system for Europe was
acknowledged.
The GSM Standard was developed for this purpose.
13
1G Limitations
¨ Capacity
¨ Quality
¨ Incompatibility
European mobile
communication market
early 90‘s
Fig. 9
14
2 GSM
Introduction
GSM
Global System for
Mobile Communications
Fig. 10
15
The GSM History

The foundation for the GSM Standard was laid already in 1978, four years before the
name GSM was established. In 1978 the CEPT reserved a frequency range round
900 MHz for mobile communications in Europe. The limits of analog mobile
communications in Europe were recognizable in the early 80s. At that time the first
analog cellular networks were just beginning their operation and were still far from
their maximum capacity. Despite this a group of experts was formed to establish the
longer-term challenges of mobile communications and to develop a new binding
international standard for digital mobile communications in Europe. Thus the GSM
Standard became undoubtedly one of the most successful European products of the
past decades; its sphere of influence is extended far beyond the originally planned
European scope.
Milestones of the GSM Standard

l 1982: The CEPT forms a team of experts, the Group Special Mobile (GSM) with
the purpose of developing a binding international standard for mobile
communications in Europe.
l 1984 – 86: Various technical possibilities are compared in order to achieve an
optimal utilization of the predefined frequency ranges.
l 1986: A permanent core of experts is employed.
l 1987: Main transmission principles are selected; 13 countries agree in the MoU
(Memorandum of Understanding) to start GSM networks until 1991.
l 1988: The ETSI (European Telecommunication Standards Institute) is founded;
most of the standardizing activities of the CEPT, including GSM, are assumed by
this new body. Along with state-owned operators, industry, private network
operators and consumer groups participate in the ETSI, too.
l 1989: GSM is renamed from "Group Special Mobile" to "Global System for Mobile
Communications".
l 1990: GSM900 Standard (Phase 1) is adopted. DCS1800 Standard (Phase 1) is
developed as first GSM adaptation. The first GSM systems are in test operation.
l 1992: Commercial introduction of many large GSM900 networks.
l 1993: Work begins on updating the GSM900/DCS1800 standards: GSM Phase 2.
l 1995: GSM-R (Railway): The ETSI reserves further frequency range for a railway
networks; first test projects are started. GSM Phase 2 work is completed.
l 1996: Worldwide success of GSM Standard; used in more than 50 countries.
PCS1900 (Public Cellular Systems) as further GSM adaptation in the USA.
16
GSM Milestones
1978 CEPT reserves 2 x 25 MHz in 900 MHz range
1982 CEPT founds "Groupe Special Mobile" GSM
1984-86 Comparison of technical possibilities
Goals: - free roaming
- international accessibility under 1 number (international roaming)
- large network capacity (bandwidth efficiency)
- flexibility ® ISDN
- broad service offering
- security mechanisms
1986 Core of experts meets continuously
1987 Selection of central transmission techniques
Memorandum of Understanding: MoU
1988 ETSI founded
1989 GSM ® Global System for Mobile Communication
1990 GSM900 Standard (phase 1)
1991 DCS1800 adaptation
Trials / "friendly user" operation
1992 Start of commercial operation
1993 Beginning of work on phase 2
1995 Completion of work on phase 2 (GSM900/DCS1800)
Reservation of GSM-R frequencies (ETSI)
1996 PCS1900 adaptation (USA)
Fig. 11
17
l 1997: GSM Phase 2+ Annual Release ‘96: CAMEL Stage 1, ASCI for GSM-R.
DCS1800 / PCS1900 are renamed to GSM1800 / GSM1900. Dual band
equipment for GSM900 / GSM1800; 10 years of MoU: 109 countries; 239
operators; 44 million GSM subscribers; 28 % share of the world market.
l 1998: Phase 2+ Annual Release ‘97: HSCSD, GPRS Stage 1, CAMEL Stage 2,...
08/98: 100 million GSM subscribers in 120 countries; 35 % share of the world
market; GSM is quasi world standard. GSM-R networks in operation. World-wide
servicing through co-operation with mobile satellite systems (IRIDIUM).
l 1999: Phase 2+ Annual Release '98; 250 million subscriber; 130 countries
l 2000: Phase 2+ Annual Release '99: GPRS Stage 2, CAMEL Stage 3, EDGE,
Virtual Home Environment VHE, Adaptive Multirate speech AMR,...GSM Rel. '99
services identical to UMTS Rel. '99 (first UMTS release); 410 million subscriber;
161 countries; approx. 60% of world-market
GSM Milestones
1997 Phase 2+: Annual Release `96
DCS1800 / PCS1900 ® GSM1800 / GSM1900
Dual-band devices
GSM: practical world standard (109 countries/regions; 28 % market share)
1998 Phase 2+: Annual Release `97: GPRS, CAMEL,....
First GSM-R networks
World-wide accessibility using dual mode GSM/IRIDIUM
35 % of world market
1999 Phase 2+: Annual Release ‘98
250 M. subscriber, 130 countries
2000 Phase 2+: Annual Release ‘99: AMR, VHE,... identical to UMTS Rel. ‘99
60% of world market; 410 M. subscriber, 161 countries
Fig. 12
18
The GSM Technical Guideline

Objective (1982): Development of a unified, international standard for mobile
communications. Guideline from the start:2 x 25 MHz frequency bands at 900 MHz
are reserved by the CEPT for mobile communications in Europe in 1978. 1982:
Roaming; the user can change location, keep the connection and be reached in the
entire range of a PLMN and in the entire GSM range (International Roaming) as long
as roaming agreements have been made. One user - one number; the subscriber
can be reached at a single personal number in the entire GSM range, i.e. in various
countries and PLMNs.
Late objectives: Maximum flexibility to other services, e.g. ISDN (Integrated Services
Digital Network; 1984) Vast service offers, i.e. technical possibilities of the PSTN
/ ISDN and special features of mobile communications Safeguarding from
interception and subscriber license fraud; data protection.
The GSM Recommendations

The GSM Standard is a consistent and open standard for cellular mobile
communication systems established by the ETSI. All aspects of the realization of the
GSM Standard have been established in now more than 150 recommendations
(technical specifications). Subsystems, network components, interfaces, signaling,
tests and maintenance aspects etc. are described. This allows a harmonious
interaction of all elements of a mobile communication network designated as PLMN
(Public Land Mobile Network). At the same time the Recommendations are flexible
enough for the different realizations of various vendors. The Recommendations are
organized into 12 series according to different aspects. This structure reflects the
structure of the PLMN system and its interfaces.
19
GSM Recommendation Series 01: General
12 Series; each max. 100 Rec.: Series 02: Service Aspects

e.g. GSM Rec. 08.07
Series 04:
Series 08: MS/BS Interface
MSC-BSS Interface & Protocols
PSTN
ISDN MSC BSS MS
Series 05:
Series 03: Network Aspects Um Radio
Transmission
Series 09: Series 06:
Network Interworking
Register Speech Coding
Series 10:
Service Interworking Series 067:
Terminal
Series 11: Equipment & Type Approval Specifications Adaptors for MS
Series 12: Operation & Maintenance
Fig. 13
20
The Evolutionary Concept

The GSM Standard consists of multiple of recommendations. They are organized by
various aspects and already comprised 5230 pages when the first phase was
adopted in 1990. It was originally planned to comprise every specification in the GSM
Standard (with the exception of “half rate speech") from the start, i.e. when the
standard was adopted. In 1988 it was recognized that not all of the planned services
could be specified in the expected time frame. This led to the important decision to
leave the GSM Standard incomplete and to leave space for further modifications and
technical developments. This evolutionary concept secures for GSM the possibility of
permanently adapting to the requirements of the market and thus ensures of not
becoming old-fashioned within a couple of years owing to the extremely fast
development in this market sector.
GSM Phase 1
The Phase 1 standardization was closed in 1990 for GSM900 and in 1991 for
GSM1800. The implementation of GSM systems Phase 1 comprises all of the most
important prerequisites for digital information transmission. Speech transmission is of
the greatest importance here. Data transmission is also defined by data transmission
rates of 0.3 to 9.6 kbit/s. GSM Phase 1 comprises only a few supplementary services
such as call forwarding and barring.
GSM Phase 2
The Phase 2 standardization work started shortly after completion of Phase 1 and
was closed in 1995. In Phase 2 Supplementary Services comparable to ISDN
(Integrated Services Digital Network) were included in the standard. Technical
improvements have been specified, e.g. the Half Rate Speech. In Phase 2, the
decision on future downward-compatibility with older versions is of high importance.
GSM Phase 2+
GSM Phase 2+ refers to a “smooth” transition in contrast to Phase 2. A new complete
update of the GSM Standard is not planned. Individual topics are discussed
separately and the update is added to the GSM standard in Annual Releases. Main
topics are new Supplementary Services as the ASCI services (Advanced Speech
Call Items). Furthermore, the IN feature Customized Applications for Mobile network
Enhanced Logic CAMEL and Virtual Home Environment VHE are very important.
Especially the introduction of features to achieve higher data rates, i.e. HSCSD (High
Speed Circuit Switched Data), GPRS (General Packet Radio Service) and EDGE
(Enhanced Data rates for the GSM Evolution) has received much attention. GSM
Phase 2+ thus paves the way to 3G (UMTS).
21
GSM: Evolutionary Concept
Services Downward compatibility
Phase 2+
Phase 2 Phase 2
Phase 1 Phase 1 Phase 1
1991 1995 1997 Year

Full Rate Speech (FR), New services e.g. New services e.g.
Standard services MTPy, CUG, AoC; ASCI, SOR, UUS
Data: max. 9.6 kbit/s Half Rate Speech (HR) EFR;
IN: CAMEL
Data: HSCSD, GPRS,
MTPy: Multiparty Service EFR: Enhanced Full Rate Speech
CUG: Closed User Group IN: Intelligent Network EDGE (> 100 kbit/s)
AoC: Advice of Charge CAMEL: Customized Applications for Annual Releases !
ASCI: Advanced Speech Call Items Mobile network Enhanced Logic
SOR: Support of Optimal Routing HSCSD: High Speed Circuit Switched Data
UUS: User to User Signalling GPRS: General Packet Radio Service
EDGE: Enhanced Data Rates for the GSM
Evolution
Fig. 14
22
Adaptations of the GSM Standard

The GSM adaptations GSM900, GSM1800, GSM1900, GSM-R and GSM400 differ in
the frequency ranges used and the resulting different technical implementations.
GSM900 (GSM, E-GSM)

Originally 2 x 25 MHz in the frequency range around 900 MHz (890 - 915; 935 - 960
MHz) were provided for mobile communication applications. In an extension of this
range, called E-GSM (Extended GSM) these ranges will be increased to 2 x 35 MHz
(880 - 915; 925 - 960 MHz) on a national level when further operation licenses expire.
GSM1800 (DCS1800)
As an adaptation of the GSM900 Standard the DCS1800 Standard (Digital Cellular
System) was introduced in 1991. The DCS1800 was a British initiative with the
intention of opening mobile communications to all sections of population as a “mass
market”, especially in urban areas. The GSM1800 has 2 x 75 MHz in the frequency
range around 1800 MHz (1710 - 1785; 1805 - 1880 MHz). In 1997 the designation
DCS1800 was changed to GSM1800 in order to clarify the common standard.
GSM1900 (PCS1900)
The PCS1900 Standard (Public Cellular System) is the American branch of the GSM
Standard since 1995/96 in the frequency range around 1900 MHz. The frequency
range available between 1850 - 1910; 1930 - 1990 MHz in the USA was split up in
1995 and auctioned off to different net-work operators. In 1997 the PCS1900 was
renamed GSM1900 in order to clarify the common standard.
GSM-R (Railway)
For mobile communication of railway operators 2 x 4 MHz in the frequency range of
876 – 880 MHz & 921 – 925 MHz have been reserved.
GSM400
With Rel. '99 the frequency ranges between 450.4 – 457.6 MHz & 460.4 – 467.6 MHz
respectively the ranges (of former 1G systems) between 478.8 – 486 MHz & 488.8 –
496 MHz are foreseen for GSM400. The GSM400 frequency range enables large
area cells for rural environment.
23
GSM-R GSM - Adaptations

890 935 1880
GSM GSM
GSM GSM 1800 1800
900 900
GSM GSM
E-GSM E-GSM 1900 1900
876 880 915 921 925 960 [MHz] 1710 1785 1805 1850 1910 1930 1990 [MHz]
Frequency Range Useable HF Application Area
[MHZ] channels
GSM400 450.4 – 457.6 / 460.4 – 467.6 35 rural environment
478.8 – 486 / 488.8 - 496
GSM900 890 - 915 / 935 - 960 124 Worldwide except
E-GSM 880 - 915 / 925 - 960 174 America
America
GSM1900 1850 - 1910 /1930 - 1990 299 America
GSM-R 876 - 880 / 921 - 925 19 Railway systems
Fig. 15
24
The GSM-PLMN
In the GSM System there must be a distinction between network operator, provider of
telecommunication services, supplier of terminal equipment and manufacturer of
network components. Especially the sale of telecommunication services and terminal
equipment differs from the conventional fixed network and mobile communication
network of the first generation, in which state-owned network operators, service
providers and equipment suppliers usually form a monopoly. In GSM the actual
network operator often transfers services to private providers who supply the
services to the mobile subscribers under different conditions. With the wide range of
products there is also great competition in the field of mobile equipment as well as of
mobile communication network components which should force further technical
development and keep the prices down.
PLMN - Public Land Mobile Network

A PLMN is a terrestrial mobile communication network set up and run by public and
private operators. It is used to provide public mobile communication services.
General Objectives of a GSM-PLMN (with respect to service aspects):
a) Provision of a wide range of speech and non-speech services and
compatibility to those services offered in fixed telecommunication networks
such as PSTN, ISDN and PDN;
b) Additional provision of specific services for mobile access environment;
c) Compatible access for mobile subscribers in all countries where the GSM
System is operated;
d) Provision of roaming (roaming agreement) and automatic updating;
e) Location registration of mobile subscribers in these countries;
f) Provision of sufficient quality of service;
g) Provision of services with a wide range of mobile stations, e.g. permanently in-
stalled in vehicles, so-called portables and hand stations (mobile phones).
General Objectives of a GSM-PLMN (with respect to performance aspects):
a) Guarantee of a high spectrum efficiency;
b) Provision of a system concept which will lead to attractive costs regarding
infra-structure and mobile equipment
25
GSM-PLMN Example:
(Public Land Mobile Network) Germany
D1
Telekom
Competition concept:
different network operators, D2
providers and manufacturers Mannesmann
Eplus
E2
Viag Intercom
Fig. 16
26
3 Current Situation, Market & Trends
Introduction
1000
100
10
0,1
0,01
1980
1982
1984
1986
1988
1990
1992
1994
1996
1998
2000
Current Situation,
Market & Trends
Fig. 17
27
Overview: Systems/Standards
At the time there is a wide spectrum of mobile communication systems of the first and
second generation along with the GSM Standard and its adaptations. Important
examples include:
l Paging Systems
l Cordless Telephone
l Wireless Local Loop
l Private Mobile Radio
l Cellular Mobile Systems
l Mobile Satellite Systems
These different systems differ in:

l Target groups
l Services offered
l Prices
l Coverage
l Degree of mobility
l Technical principles / realization
28
analogue digital
Current paging systems paging systems
e.g. Citycall e.g. ERMES
Mobile
Communication
analogue cordless digital cordless
Systems telephone systems telephone systems
e.g. CT1, CT1+ e.g. DECT, PACS, PHP
Cordless Wireless Local Loop

Differences: telephone booth WLL
• target groups
• services offered
• prices analogue digital
• coverage Private Mobile Radio PMR
• degree of mobility PMR e.g. TETRA
• transmission technique
• ... digital
analogue
cellular systems
cellular systems
e.g. GSM, D-AMPS,
e.g. C450, NMT, AMPS
PDC, IS-95
digital
analogue
satellite systems
satellite systems
e.g. IRIDIUM, ICO,
e.g. INMARSAT
Globalstar
1G 2G
Fig. 18
29
1G Systems
C450: closed 12/2000
TACS (Total Access Communications System): closed 2001.
NMT (Nordic Mobile Telephone): closed 2001.
AMPS (Advanced Mobile Phone Service): The AMPS system was introduced in 1979
in the USA. The system, operated in the frequency range of 800 MHz, was the most
successful mobile radio system in the world until 1997. It still has an increasing
number of subscribers, because of its large coverage in the USA. 12/2000, more than
75 million AMPS subscribers were registered.
2G Systems
GSM (Global System for Mobile Communications): The GSM Standard was
adopted as the first digital mobile communication standard, as planned since the
early 80s. Commercial operation started in 1992. This led to the world-wide use of
GSM net-works, which were originally planned for the European system, in more than
120 countries and regions. GSM uses a hybrid solution of FDMA and TDMA as an
access technique. GSM used currently 900 / 1800 /1900 frequency ranges.
D-AMPS (Digital Advanced Mobile Phone System): The D-AMPS was conceived
as a supplementary system to the successful analogue AMPS in the USA and
Canada. The commercial start was 1991/92. D-AMPS as IS-136 standard is based
on a combined FDMA/TDMA access technique. It shares the 800 MHz range with
AMPS (824 - 849; 869 - 894 MHz). It expanded to the 1900 MHz range in 1995.
Multimode / multiband equipment is used for AMPS/D-AMPS.
PDC (Personal Digital Cellular): With the influence of D-AMPS, PDC (originally
called JDC - Japanese Digital Cellular) was standardized for the Japanese market.
The commercial start was 1993/94. A combined FDMA/TDMA procedure, similarly to
the D-AMPS, is used as an access procedure. Mobile stations transmit at the higher
frequency with PDC, in contrast to all other systems. Frequencies around 900 MHz
(810 - 826; 940 - 956 MHz) & 1500 MHz (1429 - 1453; 1477 - 1501 MHz) are used.
IS-95 CDMA IS-95 CDMA was developed in the early 90s based on CDMA spread
spectrum digital technology and was declared IS-95 standard in 1993. The
commercial start was 1995/96. IS-95 CDMA networks are emerging world-wide with
emphasis on North America and Eastern Asia. Frequencies in the 800 MHz and 1900
MHz range are used world-wide, and also in the 1700 MHz range in Korea.
30
Cellular Systems
First generation:
C450
NMT - Nordic Mobile Telephone
TACS - Total Access Communications System
AMPS - Advanced Mobile Phone System
Second generation:
GSM D-AMPS PDC IS-95
Start 1992 1991/92 1993/94 1995
Coverage worldwide especially Japan especially USA,
USA, Canada Canada, Eastern
Asia
Frequency 900 / 1800 / 800 / 1900 900 / 1500 800 / 1700 (Korea) /
ranges [MHz] 1900 (America) 1900
Multiple TDMA / FDMA TDMA / FDMA TDMA / FDMA CDMA
Access
Speech [kbit/s] 13 / 5.6 7.95 6.7 9.4 / 13
Data (max.) 9.6 4.8 4.8 9.6 / 14.4
[kbit/s] (n•14.4; n = 1...8)
Subscribers ~ 410 million ~ 35 million + ~ 55 million ~ 85 million
(02/2001) 75 million (AMPS)
Fig. 19
31
Mobile Satellite Systems MSS

Large areas of the earth's surface can not be covered by fixed or mobile networks.
Mobile Satellite Systems MSS are offered for supplying scarcely populated regions
and areas with weak infrastructure. Satellite supported mobile communication
systems are useful for high-sea ship transport, for catastrophe regions, and for
emergency supply.
Satellite systems can be distinguished with respect to their orbits:
l GEostationary Orbit - GEO, with approx. 36,000 km altitude;
l High Elliptic Orbit - HEO;
l Medium Earth Orbital - MEO, from 10,000 - 20,000 km;
l Low Earth Orbital - LEO, from 700 - 1,500 km.
1G MSS
MARISAT (Maritime Satellite): MARISAT went into operation in 1976 as the first
mobile satellite system, initiated by the USA.
INMARSAT (International Maritime Satellite Organization): INMARSAT is taking a
dominant role in 1G MSS. Founded in 1979, it is used by more than 100 membership
countries. The four INMARSAT (operation) satellites are in a geostationary orbit
(about 36,000 km altitude). With the exception of a the pole caps, a global
transmission to the world is achievable. Digital transmission is via INMARSAT
satellites since 1995., i.e. INMARSAT has turned over to a 2G MSS system
2G MSS
Digital information transmission and a larger number of satellites in lower orbits (LEO
and MEO satellites) allow considerably higher capacity. Several services similar to
those of GSM should be possible. A problem of the 2G systems is the comparable
high price and fast extension of 2G terrestrial networks
l Iridium (closed 2000)
l Globalstar
l ICO
l Ellipso
l ORBCOMM
l Teledesic
l Skybridge
32
Mobile Satellite Systems MSS

Supply
Supplyto/
to/in
incase
caseof:
of:
- -inaccessible,
inaccessible,underpopulated
underpopulatedareas
areas
10,000 - -poor infrastructure
poor infrastructure
- 20,000 km - -high
highseas
seas
- -catastrophe
catastropheareas
areas
- -failure
failureofofother
othersupplies
supplies
MEO
Medium
Earth Orbit
700
Earth - 1,500 km
1G:
LEO MARISAT (USA) since 1976
Low Earth
INMARSAT (International Maritime
Orbit
Satellite Organisation):
• since 1979; > 80 member countries
• 4 GEO satellites;
approx. • global access
36,000 km
GEO 2G:
GEostationary HEO • Iridium, ICO, Globalstar
Orbit High Elliptic • private MSS operator
Orbit • speech- & low data rate services
Fig. 20
33
The Mobile Market: Subscriber Trends 1980 - 2000

Before the introduction of first generation of cellular mobile communication systems,
the mobile communication market was unimportant. One-cell systems had only a few
thousand subscribers and slow annual growth rates in Europe, North America, and
Japan. Until the introduction of the first cellular systems in 1979 (AMPS: USA, NTT-
MTS: Japan) fewer than a million subscribers were registered worldwide.
The introduction of the first generation (analog) cellular mobile communication

systems led to a quantum leap on the mobile communication market. There were
annual growth rates of 10 to more than 50 %. In the early nineties, there were more
than a million subscribers registered in both the USA (AMPS) and Great Britain
(TACS) each. Several hundreds of thousands of subscribers were registered in other
countries with systems such as NMT, C450, NTT-MTS. The number of worldwide
sub-scribers exceeded 10 million in 1990. Simultaneously the limits of analogue
cellular systems were apparent in many countries owing to capacity problems,
especially in densely populated urban regions.
The introduction of GSM as the first mobile communication standard of the second
(digital) generation allowed an improved transmission quality, a larger offer of
service, various technical / organizational improvements, and a considerably more
efficient use of radio interface resources. A significant increase of capacity and thus
further growth of the mobile communication market became possible. Already shortly
after the start of GSM in 1992, subscriber numbers exceeded the million mark in
many countries. Other digital systems such as IS-95 followed. A development to a
genuine mass market has been evident since the introduction of the second
generation of mobile communications.
34
Subscriber trends:
1980 - 2000
1000
Germany
100
Subscriber [M.]
World
10
0,1
0,01
1980
1982
1984
1986
1988
1990
1992
1994
1996
1998
2000
Single cell 1G Year 2G
systems Introduction Introduction
Fig. 21
35
Trends & Outlook

The mobile communication market will expand greatly in the future as well. In
contrast to the fixed network sector, which has developed slowly in the past decades
and has only recently become more dynamic, many predict unhindered growth for the
mobile communication sector beyond the year 2000. Only the growth of the Internet
is expected to exceed the growth of the mobile communication sector. It is generally
expected that the number of the mobile communication subscribers will rapidly
approach that of the fixed subscribers, and that in regions with a poorly set up infra-
structure, the number of mobile communication subscribers will clearly exceed that of
fixed subscribers within the foreseeable future.
Almost three billion mobile communication subscribers world-wide are expected by
2015. This growth is apparent in the currently developing countries and newly
industrialized countries of the Asian / Pacific region. A 50 % share of the worldwide
mobile communication market is expected for the Asian / Pacific region by 2015; for
industrial nations in North America and Europe (EU15), a share of only about 7 % -
11 % is expected.
Trends & Outlook
2 5 0 0'
Ro W
2 0 0 0' A s ia / P a c ific
No rth A m e ric a
1 5 0 0' E U 15
Subscriber [M.]
1 0 0 0'
5 0 0'
0'
1995 2000 2005 2 0 10 2015
Year
UMTS Forum
Report #1
Fig. 22
36
Mobile Trends
The mobile radio systems of the second generation have been optimized for speech
transmission. Data transmission is possible, but has previously been considered
secondary. Taking the increasing mobility in the professional world (work outside the
office, telework) into consideration, the need for mobile transmission of data is in-
creasing. Comparatively user-unfriendly terminals (adapter solution) and relatively
low data transmission rates are problems for data transmission of the second
generation of mobile communications. The data rates for GSM are between 0.3 - 9.6
kbit/s, the transmission rates of other cellular standards are comparable or less. The
first mobile satellite systems of the second generation also have only low data
transmission rates (Iridium max. 2.4 kbit/s, Globalstar max. 9.6 kbit/s). These rates
are considerably lower than those of ISDN (64 kbit/s).
A large variety of demands are being placed on future mobile communications. Along
with improved world-wide service, user friendliness and cost reduction, mobile PC
Internet connection with a high data transmission rate is required.
Many of these demands are taken into account in GSM Phase 2+.
In this way bearer services were standardized with transmission rates in order to in-
crease data transmission rates as well as to realize “mobile computing” and access
to the Internet. Data transmission rates can be adapted to the transmission rates of
ISDN and can be increased significantly further (up to more than 100 kit/s) by means
of these bearer services. User friendly equipment and cost-reduced features are also
planned, such as improvements in speech quality and world-wide availability by
means of satellite roaming. Furthermore flexible services adaptable to customer re-
quests and intelligent network services are planned.
37
Mobile Trends Trend:

Voice Þ Data
100 Voice
Requirements:
80 Data • high data rates
• user-friendliness
Traffic [%]
• improved service offering

60 • cost reduction
• worldwide accessibility
40
GSM Phase 2+
20 • data rates > 100 kbit/s
• mobile computing, Internet
• new, integrating ME
0 • new flexible services + IN
1996 2001 2005 2007 • satellite roaming
• & much more
Source: Year
UMTS Forum
Fig. 23
38
Mobile Forecast (Europe)

10 % of the traffic is expected to be on the data transport radio interface already in
2001, 30 % in 2005.
If further capacities and higher data transmission rates are achieved, there are hardly
any limits to a further growth of the mobile communication market even after the
number of subscribers reaches saturation.
The market share of speech transmission is as of 2007 expected to be less than 50
% in the entire volume of traffic.
An enormous change in the proportion of speech transmission to data transmission
has thus been predicted in the use of mobile communications in the first decade of
the 21st century.
It will be expected
l change from speech to data transmission
l high data rate multimedia applications.
Predictions assume a minor but slowly increasing share of multimedia users in
European mobile communications after the implementation of GSM Phase 2+
features, HSCSD and GPRS (as of 2000).
This is also the limit of GSM. Although the performance capacity of GSM Phase 2+
far exceeds the original expectations for the second generation of mobile
communications, neither the frequency ranges available nor the narrow-band
frequency use in GSM suffice for the predicted increases and demands regarding
data transmission, especially multimedia use.
The third generation of mobile communications with GSM's successor, the UMTS
(Universal Mobile Telecommunications System) is to deal with these applications and
demands as of 2002.
A considerable increase in multimedia use is expected with a wide-range expansion
of UMTS as of 2005. Predictions of the UMTS forum assume that of the approx. 260
million European mobile communication subscribers in 2010, approx. 90 million could
be multimedia users, while the rest of the users use only speech and low data rate
services. Multimedia users will produce more than 50 % of the entire traffic rate.
39
Mobile communication
forecast (Europa)
300' Mobile subscriber
(total)
250'
Mobile subscriber
Subscriber [M.]
all applications from

200' voice to Multimedia
150' Mobile subscriber

Speech only/
100' low data rates
50' mobile Multi Media:

• Start with GSM Ph2+
0' • Breakthrough:
1995 2000 2005 2010 3G (UMTS)
Source: UMTS-Forum Year
Fig. 24
40
The Third Generation (3G)

There are at the time many mobile communication standards of both the second and
(still) first generations. Cellular mobile networks of the most different standards
complement one another or compete with private mobile radio systems, cordless
standards, paging systems and satellite systems, etc. Every one of these standards
has specific features, advantages and disadvantages, applications and user circles.
Many of these systems exist only on a national level and/or are incompatible. To a
certain extent this scenario reassembles on a world-wide level the situation of the
cellular systems in Europe before the introduction of GSM.
IMT-2000 (International Mobile Telecommunications 2000)

The third generation of mobile communications represents a world-wide system of
compatible standards, in which the most various current and future demands on
telecommunications have to be dealt with. The main task is to provide services to the
customer, independently of his location and the specific available infrastructure.
Smooth mobility should be guaranteed over all operator-dependent, national and
geographic borders at any location.
The demands on the third generation mobile communication systems have been
discussed since the early 90s under the term FPLMTS (Future Public Land Mobile
Tele-communications Systems). The term FPLMTS was changed into a term easier
to pronounce, IMT-2000, in the mid 90s for countries in which English is not a native
language. IMT stands for International Mobile Telecommunications 2000 indicates
both the approximate date of introduction and the frequency range.
The International Telecommunications Union - ITU - is responsible for the IMT-2000
specification. IMT-2000 is planned as the world-wide guideline of all standards of the
third generation of mobile communications. All of the "regional" standardization units
for developing standards must fulfil the ITU stipulations for IMT-2000. This ensures a
compatibility of the standards to be specified without hindering innovative individual
development and competition.
Many regional standardization committees create their own standards under the IMT
2000 "roof". Nevertheless, UMTS (Universal Mobile Telecommunication System) as
GSM successor system is expected to dominate the 3G market
41
1G
(analog)
2G
(digital)
IMT-2000
Paging Systems, Paging Systems 3G
e.g. City Call e.g. ERMES 1 family of
standards
Cordless Telephone Cordless Telephone for all
e.g. CT1, 1+ e.g. DECT, PACS, PHS • applications
• countries
Wireless
wireless
Local Loops
Telephone cell
WLL
Private Mobile Radio PMR

PMR e.g. TETRA
Cellular systems
Cellular systems
e.g. GSM, D-AMPS,
e.g. C450, NMT, AMPS e.g. UMTS, cdma2000, UWC-136
IS-95, PDC
MSS
MSS
e.g. IRIDIUM, ICO,
e.g. INMARSAT
Globalstar
different, incompatible standards for

different applications, countries & regions
Fig. 25
42
UMTS - Universal Mobile Telecommunications System

The ETSI (European Telecommunication Standards Institute) has specified UMTS as
the successor of GSM; a forum call Third Generation Partnership Project 3GPP, co-
operating with the most important standardization organizations of the world is
responsible since 12/98. UMTS will fulfil the requirements for IMT-2000.
With UMTS world-wide multimedia access is possible at any time to all ranges which
are currently operated by various mobile communication systems of the first and
second generations.
Data rates of 8 kbit/s to 2 Mbit/s are to be supported. UMTS will support zone 1 – 3 of
the four zones of the IMT-2000 concept:
l Zone 1 Indoor: for offices, private households,...; for low speed (stationary / up to
10 km/h) max. data rates up to 2 Mbit/s are theoretically possible.
l Zone 2 Urban: for city, shopping malls, railway stations, subways, airport halls for
low speed (stationary / up to 10 km/h) max. data rates up to 2 Mbit/s are
theoretically possible.
l Zone 3 Suburban/Rural: For wide range mobility (car, train) with higher / high
speeds (up to 120 / 500 km/h), 384 kbit/s 144 kbit/s should be possible. (Remark:
for UMTS only the lower speed value is currently planed)
l Zone 4 Global: For rural, thinly populated areas with low user densities. All speeds
from stationary (individual buildings, measuring stations), to intermediate speeds
(car, train, ship), to 1000 km/h (airplanes). Mobile satellite systems (e.g.
INMARSAT: Horizons) which ensure up to 144 kbit/s are planned for servicing.
For IMT-2000 the frequency ranges from 1885 - 2025 MHz and from 2110 - 2200
MHz should be reserved (requested by ITU).
UMTS uses in Europe the frequency ranges of 1900 - 1980 MHz, 2010 - 2025 MHz
and 2110 - 2170 MHz.
The frequency ranges of 1980 - 2010 MHz and 2170 - 2200 MHz are reserved for 3G
MSS.
43
UMTS - Universal Mobile Telecommunications System
Zone 4: Global
Zone 3:
Suburban / Rural
Zone 2:
Urban Zone 1:
Indoor
Pico
MSS Macro Micro Cell
Cell Cell
max.
144 kbit/s 144 kbit/s 384 kbit/s 2048 kbit/s data rate
1980 2010 2170
cellular MSS cellular MSS
1885 2025 2110 2200
1 8 5 0 1 9 0 0 1 9 5 0 2 0 0 0 2 0 5 0 2 1 0 0 2 1 5 0 2 2 0 0 2 2 5 0
Frequency range [MHz]
Fig. 26
44
Chapter 2
Transmission Principles
Contents
1 GSM Network Structure 2

2 Duplex Transmission & Multiple Access 14
3 GSM - Fixed Network Transmission 21
4 GSM Air Interface 25
Transmission Principles Siemens
1 GSM Network Structure
GSM Network Structure
Fig. 1
2
GSM: The Network Structure

The international GSM service area covers all countries in which there is a GSM
network.
Networks provisioned by an operator on a national level for public mobile
communication are called Public Land Mobile Networks PLMN. PLMNs built
together with public fixed networks, i.e. "conventional" PSTN (Public Switched
Telephone Network) or ISDN (Integrated Services Digital Network) networks the
telecommunication infrastructure of a country.
A Public Land Mobile Network is divided into mobile and fixed network components.
They are connected via air interfaces.
Fixed Network Components of the PLMN

The fixed network components of a GSM-PLMN consist of:
l Base Station Subsystem BSS: The BSS is the fixed network part of the PLMN
radio access (Radio SubSystem RSS). It realizes the radio transmission via the
radio interface. Several fixed radio station, so-called Base Stations BS are co-
ordinated by one control unit.
l Network Switching Subsystem NSS: The NSS forms the interface between the
radio subsystem and the public fixed networks (PSTN, ISDN, PDN). It executes all
signaling functions for setting up connections from and to mobile subscribers. It is
similar to the exchanges of fixed network communication systems, but it
furthermore fulfils important mobile communication specific functions, e.g. keeping
track of the users / mobile stations location.
Mobile components of the PLMN

The Mobile Stations MSs are regarded as mobile part of the PLMN. The air or radio
interface represents the connection between the MS and the PLMN fixed network
components BSS and NSS. The organization of the radio interface is decisive for
advantages and disadvantages of different mobile systems.
3
GSM Network Structure: Concept
PLMN Fixed
Mobile Um Public Land Mobile Network network
Air Interface
terminal device
PSTN
BSS Public Switched
Base Station Telephone Network
Subsystem
NSS
Network Switching
BSS Subsystem
ISDN
Base Station Integrated Services
MS Subsystem
control/switching of Digital Network
Mobile mobile services
Station
BSS
Base Station PDN
Subsystem Public Data
Network
Mobile Fixed network

components components
Fig. 2
4
Mobile Components
Mobile components are the Mobile Stations MS which transmit the users speech and
data to the PLMN. The Mobile Station MS consist of:
l ME: Mobile Equipment,
l SIM: Subscriber Identification Module,
The MS is not necessarily the termination point for the users data transmission. A
Terminal Equipment TE, e.g. laptop, fax machine,... can be connected to the MS for
final data handling.
The Mobile Station MS

An important difference between fixed network communications and mobile
communications is the separation of equipment and subscriber identity. It is possible
for the mobile subscriber to use various mobile terminal equipment with a personal
identity by means of the SIM card, which includes his subscriber identity. The mobile
station is defined as: MS = ME + SIM.
The SIM card is allocated and activated by the provider upon completion of the
contract. It is realized by means of a chip which contains a variety of permanent and
temporary information for the subscriber (e.g. personal telephone register) and about
him/her. Along with the personal (secret) ID numbers (IMSI - International Mobile
Subscriber Identity, TMSI - Temporary Mobile Subscriber Identity) these stored
information are for example algorithms and keys for ciphering the transmission.
The PIN (Personal Identity Number) is important for the subscriber; it must be
entered by the mobile subscriber before the start of the conversation in order to
prevent fraud by unauthorized intruders. As a rule, calls cannot be made without a
SIM card in the ME and without the PIN being entered. Emergency calls are an
exception.
5
Mobile Components
MS = ME + SIM
SIM
Subscriber Identification Module
SIM card: „the heart of MS“

• Different equipments, one SIM (one bill)
• Security: PIN (exception: emergency call)
• Chip with subscriber identification,
security algorithms,
personal phone book,...
Fig. 3
6
The Cellular Network

The breakthrough in mobile communications with regards to subscriber numbers and
capacity was made possible by the introduction of the cellular radio system. The
cellular communication system was tested in various countries during the 1970s.
Cellular networks of the first generation were introduced, e.g.:
l 1979 in the USA: AMPS (Advanced Mobile Phone Service)
l 1981 in Scandinavia: NMT (Nordic Mobile Telephone)
l 1985 in Germany: C-450 (Siemens)
l 1985 in Great Britain: TACS (Total Access Communications System)
The successive digital systems of the second generation, and therefore GSM
systems, are structured as cellular communication systems in the same way as the
analogue systems.
Principle of the Cellular Communication System

PLMNs operating on a national level are divided by location into servicing areas, so-
called cells, in which a Base Transceiver Station BTS supplies the mobile subscribers
of the area concerned. The cells represent the smallest service area in the PLMN
network.
A variety of cells ensures service of the total PLMN service area. The cells are
theoretically arranged in a so-called honeycomb pattern. Adaptations to the
population/ traffic density and the topography of the service area lead to a more
irregular pattern.
The service areas of the individual cells partially overlap. In order to avoid
interference of different subscribers in surrounding cells the cell structure is
organized according to the principle of cellular systems, frequency re-use. The
narrow available frequency range is divided into individual frequencies (channels).
Only some of these channels are used in a certain cell, the remaining channels are
used in the adjacent cells. The same frequency is used again in cells which are
sufficiently far apart from each other to avoid interchannel interference. This means
that any area can be covered and thus an enormous increase in network capacity
can be achieved with a small supply of channel frequencies.
7
Principle:
The Cellular channels

channels
x,y,z
u, v, w
Network ~4r
r
channels
co-channel interference zone x,y,z
= cluster area
Principle:
• Many cells (BTS)
• Full coverage r = cell radius
• Partial overlap of cells Solution: (cell parameter)
• Distribution of frequency resources
• Only a few frequencies per cell
• Frequency re-use
re-use distance
for HF channel frequency
cell,
radio cell
re-use distance
for
HF channel frequency
Fig. 4
8
Cluster
A certain minimum distance must be maintained between cells using the same
frequencies in order to prevent interference or at least keep it to a bare minimum.
This minimum distance, the so-called frequency re-use distance, depends on the
concrete network planning and corresponds to approximately 4 times the cell radius.
On this principle, the available channels can be divided e.g. into 7 parts and
distributed over the PLMN area in such a way that each cell contains one of these 7
sets of frequency channels. The minimum area in which the whole range of HF
channels is used is described as a cluster. Planning a concrete network implies that
the population/traffic density, the topography of the area to be supplied, etc. must be
taken into account. This network planning is an extremely difficult process; there is
special network planning software for this purpose.
The Cellular Network / Principles of Network Planning
• Frequency re-use distance: avoid inter-channel interferences

• Cluster: smallest domain within which all frequency resource is used
(GSM900: typ. 7/9 cells)
• Network planning: difficult
Fig. 5
9
The GSM Cell

The higher the traffic density, the smaller the cell area since a limited number of HF
channels can only cope with a limited traffic volume. This can be carried out via a
reduction of the cell radius or by dividing the cells into sectors.
Cell Size / Hierarchical Cellular Structures HCS

The size and shape of the cell depend on:
l The range of the MS radio contact (MS output peak power); topography (e.g.
mountains, buildings, vegetation etc) and climate play a role here.
l Traffic density
The maximum radius of a cell broadcast channel is 35 km in the GSM900 system, 8
km in the GSM1800 system. The possibility of setting up "extended range cells" with
a radius of up to 100 km has been integrated into GSM Phase 2+ for GSM900
systems. This should allow coverage of sparsely populated areas and especially
coastal regions. The extended cell concept results in a reduced capacity.
Transmit power is limited for higher traffic densities in order to achieve a high degree
of re-use of frequencies over smaller cells: The size of clusters is inversely
proportional to the capacity of the radio system.
A Hierarchical Cell Concept (Rec. 05.22) is planned for towns, with an extremely high
density of mobile subscribers.
l Macro-Cell: The "normal" cells are called Macro Cells. They have ranges from
approximately one km to several (extended cell concept: 100 km).
l Micro Cell: Cells for the support of restricted areas with very high mobile user
density, e.g. shopping malls, railway and subway stations, airport terminals. Their
radius ranges from some 100 meters to approximately 1 km.
l Pico Cell: Cells for the support of indoor applications, e.g. offices. Their range
should be several 10m.
Velocity dependent Handover are necessary in the Hierarchical Cellular Structures.
Cell Coverage
l Omni Cells: The BTS is equipped with omni-directional antennae and serves a
360° angle.
l Sector Cells: The BTS supplies the cells with directional antennae. The cell shape
is a circular segment. Sectors of e.g. 180° or 120° are covered.
10
Cell Size and Coverage

Maximum cell size Cell coverage
35 km
GSM900 (100 km) omni cell 360°
(extended cell)
GSM1800 8 km cell 2
180°
sector cells 180° 180°
cell 1
Hierarchical Cellular Concept:
• Macro cells: min. 500 m
120° 120°
• Micro cells: some 100 m
• Pico cells: some 10 m 120° cell 3 cell 1
speed-dependent allocation sector cells
120°
cell 2
Fig. 6
11
Roaming / Location Registration / Handover
Roaming
A further innovation of the cellular system was so called Roaming. This means that a
subscriber can move freely within the PLMN and remain reachable on a single
personal telephone number anywhere in this area. With GSM this concept of roaming
can be expanded to the international area (international roaming). A subscriber
whose home PLMN has a roaming agreement with other countries' GSM-PLMNs can
also be reached in these PLMNs (Visited PLMN - VPLMN) without dialing the
corresponding VPLMNs code; calls can also be made from that VPLMN. A
prerequisite is of course that subscriber’s authorization for international roaming.
Location Registration / Location Update / Location Area

The subscriber has to be located in the respective cellular network. A procedure
known as Location Registration or Location Update Procedure LUP carries out
this function. It is important that the subscriber's temporary location area is recorded /
registered with this procedure when the subscriber's mobile station is switched on
and checked in, to forward calls to him. The temporary Location Area LA is the area
in which the MS can move freely without having to carry out a location update. As a
rule, the location area consists of a multiple cells and is configured by the operator
according to the traffic or population density.
Handover
In cellular networks, it is not necessary for the subscriber to have his call interrupted
when changing from one cell's service area to the area of a surrounding cell, as long
as the cell areas overlap. This overlapping should be guaranteed with good planning.
If the MS can receive better supply from another cell than the one currently in use
during a call, the MS connection will be diverted to the relevant cell. This procedure
designed for system quality maintenance ideally takes place without the user being
able to notice and is known as handover.
12
Roaming, Location Update

& Handover
MS BS
Handover
BS
Location Update:
• Location Area: most precise location information
stored in the network
• Location Registration: initial registration
• Location Update: update of registration
Fig. 7
13
2 Duplex Transmission & Multiple Access
UL DL
Duplex FDMA
transmission
FDD TDD
Multiple
Access
TDMA CDMA
Duplex Transmission
& Multiple Access
Fig. 8
14
Duplex Transmission and Multiplex Procedure

In a cell for access to a network two different principles have to be co-ordinated: The
way of co-ordinating UL and DL, i.e. the Duplex Transmission, and the way of
enabling the simultaneous access of several user to the same Base Station, i.e. the
multiple access principle.
Duplex Transmission: FDD & TDD

Modern cellular mobile radio systems of the first (1G) and second generation (2G)
enable full duplex transmission. Simultaneous communication on both sides, i.e.
(virtually) simultaneous transmission and reception is thus possible.
The transmission directions are designated as Uplink UL (MS to BTS) and Downlink
DL (BTS to MS).
There are two duplex transmission principles:
l Frequency Division Duplex FDD: Transmission and reception take place in
different frequency ranges. The distance between the Uplink UL and Downlink DL
frequency range is designated as duplex distance.
l Time Division Duplex TDD: Transmission and reception take place in the same
frequency band. Uplink UL and Downlink DL transmission take place at different
times. There is fast switching between UL and DL transmission, so that the user
has the impression of simultaneous transmission and reception.
FDD
Frequency Uplink UL
Division Duplex
Duplex distance
Downlink DL
UL / DL
separated by
frequency ! Base Station BS Mobile Station MS
frequency f
T
Same
TDD MS transmit receive transmit receive frequency
Time UL DL UL DL
UL / DL
Division separated by
Duplex BS receive transmit receive transmit time!
time t
Fig. 9
15
Multiplex Access: FDMA, TDMA and CDMA

Several subscribers in one cell must be able to use the frequency range available for
mobile communications together. Thus there must be procedures for regulating
simultaneous access of different subscribers without disturbances. There are three
different general procedures, partially in combination, which are used for co-
ordinating the frequency resources:
l FDMA - Frequency Division Multiple Access
l TDMA - Time Division Multiple Access
l CDMA - Code Division Multiple Access
FDMA - Frequency Division Multiple Access

FDMA is a multiple access principle used widely in the first (analogue) generation 1G
of mobile communications. It is however also used in the second (digital) generation
2G of mobile communications, usually in combination with TDMA and in the third
generation 3G together with CDMA.
The available frequency reserves are divided into channels of the same bandwidth
for FDMA. A certain frequency uplink and downlink is made available to an individual
subscriber. Simultaneous calls and information transmissions of various subscribers
thus take place on different frequencies. The transmitter and receiver must have a
common knowledge about the channel frequencies to use.
Co-ordination
of limited frequency resources
for different subscribers
Multiplex Access
FDMA CDMA
Frequency Division Code Division
Multiple Access Multiple Access
TDMA
Time Division
Multiple Access
Fig. 10
16
TDMA - Time Division Multiple Access

The allocation of the available frequency range is made with respect to time for
TDMA. A frequency band is not permanently available to one mobile station; it is
used by several different mobile stations. Time is therefore split into individual time
slots. The individual mobile stations are assigned the frequency range for the
duration of a TDMA time slot in a periodically exclusive manner.
A certain number of subscribers can use a certain frequency range virtually
simultaneously with TDMA. The message information of a subscriber is taken apart
and transmitted piece by piece to the corresponding time slots. The information
carrying HF transmission in an individual time slot designated as a "burst".
CDMA - Code Division Multiple Access

In CDMA systems the users of one cell are not separated by frequency or time.
Different to FDMA or TDMA simultaneously they take place in the same frequency
range. The users are separated by unique Codes. The Base Station and Mobile
Station must have common knowledge of the Codes used. The information of a
single user is spread up from a narrowband signal to a wideband signal using a high-
frequency code (high so-called "chiprate"). This spread information is transmitted via
radio interface. After receiving the information, it is de-spread using the same code to
regenerate the original information.
The Codes in principal have orthogonal properties.
power power
P
time t
FDMA P
time t
TDMA
TS 3
TS 2
TS 1
1 2 3
frequency f frequency f
power Multiple Access methods

P
time t
CDMA
Multiple BS & MS share
method knowledge about
FDMA Frequency
TDMA Time
3
CDMA PN code
2
1
frequency f
Fig. 11
17
Transmission via GSM Radio Interface Um

A combination of FDMA and TDMA is used for GSM. The GSM physical channels are
defined by a pair of frequency bands (for UL and DL) and a Time Slot TS.
FDMA in GSM
In the GSM system, a band width of 200 kHz is defined for one frequency band.
These HF channel widths are perfectly suited to the demands for speech
transmission.
Allocation to (E-) GSM900, GSM-R, GSM1800 and GSM1900 is as follows:
l GSM900: (880) 890 - 915 MHz; 925 (935) - 960 MHz; 124 (174) channel pairs ;
with a duplex distance of 45 MHz
l GSM-R: 876 - 880 MHz; 921 - 925 MHz; 19 channel pairs; with a duplex distance
of 45 MHz
l GSM1800:1710 - 1785 MHz; 1805 - 1880 MHz; 374 channel pairs; with a duplex
distance of 95 MHz
l GSM1900: 1850 - 1910 MHz; 1930 - 1990 MHz; common use along with other
standards (e.g. IS-95; D-AMPS); with a duplex distance of 80 MHz
In GSM for DL the higher and for UL the lower frequency range is used in general.
Remark: In co-ordination with the frequency plan regulation, there is a 200 kHz
protective band inserted between the lower limit frequency and the first carrier of
every sub-band, i.e. the corresponding channels are not used. This protective band
known as the "guard band" is an accepted, virtually "unavoidable loss" for preventing
interference between different applications in the totally filled frequency range.
18
FDMA in GSM
GSM900 / 1800 Frequency Allocation
(880) 890 MHz 915 MHz (925) 935 MHz 960 MHz GSM900
1710 MHz 1785 MHz 1805 MHz 1880 MHz GSM1800
UPLINK (UL) DOWNLINK (DL)
Transmit band Transmit band

of the Mobile Station of the Base Station
Duplex distance 45 MHz resp. 95 MHz

25 (35) MHz 25 (35) MHz
75 MHz 75 MHz
Guard band
C C
C C C 124 C C C 124'
1 2 3 (174) 1' 2' 3' (174')
374 374'
200 kHz
C - Radio Frequency Channel (RFC)
Fig. 12
19
TDMA in GSM
Each of the 200 kHz frequency bands is further sub-divided by TDMA into 8 so called
Time Slots TS. This produces 8 physical channels within one frequency band. In
GSM a physical channel is thus defined by a determined frequency channel Uplink
UL and Downlink DL and a determined time slot TS
In the GSM system, up to 8 (with half-rate transmission even 16) calls can be
transmitted "simultaneously" on one frequency band.
A sequence of 8 time slots TS in one radio channel is referred to as a TDMA frame. A
TDMA frame has a duration of 4.615 ms, an individual time slot a duration of approx.
0.577 ms. The users data are transmitted virtually "piece by piece" on one specific
time slot every TDMA frame.
GSM: FDMA
combined
FDMA/TDMA
1TS 577ms
1TS==577 ms TDMA
11TDMA
TDMAframe
frame==
88TS frame
TS==4.615
4.615msms
1
0
7
6
5
4
3 time
2
1
0
frequency
200 kHz
Fig. 13
20
3 GSM - Fixed Network Transmission
A/D conversion
0011
speech band 1
1011 Multi-
plexer
band
3 2 1
speech band 2
common line
1100
PCM
Pulse Code
Modulation
speech band 3
GSM - fixed network transmission
Fig. 14
21
PCM30: Transmission in GSM fixed network part

Information (conversations, data, signaling) is exclusively transmitted digitally via
PCM30 lines in the GSM-PLMNs fixed network part.
Pulse Code Modulation - PCM

Sampling values of a speech information are transmitted using binary code words
(digitally) in PCM.
Due to the digital structure of the message, the PCM signals are less susceptible to
interference than analogue signals. Regenerators reconstruct the original digital
signal at the receiving end. Analogue signals, on the other hand, can only be
amplified (including noise peaks).
Amongst other things, during Pulse Code Modulation (PCM) an analogue oscillation
is converted into a digital signal. A PCM signal can be transmitted alone or be
embedded in a TDMA frame with other PCM signals (multiplexing).
The conversion of an analogue telephone signal into a digital signal is carried out in
three steps:
1. Band limitation: A bandpass filter restricts the incoming signal to the audible
frequencies, i.e. to 300 to 3400 Hz.
2. Sampling: Sampling values are taken at fixed intervals from the limited telephone
signal. The sampling frequency must be greater than twice the highest frequency
within the analogue signal (Shannon Theorem). Internationally specified: 8000 Hz.
3. 8-bit coding: Every amplitude value of the sampled (Pulse Amplitude Modulated -
PAM) signal is transformed into an 8-bit word. The 8-bit word enables the analogue
signal to be represented in 256 quantization intervals.
Since the transmission of an 8-bit word requires only a portion of the sampling
interval (125 ms) of the analogue signal, the 8-bit information is temporally
multiplexed (TDMA-procedure). 8 bits are transmitted in each time slot.
Using PCM30 transmission systems, a total of 30 digital user values can be
transmitted in the time frame of the sampling period of an analogue value, i.e. in 125
ms.
22
Generation of a PCM Signal
signal 1 1. Band limitation

(300-3400 Hz)
2. Sampling (8000 Hz)
3. 8-bit coding
time slot transmission of the coded

sample value of signal 1
0 1 0 0 1 1 0 1
coded sample value
signal 2
Fig. 15
23
PCM30
PCM30 transmission systems use digital transmission lines or radio relay. A PCM30
frame consists of 32 time multiplexed time slots.
The 32 time slots can contain pulse code modulated message information (speech,
data) or signaling information in the form of 8-bit words.
The total bit rate of a PCM30 line is 2048 kbit/s
l Time slot 0: alternately frame identification word and service word (alarms)
l Time slots 1-15 and 17-31: calls or data
l Time slot 16: signaling channel
The pulse frames are transmitted in a direct sequence.
PCM30: TDMA Principle

time
slot
telephone channels 1 - 15 telephone channels 17 - 31
frame alignment/ signaling channel

service word channel
PCM30
PCM30
pulse frame pulse frame pulse frame
Fig. 16
24
4 GSM Air Interface
Advantage:
mobility
Single cell systems Cellular mobile communication systems

1st generation 2nd generation incl. satellite roaming
GSM (Ph1/2) (GSM Ph2+)
Limits: cell national GSM service area unlimited
GSM Air Interface
Fig. 17
25
Radio Interface: Advantages, Problems and Solutions

The air or radio interface, i.e. the connection between the MS and fixed network
components, represents the fundamental difference to a fixed network
telecommunication system. The radio interface has its specific advantages, but also
shows problems and disadvantages inherent to mobile communications.
Advantage: Mobility
The main advantage of mobile communications is the unrestricted mobility which can
be achieved only via a radio interface. Mobility was extremely restricted, especially in
the early years of mobile communications (one-cell systems). Mobility only reached
as far as the radio coverage between the MS and the transmission/receiving
installations would allow. These limits were stretched significantly by cellular mobile
communication networks of the first generation (since the early 1980s). National
borders and the degree of area coverage of a PLMN within a country formed the
borders. In the GSM system, national borders no longer represented restrictions to
mobility owing to “inter-national roaming”. It is still the case that nation-wide
connectivity is only offered around urban areas and along main traffic routes in large
areas of central Europe. Unlimited world-wide mobility is possible in co-operation
between GSM and MSS such as Iridium, Globalstar and ICO.
Problems & Solutions on the Radio Interface

l Cost Aspect: Problem - The need to built up a new network architecture with
thousands of BTS. But: Compared with the costs for a fixed network ISDN / PSTN
infrastructure, a GSM PLMN is comparable cheap, because there is no need for
millions of lines into every private household.
l Capacity: The capacity of transmission via radio interface is a great problem in
mobile communications. Optimized usage of radio resources reducing the cell
sizes, introducing sector cells and introducing the Hierarchical Cellular Structures
with Macro, Micro and Pico Cells solves this problem.
l Data Rate: GSM (Phase 1/2) offers a maximum 9.6 kbit/s, compared to the 64
kbit/s of ISDN. Introduction of HSCSD, GPRS and EDGE enhances the GSM data
rates significantly.
l Security Aspect: The radio interface can be intercepted with comparatively little
technical expenditure. 1G could be intercepted without any problem, while the
digital transmission of the second generation offers protective measures against
interception; the transmission is coded.
l Health Aspect: The mobile radio frequencies lie near the resonance frequency of
water (2.45 GHz). In order to keep thermal exposure to the mobile radio user as
low as possible there are maximum power limitations for mobile phones, 2 W for
GSM900 and 1 W for GSM1800.
26
The Air Interface Um:

Problems of radio transmission and possible solutions
Construction of mobile
communication network
Cost Aspect: cheaper than terrestrial network
GSM900 / E-GSM: 124 / 174 frequency bands

GSM1800: 374 frequency bands
Capacity: increasing subscriber numbers, data transmission
Þ Resource optimization / protection !!!
Data Transmission Rate: GSM Ph1/2: £ 9.6 kbit/s

Ph2+: HSCSD, GPRS, EDGE > 100 kbit/s
Eavesdropping easy!
Security Aspect: GSM offers encryption
Health Aspect: H2O resonance frequency (2.45 GHz)

Thermal load
Þ Pmax = 2 / 1 W (GSM900/1800)
Fig. 18
27
Problems of Physical Transmission

l Screening: If there are hindrances between transmitter and receiver, the signals
will weaken. A connection can thus become problematic or impossible. In GSM
there is therefore the possibility of regulation of the transmitting power (Power
Control - PC) from mobile and base stations over several orders of magnitude.
l Multipath Propagation: Multipath propagation through reflection and dispersion
of radio waves leads to phase-shifted reception of signals of different paths. The
interference can distort, amplify or erase the signal. An attempt to compensate for
negative effects of multipath propagation is given by power control, frequency
hopping, two antenna receivers for the base station (antenna diversity) and
redundancy of the transmitted information.
l Distance MS - BTS: The distance between MS and BTS has proved to be
problematic in several ways. The receive power sinks with increasing distance
between transmitter and receiver theoretically with the square of the distance.
Various physical effects such as atmospheric attenuation (weather-dependent)
reduce the receive power even more. This attenuation depends on the frequency
and increases with increasing frequency in mobile radio relevant frequency
ranges. The distance furthermore causes a reception de-lay, which may lead to
interference between neighboring time slots in TDMA. GSM responds to this delay
by means of a regulation of the transmission time (Timing Advance TA). GSM900
cells (GSM Phase 1/2) are limited to maximum 35 km, GSM1800 cells to
maximum 8 km radius as a result of the distance-related problems. There is the
possibility in GSM Phase 2+ to realize "Extended Range Cells" with a maximum
radius of 100 km for GSM900.
l MS Speed: Moving mobile stations can cause transmission distortions due to
Doppler effect. A compensation for this effect up to a maximum speed of 250 km/h
(130 km/h), for GSM-R a more powerful compensation for speeds of up to 450
km/h was deloped.
l Interference with external systems: The receive quality can also be disturbed by
electromagnetic waves from outside systems (e.g. car ignition, generators, PCs).
A compensation is being tried out by means of the mechanisms described under
multipath propagation.
28
Radio Transmission: Physical Disturbances

• Screening Þ signal attenuation (Power Control PC)
• Multipath propagation Þ interference (PC, f-hopping, diversity, regeneration)
• Distance MS-BS Þ power loss (f-dep.); delay (PC, TA, cell size)
• MS speed Þ Doppler effect (corrections)
• External system interference Þ quality loss (PC, f-hopping, regeneration)
transmitted signal
received signal to
signals antenna
Digital systems offer many

error recognition and Mobility
correction mechanisms
( ® redundancy)
Fig. 19
29
Frequency Resources: Optimized Utilization

In order to be able to keep up with the increasing demands on mobile
communications despite the limited resources of the radio interface different
approaches are being pursued.
l Additional Frequency Ranges: The simplest way to cope with the growing
demand for mobile communications is to expand the available frequency range.
This approach was pursued with E-GSM and GSM1800. Any further future
expansion would be problematic as other frequency ranges are already reserved
for other applications.
l Speech Compression: Speech compression in GSM allows a reduction of voice
information from 64 kbit/s to 13 kbit/s in the so-called Full Rate FR speech and to
5.6 kbit/s with the Half Rate HR speech. HR speech thus leads to a considerable
increase in capacity. Central aspects of HR speech are described in the GSM Rec.
06.02, 06.20 - 22, 06.41 and 06.42.
l Cell Size Reduction/Coverage: The most important measure for increasing the
capacity of GSM networks lies in a reduction of the cell size. The resources of a
radio cell are available to a small geographical area through the reduction of the
cell radius or through the limitation of the cell coverage (sector cell). By doing so,
the density of mobile communication subscribers and consequently the system
capacity can be considerably increased. By halving the cell radius, its capacity is
increased by a factor of four. Nevertheless the size of a (normal = macro) cell can
not be reduced indiscriminately. Hierarchical Cell Concepts (Rec. 05.22) with
macro, micro and pico cells are significantly enhancing efficiency.
l OACSU (Off Air Call Set Up): Traffic channels are allocated only after a success-
full call setup, that is after the called subscriber (delayed allocation). The OACSU
procedure thus serves to improve the frequency efficiency; it can be used for
overload handling.
l Tariffs: Introduction of day- & night time tariffs can help to level down peak loads.
l Discontinuous Transmission DTX: For a conversation, this will mean that just
speech phases are transmitted. Background noise, or so called comfort noise is
transmitted with a greatly reduced bitrate (500 bit/s instead of 13 kbit/s as with
speech phase) in phases in which a subscriber is silent. The other subscriber
should thus not worry that connection has been broken off. In order to make
discontinuous transmission possible, the presence of "useful" information for
transmission must be determined by means of Voice Activity Detection VAD. DTX
aspects are included in GSM-Rec.06.31 and 06.41, VAD aspects in Rec. 06.32
and 06.42.
30
Frequency Resources: Expansion / Optimized Utilization

• Extension of frequency range:
GSM900:
2 x 25 MHz ® E-GSM:
2 x 35 MHz + GSM1800
2 x 75 MHz
• Speech compression: Digital speech information

HR:
FR:
Fixed network: 64 kbit/s ® 13 kbit/s
5.6
kbit/s
Full Rate Half Rate
speech speech
• Cell size
reduction: 35 / 8 km 500 m
(Radius reduction
and sectorization)
®
omnicell
180° / 120°
sector cell
• OACSU (Off Air Call Set Up)
• Time Balance / Tariffs
• DTX (Discontinuous Transmission) / VAD (Voice Activity Detection)
Fig. 20
31
Advantages of Digital Transmission

Digital transmission has many advantages over analog transmission:
l Network Capacity: The capacity of mobile communication networks can be
considerably increased by the possibility of compressing digitalized speech
information. The disadvantage of speech compression is a loss of information
(reduction of speech quality).
l Service Offer: Digital data transmission simplifies the transmission of signaling
information. This makes the introduction of a wide, quickly growing range of
services possible in GSM beyond pure speech or data transmission.
l Cost Aspect: Digital equipment is less expensive to manufacture owing to better
possibilities for use in highly integrated microelectronics. Purchase costs as well
as operation and maintenance costs are thus less expensive and have allowed
GSM's breakthrough onto the mass market.
l Miniaturization: Microelectronics used for digital information transmission allows
a relatively simple reduction of the hardware (in comparison to analog
transmission), especially of the mobile stations. Mobile phones have been used
with GSM since the start; their weight has been reduced from over 500 g to some
50g within a couple of years.
l Security Aspect: Digital information can be ciphered much more easily than
analog information. Transmission via radio interface is protected from fraud and
unauthorized interception in GSM by the ciphering the digital user data (speech,
data) and signaling data.
Advantages of Digital Information Transmission
• Network capacity ® speech compression

• Service offer ® signaling
• Cost aspect ® manufacture, operation, maintenance
• Miniaturization ® microelectronics
• Security aspect ® easily coded
• Transmission quality ® regenerability
Code
sequence
Input data Output data

ENCRYPTION
(plain text) (coded text)
MODULE
Fig. 21
32
l Transmission Quality: Signal transmission via radio interface leads to consider-

able distortions and weakening of the transmitted signals. Digital signals are
fundamentally less susceptible to interference than analog signals and are better
suited to regeneration. Analog speech connections become increasingly worse
with increasing distance from the transmitter until they eventually disconnect.
Digital transmissions on the other hand maintain a constant good quality over a
long distance and then disconnect almost suddenly.
Quality of Digital & Analog Signal Transmission
S/N
signal
quality
distance to transmitter r
analog signal
digital signal
Fig. 22
33
Reliable Transmission via Um: Channel Coding

Various measures are taken in GSM to protect transmissions via radio interface from
interference, distortions and loss of information. These measures are taken by means
of channel coding.
The transmission is protected in such a way that a certain number of transmission
errors can be corrected by the error correction procedure, the so-called Forward
Error Correction (FEC). By means of FEC the Bit Error Rates (BER) of the radio
interface transmission are reduced to a rate of 10-5 to 10-6 from an unacceptable
value of 10-3 to 10-1. Redundancy is added to the information to be transmitted in
order to al-low recognition and correction of transmission errors.
Channel coding of information on the transmit side comprises three steps:
1. Adding of parity check bits and fill bits
2. Error protection (redundancy) with convolutional coding
3. Spreading by time: interleaving
The same steps are carried out in reverse order at the receiving side.
The added parity check bits serve to recognize incorrigible errors on the receiving
side. The parity check bits are of special use in speech transmission. If incorrigible
errors are indicated, the corresponding speech information is rejected and an attempt
is made to interpolate the information from the preceding speech information.
Convolutional coding serves to create redundancy. The original information (speech,
data, signaling) is coded along with the parity bits. Important information runs through
mathematical algorithms, where redundancy is added and the arrangement of the
information is changed.
Interleaving serves to temporally spread information. Information is collected up to a
determined number of bits and is spread by time. The interweaving of the redundant
information has the effect that information loss due to frequent short disturbances can
be compensated by means of temporal spreading of the information.
34
Reliable Transmission via Um:

Channel Coding
Um
Addition of: Convo- Inter-
lutional leaving Convo-
parity De-inter- Parity
coding lutional
and filler leaving check
temporal decoding
bits redundancy spreading
transmission side reception side
Fig. 23
35
Speech Coding: FR, HR and EFR

Speech transmission is of central importance in GSM. Speech information is handled
especially by the radio interface for secure and resource-preserving transmission.
Speech information is compressed and then redundancy is added (channel coding).
There are three different speech codecs available in GSM for compression of speech
information: the Full Rate (FR) Speech Codec was specified for GSM Phase 1, i.e.
from the start, in Phase 2 the Half Rate (HR) Speech Codec and in Phase2+ the
Enhanced Full Rate (EFR) Speech Codec were added.
Full Rate FR and Enhanced Full Rate EFR Speech Codecs compress speech
information from 64 kbit/s - used in digital line connected telephone networks such as
ISDN - to 13 kbit/s respectively 12.2 kbit/s. So 13 kbit/s / 12.2 kbit/s are the net data
rate for speech transmission via the radio interface. The gross data rate after adding
redundancy in channel coding is 22.8 kbit/s with FR and EFR.
l Half Rate HR Speech Codec compresses speech information from 64 kbit/s to 5.6
kbit/s. The gross data rate after adding redundancy is 11.4 kbit/s. The connections
of two Half Rate speech using subscribers can be realized in one physical channel
together, with a gross data rate of 22.8 kbit/s.
Models for speech generation are generally used for speech coding. Periodically re-
turning elements of speech are identified as phonemata; redundancy is removed
from the speech information. Even the attributes of hearing, especially the spectral
covering effect, are taken into account in different ways.
More efficient speech recognition mechanisms are of use for the HR introduced in
GSM Phase 2 and EFR introduced in Phase 2+. The HR codec delivers a somewhat
lower speech quality in comparison to the FR codec if transmission is undisturbed. It
is more robust against radio specific disturbances owing to the relatively strong error
protection. The EFR codec offers a significant increase in quality in comparison to the
FR codec. It sounds more natural and "smoother" according to subjective test results.
36
Speech Coding: FR, HR, EFR

Speech coding ® models of speech and hearing
• Removal of redundant information (periodic)
• Transmission of central speech information
• Reduction of speech information: 64 kbit/s ® 13 / 5.6 kbit/s (net data rate)
Gross data rate via Um: 22.8 kbit/s
Full Rate (FR) Codec Redundancy (channel coding)

GSM Ph1;
9.8 kbit/s
13 kbit/s
Enhanced Full Rate (EFR) Codec Redundancy (channel coding)

GSM Ph2+;
10.6 kbit/s
12.2 kbit/s
Half Rate (HR) Redundancy HR & EFR:

Codec; GSM Ph2; improved, acoustically optimized
5.8 kbit/s
5.6 kbit/s speech coding
HR, FR almost the

Gross data rate via Um: 11.4 kbit/s same quality
Fig. 24
37
Chapter 3
GSM PLMN
GSM PLMN
GSM PLMN
Contents
1 Overview 2
2 Network Elements 7
GSM PLMN Siemens
1 Overview
GSM-PLMN
PLMN fixed
RSS Public Land Mobile Network
network
Radio
SubSystem
PSTN
Public Switched
Telephone Network
ISDN
Integrated Services
MS BSS NSS Digital Network
Mobile Base Station Network Switching

Station Subsystem Subsystem
PDN
Public Data
Network
OSS
Operation SubSystem
Overview
Fig. 1
2
GSM PLMN
Siemens GSM Siemens
PLMN
GSM PLMN: Subsystems

A GSM-PLMN is subdivided into the following subsystems:
l Radio SubSystem RSS
l Network Switching Subsystem NSS
l Operation SubSystem OSS
Network Elements
The subsystems functions are grouped into functional units or network elements.
Functional units may be realized either as standalone Hardware HW units or
associated with other GSM functional units in one HW unit.
The Radio SubSystem RSS consists of the Mobile Stations MS and the Base
Station Subsystem BSS, which is composed of the following functional units:
l Base Station Controller BSC
l Base Transceiver Station BTS
l Transcoding and Rate Adaption Unit TRAU
The Network Switching Subsystem NSS (Phase ½) consists of the following

functional units:
l Mobile services Switching Center MSC
l Visitor Location Register VLR
l Home Location Register HLR
l Authentication Center AC
l Equipment Identity Register EIR.
The Operation SubSystem OSS consists of Operation & Maintenance Centers

OMC; in the Siemens solution:
l Operation & Maintenance Center for the Base Station Subsystem OMC-B
l Operation & Maintenance Center for the Switching Subsystem OMC-S.
3
GSM PLMN Siemens
GSM-PLMN
Radio Network
SubSystem Switching
RSS = Subsystem other
NSS networks
Mobile Base Station
Station + Subsystem
MS BSS AC EIR
BTS HLR VLR

T PSTN
R
BSC A MSC ISDN
U
OMC- B OMC- S Data

MS =
ME + SIM
Networks
Operation SubSystem OSS
Fig. 2
4
GSM PLMN
Siemens GSM Siemens
PLMN
Interfaces
The individual network elements are connected to each other for user data and/or
signaling transfer. Some of the interfaces are specified by ETSI as open interfaces,
allowing to connect equipment of different network manufacturer. Others are not
specified or "weakly" specified, so that only proprietary solutions are possible.
The following GSM Phase 1/2 interfaces are open interfaces:
l Um: MS - BSS (Air interface)
l A: MSC - BSS (BSC)
l B: MSC - VLR
l C: MSC - HLR
l D: HLR - VLR
l E: MSC - MSC
l F: MSC - EIR
l G: VLR - VLR.
The following interfaces are proprietary solutions:

l Asub: BSC - TRAU
l Abis: BSC - BTS
l T: BSC, BTS, TRAU - Local Maintenance Terminal LMT
l O: BSC - OMC-B
l HLR - AC (no name)
5
GSM PLMN Siemens
GSM (Phase 1/2) other networks

Interfaces MSC/xxx interworking interface
AC
Um A bis A sub not specified

A C
MS BTS TRAU MSC HLR
BSC
T E D
T B
LMT LMT MSC VLR

T
F G
LMT O
EIR VLR
OMC - B
Fig. 3
6
GSM PLMN Siemens
2 Network Elements
GSM-PLMN
PLMN fixed
RSS Public Land Mobile Network
network
Radio
SubSystem
PSTN
Public Switched
Telephone Network
ISDN
Integrated Services
MS BSS NSS Digital Network
Mobile Base Station Network Switching
Station Subsystem Subsystem
PDN
Public Data
Network
OSS
Operation SubSystem
Network Elements
Fig. 4
7
GSM PLMN
Siemens GSM Siemens
PLMN

The Mobile Stations represent the mobile network components. They consist of the
Mobile Equipment ME and the Subscriber Identity Module SIM: MS = ME + SIM
The SIM card

The SIM consists of a microchip, which uses either a check card or a plate made of a
synthetic material as a carrier. Without a SIM card, the use of an MS is normally not
possible. An exception is the emergency call, which should always be possible with a
functioning ME. The SIM card carries the subscriber-related information and codes,
so that a GSM subscriber with a SIM card can use different ME. The main task of the
SIM is the storage of data: permanent and temporary administrative data as well as
data concerning security. Personal telephone lists may be stored and using the SIM
toolkit with enhanced memory space, it is possible to enable applications such as
Mobile Banking, etc.
Important stored codes are e.g.:
l Personal Identity Number - PIN
l PIN Unblocking Key - PUK
l Mobile Station ISDN number - MSISDN
l International Mobile Subscriber Identity - IMSI
l Temporary Mobile Subscriber Identity - TMSI
Important data relating to security are, e.g.:
l the individual key - Ki
l the cipher key - Kc
l the algorithms for authorization and ciphering (A3, A8).
8
GSM PLMN Siemens
MS = ME + SIM
SIM card
Subscriber Identity Module:
· Subscriber license
· Personal Identities
(e.g.MSISDN, IMSI, TMSI, PIN,...)
· Subscriber key (Ki, Kc)
· Algorithms (A3, A8)
· Personal phone book
· SIM toolkits,...
ME:
MSISDN: Mobile Subscriber ISDN no.
IMSI: International Mobile Subscriber Identity
Mobile Equipment
TMSI: Temporary Mobile Subscriber Identity •Hardware & Software
PIN: Personal Identity Number
Ki: individual key
for radio transmission
Kc: cipher key •Cipher algorithm
Fig. 5
9
GSM PLMN
Siemens GSM Siemens
PLMN
The Mobile Equipment ME

The Mobile Equipment ME unites the tasks of many functional elements of the fixed
GSM-PLMN network.
By using the data of the SIM card, the speech is digitalized, compressed, secured
against loss of data (redundancy + interleaving), encrypted to prevent interception
and modulated onto the Radio Frequency (RF) created by the mobile station. Directly
after, the signal is amplified and transmitted.
In the opposite direction, the process runs inversely, beginning with the reception of
the radio frequency (RF).
The MS represents the counterpart to BSC, MSC, HLR, VLR and EIR as regards
signaling. As a whole, ME and SIM cards are almost a complete GSM system as
regards their functionality.
• Radio transmission counterpart to

GSM Mobile Station BTS, BSC & TRAU
• Signaling counterpart to
BSC, MSC, HLR/AC, VLR & EIR
H
block diagram
• security check • filtering

reverse speech
• de-interleaving de-ciphering • amplification
conversion
• reformation • de-modulation
• securing • HF generation
speech
• interleaving ciphering • modulation
conversion
• burst block formation • amplification
Mobile Equipment ME
Subscriber Identity Module SIM
Fig. 6
10
GSM PLMN
Siemens GSM Siemens
PLMN
The Base Station Subsystem BSS

The BSS consists of the following network elements:
l BSC: Base Station Controller
l BTS: Base Transceiver Station
l TRAU: Transcoding and Rate Adaption Unit
l LMT: Local Maintenance Terminal
The BSS architecture shall be selected to achieve maximum flexibility with regards to
the various operator requirements. All BSS components can be installed in the same
geographical location or in different locations where the transmission paths can be
used via public networks. The ability of the BSC to manage several BTSs in different
cell locations enables optimal adaptability to the traffic requirements in urban and
rural areas.
In terms of function, the main task of the BSC is the handling of the call connections
(switching), sampling of operational/maintenance information of all BSS (BSC, BTSs
and TRAUs), as well as their transfer to OMC-B. The BTS handles the radio specific
aspects.
Base Station Subsystem BSS

Architecture
BTS TRAU MSC
TRAU
BTS BSC
LMT
BTS
OMC-B
Fig. 7
11
GSM PLMN
Siemens GSM Siemens
PLMN
Base Station Controller BSC

The Base Station Controller BSC is, as the controlling element, the heart and center
element of the BSS.
BSC Location: between the interfaces Asub and Abis
BSC Functions:
l switching of the user traffic between individual TRAUs and BTSs
l control and monitoring of the connected TRAUs and BTSs
l sampling of operation and maintenance information of BSC, TRAUs and BTSs as
well as transfer to OMC-B
l evaluation of signaling information from MSC via TRAU and MS via BTS
l Radio Resource Management for all connected BTSs
l storage of the BSS configuration
l back-up storage of the total BSS Software for fast system restart
Base Station Controller BSC
BTS
TRAU
Asub
TRAU Abis
BTS
TRAU
•
• BSC •
• •
•
••BSS
BTS
BSScontrol
control
••Switched
Switchedbetween TRAUÛ
betweenTRAU ÛBTS
BTS OMC- B
••Radio Resource Management
Radio Resource Management
••Collecting
Collectingerror
errormessages
messagesininBSS
BSS
••Contact to OMC-B
Contact to OMC-B
••Database
Databasestorage,
storage,SW
SWofofBSS
BSS
Fig. 8
12
GSM PLMN
Siemens GSM Siemens
PLMN
Base Transceiver Station BTS

A BTS is the module which operates an individual cell and realizes the radio
interface. A BTS encompasses all applications concerning radio transmission
(sending, receiving), as well as the air interface specific signal processing. The BTS
is connected via the Abis interface with the BSC and via Um interface to the MSs.
Functions:
l Channel coding: To protect the transmission, incoming information is provided with
parity check bits and redundancy (convolutional coding) and spread in time over
several HF bursts (interleaving).
l Ciphering: After channel coding, the transmission of message information and the
subscriber data is coded to prevent illegal interception.
l Burst block formation: The information is organized in blocks of a particular length
(burst blocks). A so-called training sequence is added for synchronization and
analysis of transmission quality.
l Modulation: The carrier frequency is created in the 900/1800/1900 MHz range and
the information is modulated upon this carrier.
l Power Control PC: Control of the power level of the BTS and MS.
l Timing Advance TA: Calculation of the distance of the MSs from the BTS; the MSs
are informed of necessary transmission advance.
l Frequency Hopping: a feature which enhances the reliability of information transfer
l Synchronization: Providing of mobile stations with frequency and time
synchronization information.
13
GSM PLMN Siemens
Base Transceiver Station

user and signaling
information BTS
parity convolutional inter-
Abis bits coding leaving
channel coding
Um
max. 16 carrier/cell
ciphering
+ • Frequency hopping
• Synchronization
burst blocks burst (time and frequency)
formation multiplexing • Monitoring & optimization
of transmission quality
• Power Control PC
• Timing Advance TA
HF generation modulation transmit
modulation
receive
Fig. 9
14
GSM PLMN
Siemens GSM Siemens
PLMN
Transcoding and Rate Adaptation Unit TRAU

The TRAU is used for speech compression (Transcoding) and adaptation of data to
the requirements of the air interface (Rate Adaptation). It lies between A and Asub
interface.
Functions:
l Transcoding TC defines speech compression: compresses / decompresses the
incoming speech data from 64 kbit/s to 13 kbit/s, 12.2 or 5.6 kbit/s (embedded in
16 or 8 kbit/s channels).
l Rate Adaptation RA filters out the useful data (0.3 – 9.6 kbit/s in Phase 1/2)
coming from the MSC (64 kbit/s) signal and forms a 16 kbit/s signal toward the
BSC
l The user data are sub-multiplexed into 16 kbit/s subslots on the Asub interface
Remarks:
l TC and RA are implemented as algorithms in the same hardware unit as the
TRAU (Siemens solution).
l The TRAU is logically allocated to the BSC. Consequently, it belongs to the Base
Station Subsystem (BSS), but is generally installed at the MSC node in order to
keep line costs to a minimum.
l In contrast to user information signaling information passes the TRAU
transparently.
l The users information (data / speech) is embedded into 16 kbit/s channels. The
additional space is filled with proprietary inband-signaling (i.e. information, which
are directly exchanged between BTS and TRAU)
15
GSM PLMN Siemens
TRAU
Transcoding & Rate Adaptation Unit
TRAU
A
B 16 64 64 64 64 kbit/s M
S S
A sub
C 16 64 64 64 64 kbit/s C
64 64 64 64 kbit/s
16 64 64 64 64 kbit/s
16 16 16 16 16 64 64 64 64 kbit/s
submultiplexer
••speech
speechcompression:
compression: 64kbit/s«
64kbit/s «1313or
or5.6
5.6kbit/s
kbit/s++inband
inbandsignaling
signaling
••data transmission:
data transmission: "64 «
"64 kbit/s" « 0.3 - 9.6 kbit/s + inbandsignaling
kbit/s" 0.3 - 9.6 kbit/s + inband signaling
••signaling:
signaling: transparent
transparent
Fig. 10
16
GSM PLMN
Siemens GSM Siemens
PLMN
The Network Switching Subsystem NSS

The NSS comprises the following functional elements:
l MSC: Mobile services Switching Center
l VLR: Visitor Location Register
l HLR: Home Location Register
l AC: Authentication Center
l EIR: Equipment Identity Register
Mobile services Switching Center MSC

The MSC is concerned with the central tasks of the NSS and covers the service
areas of several BSSs. These tasks can be compared to those of an exchange in a
fixed network. These tasks are supplemented by mobile specific tasks of the sub-
scriber administration. The MSC handles connection tasks in the PLMN, i.e. set-up of
circuit connections to the BSS, between each other and other networks (e.g. PSTN).
The MSC visited by a customer is described as a VMSC (Visited MSC). A MSC,
which represents an interface to other networks, is called GMSC (Gateway MSC).
MSCs connect the other networks with the Base Station Subsystem BSS, as well as
the other NSS units with the BSS via the signaling highways.
The MSC is a stored program controlled switching system for national and
international GSM-PLMN applications. The MSC is a switching center that carries out
all switching for the mobile stations which are actually located in the MSC area.
Other functional units of the NSS (e.g. HLR, VLR, AC,...) can be associated to the
MSC.
17
GSM PLMN Siemens
other NSS
MSC/VLRs Network &
Switching
Subsystem
AC
Authentication Center
HLR EIR
Home Location Equipment Identity
Register Register
VLR
Visitor Location
Register
other
networks
MSC
Mobile services
Switching Center
Fig. 11
18
GSM PLMN
Siemens GSM Siemens
PLMN
Overview of call processing functions

The MSC follows the functions of a fixed network exchange as regards its
functionality. Consequently, varied proven call handling functions form the basis for
mobile specific supplementary services.
l Switching of user connections
l Routing functionality (path selection)
l Signaling with other MSCs and external network exchanges
l Evaluation of available signaling information for destination routing:
l Digit translation
l Legal interception
l Coping with abnormal signaling conditions, e.g. loss of signaling information
l Supplementary Service support
l Processing of transmission path attributes, e.g. echo compensation
l Call supervision
l Overload protection
l Control of priority calls, e.g. emergency call
l Charging
l Traffic measurement and traffic observation
l Support of maintenance and administration functions, e.g. connection cut off, trunk
test and measurement
19
GSM PLMN Siemens
MSC
Mobile services
Switching Center
••NSS
NSS“heart
“heart&&center”
center”
••Nodes
Nodesbetween
betweenNSSNSSregisters,
registers,BSS,
BSS,
other
other MSCs and externalnetworks
MSCs and external networks
••Serves
Servesseveral
severalBSS
BSS(BSC)
(BSC)
••Set-up
Set-up & switchingofofuser
& switching usertraffic
traffic&&signaling
signaling
••Always associated with
Always associated with VLRVLR
••Association
Associationwith
withHLR/AC
HLR/ACandandEIREIRpossible
possible
••Gateway
Gateway MSC: Gateway to externalnetworks
MSC: Gateway to external networks
••Visited
VisitedMSC:
MSC:MSCMSCserving
servingcertain
certainMS
MS
call processing functions mobile communication -

(similar to fixed network exchange) specific functions
Fig. 12
20
GSM PLMN
Siemens GSM Siemens
PLMN
Mobile specific functions

Additional to normal fixed network exchanges, the MSC has many mobile specific
functions due to the users mobility.
Mobile specific functions are for example:
l Signaling with BSC, MS & NSS databases (EIR, HLR, VLR)
l Processing of mobile-specific services
l Mobility Management, e.g. Paging, Inter-MSC Handover, Location Update,...
l Overload handling, e.g. OACSU
l Interworking Function for data services
l Mobile specific Announcements
l ...
MSC
Mobile services
Switching Center
call processing functions mobile specific functions

(similar to fixed network exchange)
• Set-up of signaling / user connections

• Signaling evaluation • Signaling with BSC, MS & NSS databases
® destination determination • Processing of mobile-specific services
• Connection path selection • Mobility Management,
• Processing of abnormal e.g. Paging, Inter-MSC Handover, Location Update,...
signaling information • Overload handling, e.g. OACSU
• Supplementary Service support • Interworking Function for data services
• Call monitoring • Mobile specific announcements
• Traffic monitoring & measurement
• Overload protection
• Billing
• Priority control (e.g. emergency call)
• Support of O&M functions
Fig. 13
21
GSM PLMN
Siemens GSM Siemens
PLMN
Visitor Location Register VLR

The Visitor Location Register VLR is responsible to aid the MSC with information on
the subscriber, which are temporarily in the MSC service area. Therefor, in praxis it is
always associated with an MSC.
The VLR request the subscriber data of user with activated MS on the MSC service
area from the HLR and stores them temporarily. Temporarily means as long as the
subscriber is not registered in a new MSC/VLR, even if he deactivated the MS.
Additional to the semipermanent subscriber data received from the HLR the VLR
stores temporary data, e.g. information on the subscribers current location (the
Location Area), the state of activation (Attached / Detached),...
Furthermore, the VLR is responsible for the initiation of security functions, e.g. the
Authentication procedure, the start of ciphering and the TMSI re-allocation.
Examples of subscriber data in the VLR:

l MSISDN: Mobile Subscriber ISDN number
l IMSI: International Mobile Subscriber Identity
l TMSI: Temporary Mobile Subscriber Identity
l HON: Handover Number
l LMSI: Local Mobile Subscriber Identity
l MSRN: Mobile Station Roaming Number
l Triples (Authorization parameters )
l ....
22
GSM PLMN Siemens
MSC
Mobile services
Switching Center
VLR
Visitor Location Register
Tasks:
• Subscriber management in MSC area
• Associated with MSC
• Authentication co-ordination
• commands start of ciphering
Subscriber data:
• Subscriber data from HLR (MSISDN, IMSI,
services (BS, TS, SS), service restrictions,..)
• Temporary subscriber information (LMSI, TMSI, LAI,
IMSI attach/detach, MSRN, HON, triples,...)
Entries valid until re-registration in another VLR!
Fig. 14
23
GSM PLMN
Siemens GSM Siemens
PLMN
Home Location Register HLR

The Home Location Register HLR is the main data base of the mobile subscriber.
The subscription of a user / his subscription data is stored in one HLR only. There
may be one or more HLRs in a GSM PLMN.
The HLR is always associated with an Authentication Center AC.
The HLR performs the following important tasks:
l It sends all necessary data to the VLR.
l It supports the call setup in case of Mobile Terminating Calls MTC by sending
routing information to the Gateway MSC (Interrogation).
l It transmits the Triples from AC to VLR on request
An HLR contains different semi-permanent mobile subscriber data, e.g.:

l MSISDN: Mobile Station International ISDN number
l Bearer Services BS
l Tele Services TS
l Supplementary Services SS
l Restrictions
An HLR contains different temporary information of the mobile subscriber, e.g.:

l VLR address
l Local Mobile Subscriber Identity LMSI
l Mobile Station Roaming Number MSRN
l SMS flags
24
GSM PLMN Siemens
AC
Authentication Center
Tasks:
• Security data storage (Ki)
• Generation of triples (VLR request)
• Associated with HLR
Data / algorithms:
• Ki, IMSI, A3, A8
HLR
Home Location Register
Tasks:
• Central storage/management of subscriber data
• Delivery of data to VLR
• Routing information at MTC
• Associated with AC
Subscriber data:
• Semipermanent data: MSISDN, IMSI,
services (BS, TS & SS), service restrictions,...
• Temporary subscriber information: VLR address,
LMSI, MSRN, SMS flags,...
Fig. 15
25
GSM PLMN
Siemens GSM Siemens
PLMN
Authentication Center AC
An Authentication Center AC contains all necessary means, keys and algorithms for
the creation of security related authorization parameters, the so-called Triples. The
Triples are created on VLR request and delivered via HLR to the VLR. An AC is
always associated with an HLR.
Central information contained in the AC are:
l Ki: Individual Key (top secret mobile subscriber identity)
l Algorithms for authentication and encryption: A3, A8.
Equipment Identity Register EIR

The Equipment Identity Register EIR contains the Mobile Equipment identity: the
International Mobile Equipment Identity IMEI. An IMEI clearly identifies a unique
Mobile Equipment ME and contains information about the place of manufacture,
device type and the serial number of the equipment.
EIR are an optional feature in GSM. They have been defined by ETSI to enable theft
prophylaxis. They carry out equipment identification functions: monitoring of stolen or
not allowed MEs.
There are three validity lists in EIRs: "white", "gray" and "black" lists for valid, to be
observed and to be blocked equipment.
A Common EIR (CEIR) in Dublin (Ireland) enables the world-wide identification of
stolen mobile equipment.
26
GSM PLMN Siemens
CEIR
Common EIR
site: Dublin
Tasks:
• Central, worldwide ME register
• Worldwide ME theft prevention
EIR
Equipment Identity Register
Tasks:
• Storage of ME data (IMEI)
• Monitoring of IMEI: "white", "gray", "black" list
ME data:
• IMEI = International Mobile Equipment Identity
= Type Approval Code TAC
+ Final Assembly Code FAC (manufacture site)
+ Serial Number SNR (device serial number)
+ Software Version Number SVR
Fig. 16
27
GSM PLMN
Siemens GSM Siemens
PLMN
GSM Phase 2+: GPRS

For the introduction of GPRS the GSM PLMN has to be enhanced by:
l Gateway GPRS Support Node GGSN
l Serving GPRS Support Node SGSN
l Packet Control Unit PCU
l Channel Codec Unit CCU
l HLR Extension
l GPRS MS
Serving GPRS Support Node tasks:

l serves all GPRS-MS in SGSN area
l Routing / Traffic-Management
l Mobility Management functions,
l e.g. Location Update, Attach, Paging,..
l storing Location information
l Security & Access Control
l collecting charging data
l signaling with HLR, EIR, GGSN, MSC
Gateway GPRS Support Node GGSN tasks:

l Gateway to PDNs
l Protocol conversion
l Routing / Traffic Management
l Screening / Filtering
Packet Control Unit PCU tasks:

l protocol conversion
l radio resource management
The Channel Codec Unit CCU enables to transmit using the new Coding Schemes
CS-1, CS-2, CS-3 and CS-4.
The HLR has to be extended to include the new type of GPRS subscriber data.
28
GSM PLMN Siemens
GSM Phase 2+: GPRS

Channel Codec Unit CCU: HLR Extension::
BTS-SW upgrade for new GPRS subscriber data
Coding Schemes CS-1... CS-4 (GPRS Register GR)
VMSC / PSTN
GMSC ISDN
VLR
Mobile CCU
BSS
DTE PCU HLR
extension
Gb
Gr
SGSN Gn GGSN Gi Internet

Packet Control Unit PCU: Serving GPRS Gateway GPRS
• protocol conversion Support Node Support Node
Intranet
• radio resource management
X.25
SGSN: GGSN:
• serves all GPRS-MS in SGSN area • Gateway to PDNs
• Routing / Traffic-Management • Protocol conversion
• Mobility Management functions, · Routing / Traffic Management
e.g. Location Update, Attach, Paging,.. · Screening / Filtering
• storing Location information
• Security & Access Control
• collecting charging data
• signaling with HLR, EIR, GGSN, MSC,.. For simplicity not all GPRS interfaces are shown
Fig. 17
29
GSM PLMN
Siemens GSM Siemens
PLMN
Operation SubSystem OSS

The Operation SubSystem OSS undertakes operation and maintenance tasks. The
functions of the network/ network elements may be centrally monitored and (remote)
controlled by the OSS. The control/operation & maintenance locally at each Network
Element NE (hardware implementation of functional elements) as local operation and
maintenance is distinguished by the central, remote-controlled functionality of the
OSS.
The functions of the OSS are performed by so-called Operation & Maintenance
Centers OMC. Depending on the manufacturer, there is sometimes spatial separation
between the operation & maintenance of BSS and NSS (Siemens: OMC-B and OMC-
S).
Important functions of the OSS:

l Management and commercial operation (subscriber, mobile equipment, billing)
l Sampling of information on network loads (statistical survey) for network
reorganization / optimization
l Security management
l Network configuration
l Remote operation of network elements
l Quality checks
l Preparation of maintenance work
30
GSM PLMN Siemens
OSS
Operation SubSystem
MSC/VLR
EIR
HLR/
AC
WS
NSS MSC/VLR OMC
Operation & Maintenance Center
• Subscriber and equipment data
management
e.g. clearing services, bills
• Network operation, configuration
TRAU
& management
• Collecting network load information
BSC & compiling statistics
• Error detection & correction
BSS • Security management
BTS • Performance control
Fig. 18
31
GSM PLMN
Siemens GSM Siemens
PLMN
Telecommunication Management Network TMN

CCITT guidelines for Telecommunication Management Network TMN (CCITT M.30)
designate the OSS as a telecommunication management system.
Seen from TMN level, the GMS-PLMN consists of a certain number of Network
Elements NE.
The TMN configuration of PLMN is ordered hierarchically into three levels:

l the lowest level is displayed by a large number of network elements NE of the
PLMN
l the middle level is realized by a certain number of regional Operation &
Maintenance Centers OMC
l the highest level is represented by operation systems, such as network
management system, administration management, charging system, national
OMC, etc.
OSS
Telecommunication
Operating systems
Management System national
according to OMCs,
TMN administration, billing,
network management system,..
regional
OMCs
Network Elements NEs
TMN: Telecommunication Management Network
Fig. 19
32
Chapter 4
Procedures
Procedures
Procedures
Contents
1 Codes & Identities 2

2 GSM Security Features 8
3 Location Update 19
4 Call Setup / Call Handling 24
Procedures Siemens
1 Codes & Identities
Procedures
CGI MCC MNC LAC CI
LAI
IMSI MCC MNC MSIN
HLR-ID X1 X2 X3 X4 X5 X6 X7 X8
MSISDN CC NDC SN
Codes & Identities
Fig. 1
2
Procedures
Siemens Siemens
Procedures
GSM Service Areas & Codes

The GSM system is hierarchically ordered into service areas. To identify and address
a certain service areas codes are used.
International GSM Service Area

The international GSM service area is the sum of areas being served by GSM
networks. A GSM subscriber may use all these GSM networks if his HPLMN has
Roaming Agreements with the VPLMN and his ME supports the corresponding
frequency range (GSM900 / GSM1800 / GSM1900).
National GSM Service Area

A national GSM service area contains one or more GSM-PLMN. The PLMN of
different operators may supplement one another or overlap each other.
The following codes are important to identify a national GSM service area:
l Mobile Country Code MCC: The MCC consists of 3 digits; it is used e.g. for the
International Mobile Subscriber Identity IMSI ,Location Area Identity LAI and Cell
Global Identity CGI.
l Country Code CC: The CC is the dialing code of the country in which the mobile
subscriber is registered. The CC consists of 2 or 3 digits and is used e.g. in the
Mobile Subscriber International ISDN number.
PLMN Service Area

A PLMN service area is administered by an operator. Several PLMN service areas
can overlap within a country. Thus the individual PLMNs must have a clear
identification:
l Mobile Network Code MNC: The MNC is the mobile specific PLMN identification;
it consists of 2 digits. The MNC is used in IMSI, LAI, CGI.
l National Destination Code NDC: NDCs identify the dialing code of a PLMN; it
consist of 3 digits. The NDC is used in MSISDN.
l Network Color Code NCC: The NCC is a PLMN discrimination code that is not
unambiguous. It is used as short identity (length: 3 bits) of a particular PLMN in
overlapping PLMN areas or in border regions; it is used e.g. in the Base Station
Identity Code BSIC.
3
Procedures Siemens
Hierarchy Service
of GSM Area Codes
Service Areas
/ Codes International
MCC: Mobile Country Code

e.g.: Aus 505, D 262, Lux 270
National CC: Country Code

e.g.: F 33, D 49, Lux 352
MNC: Mobile Network Code

e.g.: D1 01, D2 02, Eplus 03
PLMN 1 Operator
NDC: National Destination Code
e.g.: D1 171, D2 172, Eplus 177
MSC / SGSN „Switch“ MSC-Identity
LA1
LAC: Location Area Code
MCC: Mobile Country Code
CC: Country Code Location Area LA LA2 LAI: Location Area Identity
NDC: National Destination Code
NCC: Network Colour Code
LAC: Location Area Code
LAI: Location Area Identity
Cell CI: Cell Identity
CI: Cell Identity
CGI: Cell Global Identity CGI: Cell Global Identity
Fig. 2
4
Procedures
Siemens Siemens
Procedures
MSC/VLR Service Area

GSM-PLMN are subdivided into one or more MSC/VLR service areas. An attached
mobile subscriber is registered in the VLR, which is associated to his Visited MSC.
The MSC/VLR Id. is stored in the HLR, so that an MTC is possible.
Location Area LA
The LA is (in classical GSM) is stored as the most precise information of the
(attached) subscribers current location. This information is stored in the VLR
associated to the VMSC. If the MS turns from one LA to another, a Location Update
Procedure is necessary. The size of a LA is configured by the operator according to
the traffic or population density and the behavior of the mobile subscriber. A Location
Area can encompass one or more radio cells that are controlled by one or more BSC,
but never belong to different MSC areas. Location Area identities are:
l Location Area Code LAC: The LAC serves to identify a LA within a GSM-PLMN.
The LAC length is 2 bytes.
l Location Area Identity LAI = MCC + MNC + LAC; the LAI serves as an
unambiguous international identification of a location area.
BTS Service Area: the Cell

The cell is the smallest unit in the GSM-PLMN. A defined quality of the received
signal must be guaranteed within a cell. If a MS leaves the range of a cell during a
connection, a handover to the next cell is initiated. Cell identifications are:
l Cell Identity CI: The CI allows identification of a cell within a location area. The CI
length is 2 bytes.
l Cell Global Identity CGI = MCC + MNC + LAC + CI = LAI + CI; the CGI
represents an international unambiguous identification of a cell.
l Base Transceiver Station Identity Code BSIC = NCC + BCC (Base Station Color
Code); The BSIC represents a non-unambiguous short identification (NCC: 3 bit;
BCC: 3 bit) of a cell. The BSIC is emitted at a regular rate by the BTS. It enables
the MS to differentiate between different surrounding cells and to identify the
requested cell in a random access.
5
Procedures Siemens
National &
PLMN Codes Example*:
Germany
CC = 49
MCC = 262
D1
Telekom
NDC = 171
MNC = 01
Subscriber Identities D2
Mannesmann
IMSI
International Mobile Subscriber Identity
NDC = 172
MSIN MNC = 02
MCC MNC Mobile Subscriber Id. No.
Eplus
NDC = 177
HLR-ID X1 X2 X3 X4 X5 X6 X7 X8 MNC = 03
E2
MSISDN Viag Intercom
Mobile Subscriber ISDN Number NDC = 178
MNC = 04
CC NDC SN
Subscriber Number * This figure has just an illustrative purpose
and does not reflect the actual MSC areas
of any German PLMN operator.
Fig. 3
6
Procedures Siemens
Subscriber Identities:
l International Mobile Subscriber Identity IMSI = MCC + MNC + MSIN (Mobile
Subscriber Identification Number); IMSI length = 3 + 2 + 10 digits. The IMSI is the
unique identity of a GSM subscriber. It is used for signaling and normally not
known to the subscriber. Often die first two MSIN digits are taken to specify the
users HLR in the PLMN (operator dependent).
l Mobile Subscriber ISDN number MSISDN = CC + NDC + SN. MSISDN length: 2
/ 3 + 3 + max. 7 digits = max. 12 digits. The MSISDN is "the users telephone
number". A user has one IMSI (with one contract), but he can have different
MSISDN (e.g. for fax, phone,..).
l Temporary Mobile Subscriber Identity TMSI: The TMSI is generated by the VLR
and temporarily allocated to one MS. It is only valid in this MSC/VLR service.
When changing to a new MSC area, a new TMSI has to be allocated. The TMSI
consists of a TMSI Code TIC with length 4 bytes. Often the TMSI is used together
with the LAI.
Principle:
MSC, Location
MSC / VLR
& Cell Area
MSC / VLR
MSC / VLR
Identifier: LA
Cell LA
MSC / VLR - Identity Cell
LAI = MCC + MNC + LAC LA MSC / VLR
CGI = LAI + CI MSC / VLR
MCC MNC LAC CI

LA
LA
LAI
Fig. 4
7
Procedures Siemens
2 GSM Security Features
Procedures
Security Features:
• Authentication
• Ciphering
• TMSI allocation
• IMEI check
GSM Security Features
Fig. 5
8
Procedures
Siemens Siemens
Procedures
Security Features
In GSM the security of a mobile subscriber is ensured by several features.
l Authentication: protects the network operator and mobile subscriber against
unauthorized network use.
l Ciphering: is used to prevent eavesdropping of radio communications.
l Temporary Mobile Subscriber Identity TMSI allocation: protects the
subscribers identity in the initial access phase, where no ciphering is possible.
l IMEI check: prevents the usage of stolen/non-authorized mobile equipment.
Security aspects are described in the GSM Recommendations:

l 02.09: “Security Aspects"
l 02.17: "Subscriber Identity Modules"
l 03.20: "Security Related Network Functions"
l 03.21: "Security Related Algorithm"
Prerequisites for Authentication and Ciphering

For authentication and ciphering, the Authentication Center AC and the SIM card are
important; they store the following data:
l IMSI (International Mobile Subscriber Identity)
l Ki (Individual Key)
l A3, A8: Algorithms for the creation of authentication and ciphering parameters
Furthermore, for ciphering the algorithm A5 is stored in the Mobile Equipment. This
algorithm can be found in the BTS, too.
9
Procedures Siemens
A5 IMEI
Prerequisites
for Authentication
& Ciphering
MSC / VLR BTS

ME
IMEI IMSI
Ki
EIR
A3, A8
HLR AC
NSS BSS
SIM
Fig. 6
10
Procedures Siemens
Triples
The triples are parameters, which are necessary for authentication and ciphering.
They are produced in the Authentication Center AC and consist of:
l RAND (RANDom number)
l SRES (Signed RESponse): the reference value for the authentication
l Kc (Cipher Key): key necessary for ciphering.
The calculation of a triple in the AC occurs in the following manner:

l For the subscriber with a particular IMSI the reference value of authentication
SRES is calculated by the algorithm A3 from the users individual key Ki and the
random number RAND produced by a random number generator.
l The cipher key Kc is calculated by the algorithm A8 from the individual key Ki and
the random number RAND.
l RAND, Kc and SRES make together a complete triple.
At the request of the VLR, several triples are generated for each mobile subscriber in
the AC and transferred to the VLR via the HLR on request.
Remark: The individual key Ki is only stored in the AC and the SIM card. Different to
the IMSI and the triples, it is never transmitted through the network. For all signaling
procedures the users IMSI is used.
Triples A3(Ki, RAND) = SRES A8(Ki, RAND) = Kc

Calculation
Ki IMSI
Data-
RAND
Random base
Number
Generator
Algorithm Algorithm
A3 A8
AC
Authentication
SRES Kc Center
RAND SRES Kc
RAND = RANDom number
Triple SRES = Signed RESponse
Kc = Cipher Key
Fig. 7
11
Procedures
Siemens Siemens
Procedures
Authentication
The authentication checks the real identity of a user, i.e. his authorization to take
access to the network. Actually it is checked, whether the secret individual Key Ki
stored on the SIM card is identically to the one stored for this user in the
Authentication Center or not. The authentication procedure is or can be initiated by
the VLR in the following cases:
l IMSI Attach
l Location Registration
l Location update with VLR change
l call setup (MOC, MTC)
l activation of connectionless supplementary services
l Short Message Service (SMS)
Authentication Procedure
1. the VLR recognizes the need for an authentication; in the case, that no / no more
Triples are available in the VLR it requests a set of Triples from the HLR
2. the Triples are generated in the AC (see above) and sent via HLR to the VLR
3. the VLR sends the RAND to the MS; the SIM card calculates the SRES using Ki,
A3 and RAND (see above)
4. the MS sends the SRES back to the VLR; the VLR compares the SRES in the
triple with the SRES calculated by the MS; if they coincide, the network access
will be authorized and the general procedure will continue, otherwise
5. the access will be refused and the "Authentication Refused" message will be sent
to the MS
12
Procedures Siemens
• Location Registration LR
Authentication with: • LUP with VLR change
• Call Setup: MOC / MTC / SMS
• Activation of connectionless supplementary services
A B D
MS BSS MSC VLR HLR/AC
Um
1
*1
requests
triples
2
3 sends triples
3
3 sends RAND
4
4
sends SRES 4 coincidence
check
5
5 *2
5 sends
*1 only if no more Triples
“Authentication available in VLR
*2 only if coincidence
refused" check negative
Fig. 8
13
Procedures
Siemens Siemens
Procedures
Ciphering
Ciphering regards the security aspects of the information exchange between the
Mobile Station (MS) and the Base Station (BTS) on the air interface Um. User
information (speech/data) and signaling information are ciphered via air interface Um
(UL & DL). An exception is given by the initial signaling, before the cipher command
is sent from the network side. At initial signaling data exchange ciphering is not
possible, because the users identities are necessary prerequisite for the generation
of ciphering parameters. The cipher command is given after transmission of the user
identity (TMSI / IMSI) and the authentication procedure. Ciphering / Deciphering is
carried out in the BTS and in the MS.
The GSM Recommendation (02.16) of Phase 2 states that up to 8 logically different
encryption algorithms (incl. "no ciphering") should be used. The reason for this is the
intention
a) to assign different algorithms to different countries and
b) to provide MS, which do not use the A5-1 algorithm, with the possibility of
roaming in different GSM-PLMN networks.
Currently 3 algorithms are defined:
l A5-0: no ciphering for COCOM countries
l A5-1: "strict" cipher algorithm (originally MoU algorithm) for MoU-1 countries , A5-
1comes from GB; due to military origin (NATO), high security arrangements are to
be regarded
l A5-2: "simplified" cipher algorithm for MoU-2 countries (without COCOM
countries);
Remark: A5-0 is implemented in every MS and every BTS to enable access of every
MS in every network. Additionally A5-1 or A5-2 can be implemented.
14
Procedures Siemens
Ciphering
• Prevents eavesdropping in Um
• Application in user information and signalling
• Exception: initial signalling
MS Cipher command BTS
ciphered information
A5 A5
Rec.
Rec.02.16:
02.16:max.
max.88cipher
cipheralgorithms
algorithms
A5-0:
A5-0: no nociphering;
ciphering;COCOM
COCOMcountries
countries
A5-1:
A5-1: "strict"
"strict" ciphering; MoU-1countries
ciphering; MoU-1 countries
A5-2:
A5-2: "simple"
"simple" ciphering; MoU-2countries
ciphering; MoU-2 countries(except
(exceptCOCOM)
COCOM)
Fig. 9
15
Procedures Siemens
Ciphering process
Transmitter/receiver must use the same cipher algorithms.
In order to handle ciphering individually for every user, the individual key Ki (stored in
the SIM card and the AC) is used.
The cipher key Kc is transmitted after ciphering from the VLR to the BTS. The MS is
able to calculate Kc (after receiving RAND in the authentication procedure) by
algorithm A8 from RAND and Ki.
A 114 bit long cipher sequence is calculated using the cipher algorithm A5, the cipher
key Kc and the TDMA frame number (broadcasted cyclically by every BTS over the
cell area).
The speech, data and signaling information are ciphered / deciphered in 114 bit long
sequences being connected in a so-called "eXclusive OR" XOR operation.
Deciphering follows exactly the same scheme as ciphering, as the XOR operation
yields the original values after double application of XOR (using the same cipher
sequence).
To start ciphering, the network sends a cipher start command, which has to be
acknowledged by the MS (being the first ciphered information).
plain text 0 1 0 0 1 0 1 1 1 0 0 1...

Ciphering XOR cipher sequence 0 0 1 0 1 1 0 0 1 1 1 0...
& Authentication
ciphered text 0 1 1 0 0 1 1 1 0 1 1 1...
XOR cipher sequence 0 0 1 0 1 1 0 0 1 1 1 0...
plain text 0 1 0 0 1 0 1 1 1 0 0 1...
Um
encoded
transmission !
ME:
A5 VLR: AC:
BTS:
SIM: RAND A5 RAND, Kc IMSI A3, A8,
Triples:
Triples IMSI,Ki
A3, A8, RAND,
Ki, IMSI SRES SRES SRES, Kc
MS BTS VLR AC
Authentication: Ciphering: Authentication: Authentication
A3(Ki, RAND) = SRES A5(Kc,TDMA-No.) = CS SRES comparison & ciphering:
generates RAND
Ciphering: text XOR CS = ciphered text
A3(Ki, RAND) = SRES
A8(Ki, RAND) = Kc A8(Ki, RAND) = Kc
A5(Kc,TDMA-No.) = CS
text XOR CS = ciphered text CS: cipher sequence
Fig. 10
16
Procedures Siemens
TMSI Allocation
Ciphering protects the user from being eavesdropped. However, the ciphering with
Kc requires that the network is aware of the identity of the mobile subscriber with
whom it is in contact. Thus, during the initial phase of communication setup, when the
identity of the mobile subscriber is still unknown, the transmitted signaling information
can not be ciphered. During this phase a third party may identify a subscriber and the
desired service.
In order to protect the identity of the subscriber in this phase, a temporary
identification of the subscriber is distributed: the Temporary Mobile Subscriber
Identity TMSI.
The TMSI is used instead of the real user identity, the International Mobile Subscriber
Identity IMSI. This TMSI is allocated by the VLR, which is associated to the VMSC.
The MS usually identifies itself with the TMSI in the initial access phase to the VLR.
The VLR uses this TMSI to re-identify the IMSI. This is only possible if the TMSI has
been allocated by the same VLR. If not, the VLR has to request the VLR, which has
allocated the TMSI to the MS, to deliver the IMSI. Therefore, the TMSI is in most
cases transmitted together with the old LAI, which identifies uniquely a VLR. The
request VLR - VLR is only possible, if both VLR belong to the same PLMN.
Therefore, the IMSI has to be transmitted via Um at the first registration in a new
PLMN and obviously at the very first usage of the SIM card (i.e. in the case of
Location Registrations).
A new TMSI (TMSI re-allocation) can optionally be allocated to the MS after every
authentication & cipher start (and the optional IMEI check).
• •Network
Networkrequires
requiressubscriber
subscriberId.
Id.for
forcall
callsetup
setup
TMSI • •Id. necessary for triples calculation
Id. necessary for triples calculation
Allocation • •Start
Startofoftransmission
transmissionofofId.Id.uncoded
uncoded
• •TMSI
TMSI prevents eavesdroppingofofsubscriber
prevents eavesdropping subscriberId. Id.(IMSI)
(IMSI)
• •New TMSI with VLR change & usually at
New TMSI with VLR change & usually at call setup call setup
sends
MS TMSI BSS MSC VLR HLR/
= LAI + TIC TMSI TMSI determines IMSI AC
IMSI from
IMSI
Authentication TMSI
Þ Ki Þ
Ciphering Triples
Triples
stores new assigns

new TMSI new
TMSI TMSI
For
ForLA
LAchange
changewithwithMSC/VLR
MSC/VLRchange:
change:
••New VLR identifies old VLR by TMSI
New VLR identifies old VLR by TMSI
••Subscriber
Subscriberdata:
data:query
queryofofold
oldVLR
VLR
Fig. 11
17
Procedures Siemens
IMEI Check
In contrast to the other security mechanism authentication, ciphering and TMSI
allocation, the check of the International Mobile Equipment Identity IMEI is optional. It
depends on the operators decision whether a EIR is implemented and IMEI checks
are done.
IMEI check serves to identify stolen, expired or faulty mobile equipment. A IMEI
clearly identifies a particular mobile device and contains information about the place
of manufacture, type approval code and the serial number of the equipment.
The IMEI consists of: Type Approval Code TAC, Final Assembly Code FAC, Serial
Number SNR and a Software Version Number SVN.
If a IMEI check in the PLMN is intended, the Mobile Station MS will be requested to
submit the IMEI during call setup after authentication and cipher command. The MS
sends back its IMEI. The IMEI is routed to the EIR of the PLMN. A check occurs here
to find out whether the IMEI is registered on the black or gray list, i.e. whether the MS
is blocked from further use of the PLMN, or whether it has to be observed.
IMEI Check ••Recognise

Recognisestolen,
stolen,expired
expiredand
andfaulty
faultyMEs
MEs
TAC FAC SNR SVN

Type Approval Code Final Assembly Code Serial Number Software Version Number
24 Bit 8 Bit 24 Bit (spare) 4 Bit
MS BSS MSC/VLR EIR

authentication
ciphering Initiates
authentication Checking
ME
Ciphering IMEI
identified
IDENT_REQ (white, grey
by
Initiates or black list)
IMEI
IMEI Request IMEI
IDENT_RSP
(Identity Request)
Fig. 12
18
Procedures Siemens
3 Location Update
Procedures
request
Location Update
MS
BTS
Location Update
Fig. 13
19
Procedures
Siemens Siemens
Procedures
Location Registration / Location Update

Information of the current location of a mobile subscriber are necessary to built up a
connection to the subscriber, i.e. to start a Mobile Terminating Call MTC. To keep
track of the users current location the Location Registration / Update procedures are
used. Always the MS is responsible to initiate this Location Registration /
Update procedures. It informs the network on its current Location Area. The
Location Area information is stored in the currently responsible VLR. The identity of
this VLR is stored in the users HLR.
If a MS is "new" in a PLMN a Location Registration is performed. "New" is defined as
the very first usage of a SIM card or a first access after changing the PLMN.
In case of a Location Registration the network needs the IMSI of the MS, because
either no TMSI has been allocated before to the MS (in case of first SIM usage) or it
is impossible to regenerate the IMSI from the TMSI, because the new VLR is not able
to get into contact with the old VLR (e.g. in case of PLMN changes). After Location
Registration, in the following Location Updates are used to update the location
information in the PLMN. In a Location Update only the TMSI is transmitted via Um.
There are three reasons to perform a Location Update Procedure LUP:
l Location Update with "IMSI Attach": If a MS is switched on / off, the network is
informed about the change of the current MS state, i.e. whether to be reachable or
not. Therefore, when being switched on / off, the MS performs an "IMSI Attach" /
"IMSI Detach" procedure. The information whether the MS is Attached / Detached
is stored in the VLR. If an "IMSI Attach is performed it is connected with a LUP.
l Normal Location Update: Normally a LUP is performed after the MS has
recognized that it has crossed the boarder between two different Location Areas.
The MS is able to recognize the LA change, because it always listens around to
the broadcast information of all cells in its environment, which include the CGI
(and so the LAI). If the LAI of the strongest cell changes, a LUP is performed.
l Periodical Location Update: A periodic LUP is initiated by a MS at regular
intervals. If the VLR does not receive the LUP after a certain time, a "Mobile
Station not reachable" flag is set.
The LUP is not performed during the duration of a connection. In this case, the LUP
is performed after call release.
20
Procedures Siemens
• Location Registration: initial MS registration in PLMN

Location • Location Update
Registration/ • no LU during connection!
Update BCCH:
CGI =
26205A64B... LAI =
2620533
request
Location Update
MS
3 types of Location Update:
• normal
BTS • periodic
• with IMSI attach
Fig. 14
21
Procedures Siemens
Location Update Procedure LUP without change of the MSC area
1. The MS recognizes that the LAI has changed. It requests a LUP, identifying itself
with the TMSI or IMSI. The request and the identity are forwarded to the VLR.
2. The VLR re-identifies the IMSI from the TMSI. If no / no more Triples are
available in the VLR, it requests triples from the AC via the HLR.
3. The AC generates a set of Triples and delivers them via HLR to the VLR.
4. The VLR stores the Triples and initiates the Authentication, then gives the cipher
start command and initiates an IMEI check (optional).
5. If the Authentication, cipher start and IMEI check are successful, the VLR needs
for call setups the subscriber data. In case of a LR, they are have not been
stored before in the VLR and so they have to be requested from the HLR.
Together with this request, the VLR delivers its identity and the information,
where this subscriber is stored in the VLR, i.e. the Local Mobile Subscriber
Identity, to the VLR.
6. The HLR stores the VLR identity and LMSI and transmits the requested
subscriber data to the VLR.
7. The VLR stores the subscriber data and assigns a TMSI (LR: mandatory) or a
new TMSI (LUP: only with MSC/VLR change) to the MS. This TMSI is transmitted
together with the VLRs acknowledgement, that the LUP has been successful, to
the MS. There, the new TMSI and LAI are stored on the SIM card.
Location Update LUP

1
1
1
requests LUP,
LR: IMSI 2
LUP: TMSI *1
requests triples
3
4 triples
authentication, ciphering, (IMEI check)

5
requests
subscriber data;
sends VLR-Id.
& LMSI
6
7 sends data
7
7 sends TMSI =
LAI + TIC *1 only if no more Triples
available in VLR
Fig. 15
22
Procedures Siemens
Location Update Procedure LUP with VLR change
1. The MS recognizes that the LAI has changed. It requests a LUP, identifying itself
with the TMSI. The request and the identity (TMSI in combination with the old
LAI) are forwarded to the new VLR.
2. The new VLR receives the TMSI and LAI. It recognizes from the LAI, that the
TMSI has been allocated by another VLR (old VLR). Thus, the VLR is not able to
re-identify the IMSI from the TMSI and has no chance to request the subscriber
data from the HLR. Therefor, the new VLR calculates the address of the old VLR
from the LAI and transmits the TMSI to the old VLR and requests it to deliver the
users IMSI. The old VLR delivers the IMSI and the remaining Triples to the new
VLR. Remark: If this step 2 is not possible (e.g. line break between old and new
VLR) the new VLR commands the MS to transmit the IMSI directly.
3. The new VLR uses the IMSI to calculate the users HLR. The new VLR transmit
its identity and LMSI to the HLR and requests the HLR to deliver the subscriber
data and, if necessary, a set of Triples.
4. The HLR stores the new VLRs identity and LMSI, confirms the information,
supplies the subscriber data and, if necessary, the Triples.
5. The HLR informs the old VLR to erase the stored data set of this subscriber.
6. The VLR now starts authentication, ciphering and (optionally) IMEI check.
7. The VLR allocates a new TMSI to the MS.
Location Update Procedure LUP

incl. MSC - VLR change 2
3
old HLR new
VLR AC VLR
5
4
7 6 1
MSC MSC
7 6 1
BSS BSS
Um
LA change
7 6 1
with MSC / VLR change
Fig. 16
23
Procedures Siemens
4 Call Setup / Call Handling
Procedures
MOC
MS starts network access
(PLMN, ISDN, PSTN)
MTC
MS is contacted
MMC
MS1 starts network access
MS2 is contacted
MIC
Special case MMC:
both MSs in same MSC area
Call Setup
Fig. 17
24
Procedures Siemens
Siemens Procedures
Call Setup
Different procedures are necessary depending on the initiating and terminating party:
l Mobile Originating Call MOC: Call setup, which are initiated by an MS
l Mobile Terminating Call MTC: Call setup, where an MS is the called party
l Mobile Mobile Call MMC: Call setup between two mobile subscribers; MMC thus
consists of the execution of a MOC and a MTC one after the other.
l Mobile Internal Call MIC: a special case of MMC; both MSs are in the same MSC
area, possibly even in the same cell.
Mobile Originating Call MOC

1. Channel Request: The MS requests for the allocation of a dedicated signaling
channel to perform the call setup.
2. After allocation of a signaling channel the request for MOC call setup, included
the TMSI (IMSI) and the last LAI, is forwarded to the VLR
3. The VLR requests the AC via HLR for Triples (if necessary).
4. The VLR initiates Authentication, Cipher start, IMEI check (optional) and TMSI
Re-allocation (optional).
5. If all this procedures have been successful, MS sends the Setup information
(number of requested subscriber and detailed service description) to the MSC.
6. The MSC requests the VLR to check from the subscriber data whether the
requested service an number can be handled (or if there are restrictions which do
not allow further proceeding of the call setup)
7. If the VLR indicates that the call should be proceeded, the MSC commands the
BSC to assign a Traffic Channel (i.e. resources for speech data transmission) to
the MS
8. The BSC assigns a Traffic Channel TCH to the MS
9. The MSC sets up the connection to requested number (called party).
Remark: This MOC as well as the MTC described in the following describes only the
principles of an MOC / MTC, not the detailed signaling flow.
25
Procedures Siemens

1 2 2
sends identification +
*1 3
Channel Request
subscriber Id. authentication requests
TMSI (IMSI) request triples
3
4 triples
authentication + start ciphering + IMEI check + new TMSI

5
6
Setup (Phone No.,..) requests call
information
6 *1 only if no more Triples
8 7 sends info available in VLR
commands
9
Traffic Channel
assignment channel assignment
Setup connection to B-subscriber
Fig. 18
26
Procedures Siemens
Siemens Procedures
Mobile Terminating Call MTC

In the case of a MTC the mobile subscriber is the called party. The MTC call flow
differs in dependence on the initiating party. In this example the initiating party is
subscriber on an external network.
1. After analysis of the MSISDN (CC and NDC) a request to set up a call is
transmitted from an external exchange to the GMSC.
2. The GMSC identifies the users HLR from the MSISDN. It starts a so-called
Interrogation to the HLR to get information of the subscribers current location.
3. The HLR identifies the subscribers IMSI from the MSISDN and checks the
subscribers current location, i.e. the VLR address. The HLR informs the VLR
about the call and requests a Mobile Station Roaming Number MSRN (including
the VMSC address) from the VLR. The request to the VLR includes the LMSI,
which enables the fast access to the users data in the VLR.
4. The VLR transmits the MSRN to the HLR, which forwards this number and the
IMSI to the GMSC. If the VLR has information, that the MS is Detached currently,
the call is rejected / forwarded to the Mailbox.
5. The GMSC uses the MSRN (including the VMSC address) and IMSI to get into
contact with the VMSC.
6. The VMSC requests information (LAI, TMSI) for call setup from its VLR
7. The VLR sends these data.
8. The VMSC uses the LAI to start the Paging procedure. Paging means to search
to MS in the total Location Area (the precise cell is not known).
9. The MS responses the Paging, i.e. from now on its cell is known.
10. This topic includes: Authentication, cipher start, IMEI check and TMSI Re-
allocation.
11. The MSC transmits the Setup information to the MS, commands the BSC to
allocate a Traffic Channel to the MS and switches through the connection.
27
Procedures Siemens

BTS VMSC VLR HLR GMSC
BTS 1
2 call
MS BTS 3
Interrogation: request
sends IMSI MSRN request
requests MSRN
4 4
sends MSRN
5 5 5
connection request
6
requests data
8 7 (LAI, IMSI)
8 sends data
Paging
Paging
9 9
Paging Response
10 10 10
authentication + ciphering + IMEI check + new TMSI
11 11 11 11 call through switching
Assignment of Traffic Channel
Fig. 19
28
Procedures Siemens
Mobile - Mobile Call MMC / Mobile Internal Call MIC

MMC and MIC are only special cases / combinations of the MOC and MTC.
Mobile Mobile Call MMC

The MMC is a call setup initiated by a MS and terminating at a MS. Thus, MOC and
MTC are executed one after the other.
For the call setup of a MMC the same procedures are valid as in the case of MOC
and MTC for the call setup between a mobile subscriber and a fixed subscriber. In
the case of PLMN internal MMC, instead of inquiring the GMSC the VMSC of the
calling party queries the HLR of the called party.
Mobile Internal Call MIC

A special case of the MMC is represented by the MIC. Here, both mobile subscribers
are in the same MSC area or even in the same cell. No shortening of the procedure
takes place here. MOC and MTC procedures are executed after each other, the only
difference is that the MSC involved is VMSC for both, the calling and called party.
Mobile Mobile Call MMC traffic

channel
VLR
EIR VMSC BSC
BTS
VLR
VMSC BSC
HLR AC
BTS
NSS Network Switching Subsystem RSS Radio Subsystem
Mobile Internal Call MIC traffic

channel
EIR BSC
VLR BTS
VMSC
HLR AC BSC
BTS
NSS Network Switching Subsystem RSS Radio Subsystem
Fig. 20
29
Procedures Siemens
Off Air Call Set Up OACSU

The OACSU is used in case of overload on the radio interface (a lack of Traffic
Channels). It is helpful to overcome short term bottleneck situations without rejecting
call requests.
If there is currently a lack of Traffic Channels OACSU enables to delay the TCH
allocation until there is an answer of the called participant. In most cases this will
need several 10 s. There is a high probability that during this time another call is
finished and this TCH is then reserved for the delayed TCH allocation.
OACSU can theoretically be used for MOC and MTC.
In the case of OACSU so-called partial connections are set up. After the TCH is as-
signed, the partial connection is completed. The delay of the TCH assignment is
monitored by a timer. When the time frame has run out, a TCH is assigned. The
OACSU can lead to an announcement for the called party, if he/she picks up the
phone before the delayed assignment of the TCH.
Restraints for OACSU:

l not for international calls
l not for data connection
l not for emergency calls
OACSU • Delayed call setup

• No traffic channel assignment until
Off Air Call Set Up B-subscriber answers / timer expires
A- subscriber
call setup:
B- subscriber
signaling
traffic channel
assignment
MS B-subscriber B-subscriber
BTS
answers answers
Not for:
• International calls
• Data connection
• Emergency calls
Fig. 21
30
Procedures
Siemens Siemens
Procedures
Handover HO: Handover Types

Handover HO are a change of the physical channel during a current connection.
There are various types of handover:
l Intra-Cell Handover: In the case of Intra-Cell Handover, a physical channel within
a cell is changed. A reason for this may be an interference in the frequency
currently being used. Frequency and/or Time Slot can be changed. Therefore it
differs from the feature "frequency hopping", in which the frequency is changed
after a certain algorithm, but the time slot is never changed. Frequency hopping
and Intra-Cell Handover exclude each other. The intra-cell handover is realized
internally in the BSS, i.e. the BSC decides without MSC involvement. Only the
message "handover performed" is sent to the MSC after the handover.
l Intra-BSS Handover: An Intra-BSS Handover is carried out between two cells of
the same BSS. The procedure is decided and performed by the BSC (no MSC
involvement). The MSC is informed only after the handover ("handover
performed").
l Intra-MSC Handover: An Intra-MSC handover is a handover between two BSSs
of the same MSC. The MSC decides about this Handover and switches between
the two BSCs.
Inter-MSC Handover: A Inter-MSC Handover include at least two MSCs. The
MSC has to decide and to switch. Inter-MSC handovers are one of the most
complicated GSM procedures, in particular in the case of MSCs made by different
manufacturers. One has to distinguish between "Basic Inter-MSC Handover" and
"Subsequent Inter-MSC Handover".
Basic Inter-MSC Handover: If a MS changes for the first time from the area of an
MSC (A) to the area of a MSC (B), this is described as Basic Handover.
Subsequent Handover: If the MS also leaves the MSC (B) area and moves into the
area of a further MSC (C) or returns to the area of the old MSC (A), this follow-on
handover is called Subsequent Inter-MSC Handover. The handover is controlled
by the initial MSC, which is called MSC (A) = Anchor MSC. In a Subsequent Inter-
MSC Handover with MSC (C) for a short time three MSCs are connected for one
call. The connection MSC (A) - MSC (B) is released after successful set up of
connection between MSC (A)and MSC (C).
The Anchor MSC is responsible for billing. This is the reason, why Inter-PLMN
Handover, i.e. Handover between different PLMNs are normally not performed.
31
Procedures Siemens
Handover Types Intra-BSS
Intra-cell
BTS
f 1, TS 1 Handover
BSC performed
BTS BSC
MSC
f 2, TS 2
Handover BTS
performed
Intra-MSC MSC
Inter-MSC basic
BSS
MSC - A MSC - B
MSC
BSS subsequent MSC - C
Fig. 22
32
Procedures
Siemens Siemens
Procedures
Handover Decision
The handover algorithm is based on periodically measurements of MS and BTS
concerning the strength and quality of the received signals. The MS measures quality
and strength of the connection and the strength of the serving BTS and that of the
surrounding BTSs. The BTS measures quality and strength of the connection as well
as the distance MS - BTS (Timing Advance TA).
The result of the MS measurements is transmitted to the BTS. The BTS adds its own
measurements and transmits the data as "Measurement Report" to the BSC.
The BSC has to decide, whether a handover is necessary or not. The decision is
determined by the comparison between the current measured values and the
threshold values. If no threshold values are exceeded, the BSC analyses whether an
other BTS as the current one would enable a better air interface quality. Different
other aspects have to be taken into account, e.g. the current load of the cells.
Furthermore, so-called "Ping-Pong Handover" should be prevented.
If an Inter-cell handover is initiated, the criterion of availability of surrounding cells is
used to set up a list of suitable handover destinations in a declining order of priority.
This list forms the basis for the final handover decision that is carried out by the BSC
(in case of Intra-BSS Handover) or by the MSC (in case of Inter-BSC / -MSC
Handover).
Handover criteria are e.g.:
l Strength of the received signal (UL and DL)
l Quality of the received signal (UL and DL)
l Distance MS - BTS (Timing Advance, UL)
l Signal strength of suitable surrounding cells (UL, BCCH)
l Interference that decrease the signal quality (UL and DL)
33
Procedures Siemens
MS Measurement:
Handover Timing Advance, connection quality & strength:
Decision Power control strength of serving BTS &
surrounding BTSs
Measurement:
Measurement report
connection quality & strength,
distance measurement (TA)
BTS
Measurement value processing
Measurement (averaging, limit values,..)
report
HO
decision
Evaluation list
BSC (suitable BTSs for HO...)
Initiation of HO type
BSC/
Handover
MSC
Fig. 23
34
Procedures Siemens
Handover Example: (Basic) Inter-MSC Handover

1. During an existing connection, the MS permanently measures the quality and
power level of the received information and measures the strength of its own and
the surrounding BTS. Furthermore, the BTS measures the quality and strength of
the connection and the Timing Advance. The results are as measurement report
to the BSC. The BSC analyses the need for Handover. If an Handover is
necessary, the BSC creates a list of preferable cells to which the Handover
should be performed. If an Handover to a cell of another BSC / MSC is
necessary, the information is forwarded to the MSC (A). In this example, a
Handover from Cell A to Cell B is preferable. On basis of the BSC information,
the MSC (A) decides to initiate a Basic Inter-MSC Handover to MSC (B),
because Cell B is in the service area of MSC (B).
2. MSC (B) requests the BSC, which is responsible for Cell B to allocate resources
for this connection and prepare network transmission capacities for the call. A
second connection is built up parallel to the existing connection. The DL
information is split and delivered to both BTS.
3. MSC (A) gives command to the MS (via BSC) to change the physical channel.
Changing the physical channel, the MS immediately is connected to Cell B.
4. The initial connection is released, the resources are set free for other
connections. The users data are still transmitted via MSC (A); it is the Anchor-
MSC.
BSC to MSC (A):

Handover HO please!
example
BSC
VLR
cell B MSC (A) BTS
® MSC (B)
BTS
VLR
B BTS
BTS
MSC (B) A
BTS
Level:
BTS cell A
cell B BTS
BSC cell C
C
BTS BTS
1. BSC: HO necessary
2. Parallel connection setup
3. MS changes phys. channel
4. Original connection released
Fig. 24
35
Procedures Siemens
Emergency Call
The connection set up for the Tele Service "Emergency Call" is similar the that of the
Mobile Originating Call MOC.
The mobile subscriber starts this service either by pressing a SOS key or by dialing
an emergency service number (often: 112).
The setup follows the MOC signaling flow. Differences are:
l no Authentication is necessary
l no Ciphering will be used
l no IMEI check is performed
l no TMSI Re-allocation is performed
A short call setup is resulting in this lack of security features. Furthermore, the
Emergency Call should always be possible with any MS, even without a valid SIM
Card.
Emergency calls are treated with precedence. This may also lead to the release of
other existing connections.
The BSS always delivers the location of the emergency call to the MSC. Depending
on this origin, the emergency connection is then transmitted from the MSC to the
regionally responsible Emergency Call Center. The available location information can
be delivered to the Emergency Call Center, too (operator dependent).
Emergency Emergency Call

Center
Call
SOS
call setup:
without:
• Authentification
• Ciphering
MSC
• IMEI check
• TMSI-Reallocation • Direct connection
• Supplies location info
Emergency call:
• Priority treatment
• no security features
MS • fast call setup
• usually always possible,
even without valid SIM card
Fig. 25
36
Procedures Siemens
s
Short Message Service SMS transmission (MT-SMS)
MS attached (i.e. reachable):

l A Short Message Service Center SM-SC (out of the scope of the GSM Rec.) tries
to transmit the SMS to the requested MS via GMSC.
l The GMSC performs an Interrogation to the HLR to get knowledge about the
current VMSC.
l The HLR requests the VLR for an MSRN and forwards this to the GMSC.
l The GMSC gets into contact with the VMSC and the SMS is delivered to the MS.
Different to the MOC, no Traffic Channel allocation is necessary in case of SMS
transmission. The SMS can be transmitted via Signaling Channel.
MS Detached (not reachable):

l The SM-SC tries to transmit the SMS to the requested MS via GMSC.
l The GMSC performs an Interrogation to the HLR to get knowledge about the
current VMSC.
l The HLR requests the VLR for an MSRN. This is not possible, because the
subscriber is Detached and the VLR stores this information.
l In the following, a SMS flag is set in the VLR and in the HLR. Furthermore, the
HLR stores the address of the SMS-SC.
l The HLR informs the GMSC that the SMS can not be delivered and the GMSC
rejects the request of the SM-SC. The SMS is still stored in the SM-SC.
l If the MS is switched on again, an IMSI Attach procedure is performed to the VLR.
l Due to the SMS flags, the VLR informs the HLR, that the MS is reachable again.
l The HLR requests via GMSC the SM-SC to start the SMS transmission again.
37
Procedures Siemens
MS DetachedÞ
MSDetached Þ
SMS / • •nonoSMS
SMSdelivery
deliverypossible
possible
• •SMS
SMSstored
storedininSM-SC
SMS-SC • •flag
flagininVLR
VLR&&HLR
SM-SC
HLR
IMSI AttachÞ
IMSIAttach Þ
• •VLR
VLRinforms
informsHLR
HLR
• •HLR
HLR requestsSM-SC
requests SM-SCviavia
SMS-GMSC
SMS-GMSCtotoretransmit
retransmitSMS
SMS
SM-SC SMS-
SMS Service Center
VMSC MS
GMSC
HLR VLR
HLR-flag
+ SM-SC Id(s)
VLR-flag GSM-PLMN
Fig. 26
38
Chapter 5
Radio Interface
Radio Interface
Radio Interface
Contents
1 Physics of Layer 1 2
2 Logic of L1 14
3 MOC / MTC 25
Radio Interface Siemens
1 Physics of Layer 1
Radio Interface (Layer 1)

time Duplex distance: 45 MHz
TS7 Example:
GSM900
TS6
TS5
TDMA UL DL
frame TS4
4.615
ms ••• •••
TS3
Physical
Physicalchannel
channel(Um)
(Um)
TS2
TS
TS1
577
ms
TS0
890 915 935 960

200 kHz Frequency
Physics of Layer 1 [MHz]
Fig. 1
2
Radio
SiemensInterface Siemens
Radio Interface
The Radio Interface: Physics of Layer 1

The Layer 1 of Um is described in GSM Rec. 04.04. In the following, L1 is separated
for didactical reasons in the “Physics of L1” transmission and the “Logic of L1”
transmission.
For the transmission of user data / signaling physical channels are allocated to the
users. A physical channel in GSM is defined by a frequency pair for UL/DL and a
Time Slot TS of the TDMA frame. The frequency bandwidth in GSM is 200 kHz. A
Time Slot TS has a duration of 0.577 ms. 8 TS form a TDMA frame; the duration of a
TDMA frame is 4.615 ms.
The Burst
In GSM, using FDMA & TDMA for multiple access, the transmission of data is not
continuously. In every Time Slot TS the HF has to be switched on, the data are
transmitted briefly and then the HF transmission is switched off again. This type of
HF transmission is called “pulse” or “bursty” operation. Therefore, the content of a TS
is called “Burst”.
The transmitter is only allowed to transmit the HF Burst within the duration of the TS.
If the HF transmission exceeds the duration of the TS, the transmission might
interfere with the transmission of the succeeding user. In this case, strong
disturbances of both connections follow. For this reason, the transmission must be
timed exactly. Furthermore, it is not possible to switch on / off immediately. To
prevent interference between neighboring TS, the GSM Rec. define a duration during
which the switching process must be closed. The BS and MS must be able to switch
the HF power on / off within 0.028 ms over a wide dynamic range. This range is 70
dB for BS and 36 dB for MS.
So the burst transmission can be explained as a maximum of 0.028 ms for switching
on HF to the necessary power level, 0.5428 ms for the HF transmission of the so-
called “useful part” (corresponding with 147 bit) and 0.028 ms for switching off the HF
power level down to “background noise” level. Note: This “useful part” + flanks
exceeds the duration of a TS (0.577 ms) and often irritate readers of GSM literature.
The 0.028 ms are however only time maximum limits for the flanks. They carry no
valuable information and so they are allowed to interfere with the succeeding Bursts
in a negligible way.
3
The Burst
Power
„Useful
„Usefulpart“
part“
Time
28 ms 542,8 ms 28 ms
Fig. 2
4
Burst: Content
A Time Slot is defined as a duration of 0.577 ms (to be precise: 0.576923 ms). This
duration is divided per definition into 156.25 bit. This means an individual bit has a
duration of 3692.3 ns.
The 156.25 bit are used / defined as follows:
142 bit for the transmission of “Information” (not only users data / signaling but also
control information necessary for maintenance of the connection)
3 bit as Tail Bits TB for edge limitations of the TS. They are preventing, that useful
information are “falling” into the flanks of the burst. TB contain no useful information.
They are modulated as content “0”.
8.25 bit as Guard Period GP. The GP is not part of the HF transmission. It is used to
compensate run-time effects in the cells. Note: There is one exception of GPs: The
first MS transmissions of the MS toward the network use special bursts (Access
Burst) with an extended GP of 68.25 bit.
Burst: Content
··· 7 0 1 2 3 4 5 6 7 ···
TS = 576 12/13 ms
= 156.25 bit
1 bit = 3.6923 ms
TB “Information” TB GP
Tail Bits Tail Bits Guard Period
3 bit 142 bit 3 bit 8.25 bit
HF transmission
Fig. 3
5
Example: Normal Burst NB

The Normal Burst is part of the “Logic of Layer 1” and will be explained together with
the four other Burst Types later-on in detail. It is shown here for didactical reasons to
get an idea of the content of what has been determined as “Information”.
The 142 bit of “Information” (content: “0” or “1”) are realized in the middle of the burst
to enable reliable transmission. The 3 TB (content: “0”) on the edge provide buffer
against data loss at the flanks of the burst.
The Normal Burst NB contains:

l 2 x 3 bit as Tail Bits TB
l 2 x 57 bit as Information (User Data / Signaling)
l 2 x 1 bit as “Stealing Flags” which inform the receiving side if user data or user
related signaling is transmitted
l 26 bit as Training Sequence for time synchronization and transmission quality
analysis
Now the structure of a TS / burst is explained, the content has been described down
to bit level, but the question is now:
How are the “0” and “1” physically presented on the radio interface?
Normal Burst 55Burst

BurstTypes
Types
with
withdifferent
differentlogical
logicalcontent
content
(discussed
(discussedlater-on)
later-on)
Example:
Normal Burst
156.25 Bit = 576.9 ms
Training
TB Information-Bits S
Sequence
S Information-Bits TB GP
3 57 1 26 1 57 3 8.25
Bit
142 bit “Information”
S: Stealing flag
TB: Tail Bits
GP: Guard Period
Fig. 4
6
GSM Modulation: Gaussian Minimum Shift Keying

For transmission of the binary data “0” and “1” in GSM a frequency modulation
method has been chosen. It is known as Gaussian Minimum Shift Keying GMSK.
Minimum Shift Keying MSK

The GMSK is based on Minimum Shift Keying MSK. MSK is a modulation principle,
where the information is transmitted in the instantaneous frequency of the HF signal.
The carrier frequency fT is shifted by the frequency difference ,f = 67.7 kHz to
indicate "1" or "0". This is achieved not by shifting the frequency directly, but by a
change of the phase velocity. This results in a frequency and phase variation.
Gaussian MSK
In GMSK, the phase transitions are smoothed by filtering the data with a gaussian
curve. This enables smooth phase shifts, keeping the bandwidth comparable narrow.
Thus, a bandwidth of only 200 kHz can be achieved.
Minimum Shift
Keying MSK
1
binary
0
signal
f
T - f
frequency
f
T
f + f
T
+ 180°
+ 90°
phase t
- 90°
- 180°
MSK signal x Gaussian curve

GMSK: Gaussian MSK Þ smaller band-width
Fig. 5
7
Radio
Radio Interface
Frames
TDMA frames
A single frequency band in TDMA systems is subdivided into several Time Slots TS,
which can be used by different users. In GSM 8 TS form one TDMA frame (4.615
ms), i.e. 8 physical channels are using the same frequency band being cyclically
(every 4.615 ms) allocated to a certain user / application.
So the TDMA frame is a repetition cycle with a duration of 4.615 ms.
The TDMA frames themselves are again part of a repetition cycle of a larger duration.
Certain contains are always repeated after a certain duration. This repetition cycle is
called: Multiframe.
Multiframes
Here a separation has to be done according to the type of information a physical
channel is transmitting. The physical channels can be used to transmit either user
data or signaling.
Multiframes of physical channels allocated for user traffic (Traffic Channels TCH) are
repetition cycles of 26 TDMA frames.
Multiframes of physical channels allocated for signaling data (mostly on one / several
of the TS0 of the carrier of one cell) are repetition cycles of 51 TDMA frames.
Certain “logical contents” are repeated on certain TDMA frames of the 26 TDMA
frames of the TCH Multiframes or on the 51 TDMA frames of the signaling
Multiframe.
8
Signaling
Time 50
User
Traffic
Frames
49
25
48 24
47 23
46 22 • TDMA-
21
45 20 • Multi-
Multi- 44 Frames
• Super-
43
Frames • Hyper-
5
4 Time
3 7
2 6
1
0
7 5
6 4
5
4 3
3 2
TDMA
2 frame cyclical
cyclicalrepetition
repetition
1 1
0 of
of certaincontents
certain contents
RFC RFC RFC 0 RFC
1 2 3 124
Frequency
FDMA
Fig. 6
9
Example: Traffic Channel TCH Multiframe

The TCH Multiframe consists of 26 TDMA frames with user data. Every one of this 26
TDMA frames contains a certain “logical content”. So certain contents are repeated
every 120 ms. This is necessary because the “user data” which are transmitted on
this Traffic Channel are not only the user information (Traffic Channel TCH = user
speech, fax, data) which he likes to transmit. Also user related control information
(so-called Slow Associated Control Channel SACCH) which are necessary to
maintain the connection are transmitted on the same physical channel. They are
transmitted every TCH Multiframe, i.e. every 120 ms on the 13th TDMA frame (Full
Rate TCH), respectively at Half Rate transmission for the first user of this physical
channel on the 13th and for the second user on the 26th TDMA frame.
In Full Rate transmission the 26th TDMA frame is empty (Idle I).
A general overview and description of the different “logical contents” which are
defined in GSM and the content of the Signaling Multiframes is given later-on in
“Logic of L1”.
Example: User related control data

TCH Multiframe to maintain connection
Full Rate (FR) TCH
T T T T T T T T T T T TAT T T T T T T T T T T T I
26 TDMA frame = 120 ms
T t T t T t T t T t T t A t T t T t T t T t T t T a
2 Half Rate (HR) TCH

T/t = TDMA frame for TCH
A/a = TDMA frame for SACCH/T
I = Idle Signaling Multiframe
TCH: Traffic Channel ® Logic of L1
SACCH: Slow Associated Control Channel
Fig. 7
10
Radio Interface
Siemens Siemens
Radio Interface
Time Structure of the Radio Interface:

Bit: The shortest unit of the GSM radio interface is one bit. Its information is GMSK
modulated onto the HF. Its duration is 3692.3 ns.
Time Slot TS: The TS consists of 156.25 bit. It is the shortest possible transmission
time in GSM with a duration of 0.57688 ms.
TDMA frames: 8 TS form 1 TDMA frame with a duration of 4.615 ms. 8 physical
channels are using the same frequency band being cyclically (every 4.615 ms)
allocated to a certain user / application.
Multiframes: The TDMA frames themselves are again part of a repetition cycle of a
larger duration, the Multiframe. Certain contains are always repeated after a certain
duration. Multiframes for user traffic (Traffic Channels TCH) are repetition cycles of
26 TDMA frames with a duration of 120 ms. Multiframes for signaling are repetition
cycles of 51 TDMA frames with a duration of 235.4 ms.
Superframe: The TCH / Signaling Multiframes are summarized in longer repetition
cycles to Superframes. Superframes consist of 51 TCH / 26 Signaling Multiframes. A
Superframe (1326 TDMA frames) is the smallest common multiple of TCH and
signaling Multiframes with a duration of 6.12 s.
Hyperframe: The Hyperframe is the GSM numbering period. It comprises 2048
Superframes and is exactly 12,533.76 s or 3 h 28 min 56.76 s long. It is a multiple of
all cycles described up to now and determines all transmission cycles / periods on
the radio interface. The Hyperframe is the shortest cycle for repetition of the
frequency hopping algorithm and for ciphering.
Time Hyperframe =
Numbering Period
Structure 2048 Superframes » 3h 29 min
e.g. repetition of
• frequency hopping
• ciphering
1 Superframe =
51 x 26
0 1 2 3 ··· 4950 Channel organisation
TDMA frames scheme
0 1 2 3 24 25
» 6.12 ms
1 TCH Multiframe = 1 Signalling Multiframe =

26 TDMA frames = 120 ms 51 TDMA frames » 235,4 ms
Repetition scheme
0 1 2 3 ··· 24 25 for TCH / Signaling 0 1 2 3 ··· 49 50
1 TDMA frame
0 1 2 3 4 5 6 7
= 8 TS = 4,615 ms
1 Burst = 156,25 bit = 576,88 us

BURST = TS content
(1 bit = 3,6923 us)
Fig. 8
11
Adaptive Frame Alignment

In GSM the numbering of the Uplink UL and Downlink DL Time Slots TS is shifted by
three TS against each other. This prevents simultaneous transmission and reception
in GSM and enables to create simpler and cheaper Mobile Stations MS. Narrowband
filters are not necessary. This enabled to built GSM handhelds directly from
commercial start of GSM in the early 90th.
Timing Advance TA
The Guard Periods GP of the Normal Bursts are not able to compensate signal
delays in larger GSM cells. The MS receives synchronization signals from the BS,
synchronizes their transmission based on this signals, but it cannot recognize its
distance from the BS. The distance can be up to 35 km in a normal GSM cell. A
transmission without special compensation of this run-time delay would result in
interference with the succeeding TS.
Therefore, the BS analyses the delay of the MS transmission using the very first MS
burst (which has an extended GP). The BS adjusts its transmission in the DL and
informs the MS with the Timing Advance TA information how to adjust the UL
transmission (i.e. how much earlier the transmission has to start). Over the total
connection, the delay is analyzed by the BS and new TA values set for the MS. 64
TA values (difference: plus/minus 1 bit period) can be used to compensate run-time
effects.
Adaptive frame alignment /

Adaptive frame alignment: Timing Advance TA
preventing simultaneous
transmission / receiving
UL/DL shifted by 3 TS
UL 0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7 DL
Timing Advance TA:

compensation of propagation delays
BTS commands MS to transmit earlier:
2 x propagation time MS - BTS
Fig. 9
12
Radio
Radio Interface
Frequency Hopping
Frequency Hopping means to change the frequency used for transmission is
consequently changed every TDMA frame following a certain frequency hopping
algorithm. The Time Slot of the physical channel is still fixed.
The logic behind frequency hopping is to guarantee that all channels have the same
high degree of transmission quality by dividing possible short term interference over
all channels of the cell.
So a narrow-band interference does not disrupt the total transmission on one carrier,
i.e. on one frequency band, because the transmission is hopping from TDMA frame
to TDMA frame to other frequencies.
Nevertheless, now interference occurs for all the carrier of the cell from time to time
when transmitting on the disturbed frequency band. But this can be compensated in
GSM, because in classical GSM there is always redundancy on the transmitted data.
The redundant information is delivered in the next TS of the succeeding TDMA
frame, i.e. on another frequency (which is not disturbed).
Frequency hopping is optional in GSM. It is on the PLMN operators decision to use
frequency hopping or not. Frequency hopping significantly improves the quality /
reliability of transmission.
The carrier transmitting the Broadcast Control Channel BCCH (carrying information
necessary for MS synchronization to the network) does not participate in frequency
hopping.
Frequency hopping is done in the MS and BS, managed from the BSC. The
frequency hopping algorithm can be configured from an OMC.
Frequency Hopping Compensation of

narrow-band interference
Þ stable & reliable transmission
(redundant bits on different TDMA frames)
RFC 1
RFC2
RFC 3
RFC 4
RFC 5
TCH frame 0 frame 1 frame 2 frame 3 frame 4 frame 5
Fig. 10 13
2 Logic of L1

BCCH
BCH DL
FCCH
Broadcast Channel
SCH
PCH
DL
Signaling CCCH
Common Control AGCH
Channel UL
RACH
SDCCH
DCCH UL
Dedicated Control +
Channel DL SACCH
FACCH
TCH/F
Traffic
UL + DL
User Data TCH/H
Logic of L1
Fig. 11
14
Radio
Radio Interface
Logical Channels
Different signaling and user data contents determine different Logical Channels in
GSM.
For user data transmission two different Logical Channels are used:
l TCH/F Traffic Channels, Full rate (FR/EFR speech: 13 / 12.2 kbit/s; data: 9.6
kbit/s)
l TCH/H Traffic Channels, Half rate (HR speech: 5.6 kbit/s; data: 4.8/2.4/1.2/0.6/0.3
kbit/s)
For signaling 3 types of Logical Channels are used: BCHs, CCCHs and DCCHs.
Broadcast Channels BCH are used DL only for MS synchronization & information:
l FCCH Frequency Correction Channel: for MS frequency synchronization
l SCH Synchronization Channel: for MS time synchronization; contains additionally
TDMA frame no., BSIC
l BCCH Broadcast Control Channel: contains system & cell parameters, e.g. CGI
(i.e. PLMN, LAI), channel combining, frequency hopping algorithm, cipher mode,
cell capabilities: e.g. EFR/FR/HR, VAD/DTX, ASCI, HSCSD, GPRS, EDGE,..)
Common Control Channels CCCH are used uni-directional UL & DL for initial
access:
l PCH Paging Channel: to search the MS in the LAI in case of an MTC
l RACH Random Access Channel: MS request for dedicated signaling resources
l AGCH Access Grant Channel: to grant a dedicated channel to the MS
Dedicated Control Channels DCCH are used bi-directional for dedicated signaling:
l SDCCH Stand-alone Dedicated Control Channel: dedicated signaling between MS
& BS for Call Setup (Authentication, Cipher start, IMEI check, TMSI-Reallocation,
Setup,..) LUP procedures, SMS
l SACCH Slow Associated Control Channel: allocated together with SDCCH or
TCH; control information to maintain connection (e.g. DL: Power Control, Timing
Advance, Comfort Noise; UL: Measurement Reports for Handover,..)
l FACCH Fast Associated Control Channel: allocated instead of TCH in case of
enhanced demand for signaling resources (Handover, Call Release, IMSI-Detach,
OACSU..)
15
Logical channels
FCCH Frequency synchronization
BCH DL
Broadcast Channel
SCH Time synchronization + BSIC, TDMA-No.
CGI, FR/EFR/HR, VAD/DTX, HSCSD,
BCCH frequency hopping, channel combinations
PCH Paging / Searching (MTC)

DL
Signaling CCCH
RACH Request for signaling channel
Common Control
Channel UL
AGCH Allocation of signaling channel
Signaling MS « BTSE for e.g. Call Setup
SDCCH (Authentication, Cipher start, IMEI check,
UL Setup info,..) LUP, SMS,...
DCCH
Dedicated Control + Measurement Report,
DL SACCH
Channel TA, PC, cell parameters,...
Signalling instead of TCH
FACCH (e.g. for HOV, IMSI Detach, Call Release)
TCH/F User data Full Rate

Traffic
UL + DL
User Data TCH/H User data Half Rate
BCCH: Broadcast Control Channel AGCH: Access Grant Channel SACCH: Slow Associated Control Channel
FCCH: Frequency Correction Channel RACH: Random Access Channel FACCH: Fast Associated Control Channel
SCH: Synchronisation Channel SDCCH: Stand-alone Dedicated Control Channel TCH: Traffic Channel
PCH: Paging Channel
Fig. 12
16
Radio
Radio Interface
Burst Types
The HF transmission, which is transmitted in a Time Slot with a pre-defined bit
sequence is call Burst. In GSM there are 5 different Burst types defined:
Normal Burst NB: The NB is used for most of the Logical Channels (TCH, BCCH,
PCH, AGCH, SDCCH, SACCH, FACCH). It consists of the following bit sequence:
l 2 x 3 bit as Tail Bits TB for edge limitation of the HF burst (content: “0”),
l 2 x 57 bit as Data Bits (Information), which carry the users data or signaling
information.
l 2 x 1 bit as Stealing Flags S, which indicate whether user data (TCH) or user
related signaling (FACH) is transmitted in this Burst.
l 26 bit as Training Sequences, which are fixed bit pattern (8 different sequences
exist for NB) for synchronization of the transmitted burst & recognition of
transmission quality
l 8.25 bit as Guard Period GP, which is not part of the HF transmission; used as
guard period between succeeding TS.
Frequency Correction Burst: It is used for the FCCH only, consisting of:
l 142 Fixed Bits with content “0”; it is used for MS frequency synchronization
l 2 x 3 bit as Tail Bits
l 8.25 bit Guard Period
Synchronization Burst: It is used for the SCH only, consisting of:

l 64 bit as Training Sequence for initial precise MS time synchronization
l 2 x 39 bit with Information necessary for initial MS access (BSIC, TDMA frame
number, NB training sequence used in this cell,..)
Random Access Burst: It is used for RACH only, consisting of:

l 36 bits Information for initial access (BSIC, MS random no., access reason)
l 41 bits as Synchronization Sequence
l 8 + 3 bits as Tail Bits
l 68.25 bits Guard Period GP; the extended GP prevents interference with the
succeeding TS occurring due to the run-time problem (the MS lacks of information
about its distance to the BS before starting access)
17
Dummy Burst: The Dummy Burst has NB structure; it is transmitted in special cases
if nothing else (useful) is to be transmitted (e.g. at the BCCH carrier, which has to be
transmitted continuously because it is the cell beacon).
156.25 Bit = 576.9 ms

Burst Types
TCH, BCCH, PCH, AGCH,
Normal Burst SDCCH, SACCH, FACCH
TB
Information S Training S Information TB GP
3 1 Sequence 1 3 8.25
57 bit 57 bit
bit bit 26 bit bit bit bit
TB TB GP
Fixed bits
3 142 bit 3 8.25
bit bit bit
Frequency Correction Burst: FCCH

TB Training TB GP
Information Information
3 Sequence 3 8.25
39 bit 39 bit
bit 64 bit bit bit
Synchronization Burst: SCH

TB Synchronization TB GP
Information
8 Sequence 3 68.25
36 bit
bit 41 bit bit bit
Random Access Burst: RACH

Dummy Burst: Structure ® Normal Burst
Fig. 13
18
Radio
Radio Interface
Multiframe: Channel Combinations

There are seven different schemes to co-ordinate the logical channels in multiframes.
Three schemes are used for the co-ordination of Full rate and Half rate Traffic
Channels. Four schemes are used to co-ordinate signaling, depending on the
requirements of the individual cell. The network operator has do decide, which
channel combinations are used for a cell.
Combination I – III are used for TCH Multiframe co-ordination (Full rate / Half rate).
Combination IV – VII are used for Signaling Multiframe co-ordination.
Combination I: TCH/F + FACCH/F + SACCH/F

Combination I is used to transmit Full rate user data & speech. The frames 0–11
and 13-24 are used for user data, frame 12 is used for SACCH (user related
control data) and frame 25 is not used (I: Idle).
Combination II & III: TCH(0,1) + FACCH/H(0,1) + SACCH/H(0,1) respectively

TCH/H(0) + FACCH/H(0) + SACCH/H(0) + TCH/H(1) + FACCH/H(1) + SACCH/H(1)
Combination II & III are used to transmit Half rate user data & speech. 2 TCH/H
user have to share the 26 multiframes. Data from user 1 or user 2 are filled
alternately into the frames. The SACCH of user 1 is on frame 12, the SACCH of
user 2 is on frame 25.
Combination IV: FCCH +SCH + CCCH (PCH & AGCH) + BCCH

Combination IV offers much space for the Common Control Channels CCCH.
Therefore, this combination is used often for cells with many carrier. As BCCH
carrier it is the cell beacon and so it must be used exactly only on one carrier of
the cell. It is allocated on TS 0 of this carrier and has to be transmitted
continuously. If no useful information is to be transmitted, Dummy Bursts have to
be used. There is no Power Control used on the cells beacon. Combination IV
lacks of dedicated signaling channels (SDCCH and SACCH). Therefore, it has to
be used together with combination VII.
19
Multiframe: Channel Combinations

I) TCH/F + FACCH/F + SACCH/F
II) TCH/H(0,1) + FACCH/H(O,1) + SACCH/H(0,1)
III) TCH/H(0) + FACCH/H(0) + SACCH/H(0) + TCH-Combinations
TCH-Combinations
TCH/H(1) + FACCH/H(1) + SACCH/H(1) shown
shownbefore
before
IV) FCCH + SCH + CCCH + BCCH
V) FCCH + SCH + CCCH + BCCH + SDCCH/4 + SACCH/4
VI) CCCH + BCCH
VII) SDCCH/8 + SACCH/8
DL Combination IV
F S BCCH CCCH F S CCCH F S CCCH F S CCCH F S CCCH I
0 1 2-5 6 - 9 10 11 12 - 19 20 21 22 - 29 30 31 32 - 39 40 41 42 - 49 50
UL
R R R R R R R R R R R
0 1 10 11 20 21 30 31 40 41 50
F:FCCH C: CCCH (PCH, AGCH)

S:SCH I: Idle
B: BCCH R: RACH
Fig. 14
20
Radio
Radio Interface
Combination V: FCCH + SCH + CCCH + BCCH + SDCCH/4 + SACCH/4

Combination V is the minimum configuration for a cell, because is contains all
logical channels necessary for signaling in a cell. It is often used for cells with only
one or two carrier. For combination V the same is valid as for combination IV: It is
the cell beacon, it must be allocated on TS 0 of exactly one carrier of the cell. It
has to be transmitted continuously. SDCCH/4 and SACCH/4 means that this
combination offers the capacity for 4 simultaneous dedicated signaling
connections.
Combination VI: CCCH + BCCH

Combination VI can be used together with combination IV and VII for cells with
very much traffic and many carriers (up to 16 carriers). This means to be an
increased demand for Common Control Channels, which are offered by
combination VI. The multiframe structure of combination VI is similar as the
structure of combination IV, without FCCHs and SCHs. In combination with IV,
combination IV is allocated on TS0 on the carrier and VI combinations can be
allocated at TS 2 / 4 / 6 depending on the traffic volume of the cell.
Combination VII: SDCCH/8 + SACCH/8

Combination IV and VI offer no dedicated signaling channels. Therefore, they have
to be used together with combination VII. Combination VII offers up to 8
simultaneous dedicated signaling channels. Combination VII can be allocated on
TS 0 of other carrier than the BCCH carrier. The BCCH indicates the allocation of
combination VII.
21
Signaling Multiframe: Combination V

DL: BCCH + CCCH + 4 SDCCH (SDCCH/4) + 4 SACCH (SACCH/4)
SDCCH SDCCH SDCCH SDCCH SACCH SACCH
F S BCCH CCCH F S CCCH CCCH F S 0 1 FS 2 3 FS 0 1 I
SDCCH SDCCH SDCCH SDCCH SACCH SACCH

F S BCCH CCCH F S CCCH CCCH F S 0 1 FS 2 3 FS 2 3 I
UL: CCCH + SDCCH/4 + SACCH/4

SDCCH SACCH SACCH SDCCH SDCCH SDCCH
3 RR 2 3 RRRRRRRRRRRRRRRRRRRRRRR 0 1 RR 2
SDCCH SACCH SACCH SDCCH SDCCH SDCCH
3 RR 0 1 RRRRRRRRRRRRRRRRRRRRRRR 0 1 RR 2
DL Combination VII SDCCH/8 + SACCH/8

SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH SACCH SACCH SACCH
0 1 2 3 4 5 6 7 4 5 6 7 I I I
SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH SACCH SACCH SACCH
0 1 2 3 4 5 6 7 0 1 2 3 I I I
UL
SACCH SACCH SACCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH
5 6 7 I I I 0 1 2 3 4 5 6 7 4
SACCH SACCH SACCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SDCCH SACCH
0 1 2 I I I 0 1 2 3 4 5 6 7 0
Fig. 15
22
Radio
Radio Interface
L1 Summary: Physical Channels & GSM Data Rates

GSM uses combined TDMA and FDMA for multiple access.
GMSK has been chosen as modulation principle. The GSM channel bandwidth is 200
kHz, the modulation rate 270.833 kbit/s (derived from the GSM frequency normal 13
MHz: 13 MHz/48).
According to the GSM TDMA principle chosen with 8 physical channels on one
carrier the total gross data rate for 1 physical channel is 270,833 / 8 = 33,85 kbit/s.
1 physical channel consists of 1 TS (UL/DL) on 1 carrier. 1 TS consists of 156.25 bit.
In the Normal Burst, used for TCH transmission, only 114 bit of these 156.25 bit are
information bits (user data & user related signaling). Therefore, only 24.7 kbit/s of the
33.85 kbit/s are information.
In a TCH Multiframe, only 24 of the 26 frames are filled with TCH, i.e. user data. The
other frames are filled with SACCH (frame 12) or Idle (frame 25). Therefore, the real
gross rate of user data in GSM is 22.8 kbit/s.
The net rate in GSM is 13 kbit/s for FR speech, 12.2 kbit/s for EFR, 9.6 kbit/s for data
transmission (+ different other rates for HSCSD and GPRS). The difference between
the GSM net rate of user data and the gross rate of 22.8 kbit/s is used for data
redundancy to enable a reliable transmission.
The GSM modulation rate is 270,833 kbit/s. I.e. one single bit has a duration of
3692.3 ns.
156.25 bit form one Time Slot TS, i.e. the duration of one TS is 0.5769 ms.
8 TS form one TDMA frame, i.e. the duration of one TDMA frame is 4.615 ms; it
contains 1250 bit.
23
L1 Summary: Physical Channel / GSM Data Rates

UL: 890 MHz 915 MHz
FDMA RFC RFC RFC ••• RFC ••• RFC RFC

1 2 3 i 123 124
GMSK 270.833
200 kHz
Modulation kbit/s
1 TDMA Frame: 4.615 ms / 1250 bit

TDMA 0 1 2 3 4 5 6 7
1 TS: 33.85 kbit/s
1 Normal Burst: 576.9 ms / 156.25 bit

TB Information S Training Seq. S Information TB GP
3 57 1 26 1 57 3 8.25
1 Bit = 3.6923 ms
24.7 kbit/s = 22.8 kbit/s TCH data (incl. redundancy)

+ 0.95 kbit/s SACCH + 0.95 kbit/s “Idle”
Fig. 16
24
3 MOC / MTC

RACH: Channel Request
AGCH: Immediate Assign
SDCCH: CM Service Request
SDCCH: Authentication Request
SDCCH: Authentication Response
SDCCH: Cipher Mode Command
SDCCH: Cipher Mode Complete
SDCCH: Setup
SDCCH: Call Proceeding
SDCCH: Assign Command

••
•
MOC / MTC
Fig. 17
25
Radio Interface
Siemens Siemens
Radio Interface

The MOC is defined as an MS initiated call setup. Several procedures are necessary
between the MS and the BSS respectively the CN to set up a call. In the following the
L1 messages on Um necessary for a “normal” MOC (without Off Air Call Setup
OACSU; no emergency call) are shown:
l Channel Request (RACH):MS requests the assignment of a dedicated signaling
channel
l Immediate Assignment (AGCH): the network assigns a dedicated signaling
channel (SDCCH & SACCH). Additionally, a first TA information and Power
Control PC is included.
l CM Service Request (SDCCH): the MS provides information on the requested
service (Basic Call, Emergency Call, SMS,...) and transmits the subscribers
identity (TMSI / IMSI).
l Authentication Request (SDCCH): the networks checks the real identity (Ki) of the
SIM transmitting RAND.
l Authentication Response (SDCCH): the MS answers with the SRES on the
Authentication Request
l Cipher Mode Command (SDCCH): the network commands the MS to start
ciphering
l Cipher Mode Complete (SDCCH): the MS acknowledges the cipher start (first
ciphered message)
l Setup (SDCCH): the MS transmits the Setup information including the desired TS /
BS and number of the B-subscriber.
l Call Proceeding (SDCCH): the network acknowledges the authorization for the
requested service and confirms the call proceeding.
l Assign Command (SDCCH): a TCH is allocated to the MS
l Assign Complete (FACCH): the MS confirms the TCH allocation (using TCH
resources)
l Alerting (FACCH): the network informs the MS on successful call setup (i.e. the
phone of the B subscriber rings). This starts generation of the ringing signals in the
MS, too.
l Connect (FACCH): the MS is informed, that the B subscriber accepted the call
l Connect Acknowledge (FACCH): the MS confirms the Connect message
l TCH: now network switch over to data transfer; the communication is able to start
26
RACH: Channel Request MS requests for signaling channel
AGCH: Immediate Assign Signalling channel allocation [SDCCH x, TA]
SDCCH: CM Service Request Request MOC (SMS, Emergency Call,..)

[TMSI/IMSI]
SDCCH: Authentication Request Request Authentication [RAND]
MOC SDCCH: Authentication Response Authentication Response [SRES]
Mobile SDCCH: Cipher Mode Command Start Ciphering [A5-X]

Originating
SDCCH: Cipher Mode Complete
Call Acknowledgement; 1st ciphered message
SDCCH: Setup Setup Message [Called No.]
SDCCH: Call Proceeding Requested Service possible

(after subscriber profile check in VLR)
SDCCH: Assign Command TCH-Allocation [frequency, TS]

FACCH: Assign Complete Acknowledgement on TCH resource
FACCH: Alerting “Ringing at B-Subscriber”,

start ringing signal in MS
FACCH: Connect “B-Subscriber accept call”
FACCH: Connection Ackn. Acknowledgement
Start of user data transmission & charging
TCH
Fig. 18
27
Radio
Radio Interface

The basic MOC includes at least 14 messages. As a rule, this signaling requires less
than 2 s.
Optional further messages are:
IMEI Request, IMEI Response to check the equipment identity
TMSI Reallocation: to allocate a new TMSI to the MS
IMEI check and TMSI reallocation are proceeded after start of ciphering
OACSU:
In case of (TCH) overload on Um OACSU can be used. In this case, the Assign
Command / Assign Complete messages are sent after the Alert message, wasting no
TCH resources during this time (only SDCCH resources).
Emergency Call
In case of an Emergency Call, Authentication and Cipher are skipped. Call setup is
faster and allows usage of every Mobile Equipment (even without valid SIM card;
IMEI on black list).
MOC Part I & Part II

The two slides MOC Part I & Part II are optional for the TM2100 “GSM Introduction”
course. They show the full message flow for a Basic MOC between MS and BSS /
NSS, including IMEI check and TMSI reallocation as well as the Call Release.
The SS7 message flow using L4 protocols MAP & BSSAP and L3 Radio Interface
messages of RR, MM and CM can be used for self-study.
28
MOC ISDN
MS BSS Part I MSC VLR
Channel Request CHAN_REQ
Immediate Assign IMM_ASS_CMD)
CM Service Request CM_SERV_REQ
CM_SERV_REQ
Process Access Request
PROC_ACCESS_REQ
Authentication Request AUTH_REQ
AUTH_REQ
Authentication Response AUTH_RSP

AUTH_RSP
AUTH_RSP
Set Cipher Mode

Cipher Mode Command CIPH_CMD SET_CIPH_MODE
CIPH_CMD
Cipher Mode Complete CIPH_MOD_COM

CIPH_MOD_COM EIR
Check IMEI
Forward New TMSI
TMSI Re-allocation TMSI_REAL_COM FORW_NEW_TMSI
TMSI-REAL-CMD
TMSI_REAL_COM
TMSI_REAL_COM
SETUP TSMI Acknowledged
TMSI_ACK
SETUP
SEND INFO
Fig. 19
29
MOC ISDN
MS BSS Part II MSC VLR
Complete Call CALL_CMP
Call Proceeding CALL_PROC
CALL_PROC
Assign Request ASS_REQ
Assign Command ASS_CMD
Assign Complete ASS_COM
ASS_COM
Initial Address Message IAM
ALERT Address Complete Message ACM

ALERT
Answer Message ANM
Connect CON
CON
Connect Acknowledged CON_ACK

CON_ACK
User data
Disconnect DISC
DISC
Release REL
Release REL
REL
Release Complete RLC
Release Command REL_COM REL_COM
Clear Command CLR_CMD

Release phys. Channel CHAN_REL
Disconnect DISC Clear Complete CLR_CMP
Fig. 20
30

The MTC is initiated by the network if there is a call for the subscriber. The MTC
message flow is very similar to the MOC message flow. The most important
difference on Um is the start. The MS has to paged in all cells of a Location Area LA,
using the Paging message.
Paging (PCH): The MS is paged in all LA cells using the TMSI / IMSI.
Setup (SDCCH): Another difference between MTC and MOC is the Setup message.
In an MTC it is transmitted from the network to the MS, giving information on the
requested service (TS, BS) and the ISDN / MSISDN number of the calling party.
Call Confirmed (SDCCH): After checking its capabilities to support the requested
service, the MS acknowledges the Setup message with Call Confirmed.
Alerting (FACCH): Different to the MOC, in the MTC the Alerting message is
transmitted from the MS to the network, to indicate the start of ringing in the MS.
Connect (FACCH) & Connection Acknowledge: Different to the MOC, in the MTC
both messages have opposite direction, too.
PCH: Paging Request Searching MS in Location Area
RACH: Channel Request MS requests for signaling channel
AGCH: Immediate Assign Signalling channel allocation [SDCCH x, TA]
SDCCH: CM Service Request Request MOC (SMS, Emergency Call,..)

[TMSI/IMSI]
SDCCH: Authentication Request Request Authentication [RAND]
MTC SDCCH: Authentication Response Authentication Response [SRES]
Mobile
Terminating SDCCH: Cipher Mode Command Start Ciphering
Call SDCCH: Cipher Mode Complete Acknowledgement; 1st ciphered message
SDCCH: Setup Setup Message

[Bearer Service, Calling No.]
SDCCH: Call Confirmed Requested Service possible in MS
SDCCH: Assign Command TCH-Allocation [frequency, TS]

FACCH: Assign Complete Acknowledgement (on TCH resource)
FACCH: Alerting “Ringing signal started in MS”
FACCH: Connect “Mobile subscriber accept call”

FACCH: Connection Ackn. Acknowledgement
Start of user data transmission & charging
TCH
Fig. 21
31
Appendix
Appendix
Appendix
Contents
1 References 2
2 Abbreviations 3
Appendix Siemens
1 References
l M. Mouly, M.B. Pautet, "The GSM System for Mobile Communications", Cell & Sys
(1992), ISBN 2-9507190-0-7
l S. Redl, M. Weber, K. Oliphant, "An introduction to GSM", Artech House Inc.
(1995), ISBN 0-89006-785-6
l A. Mehrotra, "GSM System Engineering", Artech House Inc. (1997), ISBN 0-
89006-860-7
l G. Heine, "GSM-Signalisierung", Funkschau: Funktechnik, Franzis-Verlag GmbH
(1998), ISBN 3-528-15302
l G. Heine, "GSM Networks: Protocols, Terminology and Implementation", Artech
House Inc. (1999), ISBN 0-89006-471-7
l G. Heine, "GPRS from A – Z", Artech House Inc. (2000), ISBN 1-58053-181-4
l G. Heine, "GPRS, EDGE, HSCSD and the Path to 3G", Artech House Inc. (2001),
CD-ROM, ISBN 1-58053-275-6
l "System Description D900/D1800 - GSM PLMN" A50016-D1109-V11-2-7618

l "Technical Description D900/D1800 - Switching Subsystem (SSS)" A50016-
D1109-V2-1-7618
l "Base Station System (TED-BSS)" A30808-X3247-H10-1-7618
2
Appendix Siemens
2 Abbreviations
AB access burst
AC authentication center
ACCH associated control channel
ACE antenna coupling equipment
ACE-Rx ACE receive side
ACE-Tx ACE transmit side
ACG auxiliary clock generator
ACM address complete message
ACU antenna combining unit
ADC analog to digital converter
AEF additional elementary function
AF audio frequency
AFC automatic frequency control
AGC automatic gain control
AGCH access grant channel
AMA automatic message accounting
AMPC ATM bridge Processor C
ANT-COMB antenna combiner
AoC advice of charge
AP application part
APS application program system
ARFCN absolute radio frequency number
ARQ automatic repeat request
ASN ATM Switching Network
ATB all trunks busy
ATE automatic test equipment
AUC authentication center
AUT(H) authentication
BA BCCH allocation
BAIC barring of all incoming calls
BAOC barring of all outgoing calls
BAP base processor (CP113)
BCC base transceiver station color code
3
Appendix Siemens
BCCH broadcast control channel

BCH broadcast channel
BER bit error rate
BHCA busy hour call attempts
BIC- Roam barring of incoming calls when roaming outside the HPLMN country
BNHO barring all outgoing calls except those to HPLMN
BOIC barring of outgoing international calls
BOIC-exHC barring of outgoing international calls except those directed to the
HPLMN
BS base station
BSC base station controller
BSCU base station control unit
BSIC base transceiver station identity code
BSS base station system
BSSAP base station system application part
BSSMAP base station system management application part
BSSOMAP base station system operation and maintenance application part
BSU base station system switch unit
BTS base transceiver station
CA cell allocation
CAS channel associated signaling
CAP call processor (CP113)
CBCH cell broadcast channel
CBS cell broadcast service
CC call control
CC channel coding
CC country code
CCBS completion of calls to busy subscribers
CCC common channel control
CCG central clock generator
CCH control channel
CCITT Comité Consulatif International Téléphonique et Télégraphique
CCNC common channel signaling network control
CCNP common channel signaling network processor
4
Appendix
Siemens Siemens
Appendix
CCS7 common channel signaling system No. 7

CCS common channel signaling
CCU channel coding unit
CdPA called party address
CF call forwarding
CFB call forwarding on mobile subscriber busy
CFNRc call forwarding on mobile subscriber not reachable
CFNRy call forwarding on no reply
CFU call forwarding unconditional
CGI cell global identity
CgPA calling party address
CHA component handling
CI cell identity
CIC circuit Identification code
CKSN cipher key sequence number)
CLIP calling line identification
CLIR calling line identification restriction
CMD command
CMY common memory
CNI comfort noise insertion
COLI calling line identification
CoLP connected line identification presentation
CoLR connected line identification restriction
CP call processing
CP coordination processor
CPU central processing unit
CR code receiver
CRC cyclic redundancy check
CT call transfer
CT Craft Terminal
CTC continuity check
CUG closed user group
CW call waiting
DAS digital announcement system
5
Appendix Siemens
DB dummy burts
DBMS data base management system
DCCH dedicated control channel
DCN data communication network
DCP data communication processor
DCS1800 digital communication system
DE digital exchange
DEC digital echo compensator
DEMUX demultiplexer
DHA dialogue handling
DIU digital interface unit
Dm control/data channel
DL down link
DPC destination point code)
DPPC data post processing computer
DPPS data post processing system
DRX discontinuous reception
DSMX digital signal multiplexer
DTAP direct transfer application part
DTMF dual tone multi frequency
DTX discontinuous transmission
EIR equipment identification register
EMML extended man machine language
ERP effective radiated power
EWSD Digitales Elektronisches Wählsystem
FAC final assembly code
FACCH fast associated control channel
FACCH/F full rate FACCH
FACCH/H half rate FACCH
FB frequency correction burst
FC filter coupler
FCCH frequency correction channel
FDMA frequency division multiple access
FEC forward error correction)
6
Appendix Siemens
Siemens Appendix
FHE frequency hopping equipment

FN frame number
FPLMTS future public land mobile telecommunication system (CCITT)
GCR Group Call Register
GMSC gateway MSC
GMSK gaussian minimum shift keying
GOS grade of service
GP guard period
GP group processor
GSM Global System for Mobile communications
GSM PLMN GSM public land mobile network
HANDO handover
HC hard copy
HF history file
HLR home location register
HLR-ID home location register identity
HMSC home MSC
HO HANDO
HOLD call hold
HPA high power amplifier
HPLMN home PLMN
HSN hopping sequence number
IAM initial address message
ICB incoming calls barred
ID identification
ID identity
IMEI international mobile equipment identity
IMN installation manual
IMSI international mobile subscriber identity
IMT-2000 International Mobile Telecommunications
IN intelligent network
IOC input/output controller
IOP input/output processor
IOP: AUC input/output processor for the authentication center
7
Appendix Siemens
ISC international switching center

ISDN integrated services digital network
ISUP OSDN user part
IWE interworking equipment
IWF interworking function
IWUP interworking user part
Kc cipher key (ciphering key)
Ki individual subscriber authentication key
LA location area
LAC Location area code
LAI location area identity
LAN local area network
LAPDm link access protocol on the Dm channel
LE local exchange
LIC Line Interface Circuit
Lm TCH with capacity lower than Bm
LMSI local mobile station identity
LMT local maintenance terminal
LR location register
LTG line/trunk group
MA mobile allocation
MAP mobile application part
MAH mobile access hunting
MB message buffer
MBG message buffer group
MBU message buffer unit
MCC mobile country code)
MCI malicious call identification
ME mobile equipment
MFC multifrequency code
MGT mobile global title
MIB management information base
MM mobility management
MMI man machine interface
8
Appendix
Siemens Siemens
Appendix
MMI man machine interpreter

MMN maintenance manual
MML man machine language
MNAP management network access point
MNC mobile network code
MOC mobile originating call
MP Main Processor
MPTY multi party service
MPU Main Processor Unit
MS mobile station
MS mobile subscriber
MSC mobile services switching center
MSIN mobile subscriber identification number
MSISDN mobile station international ISDN number
MSRN mobile station roaming number
MT mobile termination
MTC mobile termination call
MTE mobile termination equipment
MTP message transfer part
NB normal burst
NCC network color code (PLMN color code)
NDC national destination code
NE network entity, network element
NEF network element function
NF network function
NI national Indicator)
NM network management
NMC network management center
NMSI national mobile station identification
O&M operation and maintenance
OACSU off air call set up
OCB outgoing calls barred
ODAGEN office date area generator
OMAP operation & maintenance application part
9
Appendix Siemens
OMC operation & maintenance center

OMC- B operation & maintenance center for BSS
OMC- S operation & maintenance center for SSS
OMP operation & maintenance processor
OMP- B operation & maintenance processor for BSS
OMP- S operation & maintenance processor for SSS
OMS operation & maintenance subsystem
OMT operation & maintenance terminal
OMT- B operation & maintenance terminal for BSS
OMT- S operation & maintenance terminal for SSS
OPC originating point code
PA power Amplifier
PCH paging channel
PCM pulse code modulation
PCM- INT PCM interface
PCS personalization center for SIM
PDN public data network
PIN personal identification number
PLMN public land mobile network
PM performance management
PSPDN packet switched public data network
PSTN public switched telephone network
PSU power supply unit
QA Q (interface adapter)
QOS quality of service
RA rate adaptation
RAB random access burst
RACH random access channel
RAE recorded announcement equipment
RAND random number
REC recommendation
REQ request
RES response
RF radio frequency
10
Appendix
Siemens Siemens
Appendix
RFC radio frequency channel

RFCH radio frequency channel
RFCN radio frequency channel number
RFM radio frequency management
RFN reduced TDMA frame number
RLP radio link protocol
RMA regional maintenance area
RMC regional maintenance center
ROI remote operation interface
ROSE remote operation service element
RPE- LTP regular pulse excited long term prediction
RR radio resource management
RSE radio system entity
RSS radio subsystem
RT radio terminal
RX or Rx receiver
RXLEV received signal level
RxMC receiver multicoupler
RXQUAL received signal quality
SACCH Slow Associated Control Channel
SACCH/T slow, TCH- associated control channel
SACCH/TF slow, TCH/FS- associated control channel
SACCH/TH slow, TCH/HS associated control channel
SAP service access point
SAPI service access point indicator
SB synchronization burst
SC Switch Commander
SCCP signaling connection control part
SCF Signaling Control Function
SCP Signaling Control Point
SCH synchronization channel
SCN sub- channel number
SCP service control point (IN)
SDCCH standalone dedicated control channel
11
Appendix Siemens
SFH slow frequency hopping

SG safeguarding
SGC switch group control
SGL service guidelines
SI service indicator
SIM subscriber identity module
SM security management
SMC submultiplex channel
SMG Special Mobile Group
SMS service management system
SN subscriber number
SN switching network
SNR serial number
SP signaling point
SPC signaling point code
SPC stored program control
SRES signed response
SSF Signaling Switching Function
SSG space stage group
SSM space stage module
SSNC Signaling System Network Control
SSP Service Switching Point
SSS switching subsystem
STP signaling transfer point
SW software
SYP system panel
SYPC system panel control
SYPD system panel display
TA Terminal Adaptation
TAC Type Approval Code
TAC technical assistance center
TB tail bit
TC transaction capability
TCAP transaction capability Part
12
Appendix
Siemens Siemens
Appendix
TCB transcoder board

TCG transcoder group
TCGQ transcoder group quartet
TCH traffic channel
TCH/F full rate traffic channel
TCH/FS TCH full rate speech
TCH/H half rate traffic channel
TCH/HS TCH half rate speech
TDMA time division multiple access
TE terminal equipment
TETRA Terrestrial Trunked Radio Access
THA transaction handling
TMN telecommunication management network
TMRP tower mounted receiver preamplifier
TMS telecommunication management system
TMS test mobile station
TMSI temporary mobile subscriber identity
TN telecommunication network
TN timeslot number
TRAU transcoding and rate adaptation unit
TRX transceiver
TS tele service
TS timeslot
TSM time stage module
TSG time stage group
TUP telephony user part
TX or Tx transmitter
UL uplink
UMTS universal mobile telecommunication system
UP user part
UUS user to user signaling
VAD Voice Activity Detection
VBR Variable Bit Rate
VE exchange equipment
13
Appendix Siemens
VBS Voice Broadcast Service

VGCS Voice Group Call Services
VHE Virtual Home Environment
VLR Visitor Location Register
VMSC Visited MSC
VoIP Voice over IP
VPLMN Visited PLMN
WAN Wide Area Network
WAP Wireless Application Protocol
WARC World Administrative Radio Conference
WLL Wireless Local Loop
WS Work Station
14
TRAINING SECTOR
The way to CDMA Technology 1
Basic Concept of Spread Spectrum Technology 2
CDMA codes and its usage 3

Sub-sections
CDMA Air Interface Overview 4

CDMA Overview
CDMA System Aspects 5
Appindex 6
Reference 7
Glossary 8
CDMA Overview

1 The Way to CDMA Technology 1 - 39
2 Basic Concept of Spread Spectrum Technology 1 - 16
3 CDMA codes and its usage 1 - 20
4 CDMA Air Interface Overview 1 - 18
5 CDMA System Aspects 1 - 15
6 Appendix 1 - 11
7 References 1 - 2
8 Glossary 1 - 5

Chapter 1
The Way to CDMA Technology

The Way To CDMA Technology
The Way to CDMA Technology
Contents
1 Introduction to Cellular Technology 2
1.1 Progress in Radio Communications 2
1.2 The Growth in Cellular Market & its demands 4
1.3 Why is it called cellular? 6
2 Advantages of Digital Communications 8
2.1 Digital Communication 8
2.2 Digital Mobile Systems 10
3 Cellular System Architecture 11
3.1 System Architecture 11
3.2 Types of cells 13
4 Cellular System Components 15
4.1 Cellular System Components 15
5 Wireless Digital Transmission Problems 17
5.1 Reasons leading to Wireless Digital Transmission Problems 17
5.2 Result of Wireless Digital Transmission Problems 19
6 Solutions against Air transmission Problems 21
6.1 Solutions for Wireless Digital Transmission Problems 21
6.2 Solutions for Bit Error Rate 23
7 Transmission Principles 24
7.1 Duplex Transmission 24
7.2 Multiple Access Techniques 26
7.2.1 Frequency Division Multiple Access 26
7.2.1.1 The Advanced Mobile Phone Service (AMPS) 28
7.2.2 Time Division Multiple Access 29
7.2.2.1 The GSM network 31
7.2.3 Code Division Multiple Access 36
8 Data Transmission 38
8.1 Data Transmission Development 38
1
1 Introduction to Cellular Technology

1.1 Progress in Radio Communications
The quest to know the unknown and see the unseen is inherent in human nature.
It is this restlessness that has propelled mankind to ever-higher pinnacles and ever-
deeper depths. This insatiable desire led to the discovery of light as being
electromagnetic, paving the way to discovery of the radio.
The origin of radio can be traced back to the year 1680 to Newton theory of
composition of white light of various colors. This theory brought the importance as
light as an area of study to the attention of many scientists, especially those in
Europe, who began to pursue experiments with light which lead to
importantdiscoveries connected to the eventual development of the radio.
These discoveries are the foundation of today’s wireless cimmunicaton systems.
Experiments with light are still being carried out today in many universities, and
industries. One of the outcomes of light experiments in the 1970s is the optical fiber,
which is currently being used for long – haul voice and data transmission. It is
believed that the use of optical fiber technology will increase dramatically the
introduction of wideband networks for voice, data, and video transmission, which is
based on the Asynchronous Transfer Mode (ATM) switch.
Radio connections were first used for Wireless Communications in the late 19th
century; information was sent via "ether" as follows:
2
Progress in Radio communications
1873 Electromagnetic wave theory by J.C. Maxwell

1887 Experimental proof of the existence of electromagnetic waves by H. Hertz
1895 First receiver with antenna for weather reports by A. Popow
1895 First wireless transmission using spark inductor generated by G. M. Marconi
1897 Marconi Wireless Telegraphy Company founded
1901 First transatlantic transmission by Marconi
1909 First radio broadcast at New York, Caruso
1917 First mobile transmission, BS - train
1952 Usage of Analogue Mobile Systems in USA and Europe
1978 CEPT reserved 2x25MHz for GSM
1992 Commercial use of GSM
Fig.1
3
1.2 The Growth in Cellular Market & its demands

The cellular telephone industry has enjoyed phenomenal growth since its inception
in 1983. In just one more example of the impossibility of projecting the adoption of
new technologies, a widely accepted 1985 prediction held that the total number of
cellular subscribers might reach as many as 900,000 by the year 2000. In fact, by the
end of 1994 there were well over 20 million subscribers in the United States alone,
and approximately 50 million worldwide. Recent annual subscriber growth rates have
been as high as 40%, and it is believed that this growth rate could continue through
the rest of the 1990s.
In order to meet this increasing demand for service, new digital cellular telephone
systems have been introduced during the first half of the 1990s. As today's cellular
operators move to adopt these new technologies in their systems, they demand:
l Increased capacity within their existing spectrum allocation and easy

deployment of any technology it takes to get them that capacity increase.
l Higher capacities and lower system design costs (plus lower infrastructure
costs) which will lead to a lower cost per subscriber.
l A lower cost per subscriber combined with new subscriber features, which
will help the operators to increase their market penetration.
l An increased market penetration, which will lead to an increase in number of
subscribers and a system, which offers support for that, increased capacity.
l High quality calls must be maintained during the change to or migration to any
new digital technology.
4
Avdantages of cellular communications
Fig.2
• lower cost per subscriber

• Increased market penetration
• Higher capacities
• lower system design costs
5
1.3 Why is it called cellular?

Everyone is familiar with the usage of the term “cellular” in describing mobile radio
systems. You probably know that it is called cellular because the network is
composed of a number of cells. Mobile radio systems work on the basis of cells for
two reasons.
The first reason is that radio signals at the frequencies used for cellular travel
only a few kilometers (kms) from the point at which they are transmitted.
They travel more or less equal distances in all directions; hence, if one transmitter
is viewed in isolation, the area around it where a radio signal can be received is
typically approximately circular. If the network designer wants to cover a large area,
then he must have a number of transmitters positioned so that when one gets to the
edge of the first cell there is a second cell overlapping slightly, providing radio signal.
Hence the construction of the network is a series of approximately circular cells.
The second reason has to do with the availability of something called radio
spectrum. Simply, radio spectrum is what radio signals use to travel through space.
Using a mobile radio system, it consumes a certain amount of radio spectrum for
the duration of the call. An analogy here is car parks. When you park your car in a car
park it takes up a parking space. When you leave the car park, the space becomes
free for someone else to use. The number of spaces in the car park is strictly limited
and when there are as many cars as there are spaces nobody else can use the car
park until someone leaves.
Radio spectrum in any particular cell is rather like this. However, there is an
important difference. Once you move far enough away from the first cell, the radio
signal will have become much weaker and so the same bit of radio spectrum can be
reused in another cell without the two interfering with each other. By this means, the
same bit of radio spectrum can be reused several times around the country. So
splitting the network into a number of small cells increases the number of users who
can make telephone calls around the country.
So, in summary, cellular radio systems are often called “cellular” because the
network is composed of a number of cells, each with radius of a few kilometers,
spread across the country. This is necessary because the radio signal does not travel
long distances from the transmitter, but it is also desirable because it allows the radio
frequency to be reused, thus increasing the capacity of the network.
6
Fig. 3
7
2 Advantages of Digital Communications
2.1 Digital Communication

First of all we can say that a digital communication system is one where the voice
signal has been digitized prior to wireless transmission.
Digitizing is aprocess where the voice signal is sampled and discrete, numiric
representation of the signal are transmitted ,rather than the original signal itself.
This is much different from analog systems where the original,continuous voice
signal is transmitted using a standard form of FM modulation.
As the term „Digital“ implies, the voice signal is digitized for transmission within the
cellular networks.Once digitized, Advanced coding , transmission,and error correction
techniques are employed. These additional techniques make it possible to detect and
correct transmission errors at the receiving end.
Another advantage of digital wireless communications is that digital provides more
traffic capacity per given RF spectrum. This is made possible by using the channel
bandwidth more efficiently .
In digital systems, multible users occupy the same frequency, and they are
separated by time or codes. This is more efficient than assigning each user to a
separate frequency , which is efficient than assigning each user to a separate
frequency, which is common in analog systems.
Digital systems also use techniques to reduce, or compress the amount of
information to be transmitted over the air from each user.
These compression techniques can take advantage of the probability that not
every user needs maximum bandwidth at exactly the same moment.
Another advantage of digital communication system is that they have ah inherent
level of security . Unothorized listeners must have complex receivers, they must
decode the digital information, and then they must convert the digital signal into
analog signal.
Digital has better built-in support for non-voice services and user data traffic.
By bypassing the voice signal compression process, user data can be processed
directly in their digital formats.
With digital systems, there is no need to convert the signal. The data is simply
passed through as digital information. This digital information can usually be
processed through the system at higher speeds.
Lastly , Analog sytems, on the other hand, use much simpler transmission
techniques, which require a receiver no more complex than an inexpensive FM radio.
8
Avdantages of digital communications

Signal
Quality
Digital Signal
Analogue
Signal
Transmission
Quality:
“Easy to regenerate”
Distance to BS
Fig. 4
Fig. 5
• Security
• Higher capacities
• Easily Maintainance
• Minaturization an friendleness
• High Quality with low cost
• Worlwide Availability
• New Service Implementation
• High Fidility
9
2.2 Digital Mobile System

As demand for mobile telephone service has increased, service providers found
that basic engineering assumptions borrowed from wireline (landline) networks did
not hold true in mobile systems and the early analogue systems quickly became
saturated, and the quality of service decreased rapidly.
The components of a typical digital cellular system is shown in fig..
The advantages of digital cellular technologies over analog cellular networks
include increased capacity and security. Technology options such as TDMA and
CDMA offer more channels in the same analog cellular bandwidth and encrypted
voice and data.
Fig.6
10
3 Cellular System Architecture
3.1 System Architecture

Increases in demand and the poor quality of old service led mobile service
providers to research ways to improve the quality of service and to support more
users in their systems. Because the amount of frequency spectrum available for
mobile cellular use was limited, efficient use of the required frequencies was needed
for mobile cellular coverage. In modern cellular telephony, rural and urban regions
are divided into areas according to specific provisioning guidelines.
Deployment parameters, such as amount of cell-splitting and cell sizes, are
determined by engineers experienced in cellular system architecture.
Provisioning for each region is planned according to an engineering plan that
includes cells, clusters, frequency reuse, and handovers.
• Cells and Cell Splitting
A cell is the basic geographic unit of a cellular system.The term cellular comes
from the honeycomb shape of the areas into which a coverage region is divided.
Cells are base stations transmitting over small geographic areas that are represented
as hexagons. Each cell size varies depending on the landscape. Because of
constraints imposed by natural terrain and man-made structures, the true shape of
cells is not a perfect hexagon.
Unfortunately, economic considerations made the concept of creating full systems
with many small areas impractical. To overcome this difficulty, system operators
developed the idea of splitting cells into sectors to form sector cells
.
• Clusters
A cluster is a group of cells in which all available frequencies have been used
once. No channels are reused within a cluster.
• Frequency Reuse
The concept of frequency reuse is based on assigning to each cell a group of radio
channels used within a small geographic area. Cells are assigned a group of
channels that is completely different from neighboring cells. The coverage area of
cells are called the footprint. This footprint is limited by a boundary so that the same
group of channels can be used in different cells that are far enough away from each
other so that their frequencies do not interfere.Cells with the same number have the
same set of frequencies.
11
Cluster
Fig.7
Fig.8
12
3.2 Types of cells

Different types of cells are used due to the density variation of population.
• Macrocells
The macrocells are large cells for remote and sparsely populated areas.
• Microcells
These cells are used for densely populated areas. By splitting the existing areas
into smaller cells, the number of channels available is increased as well as the
capacity of the cells. The power level of the transmitters used in these cells is then
decreased, reducing the possibility of interference between neighboring cells.
• Selective cells
It is not always useful to define a cell with a full coverage of 360 degrees. In some
cases, cells with a particular shape and coverage are needed. These cells are called
selective cells.
A typical example of selective cells is the cells that may be located at the
entrances of tunnels where coverage of 360 degrees is not needed. In this case, a
selective cell with coverage of 120 degrees is used.
• Umbrella cells
A freeway crossing very small cells produces an important number of handovers
among the different small neighboring cells. In order to solve this problem, the
concept of umbrella cells is introduced. An umbrella cell covers several microcells.
The power level inside an umbrella cell is increased comparing to the power levels
used in the microcells that form the umbrella cell. When the speed of the mobile is
too high, the mobile is handed off to the umbrella cell. The mobile will then stay
longer in the same cell (in this case the umbrella cell). This will reduce the number of
handovers and the work of the network .A too important number of handover
demands and the propagation characteristics of a mobile can help to detect its high
speed.
• Handoff
The final obstacle in the development of the cellular network involved the problem
created when a mobile subscriber traveled from one cell to another during a call. As
adjacent areas do not use the same radio channels, a call must either be dropped or
transferred from one radio channel to another when a user crosses the line between
adjacent cells. Because dropping the call is unacceptable, the process of handoff
was created. Handoff occurs when the mobile telephone network automatically
transfers a call from radio channel to radio channel as a mobile crosses adjacent
cells.
During a call, When the mobile unit moves out of the coverage area of a given cell
site, the reception becomes weak. At this point, the cell site in use requests a
handoff. The system switches the call to a stronger frequency channel in a new site
and the call continues as long as the user is talking, and the user does not notice the
handoff at all.
13
Fig.9
Fig.10
Fig.11
14
4 Cellular System Components

4.1 Cellular System Components
The cellular system offers mobile and portable telephone stations the same
service provided fixed stations over conventional wired loops. It has the capacity to
serve tens of thousands of subscribers in a major metropolitan area. The cellular
communications system consists of the following four major components that work
together to provide mobile service to subscribers:
1. Mobile telephone switching office (MTSO)
2. Cell site with antenna system
3. Mobile Station (MS)
• Mobile Telephone Switching Office (MTSO)
The MTSO is the central office for mobile switching. It houses the mobile switching
center (MSC), field monitoring and relay stations for switching calls from cell sites to
wireline central offices (PSTN).
• The Cell Site
The term cell site is used to refer to the physical location of radio equipments that
provide coverage within a cell. A list of hardware located at a cell site includes power
sources, interface equipment, radio frequency transmitters and receivers, and
antenna systems.
• Mobile Station (MS)
The mobile subscriber unit consists of a control unit and a transceiver that
transmits and receives radio transmissions to and from a cell site. Three types of
MSUs are available:
1. The mobile telephone (typical transmit power is 4.0 watts)
2. The portable (typical transmit power is 0.6 watts)
3. The transportable (typical transmit power is 1.6 watts)
The mobile telephone is installed in the trunk of a car, and the handset is installed
in a convenient location to the driver. Portable and transportable telephones are hand
held and can be used anywhere. The use of portable and transportable telephones
is limited to the charge life of the internal battery.
15
Fig.12
16
5 Wireless Digital Transmission Problems

5.1 Reasons leading to Wireless Digital Transmission
Problems
Wireless communication channels suffer from severe attenuation and signal
fluctuations and this is mainly due to three important reasons which are:
1. Velocity of Mobile Station within the area of the Base Tranciever Station.
2. Distance between Mobile Station and the Base Tranciever Station.
3. Obstacles between the Mobile Station and the Base Tranciever Station.
Large attenuation is due to the user’s mobility through the propagation
environment that causes almost no direct signal from the transmitter can reach the
receiver. Even if so, the line-of-sight signal may be superimposed by its reflected
or scattered duplicates that reach the receiver at different time instant causing
signal fluctuations. When a mobile station moves from one location to another, all
propagation scenario may change completely and the received signal changes
accordingly. Three different models that are commonly used to characterise a
wireless channel are:
• Propagation path loss (near-far attenuation) .
• Shadowing (variation on the average power) .
• Multipath fading (fast signal fluctuation).
• Propagation path loss

It occurs when the received signal becomes weaker and weaker due to
increasing distance between MS and BTS . Path loss is proportional to the square
of the distance and the square of the transmitted frequency .
• Shadowing
It is due to obstacles being between the MS and the BTS , like buildings, hills
etc. When the MS moves around , the signal fluctuates normally around a mean
value depending on the obstacles.
• Multipath fading
It occures when there is more than one transmission path to the MS or BTS ,
and therefore more than one signal is arriving at the receiver .This may be due to
buildings or mountains , either close to or far from the reciving device,Rayleigh
fading and time dispersion are forms of multipath fading.
1. Rayleigh fading
It occures when the signal takes more than one path between the MS and
BTS. Rayleigh fading occurs when the obstacles are near to the receiving antenna
2. Time dispersion
It contrasts to Rayleigh fading , the reflected signal comes from an object far
away from the receiving antenna .Since the bit rate on the air is 270 kbit/sec,one
bit corresponds to 3.7 µ sec or 1.1 km . If an obstacle is further than 500 m away,
then the reflected bit will interfere with the next transmitted bit (ISI).
17
Fig.13
Fig.14
18
5.2 Result of Wireless Digital Transmission Problems

• Bit Error Rate
Sometimes, when you are using a mobile phone, you will notice that the speech
quality “breaks up” or disappears completely for short periods of time. By moving
toward a window you can sometimes improve the situation. This loss of speech
quality is caused by errors. That means, the transmitter might send 1011, but
because of propagation problems, such as fast fading, the receiver gets 1001.The
third bit is said to be in error. This is a little like spelling something over the
phone.You might say “S” but the person at the other end might respond “was that F?”
An error was made because the line was not of sufficient quality.
Mobile phones contain advanced systems for correcting errors but However, these
systems are not always able to remove all the errors. Without error correction, the
speech quality would always be so terrible that you would never be able to
understand the other person.
Interference, fading, and random noise cause errors to be received, the level of
which will depend on the severity of the interference. The presence of errors can
cause problems. For speech coders such as ADPCM (Adaptive Defrential PCM), if
the bit error rate (BER) rises above 10-3 (that is, 1 bit in every 1000 is in error, or the
error rate is 0.1%) then the speech quality becomes unacceptable.
For near-perfect voice quality, error rates of the order of 10-6 are required. For data
transfers, users expect much better error rates, for example on computer files, error
rates higher than 10-9 are normally unacceptable.
If the only source of error on the channel was random noise, then it would be
possible, and generally efficient, to simply ensure that the received signal power was
sufficient to achieve the required error performance without any need for error
correction. However, where fast fading is present, fades can be momentarily as deep
as 40 dB. To increase the received power by 40 dB to overcome such fades would
be highly inefficient, resulting in a significantly reduced range and increased
interference to other cells. Instead, error correction coding accepts that bits will be
received in error during fades but attempts to correct these using extra bits
(“redundant” bits) added to the signal.
19
Fig.15
20
6 Solutions of Air transmission problems
6.1 Solutions for Wireless Digital Transmission

Problems
• Antenna Diversity
It increases the received signal strength by taking advantage of the nature
properties of radio waves , there are two diversity methods, they are :-
1. Space diversity .
2. Polarization diversity .
♦ Space diversity
can be achieved by mounting two receivers instead of one . If the two receivers
are physically separated , the probability that both of them are affected by a deep
fading dip at the same time is low .
♦ Polarization diversity
With this technique the two space diversity receivers are replased by one dual
polarized antenna , the antenna contains two differently polarized antenna arrays.
• Time Advance
Time Advance is introduced to overcome the effect of time alignment. When the
MS is moving far away from the BTS , this BTS tells the MS how much time ahead of
the synchronization time it must transmit the burst .
21
Fig.16
Fig.17
22
6.2 Solutions for Bit Error Rate

• Channel Coding
Error correction is widely deployed in mobile radio, where fast fading is
almost universally present. Error correction systems all work by adding redundancy
to the transmitted signal. The receiver checks that the redundant information is as it
would have expected and, if not, can make error correction decisions. In an error
detection scheme, the receiver requests that the block that was detected to be in
error is retransmitted. Such schemes are called automatic request repeat
(ARQ).Some of the more advanced coding systems can perform error correction and
also detect if there were too many errors for it to be possible to correct them all and
hence request retransmission in this case.
• Interleaving
Signals traveling through a mobile communication channel are susceptible
to fading. The error-correcting codes are designed to combat errors resulting from
fades and, at the same time, keep the signal power at a reasonable level. Most error-
correcting codes perform well in correcting random errors. However, during periods
of deep fades, long streams of successive or burst errors may render the error-
correcting function useless. Interleaving is a technique for randomizing the bits in a
message stream so that burst errors introduced by the channel can be converted to
random errors.
Fig.18
23
7 Transmission Principles
7.1 Duplex Transmission
• FDD and TDD
Two duplex methods are used for coordinating the uplink (UL) and downlink (DL)
components of a transmission between a base station and a mobile station, namely
Frequency Division Duplex (FDD) and Time Division Duplex (TDD).
UL and DL are implemented for FDD in different frequency bands. The gap
between the two frequency bands for UL and DL is known as the duplex distance. It
is constant for all mobile stations in a standard. Generally the DL frequency band is
positioned at the higher frequency than the UL band.
In the case of TDD, UL and DL are implemented in the same frequency band,
Uplink (UL) and Downlink (DL) takes place at different times. There is fast switching
between UL and DL transmission, so that the user has the impression of
simultaneous transmission and reception.
As a result, only a fraction of the time needed for analog transmission is required
for digital transmission of subscriber data.
24
Fig.19
Fig.20
25
7.2 Multiple Access Techniques

Wireless telecommunications has drastic increase in popularity, resulting in the
need for technologies that allow multiple users to share the same spectrum, called
Multiple Access techniques.
FDMA, TDMA and CDMA are the three major technologies available, along with
variations of each.
All three technologies have one goal in common that is the most important concept
to any cellular telephone systems which is “Multiple Access”, meaning that multiple,
simultaneous users can be supported. In other words, a large number of users share
a common pool of radio channels. The technologies differ significantly in the manner
by which they accomplish this sharing.
7.2.1 Frequency Division Multiple Access

FDMA is used for standard analog cellular. Each user is assigned a discrete band
of the RF spectrum.The voice signal of each user is modulated on a separate
channel frequency, which is assigned 100% of the time to that user.
For example:
AMPS systems use 30 kHz "slices" of spectrum for each channel. Narrowband
AMPS (NAMPS) requires only 10 kHz per channel. TACS channels are 25 kHz wide.
With FDMA, only one subscriber at a time is assigned to a channel. No other
conversations can access this channel until the subscriber's call is finished, or until
that original call is handed off to a different channel by the system. In order to
overcome this inefficiency, digital access technologies were introduced.
FDMA requires NO system timing.

FDMA requires NO timing accuracy.
FDMA –based Analog system generally considered as a low capacity system.
26
Fig.21
27
7.2.1.1 The Advanced Mobile Phone Service (AMPS)

AMPS was released in 1983 using the 800-MHz to 900-MHz frequency band and
the 30 kHz bandwidth for each channel as a fully automated mobile telephone
service. It was the first standardized cellular service in the world and is currently the
most widely used standard for cellular communications. Designed for use in cities,
AMPS later expanded to rural areas. It maximized the cellular concept of frequency
reuse by reducing radio power output. The AMPS telephones (or handsets) have the
familiar telephone-style user interface and are compatible with any AMPS base
station. This makes mobility between service providers (roaming) simpler for
subscribers. Limitations associated with AMPS include:
1. Low calling capacity

2. Limited spectrum
3. No room for spectrum growth
4. Poor data communications
5. Minimal privacy
6. Inadequate fraud protection
AMPS is used throughout the world and is particularly popular in the United
States, South America, China, and Australia. AMPS uses frequency modulation (FM)
for radio transmission. In the United States, transmissions from mobile to cell site use
separate frequencies from the base station to the mobile subscriber.
28
7.2.2 Time Division Multiple Access

In TDMA users are still assigned a discrete slice of RF spectrum, but multiple
users now share that RF channel on a time slot basis. Each of the users alternate
their use of the RF channel . Frequency Division is still used, but these carriers are
now further subdivided into some number of time slots ber carrier.
A user is assigned a particular time slot in a carrier and can only send or receive
information at those times. This is true wether or not the other time slots are being
used. Information flow is not continuous for any user, but rather is sent and received
in „bursts“ . The bursets are re-assembled at the receiving end , and appear to
provide continuous sound because the process is very fast.
TDMA digital standards include North American Digital Cellular (known by its
standard number IS-54), Global System for Mobile Communications (GSM), and
Personal Digital Cellular (PDC).
For example, IS -54 based TDMA system, a 30 kHz channel is divided into 6 time
slots each with 30 kHz band modulated signal. Although there are 6 time slots, each
user needs 2 time slots, so there are a total of 3 users per 30 kHz channel. This is
three times more efficient than AMPS
PDC divides 25 kHz slices of spectrum into three channels.
GSM system uses both FDMA and TDMA operates with a 200 Khz bandwidth,
divided into 8 timeslots, where each user is assigned a single timeslot, thus allowing
8 users per channel frequency.
TDMA requires timing synchronization

TDMA requires millisecond accuracy.
GSM and TDMA are about 3 times more spectral efficient than analog.
29
Fig.22
30
7.2.2.1 The GSM network

The GSM technical specifications define the different entities that form the GSM
network by defining their functions and interface requirements.
The GSM network can be divided into four main parts:
The Mobile Station (MS).
The Base Station Subsystem (BSS).
The Network and Switching Subsystem (NSS).
The Operation and Support Subsystem (OSS).
• Mobile Station MS
A Mobile Station consists of two main elements:
1. The Mobile Equipment Terminal.
2. The Subscriber Identity Module (SIM).
There are different types of terminals distinguished principally by their power and
application: The `fixed' terminals are the ones installed in cars. Their maximum
allowed output power is 20 W.The GSM portable terminals can also be installed in
vehicles. Their maximum allowed output power is 8W.
The handhels terminals have experienced the biggest success thanks to their
weight and volume, which are continuously decreasing. These terminals can emit up
to 2 W. The evolution of technologies allows decreasing the maximum allowed power
to 0.8 W.
• The SIM (Subscriber Identity Module)

The SIM is a smart card that identifies the terminal. By inserting the SIM card into
the terminal, the user can have access to all the subscribed services. Without the
SIM card, the terminal is not operational. The SIM card is protected by a four-digit
Personal Identification Number (PIN). In order to identify the subscriber to the
system, the SIM card contains some parameters of the user such as its International
Mobile Subscriber Identity (IMSI).
Another advantage of the SIM card is the mobility of the users. In fact, the only
element that personalizes a terminal is the SIM card. Therefore, the user can have
access to its subscribed services in any terminal using its SIM card.
31
Fig.23
32
• The Base Station Subsystem
The BSS connects the Mobile Station and the NSS. It is in charge of the transmission
and reception. The BSS can be divided into two parts:
• The Base Transceiver Station (BTS).
• The Base Station Controller (BSC).
1. The Base Transceiver Station:

The BTS corresponds to the transceivers and antennas used in each cell of the
network. A BTS is usually placed in the center of a cell. Its transmitting power defines
the size of a cell. Each BTS has between one and sixteen transceivers depending on
the density of users in the cell.
2. The Base Station Controller:

The BSC controls a group of BTS and manages their radio ressources. A BSC is
principally in charge of handovers, frequency hopping, exchange functions and
control of the radio frequency power levels of the BTSs.
Fig.24
33
• The Network and Switching Subsystem

Its main role is to manage the communications between the mobile users and
other users, such as mobile users, ISDN users, fixed telephony users, etc. It also
includes data bases needed in order to store information about the subscribers and
to manage their mobility. The different components of the NSS are described below.
1. The Mobile services Switching Center (MSC)
It is the central component of the NSS. The MSC performs the switching functions
of the network. It also provides connection to other networks.
2. Home Location Register (HLR)
The HLR is considered as a very important database that stores information of the
suscribers belonging to the covering area of a MSC. It also stores the current location
of these subscribers and the services to which they have access. The location of the
subscriber corresponds to the SS7 address of the Visitor Location Register (VLR)
associated to the terminal.
3. Visitor Location Register (VLR)
The VLR contains information from a subscriber's HLR necessary in order to
provide the subscribed services to visiting users. When a subscriber enters the
covering area of a new MSC, the VLR associated to this MSC will request information
about the new subscriber to its corresponding HLR. The VLR will then have enough
information in order to assure the subscribed services without needing to ask the
HLR each time a communication is established. The VLR is always implemented
together with a MSC; so the area under control of the MSC is also the area under
control of the VLR.
4. The Authentication Center (AuC)
The AuC register is used for security purposes. It provides the parameters needed
for authentication and encryption functions. These parameters help to verify the
user's identity.
5. The Equipment Identity Register (EIR)
The EIR is also used for security purposes. It is a register containing information
about the mobile equipments. More particularly, it contains a list of all valid terminals.
It is identified by its International Mobile Equipment Identity (IMEI). The EIR allows
then to forbid calls from stolen or unauthorized terminals (e.g, a terminal which does
not respect the specifications concerning the output RF power).
6. The Operation and Support Subsystem (OSS)
The OSS is connected to the different components of the NSS and to the BSC, in
order to control and monitor the GSM system. It is also in charge of controlling the
traffic load of the BSS. However, the increasing number of base stations, due to the
development of cellular radio networks, has provoked that some of the maintenance
tasks are transfered to the BTS. This transfer decreases considerably the costs of the
maintenance of the system.
34
Fig.25
35
7.2.3 Code Division Multiple Access

CDMA is a general category of digital wireless radio technologies that uses spread
spectrum techniques to modulate information across given bandwidth.
IS-95 was the first application of CDMA, where information signals from all users
are simultaneously modulated across the entire channel band width (1.23 Mhz).
Unique digital codes keep users separated on the 1.23 Mhz channel.
All the three multiple Access technologies take advantage of the fact that radio
signals travel only a finite distance. The result is that frequencies can be reused with
minimal interference after a minimum distance. The resulting assignment of
frequencies is referred to “reuse pattern.”
CDMA doesn’t require frequency reuse pattern i.e. every code can be used in
every sector of every cell.
In CDMA, timing is critical and aquired from the Global Positioning system”GPS”
as accurate synchronization between cells is critical to CDMA operation.
CDMA also requires microsecond accuracy.
The major advantage of CDMA when compared to the other technologies is its
efficient use of available spectrum, as bandwidth efficiecy directly to system capacity.
The greater the efficiency, the more users can share the same spectrum, but it also
can impact the amount of infrastructure equipment required to support a given
number of users. This indirectly impacts the cost of operation.
In recent times, CDMA has gained widespread international acceptance by cellular
radio system operators as an upgrade that will increase both their system capacity
and the service quality.
36
Fig.26
37
8 Data Transmission
8.1 Data Transmission Development
One of the problems of data transmission using GSM is posed by the current
comparatively user-unfriendly usage of data services in the terminals (e.g. SMS) or
the complicated connection of terminal equipment via adapter.
Terminal equipment in which different functions are integrated, as well as displays
optimized for each individual data transmission form provide an answer to this.
A decisive problem is posed by the comparatively low data transmission rates of
GSM Phase 1 and 2. Data transmission rates of 0.3 -9.6 kbit/s compared to 64 kbit/s
using ISDN are considerably too low.
To increase the data transmission rates in the Europian system new bearer
services are being developed in GSM Phase 2+, which will adapt the data
transmission rates to the ISDN transmission rates in various usage areas or even, be
considerably above them.
1. High Speed Circuit Switched Data HSCSD

2. General Packet Radio Service GPRS
3. Enhanced Data rates for the GSM Evolution EDGE
To increase the data transmission rates in American System after deployment of

CDMA techniques IS95B was developed, which will adapt the data transmission
rates to the ISDN transmission rates in various usage.
38
Fig.27
Fig.28
39
Chapter 2
Basic Concept of Spread

Spectrum Technology
Basic Concept of Spread Spectrum Technology
Basic Concept of Spread Spectrum

Technology
Contents
1 Advantages of CDMA 2
1.1 Increased Capacity 2
1.1.1 Lowering Eb/NO 2
1.1.2 Voice Activity Detection 2
1.1.3 Power Control 2
1.2 Improved Call Quality 4
1.3 Simplified System Planning 4
1.4 Enhanced Privacy 4
1.5 Improved Coverage 4
1.6 Increased Portable Talk Time 4
1.7 Bandwidth on Demand 4
2 Spread Spectrum Technology 6
2.1 Properties of SS signals 8
2.2 Spread-Spectrum Multiple Access 10
2.2.1 Direct Sequence Spread Spectrum 10
2.2.2 Advantages of DS-SS 10
2.2.3 Disadvantages of DS-SS 10
2.3 Frequency Hopping Spread Spectrum 12
2.3.1 Advantages of FH-SS 12
2.3.2 Disadvantages of FH-SS 12
2.4 Time Hopping Spread Spectrum (TH-SS) 14
2.4.1 Advantages of TH-SS 14
2.4.2 Disadvantages of TH-SS 14
2.5 Hybrid Systems 16
2.5.1 Advantages of H-SS 16
2.5.2 Disadvantages of H-SS 16
1
1 Advantages of CDMA
When implemented in a cellular telephone system, CDMA technology offers
many benefits to meet Mobile Radio Requirements. The following is an overview
of the advantages of CDMA.
1.1 Increased Capacity

Capacity can be increased in cellular systems in one of two ways:
1. By getting more channels per MHz of spectrum
2. By getting more channels reuse per unit of geographic area
With CDMA, signals can be received in the presence of high levels of interference, All
users on a carrier share the same RF spectrum. The same CDMA RF carrier frequency is
used in every cell site, and in every sector of a sector cell site.
Increasing capacity in CDMA can be done by the following techniques: -
1.1.1 Lowering Eb/No

Eb/No provides a measure of the performance of a CDMA link between the mobile and
the cell. It is the ratio in dB between the energy of each information bit and the noise
spectral density. The noise is a combination of background interference and the
interference created by other users on the system.
CDMA describes Eb/No noise interference in terms of the Frame Erasure Rate (FER).
Using an interference threshold, the CDMA system erases frames of information that
contain too many errors. The FER, then, describes the number of frames that were erased
due to poor quality. Therefore, as the E b/No level increases, the FER decreases, and
system voice quality is improved.
1.1.2 Voice Activity Detection

When no voice activity is detected, the vocoder will drop its encoding rate, because there
is no reason to have high speed encoding of silence. The encoded rate can drop to1 kbps
or less. Thus the variable rate vocoder uses up channel capacity only as needed. Since the
level of "interference" created by all of the users directly determines system capacity, and
voice activity detection reduces the noise level in the system, capacity can be maximized.
1.1.3 Power Control

CDMA can also increase system capacity by using POWER CONTROL, which will be
discussed later.
2
Fig.1
Fig.2
3
1.2 Improved Call Quality

Cellular telephone systems using CDMA are able to provide higher quality sound and
fewer dropped calls than systems based on other technologies. Advanced error detection
and error correction schemes greatly increase the likelihood that frames are interpreted
correctly. Sophisticated vocoders offer high speed coding and reduce background noise.
CDMA takes advantage of various types of diversity to improve speech quality.
1.3 Simplified System Planning

All users on a CDMA carrier share the same RF spectrum.
1.4 Enhanced Privacy

CDMA is an “Anti Jamming” system. In addition, since the digitized frames of information
are spread across a wide slice of spectrum, it is unlikely that a casual eavesdropper will be
able to listen in on a conversation.
1.5 Improved Coverage

A CDMA cell site has a greater range than a typical analog or digital cell site. Therefore
fewer CDMA cell sites are required to cover the same area. Depending on system loading
and interference, the reduction in cells could be as much as 50% when compared to GSM!
CDMA's greater range is due to the fact that CDMA uses a more sensitive receiver than
other technologies.
1.6 Increased Portable Talk Time

Because of precise power control and other system characteristics, CDMA subscriber
units normally transmit at only a fraction of the power of analog and TDMA phones. This will
enable portables to have longer talk and standby time. (This direct comparison assumes, of
course, similar cell sizes between the CDMA and analog or TDMA systems.)
1.7 Bandwidth on Demand

A wideband CDMA channel provides a common resource that all mobiles in a system
utilize based on their own specific needs. At any given time, the portion of this "bandwidth
pool" that is not used by a given mobile is available for use by any other mobile. This
provides a tremendous amount of flexibility - a flexibility that can be exploited to provide
powerful features, such as higher data rate services. In addition, because mobiles utilize
the "bandwidth pool" independently, these features can easily coexist on the same CDMA
4
Fig.3
5
2 Spread Spectrum Technology

The major concern in Wireless is digital communication is efficient use of
Bandwidth and power. But there are scenarios where it is necessary to sacrifice
the efficient use for design considerations. One such scenario is secure communication in
hostile environment. This design objective is met using a modulation technique called as
Spread Spectrum (SS).
Defining Spread Spectrum
A complete definition to Spread Spectrum is in two parts

1. Spread Spectrum is a means of transmission in which the data sequences occupy a
bandwidth in excess of the minimum bandwidth necessary to send it.
2. Spread Spectrum is accomplished before transmission through the use of a code
that is independent of data sequences .The same code is used at the receiver to
despread the received signal so that the original data sequence may be recovered.
In CDMA each user is assigned a unique code sequence it uses to encode its
information-bearing signal. The receiver, knowing the code sequences of the user, decodes
a received signal after reception and recovers the original data. This is possible since the
crosscorrelations between the code of the desired user and the codes of the other users
are small. Since the bandwidth of the code signal is chosen to be much larger than the
bandwidth of the information-bearing signal, the encoding process enlarges (spreads) the
spectrum of the signal and is therefore also known as spread-spectrum modulation. The
resulting signal is also called a spread-spectrum signal, and CDMA is often denoted as
spread-spectrum multiple access (SSMA) the spectral spreading of the transmitted signal
gives to CDMA its multiple access capability. It is therefore important to know the
techniques necessary to generate spread-spectrum signals and the properties of these
signals. A spread-spectrum modulation technique must be fulfill two criteria:
The transmission bandwidth must be much larger than the information bandwidth.
The resulting radio-frequency bandwidth is determined by a function other than the
information being sent (so the bandwidth is statistically independent of the information
signal).
The ratio of transmitted bandwidth to information bandwidth is called the processing
gain, Gp, of the spread-spectrum system; the receiver correlates the received signal with a
synchronously generated replica of the spreading code to recover the original information-
bearing signal. This implies that the receiver must know the code used to modulate the
data.
Because of the coding and the resulting enlarged bandwidth, SS signals have a number
of properties that differ from the properties of narrowband signals. The most interesting
ones, from the communication systems point of view, are discussed below.
6
Fig.4
Fig.5
7
2.1 Properties of SS signals

• Multiple Access Capability
If multiple users transmit a spread-spectrum signal at the same time, the receiver will still
be able to distinguish between the users provided each user has a unique code that has a
sufficiently low cross-correlation with the other codes. Correlating the received signal with a
code signal from a certain user will then only despread the signal of this user, while the
other spread-spectrum signals will remain spread over a large bandwidth. Thus, within the
information bandwidth the power of the desired user will be larger than the interfering power
provided there are not too many interferers, and the desired signal can be extracted.
• Protection Against Multipath Interference
In a radio channel there is not just one path between a transmitter and receiver.
Due to reflections (and refractions) a signal will be received from a number of different
paths. The signals of the different paths are all copies of the same transmitted signal but
with different amplitudes, phases, delays, and arrival angles. Adding these signals at the
receiver will be constructive at some of the frequencies and destructive at others. In the
time domain, this results in a dispersed signal. Spread-spectrum modulation can combat
this multipath interference.
• Privacy & Interference Rejection
The transmitted signal can only be despread and the data recovered if the receiver
knows the code. Cross-correlating the code signal with a narrowband signal will spread the
power of the narrowband signal thereby reducing the interfering power in the information
bandwidth.
• Anti-Jamming capability
This is more or less the same as interference rejection except the interference is now
willfully inflicted on the system. It is this property, together with the next one, that makes
spread-spectrum modulation attractive for military applications.
• Low Propability of Interception
Because of its low power density, the spread-spectrum signal is difficult to detect and
intercept by a hostile listener.
8
Fig.6
Fig.7
9
2.2 Spread-Spectrum Multiple Access (SS-MA)

2.2.1 Direct Sequence Spread Spectrum (DS-SS)
In DS-CDMA the modulated information bearing signal (the data signal) is directly
modulated by a digital, discrete-time, discrete-valued code signal. The data signal can be
either analog or digital; in most cases it is digital.
In the case of a digital signal the data modulation is often omitted and the data signal is
directly multiplied by the code signal and the resulting signal modulates the wideband
carrier. It is from this direct multiplication that the direct sequence CDMA gets its name.
After transmission of the signal, the receiver uses coherent demodulation to despread
the SS signal, using a locally generated code sequence. To be able to perform the
dispreading operation, the receiver must not only know the code sequence used to spread
the signal, but the codes of the received signal and the locally generated code must also be
synchronized. This synchronization must be accomplished at the beginning of the reception
and maintained until the whole signal has been received. The code
synchronization/tracking block performs this operation. After despreading a data modulated
signal results, and after demodulation the original data can be recovered.
2.2.2 Advantages of DS-SS:

The generation of the coded signal is easy. It can be performed by a simple
multiplication.
Since only one carrier frequency has to be generated, the frequency synthesizer (carrier
generator) is simple.
Coherent demodulation of the DS signal is possible.
No synchronization among the users is necessary.
2.2.3 Disdvantages of DS-SS:

It is difficult to acquire and maintain the synchronization of the locally generated code
signal and the received signal. Synchronization has to be kept within a fraction of the chip
time.
For correct reception the synchronization error of locally generated code sequence and
the received code sequence must be very small, a fraction of the chip time.
The power received from users close to the base station is much higher than that
received from users further away. Since a user continuously transmits over the whole
bandwidth, a user close to the base will constantly create a lot of interference for users far
from the base station, making their reception impossible. This near-far effect can be solved
by applying a power control algorithm so that all users are received by the base station with
the same average power. However this control proves to be quite difficult.
10
Fig.8
Fig.9
11
2.3 FREQUENCY HOPPING Spread Spectrum (FH-SS)

In frequency hopping CDMA, the carrier frequency of the modulated information signal
is not constant but changes periodically. During time intervals T the carrier frequency
remains the same, but after each time interval the carrier hops to another (or possibly the
same) frequency. The hopping pattern is decided by the code signal.
If the hopping rate is (much) greater than the symbol rate, one speaks of a fast
frequency hopping (F-FH). In this case the carrier frequency changes a number of times
during the transmission of one symbol, so that one bit is transmitted in different
frequencies. If the hopping rate is (much) smaller than the symbol rate, one speaks of slow
frequency hopping (S-FH).
2.3.1 Advantages of FH-SS:

Synchronization is much easier with FH-CDMA than with DS-CDMA. With FH CDMA
synchronization has to be within a fraction of the hop time. Since spectral spreading is not
obtained by using a very high hopping frequency but by using a large hop-set, the hop time
will be much longer than the chip time of a DS-CDMA system. Thus, an FH-CDMA system
allows a larger synchronization error.
The different frequency bands that an FH signal can occupy do not have to be
contiguous because we can make the frequency synthesizer easily skip over certain parts
of the spectrum. Combined with the easier synchronization, this allows much higher
spread-spectrum bandwidths.
The probability of multiple users transmitting in the same frequency band at the same
time is small. A user transmitting far from the base station will be received by it even if
users close to the base station are transmitting, since those users will probably be
transmitting at different frequencies. Thus, the near-far performance is much better than
that of DS.
Because of the larger possible bandwidth a FH system can employ, it offers a higher
possible reduction of narrowband interference than a DS system.
2.3.2 Disdvantages of FH-SS:

A highly sophisticated frequency synthesizer is necessary.
An abrupt change of the signal when changing frequency
12
Fig.10
13
2.4 TIME HOPPING Spread Spectrum (TH-SS)

In time hopping CDMA the data signal is transmitted in rapid bursts at time intervals
determined by the code assigned to the user. The time axis is divided into frames, and
each frame is divided into M time slots. During each frame the user will transmit in one of
the M time slots. Which of the M time slots is transmitted depends on the code signal
assigned to the user. Since a user transmits all of its data in one, instead of M time slots,
the frequency it needs for its transmission has increased by a factor M.
2.4.1 Advantages of TH-SS:

Implementation is simpler than that of FH-CDMA and the near-far problem is much less
of a problem since TH-CDMA is an avoidance system, so most of the time a terminal far
from the base station transmits alone, and is not hindered by transmissions from stations
close by.
The multiple access capability of THSS signals is acquired in the same manner as that of
the FH-SS signals; namely, by making the probability of users’ transmissions in the same
frequency band at the same time small. In the case of time hopping all transmissions are in
the same frequency band, so the probability of more than one transmission at the same
time must be small. This is again achieved by assigning different codes to different users. If
multiple transmissions do occur, error-correcting codes ensure that the desired signal can
still be recovered. If there is synchronization among the users, and the assigned codes are
such that no more than one user transmits at a particular slot, then the THCDMA reduces
to a TDMA scheme where the slot in which a user transmits is not fixed but changes from
frame to frame.
2.4.2 Disdvantages of TH-SS:

In the time hopping CDMA, a signal is transmitted in reduced time. The signaling rate,
therefore, increases and dispersion of the signal will now lead to overlap of adjacent bits.
Therefore, no advantage is to be gained with respect to multipath interference rejection.
It takes a long time before the code is synchronized, and the time in which the receiver
has to perform the synchronization is short.
If multiple transmissions occur, a large number of data bits are lost, so a good error-
correcting code and data interleaving are necessary.
14
Fig.11
15
2.5 HYBRID SYSTEMS

The hybrid CDMA systems include all CDMA systems that employ a combination of two
or more of the above-mentioned spread-spectrum modulation techniques or a combination
of CDMA with some other multiple access technique. By combining the basic spread-
spectrum modulation techniques, we have four possible hybrid systems:
DS/FH, DS/TH, FH/TH, and DS/FH/TH; and by combining CDMA with TDMA or
multicarrier modulation we get two more:
CDMA/TDMA and MC-CDMA. The idea of the hybrid system is to combine the specific
advantages of each of the modulation techniques.
2.5.1 Advantages of H-SS:

If we take, for example, the combined DS/FH system we have the advantage of the anti-
multipath property of the DS system combined with the favorable near-far operation of the
FH system.
2.5.2 Disdvantages of H-SS:

Of course, the disadvantage lies in the increased complexity of the transmitter and
receiver.
Coherent demodulation is difficult because of the problems in maintaining phase
relationships during hopping.
Fig.12
16
Chapter 3
CDMA codes and its usage


Contents
1 Iterium Standard-95 System 2
1.1 IS – 95 2
2 Pseduo Random Noise Sequence 4
2.1 PN Sequence 4
2.1.1 PN Sequence generation 6
2.1.2 PN Generator Example 8
2.2 Types of PN Sequences in CDMA 9
2.2.1 Short Code 9
2.2.2 Long Code 9
2.2.3 Walsh Code 11
2.3 Correlation Between PN Sequences 12
2.4 Process Gain and Its Benefits 14
2.5 Spreading Code Acquisition and Tracking 16
2.5.1 Initial Code Acquisition 18
2.5.2 Code Tracking 20
1
1 Iterium Standard-95 System

1.1 IS-95
Interim Standard 95 (IS -95) is a U.S. digital cellular system based on CDMA that
allows each user within a cell and in adjacent cells to use the same radio channel.
Each IS-95 channel occupies 1.23MHz of spectrum in each one-way link; the user
data is spread to a channel chip rate of 1.2288MHz. IS -95 uses a different modulation and
spreading technique for the forward and reverse links. On the forward link, the base station
simultaneously transmits the user data for all mobiles in the cell by using different
spreading sequence for each mobile. The user data is encoded, interleaved, and spread by
one of sixty-four orthogonal spreading sequences (Walsh functions).
To avoid interference, all signals in a particular cell are scrambled using a
pseudorandom sequence of length 2 15-1 chips.
CDMA base stations transmit information in four logical channel formats:
Pilot channels, sync channels, paging channels, and traffic channels.
On the reverse link, all mobiles respond in an asynchronous fashion. The user data
is encoded, interleaved, and then blocks of 6 bits are mapped to one of the 64 orthogonal
Walsh functions. Finally, the data is spread by a user specific code of 42 bits (channel
identifier) and the base station pseudorandom sequence of length 2 15 chips. The reverse
channel is organized in:
Access channels and traffic channels.
At both the base station and the terminal, Rake receivers are used to resolve and
combine multipath components, in order to improve the link quality.
In IS-95, a three-finger Rake receiver is used at the base station.
2
Fig.1
3
2 Pseduo Random Noise Sequence

2.1 PN Sequences
• What are PN sequences?
A Pseudo-random Noise (PN) sequence is a sequence of binary numbers, e.g. ±1, which
appears to be random; but is in fact perfectly deterministic. The sequence appears to be
random in the sense that the binary values and groups or runs of the same binary value
occur in the sequence in the same proportion they would if the sequence were being
generated based on a fair "coin tossing" experiment. In the experiment, each head could
result in one binary value and a tail the other value. The PN sequence appears to have
been generated from such an experiment. A software or hardware device designed to
produce a PN sequence is called a PN generator.
Pseudo-random noise sequences or PN sequences are known sequences that exhibit
the properties or characteristics of random sequences. They can be used to logically isolate
users on the same frequency channel. They can also be used to perform scrambling as
well as spreading and despreading functions. The reason we need to use PN sequences is
that if the code sequences were deterministic, then everybody could access the channel. If
the code sequences were truly random on the other hand, then nobody, including the
intended receiver, would be able to access the channel. Thus, using a pseudo-random
sequence makes the signal look like random noise to everybody except to the transmitter
and the intended receiver.
• Why PN sequence is chosen as a noise like waveform?
To know that we have to understand what is called “white Noise”.
The adjective “white” is used in the sense that white light contains equal amounts of all
frequencies within the visible band of electromagnetic radiation.
It has power spectral density independent of the operating frequency. We express the
power spectral density of white noise by
Sw (f) = No/2 ... No = KT0 watts /Hz. where K is Boltzman constant &
T0 is the equivalent noise temperature.
• Equivalent noise temperature of a system “T0”: -
It is the temperature at which a noisy resistor has to be maintained such that, by
connecting the resistor to the input of a noiseless version of the system, it produces the
same available noise in the actual system it depends only on the parameters of the system
Since the auto correlation function is the inverse Fourier of the power spectral density it
follows that for white noise, the auto correlation function of white noise consists of a delta
function weighted by the factor No/2 and occurring at τ = 0.
Accordingly, any two different samples of white noise, no matter how closely together in
time, they are taken, are uncorrelated. So we have to search for a code sequence has a
noise like wave or almost has autocorrelation function near that of white noise.
4
Fig.2
5
2.1.1 PN Sequence Generation

These sequences are easily generated by using an M-bit linear feedback shift register
with the appropriate feedback taps, e.g. as shown in Fig. For M = 5. With the appropriate
taps, the length (N) of the serial bit stream at the output will be a maximum (Lmax):
N = Lmax = 2M - 1
The meaning of bit-stream length in this context is the maximum length of the bit
sequence before it starts repeating itself. PN sequences of maximum length are called
maximal linear code sequences, but because non-maximal PN sequences are rarely used
in SS systems, “PN sequences” will be used to denote maximal linear code sequences for
this document. Also “PN codes” or “PN code sequences” will be used synonymously with
“PN sequences”. The feedback taps are added modulo-2 (exclusive OR’ed) and fed to the
input of the initial shift register. Only particular tap connections will yield a maximum length
for a given shift register length. These maximal length PN codes have the following
properties:
1. Code balance:
The number of ones and the number of zeros differ by only 1, i.e., there is 1 more one
than the number of zeros. This particularly useful when the channel is AC coupled (no DC
transmission).
2. Autocorrelation:
Using signaling values of ±1, the autocorrelation of a PN sequence has a value of –1 or
all phase shifts of more than one bit time. For no has shift (perfect alignment with itself), the
autocorrelation has a value of N, the sequence length.
3. Modulo-2 addition:
Modulo-2 addition of a PN sequence with a shifted version of itself results in a differently
shifted version of itself.
4. Shift Register States:
The binary number represented by the M bits in the shift register randomly cycle through
all 2M values, except for 0, in successive 2M-1 clocks.
If the value of 0 (all shift register bits are 0) is ever present in the shift register, it will
stay in that state until reloaded with a nonzero value.
6
Fig.3
Fig.4
7
2.1.2 A PN Generator Example

A PN generator is typically made of N cascaded flip-flop circuits and a specially selected
feedback arrangement. The flip-flop circuits when used in this way are called a shift register
since each clock pulse applied to the flip-flops causes the contents of each flip-flop to be
shifted to the right. The feedback connections provide the input to the left-most flip-flop.
With N binary stages, the largest number of different patterns the shift register can have is
2N. The all-binary-zero state, however, is not allowed because it would cause all remaining
states of the shift register and its outputs to be binary zero. The all-binary-ones state does
not cause a similar problem of repeated binary ones provided the number of flip-flops input
to the modulo-2 adder is even. The period of the PN sequence is therefore 2N -1. For
example, starting with the register in state 001, the next 7 states are 100, 010,101, 110,
111, 011, and then 001 again and the states continue to repeat. The output taken from the
right-most flip-flop is 1001011 and then repeats. With the three-stage shift register, the
period is 23-1 or 7.
Fig.5
8
2.2 Types of PN Sequences in CDMA

There are two different types of PN codes and one output of Hadamard Matrix
used in IS-95 CDMA Technology:
1. Short PN code
2. Long PN code
3. Walsh codes
IS-95 uses the two types of maximum-length PN generators to spread the signal power
uniformly over the physical bandwidth of about 1.25 MHz. The PN spreading on the reverse
link also provides near orthogonality of and hence, minimal interference between signals
from each mobile. This allows reuse of the band of frequencies available, which is a major
advantage of CDMA.
2.2.1 Short Code:
A 15-stage linear shift register generates the short PN code. Therefore, the maximum
length of the Short PN Code is
L = 2 N-1 = 2 15-1 = 32,768-1 chips.
By implementation, an extra chip is inserted at the end of the sequence, yielding a
sequence of length L=32,768 chips. The short PN code runs at a speed of 1,228,800 chips
per second. This yields a repetition cycle of 32,768/1,228,800=26.67 ms.
The short PN code consist of two PN Sequences I and Q each 32,768 chips long
generated in similar but differently tapped 15 bit shift register, the two sequences scramble
the information on the I and Q phase channels.
§ These codes are used for cell identification in a reused cell.
§ The chip rate of the short PN code is 1.2288 Mcps.
2.2.2 Long Code:

The PN chips from the long code are used to provide several randomizing functions in
the IS-95 system. These include providing chips for message-scrambling on the forward
and reverse links, for identifying individual mobiles and access channels on the reverse
links by using unique offsets for each entity and for randomizing the location of the power
control bits on the forward traffic channels. A 42-stage linear shift register generates the
long PN code. Therefore, the maximum length of the long PN code is
L = 2 N-1 = 2 42-1 = 4.4 x 1012 = 4.4 trillion chips.
The Long PN Code also runs at a speed of 1,228,800 chips per second. This yields a
repetition cycle of 4.4 x 1012/1,228,800 = 41-42 days.
The long PN code is generated in a 42-stage linear shift register generator with the
output of the 42nd stage input into the first stage and modulo-2 added with the outputs of
stages 1, 2, 3, 5, 6, 7, 10, 16, 17, 18, 19, 21, 22, 25, 26, 27, 31, 33, and 35. The output of
the long code generator is taken after the output of each flip-flop in the generator has been
added with a corresponding bit in a 42-bit mask, which is unique to each user, access, and
paging channel.
§ Base band data scrambling in the forward link
§ Base band data spreading in the reverse link
9
Fig.6
Fig.7
10
2.2.3 Walsh code:

In 1923, J.L. Walsh introduced a complete set of orthogonal codes, based on rearranging
the Rademacher code. These codes are also binary valued codes.
The Walsh code, also known as the Hadamard code, is a set of 64 orthogonal codes, there
purpose is to provide:
1. Forward channel spreading over the 1.2288MHz band;
2. Unique identification to a mobile.
The chip rate (code rate) of a Walsh code is 1.2288 Mchips per second (Mcps).
The four different types of forward channels are designated as follows:
1. Pilot channel: W0 (Walsh code 0);

2. Paging channel: W1 to W7 (unused paging codes can be used for traffic);
3. Sync channel: W32;
4. Traffic channel: W8 to W31 and W33 to W63.
Fig.8
11
2.3 Correlation between PN sequences

The correlation of two random variables x(t) and y(t), is a time-shift comparison which
expresses the degree of similarity or the degree of likeness between the two variables. The
Auto-Correlation function R, provides the degree of similarity between a random variable
x(t) and a time-shifted version of x(t).
Likewise, the cross-correlation function provides the degree of similarity, or the degree of
likeness between a random variable x(t) and time-shifted version of another random
variable y(t). To get the average value of the auto-correlation or cross-correlation, a
normalization by the sequence length L is required.
Consider Ci(t) and the time-shifted version of itself, say C i(t-1)
Ci(t) = 1 0 0 1 1 1 0
Ci(t-1) = 0 0 1 1 1 0 1
When corresponding bits from the two sequences have the same parity (or match each
other), we call the match an agreement "A". Likewise, when corresponding bits from the
two sequences do not have the same Parity (do not match each other), we call the
mismatch a disagreement "D" .By counting all the agreements and all the disagreements
over the full length L of the sequence, a measure of correlation can be estimated as:
Correlation = Total number of "A" - Total number of "D"
Now, consider the reference PN code C i(t) and its time-shifted versions as shown.
Now let us compute the correlation of C i(t) and Ci(t-t), for all suitable values of t (here
from 0 to 7).
In general, it can be shown that the full-length auto-correlation function (R) of PN codes
or PN sequences is characterized by a large positive number equal to the length of the PN
sequence (R=2n-1) when time shift=0, and -1 for all time-shifts equal or greater than the
duration of one chip. So when normalized by the length, the auto-correlation function is
equal to 1 at time-shift zero and is very small (-1/L) for all values of time shifts equal or
greater than one chip.
In summary, the auto-correlation function of PN codes is a two-value function. Its
maximum value occurs when the time-shift parameter is zero. For all other values equal to
or greater than one chip, the correlation function is -1.
• Orthogonality of PN sequences
Consider the reference PN Code Cj(t) and the time-shifted versions of another code Ci(t)
as shown. Let us compute the cross-correlation of Cj(t) and Ci(t-t) for all suitable values of t
(0 to 7).
Two PN sequences Ci(t) and Cj(t) are said to be orthogonal if and only if their respective
normalized correlation function is equal to 1 at a time-shift of zero and their cross
correlation function is equal to zero for all time-shift values. As shown above, averaged
over the code length, the cross-correlation function of PN sequences is not zero. As a
result, PN sequences are not perfectly orthogonal.
12
Fig.9
Fig.10
13
2.4 Process Gain and its Benefits

The primary benefit of processing gain is its contribution towards jamming resistance to
the DSSS signal. The PN code spreads the transmitted signal in bandwidth and it makes it
less susceptible to narrowband interference within the spread BW. The receiver of a DSSS
system can be viewed as unspreading the intended signal and at the same time spreading
the interfering waveform. This operation is best illustrated on Figure, which, depicts the
power spectral density (psd) functions of the signals at the receiver input, the despread
signal, the band pass filter power transfer function, and the band pass filter output. The
figure graphically describes the effect of the processing gain on a jammer. The jammer is
narrow, and has a highly peaked psd, while the psd of the DSSS is wide and low. The
despreading operation spreads the jammer power psd and lowers its peak, and the BPF
output shows the effect on the signal to jammer ratio.
If for example, BPSK modulation is used and an E b/No of lets say 14dB is required to
achieve a certain BER performance, when this waveform is spread with a processing gain
of 10dB then the receiver can still achieve its required performance with the signal having a
4dB power advantage over the interference. This is derived from the 14dB required minus
the 10dB of PG.
The higher the processing gain of the DS-SS waveform the more the resistance to
interference of the DSSS signal. If a code with a length of 16 bits is to be used then the
processing gain is equivalent to 10 Log[16] dB or 12.04dB.
14
We can define GP as:
Where SNRo and SNRi are the output and input SNR of the correlator, respectively.
Where BWD and BWSS are the bandwidth of the data before and after SS modulation.
Fig.11
15
2.5 Spreading Code Acquisition and Tracking

No matter which form of spread spectrum technique we employ, we need to have the
timing information of the transmitted signal in order to despread the received signal and
demodulate the despread signal. For a DS-SS system, we see that if we are off even by a
single chip duration, we will be unable to despread the received spread spectrum signal,
since the spread sequence is designed to have a small out-of-phase autocorrelation
magnitude. Therefore, the process of acquiring the timing information of the transmitted
spread spectrum signal is essential to the implementation of any form of spread spectrum
technique. Usually the problem of timing acquisition is solved via a two-step approach:
• Initial code acquisition (coarse acquisition or coarse synchronization), which
synchronizes the transmitter and receiver.
• Code tracking, which performs and maintains fine synchronization between the
transmitter and receiver.
Given the initial acquisition, code tracking is a relatively easy task and is usually
accomplished by a delay lock loop (DLL). The tracking loop keeps on operating during the
whole communication period. If the channel changes abruptly, the delay lock loop will lose
track of the correct timing and initial acquisition will be reperformed. Sometimes, we
perform initial code acquisition periodically no matter whether the tracking loop loses track
or not.
Compared to code tracking, initial code acquisition in a spread spectrum system is
usually very difficult. First, the timing uncertainty, which is basically determined by the
transmission time of the transmitter and the propagation delay, can be much longer than a
chip duration. As initial acquisition is usually achieved by a search through all possible
phases (delays) of the sequence, a larger timing uncertainty means a larger search area.
Beside timing uncertainty, we may also encounter frequency uncertainty that is due to
Doppler shift and mismatch between the transmitter and receiver oscillators. Thus this
necessitates a two-dimensional search in time and frequency. Moreover, in many cases,
initial code acquisition must be accomplished in low signal-to-noise-ratio environments and
in the presence of jammers. The possibility of channel fading and the existence of multiple
access interference in CDMA environments can make initial acquisition even harder to
accomplish.
The problem of achieving synchronization in various fading channels and CDMA
environments is difficult and is currently under active investigation. In many practical
systems, side information such as the time of the day and an additional control channel, is
needed to help achieve synchronization.
16
Fig.12
17
2.5.1 Initial Code Acquisition

As mentioned before, the objective of initial code acquisition is to achieve a coarse
synchronization between the receiver and the transmitted signal. In a DS-SS system, this is
the same as matching the phase of the reference-spreading signal in the despreader to the
spreading sequence in the received signal. We are going to introduce several acquisition
techniques, which perform the phase matching just described.
• Acquisition strategies
Serial search
The first acquisition strategy we consider is serial search. In this method, the acquisition
circuit attempts to cycle through and test all possible phases one by one (serially) as shown
in Figure.
The circuit complexity for serial search is low. However, penalty time associated with a
miss is large.
Therefore we need to select a larger integration (dwell) time to reduce the miss
probability. This, together with the serial searching nature, gives a large overall acquisition
time (i.e., slow acquisition).
Fig.13
18
Parallel search
Unlike serial search, we test all the possible phases simultaneously in the parallel search
strategy as shown in figure. Obviously, the circuit complexity of the parallel search is high.
The overall acquisition time is much smaller than that of the serial search.
Fig.14
19
CDMA Air Interface Overview
2.5.2 Code Tracking

The purpose of code tracking is to perform and maintain fine synchronization. A code-
tracking loop starts its operation only after initial acquisition has been achieved. Hence, we
can assume that we are off by small amounts in both frequency and code phase. A
common fine synchronization strategy is to design a code tracking circuitry, which can track
the code phase in the presence of a small frequency error. After the correct code phase is
acquired by the code tracking circuitry, a standard phase lock
Loop (PLL) can be employed to track the carrier frequency and phase. In this section, we
give a brief introduction to a common technique for code tracking, namely, the early-late
gate delay-lock loop (DLL).
Fig.15
20
Chapter 4

Contents
1 CDMA Air Links and Channels 2
1.1 CDMA Air Links 2
1.2 Forward Link Channels 4
1.2.1 Pilot Channel 4
1.2.2 Sync Channel 6
1.2.3 Paging Channel 7
1.2.4 Rate Set 1Traffic Channel 9
1.2.5 Rate Set 2 Traffic Channel 11
1.3 Reverse Link Channels 12
1.3.1 Access Channel 12
1.3.1 Access Channel (Cont.) 14
1.3.2 Traffic Channel 15
1.3.2 Traffic Channel (Cont.) 16
1.4 How calls from a BTS are encoded and transmitted to a cellphone 17
1
1 CDMA Air- Links and Channels
1.1 CDMA Air- Links

The IS-95 CDMA system is unique in that its forward and reverse links have different link
structure. This is necessary to accommodate the requirements of a land-mobile
communication system. The forward link consists of four types of logical channels: pilot,
sync, paging, and traffic channels. There is one pilot channel, one sync channel, up to
seven paging channels, and several traffic channels. Each of these forward-link channels is
first spread orthogonally by its Walsh function, and then a quadrature pair of short PN
sequences spreads it.
All channels are added together to form the composite SS signal to be transmitted on the
forward link.
The reverse link consists of two types of logical channels: access and traffic channels.
Each of these reverse-link channels is spread orthogonally by a unique long PN sequence;
hence, each channel is identified using the distinct long PN code. The reason that a pilot
channel is not used on the reverse link is that it is impractical for each mobile to broadcast
its own pilot sequence.
Forward Link
We defined the structure of a Hadamard matrix and described how Walsh codes are
generated using such a matrix. The IS -95 CDMA system uses a 64 by 64 Hadamard matrix
to generate 64 Walsh functions that are orthogonal to each other, and each of the logic
channels on the forward link is identified by its assigned Walsh function.
Reverse Link
The reverse link supports two types of logical channels: Access channels and Traffic
channels.
Because of the noncoherent nature of the reverse link, Walsh functions are not used for
channelization. Instead, Long PN sequences are used to distinguish the users from one
another.
2
Fig.1
Fig.2
3
1.2 Forward Link Channels

1.2.1 Pilot Channel
The pilot channel is is used by the base station to provide a reference for all mobile
stations. It provides a phase reference for coherent demodulation at the mobile receiver to
enable coherent detection. It is assigned the Walsh code W0.
The pilot signal level for all base stations is kept about 4 to 6 dB higher than the traffic
channel with a constant signal power. The pilot is used for comparisons of signal strength
between different base stations to decide when to perform handoff. The pilot signals from
all base stations use the same PN sequences, but each base station is identified by a
unique time offset. These offsets are in increments of 64 chips to provide 512 unique
offsets.
Each terminal segregates the set of PN Offset values (and implicitly the set of base
stations) in a system into four categories:
• The active list contains base stations currently used for traffic channel
transmissions. In a soft handoff condition, there is more than one base station in this
list.
• The candidate list consists of base stations classified by the terminal, on the basis
of measured signal quality, as available for traffic channel transmissions.
• The neighbor list is a set of nearby base stations that could soon be available for
handoff.
• The remaining list contains the base stations that are not in any of the other
categories.
4
Fig.3
5
1.2.2 Sync Channel

Unlike the pilot channel, the sync channel carries baseband information. The information
is contained in the sync channel message that notifies the mobile of important information
about system synchronization and parameters.
The baseband information is error protected and interleaved, it is then spread by Walsh
function 32 and further spread by the PN sequence that is identified with the serving sector.
The baseband information is at a rate of 1.2 Kbps.
The Sync Channel is used with the pilot channel to acquire initial time synchronization.
The Sync channel message parameters are:
• System Identification (SID)
• Network Identification (NID)
• Pilot short PN sequence offset index
• Long-code state
• System time
• Offset of local time
• Daylight saving time indicator
• Paging Channel data rate (4.8 or 9.6kbps).
Fig.4
6
1.2.3 Paging Channel

Similar to the sync channel, the paging channel also carries baseband information.
But unlike the sync channel, the paging channel transmits at higher rates; it can transmit
at either 4.8 or 9.6 Kbps. As shown in Figure, the baseband information is first error
protected, and then if the data rate is at 4.8 Kbps, the bits are repeated once. Otherwise,
they are not repeated. Following interleaving, the data is first scrambled by a decimated
long PN sequence, then it is spread by a specific Walsh function assigned to that paging
channel and further spread by the short PN sequence assigned to the serving sector. Also
note from Figure that the long PN code undergoes a decimation ratio of 64:1 (i.e., from
1.2288 Mcps to 19.2 Ksps). The long-code generator itself is masked with a mask specific
to each unique paging channel number (i.e., 1 through 7). Therefore, the longcode mask
used for paging channel 1 (spread by Walsh function 1) is different from that used for
paging channel 3 (spread by Walsh function 3).
Some of the messagescarried by the paging channel include:
• System Parameter message: such as base station identifier, the number of paging
channels, and the page channel number.
• Access Parameters message: parameters required by the mobile to transmit on an
access channel.
• Neighbor List Message: information about neighbor base station parameters, such
as the PN Offset.
• CDMA Channel List message: provides a list of CDMA carriers.
• Page message: provides a page to the mobile station.
• Channel Assignment message: to inform the mobile station to tune to a new
frequency.
• Data Burst message: data message sent by the base station to the mobile.
• Authentication Challenge: allows the base station to validate the mobile identity.
7
Fig.5
8
1.2.4 Rate Set1 Traffic Channel

The forward traffic channel is used to transmit user data and voice; signaling messages
are also sent over the traffic channel.
For Rate Set 1, the vocoder is capable of varying its output data rate in response to
speech activities. Four different data rates are supported: 9.6, 4.8, 2.4, and 1.2 Kbps. For
example, during quiet periods of speech, the vocoder may elect to code the speech at the
lowest rate of 1.2 Kbps.
The baseband data from the vocoder is convolutionally encoded for error protection. For
Rate Set 1, a rate 1/2 convolutional encoder is used. The encoding effectively doubles the
data rate. After convolutional encoding, the data undergoes symbol repetition, which
repeats the symbols when lower rate data are produced by the vocoder. The following is
the repetition scheme:
• When the data rate is 9.6 Kbps, the code symbol rate (at the output of the
convolutional encoder) is 19.2 Ksps. In this case, no repetition is performed.
• When the data rate is 4.8 Kbps, the code symbol rate is 9.6 Ksps; each symbol is
repeated once, yielding a final modulation symbol rate of 19.2 Ksps.
repeated three times, yielding a final modulation symbol rate of 19.2 Ksps.
repeated seven times, yielding a final modulation symbol rate of 19.2 Ksps.
The reason for repeating symbols is to reduce overall interference power at a given time
when lower rate data are transmitted.
In a real CDMA system, when the vocoder is transmitting at 4.8 Kbps, the energy per
symbol transmitted is one-half that of 9.6 Kbps. When the vocoder is transmitting at 2.4
Kbps, the energy per symbol transmitted is oneforth that of 9.6 Kbps, and when the
vocoder is transmitting at 1.2 Kbps, the energy per symbol transmitted is one-eighth that of
9.6 Kbps.
After symbol repetition, the data is interleaved to combat fading (see Figure), and then
the interleaved data is scrambled by a decimated long PN sequence. A long PN code
generator generates the long PN sequence. The generator outputs a long PN sequence at
1.2288 Mcps. Because the data rate at the interleaver output is 19.2 Ksps, the PN
sequence is decimated by a ratio of 64:1 to also achieve a rate of 19.2 Kcps; the decimated
long PN sequence at 19.2 Kcps is then multiplied with the 19.2-Ksps data stream. Note that
the long-code generator produces the long PN sequence using a mask that is specific to
the mobile.
9
Fig.6
10
1.2.5 Rate Set 2 Traffic Channel

The forward traffic channel structure is similar for Rate Set 2. The Rate Set 2 vocoder
codes speech at higher rates, and it delivers a better voice quality than that of Rate Set 1.
The Rate Set 2 vocoder supports four variable rates: 14.4, 7.2, 3.6, and 1.8 Kbps.
Note that in order to maintain the output of the block interleaver at 19.2 Ksps, the
rate of the convolutional encoder is increased to R = 3/4.
Fig.7
11
1.3 Reverse Link channels

The reverse link supports two types of logical channels: Access channels and Traffic
channels.
Because of the noncoherent nature of the reverse link, Walsh functions are not used for
channelization. Instead, Long PN sequences are used to distinguish the users from one
another.
1.3.1 Access Channel

The mobile communicates with the base station when it doesn’t have a traffic channel
assigned using the access channel. The mobile uses this channel to make call originations
and respond to pages and orders. The baseband data rate of the access channel is fixed at
4.8 Kbps.
The baseband information is first error protected by an R = 1/3 convolutional encoder.
The lower encoding rate makes error protection more robust on the reverse link, which is
often the weaker of the two links. The symbol repetition function repeats the symbol once,
yielding a code symbol rate of 28.8 Ksps. The data is then interleaved to combat fading.
Following interleaving, the data is coded by a 64-ary orthogonal modulator.
The set of 64 Walsh functions is used, but here the Walsh functions are used to
modulate, or represent, groups of six symbols. The reason for orthogonal modulation of the
symbols is again due to the noncoherent nature of reverse link. When a user’s transmission
is not coherent, the receiver (at the base station) still has to detect each symbol correctly.
Making a decision of whether or not a symbol is +1 or -1 may be difficult during one symbol
period.
However, if a group of six symbols is represented by a unique Walsh function, then the
base station can easily detect six symbols at a time by deciding which Walsh function is
sent during that period. The receiver can easily decide which Walsh function is sent by
correlating the received sequence with the set of 64 known Walsh functions. Note that on
the forward link, Walsh functions are used to distinguish among the different channels. On
the reverse link, Walsh functions are used to distinguish among the different symbols (or
among groups of six symbols). The orthogonally modulated data at 4.8 Ksps (modulation
symbols) or at 307.2 Ksps (code symbols) are then spread by the long PN sequence. The
long PN sequence is running at 1.2288 Mcps, and the bandwidth of the data after
spreading is 1.2288 Mcps. Remember that the long PN sequence is used to distinguish the
access channel from all other channels that occupy the reverse link. The data is further
scrambled in the I and the Q paths by the short PN sequences (also running at 1.2288
Mcps) defined in the IS -95 standard.
12
Fig.8
13
1.3.1 Access Channel (Cont.)

Is used by a terminal without a call in progress to send messages to the base station for
three principal purposes: to originate a call, to respond to a paging message, and to
register its location. Each base station operates with up to 32 access channels. The
messages carried by the access channel include:
• Registration Message: sends to the base station information necessary to page the
mobile, such as: location, status, and identification.
• Order message: to transmit information such as base station challenge, mobile
station acknowledgement, local control response, and mobile station reject.
• Data Burst message: user-generated data message sent by the mobile station to the
base station.
• Origination message: allows the mobile station to place a call’ sending dialed digits.
• Page Response message: used to respond to a page.
• Authentication Challenge Response message: contains necessary information to
validate the mobile station’s identity.
Fig.9
14
1.3.2 Traffic Channel

The reverse traffic channel is used to transmit user data and voice; signaling messages
are also sent over the traffic channel. The structure of the reverse traffic channel is similar
to that of the access channel. The major difference is that the reverse traffic channel
contains a data burst randomizer.
The orthogonally modulated data is fed into the data burst randomizer. The function of
the data burst randomizer is to take advantage of the voice activity factor on the reverse
link. Recall that the forward link uses a different scheme to take advantage of the voice
activity factor, when the vocoder is operating at a lower rate, the forward link transmits the
repeated symbols at a reduced energy per symbol and thereby reduces the forward-link
power during any given period.
The approach taken to reduce reverse-link power during quieter periods of speech is to
pseudorandomly mask out redundant symbols produced by symbol repetition.
This is accomplished by the data burst randomizer. The data burst randomizer generates
a masking pattern of 0s and 1s that randomly masks out redundant data. The masking
pattern is partially determined by the vocoder rate. If the vocoder is operating at 9.6 Kbps,
then no data is masked. If the vocoder is operating at 1.2 Kbps, then the symbols are
repeated seven times, and the data burst randomizer masks out, on average, seven out of
eight groups of symbols.
Fig.10
Fig.10 15
1.3.2 Traffic Channel (Cont.)
This channel can multiplex primary (voice) and secondary (data) or signaling traffic.
Some of the typical messages that the reverse traffic channel carries are:
• Order messages: include base station challenge, parameter update confirmation,
mobile station acknowledgement, service option request and response, release,
connect, DTMF tone, etc.
• Authentication Challenge Response message: information to validate the mobile
station.
• Data Burst message: a user-generated data message sent by the mobile to the base
station.
• Pilot Strength Measurement message: information about the strength of other pilot
signals that are not associated with the serving base station.
• Power Measurement Report message: sends FER statistics to the base station.
• Handoff Completion message: is the mobile response to a Handoff Direction
message.
• Parameter Response message: is the mobile response to the base station to a
Retrieve Parameters message.
Fig.11
16
1.4 How calls from a base station are encoded

1.4 How calls
and transmitted from a base station are encoded
to a cellphone
and transmitted to a cellphone
At the base station, each voice conversation is converted into digital code and
compressed with a vocoder. The vocoder output is doubled by a convolutional encoder that
adds redundancy for error checking. Each bit from the encoder is replicated 64 times and
exclusive OR'd with a Walsh code that is used to identify that call from the rest.
The output of the Walsh code is exclusive OR'd with the next string of bits (PN sequence)
from a pseudo-random number generator, which is used to identify all the calls in a
particular cell's sector. At this point, there is 128 times as many bits as there were from the
vocoder's output. All the calls are combined and modulated onto a carrier frequency in the
800 MHz range.
At the receiving side, the received signals are quantized (turned into bits) and run
through the Walsh code and PN sequence correlation receiver to recover the transmitted
bits of the original signal. When 20ms of voice data is received, a Viterbi decoder corrects
the errors using the convolutional code, and that all goes to the vocoder that turns the bits
back into waveforms (sound).
17
Fig.12
18
Chapter 5
CDMA System Aspects

CDMA System Aspects
CDMA System Aspects
Contents
1 Power Control in CDMA 2
1.1 Introduction 2
1.1.1 Effect of No Power Control 2
1.1.2 The NEAR – FAR Problem 2
1.2 Classification of Power Control Techniques 4
1.2.1 According to update strategies 4
1.2.2 According to direction of transmission 6
1.2.3 According to techniques 8
2 Rake Receiver 9
2.1 Rake Receiver Theory and Structure 9
3 Handoff Versus Handover 11
3.1 Handoff Versus Handover 11
3.2 Soft Handover 11
3.2.1 The Importance Of Soft Handoff 11
3.3 Softer Handover 12
4 Multiuser Detection 14
4
1
CDMA System Aspects
1 Power Control in CDMA

1.1 Introduction
Power control is one of the most important system requirement, and it is analyzed for
cellular networks based on FDMA and TDMA, and for DS-CDMA cellular networks, In most
modern systems, both base stations and mobiles have the capability of real-time (dynamic)
adjustment of their transmit powers.
1.1.1 Effect of NO Power Control:

In case of no power control, if a mobile station signal is received at the base station with
a too low level of received power [MS is far from the cell site, or in an unusual high
attenuation channel], High level of interference is experienced by this mobile and its
performance (BER) will be degraded.
On the other hand, if the received power level is too high, the performance of this mobile
is acceptable, but increases interference to all other mobile stations that are using the same
channel.
Fast power control greatly optimizes the system capacity,but since many subscribers
transmit in the same frequency band and the same frequency can be used in each cell
(re-use = 1), each user can cause interference for the others.
The power control is used to solve the called “NEAR-FAR” problem.
1.1.2 The (NEAR – FAR) Problem

In ideal cases, the power received at the BTS is identical for all UE served by the BTS
(assuming the transfer rates are identical). This ideal situation also represents the
maximum capacity of the cell.
Genuine fast power control is necessary because of the mobility of the UE. This mobility
causes rapid variation in the attenuation of the power of the UE. Let us consider the shown
example:
If the mobiles are permitted to transmit the same power from two different distances, the
ratio of the received signals at the base station will be not equal. Therefore, the objective of
the mobile power control is to produce a nominal received power from all mobiles in a given
cell or a sector. Because of that, well-defined power control is essential for proper
functioning of the DS-CDMA system. In the absence of power control the capacity of the
DS-CDMA mobile system is very low, even lower than that of mobile systems based on
FDMA.
One of the reasons for the use of power control both in FDMA/TDMA and in DS-CDMA
networks is to prolong battery life by using a minimum of transmitter power to achieve the
required transmission quality. According to the above-mentioned facts, for proper operation
of a modern high-capacity cellular radio system, power control is an essential feature.
2
CDMA System Aspects
Fig.1
Fig.2
3
CDMA System Aspects
1.2 Classification of Power Control Techniques

According to what is measured to determine power control command, power
control techniques can be classified into:
1. Strength-based.
2. SIR-based.
3. BER-based.
1. Strength-based.
The strength of a signal arriving at the base station from a mobile is measured to
determine whether it is higher or lower than the desired strength and then it is adjusted so it
is considered the easiest method.
2. SIR-based.
The measured quantity is the Signal to Interference Ratio where interference consists of
channel noise and multi-user interference. SIR-based power control reflects better system
performance such as QoS and capacity. A serious problem associated with SIR-based
power control is the potential to get positive feedback to endanger the stability of the
system.
3. BER-based.
Bit Error Rate is defined as an average number of erroneous bits compared to the
original sequence of bits. If the signal and interference powers are constant, the BER will
be a function of the SIR, and in this case the QoS is equivalent. However, in reality the SIR
is time-variant and thus the average SIR will not correspond to the average BER. In this
case the BER is a better quality measure.
1.2.1 According to update strategies, power control

algorithms can be classified as follows:
1. Fixed step size algorithm
2. Adaptive step size to the channel variation
1. Fixed step size algorithm
Power control command in fixed step size algorithms is a simple 1-bit command. It has
been shown that the inverse algorithm is superior to the fixed step size algorithm. However,
the fixed step size algorithm is easier to implement because the inverse algorithm needs
additional bandwidth on the return channel to carry the power control step size instead of
the1-bit control command as in fixed step size algorithm. A compromise would be to use an
adaptive delta-modulation algorithm.
2. Adaptive step size to the channel variation
A specific example of the adaptive step size approach is the inverse update algorithm,
which increases or decreases the mobile users' transmit power by the actual difference
between the received signal power and the desired received signal power.
4
CDMA System Aspects
Fig.3
5
CDMA System Aspects
1.2.2 According to direction of transmission

, power control can be classified into:
1. Forward link (from mobiles to base stations).
2. Reverse link (from base stations to mobiles).
1. Forward link power control:
Forward link (base station to mobile) power control is a one step process .The base
station controls its transmitting power so that a given mobile receives extra power to
overcome fading, interference, BER, etc. In this mechanism, the cell site reduces its
transmitting power while the mobile computes the frame error rate (FER). Once the mobile
detects 1% FER, it sends a request to stop the power reduction.
2. Reverse Link Power Control
Power control for the reverse link is a combined technique consisting of closed-loop and
open-loop power controls. Also, it is a fixed step size algorithm and strength-based
distributed algorithm. The goal of open-loop power control is the estimation of a path loss
and a loss due to shadowing between the base and the mobile station. According to this
process, the mobiles transmit the initial power control signal.
However, multipath fading in a reverse and a forward DS-CDMA link is an independent
process since the frequency separation of these links is 45MHz and it greatly exceeds the
coherent bandwidth of the channel. Thus, closed-loop power control is used. Every cell site
demodulator measures the received signal-to-noise ratio (SNR) from each mobile station.
The measured SNR is compared to the desired SNR for that mobile station and a power
adjustment command is sent to the mobile station. This power adjustment command is
combined with the mobile station open-loop estimate to obtain the final value of the mobile
station transmit power. The base station measures the signal quality (BER) and based on
that determines the desired SNR for specific mobile station. In previously described power
control technique, the subscribers are power controlled by the base station of their own cell.
However, the interference level from subscribers in other cells varies not only according to
the attenuation in the path to the subscriber's cell site, but also inversely to the attenuation
from the interfering user to his own cell site, which through power control by that cell site
may increase or decrease the interference to the desired cell site. It has been shown that
the maximal number of subscribers in the cell is the highest when there are no subscribers
in the neighboring cells. As the number of subscribers in the neighboring cells increases the
maximal number of subscribers in the cell decreases.
Power control for DS-CDMA reverse link is the single most important system
requirement because of the Near/ Far effect. In this case, it is necessary to have a dynamic
range for control. For the forward link, no power control is required in a single cell system,
since all signals are transmitted together and hence vary together. However in multiple cell
systems, interference from neighboring cell sites fades independently from the given cell
site and thereby degrades performance. Thus it is necessary to apply power control in this
case also, to reduce intercell interference.
6
CDMA System Aspects
Fig.4
7
CDMA System Aspects
1.2.3 According to techniques, power control

can be classified as follows:
1. Open-loop power control.
2. Closed-loop power control.
3. Outer loop power control
1. Open-loop power control
Reverse link (mobile to base station) open loop power control is accomplished by
adjusting the mobile transmit power so that the received signal at the base station is
constant irrespective of the mobile distance; where each mobile computes the relative path
loss and compensates the loss by adjusting its transmitting power. The total received power
at the cell site is the sum of all powers, which determines the system capacity.
2. Closed-loop power control

Closed-loop power control is accomplished by means of power up or power down
command originating from the cell site. A single power control bit is inserted into the
forward encoded data stream, the mobile responds by adjusting the power. In order to
lower processing delay and to save bandwidth in the forward link, command bits for power
control from the base to the mobile station are not coded and they are susceptible to errors.
3. Outer Loop PC
Signal to interference ratio is varied, to guarantee QoS (BER,..)
Fig.5
8
CDMA System Aspects
2 RAKE Receiver
2.1 RAKE Receiver Theory and Structure

A spread-spectrum signal waveform is well matched to the multipath channel. In a
multipath channel, the original transmitted signal reflects from obstacles such as buildings,
and mountains, and the receiver receives several copies of the signal with different delays.
If the signals arrive more than one chip apart from each other, the receiver can resolve
them. Actually, from each multipath signal’s point of view, other multipath signals can be
regarded as interference and they are suppressed by the processing gain. However, a
further benefit is obtained if the resolved multipath signals are combined using RAKE
receiver. Thus, the signal waveform of CDMA signals facilitates utilization of multipath
diversity. Expressing the same phenomenon in the frequency domain means that the
bandwidth of the transmitted signal is larger than the coherence bandwidth of the channel
and the channel is frequency selective (i.e., only part of the signal is affected by the fading).
RAKE receiver consists of correlators, each receiving a multipath signal. After
despreading by correlators, the signals are combined using, for example, maximal ratio
combining. Since the received multipath signals are fading independently, diversity order
and thus performance are improved.
After spreading and modulation the signal is transmitted and it passes through a
multipath channel, which can be modeled by a tapped delay line (i.e., the reflected signals
are delayed and attenuated in the channel).
It is necessary to measure the tapped delay line profile and to reallocate RAKE fingers
whenever there is need. Small-scale changes, less than one chip, are taken care of by a
code-tracking loop, which tracks the time delay of each multipath signal.
9
CDMA System Aspects
Fig.6
10
CDMA System Aspects
3 Handoff Versus Handover
3.1 Handoff versus Handover

The act of transferring support of a mobile from one base station to another is termed
handover or Handoff. It occurs when a call has to be handed over or off from one cell to
another as the user moves between cells. In GSM system it is termed hard handoff or
Handover where the connection to the current cell is broken, and then the connection to the
new cell is made. This is known as a "break-before-make" handoff.
But in a CDMA system the same frequency band is shared between all the cells. Thus
there is well-defined efficient bandwidth utilization. Though there is frequency reuse, the
orthogonal nature of the waveforms serves to distinguish between the signals that occupy
the same frequency band so it is called soft Handover or Handoff.
3.2 Soft Handover

In soft handover a mobile station is connected to more than one base station
simultaneously. Soft handover is used in CDMA to reduce the interference into other cells
and to improve performance through macro diversity.
3.2.1 The Importance Of Soft Handover

In power controlled CDMA systems soft handoff is preferred over hard handoff
strategies. This is more pronounced when the IS -95 standard is considered wherein the
transmitter power is adjusted dynamically during the operation. Here the power control and
soft handoff are used as means of interference-reduction, which is the primary concern of
such an advanced communication system. The previous and the new wideband channels
occupy the same frequency band in order to make an efficient use of bandwidth, which
makes the use of soft handoff very important. The primary aim is to maintain a continuous
link with the strongest signal base station otherwise a positive power control feedback
would result in system problems. Soft handoff ensures a continuous link to the base station
from which the strongest signal is issued. Soft handoff requires less power, which reduces
interference and increases capacity.
11
CDMA System Aspects
Fig.7
3.3 Softer Handover

Is a soft handover between two sectors of a cell. As known that, in a cellular system
there is spatial separation between cells using the same frequencies). This is called the
frequency reuse concept.
Because of the processing gain, such spatial separation is not needed in CDMA, and
frequency reuse factor of one can be used. Usually, a mobile station performs a handover
when the signal strength of a neighboring cell exceeds the signal strength of the current cell
with a given threshold. Since in a CDMA system the neighboring cell frequencies are the
same as in the given cell, this type of approach would cause excessive interference into the
neighboring cells and thus a capacity degradation. In order to avoid this interference, an
instantaneous handover from the current cell to the new cell would be required when the
signal strength of the new cell exceeds the signal strength of the current cell. This is not,
however, feasible in practice. The handover mechanism should always allow the mobile
station to connect into a cell, which it receives with the highest power (i.e., with the lowest
pathloss).
12
CDMA System Aspects
Fig.8
13
CDMA System Aspects
4 Multiuser Detection
The current CDMA receivers are based on the RAKE receiver principle, which
considers other users’ signals as interference. However, in an optimum receiver all signals
would be detected jointly or interference from other signals would be removed by
subtracting them from the desired signal. This is possible because the correlation
properties between signals are known (i.e., the interference is deterministic not random).
The capacity of a direct sequence CDMA system using RAKE receiver is interference
limited. In practice this means that when a new user, or interferer, enters the network, other
users’ service quality will go below the acceptable level. The more the network can resist
interference the more users can be served. Multiple access interference that disturbs a
base or mobile station is a sum of both intra- and inter-cell interference. Multiuser detection
(MUD), also called joint detection and interference cancellation (IC), provides a means of
reducing the effect of multiple access interference, and hence increases the system
capacity.
In the first place MUD is considered to cancel only the intra-cell interference, meaning
that in a practical system the capacity will be limited by the efficiency of the algorithm and
the inter-cell interference. In addition to capacity improvement, MUD alleviates the near/far
problem typical to DS-CDMA systems. A mobile station close to a base station may block
the whole cell traffic by using too high a transmission power. If this user is detected first and
subtracted from the input signal, the other users do not see the interference. Since optimal
multiuser detection is very complex and in practice impossible to implement for any
reasonable number of users, a number of suboptimum multiuser and interference
cancellation receivers have been developed. The suboptimum receivers can be divided into
two main categories: linear detectors and interference cancellation. Linear detectors apply
a linear transform into the outputs of the matched filters that are trying to remove the
multiple access interference using too high a transmission power. If this user is detected
first and subtracted from the input signal, the other users do not see the interference. Since
optimal multiuser detection is very complex and in practice impossible to implement for any
reasonable number of users, a number of suboptimum multiuser and interference
cancellation receivers have been developed. The suboptimum receivers can be divided into
two main categories: linear detectors and interference cancellation. Linear detectors apply
a linear transform into the outputs of the matched filters that are trying to remove the
multiple access interference (i.e., the interference due to correlations between user codes).
Examples of linear detectors are decorrelator and linear minimum mean square error
(LMMSE) detectors. In interference cancellation multiple access interference is first
estimated and then subtracted from the received signal. Parallel interference cancellation
(PIC) and successive (serial) interference cancellation (SIC) are examples of interference
cancellation.
14
CDMA System Aspects
Fig.9
15
Appendix
Appendix
Appendix
A
AC Authentication Center
ACCH Associated Control CHannel
ACE Antenna Coupling Equipment
ADC Analog to Digital Converter
AGCH Access Grant Channel
AMR Adaptive MultiRate speech
AMX ATM MultipleXer
AMPS Advanced Mobile Phone Services
ANSI American National Standards Institute (USA)
AP Application Part
ARFCN Absolute Radio Frequency Channel Number
ARIB Association of Radio Industries and Business (Japan)
ARQ Automatic Repeat reQuest
ASCI Advanced Speech Call Items
ATM Asynchronous Transfer Mode
AUC Authentication Center
B
BA BCCH Allocation
BCC Base transceiver station Color Code
BCCH Broadcast Control CHannel
BCH Broadcast CHannel
BER Bit Error Rate
BPSK Binary Phase Shift Keying
BS Base Station
BSC Base Station Controller
BSIC Base transceiver Station Identity Code
1
Appendix
BSS Base Station System

BSSAP Base Station System Application Part
BSSMAP Base Station System Management Application Part
BTS Base Transceiver Station
C
CA Cell Allocation
CAMEL Customized Applications for Mobile network Enhanced
Logic
CATT China Academy of Telecommunication Technology
(China)
CC Call Control
CC Country Code
CCH Control CHannel
CCITT Comité Consulatif International Téléphonique et
Télégraphique
CCS7 Common Channel signaling System No. 7
CCU Channel Coding Unit
CDMA Code Division Multiple Access
CEPT Conference Europèene des Postes et
Telecommunication
CGI Cell Global Identity
CI Cell Identity
CN Core Network
CP Call Processing
CS Coding Scheme
CUG Closed User Group
CWTS Chinese Wireless Telecommunication Standardization
Institute
D
D-AMPS Digital AMPS
DCA Dynamic Channel Allocation
2
Appendix
DCS1800 Digital Cellular System in the 1800 MHz band

DECT Digital Enhanced Cordless Telephone
DL Down Link
DoA Direction of Arrival
DRNS Drift RNS
DRX Discontinuous Reception
DS-CDMA Direct Sequence CDMA
DSP Digital Signal Processor
DTAP Direct Transfer Application Part
DTX Discontinuous Transmission
DwPTS Downlink Pilot Time Slot
E
EDGE Enhanced Data Rates for GSM
EFR Enhanced Full Rate speech
EIR Equipment Identification Register
ERC European Radio communication Committee
ERMES European Radio MEssage System
ESA European Space Agency
ESCD Enhanced Circuit Switched Data
ETSI European Telecommunications Standard Institute
F
FAC Final Assembly Code
FACCH Fast Associated Control CHannel
FB Frequency correction Burst
FCCH Frequency Correction CHannel
FDD Frequency Division Duplex
FDMA Frequency Division Multiple Access
FEC Forward Error Correction
FN Frame Number
3
Appendix
FPLMTS Future Public Land Mobile Telecommunication System

FR Frame Relay
FR Full Rate speech
FRAMES Future RAdio wideband MultiplE access Systems
G
GEO GEostationary Orbital
GGSN Gateway GPRS Support Node
GMM Global Multimedia Mobility
GMPCS Global Mobile Personal Communication Systems
GMSC Gateway MSC
GMSK Gaussian Minimum Shift Keying
GP Guard Period
GPRS General Packet Radio Service
GPS Global Positioning System
H
HCR High Chip Rate
HCS Hierarchical Cellular Structures
HEO High Elliptic Orbit
HLR Home Location Register
HO(V) HandOver
HR Half Rate speech
HPLMN Home PLMN
HSCSD High Speed Circuit Switched Data
I
IAM Initial Address Message
ICO Intermediate Circular Orbits
ID IDentification
ID IDentity
4
Appendix
IMEI International Mobile Equipment Identity

IMSI International Mobile Subscriber Identity
IMT-2000 International Mobile Telecommunications-2000
IN Intelligent Network
Inmarsat INternational MARitime SATellite
ITU International Telecommunication Union
IP Internet Protocol
IP Intelligent Peripheral
ISDN Integrated Services Digital Network
ISP Internet Service Provider
ISUP ISDN User Part
IWE InterWorking Equipment
IWF InterWorking Function
IWUP InterWorking User Part
J
JD Joint Detection
JDC Japanese Digital Cellular
K
kbps Kilo Bits per second
Kc cipher Key
Ki individual subscriber authentication Key
L
LA Location Area
LAI Location Area Identity
LAN Local Area Network
LAPDm Link Access Protocol on the Dm channel
LCR Low Chip Rate
LEO Low Earth Orbital
LES Land Earth Station
5
Appendix

LMT Local Maintenance Terminal
LR Location Register
M
MAP Mobile Application Part
MAI Multiple Access Interference
MARISAT MARItime SATellite
MBS Mobile Broadband System
MCC Mobile Country Code
Mcps Mega Chips per Second
ME Mobile Equipment
MExE Mobile station application Execution
Environment
MM Mobility Management
MMI Man Machine Interface
MML Man Machine Language
MNC Mobile Network Code
MOC Mobile Originating Call
MS Mobile Station
MSC Mobile services Switching Center
MSISDN Mobile Station international ISDN number
MSP Multiple Subscriber Profile
MSRN Mobile Station Roaming Number
MSS Mobile Satellite Systems
MT Mobile Termination
MTP Message Transfer Part
MTC Mobile Termination Call
MUD Multiuser Detection
6
Appendix
MUX MUltipleXer
N
NB Normal Burst
NCC Network Color Code (PLMN color code)
NDC National Destination Code
NE Network Element
NMT Nordic Mobile Telephone
NSS Network Switching Subsystem
O
O&M Operation and Maintenance
OACSU Off Air Call Set Up
ODMA Opportunity Driven Multiple Access
OFDMA Orthogonal Frequency Division Multiple
Access
OMC Operation & Maintenance Center
OMC-B Operation & Maintenance Center for BSS
OMC-S Operation & Maintenance center for SSS
OSS Operation SubSystem
OVSF Orthogonal Variable Spreading Factor codes
P
PA Power Amplifier
PACS Personal Access Communication System
PC Power Control
PCM Pulse Code Modulation
PCU Packet Control Unit
PDA Personal Data Assistant
PDC Personal Digital Cellular (Japan)
PDN Packet Data Network
PHS Personal Handy System (Japan)
7
Appendix
PIN Personal Identification Number

PLMN Public Land Mobile Network
PMR Private Mobile Radio
PP Point-to-Point
PSTN Public Switched Telephone Network
Q
QOS Quality Of Service
QPSK Quaternary Phase Shift Keying
R
RA Rate Adaptation
RACH Random Access CHannel
RAND RANDom number
REQ REQuest
RES RESponse
RF Radio Frequency
RFC Radio Frequency Channel
RFCH Radio Frequency CHannel
RFCN Radio Frequency Channel Number
RNC Radio Network Controller
RNS Radio Network Subsystem
RRM Radio Resource Management
RSS Radio SubSystem
RU Resource Unit
RX / Rx Receiver
S
SACCH Slow Associated Control CHannel
SAP Service Access Point
SAPI Service Access Point Indicator
SB Synchronization Burst
8
Appendix
SCCP Signaling Connection Control Part

SCE Service Creation Environment
SCH Synchronization CHannel
SDCCH Stand- alone Dedicated Control CHannel
SF Spreading Factor
SFH Slow Frequency Hopping
SGSN Service GPRS Support Node
SIM Subscriber Identity Module
SM Security Management
SMP Service Management Point
SMS Short Message Service
SN Subscriber Number
SN Switching Network
SP Signaling Point
SP Switching Point
SS Supplementary Services
SSF Service Switching Function
STP Signaling Transfer Point
SW Software
T
T1 Standards Committee T1 Telecommunications
TA Terminal Adaptor
TACS Total Access Communication System
TB Tail Bit
TCAP Transaction CApability Part
TCH Traffic CHannel
9
Appendix
TD-CDMA Time Division CDMA

TDD Time Division Duplex
TDMA Time Division Multiple Access
TE Terminal Equipment
TETRA TErrestrial Trunked Radio Access
THSS Time-Hopping Spread Spectrum
TIA Telecommunication Industry Association
TMN Telecommunication Management Network
TMSI Temporary Mobile Subscriber Identity
TRAU Transcoding and Rate Adaptation Unit
TRX TRansceiver
TS Tele Service
TS TimeSlot
TTA Telecommunications TechnologyAssociation (South
Korea)
TTC Telecommunication Technology Committee (Japan)
TX / Tx Transmitter
U
UE User Equipment
UL UpLink
UMTS Universal Mobile Telecommunications System
UP User Part
USIM UMTS Subscriber Identity Module
UTRA UMTS Terrestrial Radio Access
UTRAN UMTS Terrestrial Radio Access Network
UWC-136 Universal Wireless Communication
V
VAD Voice Activity Detection Sprachsteuerung
10
Appendix

VLR Visited (visitor) Location Register
VMSC Visited MSC
VoIP Voice over Internet Protocol
VPLMN Visited PLMN
W
W-CDMA Wideband CDMA
11
References
References
References
• M. Mouly, M.B. Pautet, "The GSM System for Mobile Communications",
Cell & Sys (1992), ISBN 2-9507190-0-7
• S. Redl, M. Weber, K. Oliphant, "An introduction to GSM", Artech House
Inc.(1995), ISBN 0-89006-785-6
• Mehrotra, "GSM System Engineering", Artech House Inc. (1997), ISBN 0-
89006-860-7
• G. Heine, "GPRS from A – Z", Artech House Inc. (2000), ISBN 1-58053-
181-4V.K.G. Garg, K.F. Smolik, J.E. Wilkes, „Applications of CDMA in
Wireless/Personal Communications“, Feher / Prentice Hall digital and
wireless communications series (1997) ISBN 0-13-572157-1
• A.J. Viterbi: „CDMA: Principles of Spread Spectrum for third Generation
Mobile Communication“ (1995), ISBN 0-201-63374-4
• T. Ojanperä, R. Prasad: „ Wideband CDMA for third Generation Mobile
Communication“, (1998) ISBN 0-89006-735-X
• R. Prasad, W. Mohr, W. Konhäuser, „Third Generation Mobile
Communications Systems, Artech House Publishers (04/2000)
• G. Calhoun, „Third Generation Wireless Communications: Post Shannon
Architectures“, Artech House Publishers (07/2000)
• Authentication and Security in Mobile Phones by Greg Rose, Qualcomm
Inc., Australia.
• Security in CDMA Wireless Systems by Frank Quick, Qualcomm Inc.,
February 1997
• Security Aspects of Mobile Wireless Networks, by Mullaguru Naidu, July
2002.
• CDMA RF System Engineering, by Samuel C. Yang
• Understanding Cellular Radio, by WILLIAM WEBB
• B. J. Wysocki and T. A. Wysocki, “Power Spectra of Signal Formats for
DS-SS CDMA Wireless LANs,” IEEE TENCON, pp. 329-332, 1996
• M.Y. Rhee, CDMA Cellular Mobile Communications Network Security.
Prentice Hall, 1998
• G. Allen and S. Raymond, “Encryption of Analog Signals - A Perspective,”
IEEE Journal on selected area in communications, vol. SAC-2, No. 3, pp.
423-425, 1984.
• James A. Davis, “Security Aspects in Mobile Phone Telephony: Focus on
GSM,” White Paper, Jan. 2000.
• CDMA System Analysis II, by Timothy X Brown, Silvana Susi, Sukhjinder
Singh University Of Colorado, Boulder
1
References
Useful links
• http://www.3gpp.org
• http://www.itu.int/imt
• http://www.etsi.fr
• http://www.umts-forum.org
• http://www.gsmworld.com
• http://www.cdg.org
2
Glossary
Glossary
Glossary
AMPS (Advanced Mobile Phone Service):
Developed by AT&T’s Bell Laboratories in the1970’s and first used in the US in
1983. The AMPS Standard has been the foundation for the industry in the United
States.
CDMA (Code Division Multiple Access):
Known in the US as IS-95, a spread spectrum approach to digital transmission.
With CDMA, each conversation is digitized and then tagged with a code. The
mobile phone is then instructed to decipher only a particular code to pluck the
right conversation off the air. It has a 1.25Mhz spread spectrum air interface,
uses the same frequency bands as AMPS and supports AMPS operation,
employing spread-spectrum technology and a special coding scheme. It was
adopted by the Telecommunications Industry Association (TIA) in 1993.
DAMPS (Digital AMPS): The second generation of the AMPS standard.
FDMA (Frequency Division Multiple Access): FDMA is the division of the
frequency band allocated for wireless cellular communication into 30 KHz
channels, each of which can carry a two way voice conversation. FDMA is the
basic technology used in AMPS, the most widely installed cellular phone system
in North America. With FDMA, each channel can be assigned to only one user at
a time.
EDGE (Enhanced Data rate for GSM Evolution):
The next generation of data heading towards third generation and personal
multimedia environments. It builds on GPRS and is a technique to increase the
maximum data capacity of GSM radio channels. It will allow GSM operators to
use existing GSM radio bands to offer wireless multimedia IP-based services and
applications at theoretical maximum speeds of 384 kbps with a bit-rate of 48 kbps
per timeslot and up to 69.2 kbps per timeslot in good radio conditions.
GPRS (General Packet Radio Service):
A GSM data transmission technique that does not set up a continuous channel
from a portable terminal for the transmission and reception of data, but transmits
and receives data in packets, with users only paying for the volume of data sent
and received.
GPS (Global Positioning System):
A satellite navigation system, consisting of 24 geosynchronous satellites. Used in
personal tracking, navigation and automatic vehicle location technologies.
1
Glossary
GSM (Global System for Mobile communications):

A digital cellular or PCS network used throughout the world. Developed by ETSI
in Europe. NAMPS (Narrowband AMPS): NAMPS combines cellular voice
processing with digital signaling to increase the capacity and functionality of
AMPS systems.
PCS (Personal Communications Services):

A two-way, 1900 MHz digital voice, messaging and data service designed as the
second generation of cellular.
TDMA (Time Division Multiple Access):
A method of digital wireless communications transmission allowing a large
number of users to access (in sequence) a single radio frequency channel
without interference by allocating unique time slots to each user within each
channel
UMTS (Universal Mobile Telecommunications System):
Europe's approach to standardization for third-generation cellular systems, it will
be based on W-CDMA. UMTS will offer a wide range of voice, data and
multimedia services with data rates from 114 Kbps to 2 Mbps, depending on
whether the user is stationary or in motion.
W-CDMA (Wideband Code Division Multiple Access):
The European third generation wireless standard. The wideband represents the
increase of the frequency band to 5 MHz, in comparison to the 1.25 MHz band
used in conventional CDMA (also known as cdmaOne).
AuC (Authentication Center):
The component of a GSM network that authenticates subscriber and mobile
equipment identities. Baseband: The signaling of a digital or analog signal at its
original frequencies, i.e. not changed by modulation.
BSC (Base Station Controller):
The component of a GSM system that controls a group of base stations and acts
as a node for connecting base stations to the mobile switching center.
BSS (Base Station Subsystem):
The combination of BSC’s and base stations that together provide the radio
functionality in a mobile system.
Cell:
The basic geographic unit of a cellular system. Also, the basis for the generic
industry term "cellular". The mobile network’s geographic area is divided into
smaller “cells”, each of which is equipped with a low-powered radio
transmitter/receiver. The cells can vary in size depending upon terrain and
capacity demands. By controlling the transmission power, the radio frequencies
assigned to one cell can be limited to the boundaries of that cell.
2
Glossary
Cell Site:
The central radio transmitter/receiver that maintains communications with mobile
phones within a give range. Also called a Base Station.
Diversity:
The use of multiple antennas to receive or transmit the same signal, so that if one
of the antennas picks up a weak signal, another antenna should have a strong
signal.
Downlink:
The transmission of radio signals from the Base Station to the mobile handset.
EIR (Equipment Identity Register):
The component of a GSM system that retains information about the identity of
equipment such mobile phones. Assists network operator in discovering stolen
mobile phones and blocking them from using the network.
Fading:
A reduction in signal strength in a radio signal. Fading is usually caused by
reflected waves from the transmitter having different phases from the main signal
path.
GMSC (Gateway Mobile Switching Center):
The component of a GSM network, which provides a point of connection between
the GSM network and the PSTN.
Handoff:
The process of transferring a mobile phone conversation from one cell site to
another as a user crosses cell areas during the conversation.
HLR (Home Location Register):
The component of a GSM network responsible for maintaining the location of a
mobile.
IMEI (International Mobile Equipment Identity):
The unique serial number given to each phone, to help in tracking stolen mobile
phones.
IMSI (International Mobile Subscriber Identity):
A unique number used in GSM systems to identify individual subscribers.
MAHO (Mobile Assisted Handoff):
Similar to a basic handoff, except that the mobile also helps in finding a suitable
base station to handoff into by providing the network with measurements
indicating which base station provides the largest signal strength.
3
Glossary
Modulation:
Information on a carrier signal modulated by varying one or more of the signal's
basic characteristics - frequency, amplitude and phase. Different modulation
carries the information as the change from the immediately preceding state rather
than the absolute state.
MS (Mobile Station):
Another name for a cellular mobile phone.
MSC (Mobile Switching Center):
The switch in a GSM network, which connects calls from the GMSC to the
particular base station in which the mobile phone is currently located. The MSC
also manages call handovers.
MTSO (Mobile Telephone Switching Office):
The central computer that connects a wireless phone call to the public telephone
network. The MTSO controls the entire system’s operations, including monitoring
calls, billing and handoffs.
POTS (Plain Old Telephone Service):
Standard household phone service. PSTN (Public Switched Telephone Network):
The worldwide telephone network which allows people to call anywhere in the
world. The PSTN mainly consists of copper cables and switches.
Roaming:
Roaming allows a user to operate their mobile phone in another countries
network.
The user’s network makes agreements with other networks worldwide to allow
this to happen.
Smart antenna:
An antenna system with technology that enables it to focus its beam on a desired
signal to reduce interference. A wireless network would employ smart antennas
at its base stations in an effort to reduce the number of dropped calls, improve
call quality and improve channel capacity.
Soft handoff:
Procedure in which two base stations, one in the cell site where the phone is
located and the other in the cell site to which the conversation is being passed,
both hold onto the call until the handoff is completed. The first cell site does not
cut off the conversation until it receives information that the second is maintaining
the call. This reduces the probability of the call being blocked.
Uplink:
The transmission of radio signals from the mobile handset to the Base Station.
VLR (Visitor Location register):
The component of a GSM network which keeps track of a mobile phone’s
position to the nearest location area.
4
Glossary
Walsh codes:
A family of orthogonal codes often preferred for CDMA transmission.
WLL Wireless Local Loop:
The use of radio to replace copper wiring as a means of connecting the home to
the PSTN.
5
TRAINING SECTOR
Introduction and Overview 1
GPRS - General Packet Radio Services 2
GPRS Radio Interface 3

Sub-sections
Procedures 4
GPRS Introduction
Abbreviations 5
GPRS Introduction

1 Introduction and Overview 1 - 15
2 GPRS - General Packet Radio Services 1 - 35
3 GPRS Radio Interface 1 - 18
4 Procedures 1 - 10
5 Abbreviations 1 - 10

Chapter 1
Introduction and Overview

Introduction and Overview Siemens
Introduction and Overview
Contents
1 Mobile Radio Evolution 23
1.1 Trend: from Speech to Data Transmission 34

1.2 The 3rd Mobile Radio Generation (3G) 46
2 GSM – Current Situation, Services & Applications 69
2.1 GSM – Global System for Mobile Communication 170
2.2 GSM – Implementation in an evolutionary Concept 192
3 GSM – Phase2+ 115

3.1 GSM Phase 2+ Solutions for Meeting Current and Future Mobile
Requirements 126
3.2 Data Transmission in GSM Phase2+ 138

4 Exercise 23
5 Solution 27
1
Introduction and Overview Siemen
1 Mobile Radio Evolution
Subscriber trends:
1982 - 2002
1000
Germany
100
Subscriber [M.]
World
10
0,1
0,01
1982
1984
1986
1988
1990
1992
1994
1996
1998
2000
2002
Year
Fig. 1 Increase in the number of subscribers due to introduction of first and second generation of mobile communication
2
1.1 Trend: from Speech to Data Transmission

1G offered mainly speech transmission based on analog transmission modes.
Due to the digital transmission mode it uses, 2G offers not only pure speech trans-
mission but also a number of supplementary services and low rate data transmission.
However, mobile radio systems of 2G are suited optimally to the needs of speech
transmission, primarily; the share of data transmitted via the radio interface will not
exceed 2% even towards the end of the 90ties.
Nevertheless, growth rates in the area of data transmission are much higher than in
the area of speech transmission due to the fact that the need for mobile data trans-
mission is becoming acute in the mobile working world of tomorrow (work outside the
office, teleworking).
Forecasts predict the following figures: in the year 2001, 10% of the total traffic vol-
ume will be allotted to data transport via the radio interface, in 2005 this will already
rise to 30%, and just two years later, in 2007, data transmission will make up 50% of
the total traffic volume and will thus range equal to speech transmission.
Note that there is an underlying rapid increase in the total amount of traffic.
2 G Trends:
Speech → Data transmission
100
1 G: speech
speech transmission only data
80
2 G:
traffic [%]
60
• speech transmission
• supplementary services
40
• data transmission
20
0
1996 2001 2005 2007
year
Fig. 2 Trend in the traffic to be transported by future mobile communications systems
3
1.2 The 3rd Mobile Radio Generation (3G)

Currently there are numerous different standards for 1G and 2G mobile radio sys-
tems, each of which has specific characteristics, advantages and disadvantages, ap-
plications and users. Most of the standards are used merely on a national or regional
scale and are not compatible with each other. They cannot meet the requirements
which will be indispensable for future mobile radio systems, such as improved
speech quality, worldwide availability and particularly a fast transfer of large amounts
of data.
3G currently being standardized under the heading IMT-2000 (International Mobile
Telecommunication) designates a global system of compatible standards which in-
deed is able to meet the high demands placed on future mobile radio systems (see
above). The general aim is to enable “communication with anyone, anywhere, any-
time”.
Beside speech transmission, high data rate services and multimedia applications are
to be provided to the customer across all operator-dependent, national and geo-
graphical borders at any place and any time.
The body in charge of IMT-2000 specification is the International Telecommunication
Union ITU. Thus, IMT-2000 shall become the worldwide “guideline” to which all stan-
dards of the 3G orient themselves. In the framework of IMT-2000 guidelines ETSI is
about to standardize a follow-up GSM standard based on the experiences with and
the success of GSM: the standard is known as UMTS (Universal Mobile Telecommu-
nication Standard).
UMTS is a downward compatible to GSM; as such it shall provide worldwide multi-
media access at any point in time and cover all current mobile radio applications.
Data rates of 8 kbit/s up to a maximum of 2Mbit/s shall be supported.
Apart from UMTS the regional standardization authorities draw up further 3G based
on the IMT-2000 guidelines.
4
Third Generation (3G)

1G 2G 3G
Digital Paging one standard (family)
Paging
e.g. ERMES for all
• applications
analog
• countries / regions
Digital CT
Cordless Telephone CT
e.g. DECT, PACS, PHS
e.g. CT1, 1+
Wireless
Wireless booth Local Loop IMT-2000:
WLL
UMTS, MC-CDMA,
analoge digital
TD-SCDMA,...
PMR e.g. TETRA
digital
analog
cellular systems
cellular systems
e.g GSM, D-AMPS,
e.g. C450, NMT, AMPS
IS-95, PDC
• compatibility within 3G
• downward compatibility to
analog MSS digital MSS
e.g. INMARSAT e.g. IRIDIUM
2G (e.g. UMTS → GSM)
• resource efficiency
• high data rates
Multiple incompatible standards • applications • Multimedia
for different • countries / regions
Fig. 3 Intention of third generation as a common global standard for different applications, regions, and service areas
5
2 GSM – Current Situation, Services & Appli-

cations
Mobile Radio
Evolution
GSM - current situation,

services & applications
Fig. 4
6
2.1 GSM – Global System for Mobile Communication

The GSM standard was planned in the early 80ties and agreed upon in 1990 as first
2G standard. The GSM standard has been specified by ETSI as a consistent open
standard for cellular mobile radio systems. It consists of more than 100 recommenda-
tions, categorized into 12 series.
Within Rel. 99 the GSM standard is know specified by GERAN, a group of 3gpp. The
new series are now be found in series number 40-50.
Commercial operation of GSM networks started in 1992. Originally the systems were
planned for Europe only, but in the middle of 1999 there were already 340 GSM net-
works worldwide in 135 countries/regions. In 2001 there are about 45 million sub-
scriber worldwide
Beside the originally planned GSM standard in the 900 MHz range (GSM900 / E-
GSM) further GSM adaptations were specified during the 90ties in the 1800 and 1900
MHz range (GSM1800 & GSM1900) as well as one adaptation for railway communi-
cation (GSM-R).
GSM900 / E-GSM
In 1990 the first GSM standard, known as GSM900 with 2x 25 MHz developed. An
extension of this, the E-GSM (Extended GSM), provides a further 20 MHz, i.e. a total
of 2 x 35 MHz for GSM, in the event that national authorizations to operate other sys-
tems expire.
GSM1800 (DCS1800)
In 1991 the DCS1800 (Digital Cellular System) standard, a GSM adaptation, was
agreed upon as result of a British initiative in view of the opening-up of a mass-
market; in 1997 this standard was renamed GSM1800. For GSM1800 2 x 75 MHz is
available in the 1800 MHz area.
GSM1900 (PCS1900)
Since 1995 PCS1900 (Public Cellular System), renamed GSM1900 in 1997 repre-
sents the GSM adaptation for the American market. 2 x 60 MHz are available for
GSM1900 and other standards (D-AMPS, IS-95,..).
GSM-R
GSM-R (Railway) was specified as GSM Adaption for mobile radio communication. In
1995 ETSI decided to reserve 2 x 4 MHz in 900 MHz range for GSM-R. First GSM-R
systems are in operation since 1998
7
GSM-R GSM-Adaptations
890 935 1880
GSM GSM
GSM GSM 1800 1800
900 900
GSM GSM
E-GSM E-GSM 1900 1900
876 880 915 921 925 960 [MHz] 1710 1785 1805 1850 1910 1930 1990 [MHz]
Frequency Range Useable HF Application Area
[MHZ] channels
E-GSM 880 - 915 / 925 - 960 174 US
US
GSM1900 1850 - 1910 /1930 - 1990 Shares HF-channels US
with other standards
GSM-R 876 - 880 / 921 - 925 19 European
railroads
Fig. 5 Adaptations of GSM in frequency due to trend to mobile communication
8
2.2 GSM – Implementation in an evolutionary Con-

cept
Originally, the GSM standard was intended as a completed, non-modifiable standard
to be used until the standardization of a 3G follow-up system. However, in 1988 al-
ready it became obvious that it was not possible to standardize all the technical de-
tails and service offers requested within the time frame set. This resulted in the im-
portant decision to leave the GSM standard incomplete and develop and work on it
permanently instead. The evolutionary GSM concept thus provides enough scope for
technical evolutions and can be quickly adapted to the rapidly changing market con-
ditions. GSM developed in various phases.
GSM Phase1
Phase 1 (agreed upon in 1990/91) includes all central prerequisites for mobile, digital
transmission of information. Speech transfer plays an important role. Data transmis-
sion was also defined with transmission rates of 0.3 to 9.6 kbit/s. GSM phase 1 in-
cludes only a few supplementary services.
GSM Phase2
Research on GSM phase 2 was concluded in 1995. Mainly supplementary services
comparable to ISDN were specified, but also technical improvements such as half
rate speech were considered. Of central importance was the agreement on down-
ward compatibility, meaning that all networks and terminal equipment of phase 2
were compatible to the networks and terminal equipment of phase 1.
GSM Phase2+
Phase2+ marks a “smooth” transition as opposed to phase2. The standard is not en-
tirely re-worked. Since 1996 annual releases take place and current themes relate to
new supplementary services relevant mainly for special groups of users, as well as to
connection and call control issues, IN applications and data services with high trans-
mission rates.
9
GSM: evolutionary concept

Early concept:
• closed standard
• life time: until successor standardisation (3G)
Capabilities Downward compatibility
Phase 2+
Phase 2 Phase 2
Phase 1 Phase 1 Phase 1
1991 1995 1997 year

Speech FR, multiple Annual Releases !
standard services Supplementary Services (SS)
Data: max. 9,6 kbit/s comparable to ISDN; • new SS
decision downward compatibility • IN-applications
• new Bearer Services
(high data rates)
Fig. 6 Evolutionary concept of the GSM standard
10
3 GSM – Phase2+
Mobile Radio
Evolution
GSM - Phase 2+
Fig. 7
11
3.1 GSM Phase 2+ Solutions for Meeting Current and

Future Mobile Requirements
GSM phase 2+ develops solutions for numerous demands placed on future mobile
radio systems. Improved speech quality is realized through introduction of a new
speech code (Enhanced Full Rate Speech), worldwide availability is achieved
through multi-mode terminal equipment (satellite roaming). New features (e.g. Ad-
vanced Speech Call Items ASCI for GSM-R) and IN-integration (e.g. Customized Ap-
plications for Mobile network Enhanced Logic, CAMEL) supplement the portfolio of
applications. For the implementation of „mobile Computing“ / Internet access, bearer
services such as High Speed Circuit Switched Data HSCSD, General Packet Radio
Service GPRS are standardized allowing for the adaptation of transmission rates to
those of ISDN. Also, transmission rates can be increased up to 100 kbit/s and more.
User-friendly equipment and comfortable connection options to the mobile equipment
(Blue Tooth) round off the offer and make it suited to meet future demands.
The importance of phase 2+ lies, however, also in the creation of a platform on which
the GSM follow-up standard UMTS can be based. Numerous features of phase 2+
(especially GPRS and CAMEL) are “guidelines” for UMTS and shall prepare UMTS
features. Thus, upward compatibility of GSM with the 3rd mobile generation is en-
sured and also downward compatibility of UMTS with GSM. To successfully introduce
UMTS this compatibility with GSM as “quasi-world standard” is indispensable, as is
the usage of a common GSM (Phase 2+)/UMTS infrastructure.
GSM
Multi-
Phase2+ Satellite
Roaming Band / Mode
Multiple further
features
EFR ASCI
Enhanced Advanced Speech
Full Rate Call Items CAMEL
Customized Application
for Mobile network
HSCSD Enhanced Logic
High Speed Circuit
Switched Data
EDGE • GSM solutions for
Enhanced Data Rates
for the GSM evolution demands to
GPRS mobile radio:
General Packet ∗ enhanced speech quality
Radio Service ∗ user friendly equipment
∗ world-wide connectivity /
“home PLMN” service
∗ specific services
GSM ∗ fast transfer of large
Phase 2+ data volumes
• platform for UMTS:
Solutions compatibility GSM⇔ UMTS
common infrastructure
Fig. 8 Solutions for new demands and market trends offered by GSM phase 2+
12
3.2 Data Transmission in GSM Phase2+

To increase the data transmission rates, in GSM phase 2+ new bearer services with
rates comparable to or higher as ISDN are developed:
HSCSD (High Speed Circuit Switched Data)
GPRS (General Packet Radio Services)
EDGE (Enhanced Data Rates for the GSM Evolution)
High Speed Circuit Switched Data HSCSD

HSCSD (Rec. 02.34) is a circuit switched data service (only point-to-point) for ap-
plications with higher bandwidth demands and continuous data stream, e.g. motion
pictures or video telephony. The higher bandwidth is achieved by combining 1-8
physical channels for one subscriber. Additionally, the data transmission codec was
changed such that a maximum of 14.4 kbit/s instead of 9.6 kbit/s can be transmitted
per physical channel. In this way, HSCSD theoretically enables transmission rates up
to 115.2 kbit/s. In order to implement HSCSD merely the GSM-PLMN software must
be modified. More problematic is the high volume of resources needed.
General Packet Radio Services GPRS

With GPRS it is possible to combine 1-8 physical channel for one user, just as with
HSCSD. Various new coding schemes with transmission rates of up to 21.4 kbit/s per
physical channel enable theoretical transmission rates up to 171.2 kbit/s. Opposite to
HSCSD, GPRS is a packet-switched bearer service, meaning that the same physical
channel can be used for different subscribers. GPRS is resource efficient for applica-
tions with a short-term need for high data rates (e.g. surfing the Internet, E-mail, ...).
GPRS also enables point-to-multipoint transmission and volume dependent charging.
Extensions of the GSM network and protocol architecture are necessary for GPRS
implementation.
13
Comparison HSCSD / GPRS

HSCSD GPRS
• circuit oriented • packet oriented
⇒ real time applications ⇒ data applications
(e.g. video telephone) (e.g. internet surfing)
• bundling of channels • bundling of channels
(up to 8 time slots) (up to 8 time slots)
• new coding scheme • 4 new coding schemes
(9.6 kbit/s → 14.4 kbit/s) (9.6 kbit/s → 9.05 ... 21.4 kbit/s)
• point-to-point • point-to-multipoint
• small HW modifications • new network elements/protocols
TDMA-frame ⇔ 8 Time Slots
Time Slot
HSCSD GPRS
up to up to
14.4 kbit/s 21.4 kbit/s
Fig. 9 Comparison of HSCSD and GPRS
Enhanced Data rates for the GSM Evolution EDGE

EDGE (Release`99) is able to realize up to 69.2 kbit/s per physical channel though
the change of the GSM modulation procedure (8PSK instead of GMSK). Theoreti-
cally, transmission rates of up to 553.6 kbit/s (meeting 3G requirements) would be
possible by combining up to 8 channels. A combination of GPRS and EDGE could of-
fer optimum usage of Inter- and Intranet, ensuring highest economy in frequency re-
source utilization at the same time.
The change of the modulation method will require hardware changes in the BSS (the
BTS have to be upgraded) and the MS. The mobile equipment has to be small and
cheap but on the other hand high quality linear amplifiers are needed for 8PSK. The
solution to this problem could be that in the introduction phase EDGE is only used in
the downlink.
14
EDGE
(Enhanced Data Rates for GSM Evolution)
EDGE:
• uses a new modulation method:
replaces GMSK by 8PSK
⇒ three bit of information can be transported
by one symbol of modulation (instead of one bit)
⇒ BTS has to be upgraded
⇒ hardware modifications are necessary
• will possibly used only DL in the introduction phase

⇒ cheap mobile phones
⇒ asymmetric data rates in UL and DL
Fig. 10 EDGE replaces GMSK modulation method to enhance data rates
15
Chapter 2
GPRS – General Packet Radio

Services
GPRS - General Packet Radio Services Sidemen's
GPRS - General Packet Radio Services
Contents
1 GPRS Objectives and Advantages 23
1.1 GPRS Objectives and Advantages 34
1.2 Standardization 56
2 Basic Principles 79
2.1 Management of Radio Resources/ Coding Schemes 180
2.2 GPRS Subscriber Profile 102
2.3 Quality of Service (QoS) Profiles 124
3 GPRS-Architecture 1721
3.1 GPRS Architecture 1822
3.2 GSM Phase 2+, Interfaces 1924
3.3 New Network Elements for GPRS 216
4 Logical Functions 2735
4.1 Logical Functions in the GPRS Network 2836
4.2 Allocation of Logical Functions 3544

5 Exercises 47
6 Solutions 55
1
1 GPRS Objectives and Advantages
GPRS
General Packet Radio Services
Objectives & Standardization
Fig. 1
2
Sidemen's GPRS - General Packet Radio Services
Sidemen'
1.1 GPRS Objectives and Advantages

The transmission of data is becoming increasingly important in the field of telecom-
munication. In the fixed network, the transmission of extensive data files and E-mail
and contacts to the Intra- and Internet is by far in excess of language transmission.
The need for mobile data transport is increasing at a similarly impressive rate, yet the
presently available mobile communication systems, even GSM, still present a num-
ber of shortcomings.
Disadvantages for the user in GSM Phase 1/2:
In GSM (phase 1/2), the data rate is limited to a peak value of 9.6 kbit/s
Links to the data networks need to be routed via PSTN/ISDN (Additional charging of
the user for using a transit network)
The user is billed for the connection duration instead of being billed for his/her actual
use of the network (data volume)
The set-up of a connection takes more time (ca. 20s if a modem is used)
The length of SMS is limited (160 alphanumerical characters)
Disadvantages for the provider in GMS Phase 1/2:
Inefficient resource management & the number of users is limited.
HSCSD (High Speed Circuit Switched Data)

In principle, transmission rates of up to 115.2 kbit/s can be achieved with HSCSD.
Combining 4 timeslots, the ISDN transmission rate can be matched. One problem of
HSCSD, however, is the circuit switched data transmission. Efficient resource man-
agement is impossible. Additional costs arise for the user. For this reason HSCSD is
essentially suited for applications involving high but constant transmission rates
(videotelephony).
GPRS (GENERAL PACKET RADIO SERVICES)

GPRS is, on the one hand, intended to provide the possibility of transmitting large
volumes of data in a very short time. On the other hand it is meant to ensure effective
management of available resources, which will increase the number of users and re-
duce the costs arising for the individual user (volume-oriented fees).
Another positive consequence of the introduction of GPRS is its direct access to the
Intra- and Internet and the possibility to use point-to-point and point-to-multipoint ser-
vices side by side. An important aspect is that GSM networks are prepared for the in-
troduction of UMTS.
3
GPRS Objectives
& Advantages
SMSC
PDN´s
SMS
IP
BSS Service provider Internet
SSS BS-udi ISDN access point
Modem Modem Intranet
BS-
3.1 kHz
audio PSPDN
PSTN
GPRS: • high data rates • reducing costs (volume dependent charging)

• resource efficient • Point-to-Multipoint services for PMR market
• no SMS restrictions • direct IP/X.25 connection
• prerequisite for UMTS introduction ⇒ future proof solution
Fig. 2 Limitations of the network architecture
4
Sidemen'
1.2 Standardization
The introduction of GPRS into the GSM Recommendations is carried out in two
phases.
Phase 1 of GPRS introduction was completed by ETSI in the Annual Release 1997
(03/98) and includes all central GPRS functions.
Phase 1 supports:
Point-to-point transfer of user data
TCP/IP and X.25 bearer services
GPRS identities
GPRS safety (a new ciphering algorithm specially designed for packet data)
Support of volume-oriented billing
In Phase 2, further extensions are planned for all requirements to be met by GPRS:
Support of point-to multipoint (PTM) services
Support of special point-to-point and point-to-multipoint services for applications such
as traffic telematics and GSM-R (PTM-Group Call: PTM-Multicast)
Support of further additional services
Support of additional interworking functions (e.g. ISDN)
Phase 2 will be completed in 1998 or 1999.
GPRS Phase 1 includes the introduction of a number of new recommendations;
some of the existing recommendations have been modified to cover other GPRS
functions, too.
The following recommendations are of central importance:
Rec. 02.60 General GPRS Overview

Rec. 03.60 GPRS System and architecture description
Rec. 03.64 Radio architecture description
5
Phase 1: • PtP Data transmission

GPRS-Standardisation (Rel.`97)
• TCP/IP & X.25 Bearer Services
• GPRS Identities
• GPRS Security (Ciphering)
• SMS via GPRS
• volume dependent charging
GPRS Standardisation in 2 Phases
Phase 2: • PtM data transmission
• Broadcast & Group Call →
(Rel.`98/99)
traffic telematic, GSM-R
• further interworking
functionality
• further services
Rec. 02.60
General GPRS Overview
ETSI/GERAN
Rec. 03.60
GPRS system &
architecture description
Rec. 03.64
Very important: Radio architecture description
Fig. 3 Standardization of GPRS in phases
6
2 Basic Principles
GPRS
Basics
Fig. 4
7
Sidemen'
2.1 Management of Radio Resources/ Coding

Schemes
In a GPRS-supported cell, one or several physical channels can be allocated to
GPRS transmission. These physical channels (Packet Data Channels PDCHs) are
shared by GPRS mobile stations and are taken from the common/shared pool of all
available physical channels of the cell.
Distribution of the physical channels for various logical packet data channels is based
on blocks of 4 normal bursts each. Uplink (UL) and downlink (DL) for GPRS packet
data are assigned separately (consideration of asymmetrical traffic peaks). Allocation
of circuit switched services and GPRS is achieved dynamically, depending on what
capacities are required („capacity on demand“). PDCHs need not be allocated per-
manently; however, it is possible for the operator to permanently or temporarily re-
serve a number of physical channels for GPRS traffic.
New GPRS coding schemes (CS) - CS1 - CS4 - have been defined for the transmis-
sion of packet data traffic channel PDTCH (Rec. 03.64). Coding schemes can be as-
signed as a function of the quality of the radio interface. Normally, groups of 4 burst
blocks each are coded together.
CS-1 makes use of the same coding scheme as has been specified for SDCCH in
GSM Rec. 05.03. It consists of a half rate convolutional code for forward error correc-
tion FEC. CS-1 corresponds to a data rate of 9.05 kbit/s.
CS-4 has no redundancy in transmission (no FEC) and corresponds to a data rate of
21.4 kbit/s.
CS-2 and CS-3 represent punctured versions of the same half rate convolutional
code as CS-1.
CS-2 corresponds to a rate of 13.4 kbit/s, while CS-3 corresponds to a data rate of
15.6 kbit/s.
In principle, 1 to 8 time slots TS of a TDMA frame can be combined dynamically for a
user for the transmission of GPRS packet data. Theoretically it is thus possible to
achieve peak performances of up to 171.2 kbit/s (8x21.4 kbit/s) with GPRS.
8
Radio Resource Management / Coding Schemes

Physical channel of one cell
GPRS-MSs:
CS & PS (GPRS): combining 1-8 TS
“capacity on demand”
GPRS-MSs: GPRS-MSs:
sharing physical channel asymmetric UL / DL
CS-1 9,05 kbit/s
CS-2 13,4 kbit/s

Up to
1-8 171,2 kbit/s
channel (theoretically)
CS-3 15,6 kbit/s
CS-4 21,4 kbit/s
Coding different
Schemes redundancy (FEC) →
“Um transmission quality”
Fig. 5 Management of radio resources: coding schemes, FEC, and redundancy
9
Sidemen'
2.2 GPRS Subscriber Profile

The GPRS Subscriber Profile is the description of the services a subscriber is al-
lowed to use. Essentially, it contains the description of the packet data protocol used.
A subscriber may also use different packet data protocols (PDPs), or one PDP with
different addresses. The following parameters are available for each PDP:
The packet network address is necessary to identify the subscriber in the public
data net. Either dynamically assigned (temporary) addresses or (in the future) static
addresses are used in case of IP. The problem of the dynamic addresses will be
overcome with the change from Ipv4 to IPv6. In GPRS is two layer 2 protocols are al-
lowed, X.25 or IP.
The quality of service QoS: QoS describes various parameters. The subscriber pro-
file defines the highest values of the QoS parameters that can be used by the sub-
scriber.
The screening profile: This profile depends on the PDP used and on the capacity of
the GPRS nodes. It serves to restrict acceptance during transmission/reception of
packet data. For example, a subscriber can be restricted with respect to his possible
location, or with respect to certain specific applications.
The GGSN address: The GGSN address indicates which GGSN is used by the sub-
scriber. In this way the point of access to external packet data networks PDN is de-
fined. The internal routing of the data is done by IP protocol; the GSNs will have IP
addresses. A DNS function is needed to find the destination of the data packets (ad-
dress translating: e.g. www.gsn-xxx.com → 129.64.39.123)
10
GPRS Subscriber Profile

Subscription profile
used Packet Data Protocols PDP
possible: 1 Subscriber - different PDPs / 1 PDP with different addresses QoS
Quality of Service
Packet highest QoS-
network address parameter values in
static/dynamic Subscriber Profile
IP address
PDP
Parameter
Screening
GGSN address
Access to external PDN Profile
limits receiving / emission
of data packets
Fig. 6 Part of the GPRS subscriber profile are the PDPs and their parameters
11
Sidemen'
2.3 Quality of Service (QoS) Profiles

The different applications that will make use of packet-oriented data transmission via
GPRS require different qualities of transmission. GPRS can meet these different re-
quirements because it can vary the quality of service (QoS) over a wide range of at-
tributes. The quality of service profile (Rec. 02.60, 03.60) permits selection of the fol-
lowing attributes:
Precedence class
Delay class
Reliability class
Peak throughput class
Mean throughput class.
By combining the variation possibilities of the individual attributes a large number of
QoS profiles can be achieved. Only a limited proportion of the possible QoS profiles
need PLMN-specific support.
Quality of Service QoS - Profile

Different requirements for different applications ⇒
multiple GPRS QoS profiles
Peak
throughput
class
precedence class
reliability class
mean throughput
class
delay class
PLMN must support only

limited QoS service profile
Fig. 7 Quality of service parameters
12
Sidemen'
Precedence Class
Three different classes have been defined to allow assessment of the importance of
the data packets, in case of limited resources or overload:
1. High precedence
2. Normal precedence
3. Low precedence
Delay Class
GSM Rec.02.60 defines 4 delay classes (1 to 4). However, a PLMN only needs to re-
alize part of these. The minimum requirement is the support of the so-called „best ef-
fort delay class“ (Class 4). Delay requirements (maximum delay) concern the delay of
transported data through the entire GPRS network (the first two columns refer to data
packets 128 bytes in length, while the last two columns apply to packets 1024 bytes
in length).
Delay Class mean transfer 95% delay mean transfer 95% delay
delay (sec) (sec) delay (sec) (sec)
1 < 0,5 < 1,5 <2 <7
2 <5 < 25 < 15 < 75
3 < 50 < 250 < 75 < 375
4 (Best Effort) unspecified unspecified unspecified unspecified
13
Precedence Class
1: high priority
2: normal priority
3: low priority
Delay Class
Delay Class mean transfer 95% delay mean transfer 95% delay
delay (sec) (sec) delay (sec) (sec)
1 < 0,5 < 1,5 <2 <7
2 <5 < 25 < 15 < 75
3 < 50 < 250 < 75 < 375
4 (Best Effort) unspecified unspecified unspecified unspecified
minimum
requirements
SDU size: 128 Byte 1024 Byte
Fig. 8 QoS is an assumption of several parameters, which are defined in the recommendations
14
Sidemen'
Reliability Class
Transmission reliability is defined with respect to the probability of data loss, data de-
livery beyond/outside the sequence, twofold data delivery, and data falsification
(probabilities 10-2 to 10-9):. 5 reliability classes (1 to 5) have been defined, 1 guaran-
teeing the highest and 5 the lowest degree of reliability. Highest reliability (Class 1) is
required for error-sensitive, non-real-time applications, which have no possibility of
compensating for data loss; lowest reliability (Class 5) is needed for real-time applica-
tions which can get over data loss.
Peak Throughput Class
The peak throughput class defines the maximum data rate to be expected (in
bytes/s). However, there is no guarantee that this data rate/throughput can be
achieved over a certain period of time. This depends on the capacity of the MS and
the availability of radio resources. 9 throughput classes have been defined, ranging
from Class 1 with 1000 bytes/s (8 kbit/s) to 256,000 bytes (2048 kbit/s). The maxi-
mum data rate doubles from one class to the next.
Mean Throughput Class
The mean throughput class represents the mean data rate /throughput to be ex-
pected for data transport via the GPRS network during an activated link. A total of 19
classes have been defined. Class 1 is „best effort“ and means that the data rate for
the MS is made available on the basis of demand and availability of resources.
Class 2 stands for 100 bytes/h (0.22 bit/s), class 3 for 200 bytes/h, class 4 for 500
bytes/h and class 5 for 1000 bytes/h, etc. till Class 19 which stands for 50000000
bytes/h (111 kbit/s).
15
Reliability Class
1 - 5 (lowest):
• data loss probability
• out of sequence probability
• duplicate probability
• corrupt data probability
probabilities 10 -9 - 10 -2
peak throughput Class
1 - 9: > 8 kbit /s - >2048 kbit /s
maximum data rate
no guarantee for this data rates
over a longer period of time
mean throughput Class

medium, guaranteed data rate; Class 1-19
1: best effort
100 Byte/h (0,22 bit/s) / 200 / 500 / 1000 / ... /
50 Mio. Byte/h (111 kbit/s)
Fig. 9 QoS is an assumption of several parameters, which are defined in the recommendations
16
3 GPRS-Architecture
GPRS
Architecture
Fig. 10
17
Sidemen'
3.1 GPRS Architecture

For introducing GPRS, the logical GSM architecture is extended by two functional
units:
The Serving GPRS Support Node SGSN is on the same hierarchic level as MSC
and has functions comparable to those of a Visited MSC (VMSC).
The Gateway GPRS Support Node GGSN has functions comparable with those of a
Gateway MSC (GMSC) and offers interworking functions for establishing contact be-
tween the GSM/GPRS-PLMN and external packet data networks PDN
A GPRS Support Node GSN includes the central functions required to support the
GPRS. One PLMN can contain one or more GSNs.
In addition to GSN, extensions of functions in other GSM functional units are neces-
sary:
In the BSS a Packet Control Unit PCU ensures the reception/adaptation of packet
data from SGSN into BSS and vice versa.
GPRS subscriber data are added to the HLR. On the following pages of this script
this extension will be termed GPRS Register GR.
GPRS - Architecture
Channel Codec Unit CCU GPRS subscription data
in BTS (GPRS Register GR)
for channel coding
HLR
BSS VMSC / GMSC PSTN

Mobile
VLR ISDN
DTE
PCU
SGSN GGSN Internet

Serving GPRS Gateway GPRS Intranet
Support Node Support Node
Packet Control Unit PCU

X.25
for
protocol conversion &
radio resource
management New network entities:
• SGSN
(access to BSS)
• GGSN
(access to PDN)
Fig. 11 Outline of the GPRS architecture
18
Sidemen's
GPRS - General Packet Radio Services GPRS - General Packet Radio Services
Sidemen'
3.2 GSM Phase 2+, Interfaces

Integration of functions GGSN and SGSN (which are necessary for GPRS) into a
GSM-PLMN makes it necessary to provide names for a series of new interfaces in
addition to interfaces A-G already defined in the GSM-PLMN:
Gb - between an SGSN and a BSS; Gb allows the exchange of signaling and user
data: Unlike the A-interface, in which a user is assigned a certain physical resource
for the entire/full duration of a connection, on Gb a resource is only assigned in case
of activity (i. e. when data are being transmitted/received). A large number of sub-
scribers use the same physical resources. The same holds for interfaces Gi, Gn and
Gp.
Gc - between a GGSN and an HLR
Gd - between an SMS-GMSC / SMS-IWMSC and an SGSN
Gf - between an SGSN and an EIR
Gi - between GPRS and an external packet data network PDN
Gn - between two GPRS support nodes GSN within the same PLMN
Gp - between two GSN located in different PLMNs. The Gp interface allows the sup-
porting of GPRS services over an area of cooperating GPRS PLMNs.
Gr - between an SGSN and an HLR
Gs - between an SGSN and an MSC/VLR; serves to support an MS using both
GPRS and circuit switched services (e.g. update of location information).
19
Common GSM/GPRS/UMTS Network:

Interfaces, Network Elements
Asub VLR
T
A E PSTN
BTS MSC GMSC
MS B R A
(SIM) Abis A IWF/ ISDN
S U TC
Um BTS C
Gb CSE EIR HLR/AC
GSM BSS Gs Gf
Uu Iu(CS) Gr Gc
UE UMTS IP
(USIM) Terrestrial SGSN GGSN G
Iu(PS) Gn i
Radio Gd SLR X.25
E
Access
Network SMS-GMSC GSM Phase 2+
SMS-IWMSC Core Network
IWF/TC: Interworking Function / Transcoder
Fig. 12 Common GSM/GPRS/UMTS core network, coexistence of two radio access networks (GSM BSS/UTRAN)
20
Sidemen'
3.3 New Network Elements for GPRS

3.3.1 Serving GPRS Support Node (SGSN) Functions
SGSN realizes a large number of functions for performing GPRS services.
SGSN is on the same hierarchic level as an MSC and handles many functions com-
parable to a Visited MSC (VMSC).
SGSN
is the node serving GPRS mobile stations in a region assigned to it;
traces the location of the respective GPRS MSs (Mobility Management functions);
is responsible for the paging of MS;
performs security functions and access control (authentication/cipher setting proce-
dures,...) Procedures are based on the same algorithm, ciphers and criteria as in the
former GSM. Ciphering algorithms have been optimized for the transmission of
packet data;
has routing/traffic-management functions;
collects data connected with fees/charges;
realizes the interfaces to GGSN (Gn), PCU (Gb), other PLMNs (Gp), HLR (Gr),
VLR (Gs), SMS-GMSC (Gd), EIR (Gf).
3.3.2 Gateway GPRS Support Node (GGSN) Functions

GGSN realizes functions comparable to those of a gateway MSC.
GGSN
is the node allowing contact/interworking between a GSM PLMN and a packet
data network PDN (realization Gi-interface);
contains the routing information for GPRS subscribers available in the PLMN.
Routing information serves to contact the respective SGSN in the providing area of
which an MS is momentarily located;
has a screening function;
can inquire about location informations from the HLR via the optional Gc interface
transfers data/signaling to SGSN via Gn interface.
21
SGSN & GGSN

Serving GPRS Support Node SGSN
• serves MSs in SGSN area
• Mobility Management functions, e.g
Update Location, Attach, Paging,..
• Security and access control:
Authentication, Cipher setting, IMEI Check...
SGSN New cipher algorithm
• Routing / Traffic-Management
• realises Interfaces: Gn, Gb, Gd, Gp, Gr, Gs, Gf
• controls subscribers in its service area (SLR)
Gateway GPRS Support Node GGSN

• Gi-,Gn-Interface: Interworking PLMN ↔ PDN
• Routing Information for attached GPRS user GGSN
• Screening / Filtering
• optional Gc interface
Fig. 13 Tasks of GGSN and SGSN
22
Sidemen'
3.3.3 Physical Realization SGSN/GGSN

SGSN and GGSN functions, respectively, can be located within the same physical
unit or at different locations in different physical units. SGSN and GGSN include the
internet protocol (IP) routing function and can be linked together/Interconnected with
IP routers (IP-based GPRS backbone network for Gn). The same holds for the Gp in-
terface (SGSN and GGSN in different PLMNs); in addition there are safety functions
for inter-PLMN communication.
HLR (GPRS Register GR)

HLR includes the GPRS subscriber information (GPRS Register GR) and routing in-
formation. Access to HLR is possible from SGSN via Gr and from GGSN via Gc inter-
face.
SGSN & GGSN: MSC/VLR HLR:

physical location HLR (GR) • GPRS subscriber data
(GPRS Register GR)
Gs Gr • Routing information
BSS PCU Gb
GGSN Gi External
GPRS-MS SGSN IP Network
SGSN & GGSN BSS PCU Gb
in same
physical entity
SGSN & GGSN
in different
BSS PCU physical entities /
location
SGSN
BSS PCU Gn External
IP-based GGSN IP Network
GPRS-MS
Backbone
SGSN Network
External
Gp GGSN X.25 Network
other
PLMN GGSN Security fu nctions
for Inte r-PLMN
co mmunication
Fig. 14 Different physical locations of SGSN and GGSN
23
Sidemen'
3.3.4 Packet Control Unit PCU

In the BSS, the PCU serves
for the management of GPRS radio channels (Radio Channel Management func-
tions), e.g. power control, congestion control, broadcast control information
for the temporal organization of the packet data transfer for uplink and downlink
it has channel access control functions, e.g. access request and grants
it serves for converting protocols from the Gb interface to the radio interface Um.
Three options for positioning the PCU are provided in Rec. 03.60:
Option A: In the BTS
Option B: in the BSC
Option C: In spatial connection with the SGSN
The different positions may be used due to the different solutions of the vendors and
with regard to the traffic, which has to be handled by the PCU/BSS.
3.3.5 Channel Codec Unit CCU

The CCU contains the following functions:
Channel coding, including forward error correction FEC and interleaving
Radio channel measurements, including received quality and signal level, timing ad-
vance measurements
24
optional:
PCU, CCU, GPRS - MS Gb PCU-location
BTS BSC site GSN site
CCU
MS A
PCU
CCU

CCU
MS B
PCU
CCU

CCU
MS
PCU C
CCU
Um Abis Gb
Packet Control Unit PCU
Channel Codec Unit CCU • Channel Access Control functions
• Channel Coding (FEC, Interleaving,..) • Radio Channel Management functions
• Radio Channel Measurementfuncions (Power Control, Congestion Control,...)
(received quality & signal level, TA,..) • scheduling data transmission (UL/DL)
• protocol conversion (Gb ↔ Um)
Fig. 15 Positioning of the new network elements in the GSM BSS
25
Sidemen'
3.3.6 GPRS Mobile Stations MS

A GPRS MS can work in three different operational modes. The operational mode
depends on the service an MS is attached to (GPRS or GPRS and other GSM ser-
vices) and on the mobile station’s capacity of simultaneously handling GPRS and
other GSM services.
„Class A“ operational mode: The MS is attached to GPRS and other GMS services
and the MS supports the simultaneous handling of GPRS and other GSM services.
„Class B“ operational mode: The MS is attached to GPRS and other GMS services,
but the MS cannot handle them simultaneously.
„Class C“ operational mode: The MS is attached exclusively to GPRS services.
Note: Various GSM specifications use the terms GPRS Class-A MS, GPRS Class-B
MS, GPRS Class-C MS.
GPRS-Mobile Station
Class B
GPRS and GSM
Class A services but not
Simultaneously handling simultaneously
of GPRS and other Class C
GSM services Only GPRS services
Fig. 16 GPRS mobile stations
26
4 Logical Functions
GPRS
Logical Functions
Fig. 17
27
Sidemen'
4.1 Logical Functions in the GPRS Network

The tasks required for the handling of processes in the GSM-/GPRS network are
structured into logical functions. These functions may contain a large number of indi-
vidual functions. Logical functions are:
Network access control functions
Packet routing and transfer functions
Mobility management functions
Logical link management functions
Network management functions.
Logical functions
in GPRS networks
Network Access
Control
Functions
Packet Routeing
& Transfer
Functions
Mobility
Management
Functions
Logical Link
Management
Functions
Radio Resource
Management
Functions
Network
Management
Functions
Fig. 18 Logical functions of the GPRS network
28
Sidemen'
4.1.1 Network Access Control Functions

Network access means the way or manner in which a subscriber gains access to a
telecommunication network to make use of the services this network provides. An
access protocol consists of a defined set of procedures, which makes access to the
network possible. Network access can be obtained both from the MS and from the
fixed network part of the GPRS network. Depending on the provider, the interface to
external data networks can support various access protocols, e.g. IP or X.25. The fol-
lowing functions have been defined for access to the GPRS network:
Registration function: Registration stands for linking the identity of the mobile radio
subscriber to his packet data protocol (or protocols), the PLMN-internal addresses
and the point of access of the user to external data Protocol (PDP) networks. This
link can be static (HLR entry), or it can be effected on demand.
Authentication and authorization function: This function stands for the identifica-
tion of the subscriber and for access legitimacy when a service is demanded. In addi-
tion, the legitimacy of the use of this particular service is controlled. The authentica-
tion function is carried out in conjunction with the mobility management functions.
Admission control function: Admission control is intended for determining the net-
work resources required for performing the desired service (QoS). It also decides
whether these resources are available, and lastly it is used for reserving resources.
Admission control is effected in conjunction with the radio resource management
functions to enable assessment of radio resources requirements in each individual
cell.
Message screening function: A "screening" function is combined with the filtering of
unauthorized or undesirable information/messages. In the introduction stage of
GPRS a network-controlled screening function is supported. Subscription-controlled
and user-controlled screening may be additionally provided at a later stage.
Packet terminal adaptation function: This function adapts data packets re-
ceived/transmitted from/to the terminal equipment TE to a form suited for transport
through the GPRS network.
Charging data collection function: This function is used for collecting data required
for billing
29
Network Access Control Function
Registration:
User‘s mobile ID associated with
*user‘s PDP Authentication &
*address Authorisation
*access points *user
*requested services
Admission Control
*required resources Message Screening
(available resouces) Filters unsolicited and
(reservation of resources) unauthorised messages
Packet Terminal Adaption

Adaption of data packets
Charging Data Collection
between
Subscription fees + traffic fees
MS-TE and GPRS-network
Fig. 19 Network access control functions
30
Sidemen'
4.1.2 Packet Routing and Transfer Functions

A route consists of an orderly list of nodes used for the transfer of messages within
and between the PLMNs. Each route consists of the node of origin, no node, one or
several relay nodes, and the node of destination. Routing is the process of determin-
ing and using the route for the transmission of a message within or between PLMNs.
Relay function: Transferring data received by a node from another node to the next
node of the route.
*Routing function: Determining the transmission path for the next hop on the route
towards the GPRS support node (GSN) the message is intended for. Data transmis-
sion between GSNs can be effected via external data networks possessing their own
routing functions; e. g. X.25, Frame Relay or ATM networks.
Address translation and mapping function: Address translation means transforming
one address into another, different address. It can be used to transform addresses of
external network protocols into internal network addresses (for routing purposes).
Address mapping is used to copy a network address into another network address of
the same type (e.g. for the routing and transmitting of messages from one network
node to the next).
Encapsulation function: Encapsulation means supplementing address- and control in-
formation into one data unit for the routing of packets within or between PLMNs. The
opposite process is called decapsulation. Encapsulation and decapsulation is ef-
fected between the GSN of the GPRS-PLMN as well as between the SGSN and the
MS.
Tunneling Function: Tunneling means the transfer of encapsulated data units in the
PLMN. A tunnel is a two-way point-to-point path, only the endpoints of which are
identified.
Compression function: for the optimal use of radio link capacity.
Ciphering function: preventing eavesdropping
Domain name server function: Decoding logical GSN names in GSN addresses. This
function is a standard function of the internet.
31
Packet Routing & Transfer Function
Relay
forward data packets Routing
„next hop“
Address Mapping Encapsulation Compression

&Translation
Ciphering Domain Name

Server
Tunneling
Fig. 20 Packet routing and transfer functions in the GPRS network
32
Sidemen'
4.1.3 Mobility Management Functions

Mobility management functions are used to enable tracing the actual location of a
mobile station in either the home-PLMN or a Visited-PLMN.
4.1.4 Logical Link Management Functions

Logical link management functions concern maintenance of a communication chan-
nel between an MS and the PLMN via the radio interface Um. These functions in-
clude the coordination of link state information between the MS and the PLMN and
the monitoring of data transfer activities via the logical link.
Logical link establishment function: Building up a logical link by during GPRS at-
tach.
Logical link maintenance function: Monitoring of the state of the logical link and
state modification control.
Logical link release function: De-allocation of resources associated with the logical
link.
4.1.5 Radio Resource Management Functions

Radio resource management functions include allocation and maintenance of com-
munication channels via the radio interface. The GSM radio resources must be di-
vided /distributed between circuit switched services and GPRS.
Um management function: Managing available physical channels of cells and de-
termining the share of radio resources allocated for use in the GPRS. This share may
vary from cell to cell.
Cell selection function: Allows the MS to select the optimal cell for a communication
path. This includes measurement and evaluation of the signal quality of neighboring
cells and detection and avoidance of overload in the eligible cells.
Um-tranx function: Offers capacity for packet data transfer via Um. The function in-
cludes a. o. procedures for multiplexing packets via shared physical channels, for re-
taining packets in the MS, for error detection and correction, and for flow control.
Path management function: Management of packet data communication between
BSS and serving GSN node. Establishing and canceling these paths can be effected
either dynamically (amount of traffic data) or statically (maximum load to be expected
for each cell).
4.1.6 Network Management Functions

Network management functions provide mechanisms for the support of GPRS-
related operation & maintenance functions.
33
Mobility Management Functions

Keep track of current MS-location
Logical Link
Management Functions
Maintenance of communication channel,
co-ordination Link state information & supervision of
data transfer activity over the logical link MS - SGSN
• Logical Link Establishment
Radio Resource • Logical Link Maintenance
• Logical Link Release
Management Functions
Allocation & maintenance of radio communication path

• Um Management: manage resources GPRS / non GPRS
Cell Selection:select optimal cell (by MS)
• Um-tranx: MAC via Um, user multiplexing, packet discrimination
within MS, error detection & correction, flow control procedures
• Path Management:
manages packet data communication
BSS↔SGSN Network Management
(dynamic → data traffic or static)
Functions
mechanism to support O&M
functions related to GPRS
Fig. 21 Mobility management, logical link, radio resource and network management functions
34
Sidemen'
4.2 Allocation of Logical Functions

The tasks described in the logical functions can be allocated to various functional
units of the GSM-/GPRS network. The mobile station MS, the base station subsys-
tem BSS (with the packet control unit PCU and channel codec unit CCU), the serving
GPRS support node SGSN and the gateway GPRS support node GGSN participate
in handling the following functions:
Function MS BSS SGSN GGSN HLR

Network Access Control:
Registration X
Authentication & Authorization X X X
Admission Control X X X
Message Screening X
Packet Terminal Adaptation X
Charging Data Collection X X
Packet Routing & Transfer:
Relay X X X X
Routing X X X X
Address Translation & Mapping X X X
Encapsulation X X X
Tunneling X X
Compression X X
Ciphering X X X
Domain Name Server X
Mobility Management X X X X
Logical Link Management:
Logical Link Establishment X X
Logical Link Maintenance X X
Logical Link Release X X
Radio Resource Management:
Um Management X X
Cell Selection X X
Um-Tranx X X
Path Management X X
35
Chapter 3
GPRS Radio Interface

GPRS Radio Interface Siemens
GPRS Radio Interface
Contents
1 The Radio Interface (Layer 1) 23
1.1 Layer 1 of the GSM-/GPRS-Radio Interface Um 34
1.2 Channel Bundling, Sharing of Channels 56
1.3 Radio Block 78
1.4 Coding Schemes: 190
1.5 Logical GPRS Radio Channels 134
1.6 Multiframes in GPRS 178

2 Exercises 21
3 Solutions 25
1
1 The Radio Interface (Layer 1)
GPRS:
Interfaces
The Radio Interface Um

(Layer 1)
Fig. 1
2
GPRS Radio Interface Siemen
1.1 Layer 1 of the GSM-/GPRS-Radio Interface Um

By introducing GPRS services into the GSM-PLMN, worldwide modifications are
necessary also in the area of physical transmission (layer1) via the air or radio inter-
face Um. The tasks of layer 1 radio interface relate to the transmission of user and
signaling data as well as to the measuring of receiver performance, cell selection, de-
termination and updating of the delayed MS transmission (timing advance TA), power
control PC and channel coding.
In the GPRS, a decisive difference to the realization of the connection-oriented ser-
vices (circuit-switched services) relates to the fact that a physical channel and a so-
called packet data channel can be used by several mobile stations at the same time.
One packet data channel is allocated per radio block, i.e. for four consecutive TDMA
frames and not for a specific time interval. This means that signaling and the packet
data traffic of several mobile stations can be statistically multiplexed into one packet
data channel. Furthermore, the packet data channel can be seized asymmetrically.
On the other hand it is also possible for a mobile station to use more than one packet
data channel at the same time, i.e. to combine several physical channels of one radio
carrier. In principle, up to 8 packet data channels can be seized simultaneously. The
number of channels that are combined for reception (DL) and transmission (UL) can
be different to achieve asymmetric data rates for certain applications (e.g. file transfer
protocol FTP, internet surfing).
The assignment of radio resources can be done dynamically or in a fixed allocation.
In case of the fixed allocation a message with a bit pattern is sent downlink to indi-
cate which channels can be used by this MS for UL transmission.
If dynamic allocation is applied the MS will be receive a temporary flow identifier (TFI)
and an uplink state flag (USF) for each of the time slots it is allowed to use. The TFI
is part of the control information in the DL packet and identifies the "owner" of the
packet. Each packet also includes an USF that indicates which of the MSs (that has
been assigned to use this time slot UL) is allowed to transmit the next radio block UL.
3
Transmission
of user & GSM RF:
signaling data
GPRS Layer 1 (Um)
Measure
signal strength Cell Selection
L1-
tasks
determinate &
Power Control
actualise
functions Resource optimization:
Timing Advance
1 physical channel to be used
by many MSs simultaneously !!
Allocation of physical channel
(Packet Data Channel PDCH)
asymmetrical traffic
UL / DL possible !!
dynamically: 1 or 4 Radio Blocks
(1 Radio Block = 4 Normal Burst High data rate traffic
in 4 consecutive TDMA-frames) up to 171.2 kbit/s:
⇒ User & signaling data of several MSs combining 1..8 PDCH for 1 MS !!
statistically to be multiplexed into 1 PDCH
(also fixed allocation possible) 29 multislot classes
Fig. 2 Tasks of the GSM air interface, layer 1 (GSM RF)
4
1.2 Channel Bundling, Sharing of Channels

Sharing of Resources in a Cell: GSM circuit switched (CS) users will share the time
slots in a BTS with the GPRS packet switched (PS)users. A physical channel can ei-
ther be used for GSM CS or GPRS PS traffic but not for both at the same time. De-
pending on the traffic load in the cell there will be more or less channels available for
GPRS, CS connections are dealt with priority.
Sharing of Physical Channels: It is a characteristic of a CS connection that the
physical resource (the time slot) is reserved for one subscriber. Therefore the
GSM CS users cannot share their channels with others. In contrast GPRS PS sub-
scribers can share physical channels. The handling of the channels, the multiplexing
of subscribers onto the same time slots is done by software (protocol, MAC) and
hardware (PCU). Packet oriented connections are not only carried out through the
core network by usage of an appropriate hardware (ATM switches) and software
(protocols) but also on the air interface. This is an important feature of GPRS with re-
gard to an optimized usage of resources on Um, which is the limiting bottleneck in the
PLMN.
Multislot Classes: The subscribers for GPRS will have different needs (applications,
data rates) and therefore the MS will have more or less capabilities. The network
(PCU) will have to identify these different MSs by their multislot class, which indicates
how many time slots (channels) can be bundled by the MS uplink and downlink. A
cheap GPRS mobile will be a GSM mobile that is able to handle the protocols and
coding schemes of GPRS. This will be multislot class 1: one time slot UL and one
time slot downlink can be "bundled". The other extreme is multislot class 29 which
will be able to receive and to transmit in eight time slots UL and DL simultaneously. In
consequence such a MS has to have two synthesizers, and a high battery capacity
because this is more or less continuous transmission and reception. The MS will
send its multislot class and the PCU will only assign time slot combinations which can
be handled by this equipment.
5
Channel Bundling, Sharing of Channels
Radio Blocks Radio Blocks Radio Blocks Radio Block

Subsriber A Subscriber B Subscriber C Subscriber D
UL DL
TS 0 TS 1 TS 2 TS 3 TS 4 TS 5 TS 6 TS 7 TS 0 TS 1 TS 2 TS 3 TS 4 TS 5 TS 6 TS 7
Fig. 3 Channel bundling, sharing of channels
6
1.3 Radio Block

Channel coding was modified substantially for GPRS purposes (GSM Rec. 03.64).
Channel coding starts with the division of digital information into transferable blocks.
These radio blocks, i.e. the data to be transferred (prior to encoding) comprise:
a header for the Medium Access Control MAC (MAC Header)
signaling information (RLC/MAC Signaling Block) or user information (RLC Data
Block) and
a Block Check Sequence BCS.
The functional blocks (radio blocks) are protected in the framework of convolutional
coding against loss of data. Usually, this means inserting redundancy.
Furthermore, channel coding includes a process of interleaving, i.e. different ar-
rangement in time. The convolutional radio blocks are interleaved to a specific num-
ber of bursts/burst blocks. In the case of GPRS, interleaving is carried out across four
normal bursts NB in consecutive TDMA frames and, respectively, to 8 burst blocks
with 57 bit each.
Four new coding schemes were introduced for GPRS (Rec. 03.64): CS-1 to CS-4.
These can be used alternatively depending on the information to be transferred and
on the radio interface’s quality.
7
Radio Block Strucure
Radio Block
collect MAC Header RLC Data Block BCS

user data
signaling
MAC Header RLC/MAC Control Block BCS
One Radio Block = 4 normal bursts
BCS: Block Code Sequence MAC: Medium Access Control RLC: Radio Link Control
(for error recognition)
Fig. 4 Radio block
Channel Coding
4 new Coding Schemes:
CS-1, -2, -3, -4
Convolutional Radio Block

(Redundancy !)
coding rate 1/2 convolutional coding
(not CS-4)
Radio Block
Puncturing puncturing
(only CS-2, CS-3)
Radio Block (456 Bits)
8 Burst-
Interleaving 57 Bit 57 Bit 57 Bit ••• 57 Bit 57 Bit
blocks
Um: Allocation of PDCH for 1 / 4 Radio Blocks = 4 / 16 Normal Bursts
Fig. 5 Channel coding schemes
8
1.4 Coding Schemes:

CS-1: CS-1 uses the same coding scheme as specified by Rec. 05.03 for the
SDCCH. It comprises a half rate convolutional code for FEC forward error correction.
CS-1 corresponds to a data rate of 9.05 kbit/s.
CS-2 and CS-3 are punctured version of the same half rate convolutional code as
CS-1. The coded bits are numbered starting from 0 and certain punctured bits are
removed.
CS-2: With CS-2 the punctured bits have numbers 4 ∗ i + 3 with i = 3,...,146 (excep-
tion: i = 9, 21, 33, 45, 57, 69, 81, 93, 105, 117, 129, 141). This means that none of
the first 12 bits is punctured. CS-2 corresponds to a data rate of 13.4 kbit/s. Remark:
For CS-2 the puncturing pattern must be adapted to the future new TRAU frame for-
mat in order to be used via the Abis interface (e.g. more bits must be punctured to
make space for RLC signaling).
CS-3: With CS-3 the punctured bits have numbers 6 ∗ i + 3 and 6 ∗ i + 5 with i =
2,...,111. CS-3 corresponds to a data rate of 15.6 kbit/s.
CS-4: CS-4 has no redundancy (no FEC) and corresponds to a data rate of 21.4
kbit/s.
By bundling up to 8 packet data channels of one carrier into one MS, transmission
rates up to 171.2 kbit/s are possible.
9
Channel Coding: Coding Schemes

CS-1 CS-2 CS-3 CS-4 Different
Redundancy
(FEC)
9,05 kbit/s 13,4 kbit/s 15,6 kbit/s 21,4 kbit/s
→ Quality Um
Coding Code Radio Coded Punctured Data Rate

Scheme Rate Block* Bits Bits kbit/s
CS-1 1/2 181 456 0 9,05
CS-2 ≈2/3 268 588 132 13,4
CS-3 ≈3/4 312 676 220 15,6
CS-4 1 428 456 0 21,4
* Radio Block without

Uplink State Flag USF &
Block Check Sequence BCS
Fig. 6 Coding schemes of GPRS, CS1 with high redundancy, CS4 no redundancy, radio blocks
10
GPRS Channel Coding

Existing channel coding procedures have been modified with a view to introducing
the GPRS. New coding schemes CS 1-4 were specified from ETSI 4. Basically, they
make it possible to transmit 9.05 kbit/s (CS-1), 13.4 kbit/s (CS-2), 15.6 kbit/s (CS-3)
and 21.4 kbit/s (CS-4) per timeslot, respectively.
On the Abis interface, transport capacity is restricted to 16 kbit/s owing to the fact that
existing TRAU frames are used. The transmission of data for CS-3 and CS-4 would
require larger transport capacities via Abis and would thus involve serious modifica-
tions in the existing network architecture. For this reason, only coding schemes CS-1
and CS-2 are supported in GR2.0/BR5.5. Of these two, CS-1 is particularly important.
Due to the unrestricted redundancy in data transmission, CS-1 is well suited to serve
as a safe basic coding for RLC/MAC data and control blocks. With a high-quality ra-
dio interface CS-1 data transmission rates of up to 8 kbit/s are possible. Even if the
air interface quality (the C/I ratio) decreases, the rate of transmission decreases very
slowly.
Under favorable radio transmission conditions, CS-2 achieves higher transmission
rates, with a maximum at 12 kbit/s. However, the rate of transmission depends more
strongly on the C/I ratio than with CS-1.
This is even truer of coding schemes CS-3 and CS-4, respectively, whose transmis-
sion rates are considerably higher than those of CS-1 and CS-2 under good radio
transmission conditions; but they rapidly decrease if the quality of the radio transmis-
sion interface gets worse.
11
• Introduction: CS-1 (9,05 kbit/s & CS-2 (13,4 kbit/s)

Channel Coding • CS-1: basic coding for RLC/MAC data & control blocks
• no CS-3 (15,6 kbit/s), CS-4 (21,4 kbit/s)
→ Abis limitation (current TRAU frames: 16 kbit/s)
CS 1 - 4: Bit Rate Comparison

20
18
CS1
16 CS2
CS3
Net Throughput (kbit/s)
14 CS4
12
10
0
18 17 16 15 14 13 12 11 10 9 8 7 6 5
Carrier / Interference C/I (dB)
Fig. 7 Comparison of the efficiency of the four coding schemes under realistic circumstances of the air interface
12
1.5 Logical GPRS Radio Channels

Use of "classical" logical channels for GSM-CS
A Logical channel is used for a special purpose/contents. For example the MSs have
to find out if this cell is a suitable one (operated by the "right" network operator),
which features are offered (e.g. HR/FR/EFR, GPRS, ...), what is the structure of Um
(channel combination), ... This is provided by the BCCH which is naturally only
transmitted in the downlink. Some resources have to be given for initial access for the
MS (RACH). For these reasons logical channels have been defined to fulfill all tasks,
which are necessary in a GSM network on the air interface (see figure 13).
The GPRS subscribers will share the air interface with the circuit switched users. On
the other hand the protocol structure of GPRS is different from "classical" GSM-CS.
Therefore the user traffic and (part of) the signaling will have to be separated. Before
this separation can take place the different MS (GPRS/non-GPRS) have to be han-
dled by signaling procedures for access (channel assignment. There are two solution
of this problem. The first one is to use (some of) the logical channels for GSM-CS:
The GPRS-MS detects the BCCH of this particular cell and looks for the system in-
formation to find out if GPRS is available. If this is a cell belonging to the same rout-
ing area the MS can choose this cell and wait for paging or for the user to use the
RACH for activating a PDP. In case that the user wants to run an PS application the
GPRS MS will use an access burst (RACH) which indicates that this is a GPRS MS
and the request will be answered by the PCU assigning resources for packet
switched traffic (time slots reserved for GPRS). Signaling (e.g. for authentication) will
then take place using these resources indicated by the message in the AGCH.
So GPRS uses some of the logical channels of GSM-CS. On one hand this can be
an advantage if the resources are sufficient. On the other hand if in the future more
and more GPRS traffic has to be handled, separate logical channels reserved for
GPRS MS will have to be given. This is the second solution. In any case the GPRS
MS will have to look for the BCCH of the cell to find out if GPRS is available. If the
second solution has been chosen the GPRS MS will also read information where a
PBCCH (Packet Broadcast Control Channel) is to be found (which time slot). This
second solution will be explained in figure 14.
13
Logical Channel
(for GSM Circuit Switched)
BCH BCCH CGI, FR/EFR/HR, GPRS available

Broadcast Control Channel frequency hopping, channel combination,...)
Broadcast Channel DL FCCH
frequency synchronisation
Frequency Correction Channel
SCH Time synchronisation + BSIC, TDMA-No.

Synchronisation Channel
DL PCH Paging / Searching (MTC)

Paging Channel
CCCH
AGCH Allocation of dedicated signalling channel
Signaling Common Control Channel Access Grant Channel
NCH Notifying MSs
Notification Channel
UL
RACH Request for access
Random Access Channel
Dedicated signaling MS ↔ BTSE (Call

DCCH SDCCH
Setup, LUP, Security, SMS, CBCH,...)
UL Stand Alone Dedicated
Control Channel
Dedicated Control Channel
+ SACCH Measurement Report,
DL Slow Associated
Control Channel
TA, PC, cell parameters,...
FACCH
Fast Associated Signaling instead of TCH
Control Channel
TCH/F User traffic (Full Rate)
Traffic UL + DL
Traffic Channe/Fl
User Data TCH/H User traffic (Half Rate)

Traffic Channel/H
Fig. 8 "Classical" logical channels of GSM may be used by GPRS users too
14
Use of new logical channels for GPRS

In addition to the nine existing logical radio channels used for signaling (BCCH, SCH,
FCCH, PCH, RACH, AGCH as well as SDCCH, SACCH and FACCH) and the Traffic
Channel (TCH) for circuit switched user information, a new set of logical channels
was defined for GPRS.
Packet traffic is realized by means of the Packet Traffic Channel (PTCH), which in-
cludes the following:
Packet Data Traffic Channel PDTCH.
Packet Associated Control Channel PACCH
Packet Timing advance Control Channel PTCCH
The PDTCH is temporarily assigned to the mobile stations MS. Via the PDTCH, user
data (point-to-point or point-to-multipoint) or GPRS mobility management and session
management GMM/SM information is transmitted.
The PACCH was defined for the transmission of signaling (low level signaling) to a
dedicated GPRS-MS. It carries information relating to data confirmation, resource al-
location and exchange of power control information.
New GPRS signaling channels are mainly specified analogously to GSM Phase1/2.
The Packet Common Control Channel PCCCH has been newly defined. It consists
of a set of logical channels, which are used for common control signaling to start the
connection set-up:
Packet Random Access Channel PRACH
Packet Paging Channel PPCH
Packet Access Grant Channel PAGCH
Packet Notification Channel PNCH
PRACH and PAGCH fulfill GPRS-MS functions, which are analogue to the “classical”
logical channels RACH and AGCH for non-GPRS-users. The PNCH is used for the
initiation of point-to-multipoint multicast (PtM multicast).
For the transmission of system information to the GPRS mobile stations, the
Packet Broadcast Control Channel PBCCH
was defined analogue to the “classical” BCCH.
In a physical channel all different types of logical channels can be contained (no
separation into traffic and signaling channels respectively as is done in conventional
GSM). The differentiation of channel contents is carried out per radio block using the
MAC header, i.e. contents are specified for the four normal bursts of a radio block
sent in each case.
The MAC function, which distributes the physical channel to the various mobile sta-
tions and allocates radio resources to an MS can also use the conventional logical
channels in GSM.
15
Logical channels
for GPRS
Broadcast channel DL PBCCH Packet System
Packet Broadcast Information
Control Channel
PRACH Access request for

UL Packet Random UL packet data
Common Access Channel transmission
Packet Control
Signaling channels PPCH Paging GPRS-MS
Packet Paging (PtP)
Channel
DL PNCH Paging GPRS-MS
Packet Notification (PtM)
Channel
PAGCH Resource allocation
Packet Access
Grant Channel
PACCH Dedicated signaling

Packet Associated MS-network,
UL&DL Control Channel e.g.power control
Dedicated channels UL PTCCH/U
Packet Timing Advance Control Timing advance
Channel Uplink/Downlink Determination and
DL Control
PTCCH/D
Packet UL&DL PDTCH Transmission of
Packet Data
Traffic Traffic Channel User data
Fig. 9 New logical channels for GPRS
16
1.6 Multiframes in GPRS

The GPRS packet data traffic is arranged in 52-type multiframes (GSM Rec. 03.64).
52 TDMA frames in each case are combined to form one GPRS traffic channel multi-
frame, which is subdivided into 12 blocks with 4 TDMA frames each. One block
(B0-B11) contains one radio block each (4 normal bursts, which are related to each
other by means of convolutional coding). Every thirteenth TDMA frame is idle. In the
idle frame the PTACCH is sent. The idles frames are used by the MS to be able to
determine the various base station identity codes BSIC, to carry out timing advance
updates procedures or interference measurements for the realization of power con-
trol.
For packet common control channels PCCH, conventional 51-type multiframes can
be used for signaling or 52-type multiframes. The GPRS users can use "classical"
common control channels of GSM before they will be directed onto their PTCHs. All
mobiles will read the BCCH anyway. Either in case of GSM mobiles to fulfill the same
tasks as before and for GPRS equipment this logical channel will indicate weather
GPRS service is available and if extra logical channels (PBCCH, PPCH, ...) are used.
GSM CS traffic and GPRS subscribers are clearly separated so that there is no con-
flict due to different signaling or multiframe structure.
It is important that there are no "visible" changes for "GSM only mobiles" due to the
introduction of GPRS. GSM CS connections will use for example the same 26 multi-
frame structure for TCH and the 51 multiframe structure for signaling.
17
New multiframe • PDCH follows 52 multiframe structure

• 52 Multiframe: 12 Blocks à 4 TDMA-frames
for GPRS • PCCCHs: „classical“ 51er Multiframes
or 52er Multiframes
52 TDMA Frames = PDCH Multiframe

4 Frames 1 Frame
B0 B1 B2 i B3 B4 B5 i B6 B7 B8 i B9 B10 B11 i
B0 - B11 = Radio Blocks (Data / Signaling) Idle frame:

i = Idle frame (PTCCH) • Identification of BSICs
• Timing Advance Update Procedure
• Interference measurements
• BCCH indicates PDCH with PBCCH (in B0) for Power Control
• DL: this PDCH bears PDCCH & PBCCH

PBCCH in B0 (+ max. 3 further blocks; indicated in B0)
PBCCH indicates PCCCH blocks & further PDCHs with PCCCH
• UL: PDCH with PCCCH: all blocks to be used for PRACH, PDTCH, PACCH
PDCH without PCCCH: PDTCH & PACCH only
Fig. 10 Multiframes for GPRS consist of a certain time slot in 52 consequent TDMA frames
18
Chapter 4
Procedures
Procedures Sidemen's
Procedures
Contents
1 Activation of GPRS Services 23
1.1 GPRS Identities 34
1.2 Mobility Management States 68
1.3 Packet Data Protocol PDP States 192

1.4 GPRS Packet Data Transmission 101
1.5 Combined GPRS & IMSI Attach 16
1.6 PDP Context Activation Procedure 18
1.7 Start of Mobile Originated Packet Transfer 20
2 Exercise 23
3 Solution 27
1
1 Activation of GPRS Services
GPRS:
Procedures
Activation of
GPRS services
Fig. 1
2
Procedures
Sidemen's Procedures
Sidemen'
1.1 GPRS Identities

1.1.1 Regional Organization of GPRS
A set of identities were introduced in GSM and GPRS to identify a subscriber, as well
as to keep track of him. Following identities are well known in GSM:
LAI: (Location Area Identity) covers a set of cells, where a subscriber was "seen"
last.
CGI: (Cell Global Identity) the unique number of a cell of a PLMN, composed the LAI
and the CI (cell identity).
Next to the existing GSM identities there is also a new GPRS specific identity, the
RAI (Routing Area Identity). This identity, defined by an operator, comprises one or
several cells. It is broadcasted by the (P)BCCH. If a GPRS mobile leaves a routing
area, a Routing Area Update Procedure has to be taken place. The RAI is used in the
same way as the LAI. The Routing Area is more precise than the location area. A
Routing Area is a subset of one and only one Location Area.
RAI: LAI + RAC (Routing Area Code) = MCC + MNC + LAC + RAC
Regional Organisation of GPRS
Location Area
Routing area
cell
MCC MNC LAC
MCC MNC LAC RAC
MCC MNC LAC CI
Fig. 2 Regional organization of GPRS
3
Procedures
Sidemen'
1.1.2 Subscriber Identities and Subscriber Services

IMSI (International Mobile Subscriber Identity):
This is an unique number allocated to each subscriber in GSM. This was adapted
also for GRPS-only mobile subscribers.
PTMSI (Packet Temporary Mobile Subscriber Identity):
This identity is allocated to each GPRS attached mobile. Its task is similar to the
TMSI. The discrimination between the TMSI and P-TMSI is realized by allocation to
the two most significant bits to 11 for GPRS and to 00, 01, 10 for GSM.
PDP Address:
On the network layer, the subscriber may identified by one or more network layer ad-
dresses, so-called PDP Addresses, which are allocated to the subscriber temporally
or permanently.
One central question in GPRS is: how can a logical link between a mobile and a
SGSN be identified uniquely? This is done with the NSAPI/TLLI pair, which are
unique within a routing area.
NSAPI (Network layer Service Access Point Identifier):
The NSAPI is used as a service access point between the higher level and the
SNDCP. The NSAPI is used to identify the corresponding PDP context, which is as-
sociated with the GPRS MS PDP address on the side of the GSN.
TLLI (Temporary Logical Link Identity):
The TTLI is used to define a one to one correspondence within a Routing Area be-
tween the MS and the SGSN. This is only known by the MS and the SGSN.
TID (Tunnel Identifier):
This identity is used by the GTP to identify a PDP context. The TID is a combination
of the IMSI and the NSAPI. The IMSI/NSAPI pair uniquely identifies a PDP context.
GSN-Address:
The GSN Address is the IP-no. of GSN for the GPRS IP backbone.
The GSN-number is the ISDN-no. for a GSN
Access Point Name:
This name indicates in the NSS backbone, which GGSN shall be used. Furthermore
it can indicate the external network, the subscriber wants to be attached to, for in-
stance the "Internet Service Provider" Name.
4
Subscribers Identities
Who is the owner of one packet
G
G
S S
G N
S
N G
G
S
TLLI IMSI N
Which application does the packet belong to
1 2 S G
G G
3 4 S S
N N
NSAPI
Fig. 3 Subscribers identities in the network
5
Procedures Sidemen'
1.2 Mobility Management States

States of the GPRS services
With regard to point-to-point PtP packet data transmission the GPRS service oper-
ates in two independent state models/circles. One circle describes the mobility man-
agement behavior whereas the other is assigned to the activation of a packet data
protocol PDP.
The circle related to mobility management states in the MS and the associated SGSN
consist of the:
"Idle" state
"Standby" state
"Ready" state
The circle related to a specific packet data protocol has the:

"Inactive" state
"Active" state
States of
GPRS services
2 circles
regarding:
Idle
State Inactive
State
Mobility
Management
Packet Data
Standby Protocol
State PDP
Ready Active
State State
Fig. 4 States of GPRS services with regard to mobility management and packet data protocols
6
Procedures
Sidemen'
"Idle" state
A mobile station MS in the idle state is detached from the GPRS. Only GPRS sub-
scription data is available in the HLR. No further information exists in other network
units such as SGSN and GGSN. It is not possible to activate a packet data protocol
PDP or to maintain a PDP in its active state. The GPRS MS must monitor the BCCH
to determine the availability of cells, which support GPRS services. Accordingly, the
GPRS MS can carry out PLMN and cell selection procedures. To exit idle state, the
MS must execute the “attach” procedure. Upon successful completion of this proce-
dure, the MS changes to ready state.
"Standby" state
In the standby state the GPRS MS is attached to the GPRS network. The GPRS and
the SGSN have a mobility management context comparable to the circuit switched
connections. The MS monitors the broadcast channel to determine the availability of
cells offering GPRS services and also the paging channel PCH, to be informed about
paging requests. The SGSN recognizes/stores the routing area RA of the GPRS-MS.
The routing area is a sub-unit of the location area LA, in other words a more detailed
determination of the GPRS-MS location. The GPRS-MS informs the SGSN about
changes of the routing area and answers paging requests.
"Ready" state
In the ready state, the SGSN detects the current cell of the GPRS-MS beyond the
routing area RA of the GPRS-MS. If the GPRS-MS changes cells, it informs the
SGSN. Paging is thus superfluous in the ready state. The DL packet data transfer
can be performed any time. Ready state does not mean that a physical connection is
established between SGSN and MS. Only in the ready state, SGSN and MS can
transfer data packets. MS and SGSN exit ready state upon expiry of a ready timer or
in case of a faulty packet data transmission and change to standby state. Upon log-
off, i.e. execution of a detach procedure; MS and SGSN exit ready state and change
to idle state.
7
Mobility Management
States
• SGSN & GGSN without

MS information
IDLE • MS observes BCCH
• only HLR contains subscription data state • PLMN- & Cell Selection
• no PDP context can be activated
GPRS GPRS
attach detach
• SGSN knows Routing Area & cell!! READY • MS initiates Cell Update
• UL & DL packet transmission possible
state
expiry of mobile SGSN: Paging / expire READY Timer /

reachable timer MS: initiates Transfer Transmission errors
• SGSN ↔ MS: MM-Context STANDBY • MS observes BCCH, PCH

• initiates RA-Update
• SGSN knows Routing Area
state • reacts to Paging Request
Fig. 5 Mobility management states
8
Procedures
Sidemen'
1.3 Packet Data Protocol PDP States

There are separate state circles for every authorized PDP of a GPRS-MS
"Inactive" State
The inactive state of a PDP means that this PDP is not operating at that moment.
There is no routing context in the MS, SGSN and GGSN. A transition in the active
state is only possible if there is a mobility management connection and if MS and
SGSN are in the standby or ready state.
No data transfer is possible in the inactive state. Data packets, which reach the
GPRS network are either rejected or ignored.
"Active" State
In the active state the MS, GGSN and SGSN are in a routing context. Data can be
transmitted or received by the MS. The active state is ended explicitly if the MS deac-
tivates a certain PDP. With GPRS detach and expiry of the standby timer, all the acti-
vated PDP are deactivated, too.
PDP States
• PDP not activated INACTIVE

• no Routing-context state
for MS, SGSN & GGSN Transition to „Active“ State
only if MM-context exists
• no data transmission possible ! ( MS & SGSN: STANDBY / READY)
De-activation PDP context /

GPRS detach Activation
expiry STANDBY timer PDP context
ACTIVE
• Routing context
for MS, SGSN & GGSN state
• Data transmission possible !
Fig. 6 States of a packet data protocol
9
Procedures
Sidemen'
1.4 GPRS Packet Data Transmission

The transmission of GPRS packet data presupposes the execution of
GPRS Attach Procedure as well as of the
PDP Context Activation Procedure.
In the case of a mobile packet data transfer, a one or two-phase packet access is
added. This access procedure is necessary for packet data transfer.
Common Mobility Management / MS-Location
To reduce the signaling load via the radio interface during GPRS and non-GPRS op-
eration, important mobility management MM procedures are carried out jointly (com-
mon MM). This regards the procedures for: attachment / detachment, location & rout-
ing area update and paging.
The result of a GPRS routing area update procedure is stored in the SGSN. The rout-
ing area represents a more exact indication of the MS location, than is actually
needed for non-GPRS services. Triggered by the MS (in the framework of a RA up-
date) the SGSN informs the MSC/VLR via the Gs interface of a change in the loca-
tion areas, which has taken place simultaneously.
Further mobility management procedures are also executed via GPRS procedures. If
possible, all messages containing mobility management information are transferred
through signaling data packets. The MM procedures are defined in the GGM/SM
(GPRS Mobility Management & Session Management).
10
Abbreviations
Abbreviations Siemen
Abbreviations
Contents
1 Abbreviations 23
1
1 Abbreviations
AAL ATM Adaptation Layer
AAL5 AAL Type 5
ABC Administration and Billing Center
ACCG ASN Controller and Clock Generator
ACIS ATM Communication Interface Simulator
ACT Active
ADET Application Database Engineering Team
ALI Alarm and Interface Module
ALIB Alarm and Interface Module Type B
ALM ATM Layer Module
AMP ATM Bridge Processor
AMX ATM Multiplexer
AMXE AMX Module type E
AP Accounting Probe
APE Abgesetzte Peripherie Einheit (Remote Peripheral Unit)
API Application Programming Interface
APS Application Program System
ASIC Application Specification Integrated Circuit
ASN.1 Abstract Syntax Notation 1
ASNF ASN Module Type F
ASNG ASN Module Type G
ASNH ASN Module Type H
ATM230 ATM Interface Asic with 200- and 30-Mbit Interfaces
AUB Access Unit Broadband
BAP Base Processor
BCH Broadcast Channel
BCCH Broadcast Control Channel
2
Siemens
Abbreviations Abbreviations
Siemen
BCT Basic Craft Terminal

BG Border Gateway
BigFUT a FUT (functional unit test) including all functional units
BIST Built In Self Test
BOP Basic Operation
BOST Board Self Test
BSSGP Base Station System GPRS Protocol
BVC Base Station Virtual Connection
C-ID Charging Identifier
CAP Coordination Processor
CBR Constant Bitrate
CCCH Common Control Channel
CCS7 Common Channel Signaling System No. 7
CCS7E Common Channel Signaling System No. 7 Enhanced
CDB Database for C-based Peripherals
CDC Central Data Collector
CGU Clock Generator Unit
CHILL CCITT High Level Language
CI Cell Identifier
CMISE Common Management Information Service Element
CP113 Co-ordination Processor 113
CT Context Table
CTI Context Table Index
CU(-C) Control Unit (shelf type C)
DBLU DBMS less Unit
DBMS Database Management System
DCCH Dedicated Control Channel
DLCI Data Link Connection Identifier
DNS Domain Name Server
DRAM Dynamic RAM
3
DS1 Digital Signal, level 1

DSDL DBMS Specific Definition Language
E1 European PDH Signal, Level 1
ECC Echo Cancellation Circuit
EFD Event Forwarding Discriminator
EIR Equipment Identity Register
EPC External Processor Communication
EPROM Erasable Programmable Read Only Memory
ESGEN Extended MML Syntax Generator
EWSD Siemens Digital Electronic Switching System
EWSD V13 Elektronisches Wählsystem Digital Version 13
EWSX EWSXpress
FACCH Fast Associated Control Channel
FAT Functional Area Test
FCCH Frequency Correction Channel
FEPROM Flash EPROM
FFS For Further Study
FP Frame Relay Processor
FPSM Frame Relay Processor Shared Memory
FR Frame Relay
FR-LIC Frame Relay Line Interface Card
FT1 Functional Test 1 (offline-test)
FT2 Functional Test 2 (online-test)
FT3 FT2 including the HLR
FTP File Transfer Protocol
FUT Functional Unit Test
FW Firmware
GDB GPRS Database
GDMO Guidelines for definition of Managed Objects
GMM GPRS Mobility Management
GMM_AF GMM Application Function
4
Siemens
Siemen
GMM_TF GMM Transport Function

GOAM GPRS Operation and Maintenance Applications
GPRS General Packet Radio System
GR GPRS Release
GR1.0 GPRS Release 1.0
GSN GPRS Support Node
GTP GPRS Tunnel Protocol
GUI Graphical User Interface
HPDB High Performance Database
HW Hardware
HWT Hardware Tracer
I/O Input / Output
ICA IDS Communication via ATM
ICMP Internet Control Message Protocol
IDS Interactive Debugging System
INT_CID Internal Change ID
INT_CID Internal Charging Identifier
IOC Input Output Controller
IOT Interoperability-Test
IOT Interoperability-Test
IPC Internal Processor Communication
IPv4 IP version 4
ITP Internal Transfer Protocol
IWE Interworking Entity
L&S Load and Stress Test
L&S Load and Stress Test
LA Location Area
5

LCF Log Control Function
LCT Local Craft Terminal
LDC Local Data Collector
LED Light Emitting Diode
LIC Line Interface Card
LLC Logical Link Control
LLE Logical Link Entity
LM Layer Management
LPS LIC Protection Switch
MBC Message Based Communication
MBS Maximum Burst Size
MCI Maintenance Craft Interface
MDB Maintenance Database
MDD Magnetic Disk Device
MIPS Million Instructions Per Second
MMU Memory Management Unit
MOD Magneto Optical Disk
MP Main Processor
MP-AP Main Processor used for application SW processing
MP-SA Main Processor with Standalone Capabilities
MP:ACC Main Processor for Accounting Management
MP:LM Main Processor for Layer Management
MP:OAM Main Processor for Operation and Maintenance
MP:PD Main Processor for Packet Dispatching
MPC Main Processor (Version C)
MPU Main Processor Unit
MPUB Main Processor Unit B
MPUC Main Processor Unit C
MS Mobile Subscriber
MSC Mobile Services Switching Center
6
Siemens
Siemen
MSU Message Signaling Unit

N-PDU Network PDU
NC Node Commander
NNI Node Network Interface
NS Network Service
NS-VC Network Service Virtual Connection
NS-VL Network Service Virtual Link
NSAPI Network SAPI
NSS Network Subsystem
OA&M Operation, Administration and Maintenance
OMC Operation and Maintenance Center
OMC-B OMC for the BSS
OMC-S OMC for the SSS
OS Operations System
P-TMSI Packet Temporary Mobile Subscriber Identity
PCB Printed Circuit Board
PCH Paging Channel
PCP Peripheral Control Platform
PCR Peak Cell Rate
PD Packet Dispatcher
PDET Project Database Engineering Team
PDP Packet Data Protocol
PDU Packet Data Unit
PLL Phase Locked Loop
PLMN Public Lands Mobile Network
PM Performance management
PRH Protocol Handler
PRH:MGR Protocol Handler Manager
7
PRM Packet Routing Management

PRM-S Packet Routing Manager SGSN
PRT Packet Routing and Transfer Function
PSAX Power Supply 5V for Fibre Optic Transceiver type X
PSU Power Supply Unit
PVC Permanent Virtual Connection
Q3 Q interface at the GSN nodes
QoS Quality of Service
RA Routing Area
RAC Routing Area Code
RACH Random Access Channel
RAI Routing Area Identity
RAM Random Access Memory
RB Record Builder
RF Record Formatter
RPC Remote Procedure Call
RSS Radio Subsystem
SA Stand Alone
SAAL Signaling AAL
SACCH Slow Associated Control Channel
SAPI Service Access Point Identifier
SAR Service Access Routines
SCB Sequencer Control Block
SCB SSNC Control Shelf Basic
SCE SCB-extended
SCE SSNC Control Shelf Extended
SCH Synchronization Channel
SCR Sustainable Cell Bitrate
SDL System Description Language
SDR Symptom Data Recording
SDRAM Synchronous DRAM
SDRT Symptom Data Transport
8
Siemens
Siemen
SGSN Serving GPRS Support Node

SICAT SDL Integrated Computer Aided Tool set
SLR SGSN Location Register
SM Session Management (GPRS)
SM Signaling Manager (part of #7 application)
SMP Standard Maintenance Protocol
SMU Statistical Multiplexing Unit
SNDCP Subnetwork Dependent Convergence Protocol
SP Synchronization Point
SPOTS Support for Planning, Operation & Maintenance and Traffic analysis
SPU Service Provision Unit
SQS Siemens Q3 Specification
SS7 Signaling System #7
SSNC Signaling System Network Control
SST Sub System Test
STATS Statistics Support
STB Standby
STM-1 Synchronous Transport Module Level 1
SVE System Verification Environment (a tool for proving the formal
correctness of a design)
SW Software
SWERR Software Error Report
TCH Traffic Channel
TCP Transmission Control Protocol
TID Tunnel Identifier
TLLI Temporary Logical Link Identifier
TLM Trunk Line Management
TM Traffic Measurements
TMN Telecommunications Management Network
TODE Total Outage Detection
TPL Throughput Limiter
TSC Through Switched Connection
TTY Teletype
9
UDP User Datagram Protocol

UNI User Network Interface
VBR Variable Bitrate
VC Virtual Connection
VCPU Virtual Central Processing Unit
VGA Video Graphics Adapter
vGGSN virtual GGSN
VLR Visited Location Register
VOCOC Vision O.N.E. Chill Operating System
VP Virtual Path
WWW World Wide Web
xGSN SGSN or GGSN
10
TRAINING SECTOR
The Third Generation (3G) 1
UMTS Evolution 2
The UMTS Network 3

Sub-sections
Security Features 4
UMTS Introduction
UTRA Aspects 5
UMTS Radio Access: Basic Principles 6
Appindex 7
UMTS Introduction

1 The Third Generation (3G) 1 - 32
2 UMTS Evolution 1 - 10
3 The UMTS Network 1 - 39
4 Security Features 1 - 36
5 UTRA Aspects 1 - 19
6 UMTS Radio Access: Basic Principles 1 - 41
7 Appendix 1 - 17

Chapter 1

The Third Generation (3G) Siemens
Contents
1 IMT-2000 23
1.1 3G / IMT-2000 Standardization 34
1.2 3G Frequency Ranges 1214
2 UMTS 1721
2.1 The UMTS Standard 1822
2.2 3G / UMTS: 4 Zone Concept / Data Rates 2732
2.3 UMTS Licenses 3136
3 Exercise 3339
4 Solution 3847
1
1 IMT-2000
The 3rd Generation (3G)
Standardization:
International
Telecommunication
Union
Global Mobile
Personal
Communication
by Satellite
Time & Frequency

Future Public Land Mobile International Mobile
Telecommunication Systems
Telecommunications
IMT-2000
International Mobile Telecommunications
Fig. 1
2
The Third
Siemens Generation (3G) Siemen
1.1 3G / IMT-2000 Standardization

The third generation of mobile communication systems (3G) has been in discussion
since the beginning of the 1990's under the term FPLMTS (Future Public Land Mobile
Telecommunication Systems). This was taken to refer to the terrestrial branch of
mobile communications. In the mid-1990's, the term was changed to IMT-2000. IMT-
2000 stands for International Mobile Telecommunications. 2000 indicates not only the
time frame for introduction of the systems, but also the frequency band used (in
MHz). In addition to terrestrial systems, IMT-2000 also includes mobile satellite
systems. These were discussed under the term GMPCS for Global Mobile Personal
Communication by Satellite.
The International Telecommunication Union (ITU) is responsible for the IMT-2000
specification. The ITU derives from the International Telegraph Union founded in
Paris in 1865. In 1848 the ITU was included as a special organization in the United
Nations UN. The ITU is responsible for international coordination in the area of
telecommunications. E.g. for the allocation of frequency spectrum, coordination of the
development of telecommunication systems, promotion of bilateral agreement on low
charges, implementation of studies, issue of regulations and recommendations and
much more. The ITU is also in charge of the global 3G coordination, i.e. for IMT-2000
guidelines and frequency recommendations.
1G and 2G systems are characterized by a variety of different standards for various
applications. Each of the standards has specific technical attributes, advantages and
disadvantages, applications, ranges and costs, and has been optimized for different
subscriber groups. Many of these systems exist(ed) solely at regional or national
level and are incompatible with each other.
Different to 1G and 2G, 3G has been planed as a family of compatible standards,
allowing world-wide access, being used for diverse applications.
The IMT-2000 concept devised by the ITU includes the following major aspects:
l Global, seamless access to mobile communications systems
l Compatibility between all members of the IMT-2000 family
l Downward-compatibility with the major 2G systems (e.g., GSM, IS-95)
l Convergence between mobile and fixed networks
l High data rates for mobile communications
l Circuit- and packet-switched (CS & PS) transfer of data
l Facilitation of multimedia applications
l Inexpensive, flexible telecommunications access also for developing countries
3
1G 2G IMT-2000
(analog) (digital)
3G
Paging Systems, Paging Systems 1 family of standards
e.g. City Call e.g. ERMES for all
• applications
• countries
Cordless Telephone Cordless Telephone
e.g. CT1, 1+ e.g. DECT, PACS, PHS
Wireless
wireless
Local Loops
Telephone cell
WLL

PMR e.g. TETRA
e.g. UMTS, cdma2000, UWC-136
Cellular systems · worldwide, seamless access

Cellular systems Þ terrestrial & MSS component
e.g. GSM, D-AMPS,
e.g. C450, NMT, AMPS · Compatibility: IMT-2000 family
IS-95, PDC
· downwards-compatible with 2G
MSS · Fixed Mobile Convergence FMC
MSS · high data rates
e.g. IRIDIUM, ICO,
e.g. INMARSAT · Multi Media applications
Globalstar
· CS & PS
different, incompatible standards for · low price & flexible access for
different applications, countries & regions developing countries!
Fig. 2
4
The Third Generation (3G) Siemen
IMT-2000 RTT Standardization

IMT-2000 is pledged to enabling global mobile communications. In this respect, the
ITU drew up guidelines for IMT-2000 systems and requested the regional
standardization organizations (Standards Development Organizations – SDO's) to
submit proposals based on the guidelines. These are to be examined in conjunction
with the ITU and adapted correspondingly in order to assure compatibility between
the individual members of the IMT-2000 family.
Many regional and national SDO's throughout the world participated in the drafting of
proposals. They include the following:
l for Europe, the ETSI (European Telecommunication Standardization Institute)
l for Japan, the TTC (Telecommunication Technology Committee) and the ARIB
(Association of Radio Industries and Business), an organization for proposing and
promoting radio-based development
l for South Korea, the TTA (Telecommunication Technology Association)
l for the USA, the T1 (Standards Committee T1 Telecommunications) and TIA
(Telecommunication Industry Association) which represent the interests of many
American companies in the information and telecommunications sector and
develop standards for the ANSI (American National Standards Institute)
l for China, the CATT (China Academy of Telecommunication Technology)
l and a number of international companies that develop mobile satellites (Inmarsat,
ICO, ESA, Iridium,..)
5
IMT-2000 Development:
regional Standards Development Organisations
ETSI
(Europe) TIA, T1
(USA)
200 0
MT-
ARIB, TTC
I CATT
ITU:
(Japan)
(China)
TTA
(South Korea) ESA, Iridium
(MSS)
ICO, Inmarsat • 1985: Start ITU studies on FPLMTS (IWP8/13)

(MSS) • 1992: Frequency reservation in WARC`92
• 1990 - 95: TG 8/1 defines FPLMTS requirements
TIA: Telecommunication Industry Association
T1: Standards Committe T1 Telecommunications ESA: European Space Agency
ETSI: European Telecommunications Standardization Institute TTA: Telecommunications Technology Association
ICO: Intermediate Circular Orbits CATT: China Academy of Telecommunication Technology
Inmarsat: International Maritime Satellite Organisation ARIB: Association of Radio Industries and Business
Fig. 3
6
Siemens Siemen
RTT proposals for IMT-2000

Studies on FPLMTS commenced in 1985 with the founding of a work group in the
ITU designated as the Interim Working Party IWP8/13. Questions regarding the
necessary bandwidths and frequency bands as well as the level of similarities
required to ensure compatibility were discussed here. Guidelines for FPLMTS / IMT-
2000 were defined in the 1990's by the ITU task group TG8/1.
Further development stages were as follows:
l Drafting of proposals for IMT-2000 systems (3Q1996 – end of 1997)
l Evaluation of the proposals (2Q1997 – 3Q1998)
l Consensus on Intellectual Property Rights IPR and compatibility (2Q1997 –
1Q1999)
l Finalized specification of the individual standards for the IMT-2000 family (1999)
Another significant date was June 30, 1998 – the deadline for submission of Radio
Transmission Technology (RTT) proposals to the ITU. Different regional standards
development organizations SDO’s were involved in the development of IMT-2000
systems. 15 proposals for implementing IMT-2000 radio transmission technologies
(RTT) were submitted to the ITU by the end of June `98 (deadline). Two further
proposals followed a few months later, but were still accepted.
The total of 17 proposals were devised and submitted by the world’s most important
SDO’s – i.e., from ETSI (Europe), ARIB (Japan), TIA (USA), T1 (USA), TTA (South
Korea) and CATT (China), as well as by the MSS operators ICO, Inmarsat, ESA and
Iridium. 11 proposals submitted by the various SDO’s refer to terrestrial, cellular
systems. The other 6 proposals from the MSS operators concern satellite systems
that are intended to provide genuine global coverage for the 3G systems.
7
ITU-Deadline
RTT proposals für RTT Proposals:
for IMT 2000 30.06.98
Europe South Korea

ETSI: UTRA TTA: CDMA II
DECT CDMA I
SAT-CDMA
China
CATT: TD-SCDMA
USA Japan
TIA: UWC-136 ARIB: W-CDMA
WIMS W-CDMA
cdma2000
MSS
ICO: ICO RTT
T1: NA: W-CDMA
Inmarsat: Horizons
T1, TIA: WP-CDMA
ESA: SW-CDMA
SW-CTDMA
Iridium: INX
Source: ITU
RTT: Radio Transmission Technology
Fig. 4
8
The Third
RTT Proposals
11 of the total number of 17 RTT proposals referred to terrestrial, cellular systems.
They cover all commercially viable areas of the mainland including coastal areas – in
other words, from indoor areas (i.e., quasi stationary or lowest speed, smallest range)
to pedestrian (i.e., low speed, small and medium ranges) to vehicular (i.e., wide
ranging at medium and high speeds).
Another 6 proposals from the area of mobile satellite systems (MSS) for covering the
remaining surface of the globe (sea, deserts, mountains, and sparsely populated,
inaccessible regions) were also submitted.
The greatest share of the RTT proposals, particularly for the terrestrial solutions,
have so-called CDMA (Code Division Multiple Access) solutions. Different variations
of this special multiple access method provide very efficient use of resources via the
radio interface and allow flexible, high data rates.
Other methods use “conventional” TDMA (Time Division Multiple Access) methods
with different optimization solutions to provide access to 3G systems at the high data
rates demanded by the ITU.
Pedes- Vehi-
Proposal Description Indoor
trian cular
Satellite Source
R
DECT
Digital Enhanced Cordless
Telecommunications
x x - - ETSI T
UWC-136 Universal Wireless Communications x x x - USA TIA
T
WIMS Wireless Multimedia and Messaging
W-CDMA Services Wideband CDMA
x x x - USA TIA P
TD-SCDMA Time-Division Synchronous CDMA x x x - China CATT r
W-CDMA Wideband CDMA x x x - Japan ARIB
o
CDMA II Asynchronous DS-CDMA x x x - South Korea TTA
p
o
UTRA
UMTS Terrestrial Radio Access:
W-CDMA
x x x - ETSI s
NA: W-CDMA North American: W-CDMA x x x - USA T1P1
a
cdma2000 W-CDMA (IS-95+) x x x - USA TIA
l
s
CDMA I Multiband synchronous DS-CDMA x x x - South Korea TTA
SAT-CDMA 49 LEO sats in 7 planes at 2000 km - - - x South Korea TTA
SW-CDMA Satellite wideband CDMA - - - x ESA

SW-CTDMA Satellite wideband hybrid CDMA/TDMA - - - x ESA
ICO RTT 10 MEO sats in 2 planes at 10390 km - - - x ICO
Horizons Horizons satellite system - - - x Inmarsat
WP-CDMA Wideband Packet-CDMA x x x - T1 & TIA
INX Iridium Next Generation - - - x Iridium Source: ITU
Fig. 5
9
The Third
Harmonization of the RTT‘s

Due to the demand for global compatibility of the IMT-2000 systems and as a result
of the improved chances of the individual proposals, many of the RTT solutions
proposed were harmonized. The harmonization reduced – in particular for the
terrestrial, cellular systems – the number of RTT’s during the period from the middle
of 1998 until the end of 1999. The ARIB (W-CDMA) and ETSI (UTRA) proposals
were harmonized and further jointly developed as UTRA FDD and TDD components
(as a GSM successor system). The IS-95 successor system, CDMA2000, and the
UTRA FDD/TDD components were also harmonized. This new IMT-2000 RTT
component referred to now as MC-CDMA (instead of CDMA2000) is for the most part
harmonized with the UTRA TDD and FDD (now also known as DS-CDMA)
components with the result that roaming is possible in theory between the system
components. The Chinese TD-SCDMA proposal has also been retained as an IMT-
2000 component.
At the same time, UWC-136 remains as a step toward optimization of D-AMPS in the
direction of high data rates. UWC-136 is equivalent to EDGE for GSM). Therefore,
EDGE has been renamed to Enhanced Data Rates for the Global Evolution,
consisting of an "EDGE Classic" component (for GSM enhancement) and an "EDGE
Compact" component (for D-AMPS enhancement).
So in general four 3G standards are expected to be more or less important on 3G
market: UMTS (FDD mode and TDD mode), MC-CDMA, EDGE and TD-SCDMA.
Now, having finished 3G standardization (ITU TG8/1 closed in 12/99), further plans
are made to enhance 3G (denominated as 3.5G) and first studies are planed for 4G
development (e.g. in the ITU Working Party WP8F).
10
IMT-2000 Source: ITU

RTT Harmonization
CDMA II, W-CDMA

CDMA2000 UWC-136
NA: W-CDMA TD-SCDMA
CDMA I DECT June `98
UTRA, WIMS
CDMA FDD TDMA/CDMA TDMA

UTRA (FDD) (Hybrid TDD)
UWC-136
WP-CDMA TD-CDMA DECT March `99
CDMA2000 (UTRA TDD)
TD-SCDMA
Paired: Unpaired:
EDGE UTRA TDD December `99
UTRA FDD TD-SCDMA
FDD: Frequency Division Duplex
MC-CDMA
TDD: Time Division Duplex (former 12/99 ITU:
DS-CDMA: Direct Sequence CDMA
CDMA2000) TG 8/1 closed &
MC-CDMA: Multicarrier CDMA
TD-SCDMA: Time-Division Synchronous CDMA WP 8F founded: 3.5G / 4G studies
Fig. 6
11
Siemens Siemen
1.2 3G Frequency Ranges

A significant disadvantage of mobile communications is the limited availability of
frequency resources. The radio interface can be likened to the eye of a needle for
information transfers. The radio interface in most industrial nations has hardly any
unused gaps in the range from KHz to GHz. A variety of diverse applications (e.g.,
radio, TV, radar, mobile communications, radio relay systems, microwave
applications, etc.) for industrial, military and private use are competing for the
available frequency bands. Licenses are granted at national level.
1G mobile communications systems in Europe were mostly positioned in the 450
MHz and 900 MHz frequency bands. 1G and 2G successor systems in America and
Japan occupy the 800 MHz range. Expansions in Japan were implemented for the
1500 MHz range and in America for the 1900 MHz range. For GSM, frequency bands
around 900 MHz were reserved for GSM900 and GSM-R, and frequencies around
1800 MHz for GSM1800 in most European countries and in many non-European
countries (outside America). The 1800 MHz band is available for different 2G
systems (including GSM1900) in different American states.
The European 2G cordless standard DECT is used globally in many countries in the
range 1880 – 1900 MHz. The Japanese PHS equivalent used in the South Asian
area uses the range 1895 – 1918 MHz.
Frequencies in the range of 1600 MHz are also available to 2G MSS's. Other MSS
bands are located between 2.5 and 30 GHz.
A recommendation for the national authorities for reserving frequencies for 3G
applications was passed on the initiation of the ITU-R at the World Administrative
Radio Conference in February 1992 (WARC-92). The frequency ranges from 1885 –
2025 MHz and from 2110 – 2200 MHz are to be reserved globally for 3G systems.
They include frequency ranges for MSS's: 1980 - 2010 MHz and 2170 - 2200 MHz.
12
Frequency reservation 1G & 2G systems

0 250 500 750 1000 1250 1500 1750 2000 frequency [MHz]
Europe,
Africa,
Australia
1G (NMT, C450,..) GSM900 MSS DECT
possibly 2G: GSM450 + GSM-R GSM1800
America
1G: AMPS, MSS 2G: GSM1900,
2G: D-AMPS, IS-95 IS-95, D-AMPS
Japan
1G + 2G: PDC 2G: MSS PHS
Remaining frequencies < 2 GHz: PDC
Military, Industry, Broadcast, TV, Research,
private (households, amateurs),...
WARC-92: 3G Plans
1980 2010 2170
cellular MSS cellular MSS
1885 2025 2110 2200
1 8 5 0 1 9 00 1 9 5 0 2 0 0 0 2 0 5 0 2 1 0 0 2 1 5 0 2 2 0 0 2 2 5 0
Frequency range [MHz] WARC: World Administrative Radio Conference
Fig. 7
13
The Third
Regional 3G reservation
Europe, Japan and South Korea complied for the most part with the
recommendations of the WARC-92 regarding reservation of frequency ranges for 3G
systems.
Europe: It was defined at European level after a decision taken by the ERC
(European Radiocommunications Committee) at the end of 1997 that the
corresponding (WARC-92) frequency range, with the exception of the frequency
range from 1880 – 1900 MHz (DECT range), is to be made available to 3G systems.
Many non-European countries also adopted this frequency reservation.
Japan: With the exception of the frequency range below 1918.1 MHz, which will
continue to be used for PHS systems, the entire WARC-92 frequency band was
reserved for 3G systems.
South Korea: The full WARC-92 frequency band was reserved for 3G systems.
North America: In 1995 the frequency range between 1850 MHz and 1990 MHz was
auctioned in the USA for use by 2G systems (e.g., IS-95, D-AMPS, GSM1900). As a
result, the introduction of 3G systems in the USA is experiencing great difficulty. The
same applies to Canada. However, smaller ranges (C, E blocks) were reserved here
for future applications.
Regional 3G Reservation
1850 1900 1950 2000 2050 2100 2150 2200 2250
2010 MHz
IMT 2000 MSS IMT 2000 MSS

WARC-92
1885 MHz 2025 MHz 2110 MHz 2170 MHz
Europe GSM 1800 DECT UMTS MSS UMTS MSS
1880 MHz 1980 MHz 2170 MHz

1918 MHz
Japan;
S. Korea PHS IMT 2000 MSS MSS
IMT 2000
like WARC-92
1895 MHz
USA, PCS1900
MSS reserved MSS
Canada A C B EF C A CB E F C
(C,E reserved)
1910 1930 1990 MHz 2160 MHz
1850 1900 1950 2000 2050 2100 2150 2200 2250

Source: UMTS Forum Report #5
Fig. 8
14
Siemens Siemen
World Radiocommunication Conference WRC 2000

The WRC 2000 in Istanbul, Turkey, was looking for additional 160 MHz spectrum on
top of the today available 2G and 3G frequency ranges. Furthermore, a central
aspect of the WRC’2000 has been to provide a global harmonization of frequency
ranges for 3G. The ability to roam world-wide on 3G frequency ranges is very
beneficial for a real 3G mass market. A third aspect has been the extension of 3G
frequency ranges to lower frequencies for the deployment of 3G services in rural
areas, i.e. in larger cells.
One key principle, which helped in the process of identification of 3G spectrum in
WRC’2000 was that the identified 3G spectrum would not preclude the use of these
bands by any other services to which they are allocated. Regulators will be reminded
at regular intervals that when licensing services in those bands sufficient resources
must be provided for 3G services.
The additional bands identified for 3G terrestrial components are:
l 806 – 960 MHz
l 1710 – 1885 MHz
l 2500 – 2690 MHz
The bands, which had been identified for 3G in WARC’92 remain unchanged:
l 1885 – 2025 MHz
l 2110 – 2200 MHz
The frequency ranges below 1GHz are especially useful for rural services and
developing countries. Some countries are planning to use the following frequency
range additionally for 3G implementation: 698 – 806 MHz.
The focus of the 3G extension is the frequency range between 2500 – 2690 MHz.
Reference is also made to the 2300 – 2400 MHz frequency range, which is the
preferred choice of China.
15
WRC-2000 · additional 3G frequency ranges

to be used from 2005 China only:
05/2000 in Istambul 2300 - 2400 MHz
· world-wide Harmonisation
only some of 3G frequency ranges
countries
Harmonisation / Extension:
cellular Refarming 2G frequencies
(important for rural service areas)
698 806 960
Frequency range [MHz]
Harmonisation / Extension:
cellular Refarming 2G frequencies
1710 1885
1980 2010 2170
cellular MSS WARC’92 cellular MSS

1885 2025 2110 2200
cellular Extension band

2500 2690
Fig. 9
16
2 UMTS
The 3rd Generation (3G)
Universal Mobile
World-wide,
seamless
Multimedia access
Telecommunication System
UMTS
Standardisation & Concept
Fig. 10
17
The Third
2.1 The UMTS Standard

The European telecommunications standards institute ETSI began with the
development of a successor standard to GSM in the mid-1990's. This standard,
referred to as UMTS (Universal Mobile Telecommunication System), is intended to
be a European 3G system that meets all IMT-2000 requirements stipulated by the
ITU.
ETSI SMG's (Special Mobile Groups) were charged with drafting the UMTS standard.
The SMG's also devised GSM and are responsible for its updating.
Different studies on the implementation of the UMTS radio interface, UTRA (UMTS
Terrestrial Radio Access), were completed in 1996 and 1997. These studies are
regarded as the 1st phase of the UTRA conception.
A total of five concepts were selected in mid-1997 for the implementation of UTRA.
These five concepts were named after the first five letters in the Greek alphabet:
alpha, beta, gamma, delta and epsilon. The various concepts were evaluated from
the middle of 1997 until the end of that year. The evaluation is referred to as the 2nd
phase in the UTRA conception. That phase was completed in 01/1998 with the
selection of the alpha and delta concepts for UTRA.
In the 3rd phase of the UTRA conception, these two UTRA concepts were
harmonized with each other. The harmonization was concluded in 06/1998. Since
then the two concepts are known as UTRA FDD and UTRA TDD. At the same time,
UTRA was submitted to the ITU as the ETSI proposal for IMT-2000. The ITU
accepted UTRA as an IMT-2000 system at the start of 1999.
The Japanese standards association, ARIB, with observer status in the ETSI, also
participated in the evaluation and harmonization of UTRA.
As a result, the submissions made by ETSI (UTRA) and ARIB (WCDMA) to the ITU
closely match each other in many respects. In view of this similarity, ETSI and ARIB
agreed in 05/1998 on a joint venture for 3G development.
This cooperation resulted in 12/1998 in the founding of the 3GPP (Third Generation
Partnership Project). Many other major organizations participate in the 3GPP for
development and promotion of 3G standards. Since then, 3GPP is responsible for the
production, testing and further development of a global UMTS standard (often
referred to as WCDMA in Asian areas).
18
Start of UMTS Standardization
• 1996/97: studies on UMTS

ETSI (1. Phase UTRA conception)
• 06 - 12/97: Evaluation of
• UMTS: GSM 5 Concepts
successor standard (2. Phase UTRA conception)
• devised in SMGs • 01/98: Select a & d concept
(Special Mobile Groups) • 01 - 06/98: Harmonisation
Þ FDD & TDD
(3. Phase UTRA Conception)
GSM900/1800/1900
• 06/98: Submission of UTRA
GSM-R, UMTS
RTT proposal to ITU
• 05/98: Harmonisation by
ETSI / ARIB
12/98: 3GPP founded

for
„developing, approving
& maintaining
common UMTS specification“
Fig. 11
19
The Third
3GPP: Third Generation Partnership Project

In December 1998, five regional standards organizations (Japan: ARIB and TTC,
Europe: ETSI, South Korea: TTA, USA: T1) agreed to found a new global
standardization body. The objective of this body, known as 3GPP, is the joint
standardization, testing and continued development of UMTS.
The cooperation between many of these globally important standards organizations
is intended to assure that UMTS can establish itself as the dominating 3G standard
thereby facilitating global roaming and a genuine mass market for 3G.
The 3GPP guidelines were completed by March 1999.
From the year 2000 on, the remaining GSM/EDGE standardization work has been
taken over by 3GPP from the ETSI.
3GPP members
3GPP distinguishes between "organizational partners“, "market representation
partners" and "observership status“.
Organizational partners delegate experts to 3GPP to work on the development of the
standard. Market representation partners can make submissions to 3GPP, and
engage in the investigation of market demands, services, compilation of studies, etc.
Observership status is given to organizations with access to the 3GPP committees
but without any voting power.
Since the founding of the 3GPP many other organizations have agreed to active
involvement in the project.
For instance, by the beginning of the year 2000, the CWTS (China) joined as an
organizational partner; the UMTS Forum, GSM Association, GSA,UWCC and Ipv6
Forum as market representation partners MPRs and TIA and TSACC are engaged
under observership status. Several other organizations joined 3GPP in the following
as MPRs.
20
UMTS
ETSI
Standardization European Telecommunication
Standards Institute
ARIB/TTC
TTA Association of Radio Industries
Telecommunications Technology & Business / Telecommunication
Association, South Korea Technology Committee, Japan
TSACC GSA
Telecommunication Global Mobile Supplier
Association
3GPP
Standards Advisory Council
of Canada IPv6
UMTS Forum
TIA 3rd Generation Forum
Telecommunication
Industry Association, Partnership Project UWCC
USA
Universal Wireless
Communications
ACIF Consortium
Australian Communications WMF
Industry Forum Wireless Multimedia MWIF
Forum
CWTS Mobile Wireless
Internet Forum
China Wireless 3G.IP
Telecommunications Forum GSM
Standards Association
ANSI T1
Committee T1 Organisational Partner
Telecommunications MPR: Market Representation
Partner
Observership status
Fig. 12
21
The Third
3GPP structures
3GPP originally has been divided into a project coordinating group (PCG), originally
four, now five technical specification groups TSG's and many working groups WG's.
The PCG coordinates the work of the various TSG's and WG's.
The TSG's are writing the standard – i.e., the recommendations for UMTS and
GSM/EDGE.
There are TSG's for each of the following UMTS topics: "Radio Access Network",
"Service & System Aspects", "Core Network" and "Terminals"."
A fifth TSG has been created in July 2000: "GERAN" (GSM/EDGE Radio Access
Network). Its principal responsibilities will be the maintenance and development of
GSM Technical Specifications and Technical Reports, including GSM evolved radio
access technologies such as GPRS and EDGE.
The Working Groups are working out studies regarding different aspects of the
standard. The studies are used by the TSG's as a basis for drafting the
recommendations.
3GPP
PCG
Structure Project Co-ordinating Group
TSG: Technical
Specification Group
TSG CN TSG SA TSG T TSG RAN TSG GERAN

Services & System Radio Access GSM EDGE
Core Network Terminals
Aspects Network RAN
CN WG 1 SA WG 1 T WG 1 RAN WG 1 GERAN WG 1
Mobile Terminal Radio Layer 1
MC/CC/CS (Iu) Services Radio Aspects
Conformance testing specification
Mobile Terminal Radio Layer 2 & 3
CAMEL Architecture Protocol Aspects
Services & capabilities (RR) spec.
Interworking with USIM Iub, Iur, Iu spec. &
Security BS Testing and O&M
External Networks (Universal SIM) UTRAN O&M requirem.
CN WG 4 SA WG 4 RAN WG 4 GERAN WG 4
Radio performance &
MAP/GTP/BCH/SS Codec MS testing
Protocol aspects
CN WG 5 SA WG 5
OSA (Open
Telecom Management
Service Architecture)
Source: 3GPP
Fig. 13
22
The Third
The UMTS Standard

The UMTS (3G) Standard drafted by the 3GPP is based on the success and
experiences of the GSM Standard.
The first UMTS (3G) Release – completed at the beginning of the year 2000 and
known as the UMTS Annual Release 1999 – is based in many areas on the GSM
Annual Release 1999. This is true in particular for the Core Network (CN) and the
service aspects. There are also very many '3G-only' specifications. This refers
particularly to the implementation of the UTRA radio interface.
The UMTS (3G) Standard is divided into different series (Series 21 to 34). These are
in turn subdivided into individual specifications.
Recommendations of the UMTS (3G) Standard as known as technical specifications.
Their numbering is derived from the numbering system of the GSM Standard. A
technical specification (TS) is numbered as "3G TS ab.cde", where "ab" represents
the series and "cde" the particular specification. Up to 1000 specifications are
therefore possible in any one series. This is a larger scale than is the case for GSM.
Specifications derived from the GSM Rel. '99 are numbered after the corresponding
GSM series plus 20. The "c" in the TS is set to "0" here. For example: 3G TS 27.007
is a technical specification deriving from the GSM Rec. 07.07.
The numbering system is explained in detail in the 3G TS 21.101.
The 3G TS 21.101 also provides an overview of all series and individual 3G technical
specifications.
23
The UMTS Standard
GSM Numbering:
Rel. 99
Specification
3G TS ab.cde
„3G only“
Specification
TS: Technical Specification

ab.cde: Series . Number
3G Derived from GSM-Spec.:

Release 1999 GSM-Series +20; c = 0
Specification e.g.: GSM 07.07 ® 3GTS 27.007
Fig. 14
24
The Third
3G Series
The UMTS specifications are divided into a total of 15 series.
Each of the series treats a particular aspect of the UMTS Standard.
21 series: Requirement specifications (overview: preliminary nature)
22 series: Service aspects
23 series: Technical realization
24 series: Signaling protocols (UE - CN network)
25 series: UTRA aspects
25.100 series: UTRA radio performance aspects
25.200 series: UTRA radio aspects (physical layer 1 of UTRA)
25.300 series: UTRA radio interface architecture, layer 2 and layer 3 aspects
25.400 series: UTRA network aspects (Iub, Iur, Iu Interface)
26 series: Codecs (speech, video, etc.)
27 series: Data (functions for support of data applications)
28 series: Signaling protocols (RSS - network part)
29 series: Signaling protocols (NSS)
30 series: Program management (3GPP plans and work programs, etc.)
31 series: UIM (User Identity Module)
32 series: Operation and Maintenance
33 series: Security aspects
34 series: Test specifications
35 series: Confidentiality & integrity algorithms
Work on the "classical" GSM series 1 - 12 is closed. The remaining work on
GSM/EDGE is done by TSG "GERAN" in the series 41 – 55, which are build up in
analogy to the 21 - 35 series of UMTS.
25
3G TS: Series
21-Series: Requirements Specifications (Overview, Infos,..)

22-Series: Service Aspects
23-Series: Technical Realisation
24-Series: Signalling Protocols (UE - CN) ··GSM
GSMSeries
Series11- -12
12
closed
closedwith
withRel.
Rel.‘99
‘99
25-Series: UTRA Aspects ··GERAN:
GERAN:Series
Series41
41- -55
55
26-Series: Codecs (Speech, Video,..) R4 (Rel.`2000) onwards
R4 (Rel.`2000) onwards
27-Series: Data
28-Series: Signalling Protocols (RSS - CN)
29-Series: Signalling Protocols (NSS)
30-Series: Program Management
31-Series: USIM
32-Series: Operation & Maintenance
33-Series: Security Aspects
34-Series: Test Specifications
35-Series: Confidentiality & integrity algorithms
TS: Technical Specifications
Fig. 15
26
The Third
2.2 3G / UMTS: 4 Zone Concept / Data Rates

The 4-zone concept in UMTS is based on the IMT-2000 specifications of the ITU.
The concept defines three terrestrially supplied zones (in-building, urban,
suburban/rural) and one zone (global) supplied by MSS's (Mobile Satellite Systems).
Zone 1: Indoor
Zone 1 is made up of pico cells and is used for servicing large offices, domestic
households, floors in skyscrapers, the stock exchange, etc. The service radius of the
pico cells is in the order of several tens of meters – i.e., small areas with high user
densities and little mobility (max. 10 km/h) are supplied. Coupled with the restricted
mobility are high (ITU) requirements on the transfer rate (up to 2 Mbit/s). Up to 2
Mbit/s are theoretically possible with UMTS in Zone 1.
Zone 2: Urban
Zone 2 is made up of micro cells and is used to serve so-called hot spots. These are
inner city areas, public places, sports stadiums, exhibition and trade fair halls, airport
terminals, railway stations, etc. The service radius of the micro cells is in the order of
several hundreds of meters – i.e., relatively small areas with high user densities and
low (max. 10 km/h) mobility are supplied. Up to 2 Mbit/s are theoretically possible
with UMTS in Zone 2.
Zone 3: Suburban/rural
Zone 3 is made up of macro cells and is used for servicing suburban and rural areas.
The service radius of the macro cells is in the order of several kilometers – i.e.,
relatively large areas with medium-sized user densities and medium (max. 120 km/h)
or high (max. 500 km/h) mobility are supplied. The ITU requested up to 384 kbit/s for
medium speed support. In UMTS theoretically up to 480 kbit/s are foreseen for Zone
3. High mobility (max. 500 km/h), for which the ITU requested to support up to 144
kbit/s is not supported in initial UMTS.
Zone 4: Global
Zone 4 globally covers all rural, non-built-up, sparsely populated areas: In other
words, everything not covered by zones 1 – 3. This includes the oceans, deserts,
mountainous terrain and the polar regions. MSS's are to service these areas. They
can provide coverage for areas ranging from several tens of kilometers (via beam
spots) to areas with a radius of up to several thousands of kilometers. Supply for the
highest mobility (up to 1000 km/h) should be possible at data rates of up to 144 kbit/s
(ITU requirement). Satellite UMTS (S-UMTS) has been discussed but never
developed.
27
UMTS- Zone 4: Global

concept:
4 zones Zone 3:
Suburban / Rural
Zone 2:
Urban Zone 1:
Indoor
Pico
MSS Macro Micro Cell
Cell Cell
max.
144 kbit/s 144 kbit/s 384 kbit/s 2048 kbit/s data rate
max.
1000 km/h 500 km/h 120 km/h 10 km/h speed
Fig. 16
28
The Third
Data rates and applications: UMTS compared to other transmission systems

In the indoor area, UMTS with its greater flexibility and faster data rates will assume
control of the functions currently implemented by 2nd generation systems such as
DECT, W-PBX and WLL. These 2G systems work in TDD mode (Time Division
Duplex) and theoretically enable data rates of more than 100 kbit/s. UMTS has a
TDD mode for this area that allows data rates of up to 2 Mbit/s. These speeds
provide capability for image transmission that goes beyond the performance of
previous applications (for example, video-on-demand, games-on-demand, video
conferences, etc.). Applications that were previously inconceivable or extremely
unlikely are now possible in this area.
Fixed network links or special mobile transmission systems such as WLAN (Wireless
Local Area Network) or MBS (Mobile Broadband Systems) will still be required in the
future for applications with extremely demanding capacity requirements. These
systems are either in the trial or development phases (4G).
Cellular 2G systems such as GSM, IS-95, D-AMPS or PDC and 3G PMR systems
such as TETRA are used in the outdoor area – i.e., suburban and rural areas with
low to medium speeds. These 2G systems work in FDD mode (Frequency Division
Duplex). Generally only voice and data transfer rates of about 10 kbit/s (in GSM
Phase 2+ with over 100 kbit/s) are reached. UMTS possesses an FDD mode for this
area that allows data rates of up to 480 kbit/s for medium speed in outdoor areas.
Terrestrial, cellular UMTS components (TDD and FDD modes) will therefore be
responsible for the functions of today's 2G indoor systems (TDD mode) and 2G
outdoor systems (FDD mode). Much higher data rates are possible with the new
generation.
3G systems will also represent a quantum leap in the number and variety of potential
applications in the global area, which with 1G and the first 2G MSS systems could
only offer relatively low data rates.
29
• Applications
UMTS • Data rates
• 2G / 3G comparison
100 Fixed network
Terminal
MBS
(Mobile Broad
10 Band System)
WLAN
Fixed network
Data rates [Mbit/s]
1
3G UMTS
(FDD & TDD Services)
0.1 2G TDD
(DECT, W-PBX, WLL)
2G FDD
cellular systems (GSM, IS-95,..)
0.01
office / floor Building, halls Hot Spots Pedestrian Vehicles
stationary stationary stationary Low mobility High mobility
Indoor Outdoor
Source: UMTS Task Force Report
Fig. 17
30
The Third
2.3 UMTS Licenses

Licensing
The licensing of UMTS was commenced in Finland in 03/1999. The remaining EU15
nations, other Western and Central European countries, Japan and South Korea,
South Africa, Australia and New Zealand have followed in 2000 and early 2001.
Different licensing methods are used. A number of countries (e.g. Finland, Spain)
prefer the distribution of licenses (more or less) free of charge, using a so-called
"beauty contest" to find out the most reliable network operators for the restricted
number of licenses.
Most other countries (e.g. Germany, the United Kingdom and the Netherlands)
preferred different auction systems (open and closed). The acquisition of licenses is
linked in most countries to different conditions. The conditions include guarantees for
commencement of UMTS operation and the requisite service level with UMTS after a
particular time (e.g., 50% of the population after 5 years). The lifetime of the licenses
will be limited to 15 years in most cases. In Germany they are limited to 20 years.
Regional licenses are not excluded. In general, however, operators prefer national
licenses.
Licenses
2 x 60 MHz are available for paired bands (FDD) and a total of 35 MHz for unpaired
bands (TDD) for the EU15. There are therefore 12 packets for paired bands and 7
packets for unpaired bands to be allocated for use with the UMTS 5-MHz bandwidth.
The UMTS Forum specified a minimum of 3 packets for paired bands (i.e., 2 x 15
MHz) and 1 packet for unpaired bands (i.e., 1 x 5 MHz) per operator for optimum
deployment of UMTS. If licenses have been granted in this way (2 x 15 MHz for
paired band), this implies a maximum of 4 operators in each country. For this reason,
licenses with 2 x 10 MHz for paired bands have been also allocated in countries with
high population densities, thereby allowing 5 or 6 licenses per country.
31
UMTS Licensing methods / conditions

Licensing · „free of charge“ / “beauty contest”
(e.g. Finland, Spain)
· Auctioning: e.g. GB, D, NL, I
· annual fee: e.g. France
· available (mostly) for 15 years
Licensing in:
· Finland 03/99
· Spain, GB: 1Q2000 Licenses
Licenses(EU15):
(EU15):
· NL, D, F, I: 3Q2000 ··22xx60
60MHz
MHzpaired
pairedband
band(FDD)
(FDD)
· EU15: closed until ··35 MHz unpaired (TDD)
35 MHz unpaired (TDD)
end of 2000 ··bandwidth:
bandwidth:55MHz
MHz
· Japan: 1Q2001 ·· ÞÞ12 12FDD
FDDpackets
packets++77TDD
TDDpackets
packets
··UMTS
UMTS Forum SAG requestsper
Forum SAG requests peroperator:
operator:
min.
min.22xx15
15MHz
MHzFDDFDD++11xx55MHz
MHzTDD
TDD
··EU15:
EU15:44- -66Licenses
Licenses
(e.g.:
(e.g.:F,F,Fin.,
Fin.,Spain:
Spain:4;4;GB,
GB,NL:
NL:5;5;D:
D:6)6)
UMTS UMTS
UMTS FDD (UL) UMTS FDD (DL)
TDD TDD
1920 1980 2010 2025 2110 2170

1900
frequency range [MHz]
Fig. 18
32
Chapter 2
UMTS Evolution
UMTS Evolution Siemens
UMTS Evolution
Contents
1 Background & Principle 23
1.1 Evolutionary Path: GSM to UMTS 34
1.2 GSM & UMTS Evolution 78
1.3 Evolution: Data Transmission 190
2 Exercise 1113
3 Solution 1317
1
1 Background & Principle
UMTS Evolution
UMTS
GSM
Release
Release 4
Phase
2+ 3
Phase
1/2
Background & Principle
Fig. 1
2
Siemens
UMTS Evolution Siemen
UMTS Evolution
1.1 Evolutionary Path: GSM to UMTS

Original UMTS planning
The original considerations regarding a 3rd generation of mobile communications at
the start of the 1990's represented a decisive leap in comparison to the 2nd
generation. The general opinion expressed at the so-called "zero meeting" held by
the ETSI SMG5 responsible for UMTS conception and coordination in December
1991 was that all downward compatibility of UMTS with GSM be avoided. UMTS was
to be a system fully independent of GSM in order not to limit the capability of UMTS
with compromises regarding the existing GSM infrastructure.
This point of view was revised in the mid-1990's. The costs of research,
standardization and development of UMTS exceeded those of GSM many-fold.
Moreover, GSM proved to be much more successful than even the most optimistic
forecasts predicted. GSM networks providing total coverage were erected not only in
Europe, but also in most other countries in the world. In view of this situation, it would
have been extremely expensive with little chance of success to establish UMTS
networks that are fully incompatible with existing GSM networks.
Downward compatibility of UMTS

The UMTS strategy was changed with the publication of the ETSI GMN (Global
Multimedia Mobility) Reports 1996.
UMTS networks are now to be designed on the basis of the existing GSM
infrastructure and are to be downward compatible with GSM. UMTS has a modular
design for this reason. The first module to be centrally changed for the UMTS
introduction with regard to GSM is the broadband radio interface. Further
modifications are to follow in subsequent phases.
3
Evolutionary path:
GSM to UMTS Original vision:
quantum leap from
GSM to UMTS
Capabilities
UMTS
GSM
1990 2000 2002 Zeit

Problems:
• UMTS-costs (research, standardisation, development) >> GSM
• creation of GSM-incompatible networks is not promising
Fig. 2
4
UMTS
Siemens Evolution Siemen
UMTS Evolution
The evolutionary path: GSM to UMTS

The ETSI GMM (Global Multimedia Mobility) Report from 1996 pointed the way for
the development not only of UMTS, but also of GSM. GSM was to be further evolved
in the GSM Phase 2+ in such a manner that its capabilities progressed toward
UMTS. The GSM network and protocol structures were developed so that they can
be used as a platform not only for high level GSM services, but also for UMTS.
UMTS will continue the GSM success story. The existing infrastructure of the GSM
operators will be more intensively used, and also for UMTS. This reduces the
financial risks involved in the introduction of UMTS. In other words, the 2G
investments will continue to be utilized.
The experience gained by GSM with regard to the core network and the
protocols/procedures (e.g., the MAP protocol, call control, mobility management,
handover, etc.) will also be used either directly or in a modified form. This approach
will also reduce the risks involved in the technical 3G implementation.
Also of great importance is the introduction of dual and multimode terminals that will
be able to use the entire area serviced by GSM from the very beginning by handover
between UMTS and GSM, thereby paving the way for UMTS (reduction of 3G risks).
This new evolutionary plan gives 2G operators a chance to reconfigure their networks
for upward compatibility, and UMTS operators can avail of the downward
compatibility to assure successful UMTS launching.
In this way GSM will slowly evolve along a migration path toward the original
objectives of UMTS to obtain the smoothest possible transition from the 2nd to the
3rd generation of mobile communications.
5
Evolutionary path: ETSI GMM Report 1996:

GSM to UMTS UMTS downward compatible
Save 2G Investments! Reducing 3G Risks !

• Technical investments of operators • Minimize technical risks
• sales/marketing investments • Minimize implementation risks
• Based on global GSM success & experience

• Common Core Network (for GSM & UMTS)
• based on GSM Non-Access Stratum protocols (CM, MM, SM,..)
• based on GSM CN protocols (MAP)
• re-use GSM Supplementary Services
• production experience of 2G equipment vendors
– shorter paths for marketing 3G products
– faster reduction of costs
Migration path for 2G operators toward 3G

Upward
compatible 2G 3G Downward
compatible
GMM: Global Multimedia Mobility
Fig. 3
6
Siemens
UMTS Evolution
1.2 GSM & UMTS Evolution

The original plans for GSM in the 1980's included all aspects of a 2G standard. In
1988 it became clear that this was not possible in the specified time frame. For this
reason, GSM was released in a preliminary version in 1990/91 as GSM Phase 1.
GSM Phase 1
Phase 1 contains everything required for the operation of GSM networks. Speech
data transfer is the core focus. Data transfer is defined, too (0.3 - 9.6 kbit/s). Only a
few supplementary services are included.
GSM Phase 2
After Phase 1completion, the GSM Standard was fully revised. Phase 2 includes a
wide range of supplementary services comparable with the ISDN standard.
GSM Phase 2+
Phase 2+ enhances in Annual Releases (`96, `97, `98, `99) the GSM standard and
prepares the UMTS introduction. Especially the GSM Core Network CN is enhanced
to be used as UMTS CN at UMTS start. Major Phase 2+ aspects are IN services,
flexible service definition, packet data transfer, high data rate transmission and
improved voice codes. GSM is limited by the narrowband radio access, the radio
resource efficiency and a lack of additionally available frequency bands.
UMTS Release `99 (also: Release 3)

With GSM Rel. `99, a handshake with the first UMTS Release (Rel.. `99 or Rel. 3)
according to many CN and service aspects is performed. UMTS introduces a new,
broadband radio access optimized for packet data transmission up to 2 Mibt/s.
UMTS Release 4
Unlike GSM Phase 2+, the enhancement of UMTS is not performed in annually
steps. Enhancements should be possible in flexible time schedules. Rel. 4 (late 2001)
introduces e.g. important CN modifications (bearer independent signaling flow) and
the Low Chip Rate LCR TDD mode as a third radio access option.
UMTS Release 5, 6, …
For UMTS Rel. 5 major CN modifications, i.e. the IP Multimedia Subsystem IMS, are
planed. New network elements and protocol structures are defined.
For the future modifications of the UTRAN toward an All IP RAN, enhancements of
the radio resource efficiency, new frequency ranges (WRC'2000) and many more
enhancements toward 4G are expected
7
GSM & UMTS

GSM Limits:
Evolution • narrow-band radio access
• resource efficiency UMTS
Capabilities • additional frequency bands
required Release
Release 5
Release 4
GSM 3
Phase
2+
Phase ···
Phase 2 Release
1 Release
‘99
Release ‘98
Release ‘97
‘96
Ph1: TeleServices TS, new SS, flexible new WCDMA new CN solutions Time
BS max. 9.6 Kbit/s Service Concept Radio Interface (R’4: CS domain
Ph2: Supplementary (CAMEL, MExE,..), (large bandwidth, modification
Services SS (= ISDN) higher data rates Flexible data rates; R’5: IMS);
(HSCSD, GPRS, EDGE) optimized for PS); new RTT options
new network elements new RAN (LCR-TDD)
close to original IMS: IP Multimedia Subsystem
3G plans LCR: Low Chip Rate
RTT: Radio Transmission Technology
Fig. 4
8
Siemens
UMTS Evolution
1.3 Evolution: Data Transmission

In Phases 1 / 2 GSM allows data transfers at 0.3 to 9.6 kbit/s. In Phase 2+ HSCSD,
GPRS and EDGE are introduced to enhance the data transmission capabilities.
HSCSD: High Speed Circuit Switched Data

HSCSD defines bundling of up to 8 physical channels of one carrier. In practice,
however, only up to 4 channels are bundled together due to CN restrictions. The
maximum data rate per physical channel was increased from 9.6 kbit/s to 14.4 kbit/s,
introducing a new codec. As a result, up to 57.6 kbit/s can be reached (theoretically
up to 115.2 kbit/s). HSCSD, like conventional GSM, defines Circuit Switched CS data
transfer. For HSCSD, only minor modifications to the GSM network were necessary.
GPRS: General Packet Radio Services

GPRS also allows bundling of up to 8 physical channels to one user. Four new
Coding Schemes CS enable transfers at rates of 9.05 /13.4 / 15.6 / 21.4 kbit/s per
physical channel. GPRS introduces Packet Switched PS data transmission, which
allows efficient use of resources and direct access to Packet Data Networks PDN.
New network elements and protocols, paving the way for UMTS, have been defined.
EDGE: Enhanced Data Rate for the GSM Evolution

EDGE introduces a new modulation method over the radio interface: 8-Phase Shift
Keying 8PSK. This allows three times faster data transfer compared to the
conventional GSM modulation method Gaussian Minimum Shift Keying GMSK. In
this way, EDGE is used to enhance the performance of GPRS and HSCSD.
Transmission at up to 69.2 kbit/s per physical channel is possible. Theoretically, data
rate of up to 553.6 kbit/s are possible, granting ITU 3G requirements for Zone 3 (wide
area mobility.
UTRA: UMTS Terrestrial Radio Access

In UMTS, UTRA introduces a new multiple access method (WCDMA), modulation
principle (QPSK) and a 25 times larger bandwidth than GSM at new frequency
ranges. New RAN network elements and protocols are defined. The maximum data
transmission rate will be some 2 Mbit/s.
9
Data Transmission
Evolution UTRA:
1920 kbit/s
• HSCSD, GPRS & EDGE: combining 1-8 TS
• HSCSD: Circuit Switched
• GPRS: Packet Switched; new Infrastructure
• EDGE: 8PSK instead of GMSK EDGE:
max. Data rate
• UMTS: UTRA (WCDMA) optimised for PS New:

553 kbit/s
• transmission
GPRS: principles
171 kbit/s (WCDMA)
• network
HSCSD: new
network elements &
no new
elements
115 kbit/s protocol architecture: network elements; • protocols
only changes
prerequisite
no new for UMTS !! in modulation
network elements; principle
GSM SW-changes
Phase 1/2:
4 / (8) x 8x
9.6 kbit/s 14.4 kbit/s 21.4 kbit/s
8 x 69.2 kbit/s
9,6 kbit/s
GSM Phase 2+
HSCSD: High Speed Circuit Switched Data 8PSK: Phase Shift Keying
GPRS: General Packet Radio Services GMSK: Gaussian Minimum Shift Keying
EDGE: Enhanced Data rates for the GSM Evolution UTRA: UMTS Terrestrial Radio Access
Fig. 5
10
Chapter 3
The UMTS Network

The UMTS Network Siemens
The UMTS Network
Contents
1 Release `99: Network Overview 23
2 Release `99 CN: CS Domain 69
3 Release `99 CN: Entities common to CS & PS Domain 1319
4 Release `99: PS Domain 1929
5 Release `99: UTRAN & UE 2637
6 Further Evolution: Release 4 & 5 3347
7 Exercise 4055
8 Solution 4765
1
1 Release `99: Network Overview
UMTS
PSTN / Network Intra- /
ISDN Internet
Enhanced GSM Phase 2+

Core Network
A Gb Iu
BSS Co-existence of UTRAN
GSM Base Station GSM & UMTS UMTS Terrestrial
Subsystem network elements Radio Access Network
Um Uu
GSM GSM / UMTS UMTS
GSM ® UMTS Evolution

è saves investment costs
è reduces implementation risks
Release `99
Network Overview
Fig. 1
2
Siemens
The UMTS Network The UMTS Network
Siemen
Release `99: Network Overview

UMTS networks are based on GSM Phase 2+ Core Networks. This approach
safeguards the investments made by today's GSM network operators and reduces
the 3G implementation risks. The UMTS Terrestrial Radio Access Network UTRAN is
connected to the enhanced Phase 2+ CN via Iu interface. The GSM Base Station
Subsystem BSS and UTRAN can be connected to the same CN. The GSM Mobile
Station MS is connected to the GSM BSS via GSM radio interface Um, the UMTS
User Equipment UE to UTRAN via UMTS radio interface Uu.
An overview of the UMTS network architecture is given in TS 23.002.
The UMTS CN
The enhanced GSM Phase 2+ Core Network consists of a Circuit Switched CS
Domain for speech, video telephony and real-time data transfer and a Packet
Switched PS Domain for Non real-time data transfer. Furthermore, several network
elements are necessary respectively optional for both domains, here determined as
"Entities common to the CS & PS Domain".
An overview of the PS Domain is given in TS 23.060.
Network Overview
TS 23.002:
RAN CN
Network Architecture
Radio Access Network Core Network
External
Networks
GSM BSS CS Domain
Entities common
to the CS & PS Domain
UE
UTRAN
PS Domain
TS 23.060:
GPRS
Fig. 2
3
Siemens
Siemen
The UMTS Network
CS Domain
The CS Domain of the UMTS CN consists of the following functions:
l MSC: Mobile Services switching Center
l GMSC: Gateway MSC
l SMS-GMSC: Short Message Services Gateway MSC
l SMS-IWMSC: Short Message Services Interworking MSC
l TC/IWF: Transcoding & Interworking function
PS Domain
The PS Domain of the UMTS CN consists of the following functions:
l GGSN: Gateway GPRS Support Node
l SGSN: Serving GPRS Support Node
l CGF: Charging Gateway Function
Entities common to the CS & PS Domain:

l AuC: Authentication Center
l CSE: CAMEL Service Environment
UMTS Terrestrial Radio Access Network UTRAN & UE

The UTRAN consists of the following functions:
RNC: Radio Network Controller
Node B
UE: User Equipment
Remark: This list of UMTS functions is not complete (see TS23.002). Only the "most
important" functions are shown. The listed functions are described in the following.
4
UMTS TS 23.002
Network
GSM BSS CS Domain
PSTN
BTS T MSC /
B R VLR GMSC
A IWF/ ISDN
S U TC
BTS C
CSE EIR HLR AuC
UTRAN
Node B
(n x BTS)
R X.25
UE N
Node B C SGSN GGSN IP
(n x BTS)
PS Billing
R Domain CGF
System
Node B N
(n x BTS) SMS-GMSC
C SMS-IWMSC
SM-SC
CGF: Charging Gateway Function
TC: Transcoding
CSE: CAMEL Service Environment
IWF: Interworking Functions
SM-SC: Short Message Service Centre
Fig. 3
5
2 Release `99 CN: CS Domain
UMTS
GSM BSS Network CS Domain
PSTN
BTS T MSC /
B R VLR GMSC
A IWF/ ISDN
S U TC
BTS C
CSE EIR HLR AuC
UTRAN
Node B
(n x BTS)
R X.25
UE N
(n x BTS)
PS Billing
R Domain CGF
System
Node B N
(n x BTS) SMS-GMSC
C Release `99 CN: SMS-IWMSC SM-SC
CS Domain
Fig. 4
6
Siemens
The UMTS Network Siemen
The UMTS Network
3G MSC
The Mobile-services Switching Center MSC constitutes the interface between the
radio system and the external fixed networks (ISDN / PSTN). The MSC performs all
necessary functions in order to handle the circuit switched services to and from the
Mobile Stations MS / User Equipment UE.
The MSC is an exchange which performs all the switching and signaling functions for
MSs / UEs located in a geographical area designated as the MSC area. The MSC
area is sub-divided into so-called Location Areas LA. The main difference between a
MSC and an exchange in a fixed network is that the MSC has to take into account
the impact of the subscribers mobility.
Several MSCs may be required to cover a country.
The MSC is connected to other network elements via the following interfaces
(Examples):
l A-Interface: to the GSM Base Station Controller BSC
l B-Interface: to the VLR. The MSC is always associated with a Visitor Location
Register. Therefore, the B-Interface is proprietary.
l C-Interface: to the HLR
l E-Interface: to other MSCs
l F-Interface: to the EIR
l Gs-Interface: to the SGSN (for common Mobility Management)
l Iu(CS)-Interface: to the RNC
Gateway MSC (GMSC): If a network delivering a call to the PLMN cannot interrogate
the HLR, the call is routed to an MSC. This MSC will interrogate the appropriate HLR
and then route the call to the MSC where the mobile station is located. The MSC
which performs the routing function to the actual location of the MS / UE is called the
Gateway MSC. The choice of which MSCs can act as Gateway MSCs is for the
operator to decide (i.e. all MSCs or some designated MSCs).
Visited MSC (VMSC): For all the MSs / UEs in the MSCs area the serving MSC is
regarded as Visited MSC.
7
3G MSC SMS-GMSC
SMS-IWMSC
SM-SC
Mobile services
Switching Center
E GMSC:
GMSC:
• •PSTN/ISDN
PSTN/ISDNInterface
Interface
• •Interrogating
InterrogatingHLR
HLR
T • •routing
routingtotoactual
actual
B VLR VLR UE
UElocation
location
R A
S A B B PSTN
C U
E
MSC GMSC ISDN
IWF/
Iu(CS) TC C Main
Gs F
R
MSC
tasks:
N EIR HLR • Switching
C SGSN • Handling CS Services
• Call Setup / Release
• Charging
LA1 LA2 • Interfaces:
MSC:
MSC:
• •always A, B, C, E, F,
alwaysassociated
associatedwith
withVLR
VLR Gs, Iu(CS)
• •control
controlofofgeographical
geographicalarea:
area:
MSC
MSCAreaArea==11/ /several
several LA3 LA4
Location
LocationArea
AreaLA
LA
• •V(isited)-MSC
V(isited)-MSCfor
forall
allUEs
UEs
ininMSC
MSCArea
Area MSC Area
Fig. 5
8
The UMTS
Siemens Network Siemen
The UMTS Network
Short Message Service SMS Gateway MSC (SMS-GMSC)

The SMS-GMSC acts as an interface between an external Short Message Service
Center SMS-SC and the PLMN, to allow short messages to be delivered to MS / UE
from the Service Center.
The choice of which MSCs can act as SMS Gateway MSCs is a network operator
matter (e.g. all MSCs or some designated MSCs).
SMS Interworking MSC (SMS-IWMSC)

The SMS Interworking MSC acts as an interface between the PLMN and a SMS-SC
to allow short messages to be submitted from MS / UE to the SMS-SC.
The choice of which MSCs can act as SMS Interworking MSCs is a network operator
matter (e.g. all MSCs or some designated MSCs).
SMS-GMSC and SMS-IWMSC description can be found in TS 23.002.
SMS-GMSC
TS 23.002
SMS-IWMSC
External
CS MSC / Networks
all or some designated
MSCs can act as Domain VLR
SMS-GMSC/IWMSC
(Network operator
dependent) E
SMS-GMSC SM-SC
SMS Gateway MSC
Short Message
SMS-IWMSC Service Center
SMS Interworking MSC
Gd
PS
SGSN
Domain
Fig. 6
9
Siemens
Siemen
Visitor Location Register VLR

The Visitor Location Register VLR is responsible to aid the MSC with information on
the subscriber, which are temporarily in the MSC service area. Therefore, in praxis it
is always associated with an MSC.
The VLR request the subscriber profiles of subscriber with activated MS / UE in the
MSC service area from the Home Location Register HLR and stores them
temporarily. Temporarily means as long as the subscriber is not registered in a new
MSC/VLR, even if he deactivated the MS / UE.
Additional to the semi-permanent subscriber data received from the HLR the VLR
stores temporary data, e.g. information on the subscribers current location (the
Location Area), the state of activation (Attached / Detached),...
Furthermore, the VLR is responsible for the initiation of security functions, e.g. the
Authentication procedure, the start of ciphering and the TMSI re-allocation.
Examples of subscriber data in the VLR:
l MSISDN: Mobile Subscriber ISDN No.
l TMSI: Temporary Mobile Subscriber Identity
l LMSI: Local Mobile Subscriber Identity
l MSRN: Mobile Station Roaming Number
l LAI: Location Area Identity
l Authentication Parameter
l the identity of the SGSN where the MS has been registered
The organization of the subscriber data is outlined in TS 23.008.
10
VLR Main
Visitor Location VLR
Register tasks:
VLR as „MSCs Data Base“: for all UEs in MSC Area

• storing Subscriber profiles
• Subscriber Profile,
e.g. IMSI, MSISDN,
• Mobility Management
Services (TS, BS, SS),.. • storing Location Information
• Temporary Subscriber Data • controlling
e.g. LMSI, TMSI, MSRN, Security Features*
Security Parameter,
Location Information,
IMSI attach/detach,..
B
MSC
VLR
* e.g. Authentication, Authorization,
Cipher & Integrity Start
••Location
LocationUpdates
Updates D
••Subscriber Profiles®
SubscriberProfiles ®VLR
VLR
••Security
SecurityParameter
Parameter
(via HLR®®VLR)
(viaHLR VLR)
••Interrogation
Interrogation
(MSRN HLR AuC
(MSRNvia
viaHLR
HLRtotoGMSC)
GMSC)
TS: Tele Services
BS: Bearer Services IMSI: International Mobile Subscriber Identity
SS: Supplementary Services LMSI: Local Mobile Subscriber Identity
MSRN: Mobile Station Roaming Number TMSI: Temporary Mobile Subscriber Identity
Fig. 7
11
Siemens
The UMTS Network
Transcoding TC function
The Transcoding TC function is used to perform conversion between standard ISDN
64 kbit/s speech transmission and the UMTS Adaptive Multi-Rate AMR speech codec
(Specs: 26-series).
The AMR speech coder is a single integrated speech codec with eight source rates
from 4.75 kbit/s to 12.2 kbit/s, and a low rate background noise encoding mode. The
speech coder is capable of switching its bit-rate every 20 ms speech frame upon
command (TS 26.071).
Different to GSM, in UMTS the Transcoding function is not part of the Radio Access
Network RAN. It has been defined as part of the UMTS Core Network CN.
Some optimization procedures allow it to be passed through, without transcoding, in
the case of UE to UE communication for example, when double-transcoding would
be performed for nothing.
Interworking Function IWF

The "classical" Core Network CN interfaces (e.g. A – G) are all Time Division
Multiplexed TDM based (E1/T1). Different to this, The Iu interface between UTRAN
and the UMTS CN is ATM-based. An Interworking Function IWF is necessary for
conversion between TDM-based and ATM-based interfaces.
Remark: IWF and TC function can be stand-alone network elements or be integrated

into the UMTS MSC, depending on the manufacturers / network operators decision /
demands.
TC
Transcoding T CN
B Core Network VLR
& R A
S A
IWF B
C U
InterWorking Function
E
RAN MSC
Radio Access IWF/
Network
Iu(CS) TC Gs F
C
R • Interworking: TDM « ATM

N IWF
• all „classical“ CN-Interfaces (A-G):
TDM based (E1/T1 » PCM30/PCM24)
C • Iu(CS): ATM based
BlaBla BlaBla
Bla
Bla
TC
Transcoding
4.75 – 12.2 kbit/s • CN function in UMTS: 64 kbit/s (ISDN)

part of MSC or standalone N.E.
AMR: Adaptive MultiRate
• Conversion of Speech Data (CN Û RAN):
using AMR speech codec
• CN: 64 kbit/s (ISDN)
CN
UTRAN • RAN: 4.75 – 12.2 kbit/s (AMR)
Fig. 8 12
3 Release `99 CN: Entities common to CS &

PS Domain
UMTS
PSTN
BTS T MSC /
B R VLR GMSC
A IWF/ ISDN
S U TC
BTS C
CSE EIR HLR AuC
UTRAN
Node B
(n x BTS)
R X.25
UE N
(n x BTS)
PS Billing
R Domain CGF
System
Node B N
(n x BTS)
Release `99 CN: SMS-GMSC
SM-SC
C SMS-IWMSC
Entities common
to CS & PS Domain
Fig. 9
13
Siemens
Siemen
Home Location Register HLR

The HLR is a database in charge of the management of mobile subscribers There
may be one or more HLRs in a GSM PLMN.
The HLR is always associated with an Authentication Center AC (proprietary
interface). It participates in different procedures, for e.g.:
l It sends all necessary data to the VLR.
l It supports the call setup in case of Mobile Terminating Calls MTC by sending
routing information to the Gateway MSC (Interrogation).
l It transmits the security parameters from AuC to VLR on request
An HLR contains different semi-permanent mobile subscriber data, e.g.:
l MSISDN: Mobile Station International ISDN number
l Packet Data Protocol (PDP) address(es), e.g. IP address
l Services: Bearer Services BS, Tele Services TS, Supplementary Services SS
l a list of all the group IDs a service subscriber is entitled to use to establish voice
group or broadcast calls
l CAMEL Subscription Information(s)
l Service Restrictions (e.g. roaming limitations)
Additionally, the HLR contains different temporary information of the mobile
subscriber, e.g.:
l VLR and SGSN addresses
l Mobile Station Roaming Number MSRN
l SMS flags
The organization of the subscriber data is outlined in GSM 23.008.
Authentication Center AuC

The AuC is responsible to store the secret Keys of the subscribers and the security
algorithm, which are necessary for the generation of the GSM and UMTS security
parameters. On request of the VLR respectively the SGSN the AuC generates the
security parameters. They are delivered via HLR to VLR / SGSN to enable
Authentication, Ciphering and Integrity Check.
The AuC is always associated with an HLR (communication via a proprietary
interface).
14
HLR AuC
Home Location Register Authentication Center
• Subscriber Registration
• Storing/Management CS Domain • Storing „secret Keys“
subscriber profiles (counterpart: USIM) &
• Deliver profiles to VLR/SGSN MSC / Security Algorithm
• Storing Location Information GMSC • Generating Security Parameter
• (VLR / SGSN)
VLR (GSM: Triples; UMTS: Quintets)
• MTC: Deliver Routing • Deliver Parameter to VLR /
information to GMSC / GGSN SGSN (via HLR)
• Associated with AuC
D C • Associated with HLR
HLR AuC
Gr Gc
SGSN GGSN
PS Domain
BS: Bearer Service
TS: Tele Service
SS: Supplementary Service
Subscriber data (Examples): CSI: CAMEL Subscription Information
• Semi-permanent Data: MSISDN, IMSI, Services QoS: Quality of Service
(BS, TS, SS), QoS Profile, CSI, Service Restrictions,.. IMSI: International Mobile Subscriber Identity
MSISDN: Mobile Station ISDN Number
• Temporary Data: VLR / SGSN address, MSRN: Mobile Station Roaming Number
MS Non-Reachable flag, MSRN, SMS flags,..
Fig. 10
15
The UMTS
Siemens Network Siemen
The UMTS Networ
Equipment Identity Register EIR

The EIR is an optional feature in GSM and UMTS. It has been defined to enable theft
prophylaxis. Stolen or non-valid Mobile Equipment ME can be blocked from further
usage.
The Equipment Identity Register EIR is the logical entity, which is responsible for
storing in the network the International Mobile Equipment Identities IMEIs (TS
23.002). An IMEI clearly identifies a unique Mobile Equipment ME and contains
information about the place of manufacture, device type and the serial number of the
equipment.
The Mobile Equipment ME is classified as "white listed", "grey listed", "black listed" or
it may be unknown as specified in TS 22.016 and TS 29.002.
The EIR performs IMEI Checks on VLR respectively SGSN request to check whether
the ME is stolen or non-valid.
The EIR is connected to:
l the SGSN via Gf interface
l the VLR via F interface
EIR
Equipment Identity Register • Storing IMEIs
(counterpart: ME)
on White / Gray / Black List
CS Domain • Performing IMEI Check
on VLR / SGSN request
MSC / • optional network function
VLR
EIR
Gf
SGSN
IMEI
International
PS Domain Mobile station
Equipment
Identity
Fig. 11
16
Siemens
Siemen
CAMEL Service Environment CSE

For the introduction of CAMEL services, some network elements have to be
enhanced and new functional entities have to be introduced (TS 23.078):
l GSM Service Control Function gsmSCF: functional entity that contains the
CAMEL service logic to implement Operator-Specific Services OSS. It interfaces
e.g. with the gsmSSF, the gprsSSF and the HLR.
l GSM Service Switching Function gsmSSF: functional entity that interfaces the
MSC/GMSC to the gsmSCF. The concept of the gsmSSF is derived from the IN
SSF, but uses different triggering mechanisms because of the nature of the mobile
network
l GPRS Service Switching Function gprsSSF: functional entity that interfaces the
SGSN to the gsmSCF.
l Home Location Register HLR: for subscribers requiring CAMEL support, the
HLR stores different types of CAMEL Subscriber Information CSI (e.g. O-CSI for
Mobile Originating Calls MOCs, T-CSI for Mobile Terminating Calls MTCs). The O-
CSI is sent to the VLR at Location Update, on data restoration or if the O-CSI is
updated by administrative action. The O/T-CSI is sent to the GMSC when the HLR
responds to a request for routing information.
l MSC/VLR or SGSN: VLR or SGSN store the different CSI information as part of
the subscriber data for subscribers roaming in the MSC/VLR or SGSN area. MSC
or SGSN monitor the call states and communicate (internally) with the gsmSSF for
further proceeding.
CSE GSM Service Switching Function

• interfaces MSC/VLR to gsmSCF
CAMEL Service • derived from IN SSF
Environment
CS gsm gsm
Domain SSF SSF
MSC / E
VLR GMSC
GSM Service • stores CAMEL

Control Function: gsm Subscription
contains CAMEL HLR AuC Information CSI
service logic for SCF
Operator-Specific
Services
SGSN GGSN
PS Gn
gprs MSC/VLR
MSC/VLR&&SGSN:
SGSN:
Domain store
storeCSI
CSIas
aspart
partofof
SSF subscriber
subscriberprofile
profile
GPRS Service Switching Function

• interfaces SGSN to gsmSCF
Fig. 12
17
The UMTS Network
Siemens Siemen
The UMTS Network
CAMEL Protocols & Interfaces

The Mobile Application Part MAP and the CAMEL Application Part CAP (TS 29.078)
are used on the different interfaces (TS 23.078) applicable to CAMEL:
l HLR - VLR interface (D-Interface): On this interface the MAP is used to send the
CAMEL related subscriber data to the VPLMN and for provision of Mobile Station
Roaming Numbers MSRN. The interface is also used to retrieve subscriber status
and location information of the mobile subscriber or to indicate suppression of
announcement for a CAMEL service.
l GMSC - HLR interface (C-Interface): This interface is used at terminating calls to
exchange routing information, subscriber status, location information, subscription
information and suppression of announcements. The O/T-CSI that is passed to the
IPLMN is sent over this interface using the MAP.
l SGSN / MSC or GMSC – gprsSSF / gsmSSF interface: These are internal
interfaces. These interfaces are described in the specification to make it easier to
understand the handling of Detection Points DPs.
l gprsSSF / gsmSSF - gsmSCF interface (CAP Interfaces): On these interfaces the
CAP is used by the gsmSCF to control a call in a certain gprsSSF / gsmSSF.
l gsmSCF - HLR interface (CAP Interface): On this interface the MAP is used by the
gsmSCF to request information from the HLR. As a network operator option the
HLR may refuse to provide the information requested by the gsmSCF.
l GMSC - MSC interface (E-Interface): On this interface the MAP is used to transfer
control of a call from a VMSC back to a GMSC for optimal routing.
CAMEL
Protocols & Data transfer
Interfaces Signalling
O-CSI
T-CSI
TS 23.078,
MAP 29.078
HLR gsmSCF
HPLMN
CSE
MAP
CAP
Interfaces
gsmSSF
gprsSSF
MSC/VLR
SGSN
UE
gsmSSF
CSE: CAMEL Service Environment MSC/VLR

gsmSSF: GSM Service Switching Function
gsmSCF: GSM Service Control Function
CAP: CAMEL Application Part
MAP: Mobile Application Part
O-CSI: CAMEL Subscription Information (MOC) VPLMN
T-CSI: CAMEL Subscription Information (MTC)
Fig. 13
18
4 Release `99: PS Domain
UMTS
PSTN
BTS T MSC /
B R VLR GMSC
A IWF/ ISDN
S U TC
BTS C
CSE EIR HLR AuC

UTRAN
Node B
(n x BTS)
R X.25
UE N
(n x BTS)
PS Billing
R Domain CGF
System
Node B N
(n x BTS) SMS-GMSC
C Release `99 CN: SMS-IWMSC SM-SC
PS Domain
Fig. 14
19
The UMTS Network Siemenk
PS Domain - Main Concept

The PS domain uses a packet-mode technique to transfer high-speed and low-speed
data and signaling in an efficient manner. The PS domain optimizes the use of
network and radio resources. Strict separation between the radio subsystem and
network subsystem is maintained, allowing the network subsystem to be reused with
other radio access technologies. (TS 23.060)
Gateway GPRS Support Node GGSN

The GGSN is the first point of Packet Data Network PDN interconnection with a GSM
/ UMTS PLMN (i.e. it supports the Gi interface). GGSN functionality is common for
GSM and UMTS.
The Gateway GPRS Support Node GGSN provides interworking with external
Packet-switched Data Networks PDNs and it is connected with SGSNs via an IP-
based backbone network (Gn interface). When the SGSN and the GGSN are in
different PLMNs, they are interconnected via the Gp interface. The Gp interface uses
the same protocols as the Gn interface. Additional security features are necessary.
The GGSN is the node that is accessed by the PDN due to evaluation of the Packet
Data Protocol PDP address. It contains routing information for PS-attached users.
The routing information is used to tunnel packet data to the MS / UE's current point of
attachment, i.e., the Serving GPRS Support Node SGSN. The GGSN may request
location information from the HLR via the optional Gc interface.
Furthermore, the GGSN is responsible for message screening and it is collecting
charging data. The GGSN forwards the charging data via Charging Gateway
Functionality CGF (Ga interface) to the Billing Center.
The SGSN and GGSN functionalities may be combined in the same physical node, or
they may reside in different physical nodes.
20
GGSN TS 23.060
Gateway GPRS • Interworking PLMN « PDN (Gi)
• Screening / Filtering
Support Node
• Storing Routing Information (current SGSN)
• Requesting Location Information from HLR
(Gc optional; for MTC)
• Routing Packets ® SGSN (Gn)
• Collecting Charging Data & forwarding
to CGF (Ga)
HLR AuC
Gc
X.25
Gn Gi
SGSN IP-based GGSN IP
Backbone
Network
Ga
Gp Billing
SGSN CGF System
PS other SGSN External

Domain PLMN Networks
Fig. 15
21
Siemens
The UMTS Network
Serving GPRS Support Node SGSN

The Serving GPRS Support Node SGSN is responsible to provide service for all
activated MS / UE in a certain geographical area, the so-called SGSN service area.
The SGSN service area is subdivided into different Routing Area RA (a sub-set of the
Location Area LA). A Routing Area consists of one or several cells.
The SGSN keeps track of the location of an individual MS / UE and stores it location
(the Routing Area). It is responsible for the MS / UE Mobility Management (Location
Updates, Attach, Paging,..). Furthermore, the SGSN performs security functions and
access control.
The SGSN pulls the subscriber profiles via Gr interface from the HLR and stores it as
long as the subscriber has not been registered in another SGSN.
It is signaling with MS / UE and GGSN to set up PDP Contexts to transmit packet
data from MS / UE via RNC, SGSN and GGSN to external PDNs.
It is transmitting SMS via SMS IWF-/G-MSC (Gd interface) to the SM-SC.
It is controlling the QoS to be guaranteed for the subscribers service.
The SGSN also interfaces via the GPRS Service Switching Function gprsSSF with
the GSM Service Control Function gsmSCF for optional CAMEL session and cost
control service support.
The SGSN is connected to the GSM Base Station Subsystem BSS through the Gb
interface and/or to the UMTS Terrestrial Radio Access Network UTRAN through the
Iu interface.
It is interfaced with the MSC/VLR via Gs interface (optional) for Common Mobility
Management. E.g. the SGSN may receive paging requests from the MSC/VLR via
the Gs interface.
To provide Roaming it is connected via Gn / Gp (into other PLMNs) interface to other
SGSNs. The Gp interface provides the functionality of the Gn interface, plus security
functionality required for inter-PLMN communication. The security functionality is
based on mutual agreements between operators.
The SGSN is collecting charging data and transmitting them via Ga interface to the
Charging Gateway Function CGF.
The SGSN and GGSN functionalities may be combined in the same physical node, or
they may reside in different physical nodes.
22
RA
SGSN RA
5
• Serving all UEs in SGSN area =
2 RA
Serving GPRS LA RA 1 / several Routing Area(s) RA
Support Node 1 RA 4 • Storing subscriber profiles
RA (requested from HLR)
3 RA • Mobility Management, e.g
7
SGSN area 6 Update Location, Attach, Paging,..
• Security & Access Control:
Authentication, Cipher start, IMEI Check...
MSC / • Routing / Traffic-Management
VLR • Collecting charging data
TS 23.060 •…
Gs
SMS-GMSC
GSM BSS CSE EIR HLR AuC
SMS-IWMSC
CAP Gs Gr Gd
BSC Gb
Gn
SGSN IP-based GGSN
Backbone
RNC Iu(PS) Network
Ga
Gp
CGF
SGSN
other
PS PLMN SGSN
UTRAN Domain
Fig. 16
23
Siemens
The UMTS Network
Charging Gateway Functionality CGF

Charging in GSM / UMTS should be flexible and allow to bill according to the amount
of data transferred, the QoS supported, and the duration of the connection. The
GGSNs and SGSNs are collecting the charging data.
The Charging Gateway Functionality CGF provides a mechanism to transfer charging
information from the SGSN and GGSN nodes to the network operator's chosen
Billing Systems BS.
The Charging Gateway concept enables an operator to have just one logical interface
between the CGF and the BS. The CGF may be supported in one of the following
ways:
l -as a centralized separate Network Element, i.e. the Charging Gateway CG
l -as a distributed functionality resident in the SGSNs and GGSNs.
Support of the centralized or distributed CGF in a network is implementation
dependent, and subject to vendor/manufacturer agreement. Regardless of the way in
which the CGF is supported in the network, the functionality of the CGF is similar.
The main functions of the CGF are:
l -the collection of GPRS Charging Data Records CDRs from the GPRS nodes
generating CDRs;
l -intermediate CDR storage buffering;
l -the transfer of the CDR data to the Billing Systems BS
The CGF acts as storage buffer for real-time CDR collection. It provides the CDR
data to the BS.
Details of the Charging Gateway Functionality, the principles and transmission of
CDRs and the protocol architecture of the Ga interface are given in TS 32.015.
24
CGF TS 23.060
Charging Gateway & 32.015
Functionality Gn
SGSN GGSN TS32.015:
TS32.015:
Charging
Charging&&Billing
Billing
for
for thePS
the PSDomain
Domain
Ga Ga
PS
Domain CGF • collect CDRs from SGSNs & GGSNs
• intermediate CDR storage buffering
• CDR data transfer to the BS
External Billing
Networks System BS
The CGF can:

Charging • reside in a separate N.E.:
Gateway
BS
Charging Gateway CG
GSNs CG
• be integrated
GSN CGF BS in the GSNs
CDR: Charging Data Record

N.E.: Network Element
Fig. 17
25
5 Release `99: UTRAN & UE
UMTS
PSTN
BTS T MSC /
B R VLR GMSC
A IWF/ ISDN
S U TC
BTS C
CSE EIR HLR AuC
UTRAN
Node B
(n x BTS)
R X.25
UE N
(n x BTS)
PS Billing
R Domain CGF
System
Node B N
(n x BTS) SMS-GMSC
C Release `99: SMS-IWMSC
SM-SC
UTRAN & UE
Fig. 18
26
Siemens
The UMTS Network
Radio Network Controller RNC

The UMTS Terrestrial Radio Access Network UTRAN is sub-divided into Radio
Network Subsystems RNS. The Radio Network Controller RNC is the central
controlling unit of a RNS. It is controlling itself and all the Node Bs of the RNS.
The RNC is connected via the following ATM based interfaces:
l Iub interface: to the connected Node Bs
l Iur interface: to neighboring RNCs
l Iu interface: to the Core Network CN
Due to different protocol stacks, the Iu interface can be sub-divided into an Iu(ps)
interface and an Iu(cs) interface.
The Iu(ps) interface is used for data and signaling transmission to the PS Domain of
the CN, the Iu(cs) interface is used for data exchange with the CS Domain.
The main task of the RNC is to perform Radio Resource Management RRM for all
UEs in its service area. Therefore, it can be compared to the GSM BSC. Different to
the GSM BSC, it is 100% autonomously responsible for all RRM decisions.
RRM means to be that the RNC is responsible for signaling with the UEs via Radio
Resource Control RRC protocol, it is deciding about the allocation of resources,
Handover to other cells and release of resources,...
The RNC is holding the RRC connection to the UEs as long as data have to be
transmitted.
It is storing the UEs location information to transmit the data to the right location. The
location information can be requested by the CN for Location Based Services.
It is responsible for reliable transmission over the radio interface, performing
Backward Error Correction in acknowledged mode.
It is responsible for Ciphering / De-Ciphering and Integrity Check.
And it is responsible for many more WCDMA specific aspects shown in the following
chapters and TS 25.3xx and 25.4xx series.
27
RNC • 100% autonomously RRM

(e.g. Radio Resource Control, Access Control,
Radio Network Admission Control, Handover Control,…)
Controller • (De-)Ciphering & BEC (Layer 2 tasks)
• storing UEs location information
• RNS-Control (RNC & Node B’s)
• ATM Switching
MSC / (Iu, Iur & Iub: ATM Interfaces)
VLR • „WCDMA specific tasks“ SGSN
CS PS
Domain IWF/ TC Domain
Iu(CS) Iu(PS) UTRAN

RNS
Radio RNC Iur
Network Radio Network RNC
Controller
Sub
system
Iub Iub
Node Node Node Node

B B B B
Uu
UE
Fig. 19
28
Siemens
The UMTS Network
Node B
One or more Node B's are controlled and addressed by an RNC. A Node B is a
physical unit for implementation of the UMTS radio interface. It is converting the
physical transmission of the data from fixed network transmission (ATM based) to
WCDMA transmission.
As a central transmission and reception site, it serves one or more UMTS cells. It is
serving one UMTS cell in case of an omni cell with 360° service or, for example, 2, 3
or 6 sector cells with 180°, 120° and 60° service respectively.
The Node B is connected:
l via Iub interface to its controlling RNC
l via Uu interface to the UEs
To prepare the data for reliable transmission over the air interface Uu, the Node B
performs many WCDMA specific aspects, which are shown in the following chapters
and in the TS 25.3xx and 25.4xx series.
• Support of 1or several cells

Node B • “WCDMA Transmission”
• ATM Termination
• Forward Error Correction FEC
RNS • Radio Interface Measurements U
Radio RNC (Quality & Strength) T
Network Radio Network RNC R
Sub Controller
A
system N
Iub
Node Node Node Node
B B B B
Uu
UE
Sector-Cell
Omni-Cell Node Node Sector-Cell
B Sector-Cell B
Fig. 20
29
Siemens
The UMTS Network
User Equipment UE
The User Equipment UE is responsible for similar functions as the GSM Mobiles
Station MS, i.e. it is a device allowing a user access to network services.
It consists of the:
l Mobile Equipment ME, which means to be the Hardware and Software for
WCDMA air interface transmission. The ME is identified by an International Mobile
Equipment Identity IMEI.
l UMTS Subscriber Identity Module USIM, which contains data and procedures,
which unambiguously and securely identify itself. These functions are typically
embedded in a stand-alone smart card. This device is associated to a given user
(subscriber license), and as such allows to identify this user regardless of the ME
he uses. The USIM stores the personal identities (e.g. IMSI, MSISDN, PIN),
security algorithm (for e.g. Ciphering, Authentication), the personal phone book,
the USIM Application Toolkit USAT (TS 22.038, 31.111) and many more
information.
The basic functions of the UE are given in the TS TS 23.101. More detailed
descriptions are given in the TS 31 series.
UE
User Equipment
MSC/VLR
TS 23.101 &
Node
31series RNC
B
SGSN
Uu
UE = ME + USIM
USIM • Subscriber license

UMTS Subscriber
• Personal Identities
Identity Module (e.g.MSISDN, IMSI, TMSI, PIN,...)
ME • Security Algorithm & Keys
Mobile Equipment (for Authentication, Ciphering,..)
• Personal phone book
• HW & SW for „WCDMA • USIM Application Toolkit
Radio Transmission“ USAT
TS 31.1xx
• Man-Maschine-Interface MMI series
Fig. 21
30
Siemens
The UMTS Network
UMTS Network Summary (Release `99)

The UMTS PLMN consists of an UMTS Terrestrial Radio Access Network UTRAN,
The User Equipments UE and an enhanced GSM Phase 2+ Core Network CN.
The Core Network consists of a Circuit Switched CS Domain for speech, video
telephony and real-time data transfer, a Packet Switched PS Domain for Non real-
time data transfer and Entities common to the CS & PS Domain.
The CS Domain of the UMTS CN consists of the following functions:

l MSC: Mobile Services switching Center
l GMSC: Gateway MSC
l SMS-IW-/G-MSC: Short Message Services Interworking-/Gateway-MSC
l TC/IWF: Transcoding & Interworking function
The PS Domain of the UMTS CN consists of the following functions:

l GGSN: Gateway GPRS Support Node
l SGSN: Serving GPRS Support Node
l CGF: Charging Gateway Function
Entities common to the CS & PS Domain:

l AuC: Authentication Center
l CSE: CAMEL Service Environment
The UTRAN consists of the following functions:

l RNC: Radio Network Controller
l Node B
The UE consists of the following functions

l ME: Mobile Equipment
l USIM: UMTS Subscriber Identity Module
Remark: This list of UMTS functions is not complete. Only the "most important"
functions are shown. A detailed overview is given in TS 23.002.
31
UMTS Network
Summary
(Rel. `99)
GSM BSS CS Domain
A PSTN
T MSC /
BTS
B R VLR E
GMSC
Abis A IWF/ ISDN
S U TC C/D
Um BTS C Gb CAP F
CSE EIR HLR AuC

Uu UTRAN
Gf
Node B
(n x BTS)
R Iu(CS)
CAP Gr Gc X.25
Iub N
UE Iu(PS) Gn Gi
IP
Node B C SGSN GGSN
(n x BTS)
Iur PS Ga
Billing
R Domain CGF
System
Node B N
(n x BTS) Gd SMS-GMSC
C SMS-IWMSC
SM-SC
Fig. 22
32
6 Further Evolution: Release 4 & 5
UMTS
PSTN / Network Intra- /
ISDN Internet
UMTS CN
Co-existence of
GERAN GSM & UMTS UTRAN
network elements
Further Evolution
Release 4 & 5 GERAN: GSM/EDGE Radio Access Network
Fig. 23
33
Siemens
The UMTS Network
3G modularity and further options

In 3G networks, the functions of the Core Network CN and the Radio Access Network
RAN will be strictly separated. This separation will allow modularity in the
composition of networks. The objective is to be able to combine any 3G CN with any
3G RAN. In addition, technical enhancements and upgrades of individual modules
will be able to be introduced more easily, quicker and at less expensively due to the
separation of functions.
Core Network CN options

In the initial phase of 3G, the different RANs are based on two different CN platforms:
These are the GSM CN platform and the IS-41 platform. The different protocol
architecture has been harmonized to enable the demanded modularity.
l The IS-41 CN has been used recently as platform for AMPS, D-AMPS and IS-95.
l The GSM CN has been used for the GSM BSS only.
l Pure IP CN solutions have been developed by the 3G.IP Forum / IETF. These
ideas are incorporated now in UMTS Release 4 and 5 as additional CN options for
enhanced 3G networks.
Radio Access Network RAN options

Different options for 3G RAN's have been developed and will be developed in 3G
respectively for enhanced 3.5G networks.
l EDGE Classic / Compact is the 3G enhancements for GSM and D-AMPS
l UMTS includes the UTRA FDD and TDD mode, respectively from Release 4 on,
two TDD modes (one with a High Chip Rate HCR and one with a Low Chip Rate
LCR).
l MC-CMDA is used as IS-95 successor
l Different 3G proposals for MSS's
l 3.5G enhancements of 3G systems toward higher data rates might be Wireless
Local Loop WLL or Mobile Broadband Systems MBS
34
3G modularity
& future options 3G RAN
EDGE
3G UTRA TDD HCR
Core Iu
UTRA TDD LCR
Network
e.g. UTRA FDD
enhanced
GSM / IS-41,
MC- CDMA
or
R`4, R`5
UMTS CN 3G-MSS
Hiperlan-2,
strict separation MBS,..
CN - RAN tasks
Þ flexibility in 3G
Fig. 24
35
Siemens
The UMTS Network
UMTS Release 4 CN
The UMTS CN CS domain is a central aspect of Release 4 modifications (TS
23.002). The intention of these modifications is a separation of the call control from
the transport user the user data.
In UMTS Release 4, the (G)MSC/VLR functions split into two different entities:
l MSC Server: The MSC Server is responsible for e.g. Call Control CC and Mobility
Management MM. It stores temporarily the subscribers data and takes over the
"VLR functionality". It is interfacing and translating the user-network signaling (TS
24.008) and the network-network signaling and it is controlling one/several
MGW(s) via Mc interface. Furthermore, it is collecting charging data (Call Data
Records CDRs). As Gateway MSC Server, it is responsible for HLR interrogation.
l Media Gateway MGW: The MGW is responsible for bearer control and
transmission resource management (e.g. QoS guarantee). It is responsible for the
conversion of the data formats from CN internal, i.e. Nb interface (IP, ATM,…) to
either Iu interface (ATM based) or external CS ISDN/PSTN networks. Additionally,
the TC function is allocated to the MGWs interfacing Iu.
New Interfaces
l Nc: between MSC Server and (G)MSC Server for Bearer-Independent Call Control
BICC.
l Mc: between CS-MGW and (G)MSC Server to separate between call control and
bearer control. The ITU standard H.248 respectively its IETF standard equivalent
Media Gateway Control MEGACO is used on Mc.
l Nb: between MGWs. Different options are possible on Nb for user data transfer
and bearer control signaling (e.g. ATM, IP).
36
UMTS CN R`4 R`4

TS 23.002
CS Domain Applications and Services
CAP CAP (G-)MSC Server:

Call Control • Call Control
• Mobility Management
Level • MGW Control
PS
PSDomain
Domain HLR • VLR functionality
unchanged
unchanged D C • CDRs
compared • (HLR-Interrogation)
comparedto
toR`99
R`99 MSC GMSC
Server Server
Nc (e.g. BICC)
Iu Mc Mc (H.248/MEGACO)
A
Bearer Level
GERAN
A
CS- Nb (e.g. ATM, IP) CS- PSTN/
UTRAN MGW MGW ISDN
Iu
MGW:
• Bearer Control
• Transmission Resource Management
• Data Format Conversion MEGACO: IETF Media Gateway Control protocol
CDR: Call Data Records
BICC: Bearer Independent Call Control
• Transcoding H.248: ITU protocol for Media Gateway Control
MGW: Media Gateway
Fig. 25
37
Siemens
The UMTS Network
UMTS Release 5 CN
In Release 5, it should be possible to transmit all data only via one PS domain (the
so-called "All IP CN"). This PS domain can be split up logically into the GPRS CN
with its well known network elements and an IP Multimedia Subsystem IMS, which is
added to the GPRS CN like an external PDN (i.e. via Gi interface). Currently (late
2001) not all Release 5 network elements and functions are defined precisely.
For downward-compatibility reasons to GSM and UMTS Rel. `99 and Rel. `4 it might
be necessary, to support additionally a CS domain.
Here some central Release 5 aspects / functions:
l Home Subscriber Server HSS: The HSS is used for mobility related aspects,
very similar to the "classical" HLR (storing subscription and routing information).
l Media Gateway MGW: The MGW ensures interoperability and interworking
between an All IP CN and the external fixed CS networks PSTN or ISDN. The
MGW enables conversion from CS data transmission, e.g. voice transmission, to
PS data transmission, e.g. Voice over IP VoIP. Echo cancellation and Transcoding
functionality will take place in the MGW. The MGWs are connected via Gi interface
towards the GGSNs.
l Media Gateway Control Function MGCF: The MGCF are used e.g. for MGW
control, Call Control and Signaling Protocol Conversion from external SS7 to
internal Session Initiation Protocol SIP.
l Call State Control Function CSCF: The CSCF are responsible e.g. for Session
Flow Handling and Application Coordination. They are interfacing the IN /
Application Server/ IN and they are responsible to collect charging data (Charging
Data Records CDRs).
This description of Release 5 is regarded as a very first overview, giving an idea on
the future UMTS options. It is not complete and needs to be extended in additional
courses.
38
CSCF:
UMTS CN R`5 Intelligent & Application Servers • Session Flow Handling
• Application Coordination
IMS & PS Domain • interfaces IN/Application
CSE WAP ••• Servers
• CDR`s
HSS:
• similar HLR
MGCF PSTN
UTRAN CSCF
HSS
ISDN
R MGW
Uu Node
B
Iub
R R IP R
N
UE Node C R Backbone
(USIM)
B
Iur Iu R R IP
R SGSN GGSN Gi
Node X.25
B N
Iub C MGCF:
• MGW control R`5
• Call Control TS 23.002
HSS: Home Subscriber Server other • Signalling Protocol
Conversion (SS7 to SIP) IMS: IP Multimedia Subsystem
PLMN
MGW: Media Gateway CSCF: Call State Control Function
MGCF: Media Gateway Control Function R: IP Router/Switch
SIP: Session Initiation Protocol
Fig. 26
39
Chapter 4
Security Features
Security Features Siemens
Security Features
Contents
1 Overview 23
2 IMEI Check 79
3 (P-)TMSI Allocation 11195
4 Authentication 1521
5 Ciphering & Integrity Check 2735
6 Exercise 3747
7 Solution 4153
1
1 Overview
UMTS Security Features TS

TS33.102:
33.102:
Security
Security
Architecture
Architecture
I) Network Access Security:
provide users with secure access to 3G services &
protect against attacks on the radio access link II) Network Domain Security:
enables secure signaling data exchange &
protects against attacks on the wireline network
II)
ME I) I) I)
I) USIM
AN SN HE
III) I) Access Serving Home
Network Network Environment
III) User Domain
Security: IV) Application Domain Security:
secures access to MS enables applications in the user & provider domain to
(e.g. PIN) securely exchange messages (e.g. USIM ATK messages)
IV)
Overview *also: User Services Identity Module
Fig. 1
2
Security
Siemens Features Siemen
Security Features
UMTS Security Features: Overview

Five security feature groups are defined in UMTS (TS 21.133, 33.102, 31.120). Each
of these feature groups meets certain threats and accomplishes certain security
objectives:
I) Network Access Security
The network access security features, which are defined more precisely in the
following chapter, provide users with secure access to UMTS services. Additionally,
some of them protect the user and the network against attacks on the radio access
link. Currently, User Identity Confidentiality (P-TMSI, TMSI Allocation), Entity
Authentication (User / Network Authentication), Confidentiality (Ciphering), Data
Integrity and Mobile Equipment Identification (IMEI Check) are defined as Network
Access Security features.
II) Network Domain Security:
The network domain security features will be defined in future to enable nodes in the
provider domain to securely exchange signaling data and protect against attacks on
the wire-line network.
III) User Domain Security:
The user domain security features have been defined to enable secure access to the
user equipment UE. Currently User-to-USIM Authentication (e.g. PIN; see TS 31.101)
and USIM-Terminal Link security (restricting an ME to an authorized USIM by sharing
a secret; see TS 22.022) are defined.
IV) Visibility and Configurability of Security:
The visibility & configurability of security features have been defined to enable the
user to inform him whether a security feature is in operation. Additionally, the user
should be able to decide whether the use and provision of services should depend on
the security feature. Examples for visibility are the indication of access network
encryption and the indication of the level of security (e.g. 3G or 2G network).
Examples for configurability are enabling/disabling User-USIM authentication,
accepting/rejecting incoming non-ciphered calls, setting-up or not setting-up non-
ciphered calls, accepting/rejecting the use of certain ciphering algorithm.
3
Network Access Security Features
· IMEI Check providing users with

secure access
· (P-)TMSI Allocation to 3G services &
· Authentication protect against
attacks on the
· Ciphering radio access link
· Data Integrity Check
TS
TS21.133:
21.133:
Security
SecurityThreats
Threats&&Requirements
Requirements
TS
TS33.102
33.102
Security
SecurityArchitecture
Architecture
TS
TS33.120
33.120
Security
SecurityPrinciples
Principles&& Objectives
Objectives
Fig. 2
4
Security
Security Features
Network Access Security Features

Similar to GSM, the UMTS system provides some mechanism to guarantee the
network access security. Some features are still the same as in GSM, others have
been enhanced, and also two new aspects have been additionally defined. The
following network access security features have been defined in Rel. ’99:
IMEI Check: To prevent the usage of stolen or not allowed mobile equipment, the
mobile equipment identification can be checked by the network. This feature remains
the same as in GSM.
P-TMSI / TMSI Allocation: To guarantee the user identity confidentiality respectively
the user location confidentiality the permanent user identity IMSI is normally not
transmitted over the radio interface. The user is normally identified by the temporary
identity TMSI / P-TMSI, by which he is known in the serving network. This feature
remains the same as in GSM.
Authentication: In UMTS authentication is extended compared to GSM. Additionally
to the User Authentication a Network Authentication is introduced. User
Authentication is the property that the Serving Network SN checks the real identity of
the user, preventing non-authorized access to the network. Network Authentication is
a check whether the connected SN is really authorized by the user’s Home PLMN to
provide him services. This includes the guarantee that this authorization is recent.
Ciphering: Ciphering prevents eavesdropping of user data and signaling over the
radio interface. UMTS ciphering has been enhanced compared to GSM/GPRS.
Data Integrity Check: The Data Integrity Check has been introduced as a new
security feature in UMTS. It provides security against unauthorized modification of
signaling data respectively the change of data origin.
As in GSM/GPRS, user (temporary) identification, authentication and key agreement

will take place independently in the PS and CS domain. User traffic will be ciphered
using the cipher key agreed for the corresponding service domain. Control data will
be ciphered and integrity protected using the cipher and integrity keys form either one
of the service domains.
The Serving RNC has distribution functionality for the PS and CS domain. Two Iu
signaling connections exist, but only one RRC connection.
5
Network Access
Security Features
CS Domain Authentication
TMSI / P-TMSI Allocation - User Authentication:
- allocated by VLR / SGSN instead of IMSI
MSC/ network checks real PSTN
user identity;
- protects user identity & location confidentiality
GMSC
prevents misuse / misappropriation
VLR of network resources / services
ISDN
- Network Authentication:
UE checks network authorisation
IMEI Check to provide service
prevents usage of
stolen / not allowed ME
EIR HLR AuC
Node B R
N
C
UE Ciphering IP
= prevents eavesdropping of SGSN GGSN
ME user data / signaling on Uu PS Domain
+ X.25
USIM Data Integrity Check
provides security against unauthorised
modification of signaling data /
change of data origin
Fig. 3
6
2 IMEI Check
UMTS Security Features
IMEI Check EIR:

white / gray / black list
ME
ME
stolen TS
TS23.002,
23.002,
ME 23.003,
23.003,23.060,
23.060,
not 24.008,
24.008,29.002
29.002
allowed
IMEI Check
Fig. 4
7
Security
Security Features
IMEI Check
The IMEI Check is an optional feature, which can be used to prevent the usage of
stolen or not allowed mobile equipment. This feature remains the same as in GSM.
The International Mobile Equipment Identity IMEI identifies uniquely a Mobile

Equipment ME. Two versions of IMEI are defined (TS 23.003):
IMEI: The IMEI is composed of a Type Approval Code TAC (6 digits), a Final
Assembly Code FAC (2 digits) to identifies the place of manufacture/final assembly, a
Serial Number SNR (6 digits) as individual serial number uniquely identifying each
equipment within each TAC and FAC and a Spare digit (1 digit) being zero, when
transmitted by the MS / UE.
IMEISV (IMEI & Software Version number): The IMEISV is composed of the Type
Approval Code TAC, Final Assembly Code FAC, Serial Number SNR and a Software
Version Number SVN (2 digits), which identifies the ME software version number.
The security requirements of the IMEI are defined in 3GPP TS 22.016.
The IMEI should be surely stored in the ME. In certain cases, the Serving Network
SN may request the UE to send it the IMEI. This shall be done only after
authentication. In the case of emergency calls, no IMEI check should be performed.
The Equipment Identity Register EIR (TS 23.002) is responsible for storing the
IMEIs in the network. The ME is classified as "white listed", "gray listed", "black listed"
or it may be unknown as specified in TS 22.016 and TS 29.002.
The white list is composed of all number series of equipment identities that are
permitted for use. The black list contains all equipment identities that belong to
equipment that need to be barred. Besides the black and white list, administrations
have the possibility to use a gray list. Equipment on the gray list are not barred, but
are tracked by the network (for evaluation or other purposes).
An EIR shall as a minimum contain a "white list".
8
IMEI Check
IMEI Check
(optional) EIR:
white / gray / black list
EIR:
EIR:
not in case of
TS
TS23.002
ME emergency calls 23.002
IMEI: International Mobile station Equipment Identity
TAC FAC SNR Spare

Type Approval Code Final Assembly Code Serial Number 1 digit = 4 Bit
6 digits = 24 Bit 2 digits = 8 Bit 6 digits = 24 Bit
IMEI(SV):
IMEISV: IMEI & Software Version number
IMEI(SV):
TS
TS23.003
23.003
TAC FAC SNR SVN
Type Approval Code Final Assembly Code Serial Number 2 digit = 8 Bit
6 digits = 24 Bit 2 digits = 8 Bit 6 digits = 24 Bit
SVN: Software Version Number
Fig. 5
9
Siemens
Security Features Siemen
Security Features
IMEI Check Procedure

The IMEI(SV) shall only be send after authentication (TS 33.102).
It shall be possible to perform the IMEI check at any access attempt, except IMSI
detach, and during an established call at any time when a dedicated radio resource is
available, in accordance with the security policy of the PLMN operator (TS 22.016).
The network shall terminate any access attempt or ongoing call when receiving any
of the answers "black-listed" (i.e., on the black list) or "unknown" equipment (i.e. not
on the white list) from the EIR. An indication of "illegal ME" shall in these cases be
given to the user. Furthermore this is equivalent to an authentication failure hence
any call establishment or any location updating is forbidden for the MS / UE, it cannot
answer to paging, it is just allowed to perform Emergency Calls.
Emergency calls must never be terminated as a result of the IMEI check procedure.
The procedures to check the IMEI are described in TS 23.060 and TS 29.002.
IMEI Check
Authentication TS
TS33.102
33.102
IMEI
IMEICheck
Check
• •optional
optional
• •after
afterauthentication
1) Identity Request • •totobe
authentication
2) Identity Request beperformed
performedatatany
anyaccess
accessattempt
attempt
[Identity Type] &&during
duringestablished
establishedcalls
callsatatany
anytime
time
• •not in case of emergency calls
not in case of emergency calls
• •not at IMSI Detach
not at IMSI Detach
3) Identity Response
[IMEI/IMEISV] 4) Identity Response
5) Check IMEI
[IMEI/IMEISV]
6) Check IMEI Ack.

[status: white/gray/black]
Decision: TS
TS29.002
29.002
Continue / Block
S- VLR
UE RNC EIR
SGSN
Fig. 6
10
3 (P-)TMSI Allocation
MSC/VLR
TMSI
P-TMS
I
ME SGSN
IMSI? Þ
TS
TS23.002,
Mr. / Ms. XY! 23.002,
23.003,
23.003,23.060,
23.060,
24.008,
24.008,29.002
29.002
(P-)TMSI Allocation
Fig. 7
11
Siemens Features
Security Security Features
Siemen
(P-)TMSI Allocation
A unique International Mobile Subscriber Identity IMSI shall be allocated to each
mobile subscriber in the GSM system.
To achieve user identity confidentiality and user location confidentiality, the user is
normally identified by a temporary identity (Temporary Mobile Subscriber Identity
TMSI or Packet-TMSI) by which he is known by the Serving Network SN. To avoid
user traceability, which may lead to compromise of user identity confidentiality, the
user should not be identified for a long period by means of the same (P-) TMSI (TS
33.102). (P-)TMSI should be used at any Location Update Request, Service Request,
Detach Request, connection re-establishment request, etc.
A (P-)TMSI has local significance only in the LAI or RAI in which to user is registered.
Outside that area it should be accompanied by an appropriate LAII or RAI in order
avoid ambiguities. The association between IMSI and TMSI / P-TMSI is kept by the
VLR / SGSN in which the user is registered.
IMSI structure
The IMSI is composed of three parts: Mobile Country Code MCC, Mobile Network
Code MNC and Mobile Subscriber Identity Code MSIN. The MCC (3 digits; CCITT
administered) identifies uniquely the country of the mobile subscriber. The MNC (2
digits) identifies the Home PLMN of the mobile subscriber. The MSIN identifies the
mobile subscriber within a GSM PLMN. The IMSI shall consist of numerical
characters (O through 9) only. The overall number of digits in IMSI shall not exceed
15 digits.
(P-)TMSI structure
Since the (P-)TMSI has only local significance (i.e. within a VLR/SGSN area), the
structure and coding of it can be chosen by agreement between operator and
manufacturer in order to meet local needs. The P-TMSI / TMSI consists of 3 / 4
octets. It can be coded using a full hexadecimal representation.
12
Subscriber Identity TMSI

TMSI/ /P-TMSI
P-TMSI
• •protect
protectuser
useridentity
identityconfidentiality
confidentiality
• •normally
normallyused
usedinincase
caseofofunciphered
unciphered
user id. transmission
user id. transmission
IMSI • •allocated by VLR/SGSN
allocated by VLR/SGSN
International Mobile Subscriber Identity • local significance only in the LA/RA
• local significance only in the LA/RA
(15 digits) where
wherethetheuser
userisisregistered
registered
Þ accompanied by LAI/RAI
Þ accompanied by LAI/RAI
• •structure: operator-dependent
structure: operator-dependent
• •Re-allocation
Re-allocationas asoften
oftenasaspossible
possible
MCC MNC MSIN (only
(onlyciphered
with
ciphered&&ininconjunction
other procedures)
conjunction
3 digits 2 digits 10 digits with other procedures)
TS
TS33.102
33.102
TS
TS23.003
23.003
Packet-TMSI
3 bytes SGSN
TMSI
4 bytes VLR
UE MCC: Mobile Country Code
MSIN: Mobile Subscriber
Identification Number
Fig. 8
13
Siemens
Security Features
(P-)TMSI Usage & Re-Allocation

The (P-)TMSI, when available, is normally used to identify the user on the radio
access path, for instance in paging request, Location Area / Routing Area LA / RA
Update Requests, Attach / Detach requests, Service Requests, Connection Re-
establishment Requests,...
If the user cannot be identified by means of a (P-)TMSI, he is requested to identify
himself by his permanent identity IMSI (“User Identity Request / Response”).
(P-)TMSI Re-Allocation (“(P-)TMSI Allocation Command / Complete”) is performed to
allocate a new TMSI/LAI respectively P-TMSI/RAI pair to a user by which he may
subsequently be identified on the radio access link. It should be performed after
initiation of ciphering. The Re-Allocation is initiated by the VLR / SGSN.
The procedures P-(TMSI) usage & re-allocation procedures and mechanism are
described e.g. in TS 23.060 and TS 31.102.
Examples of (P-)TMSI Usage / Re-Allocation TS

TS33.102
33.102
Paging Paging
Paging
[(IMSI) / (P-)TMSI, Paging Cause]
Initial Direct Transfer Initial UE Message NAS Signaling

Connection
[Establ. Cause*; old RAI/LAI & (P-)TMSI]
Establishment*
User Identity Request User Identity Request

Identification
User Identity Response User Identity Response by (P-)TMSI
not possible
[IMSI] [IMSI]
Authentication & Cipher Start
(P-)TMSI Allocation Command (P-)TMSI Allocation Command

[(P-)TMSI + LAI/RAI] (P-)TMSI
(P-)TMSI Allocation Complete (P-)TMSI Allocation Complete Re-Allocation
S- VLR
UE *e.g. LUP, RUP, Attach,
Detach, Service Request RNC TS
TS23.060
23.060 SGSN
NAS: Non-Access Stratum
Fig. 9
14
4 Authentication

UMTS
Authentication:
chosen to achieve
maximum compatibility
with GSM security
architecture
USIM AuC
AN SN HE
ME Access Serving Home
enhanced
mechanism
& keys
TS
TS33.102
33.102
Authentication
Fig. 10
15
Siemens
Security Features
Authentication
In UMTS different to GSM both sides of the radio transmission check the correct
identity of their counterpart. Not only the user identity is checked by the Serving
Network SN. Additionally, the authorization of the SN to provide services is checked
by the UE. Both, user and network authentication should occur at each connection
set-up (TS 33.102).
So the objective of the Authentication process is to enable User Authentication
similar to the GSM Authentication and additionally Network Authentication.
Furthermore, the Authentication process provides the keys for Ciphering and
Integrity Check to the User Equipment UE.
The authentication process should occur at each connection set-up between the user
and the network.
It has been chosen in such a way to achieve maximum compatibility with the GSM
security architecture and facilitate migration from GSM to UMTS.
Nevertheless, the security mechanism and keys for authentication have been
enhanced significantly.
User&&Network
Network
User Authentication: Authentication User
Authentication
Authentication
User identity alright? Basics shouldoccur
should occuratateach
connectionset-up
each
set-up
connection
USIM AuC
New! AN SN HE
Access Serving Home
Providing Keys for:

• Ciphering
• Signaling Data Integrity
Network Authentication:
SN authorised by HE
to provide me services?
Fig. 11
16
Siemens
Security Features
Authentication – Basic Principle

For Authentication, Ciphering and Integrity Check a secret Key K is the pre-requisite.
This secret Key K is shared between and available only to the USIM and the AuC in
the user’s Home PLMN (TS 33.102). The function of K is similar to the GSM
individual Key Ki, but it is of enhanced length (K: 128 bit; Ki: 64 bit).
Additionally, several different operator-dependent functions are necessary in the
HPLMN’s AuC and in the USIM to generate the so-called Authentication Vector AV,
which is necessary for Authentication, Ciphering and Integrity Check. AV is often also
denoted as Quintet, in analogy to the GSM Authentication Triples.
Authentication is performed independently in the CS or PS domain.
If no Authentication Vectors correlated to the user are stored in the serving
VLR/SGSN, VLR/SGSN are initiating the Authentication process with an
“Authentication Data Request” via the HLR of the user’s HPLMN to the AuC. The
“Authentication Data Request” shall include the IMSI. On basis of this order, the AuC
generates a set of n Authentication Vectors AVs. This AVs are send back in an
“Authentication Data Response” from Auc via HLR to the VLR/SGSN.
The VLR/SGSN stores the Authentication Vectors AVs and continues the
Authentication sending some Authentication parameter to the USIM (“Authentication
Request”). The UE stores the parameter, calculates keys for ciphering and integrity
check and performs the network authentication. If the network authentication is
successfully completed the UE answers with “Authentication Response” to the
VLR/SGSN request, delivering a parameter for user authentication. VLR/SGSN
perform user authentication.
If user authentication is successful, VLR/SGSN continue with connection set-up.
If user’s AVs are already stored in the VLR/SGSN, “Authentication Data Request”
and “Authentication Data Response” are not necessary in the Authentication process.
17
Basic Principles
K
secret Key
128 bit length
IMSI Þ K;
f1...f5
Authentication AuC
Data Request [IMSI]
USIM Authentication HLR
Data Response
[AV(1..n)]
VLR / SGSN
[Authentication Parameter] Authentication Vector
Network / Quintet
Authentication Authentication Response
User
Authentication
K: secret Key
Visited PLMN Home PLMN SQN: Sequence Number
f1...f5: message authentication /
key generating Functions
Fig. 12
18
Siemens
Security Features
Authentication Vector AV
Each Authentication Vector consists of the following components (TS 33.102):
l a Random Number RAND, which is randomly generated, i.e. non-predictable. It’s
length is 128 bit.
l an Expected Response XRES, which is used for User Authentication. It shall
have a flexible length of 32 – 128 bit.
l a Cipher Key CK, which is necessary for Ciphering. It shall have a fixed length of
128 bit.
l an Integrity Key IK, which is used for Signaling Data Integrity Check. It’s length is
128 bit.
l an Authentication Token AUTN, which is used for Network Authentication. AUTN
consists of three different parts, described later on. Its total length is 128 bit.
A set of n Authentication Vectors AVs is send on VLR/SGSN request from HLR/AuC

to VLR/SGSN. The AVs are stored in the VLR/SGSN. Each AV is good for one
authentication and key agreement (for ciphering & integrity check) between the
VLR/SGSN and the USIM.
When the VLR/SGSN initiates an Authentication and key agreement, it selects the
next AV and sends the parameters RAND and AUTN to the UE. The USIM checks
whether AUTN can be accepted (Network Authentication) and computes a
Response RES. RES is send back to the VLR/SGSN. The VLR/SGSN compare the
received RES with the AV parameter XRES (User Authentication). If they are equal,
User Authentication is successfully completed.
19
Authentication Vector AV
• consisting of 3 parts
Used for data • Used for network
randomly generated, Used for user Used for
authentication
i.e. non-predictable authentication encryption integrity check
RAND XRES CK IK AUTN

Random Number Expected Response Cipher Key Integrity Key Authentication Token
128 bit 32 - 128 bit 128 bit 128 bit 48 + 16 + 64 bit
USIM VLR / SGSN

(store AV(1..n))
· generate RES(i) = [RAND(i), AUTN(i)]
f2(RAND(i),K) Authentication Response User Authentication:
· AUTN(i) for [RES(i)] Compare
Network Authentication XRES(i) & RES(i)
RES: Response
Fig. 13
20
Siemens
Security Features
Generation of Authentication Vectors AVs

After receiving the “Authentication Data Request” from the VLR/SGSN, the AuC
generates new Avs (TS 33.102). Every AV consists of the following five parameters:
Random Number RAND, Expected Response RES, Cipher Key CK, Integrity Key IK
and Authentication Token AUTN.
Random Number RAND: The AuC starts with generating a fresh sequence number
SQN and an unpredictable challenge RAND.
Expected Response XRES: The secret Key K, RAND and f2 are necessary to
compute XRES. XRES = f2(K,RAND); f2 is a (possibly truncated) message
authentication function. XRES is used for User Authentication.
Cipher Key CK: K, RAND and f3 are used to compute CK. CK = f3(K,RAND); f3 is a
key generating function. CK is used for Ciphering.
Integrity Key IK: K, RAND and f4 are used to compute IK. IK = f4(K,RAND); f4 is a
key generating function. IK is used for Signaling Data Integrity Check.
Authentication Token AUTN: K, RAND, SQN, AMF and f5 are necessary to
compute AUTN. AUTN consists of three parts: AUTN = SQN * AK || AMF || MAC.
The first part of AUTN is calculated by an “exclusive or” (XOR) connection of the
Sequence Number SQN and the Anonymity Key AK. AK = f5(K,RAND); f5 is a key
generating function or f5 = 0. AK is used to conceal SQN as the latter may expose
the identity and location of the user. The concealment of SQN is to protect against
passive attacks only. If no concealment is needed then f5 = 0 (AK = 0).
The second part of AUTN is the Authentication and key Management Field AMF.
AMF is part of the user’s database in the AuC. Operator-dependent, different f1..f5
algorithm may be defined. AMF may be used to indicate the algorithm and key used
to generate a particular authentication vector.
The third part of AUTN is the Message Authentication Code MAC. MAC =
f1(K,SQN,RAND,AMF); f1 is a message authentication function.
21
AV Generation
AuC
Database
SQN Generator (IMSI;K) RAND Generator
AMF
Authentication &
SQN key Management K RAND
Sequence Number Field secret Key Random Number
f1 f2 f3 f4 f5
MAC XRES CK IK AK
Message Authentication Expected Response
Code Cipher Key Integrity Key Anonymity Key
® User
® Network Authentication ® Ciphering ® Ciphering ® SQN Anonymity
Authentication
AV = RAND
Random number
XRES
Expected Response
CK
Cipher Key
IK
Integrity Key
AUTN
Authentication Token
AMF
® selection of f1-5 version SQN Å AK AMF MAC
® different f1-5 versions possible 48 bit 16 bit 64 bit
(operator-dependent)
Fig. 14
22
Siemens
Security Features
Authentication in the USIM

With the “Authentication Request” message, the authentication parameter RAND and
AUTN are transmitted from the VLR/SGSN to the USIM. The purpose of this
procedure is to authenticate user & network and to establish a new pair of cipher and
integrity keys CK & IK between the VLR/SGSN and the USIM.
Upon receipt of RAND and AUTN the USIM first computes the Anonymity Key AK =
f5(K,RAND) and retrieves the Sequence Number SQN. SQN = (SQN XOR AK) XOR
AK.
Second, the USIM calculates the Expected Message Authentication Code XMAC.
XMAC = f1(K,SQN,RAND,AMF). For network authentication, XMAC is compared with
MAC (included in AUTN). If they are different, the USIM sends back the
“Authentication Reject” message to the VLR/SGSN and abandons the connection
set-up. “Authentication Reject” includes an indication of the cause for the rejection. In
the case of “Authentication Reject”, the VLR/SGSN shall initiate an Authentication
Failure Report procedure towards the HLR.
If the network authentication is all right, the USIM verifies that the received SQN is in
the correct range.
If the USIM considers SQN to be not in the correct range, it sends “Synchronization
Failure” back to the VLR/SGSN including the appropriate parameter, and abandons
the connection set-up.
If SQN is in the correct range, the USIM computes RES. RES = f2(K,RAND).
Furthermore, the USIM calculates the Cipher Key CK = f3(K,RAND) and the Integrity
Key IK = f4(K,RAND). CK and IK are stored in the USIM for the following ciphering of
user data and integrity check of signaling data.
Finally, RES is included in the “Authentication Response” message and sends back
from the USIM to the VLR/SGSN. The VLR/SGSN needs the RES for User
Authentication. If RES = XRES from the selected AV, the authentication of the user
has been successful. If they are different, the VLR/SGSN shall initiate an
Authentication Failure Report procedure towards the HLR.
23
Authentication in the USIM

USIM Authentication Request
[RAND(i), AUTN(i)] VLR / SGSN
Generate: (stores AV(1..n))
· RES Authentication Response
· XMAC [RES(i)] Compare:
· CK or Authentication Reject · XRES(i) = RES(i) ?
· IK [XMAC ¹ MAC] Þ User Authentication
K RAND SQN Å AK AMF MAC AUTN
f5 AK Å
SQN
f4 f3 f2 f1
IK CK RES XMAC
Integrity Ciphering to network XMAC = MAC ? XMAC:

AMF:
Authentication & Check ® User ® Network Expected Message
Authentication Code
key Management
Field
Authentication Authentication AK: Anonymity Key
Fig. 15
24
Siemens
Security Features Security Features
Siemen
Synchronization Failure
At the beginning of the Authentication process, the AuC generates the Sequence
Number SQN. SQN shall have a length of 48 bit. The structure & content of SQN is
operator-dependent. SQN may contain information used to restrict the Authentication
Vector AV validity time or to verify the Serving Network SN Identity.
SQN, being a part of AUTN, is transmitted via VLR/SGSN (“Authentication Data
Response”) to the USIM (“Authentication Request”).
The USIM regenerates SQN and verifies that the received SQN is in the correct
range.
If the USIM considers SQN to be not in the correct range, it sends the
“Synchronization Failure” message back to the VLR/SGSN including the appropriate
parameter, and abandons the connection set-up.
Upon receiving a “Synchronization Failure” message from the UE, the VLR/SGSN
sends an “Authentication Data Request” with a Synchronization Failure Indication to
the AuC of the user’s Home Environment HE together with RAND and the
appropriate parameter received from the UE.
The AuC checks the parameter, generates a fresh set of AVs and sends them with
an “Authentication Data Response” message to the VLR/SGSN.
Whenever the VLR/SGSN receives a new set of AVs from the AuC in an
“Authentication Data Response” to an “Authentication Data Request” with
Synchronization Failure Indication it deletes the old AVs for that UE. The VLR/SGSN
may now start a new authentication process to the UE based on a new AV from the
AuC.
25
SQN generates SQN:

Synchronisation Failure • length = 48 bit
• content operator-dependent
e.g. for restricted AV validity time,
verification of SN Id.
• SQN Å AK Î AUTN
• Re-generates SQN
• SQN in correct range ? AuC
No Þ Synchronisation Failure Authentication
Yes Þ continue Data Request [IMSI]
Authentication
Authentication Data HLR
Response [AV(1..n)]
USIM ] ]
e st tion ..n)
qu dic V(1
a
VLR / SGSN Re e In e [A
ta r s
. DaFailu pon
Authentication Request th n. es
[RAND(i), AUTN(i)] Au hro a R
c t
yn Da
Synchronisation Failure [S th.
Au
&
or Authentication Response
[RES(i)]
Network
Fig. 16
26
5 Ciphering & Integrity Check

Ciphering
prevents eavesdropping
of user data / signalling AV Request:
Providing Keys
Key for Ciphering &
Integrity Check
Setting
VLR / AuC
S-RNC SGSN HLR
SN
Serving HE
Network Home
UE Environment
Data Integrity Check Mandatory!!
provides security against
Mandatory!!
unauthorised modification of
• signalling data /
• change of data origin
Ciphering & Integrity Check
Fig. 17
27
Siemens Features
Security Siemen
Security Features
Ciphering & Integrity Check

To start the security features Ciphering (optional) & Integrity Check (mandatory),
three steps are necessary:
Connection Establishment
At the connection start the RRC Connection Establishment also informs the network
about the UEs security capabilities. They include the MEs UMTS Encryption
Algorithms UEAs and UMTS Integrity Algorithms UIAs. In Rel. ’99 only 2 UEAs and 1
UIA are defined (TS 33.102): UEA0 = “no encryption”, UEA1 = Kasumi encryption,
UIA1 = Kasumi algorithm. The S-RNC stores the UEs security capabilities.
Authentication & Key Generation in UE

Authentication & key setting may be initiated by the network as often as the network
operator wishes. Key setting can occur as soon as the identity of the mobile
subscriber, i.e. (P-)TMSI or IMSI, is known by the VLR/SGSN.
The security parameter RAND is transmitted with the "Authentication Request"
message from the VLR / SGSN to the UE. The USIM uses RAND to generate the
Cipher Key CK for ciphering and the Integrity Key IK for integrity check. Now CK & IK
are available in the USIM and in the VLR/SGSN.
Security Mode Set-Up

Sending the "Security Mode Command" to the S-RNC, the VLR/SGSN initiate
integrity & ciphering. This command includes the IK & CK to be used.
The S-RNC decides which UEA & UIA will be used, taking into account the UEs
security capabilities. If the requirements in the “Security Mode Command” cannot be
fulfilled, the S-RNC sends a “Security Mode Reject” message to the VLR/SGSN.
Next, the S-RNC starts the DL integrity protection. It is mandatory to start integrity
protection of signaling messages at each new signaling connection establishment
between the UE and the VLR/SGSN (exceptions listed in TS 33.102).
The S-RNC sends the “Security Mode Command” to the UE. This message includes
the selected UIA and also UEA, if ciphering shall be started. Furthermore, parameter
for integrity check, an indication on the core domain (CS/PS) and optionally the time
of cipher start are included.
The UE verifies the received “Security Mode Command” message (Integrity Check)
and starts UL integrity protection.
Finally, the UE sends “Security Mode Complete” to the S-RNC. The security mode
set-up is terminated with the “Security Mode Complete" message, which is send from
the S-RNC to the VLR/SGSN. This message includes the selected UIA & UEA.
28
Connection Set-up: UMTS

UMTSIntegrity
IntegrityAlgorithm
AlgorithmUIA*
1
UIA*:1:
Key Setting & Security Mode Set-Up • •UIA1
UIA1==Kasumi
Kasumialgorithm
algorithm
UMTS 2
UMTSEncryption
EncryptionAlgorithm
AlgorithmUEA*
UEA*2: :
• •UEA0
UEA0==nonoencryption
encryption
Connection Establishment • •UEA1
includes: UE security capabilities (UIAs / UEAs) UEA1==Kasumi
Kasumiencryption
encryption
further
furtherUIA/UEA
UIA/UEAplaned
planed
••
stores UIAs, UEAs
•
Authentication Request Authentication Request
[RAND, AUTN] [RAND, AUTN] Authentication
generates:
RES, XMAC, Authentication Response Authentication Response & Key
CK, IK [RES] [RES] Generation
••
•
Security Mode Command Security
[ IK, CK, UIAs, UEAs]
Mode
Security Mode Command • Select UIA & UEA Set-Up
[UIA, UEA*, CN domain, • start Integrity
start Integrity Parameter, Cipher Start]
Integrity
Security Mode Complete Security Mode Complete
start (De-)Ciphering start (De-)Ciphering
S- VLR
UE *1 also denoted by f9
RNC SGSN
*2 also denoted by f8
Fig. 18
29
Security
Security Features
Data Integrity Check: Basic Principle

The Data Integrity Check is used between the UE and the VLR/SGSN to protect
signaling data against unauthorized modification and change of data origin.
It is mandatory to start integrity protection at each new signaling connection
establishment between the UE and the VLR/SGSN. Exceptions (e.g. emergency call)
are listed in TS 33.102.
Integrity protection starts after the “Security Mode Command”. The messages
“Security Mode Command”, “Security Mode Complete” and all following messages
are integrity protected.
The principle of the Integrity Check is the following:
The signaling data to be protected and the Integrity Key IK are used in the transmitter
(UE or S-RNC) as input for the UMTS Integrity Algorithm UIA. The result of this
calculation is a kind of a check sum of this data. This check sum is appended to the
signaling data to be transmitted.
Signaling data and appended check sum are send from transmitter (UE or S-RNC) to
receiver (S-RNC or UE).
In the receiver, the signaling data and the IK (stored in the receiver) are again used
as input for the same UIA. The newly generated check sum (expected check sum) is
compared to the transmitted check sum.
If during transmission signaling data are modified or someone tries to simulate the
users signaling, the expected check sum and the transmitted check sum differ and
the non-authorized modification becomes visible.
Data Integrity Check

Basic Principle
provides security against:
• unauthorised modification of control data
• change of data origin
Control Data:
· start of Integrity protection mandatory
S-
UE · nearly all control data Integrity protected* RNC
*not in case of
emergency calls
Transmitter Receiver
Encrypted Encrypted
Control Data Control Data Data
Control
check sum check sum
check sum
IK dependent generator IK
check sum generator IK
Expected
Equal? Encrypted
check sum check sum
* exceptions listed in TS33.102 (6.5.1)
Fig. 19
30
Siemens
Siemen
Data Integrity Check – UMTS Integrity Algorithm UIA

The UMTS Integrity Algorithm UIA (different types of UIA can be used; currently only
UIA1 using a Kasumi algorithm is defined; see TS 33.102/6.5.6) is often also denoted
as f9.
The transmitter (UE or S-RNC) uses the Control Data and the integrity parameter
Integrity Key IK, Integrity Sequence Number COUNT-I, a random value generated
by the network side FRESH and the direction bit DIRECTION as input for f9.
Based on these input parameters the transmitter computes the Message
Authentication Code for data Integrity MAC-I (i.e. the check sum):
MAC-I = f9(Control Data,IK,COUNT-I,FRESH,DIRECTION).
The MAC-I is appended to the control data and transmitted over the radio link.
The receiver computes the Expected Message Authentication Code for data Integrity
XMAC-I in the same way as the transmitter computed MAC-I. The data integrity of
the control data is checked by comparing XMAC-I with the received MAC-I.
Remarks to the integrity parameter:

Integrity Key IK: There may be one IK for CS connections IK(CS) and one for PS
connections IK(PS). The data integrity of radio bearers for user data is not protected.
FRESH: There is only one FRESH parameter value per user. The input parameter
FRESH protects the network against replay of signaling messages by the UE. At
connection set-up the S-RNC generates a random value FRESH and sends it to the
UE in the RRC “Security Mode Command” message. The value FRESH is
subsequently used by the UE and S-RNC throughout the duration of a single
connection. This mechanism assures the network that the user is not replaying any
old MAC-Is.
COUNT-I: the integrity sequence number COUNT-I is composed on basis of the RRC
sequence number RRC SN and the RRC Hyperframe Number RRC HFN.
DIRECTION: the direction identifier bit indicates UL or DL direction (DIRECTION = 0
for UL and 1 for DL).
31

UMTS Integrity Algorithm UIA
• random value
Transmitter • S-RNC generated
• valid for connection
Receiver
(UE or S-RNC) UL = 0 duration (UE or S-RNC)
Integrity DL = 1 • prevents replaying
Sequence No. of old MAC-Is
COUNT-I FRESH
COUNT-I FRESH
IK Direction
IK Direction Integrity Key direction bit
Integrity Key direction bit
f9 (UIA)
Control Data f9 (UIA)
MAC-I Control Data XMAC-I

encrypted MAC-I
check sum
(X)MAC-I: (Expected) Message Authentication Code for Integrity
Equal?
• Select UIA & UEA
• start Integrity
RRC: Security Mode Command - compute MAC-I,
- generate FRESH
[UIA, UEA, CN domain, Cipher Start,
• verify MAC-I
• start Integrity FRESH, MAC-I] S-
- ...
RRC: Security Mode Complete RNC
UE [MAC-I]
Fig. 20
32
Siemens
Siemen
Ciphering – UMTS Encryption Algorithm UEA

Similar to GSM, UMTS performs encryption of user data and signaling to prevent
eavesdropping on the radio interface.
For CS and PS data encryption is performed between the S-RNC and the UE.
Like in GSM the “plain text” is ciphered in the transmitter connecting it via XOR
operation with a cipher sequence (UMTS: Keystream Block). The ciphered text block
is transmitted via radio interface. In the receiver the plain text is recovered connecting
the ciphered text block via XOR operation with the cipher sequence / Keystream
Block.
The algorithm producing the Keystream Block is the UMTS Encryption Algorithm
UEA. UEA is often denoted as f8. Different UEA implementations are possible.
Currently only UEA0 (no ciphering) and UEA1 (Kasumi encryption) are available.
The UMTS keystream block is generated in the UE and S-RNC feeding the cipher
parameter Cipher Key CK, Ciphering Sequence Number COUNT-C, bearer
identity BEARER, transmission direction DIRECTION and the length of the
keystream LENGTH into f8.
Keystream Block = f8(CK,COUNT-C,BEARER,DIRECTION,LENGTH).
Remarks on the cipher parameter:

Cipher Key CK: There may be one CK for CS connections CK(CS) and one for PS
connections CK(PS).
COUNT-C: The ciphering sequence number COUNT-C is generated by MAC or RLC
frame and sequence information.
BEARER: the radio bearer identifier BEARER is input to avoid that for different
keystream an identical set of input parameter values is used.
DIRECTION: the direction identifier bit indicates UL or DL direction (DIRECTION = 0
for UL and 1 for DL).
LENGTH: The length indicator LENGTH indicates the length of the required
keystream block. LENGTH shall affect only the length of the Keystream block, not the
actual bits in it.
33
Ciphering
UMTS Encryption Algorithm UEA not in case of
emergency calls
UE S-
RNC
UL = 0 1 Bearer parameter /
Cipher
Sequence No.
DL = 1
UE or S-RNC user radio bearer indicate length
of required
Direction Bearer Length keystream block
COUNT-C direction bit radio bearer id. length indicator
CKPS & CKCS
CK f8 (UEA)
Cipher Key
“cipher sequence”
Keystream block
Plain text block

Å Keystream block
= ciphered text block
ciphered text block

Å Keystream block = Plain text block
Fig. 21
34
Siemens
Security Features
UMTS Security Features: Summary

The UMTS system provides some mechanism to guarantee the network access
security. Some features are still the same as in GSM, others have been enhanced,
and two new aspects have been additionally defined. The following network access
security features have been defined in Rel. ’99:
IMEI Check:
To prevent the usage of stolen or not allowed mobile equipment, the mobile
equipment identification can be checked by the network. This feature remains the
same as in GSM.
P-TMSI / TMSI Allocation:

To guarantee the user identity confidentiality respectively the user location
confidentiality the permanent user identity IMSI is normally not transmitted over the
radio interface. The user is normally identified by the temporary identity TMSI / P-
TMSI, by which he is known in the serving network. This feature remains the same as
in GSM.
Authentication:
In UMTS authentication is extended compared to GSM. Additionally to the User
Authentication a Network Authentication is introduced.
User Authentication is the property that the Serving Network SN checks the real
identity of the user, preventing non-authorized access to the network.
Network Authentication is a check whether the connected SN is really authorized
by the user’s Home PLMN to provide him services. This includes the guarantee that
this authorization is recent.
Ciphering
Ciphering prevents eavesdropping of user data and signaling over the radio interface.
UMTS ciphering has been enhanced compared to GSM/GPRS.

The Data Integrity Check has been introduced as a new security feature in UMTS. It
provides security against unauthorized modification of signaling data respectively the
change of data origin.
35

TMSI / P-TMSI Allocation Authentication
- allocated by VLR / SGSN instead of IMSI - User Authentication:
- protects user identity & location confidentiality network checks real user identity;
prevents misuse / misappropriation
of network resources / services
- Network Authentication:
UE checks network authorisation
to provide service
Ciphering Data Integrity Check

prevents eavesdropping of provides security against unauthorised
user data / signalling on Uu modification of signalling data /
IMEI Check change of data origin
prevents usage of
stolen / not allowed ME
UE S- VLR
RNC Summary SGSN
Fig. 22
36
Chapter 5
UTRA Aspects
UTRA Aspects Siemens
UTRA Aspects
Contents
1 Power Control 23
2 RAKE Receiver 181
3 Handover 1217
4 Exercise 2027
5 Solution 2433
1
1 Power Control
UTRA Aspects
Power
P
Time t
3
Power
2 Control
1
Frequency f
Power Control
Fig. 1
2
Siemens Aspects
UTRA Siemen
UTRA Aspects
Power control principle

Fast power control is essential in CDMA systems. Since many subscribers transmit in
the same frequency band and as the same frequency can be used in principle in
each cell (re-use = 1), each user can cause interference for the others. The power
control is used to limit interferences. The capacity of the CDMA system is mainly
limited by the level of the (inter- and intra-cell) interferences. As a result, an optimized
power control greatly optimizes the system capacity.
UL power control reduces the interference between different UE, DL power control
the interference between neighboring base stations, BTS.
The power control is also used to solve the so-called "near-far" problem. For different
UE with identical transmission power, the power received at the BTS of UE located
near the BTS is more powerful than the power of the more remote UE. This may
mean that only the information of the UE near to the BTS can be interpreted. This
must be prevented as much as possible. In ideal cases, the power received at the
BTS is identical for all UE served by the BTS (assuming the transfer rates are
identical). This ideal situation also represents the maximum capacity of the cell.
Genuine fast power control is necessary because of the mobility of the UE. This
mobility causes rapid variation in the attenuation of the power of the UE. Let us
consider an example: the power of UE received at the BTS can increase by several
factors in milliseconds because the UE, for example, has moved away from the "radio
shadow" of a building and has a direct line of sight to the BTS. The interference of the
UE can then disrupt the communication between the BTS and all other UE – the
situation must be governed by a fast power control.
Power Control
Principle
BTS
UL & DL
CDMA: Power Control
everyone for
in the same Interference limitation
frequency band P(UE2)
Þ
„everyone is P(UE1)
interferer
for everyone“ UE2
UE1 „near far“

problem:
BTS P(UE1) » P(UE2)
at BTS-Receiver
Fig. 2
3
Siemens Aspects
UTRA UTRA Aspects
Siemen
UTRA – Power control types

Three different power control types are used in UTRA for efficient power control:
Open Loop Power Control, Inner Loop Power Control and Outer Loop Power Control.
Open Loop Power Control

Open Loop Power Control is used for UL transmissions to control the initial
transmission power (e.g., for random access) of UE. The attenuation of the
transmission power of the BTS is analyzed by the UE as part of the control. The
original power of the BTS is radiated together with other system parameters as
broadcast information. The UE power is initially controlled on the basis of the
analyzed attenuation.
This initial control can only be coarse because the UL and DL attenuations (for FDD)
can differ.
Inner Loop Power Control

For Inner Loop Power Control the BTS or UE compare the quality of the received
signals with a specified value. This value describes the ratio of the (wanted) received
signal power (the signal) and the (unwanted) interference from other sources (the
noise) called the signal-to-noise ratio (S/N) or (S/N)def.
In the FDD mode, the Inner Loop Power Control is also referred to as a Closed Loop
Power Control because of the different frequencies used for UL and DL.
If the analyzed S/N value is better than the defined value, (S/N)def, the BTS or UE
transmit a command to the corresponding opposite side to reduce transmission
power. If the S/N is poorer, an increase in transmission power is ordered. The
commands are covered by the term Transmit Power Control (TPC). Values for TPC
are "Up" and "Down".
In the TDD mode, the BTS and UE independently control the power for themselves
according to the completed S/N measurements and specified values (S/N)def
because of the different frequencies used for UL and DL.
Outer Loop Power Control

The specification of the (S/N)def values used in the Inner Power Control is made by
the Serving RNC (SRNC). The SRNC has access to estimates of the actual
transmission quality using measurement reports for Node B's and UE. The quality
can vary due to modified transmission conditions (e.g., UE speed). To assure
transmission quality, the SRNC must be able to vary the (S/N)def values.
4
UTRA
Power Control
PC - Types:
• Open Loop PC
• Inner Loop PC
• Outer Loop PC
S/N > (S/N)def
Þ TPC = Down
else TPC = Up DL:
Inner Loop PC
P(BTS) ® UE TPC
Outer Loop PC: UL:

(C/I)def variation, to
• Inner Loop PC
guarantee QoS (BER,..)
P(UE) ® BTS TPC
• Open Loop PC UE
RNC P(UE) ® oriented at
BTS BTS DL Power;
(Node B) for initial transmission
UE:
UE:TS
TS25.101/102
25.101/102(FDD/TDD)
(FDD/TDD)
PC: Power Control BTS:
BTS: TS 25.104/105(FDD/TDD)
TS 25.104/105 (FDD/TDD)
TPC: Transmit Power Control PC-types:
S/N: Signal to Noise PC-types:TS
TS25.401
25.401
Fig. 3
5
Siemens
UTRA Aspects UTRA Aspects
Siemen
UTRA power control – Parameters

The UTRA FDD and TDD modes have different power control cycles and maximum
power stages of the UE.
Power control cycles

The UTRA FDD mode uses 1500 PC cycles/s for the Inner Loop Power Control.
Each timeslot (TS) has a Transmit Power Control (TPC) command.
The UTRA TDD mode flexibly uses 100 to 800 PC cycles/s for the Inner Loop Power.
The minimum number of 100 PC cycles/s is correlated with the duration of a frame
(10 ms). Depending on the frame configuration, up to 800 PC cycles may be required
for a subscriber.
Power classes and dynamic performance

The maximum power of the Node B (FDD & TDD) is vendor-specific. Dynamic
performance of 30 dB must be ensured. The power can be provided in PC stages of
1, 2 or 3 dB.
The UE has 4 power classes that differ in the FDD and TDD modes.
In the FDD mode, the maximum power of the UE classes is 2000 mW, 500 mW,
250 mW and 125 mW.
In the TDD mode, the maximum power of the UE classes is 1000 mW, 250 mW,
125 mW and 10 mW. The 10 mW class is used for unlicensed operation.
The minimum UE power should be about 0.04 µW. The power can be provided in PC
stages of 1, 2 or 3 dB.
3G TS 25.410 provides an overview of the different PC types. Power classes and

dynamic performance are described in TS 25.101 or 25.102 for UE (FDD or TDD), in
TS 25.104 or 25.105 for Node B (FDD or TDD).
6
UTRA
Power Control
• •FDD:
FDD:1500
1500PC
PCcycles/s
cycles/s
(1(1TPC
TPCjejeTS)
TS) Fast
• •TDD:
TDD:100
100- -800
800cycles/s
cycles/s Power Control
(100/s:
(100/s:per
perframe;
frame;>100/s:
>100/s:
depends
depends onframe
on frameconfiguration)
configuration) ® UTRA Capacity
BTS Interference limited
® system stability
max. power:
vendor specific
PC steps:
1, 2, 3 dB
Dynamic:
30 dB (= 1000)
UE
max. power (4 classes):
• FDD: 2000 / 500 / 250 / 125 mW
• TDD: 1000 / 250 / 125 / 10* mW
UE: PC steps: 1, 2, 3 dB
UE:TS
TS25.101/102
25.101/102(FDD/TDD)
(FDD/TDD)
BTS:
BTS:TS
TS25.104/105
25.104/105(FDD/TDD)
(FDD/TDD) min. power: 0,04 mW
TPC: Transmit Power Control
* for unlicensed operation
Receiver Sensitivity: -110 dBm
Fig. 4
7
2 RAKE Receiver
UTRA Aspects
RAKE Receiver
Þ
CDMA Advantage
from
Multipath
propagation
Path 2
Path 1
Path 3
RAKE Receiver
Fig. 5
8
Siemens
UTRA Aspects Siemen
UTRA Aspects
RAKE receiver
CDMA can benefit from multipath propagation of radio waves with the use of a so-
called RAKE receiver. The information for transmission reaches the receiver in
practice not only by direct "line of sight", but also via echos from obstacles. Normally
this increases the noise level, a situation that is not desirable. The reflected
information passes over longer paths than the direct line of sight and is therefore
delayed. If the delay is longer than one chip, the receiver usually regards the
reflected information as undesirable noise. The use of RAKE receivers turns this
disadvantage to an advantage.
A RAKE receiver has a number of RAKE fingers. Each of these RAKE fingers
changes (by de-spreading) broadband signals with different delays from the same
source (i.e., with the same spreading code) back into user information by using the
spreading code. This can be done because the different RAKE fingers apply the
spreading code with delays.
The RAKE fingers obtain information from a so-called Matched Filter (MF) for the
synchronization required. The MF compares incoming information with predefined
data sequences. These sequences are shifted in time. If the incoming chip
sequences match the predefined sequences, a power peak is registered. Predefined
information and information in the UL / DL contain so-called pilot sequences or the
mid-ambles of the TDD bursts. The MF returns information on the delays of the
different user signals in this way. It also supplies information on the amplitude of the
different user signals.
The RAKE fingers are responsible for the de-spreading of the user signals received
by multipath propagation. The fingers also correct the information with regard to
phase and adapt the timing of the information.
Depending on the signal strength (MF information), the information components are
summed (Maximum Ratio Combining).
A strong signal consisting of multipath components is therefore obtained in this way
with a RAKE receiver.
9
RAKE
Receiver
RAKE Receiver:
several „finger“ for multipath components
De-
Matched Filter MF: Spreading
measures „Pilot“ Code (t-d1) „Finger 1“ a1
Þ „Delay“ estimation
5
De-
Spreading a2
Code (t-d2) „Finger 2“
Path 2 (d2, a2) a3
De-
Spreading
Path 1 Code (t-d3) „Finger 3“
(d1,a1)
Maximum
Ratio
Combining
Path 3 (d3, a3)
RAKE finger:
• Despreading (® MF-Info!)
d: delay • Phase correction
a: attenuation • „Delay“ correction
Fig. 6
10
Siemens
UTRA Aspects Siemen
UTRA Aspects
MultiUser Detection (MUD)

MultiUser Detection (MUD) and Interference Cancellation (IC) can be used for
clearing intra-cell noise. In doing so, the MUD / IC can
1. increase the capacity of the system. Different models indicate that MUD / IC can
theoretically increase the system capacity by a factor of 2.8 and
2. reduce the "near-far" problem.

The broadband information of all UE in a cell generated with the use of different
spreading codes is received by the receiver of a BTS (Node B). The information
is despread in the receiver using the same spreading code. MUD processes the
signals jointly in order to separate undesirable interference due to the other users
in the cell from the signal wanted. In this way, large parts of the intra-cell
interference can be separated from the overall signal and canceled: hence
Interference Cancellation (IC). The desired signal of a specific user is clearly
distinguishable from the background. MUD therefore provides a much better
signal to noise ratio (S/N).
Since the capacity of CDMA systems is mainly limited by interference (there is
however also a restriction regarding the number of available orthogonal codes),
MUD / IC contributes to an increase in capacity.
MUD / IC is a relatively complex method. It is consequently mainly to recommend
for applications in the UL direction – i.e., in Node B. However, there are also
studies on the use of MUD / IC in user equipment (UE). The interferences of the
most powerful "disturbers" can be canceled at least.
MultiUser
Detection MUD Node B
Interference Cancellation IC
MultiUser Detection MUD &
De- Data 1
UE 2: Spreading
Code 2 Code 1
De- Data 2
Spreading
Code 2
De- Data n
UE n: Spreading
Code n Code n
UE 1:
Code 1
BTS MUD:
• mainly for UL (in Node B)
(Node B)
• reduces Intra-Cell interferences
Þ increases capacity
• reduces Near-Far problem
Fig. 7
11
3 Handover
UTRA Aspects
UE Measurement:
Connection quality & strength
+ strength of own & surrounding BTS
Measurement: Measurement Report

Connection quality & strength
BTS
Pre-processing of measurements
Measurement
Report
HOV
Decision
UMTS Handover Activation of new BTS

• decision similar GSM „Active Set“ Update
• initiated by RNC RNC
• performed by UE
Handover
Fig. 8
12
Siemens
UTRA Aspects Siemen
UTRA Aspects
UTRA handover
The criteria and procedures for performing handover in UMTS are similar to those in
GSM. The UE and BTS determine the quality and strength of a radio transmission.
The UE also determines the signal strength and quality of its own and the local
BTS's. The measurement values are compiled in a measurement report for use by
the RNC as a basis for deciding for or against handover. If handover is decided upon,
the new BTS is activated and included in the so-called active set. The RNC is
responsible for decisions regarding the acceptance or rejection of handovers, while
the execution (initiation of contact with the new BTS) is the responsibility of the UE.
Hard handover
Hard handovers refer to handovers in which a mobile station (MS) transmits its user
information only via one base station at any one time. Up until the time of the
handover command, the MS communicates with the old base station over a specific
physical channel. After the handover command, the MS changes the physical
channel and then communicates with the new base station.
Hard handovers are used in GSM and in the following cases in UMTS:
During TDD / TDD handovers
During FDD handovers if the frequency (interfrequency handover) or the Core
Network is changed
During inter-system handovers – for example, when changing from FDD to TDD or
from UMTS to GSM.
Soft handover
Soft handovers refer to handovers in which a mobile station (MS) transmits its user
information via more than one base station at the same time. Soft handovers can be
used in CDMA systems in order to prevent an increase in power of the MS in
boundary areas between different cells. This reduces the interference level and
therefore increases the capacity of the system. Moreover, the contact with more than
one base station ensures the connection to a moving MS in difficult terrain.
Soft handovers are used in IS-95 and MC-CDMA and in the following cases in
UMTS:
During FDD / FDD handovers (without frequency changes).
13
Hard & Soft Handover
DL
UL DL UL DL
Hard Handover Soft Handover

• GSM
• UTRA TDD
• UTRA FDD at: • IS-95
• Interfrequency HoV (HCS)
• CN-Change • MC-CDMA
• Inter-System HoV • UTRA FDD
• FDD - TDD
• UMTS - GSM
Fig. 9
14
Siemens
Siemen
Soft handover
UE can communicate with two or three BTS's during soft handovers in the UTRA
FDD mode due to the fact that all cells use the same frequency. If the mobile station
enters the boundary area between two or three cells, the RNC can decide that a
connection with two or three BTS's is advantageous. The RNC reserves
corresponding codes in the different cells for the UE and commands the UE to
implement handover to the new BTS (or BTS's). As of this time, the information is
handled by the relevant BTS's. The identity of the cells involved in the connection is
stored in the RNC as an active set.
The Node B's receive the transmission from the UE, despread it and forward the
information over the Iub interface to the RNC. The RNC combines this information
and forwards it via the Iu interface to the Core Network (CN). This procedure is
implemented frame for frame. The quality of the supplied frames is the basis for
assessment. Only information in frames with top quality is used.
The gain due to reception of additional signals in soft handovers is also known as
macro diversity.
In the opposite direction, the RNC splits the information from the Core Network and
forwards it to the different Node B's. During soft handover the UE receives the
transmission of the (apart from the TPC command) identical information from the
various Node B's / BTS's. The transmission information from the BTS's is despread
by different RAKE fingers and combined (Maximum Ratio Combining – MRC).
Softer handover
Softer handovers are handovers between sector cells in the same Node B. The
transmission information received via the antennae of the different sector cells is
handled by different RAKE receivers and combined in the Node B itself (Maximum
Ratio Combining – MRC). Softer handovers are internal Node B affairs. Additional
(Iub) transmission capacity to the RNC is not required.
The gain due to reception of additional signals in softer handovers is also known as
macro diversity.
15
Soft / Softer Handover
Soft Handover Softer Handover

• between sector cells
Node B • Combining via RAKE
• Node B internal
Sector cells
Node B
Iub
Node B
Node B
Iub
Iub
Combining / RNC Active
Splitting Set
Iu RNC
Active Set:
max. 3 Cells
CN
Fig. 10
16
Siemens
UTRA Aspects Siemen
UTRA Aspects
Inter-RNC Soft Handover

An interesting special case of soft handover is the inter-RNC handover. In this case,
the Node B's involved in the soft handover belong to different RNC's.
The RNC responsible for control of the soft handover is referred to as the serving
RNC (SRNC). It combines information received from the different Node B's in the
direction of the Core Network (CN) or splits the information transmitted in the
opposite direction. It also stores information regarding the cells involved in the soft
handover (in an active set).
The other RNC responsible only for allocating radio resources is known as the drift
RNC (D-RNC).
Since the handover is to be controlled autonomously in UMTS by the UTRAN as part
of the Radio Resource Management (RRM), an interface is required between both of
the RNC's participating in the soft handover. D-RNC and S-RNC exchange signaling
information and user information via the Iur interface.
The S-RNC has no anchor functionality (comparable to an anchor MSC). The D-RNC
can adopt the function of the S-RNC with an S-RNC relocation procedure if
necessary. The previous S-RNC is then released. The link between both RNC's over
the Iur interface is no longer required. The link is directly handled by the participating
Node B (or Node B's) via the Iub interface using the new S-RNC and sent from there
to the CN via the Iu interface.
Soft Handover
S-RNC: Serving RNC
D-RNC: Drift RNC
Inter-RNC HoV RR: Radio Resource
Node B
Iub
Node B
Node B RNC
Iub
Iub
Iur
Combining / RNC Active
Splitting Set
Iu • S-RNC: Combining/Splitting + RR allocation
• D-RNC: only RR allocation
• change D-RNC ® S-RNC possible
CN
Fig. 11
17
Siemens
Siemen
UTRA FDD & TDD – Key parameters

The UTRA FDD and TDD modes have many common key parameters:
l Bandwidth B = 5 MHz
l Chip rate Rc = 3.84 Mchip/s
l Re-use factor = 1
l The timing structures are identical:
l 1 TS = 2560 chips (=2/3 ms)
l 1 frame = 15 TS = 10 ms (= 38400 chips)
l 1 superframe = 72 frames = 720 ms (= 6 GSM TCH multiframes)
l FDD and TDD both use the "OVSF code tree" for channelization codes.
Differences between TDD and FDD are mainly based on the different multiplex
methods used (and of course on the different UL/DL coordination/frequencies).
The FDD mode uses pure DS-CDMA thereby producing a continuous transmission.
The shortest transmission duration is one frame (10 ms).
The TDD mode uses a TDMA / DS-CDMA hybrid solution which produces
transmission of bursts.
The FDD mode uses 1500 power control cycles (1 TPC / TS).
The TDD mode uses 100 to 800 power control cycles/s depending on the frame
configuration.
The FDD mode mainly uses soft handovers (except for changes in frequency /
system).
The TDD mode uses hard handovers.
The FDD mode has advantages in its use of relatively large cells (macro and micro
cells), particularly for UE moving at high speed. The TDD mode offers advantages for
small-space, quasi-stationary applications (in pico and micro cells).
The main advantages of the TDD mode are as follows:
l Flexible use in new frequency areas (reframing); only 1 x 5 MHz required
l Unlicensed operation with low power equipment (power class 4) possible
l Asymmetric distribution of resources for UL & DL (higher resource efficiency).
18
UTRA FDD & TDD

Key Parameter Zone 3: Suburban
Zone 2: Urban
Zone 1:
Indoor
Macro Cell Micro Cell Pico Cell
FDD & TDD

FDD • bandwidth B = 5 MHz TDD
• continuous transmission • chip rate Rc = 3,84 Mchip/s • bursty structure
• SF = 4 - 256/512 • Re-Use = 1 • SF = 1 - 16
• 1500 PC-cycles/s • OVSF Code tree • 100 - 800 PC cycles/s
• Soft Handover • 1 TS = 2/3 ms = 2560 chip • Hard Handover
• 1 frame = 10 ms
• 1 Superframe = 72 frames
Fig. 12
19
Chapter 6
UMTS Radio Access
Basic Principles
UMTS Radio Access: Basic Principles Siemens
UMTS Radio Access: Basic Principles
Contents
1 Transmission Principles & Examples 23
2 Principle of CDMA & Example 191
3 UTRA: The UMTS Terrestrial Radio Access 2127
3.1 UTRA Conception & Harmonization 2228
3.2 FDD / TDD – Technical Parameters 2632
3.3 UTRA Codes 3036
3.4 UTRA Timing Structures 3440
3.5 Summary – Key UTRA Parameters 3642
4 MC-CDMA / UTRA / TD-SCDMA Comparison 3845
5 Exercise 4251
6 Solution 4657
1
1 Transmission Principles & Examples
UTRA Basics
UL DL
FDMA
Duplex
transmission
Multiple
FDD TDD Access
TDMA CDMA
& 2G Examples
Fig. 1
2
Siemens
UMTS Radio Access: Basic Principles Siemen
Transmission principles and examples

The mobile transfer of information in a cell between base stations and mobile stations
requires coordination of the information transmission. Two different aspects require
coordination. Firstly, during today's typical full duplex transmission, the two
transmission directions (uplink and downlink) must be coordinated between a mobile
station and the base station. Two different principles are applied for duplex
transmissions: Time Division Duplex (TDD) and Frequency Division Duplex (FDD).
Secondly, the transmission between the different mobile stations of a cell and the
base station must be coordinated. Three different multiplex methods are mainly used
for this purpose: Frequency Division Multiple Access (FDMA), Time Division Multiple
Access (TDMA) and Code Division Multiple Access (CDMA).
Duplex transmission: FDD & TDD

Two duplex methods are used for coordinating the uplink (UL) and downlink (DL)
components of a transmission between a base station and a mobile station, namely
Frequency Division Duplex (FDD) and Time Division Duplex (TDD).
UL and DL are implemented for FDD in different frequency bands. The gap between
the two frequency bands for UL and DL is known as the duplex distance. It is
constant for all mobile stations in a standard. Generally the DL frequency band is
positioned at the higher frequency than the UL band.
In the case of TDD, UL and DL are implemented in the same frequency band. This is
done by dividing the band into timeslots (TS) and frames. A frame contains a specific
number, n, of timeslots, TS. A number of these n timeslots is reserved for UL
transmission (half of the timeslots in 2G systems) and the remaining for DL
transmission. The duration of a frame determines the cyclical repetition of the
corresponding UL / DL transmission. The UL and DL transmission occurs quasi
simultaneously – i.e., the duration of a frame is generally in the range of a number of
ms.
TDD transmission is mainly used as of the 2nd mobile communications generation (in
digital transmissions). Digital transmission simplifies speech and data compression.
As a result, only a fraction of the time needed for analog transmission is required for
digital transmission of subscriber data.
3
Duplex Transmission:
·
FDD & TDD ·
·
TDD:
Time t
duplex distance
UL UL / DL
separated by
Time t
Time!
UL DL DL
UL
DL
frequency f
Frame
FDD: UL / DL with n TS
separated by
UL
Frequency!
FDD: Frequency Division Duplex
TDD: Time Division Duplex
frequency f
TS: Time Slot
Fig. 2
4
Siemens Radio Access: Basic Principles
UMTS Siemen
Multiplex methods
Multiplex methods are used to divide the limited frequency resources of a cell
between the different subscribers and mobile stations in the cell. Three different
methods are mainly used today: Frequency Division Multiple Access (FDMA), Time
Division Multiple Access (TDMA) and Code Division Multiple Access (CDMA). Other
multiplex methods are currently being researched or developed (for example, Space
Division Multiple Access – SDMA).
Frequency Division Multiple Access (FDMA)

FDMA divides the available frequency range into channels with a specific bandwidth
(frequency band). One of these frequency bands is made available to a single
subscriber without restriction throughout the entire duration of a connection. Each
subscriber in a cell therefore uses a different frequency band than the other
subscribers. In this way undesirable noise can be avoided (or reduced as much as
possible or as required).
Time Division Multiple Access (TDMA)

Unlike FDMA, a single frequency band is available to a number of different
subscribers with TDMA. The frequency band is divided into TDMA frames for this
purpose. Each frame is divided into n timeslots (TS). Each of the n timeslots of a
frame can be assigned to a different subscriber. In this way, a single frequency band
can carry up to n subscribers. The transmission of a single subscriber comprises
individual timeslots assigned cyclically to the subscriber (generally 1 TS per frame;
longer cycles are also possible). With TDMA, each frequency band is also used only
by a single subscriber at a particular time. This prevents interference occurring
between different subscribers (or prevents noise as much as possible or as required).
Code Division Multiple Access (CDMA)

In contrast to TDMA and FDMA, multiple subscribers can use the same frequency
band at the same time with CDMA. Each subscriber is provided with a unique (in the
cell) code for this purpose. The transmitter links the original information with the
code. The coded information is then transmitted over the radio interface. The original
information is regenerated in the receiver using the same code.
5
Multiple Access Power

Power P
P TDMA
time t
FDMA time t
TS 3
TS 2
TS 1
1 2 3
frequency f
frequency f
Power co-ordination of
P time t restricted frequency resources
CDMA to different subscriber
Multiple BS & MS with common

Access knowledge according
3
2 FDMA Frequency
1 TDMA Time
CDMA Code
frequency f
Fig. 3
6
UMTS Siemen
Duplex & multiplex methods – Examples

FDD / FDMA
Systems belonging to the 1st mobile communications generation (1G) generally use
FDD methods for duplex transmission and FDMA for multiplex access. Subscriber UL
and DL are in different frequency ranges. One frequency band in the frequency
ranges is available without restrictions to individual subscribers in each case.
Examples of cellular FDD / FDMA systems are the 1G systems – AMPS, NMT, TACS
and C450.
The C450 system, for example, uses the frequency ranges 450 – 455.74 MHz and
460 – 465.74 MHz for UL and DL transmissions respectively. The frequency
bandwidth is 20 kHz, the duplex distance 10 MHz.
FDD / TDMA
Systems belonging to the 2nd mobile communications generation (2G) generally use
FDD for duplex transmission and TDMA for multiplex access. Subscriber UL and DL
are therefore in different frequency ranges. Usually one timeslot (TS) is cyclically
available to individual subscribers in a frequency band in the frequency ranges. To
enable faster data rates, multiple TS's of a frequency band can be grouped together
for a subscriber in some cases. Examples of FDD / TDMA systems are the cellular
2G systems – GSM, D-AMPS and PDC.
GSM900, for example, uses the frequency ranges 890 – 915 MHz and 935 –
960 MHz for UL and DL transmissions respectively. The frequency bandwidth is
200 kHz and the duplex distance 45 MHz. The frequency bands are divided into
TDMA frames, each 4.615 ms in duration. Each TDMA frame is divided into 8 TS's.
TDD / TDMA
Low-range 2G systems sometimes use TDD for duplex transmission and TDMA for
multiplex access. An example of TDD / TDMA transmission is DECT.
DECT uses 10 frequency bands, each with a bandwidth of 1.728 MHz, in the
frequency range 1880 – 1900 MHz. The frequency bands are divided into TDMA
frames, each 10 ms in duration. Each TDMA frame is divided into 24 TS's. 12 TS's in
a frame are used for UL transmission, 12 for DL.
FDD / CDMA
CDMA is used by a number of 2G systems, but mainly by 3G systems. An example
of a 2G system that uses FDD for duplex transmission and CDMA for multiplex
transmission is the IS-95 system (described later).
7
time
Examples
1 2 3 4 5 6 7 8 9 101112131415161718192021222324
Duplex distance:10 MHz
20 kHz
1G: time
A
FDD, UL
TDMA frame (10 ms)

pure
UL DL
FDMA Example:
C450 Example:
e.g. ••• ••• DECT
C450,
NMT,
A
AMPS DL
450 455,74 460 465,74
frequency [MHz]
10
1
9
2
3
7
8
time Duplex distance: 45 MHz 1,88 20 1,90
GHz MHz GHz
TS7 frequency
Example: 1,728
TS6 2G MHz [MHz]
GSM900
TS5
frame cellular: 2G CT:
TS4
FDD, TDMA TDD, TDMA e.g. DECT
4.615 TS3
ms ••• ••• (&FDMA)
TS2
e.g.
TS1 GSM, PDC,
TS0 D-AMPS 2G Example CDMA:
200 kHz frequency [MHz]
IS-95 (later)
Fig. 4
8
2 Principle of CDMA & Example
UTRA Basics
Power
P Code Division
time t
Multiple Access
3
2
1
frequency f
CDMA
Basics & Example
Fig. 5
9
Siemens
UMTS Radio Access: Basic Principles UMTS Radio Access: Basic Principles
Siemen
The CDMA principle

CDMA is a Spread Spectrum Technology (SST). The origins of SST go back to the
1920's. SST's were used from the 1950's to the 1980's in the military sector – for
example, for satellite navigation. CDMA has been released as an SST for civilian use
since the mid-1980's. The first cellular mobile communications system to use CDMA
for multiplex transmission was IS-95. It began commercial operation at the end of
1995.
In SST's a narrowband signal with high information concentration is transformed to a
broadband signal with low information concentration – this is known as spreading.
The signals are very stable against the influence of narrowband natural or technical
interference (background noise) and interfering transmitters (intentional jamming).
There are different ways of performing the spreading.
For spreading subscriber information for CDMA, a unique (in the cell) code is
provided for each subscriber. This code is referred to as the spreading code. The
linkage of the high bit rate code with the original subscriber information transforms
the original signal into a broadband signal. This broadband signal is transmitted
together with broadband signals from other subscribers using the same frequency
band over the radio interface. The receiver receives the sum of all of these signals.
By relinking the summation signal with the (synchronized) subscriber code the
original subscriber information is regenerated (a process known as de-spreading).
The remaining information stays in its broadband form and therefore constitutes an
underlying signal. The information remains useful as long as the underlying signal
does not dominate the despread signal. The information for the different subscribers
can be separated because of the orthogonal (or quasi orthogonal) attributes of the
code used.
CDMA user 1
user 2
Principle CDMA: user 1 & 2
• Spread Spectrum Technology
• every user with unique Code
• high bit rate Code: Spreading / De-Spreading
Power P
frequency f
frequency f
Unspread Spread Radio Transmission = after

Signals Signals 5 spread signals De-Spreading
Fig. 6
10
Siemens
Siemen
Advantages of CDMA
The CDMA principle is associated with many attributes that can have positive effects
for transmission of information.
The coded transmission and the low information concentration of the CDMA signals
were particularly important for the military applications. A transmitted signal can only
be despreaded, and the data regenerated, if the receiver has the correct spreading
code. The low information concentration allows information to be discretely
transmitted – the signals are for all intents and purposes concealed in background
noise.
The high level of stability of the broadband information transmission against the
effects of narrowband background noise is vitally important for military and civil
utilization. Frequency hopping is used in narrowband systems (such as GSM) to
obtain this effect.
Yet another CDMA attribute is extremely important for civil applications in mobile
communications systems. CDMA in principle allows the re-use of the same frequency
band in all neighboring cells (re-use = 1). In contrast, the same frequency bands
cannot be re-used in neighboring cells in FDMA or TDMA systems. To prevent
interference by subscribers at the same frequencies or in the same timeslots, cells
with identical frequencies must be spatially separated. In FDMA and TDMA systems,
cells are arranged in a careful, complicated frequency planning process. Re-use
schemes of 1/7, 1/9, etc. are typical. As a result, only one part (1/7, 1/9, ...) of the
theoretically available frequency band can be used in the one cell.
CDMA can therefore in principle do without complicated frequency planning, and
allows efficient usage of the available (scarce) frequency resources.
The limits to transmission capacities in FDMA and TDMA systems are determined by
a fixed number of physical channels. With CDMA, however, there is a "soft" capacity
limit. The capacity of CDMA systems is mainly restricted by the interference of other
subscribers in a cell (so-called intra-cell interference) and interference from other
cells (inter-cell interference).
Another CDMA advantage is a stable transmission especially in severe environment.
This is caused by the so-called Multipath Advantage and Soft Handover. Both effects
are described later.
Due to an essential need for precise and fast Power Control, CDMA mobile stations
also need less transmission power than TDMA mobiles. The UMTS Power Control is
also described later on.
11
CDMA
® narrow-band interference
• Stability®
Advantages • Stability in severe environment
(® Multipath Advantage, Soft HoV)
• simple frequency planning (Re-Use: 1)
• efficient radio resource usage
• lower transmission power (® Power Control)
Frequency & radio network planning

TDMA CDMA
(e.g. GSM with Reuse 1/7) (UMTS; Reuse: 1)
3/7 1/1
2/7 4/7 1/1 1/1
1/7 1/1
7/7 5/7 1/1 1/1
6/7 1/1
Re-Use 2/7
Distance
Fig. 7
12
Siemens
CDMA types
Signals can be spread for CDMA using a number of different methods. The following
three CDMA methods are most commonly used: TH-CDMA, FH-CDMA and
DS-CDMA.
Time Hopping CDMA (TH-CDMA)

The information-carrying signal is not continuously transmitted in the TH-CDMA
method. Instead, information is transferred in bursts. The burst transmission time is
specified by the spreading code.
TH-CDMA was developed at the end of the 1940's as the first CDMA method, and
was used for military purposes.
Frequency Hopping CDMA (FH-CDMA)

The carrier frequency of the information-carrying signal is changed constantly during
FH-CDMA. Very fast as well as slow changes are possible. The bandwidth at any
particular time is relatively narrow. When considered over a longer period, FH-CDMA
is just as much a broadband method as TH-CDMA and DS-CDMA. The change in
carrier frequency is specified by the spreading code.
An example of the civil use of FH-CDMA is the so-called Bluetooth standard.
Bluetooth allows the transmission of information at high data rates over small
distances in the unlicensed frequency range around 2.4 GHz.
Direct Sequence CDMA (DS-CDMA)

In DS-CDMA, subscriber information (digital in 2G and 3G systems) is spread directly
by linking with a sequence of the spreading code. This results in continuous (in
contrast to TH-CDMA) transmission of the broadband signal over the entire
bandwidth (in contrast to FH-CDMA).
DS-CDMA is used for IS-95 and the Globalstart satellite system, for example. In 3G,
UMTS is based on DS-CDMA.
13
CDMA
Types
time t
Time DS-CDMA
Direct Hopping ® IS-95
Sequence (TH-CDMA) ® Globalstar
(DS-CDMA) ® UMTS
Frequency FH-CDMA
Hopping ® Bluetooth
(FH-CDMA)
frequency f
Fig. 8
14
UMTS Siemen
Direct Sequence CDMA – Transmission and reception

Digital, binary subscriber information is linked in the transmitter with the spreading
code generated by a code generator – this process is termed spreading. The
spreading code consists of a high bit rate code sequence. The smallest unit of
information in the spreading code is referred to as a chip to distinguish it from the
smallest unit of subscriber information, the bit. The rate of the spreading code is
known as the chip rate. The information obtained by spreading is modulated to a
carrier frequency. The higher the information rate (i.e. the chip rate), the wider the
bandwidth of the resulting signal.
The broadband signal is transmitted over the radio interface.
The receiver demodulates the signal and links the resulting information with the same
spreading code used in the transmitter. This process is known as de-spreading. De-
spreading produces the original subscriber information. It is vital for de-spreading that
the code in the receiver be exactly synchronized in time with the code in the
transmitter. A shift by just one chip prevents information from being regenerated.
DS-CDMA: +1
Transmission / Spreading
-1
Reception Code
1
Chip
Air
Interface
Binary Binary
Data Wideband De- De- Data
Spreading Modulation Modulation
RB Spreading R
B
time-
RC fT RC synchronisation
!!!
Code Carrier Carrier Code

Generator Generator Generator Generator
RB: Bit Rate
RC: Chip Rate
fT: Carrier frequency
Fig. 9
15
Siemens
Siemen
Spreading / de-spreading
In UMTS, the binary, digital subscriber data (1, 0) is converted on the transmission
side to bipolar data (+1, –1) before the spreading process takes place. The spreading
code also consists of bipolar data. The value of a chip can be +1 or –1. The
subscriber data is then multiplied by the high chip rate spreading code. The result is
the coded data, which is then transmitted over the radio interface.
The receiver multiplies the received, code data sequence with the bipolar spreading
code to obtain a bipolar data sequence. The original subscriber data is recovered by
converting this data sequence to binary, digital data.
Spreading Factor (SF)

The spreading factor (SF – also frequently known as the Processing Gain, Gp)
indicates the number of chips that spread a symbol each time (see below). The SF
therefore states the relationship between the chip rate, Rc (chip/s) and the data rate
of the subscriber (symbol/s or bit/s). SF also gives the relationship between the
spread bandwidth B and unspread bandwidth W.
Information units: chips, bits, symbols

The smallest unit of digital information is generally called a bit (an abbreviation
derived from "binary digit"). To distinguish the smallest units in the original subscriber
information, spreading code and data transmitted over the radio interface, different
terms are used, namely: bit, chip and symbol respectively.
A symbol can have different numbers of bits depending on the modulation method
used for transmission over the radio interface. Symbols have one bit each in the
Gaussian Minimum Shift Keying (GMSK) method used in GSM and in the Binary
Phase Shift Keying (BPSK) method used for UMTS UL (FDD only) transmission. In
the Quadrature Phase Shift Keying (QPSK) method used generally for UMTS, a
symbol has two bits, and in the 8 Phase Shift Keying (8PSK) methods used in EDGE
even three bits.
16
Spreading / De-Spreading
1 Symbol
Binary Data 1 0 1 0
+1
Bipolar SF = Rc / RS
Data -1
x =B/W
+1
Spreading
Code -1
= Bit / Symbol ®
+1 modulation principle
Spreaded
e.g.:
Data -1 GMSK: 1 / 1 (Bit/Symbol)
x BPSK: 1 / 1
+1 QPSK: 2 / 1
Spreading 8PSK: 3 / 1
Code -1
= B = bandwidth, spreaded
W = bandwidth, un-spreaded
+1 RS: Symbol Rate [symb/s]
Bipolar RB: Bit Rate [bit/s]
Data -1
RC: Chip Rate [chip/s]
SF = Spreading Factor
GMSK: Gaussian Minimum Shift Keying
BPSK: Binary Phase Shift Keying
Binary Data 1 0 1 0 QPSK: Quadrature PSK
8PSK: Eight PSK
1 Chip
Fig. 10
17
UMTS Siemen
Spreading / de-spreading – An example

The example portrays CDMA transmission for two users. Orthogonal spreading
codes with a spreading factor of 2 are used for both users (1/2).
The original information of the two users (data users 1 and 2) are converted to bipolar
data (1 / 2) and multiplied by the spreading code (1 / 2).
The coded signals interfere with each other during transfer over the radio interface.
The receivers receive the overall signal (of both users). By multiplying the overall
signals with the spreading code (1 / 2) different data sequences (de-spread data
1 / 2) are obtained for users 1 and 2. The sequences are integrated during the
duration of a symbol. The information is interpreted as 1 for positive results and 0 for
negative results. The final result is the original information of the two users 1 / 2.
Integration / capacity restrictions

The integration of the data signals is an important component of the de-spreading
process. If a single coded signal of a user is multiplied by the correct code and then
integrated during the length of a symbol, information is obtained that can be clearly
interpreted. The higher the spreading factor, the clearer ("stronger") the information.
A high spreading factor therefore assures a high level of transmission security (but at
a lower data rate however).
If the coded signal of a user is multiplied by a different code and then integrated, a
zero is obtained for strict orthogonality of the codes – i.e., the result cannot be
interpreted. With the quasi orthogonality used in practice there is little
"misinformation" when compared with the process of multiplying with the correct code
followed by integration. Care must be taken in practical applications to prevent the
sum of the "misinformation" from outweighing the strong (correct) information – i.e.,
the system capacity is limited by the background noise from the transmissions of
other users.
18
Spreading / Data User 1 1 0 1 Data User 2 0 0 1

De-Spreading Bipolar +1 Bipolar +1
Data 1 -1 Data 2 -1
Example: x x
+1 +1
SF = 2; Code 1 Code 2
2 user -1 -1
= +1
= +1
Code 1 Spread Spread
= ( 1 / -1) Data 1 -1 Data 2 -1
Code 2
= ( 1 / 1) Receiver: 5 Spreaded Data; hier: 5 = 0 -2 -2 0 2 0
S Signals +2 S Signals +2
(Receiver) 0 (Receiver) 0
-2 -2
x x
+1 +1
Code 1 Code 2
-1 -1
= =
De-Spread +2 De-Spread +2
0 0
Data 1 -2 Data 2 -2
after +2 after +2
Integration Integration -2
-2
Þ User Data 1 1 0 1 Þ User Data 2 0 0 1
Fig. 11
19
Siemens
Siemen
2G CDMA example: IS-95

IS-95 was developed at the end of the 1980's/beginning of the 1990's and released in
1993 as the TIA standard (USA) for the 800-MHz range. The standard was revised in
1995 (IS-95A). The system was taken into commercial operation at the end of 1995.
Other TIA and ANSI standards are available as IS-95 variants for the 1900-MHz
range and for transmissions at higher data rates (up to 115.2 kbit/s).
MC-CDMA, one of the 3G systems evolving from IS-95, is based on IS-95
parameters.
IS-95 uses FDD for duplex transmission. The duplex distance in the 800-MHz range
is 45 MHz and 80 MHz in the 1900-MHz range.
IS-95 uses CDMA for multiplex access. The bandwidth B is 1.25 MHz. In practice, 3
carriers can be accommodated in 5 MHz of bandwidth under consideration of guard
bands.
The network is synchronized to within a few µs using GPS signals.
The chip rate, Rc, used for IS-95 is 1.2288 Mchip/s. Orthogonal Walsh codes are
used as spreading codes. The spreading factor is 64. The spread information is
overlaid with so-called pseudo noise codes specific for the BTS and MS (the chip rate
is also 1.2288 Mchip/s). These pseudo noise codes have quasi orthogonal attributes.
QPSK is used for modulation in DL transmissions and BPSK in UL transmissions.
Fast Power Control is required for IS-95 CDMA. 800 power control cycles are carried
out per second.
Example CDMA:
IS-95 parameter:
IS-95 (2G) FDD / CDMA
B = 1,25 MHz
Rc = 1,2288 Mchip/s
SF = 64
Modulation: QPSK / BPSK (DL / UL)
Power Control: 800 cycles/s
time t
Duplex distance:
Power P
45 / 80 MHz at
800/1900 MHz
64 PN-Codes range (USA)
1.25 MHz frequency f
Fig. 12
20
3 UTRA: The UMTS Terrestrial Radio Access
UTRA Basics
Zone 4: Global
Zone 3: Suburban
MSS
Zone 2: Urban
Zone 1:
Indoor
Macro-cell Micro-cell Pico-cell
FDD TDD
UTRA:
UMTS Terrestrial Radio Access
Fig. 13
21
Siemens
Siemen
3.1 UTRA Conception & Harmonization

UTRA was technically conceived in different phases.
1st phase of the UTRA conception: Studies on UTRA

In the 1st phase proposals for multiplex methods were collected by the ETSI SMG2
and analyzed with regard to their possibilities and common features. The 1st phase
ended with the SMG#23 Plenary Session in 06/1997.
2nd phase of the UTRA conception: Concept evaluation

Based on the results of the 1st phase, 5 concepts were selected and named after the
first five letters in the Greek alphabet. Concept groups were assigned the task of
evaluating the different concepts. In addition, the SMG2 specified the general
requirements for UTRA in more detail in the 2nd phase. The phase ended with the
SMG#24 Plenary Session held in 12/1997. The 5 concepts were supported by
different groups with different interests (vendors, operators, regulatory bodies, etc.).
The >-concept (orthogonal FDMA: narrowband FDMA/TDMA allowing combination of
different carriers) and the C-concept (broadband TDMA with 1.6 MHz bandwidth and
an option for TS combination) were withdrawn even before this plenary session. It
was decided to adopt the A-concept (Opportunity Driven Multiple Access) as an
optional solution for subsequent supplementation of UTRA. ODMA supports packet
data transfer between the originating and destination locations via a network of
intermediate relay nodes.
The =-concept (pure CDMA with Rc = 4.096 Mchip/s) and @-concept (TDMA/CDMA
with a bandwidth of 1.6 MHz, Rc = 2.167 Mchip/s and GSM timing structure)
presented themselves at the SMG#24 session as UTRA solutions. In the SMG#24A
Plenary Session held on January 28 and 29, 1998, it was decided to use both
concepts for UTRA.
22
UTRA Conception
(ETSI)
Principle
Principle Supported
Supported by
by Remarks
Remarks
Phase 1: Ericsson,
Ericsson, Nokia,
Nokia, pure CDMA
UTRA studies aa-- NEC, Panasonic, pure CDMA
NEC, Panasonic,
(1996 - 06/97) concept
W-CDMA
W-CDMA Fujitsu,
Fujitsu, FDD;
FDD; 4.096
4.096Mchip/s;
Mchip/s;
concept 4,4
4,4 --5,2
5,2 MHz
Mitsubishi
Mitsubishi MHz
Selection of bb-- Sony,

Sony, Telia,
Telia,
5 concepts: OFDMA
OFDMA Lucent, TDMA/FDMA
TDMA/FDMA
concept
concept Lucent, Bosch
Bosch
a-e
gg-- Philips,
Philips, Nokia,
Nokia,
W-TDMA
W-TDMA France TDMA
TDMA
concept
concept France Telecom
Telecom
Phase 2:
Evaluation
(06 - 12/97) UMTS-Alliance:
UMTS-Alliance: TDMA & CDMA
Bosch, TDMA & CDMA
dd-- TD-
TD- Siemens,
Siemens, Bosch,
Alcatel, T-Mobil, FDD/TDD
Alcatel, T-Mobil, FDD/TDD
concept
concept CDMA
CDMA Motorola, Nortel, 2.267
Motorola, Nortel, 2.267Mchip/s;
Mchip/s; 1,6
1,6 MHz;
MHz;
Italtel TS
TS // Frame
Frame wie
wie GSM
GSM
Selection of Italtel
a & d- Concept
(01/98) ee-- Vodaphone,
Vodaphone, option
option for
for
ODMA
ODMA
concept
concept Swiss
SwissTelecom
Telecom aa and
and dd
Fig. 14
23
UMTS
Siemens Radio Access: Basic Principles Siemen
3rd phase of the UTRA conception: Harmonization

It was decided during the SMG#24A Plenary Session to use the =-concept for the
paired bands in UMTS – i.e., as UTRA FDD mode. The @-concept was to be used for
the UMTS unpaired bands – i.e., as UTRA TDD mode. Both modes were harmonized
with each other by 06/1998 with the consequence that dual mode operation
(FDD/TDD) presents no problems. Both modes were designed in such a way that
handover to GSM is unproblematic. The bandwidth of both modes is 5 MHz, including
the guard bands. 4.096 Mchip/s was selected as the Rc.
The modes were also harmonized in the 3rd phase with the IMT-2000 proposal from
ARIB (Japan), who supported the original =-concept as observers in ETSI.
The 3rd phase ended with the submission of the harmonized proposals by ETSI
(UTRA FDD & TDD) and ARIB (WCDMA) to the ITU.
In the period following, the newly founded standardization project, the 3GPP, in which
experts from ETSI (Europe), ARIB (Japan), TTA (South Korea), ANSI T1P1 (USA)
and CWTS (China) participate, took over responsibility for completion of the UMTS
Standard.
Harmonization of UTRA with cdma2000

The TIA (USA) proposal 'cdma2000' is intended as the 3G successors standard to
IS-95. The technical parameters of cdma2000 and IS-95 are therefore very similar
and ensure downward compatibility and handover between 2G IS-95 and 3G
cdma2000. 3.6864 Mchip/s (for DL) and 1.2288 Mchip/s (for UL) were selected as the
chip rates for cdma2000. In 06/1998 cdma2000 was also submitted as an IMT-2000
proposal to the ITU.
In the period following, major economic and patent law-related difficulties arose
between the groups involved in IS-95 / cdma2000 and GSM / UMTS (WCDMA). For
example, the different patents for CDMA and the 3G licensing in Europe and Asia
were contentious points. The USA threatened to invoke the WTO (World Trade
Organization) and block the work for approval of the IMT-2000 proposals in the ITU.
In order to put an end to the wrangling and to satisfy the requirements of an Operator
Harmonization Group (OHG), the 3GPP accepted an OHG proposal in 07/1999 for
harmonization of UTRA and cdma2000.
The result of the harmonization was as follows: UTRA TDD and FDD along with
cdma2000 are given similar parameters to allow the development of chipsets for
mobile stations for all three modes. The three modes are based on DS-CDMA and
can be accommodated in 5 MHz of bandwidth. The signaling is harmonized. The
following core differences still exist: UTRA can be used for non-synchronized
networks, MC-CDMA for synchronized. UTRA TDD and FDD use 3.84 Mchip/s as
chip rate; MC-CDMA n x 1.2288 Mchip/s.
24
UTRA conception
& harmonisation
W-CDMA TD/CDMA
cdma2000
a-concept d-concept
Phase 3: TD/CDMA
TDD
harmonisation
(01 - 06/98)
ETSI-ARIB UTRA UTRA
harmonisation FDD TDD
(05/98)
4,096 Mchip/s 5 MHz
Submission to ITU
(06/98)
UTRA UTRA MC-CDMA

harmonisation FDD TDD (FDD)
UTRA - cdma 2000
(05 - 07/99) 5 MHz 3,6864 Mchip/s
3,84 Mchip/s IMT-2000
Fig. 15
25
Siemens
Siemen
3.2 FDD / TDD – Technical Parameters

UTRA TDD / FDD – Common features
UTRA FDD and TDD modes were harmonized in many central areas – for example:
l Bandwidth B = 5 MHz (including guard bands)
l Chip rate Rc = 3.84 Mchip/s
l Modulation method: QPSK
l Re-use = 1 (i.e., same frequency possible in neighboring cells)
l Pulse shape
l Timing structure (frame & TS duration – described below)
l Spreading codes: based on OVSF (Orthogonal Variable Spreading Factor) codes
UTRA TDD / FDD – Differences

There are also differences in the following central aspects:
FDD uses pure WCDMA (DS-CDMA) for multiplexing. The information is transmitted
continuously spread over the entire bandwidth. The shortest duration of a
transmission is represented by a frame (10 ms).
TDD uses a hybrid solution of TDMA and WCDMA (DS-CDMA) as multiplex access.
Like in GSM, the subscriber information is sent in the form of single bursts. A TDMA
frame (10 ms) contains 15 timeslots (TS) that can contain bursts from different users
(CDMA component).
FDD uses spreading factors of 256 to 4 (UL) or 512 to 4 (DL); TDD uses factors of 16
to 1.
FDD mostly uses soft handover and TDD hard handover (described later).
The 3G TS 25.201 provides an overview of the major common features and
differences along with references to individual aspects.
26
UTRA conception
& harmonisation time t
time t
FDD TDD 15
Power P
Mode
Mode
Frame
Power P
1
TS
frequency f frequency f
FDD & TDD harmonised in: FDD & TDD differences:

• bandwidth: 5 MHz
FDD TDD
• chiprate: 3,84 Mchip/s
• pure WCDMA • WCDMA & TDMA
• modulation: QPSK (continuous transmission) (Bursts: 15 TS / Frame)
• Re-Use = 1 • SF = 4 - 256 (DL - 512) • SF = 1 - 16
• pulse form • Handover: Soft • Handover: Hard
• time structure
• Spreading Codes (OVSF) UTRA
UTRAL1
L1General
GeneralDescription:
Description:
3G
3GTS25.201
TS25.201
OVSF: Orthogonal Variable Spreading Factor Codes
Fig. 16
27
Siemens
Variation in data rate

UMTS allows flexible, dynamic variation of the data rate. The data rate can be varied
in different ways in the TDD and FDD modes.
In the FDD mode, the data rate can be varied by SF variation. SF can vary from 256
– 4 (UL) or from 512 – 4 (DL). This gives rise to symbol rates from 15 ksymb/s (UL)
or 7.5 ksymb(s) (DL) to 960 ksymb/s. This data rate can include the simultaneous
transmission of data belonging to different applications of the same subscriber. In
other words, multimedia applications are possible.
The data rate can be varied in the TDD mode by SF variation and combination of
timeslots (TS). SF can vary from 16 – 1, thus yielding symbol rates of 240 ksymb/s to
3.84 Msymb/s. These symbol rates must be regarded under consideration of the 15
timeslots, TS (TDMA component of the TDD mode). In this way, symbol rates from
16 ksymb/s to 256 ksymb/s are available to a subscriber using one TS by varying the
SF from 16 to 1. This transmission rate can be increased by combining multiple
timeslots in a TDMA frame for one user.
The data rate can also be increased in the TDD and FDD modes by allocating
multiple codes to one user (if the UE is capable of doing so). The allocation of
multiple codes is useful for different applications belonging to the same user that are
served simultaneously. A fine level of granularity of the data rate can be obtained in
this way.
Asymmetric allocation of frequency resources

Strongly asymmetric data streams in the UL and DL directions are expected,
particularly with regard to the mobile use of the Internet in 3G. Both UTRA modes
allow asymmetric transmission of subscriber data. The TDD mode enables network
operators to respond in a flexible manner to the asymmetry and to optimize how they
use their frequency resources. Different numbers of TS's can be used for UL and DL.
However, at least two of the 15 TS's must remain reserved for UL or DL (for different
TDD configuration options, refer to TS 25.221).
28
time t
Data Rate 15
Variation Data rate variation:
• SF = 1 - 16
• TS - combining
2
Power P
1 TDD Asymmetric
UL/DL allocation !!
flexible
Switching Point (min. 2 TS for DL/UL)
Example: UL DL
frequency f
time t
FDD SF =
Rc [chip/s] /
RS[symb/s]
Power P
Data rate variation:

• SF = 4 - 256 (DL: 512)
frequency f
Fig. 17
29
UMTS UMTS Radio Access: Basic Principles
Siemen
3.3 UTRA Codes

The Spreading Code in UTRA is obtained multiplying two different code types: the
Channelization Code and the Scrambling Code.
Channelization Codes
Channelization codes are used to separate channels from the same source.
For DL this channelization means the separation of different users (or, to take it a
step further, different applications of different users) by the BTS.
For UL the channelization means the separation of different applications used
simultaneously by the same UE. Up to 6 different applications are theoretically
possible from individual UE.
The channelization codes for the TDD and FDD modes are Orthogonal Variable
Spreading Factor (OVSF) codes and have orthogonal attributes.
Scrambling Codes
Scrambling codes are used to separate different sources.
For DL this means the separation of different BTS's. Each cell has a scrambling code
to allow the UE to distinguish between neighboring cells. The scrambling codes are
not globally unique cell codes.
For UL the scrambling means the separation of different items of UE in a cell. The
scrambling codes are assigned to the UE by UTRAN.
FDD and TDD use different scrambling codes. So-called gold codes 10 ms in length
(= 38400 chips) are used periodically in FDD. In TDD, sequences of 16 chips are
used periodically.
TS 25.201 provide an overview of channelization and scrambling codes. Details on

the channelization and scrambling codes used for FDD and TDD can be found in TS
25.213 and TS 25.223.
30
different
differentBTS:
UTRA Scrambling
BTS:
ScramblingCodes
Codes BTS
Codes
Channelisation
ChannelisationCode Codeseparates
separates
ULULdifferent
differentapplications
applications
BTS ofof11UE
UE(max.
(max.6;6;SF
SFvariable)
variable)
Channelisation
ChannelisationCode
Code
separates
separatesDL
DLdifferent
differentUE
Spreading Code = UE
Channelisation Code
x Scrambling Code different
differentUE:
UE:
(TS 25.201) Scrambling
ScramblingCodes
Codes
(RNC
(RNCallocated)
allocated)
Channelization
ChannelizationCode:
Code:
BTS separates
separatesphysical
physicalchannels
channels
••DL:
DL: channelsofofthe
channels thesame
sameBTS
BTS
••UL:
UL: channels of the sameUE
channels of the same UE
Spreading
Spreading&&Modulation: Scrambling
TS
Modulation: ScramblingCode:
Code:
TS25.201
25.201(UTRA
(UTRAOverview)
Overview) separates
TS
TS25.213
25.213(FDD),
(FDD),
separatessources
sources
TS ••DL:
DL:separates
separatesdifferent
differentBTS
BTS
TS25.223
25.223(TDD)
(TDD)
••UL:
UL: separates differentUE
separates different UEinin11cell
cell
Fig. 18
31
Siemens
Siemen
UTRA codes – Structure of channelization codes

The channelization codes in the FDD and TDD modes are used for the actual
spreading process. The UTRA channelization codes are based on Orthogonal
Variable Spreading Factor (OVSF) codes of different lengths. A symbol of user
information is spread by a channelization code sequence with a specified length (=
spreading factor, SF) – i.e., number of chips. Different data rates are obtained by
using different spreading factors, SF.
Channelization codes are generated as shown in the next diagram. The (1x1) start
matrix with the value "1" represents the channelization code with SF = 1. All other
matrices are successively constructed by 4-fold insertion of the preceding matrix.
Three of these matrices (top left and right, and bottom left) contain the original values
of the preceding matrix while the fourth (bottom right) contains the inverted matrix
value. The channelization codes of length n (SF = n) are obtained from the columns
of the corresponding matrix (n x n).
A code tree arises in which all codes of a particular length (SF = 1, 2, 4, 8,..., 512)
are orthogonal to each other.
If you take codes that are 256 long, there are 256 different orthogonal codes for 256
different users / applications for FDD DL, for example (ignoring the codes for
signaling), with 15 ksymb/s. In contrast, there are only 4 orthogonal codes of length 4
(SF = 4) with which 960 ksymb/s can be obtained.
Note the following: codes of different lengths in the same branch of a code tree are
not orthogonal. For this reason, codes of different lengths from the same branch are
not permitted to be allocated. A code assigned from a branch of the code tree blocks
all other codes of increasing or decreasing length on the same branch.
32
UTRA Scrambling Codes:

• FDD: for BTS / UE „Gold Codes“;
Codes 10 ms period (1 frame = 38400 chip)
• TDD: for BTS / UE 16 Chip long,
pre-defined sequences
SF = 1 SF = 2 SF = 4 SF = 256
CC256,0
CC256,1
CC4,0 = (1,1,1,1)
CC256,2
CC2,0 = (1,1)
CC1,0 = (1) CC4,1 = (1,1,-1,-1) •

••• • •••
CC4,2 = (1,-1,1,-1) •
CC2,1 = (1,-1)
CC256,254
CC4,3 = (1,-1,-1,1) CC256,255
Channelization Codes (CCn,m) = OVSF Codes
CCn,m generation: 1 1 CCn/2 CCn/2 OVSF =

CC1 = (1) CC2 = CCn =
from columns in CCn 1 -1 CCn/2 -CCn/2 Orthogonal Variable
Spreading Factor
Fig. 19
33
Siemens
Siemen
3.4 UTRA Timing Structures

Chip
The shortest unit of time used in UTRA corresponds to the duration of a chip. Since a
chip rate of 3.84 Mchip/s is used, the duration of a chip is about 260.4 pico
seconds (ps).
Timeslot (TS)
A UTRA timeslot (TS) is defined as the length of 2560 chips: this corresponds to
duration of 2/3 ms. A timeslot is the shortest repetitive period in UTRA.
A timeslot for the TDD mode means the time frame allowed by an HF burst.
In the FDD mode specific information is exchanged cyclically between the UE and
network. An example of this is the power control information (Transmit Power Control
– TPC).
Frame
A UTRA frame is defined by the duration of 10 ms. A frame therefore contains 15
timeslots.
In the TDD mode, a frame is identical with the TDMA frame – i.e., the cyclical
repetitive pattern of the time slots.
In the FDD mode, a frame is the shortest possible transmission duration. Short data
packets for setting up a connection, for transmission of SMS messages or packet-
switched data packets are at least one frame in duration.
UTRA is a radio access solution allowing data rates that are not only flexible, but that
can also be dynamically adapted. A frame is likewise (for TDD and FDD) the shortest
period of time for changing the transmission rate.
Superframe
A UTRA superframe is defined as the duration of 72 frames – i.e., 720 ms.
A superframe is the counting period for defining physical channels. Since it exactly 6
times longer than a traffic channel (TCH) multiframe in GSM (= 120 ms), it enables
adaptation of the timing patterns between UMTS and GSM – as is essential for inter-
system handover between the two systems.
34
UTRA
time
structure • shortest information unit in CDMA
Chip 1/3.840.000 s » 260.4 ns
Time Slot 2560 chips • TDD: TS contains 1 Burst

• FDD: cyclic repetition of
TS control information (e.g. TPC)
2/3 ms
Frame f TS#0 ••• TS#i ••• TS#14 • TDD: TDMA frame

• FDD: shortest transmission duration
• TDD & FDD: shortest pattern
® data rate adaptation
10 ms
• TDD & FDD: Counting period for

Superframe f#1 ••• f#i ••• f#72 ® Def. Physical channels
® Handover to GSM
(GSM TCH Multiframe = 120 ms)
720 ms
Fig. 20
35
Siemens
Siemen
3.5 Summary – Key UTRA Parameters

l Both UTRA modes (FDD and TDD) require a bandwidth B = 5 MHz.
l Both modes have the same chip rate: Rc = 3.84 Mchip/s.
l Both modes use a spreading code consisting of a channelization code and
scrambling code for spreading user data.
l The spreading factors (SF) indicate the ratio between the user information
(symbol) and the number of chips used for spreading the symbol.
l SF's from 1 – 16 are used in the TDD mode, SF's from 4 – 256 (UL) or 4 – 512
(DL) in the FDD mode for varying the data rates.
l The TDD and FDD use the same timing structures:
l a timeslot (TS) has 2560 chips and a duration of 2/3 ms
l a frame has 15 TS's and a duration of 10 ms
l a superframe has 72 frames and a duration of 720 ms.
The main difference between the UTRA FDD and MDD modes is in the multiplex
methods used:
l The FDD mode uses pure DS-CDMA – i.e., broadband, continuous transmission
(minimum transmission duration: 1 frame = 10 ms).
l The TDD mode uses a hybrid solution of TDMA and DS-CDMA – i.e., broadband
but bursty transmission. The duration of a burst is one timeslot.
36
UTRA
Key Parameters
• bandwidth B = 5 MHz
• chiprate Rc = 3,84 Mchip/s
• SF = Rc / RS = 1 - 16 (TDD)
4 - 256/512 (FDD)
Spreading Code =
Channelisation Code x Scrambling Code
• 1 TS = 2/3 ms = 2560 chip
• 1 frame = 10 ms
• 1 Superframe = 72 frames
• TDD: bursty structure (TS)
• FDD: continuous transmission (³ 10 ms)
Fig. 21
37
4 MC-CDMA / UTRA / TD-SCDMA Comparison
UTRA Basics
GSM IS-95
Downward compatible/ Downward compatible/

Handover possible Handover possible
UTRA UTRA MC-CDMA

FDD TDD (FDD)
harmonisation
(chipsets possible for UTRA TDD, FDD & MC-CDMA mode)
IMT-2000
MC-CDMA / UTRA / TD-SCDMA
Comparison
Fig. 22
38
Siemens
MC-CDMA / UTRA comparison

UMTS as the 3G successor standard to GSM and MC-CDMA as the 3G successor
standard to IS-95 have been harmonized with each other as much as possible. The
harmonization is intended to facilitate the development of chipsets for UE that can
access these three major terrestrial IMT-2000 modes.
MC-CDMA is downward-compatible with IS-95 B. As in IS-95, the chip rate is
1.2288 Mchip/s and the carrier bandwidth is 1.25 MHz. However, n carriers (where
n = 1, 3, 6, 9, 12) can be commonly used for a user connection in DL transmissions.
The data is demultiplexed in this case on n carriers and can therefore be transmitted
simultaneously.
In contrast for UL, the DS-CDMA principle is used with a carrier transmission rate of
n x 1.2288 Mchip/s and a bandwidth of n x 1.25 MHz.
3 MC-CDMA carriers, including two guard bands, each 625 kHz wide, can be used in
a 5-MHz frequency band. Frequency bands that until now were used for 2G systems
can therefore be replaced in this way by MC-CDMA.
MC-CDMA uses the same modulation method as UTRA (QPSK).
Orthogonal Walsh codes of variable length (comparable to UTRA) are used as
channelization codes for spreading.
The result is finally superimposed with a PN sequence to distinguish it from
neighboring base stations. This PN sequence is identical to that used for IS-95. This
also represents a reason for the compatibility between IS-95 and MC-CDMA. One
sequence is sufficient to distinguish between the base stations in IS-95 and MC-
CDMA since both systems (Global Positioning System – GPS) have synchronized
networks. The offset of the PN sequence is used for clear distinction of the
neighboring base stations.
In contrast to this, UTRA FDD and TDD networks are, like GSM networks, not
synchronized. As a result, they are not dependent on other systems (e.g., GPS).
Consequently, different scrambling codes are needed to distinguish between
neighboring base stations.
39
MC-CDMA / UTRA
Carrier
MC-CDMA
Guard Band 1,25 MHz 1,25 MHz 1,25 MHz
625 kHz 625 kHz DL
Rc = n Carrier
1,2288 Mchip/s n = 1, 2, 3,
6, 9, 12
Rc = UL
Rc = 3,6864 Mchip/s n-fold
Rc = 2,4576 Mchip/s
1,2288 Mchip/s chip rate
1 2 3 4 5 MHz
DS-CDMA: UTRA TDD & FDD

Carrier
UL
&
Rc = DL
3,84 Mchip/s
1 2 3 4 5 MHz
Fig. 23
40
Siemens
Siemen
TD-SCDMA / LCR-TDD mode

From UMTS Release 4 on, a new RTT option, which has originally been developed
by the Chinese SDO CATT, is included into the UMTS standard: Time Division -
Synchronous CDMA. TD-SCDMA is included as a second TDD option with a lower
chip rate. Therefore, it is called Low Chip Rate TDD mode (LCR-TDD).
The key characteristics of LCR-TDD are:
l Bandwidth: 1.6 MHz
l Chip Rate: 1.28 Mchip/s
l Spreading Factor: 1, 2, 4, 8, 16
l Radio Frame Length: 10 ms, subdivided into two 5 ms sub-frames
l Time Slot: 0.675 ms duration; 7 TS per sub-frame
l Data Rate Variation: SF-variation; TS combining; change of modulation;
theoretically, a maximum of 2 Mbit/s can be supported
l Modulation: QPSK (Quadrature Phase Shift Keying) and 8PSK (8 Phase Shift
Keying)
These key parameters are taken from UMTS R'4 TS 25.223.
TD-SCDMA
TD-SCDMA =
UMTS R`4
Carrier Bandwidth 1.6 MHz Option
®LCR-TDD
Mode
Chip Rate 1.28 Mchps
Spreading Factors 1, 2, 4, 8, 16
10 ms
Radio Frame Length (divided into 2 sub-frames)
(each sub-frame 5 ms)
Timeslots 675 ms
Variable Data Rates supported
Modulation QPSK & 8PSK

R`4
R`4
TS
TS25.223
25.223
Fig. 24
41
Appendix
Appendix Siemens
Appendix
Contents
1 Appendix 1: References 23
2 Appendix 2: Abbreviations 45
1
Appendix Siemens
1 Appendix 1: References
Books:
l V.K.G. Garg, K.F. Smolik, J.E. Wilkes, „Applications of CDMA in Wireless/Personal
Communications“, Feher / Prentice Hall digital and wireless communications series
(1997) ISBN 0-13-572157-1
l A.J. Viterbi: „CDMA: Principles of Spread Spectrum for third Generation Mobile
Communication“ (1995), ISBN 0-201-63374-4
l T. Ojanperä, R. Prasad: „ Wideband CDMA for third Generation Mobile
Communication“, (1998) ISBN 0-89006-735-X
l R. Prasad, W. Mohr, W. Konhäuser, „Third Generation Mobile Communications
Systems, Artech House Publishers (2000) ISBN 1-58053-082-6
l H. Holma, A. Toskala, “WCDMA for UMTS”, John Wiley & Sons, Ltd. (2000); ISBN
0-471-72051-8
l T. Ojanperä, R. Prasad, "Wideband CDMA: Towards IP Mobility and Mobile
Internet", Artech House Publishers (2001) ISBN 1-58053-180-6
l J. Korhonen: "Introduction to 3G Mobile Communications", Artech House
Publishers (2001) ISBN 1-58053-287-X
l Heikki Kaaranen, Naghian Siamak, "UMTS Network: Architecture, Mobility and
Services", Wiley, (2001) ISBN 0-47148-654-X
Magazines:
l Funkschau
l Gateway
l Mobilcom
l pcmobil
l Mobile Computer
l Amtsblatt der „Regulierungsbehörde für Telekommunikation und Post“
l SMG News (ETSI)
2
Siemens
Appendix Appendix
Siemen
3G Internet addresses:
l http://www.3gpp.org
l http://www.3gip.org
l http://www.itu.int/imt
l http://www.etsi.org
l http://www.umts-forum.org
l http://www.gsmworld.com
l http://www.cdg.org
3
Appendix Siemens
2 Appendix 2: Abbreviations
Abbreviations used in this document or other documents according to the theme

UMTS.
AAL ATM Adaptation Layer

AC Authentication Center
ACCH Associated Control CHannel
ACE Antenna Coupling Equipment
ADC Analog to Digital Converter
AICH Acquisition Indication Channel
AMR Adaptive MultiRate speech
AMX ATM MultipleXer
AMPS Advanced Mobile Phone Services
ANSI American National Standards Institute (USA)
AP Application Part
ARFCN Absolute Radio Frequency Channel Number
ARIB Association of Radio Industries and Business (Japan)
ARQ Automatic Repeat reQuest
ASCI Advanced Speech Call Items
AUC AUthentication Center
4
Siemens
Appendix Appendix
Siemen
BA BCCH Allocation
BCC Base transceiver station Color Code
BCCH Broadcast Control CHannel
BCH Broadcast CHannel
BER Bit Error Rate
BMC Broadcast / Multicast Control
BPSK Binary Phase Shift Keying
BS Base Station
BSIC Base transceiver Station Identity Code
BSSAP Base Station System Application Part
BSSMAP Base Station System Management Application Part
BTS Base Transceiver Station
5
Appendix Siemens
CA Cell Allocation
CAMEL Customized Applications for Mobile network Enhanced Logic
CAP CAMEL Application Part
CATT China Academy of Telecommunication Technology (China)
CC Call Control
CC Country Code
CCCH Common Control Channel
CCH Control CHannel
CCITT Comité Consulatif International Téléphonique et Télégraphique
CCS7 Common Channel signaling System No. 7
CCU Channel Coding Unit
CDMA Code Division Multiple Access
CEPT Conference Europèene des Postes et Telecommunication
CI Cell Identity
CN Core Network
CP Call Processing
CPCH Common Packet Channel
CPICH Common Pilot Channel
CS Coding Scheme
CS Circuit Switched
CSCF Call State Control Function
CTCH Common Traffic Channel
CUG Closed User Group
6
Siemens
Appendix Siemen
Appendix
D-AMPS Digital AMPS

DCCH Dedicated Control Channel
DCH Dedicated Channel
DCS1800 Digital Cellular System in the 1800 MHz band
DECT Digital Enhanced Cordless Telephone
DL Down Link
DPCCH Dedicated Physical Control Channel
DPCH Dedicated Physical Channel
DPDCH Dedicated Physical Data Channel
DRNS Drift RNS
DRX Discontinuous Reception
DS-CDMA Direct Sequence CDMA
DSCH DL Shared Channel
DTAP Direct Transfer Application Part
DTCH Dedicated Traffic Channel
DTX Discontinuous Transmission
EFR Enhanced Full Rate speech

EIR Equipment Identification Register
ERC European Radiocommunication Committee
ERMES European Radio MEssage System
ESA European Space Agency
7
Appendix Siemens
FAC Final Assembly Code

FACCH Fast Associated Control CHannel
FACH Forward Access Channel
FB Frequency correction Burst
FCCH Frequency Correction CHannel
FDD Frequency Division Duplex
FDMA Frequency Division Multiple Access
FEC Forward Error Correction
FN Frame Number
FPLMTS Future Public Land Mobile Telecommunication System (
FR Frame Relay
FR Full Rate speech
FRAMES Future RAdio wideband MultiplE access Systems
GEO GEostationary Orbital

GMM Global Multimedia Mobility
GMPCS Global Mobile Personal Communication Systems
GMSC Gateway MSC
GMSK Gaussian Minimum Shift Keying
GP Guard Period
GPRS General Packet Radio Service
GPS Global Positioning System
GTP GPRS Tunneling Protocol
8
Siemens
Appendix Appendix
Siemen
HCR-CDMA High Chip Rate CDMA

HCS Hierarchical Cellular Structures
HEO High Elliptic Orbit
HO(V) HandOver
HPLMN Home PLMN
HSCSD High Speed Circuit Switched Data
HSS Home Subscriber Server
IAM Initial Address Message

ICO Intermediate Circular Orbits
ID IDentification
ID IDentity
IMT-2000 International Mobile Telecommunications-2000
IN Intelligent Network
Inmarsat INternational MARitime SATellite
IP Intelligent Peripheral
ISDN Integrated Services Digital Network
ISUP ISDN User Part
IWE InterWorking Equipment
IWF InterWorking Function
IWUP InterWorking User Part
9
Appendix Siemens
JD Joint Detection
JDC Japanese Digital Cellular
Kc cipher Key
Ki individual subscriber authentication Key
LA Location Area
LAI Location Area Identity
LAPDm Link Access Protocol on the Dm channel
LCR-CDMA Low Chip Rate CDMA
LEO Low Earth Orbital
LES Land Earth Station
LMT Local Maintenance Terminal
LR Location Register
10
Siemens
Appendix Appendix
Siemen
MAC Medium Access Control

MARISAT MARItime SATellite
MBS Mobile Broadband System
MCC Mobile Country Code
ME Mobile Equipment
MExE Mobile station application Execution Environment
MG Media Gateway
MGCF Media Gateway Control Function
MMI Man Machine Interface
MML Man Machine Language
MNC Mobile Network Code
MOC Mobile Originating Call
MP Main Processor
MS Mobile Station
MSC Mobile services Switching Center
MSISDN Mobile Station international ISDN number
MSP Multiple Subscriber Profile
MSRN Mobile Station Roaming Number
MSS Mobile Satellite Systems
MT Mobile Termination
MTC Mobile Termination Call
MUX MUltipleXer
11
Appendix Siemens
NB Normal Burst
NBAP Node B Application Part
NCC Network Color Code (PLMN color code)
NDC National Destination Code
NMT Nordic Mobile Telephone
NSS Network Switching Subsystem

OACSU Off Air Call Set Up
ODMA Opportunity Driven Multiple Access
OFDMA Orthogonal Frequency Division Multiple Access
OMC Operation & Maintenance Center
OMC-B Operation & Maintenance Center for BSS
OMC-S Operation & Maintenance center for SSS
OSS Operation SubSystem
OVSF Orthogonal Variable Spreading Factor codes
12
Siemens
Appendix Appendix
Siemen
PA Power Amplifier
PACS Personal Access Communication System
PC Power Control
PCCH Paging Control Channel
P-CCPCH Primary Common Control Physical Channel
PCH Paging Channel
PCPCH Physical Common Packet Channel
PDA Personal Data Assistant
PDC Personal Digital Cellular (Japan)
PDCP Packet Data Convergence Protocol
PDSCH Physical DL Shared Channel
PHS Personal Handy System (Japan)
PICH Page Indication Channel
PIN Personal Identification Number
PLMN Public Land Mobile Network
PMR Private Mobile Radio
PP Point-to-Point
PRACH Physical Random Access Channel
PSTN Public Switched Telephone Network
QOS Quality Of Service

QPSK Quaternary Phase Shift Keying
13
Appendix Siemens
RA Rate Adaptation
RACH Random Access CHannel
RANAP Radio Access Network Application Part
RAND RANDom number
REQ REQuest
RES RESponse
RF Radio Frequency
RFC Radio Frequency Channel
RFCH Radio Frequency CHannel
RFCN Radio Frequency Channel Number
RLC Radio Link Control
RNC Radio Network Controller
RNS Radio Network Subsystem
RNSAP Radio Network Subsystem Application Part
RRC Radio Resource Control
RRM Radio Resource Management
RSS Radio SubSystem
RX / Rx Receiver
14
Siemens
Appendix Siemen
Appendix
SACCH Slow Associated Control CHannel

SAP Service Access Point
SAPI Service Access Point Indicator
SB Synchronization Burst
S-CCPCH Secondary Common Control Channel
SCE Service Creation Environment
SCH Synchronization CHannel
SDCCH Stand- alone Dedicated Control CHannel
SF Spreading Factor)
SFH Slow Frequency Hopping
SGSN Service GPRS Support Node
SIM Subscriber Identity Module
SM Security Management
SMP Service Management Point
SMS Short Message Service
SN Subscriber Number
SN Switching Network
SP Signaling Point
SP Server Processor
SP Switching Point
SS Supplementary Services
SSF Service Switching Function
STP Signaling Transfer Point
SW Software
15
Appendix Siemens
T1 Standards Committee T1 Telecommunications

TA Terminal Adaptor
TACS Total Access Communication System
TB Tail Bit
TCAP Transaction CApability Part
TCH Traffic CHannel
TCP Transmission Control Protocol
TD-CDMA Time Division CDMA
TDD Time Division Duplex
TDMA Time Division Multiple Access
TS-SCDMA Time Division Synchronous CDMA
TE Terminal Equipment
TETRA TErrestrial Trunked Radio Access
THSS Time-Hopping Spread Spectrum
TIA Telecommunication Industry Association
TMN Telecommunication Management Network
TMSI Temporary Mobile Subscriber Identity
TRAU Transcoding and Rate Adaptation Unit
TRX TRansceiver
TS Tele Service
TS TimeSlot
TTA Telecommunications TechnologyAssociation (South Korea)
TTC Telecommunication Technology Committee (Japan)
TX / Tx Transmitter
16
Siemens
Appendix Siemen
Appendix
UDP User Datagram Protocol

UE User Equipment
UL UpLink
UMTS Universal Mobile Telecommunications System
UP User Part
USIM UMTS Subscriber Identity Module
UTRA UMTS Terrestrial Radio Access
UTRAN UMTS Terrestrial Radio Access Network
UWC-136 Universal Wireless Communication
VAD Voice Activity Detection

VLR Visited (visitor) Location Register
VMSC Visited MSC
VoIP Voice over Internet Protocol
VPLMN Visited PLMN

W-CDMA Wideband CDMA
17
Fast link dependent scheduling
methods
y Round Robin (RR)
y Cyclically assign the channel to users without taking channel
conditions into account
y Simple but poor performance
y Proportional Fair (PF)
y Assign the channel to the user with the best relative channel quality
y High throughput, fair
y Max C/I Ratio
y Assign the channel to the user with the best channel quality
y High system throughput but not fair
Fast hybrid ARQ
Fast hybrid ARQ schemes
y Chase combining : each retransmission is an identical copy

of the original transmission.
y Incremental Redundancy : each retransmission may add

new redundancy
Fast link dependent scheduling
HSDPA channel structure
HSDPA channel structure
y HS-DSCH - High-Speed Downlink Shared Channel:

y transport channel that carries the user data.
y HS-PDSCH - High-Speed Physical Downlink Shared Channel:
y physical downlink channel that carries the user data and layer 2 overhead bits over
the air interface.
y HS-SCCH - High-Speed Shared Control Channel (s):
y physical downlink channel that carries control information how to decode the
information on HS-PDSCH and which UE that shall decode it.
y HS-DPCCH - High-Speed Dedicated Physical Control Channel:
y physical uplink channel to send ACK/NAK reports and channel quality reports
y A-DCH (DPDCH+DPCCH) - Associated Dedicated Channel
uplink HS-DPCCH
y The uplink HS-DSCH-related physical-layer signaling

consists of:
y Acknowledgements for hybrid ARQ
y Channel Quality Indicator (CQI), i.e., information reflecting
the instantaneous downlink radio-channel conditions to assist
the Node B in the transport-format selection (fast link
adaptation) and the scheduling
Information carried on HS-DPCCH
y HS-DPCCH carries ACK/NAK and CQI from UE to RBS
y one HS-DPCCH for each user in the cell
y ACK/NAK
y single bit, repetition coded to 10 bits (1 slot)
y CQI (Channel Quality Indicator)
y 5 bits coded to 20 bits (2 slots)
y channel quality measurements based on CPICH
y reporting rate is configurable through RRC/NBAP signaling
y ACK/NAK and CQI can be repeated in multiple subframes
y controlled by RRC/NBAP signaling
y useful in soft handover scenarios
HS-DPCCH power control
y Important to secure good success rate of ACK/NAK and CQI

transmission while keeping UL interference under control
y ACK, NAK, CQI power offsets with relation to DPCCH set by RRC
signaling
y Two independent mechanisms:
1. Two sets of power offsets (ACK, NAK and CQI) are configured per
cell in RNC
y RNC reconfigures UE depending on number of RBS involved
y Configuration changed at cell change and possibly after active set update
2. RBS initiates update of ACK/NAK and CQI feedback cycles based
on CQI detection performance
Hybrid ARQ Processes
y One HARQ entity per user

y Each HARQ entity consist of up to 8 HARQ processes
y multiple HARQ processes allows continuous transmission to a single user
y separate reordering function needed to support in-order delivery
y (P2 correctly received before P1 in figure below)
A-DCH, Associated Dedicated
Channel
y One A-DCH per HSDPA enabled terminal in the cell

y A-DCH is mapped on physical channels DPDCH and
DPCCH
y A-DCH DL
y 3.4 kbps SRB (control signalling: RRC & NAS)
y A-DCH UL
y 384 kbps (or 64 kbps) DCH
y 3.4 kbps SRB (control signalling: RRC & NAS)
y UL data transmission
Dedicated Physical Control and Data
Channel (Uplink)
Dedicated Physical Control and Data
Channel
DPCCH/DPDCH (Downlink)
Transport Channels and Physical
Channels
Transport Channels and Physical
Channels
HSDPA – summary

Mobile Package 2010

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Mobile Package 2010

Hochgeladen von

Copyright:

Verfügbare Formate

TRAINING SECTOR

GENERAL DEPARTMENT FOR

- HSDPA for WCDMA

Sub-section identification Pages

This document consists of 196 pages.

History of Mobile Communications

Beginnings of Electronic Communications

History of Mobile Communications

Single Cell Systems

Single Cell Systems:

Innovations in Mobile Radio Communications

Cellular Mobile Radio Systems

Quantum Leap in Mobile Communications:

Single Cell Cellular

First Generation (1G) Cellular Mobile Radio Systems

First Generation Cellular Mobile Radio Systems

Country System Frequency range Introduced

Second Generation (2G) Cellular Mobile Radio Systems

Portable Mobile Equipment

2nd Quantum Leap:

Different Generations of Mobile Stations

Analog technology. Digital GSM technology.

Example: Mobile Subscriber in Germany

1994 GSM (Eplus)

Limits of the First Generation Mobile Radio Systems

The limits of existing analogue systems

The GSM History

Milestones of the GSM Standard

The GSM Technical Guideline

The GSM Recommendations

GSM Recommendation Series 01: General

12 Series; each max. 100 Rec.: Series 02: Service Aspects

Series 12: Operation & Maintenance

The Evolutionary Concept

GSM: Evolutionary Concept

Services Downward compatibility

1991 1995 1997 Year

Adaptations of the GSM Standard

GSM900 (GSM, E-GSM)

GSM-R GSM - Adaptations

PLMN - Public Land Mobile Network

3 Current Situation, Market & Trends

These different systems differ in:

Cordless Wireless Local Loop

Mobile Satellite Systems MSS

Mobile Satellite Systems MSS

The Mobile Market: Subscriber Trends 1980 - 2000

The introduction of the first generation (analog) cellular mobile communication

Trends & Outlook

Trends & Outlook

Mobile Trends Trend:

• improved service offering

Mobile Forecast (Europe)

all applications from

150' Mobile subscriber

50' mobile Multi Media:

The Third Generation (3G)

IMT-2000 (International Mobile Telecommunications 2000)

Private Mobile Radio PMR

different, incompatible standards for

UMTS - Universal Mobile Telecommunications System

UMTS - Universal Mobile Telecommunications System

Frequency range [MHz]