Beruflich Dokumente
Kultur Dokumente
Version:6.50.102
ZTE CORPORATION
NO. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright © 2013 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
Figures............................................................................................................. I
Tables ............................................................................................................ III
Glossary .........................................................................................................V
II
Intended Audience
Communication engineers
Chapter Summary
Chapter 1, Signaling Introduces the application scenarios of ZXUR 9000 GSM, the protocol
Protocols architecture and functional modules of signaling protocol.
Chapter 2, Service Describes the signaling procedure for speech services and packet
Signaling Procedure services.
1-1
1-2
1-3
The signaling protocols in the GSM system are divided based on the OSI reference model.
ZXUR 9000 GSM supports the CS services and the GPRS packet services that are
processed by different protocols. The protocols applied on relevant interfaces for the two
types of services are describes as follows.
1-4
The MM layer manages the subscriber database that includes the location data, and also
implements security management and the authentication.
Figure 1-5 The Protocol Architecture for E1 and IP Transmission in the PS-Domain
1-5
The layer implements the routing of the subscriber data and the control signaling
protocols in the GPRS backbone network.
4. Application Layer Protocols
The layer includes the File Transfer Protocol (FTP), the Trivial File Transfer Protocol
(TFTP), the Hypertext Transfer Protocol (HTTP), Telnet (remote login), and the
Simple Mail Transfer Protocol (SMTP). These bottom-layer applications implements
the routing and tracing of data transmission, and the physical transmission of data.
1-6
1.3.2 LAPDm
The Link Access Procedure on the Dm Channel (LapDm) is a data link procedure for the
transmission of signaling between the MS and BTS. The purpose of LAPDm is to use the
Dm channel to transmit messages for entities in Layer 3 via the radio interface. LAPDm
is based on LAPD, with some simplification and modification. The Dm channel provides a
point-to-point data link connection and multiple services for the upper layer. The data link
connection is identified by the data link connection identifier (DLCI) in individual frames.
DLCI only contains the SAPI part, representing what service is accessed.
1.3.3 MTP2
The main purpose of the Message Transfer Part (MTP) is to provide reliable signaling
message transmission, making corresponding responses upon failures in the system or
the signaling network, and taking measures to avoid or reduce message lost, repetition,
or sequence disorder.
Message Transfer Part - layer 2 (MTP2) specifies the functions and procedures for
transmitting signaling to the data link. The MTP2 and MTP1 work together to ensure the
reliable transmission of signaling between two directly connected signaling points.
In long-distance transmission, error codes might exist in the data link between neighboring
signaling points. However, the CCS7 signaling message coding does not allows any error.
The function of the MTP2 is to ensure no error transmission when error codes exist in the
MTP1.
1-7
1.3.4 MTP3
The function of Message Transfer Part-layer 3 (MTP3) is to ensure reliable transmission
of the subscriber part of the message by controlling the routing and performance of the
signaling network whether the network is in normal status or not. The functions of the
signaling network include two parts: message signal processing and signaling network
management.
l Message Routing
Message Routing (MRT) implements the selection of routing. This function uses the
information contained in the routing flag to select a signaling link for the signaling
message, thus ensuring that the message can be transmitted to the destination
signaling point. The information in the routing flag includes the Destination signaling
Point Code and the Signaling Link Selection (SLS).
l Message Discrimination
The function of Message Discrimination (MDC) is to receive the message sent from
the MTP2 and decide whether the message destination is right. If the destination is
right, the MDC transmits the message to the Message Distribution (MDT) part. If the
destination is wrong, the MDC transmits the message to the MRT part.
l Message Distribution
1-8
The function of Message Distribution (MDT) is to distribute the messages sent from the
MDC part to the user part, signaling management network, and the test/maintenance
part.
1.3.5 RR
The RR layer includes the rules for managing the transmission at the radio interface, and
provides stable links between the MS and MSC.
Functions of RR
The main purpose of the RR layer is to manage the transmission between the MS and
MSC, establishing the transmission and signaling path between them.
The BSS implements the majority of the RR functions, including the radio interface, the
Abis interface, and the A interface. Other functional modules relate to the No.7 signaling
interface.
Cell selection/reselection and handover are all functions in the RR layer.
1.3.6 BTSM
The function of BSTM is to support measurement report handling and the distribution of
transmission path by using the LAPD protocol.
Functions of BTSM
1. Radio Link Layer Management
The radio link management sublayer messages are used by the BSC to control the
LAPDm links. Most Layer-3 signaling at the radio interface are transmitted through
this sublayer.
2. Dedicated Channel Management
The sublayer of dedicated channel management manages and distributes dedicated
channels, including such functions as channel activation, channel release, ciphering,
and mode shifting.
3. Common Channel Management
The common channel management information group manages and distributes
common channels. The sublayer manages the channel release, paging messages,
BCCH system messages, and the Immediate Assign Command messages.
4. TRX Management
1-9
The function of the REXM sublayer is to manage the radio transceiver. The messages
of this layer are transmitted only between the BSC and BTS.
1.3.7 SCCP
The Signal Connect Control Part (SCCP) is a supplementary functional module to the
user part, providing additional functions for the MTP. SCCP provides connection-based
and no-connection data services. SCCP is combined with the MTP3 to provide relatively
complete and reliable network layer functions for the information exchanges in any form.
Functions of SCCP
SCCP provides two categories of network layer services: no-connection service and
connection-based service.
In no-connection services, the subscriber does not establish the signaling connection
beforehand, and uses the routing of the SCCP and MTP to transmit data in the signaling
network. No-connection services are suitable for transmitting small amount of data.
In connection-based services, the signaling connection is established beforehand, so that
the data is transmitted directly through the signaling connection without the routing of the
SCCP. The connection-based services are suitable for transmitting large amount of data,
and can effectively reduce the delay for batch bata transmission.
SCCP can implement routing and network management. The routing of the SCCP is
implemented by addressing based on the information of Destination signaling Point Code
(DPC), Subsystem Number (SSN), and Global Title (GT). DPC is the destination signaling
point code used by the MTP, SSN is used to identify different SCCP subscribers of the
same node.
The network management of the SCCP implements the management of signaling point
state and subsystem state, switch between active and standby systems, broadcast of state
information, and the test of subsystem state. SCCP management (SCMG) maintains the
network functions by rerouting or controlling the traffic when network faults or congestions
occur.
1.3.8 BSSAP
The Base Station Application Part (BSSAP) consists of two parts: the Base Station
Management Application Part (BSSMAP) and the Direct Transfer Application Part (DTAP).
Functions of BSSAP
l The BSSMAP protocol supports the call-related or resource management processes
that requires the explanation and handling of the BSS. Some BSSMAP processes can
trigger the processes or the results triggered by the processes of the RR layer.
BSSMAP messages include no-connection and connection-based messages.
1-10
1.3.9 MAC
Media Access Control (MAC) is a link-layer protocol that controls the signaling access
process on the radio channel and maps the LLC frames to the GSM channel.
Functions of MAC
l Providing effective multiplexing for control signaling and data in the uplink and
downlink. This is controlled by the network side. In the downlink, multiplexing control
uses a plan, while in the uplink, the multiplexing control uses media arrangement (the
responses to the requests by the server) for a single subscriber.
l Solving channel collision caused by MS-originated channel access requests, including
collision detection and restoration.
l Arranging access trials for MS-terminated channel access, including the queuing of
packet access.
1-11
l Handling priority.
1.3.10 RLC
Radio Link Control is a protocol in the link layer and network layer. The protocol provides
reliable links related to radio solutions.
Functions of RLC
l Transmitting LLC-PDU with interface primitives between the LLC and MAC.
l Segmenting LLC-PDU to reassemble into RLC data units. The Backward Error
Correction (BEC) process can selectively retransmit unrecoverable codes by using
the selective ARQ protocol. The ARQ protocol is the error correction by detection
and repetition.
1.3.11 BSSGP
In the BSS, BSSGP serves as the interface between the LLC frame and the RLC/MAC unit.
In the SGSN, the BSSGP is also an interface between the RLC/MAC and the LLC frame.
The interface uses the information contained in the RLC/MAC. The BSSGP between the
SGSN and BSS has one-to-one relation, that is, if one SGSN is to process multiple BSSs,
the SGSN must have a BSSGP to each BSS.
Functions of BSSGP
The main purpose of BSSGP (BSS GPRS Protocol) is to provide radio-side data, QoS and
routing information to meet the requirements for transmitting subscriber data between the
BSS and SGSN.
1. Providing a no-connection link between the SGSN and BSS.
2. Transmitting unacknowledged data between the SGSN and BSS.
3. Providing bi-directional control over the data flow between the SGSN and BSS.
4. Handling call requests sent from the SGSN to the BSS.
5. Supporting message updating in the BSS.
6. Supporting multi-layer links between the SGSN and the BSS.
1-12
Location update
Intra-cell handover
Inter-cell handover
Inter-BSC handover
Inter-MSC handover
2-1
Cell Selection
After the MS is powered on, it attempts to contact the PLMN. In this attempt, the MS selects
a proper cell, and gets the control channel parameters and other system messages. This
process is called "cell selection".
The selection of a proper cell depends on many factors, such as whether the cell is in the
selected network (in manual selection mode), whether access to the cell is forbidden, the
cell priority, whether the access level of the MS is forbidden by the cell, and whether radio
channel quality can meet the communication requirements. Of the factors, the quality of the
radio channel is important for cell selection. The GSM specifications include a parameter
C1, called path loss. A proper cell indicates that C1 of that cell must be above zero (C >
0). C1 is calculated with the following formula.
C1=RXLEV-RXLEV ACCESS MIN-Max(MS TXPWR MAX CCH-P,0)
RXLEV: the average level received.
RXLEV ACCESS MIN: minimum access level allowed for the MS.
MS TXPWR MAX CCH: maximum transmission power of the control channel.
P: maximum output power of the MS.
If X>=Y, MAX(X,Y) = X
If X<=Y, MAX(X,Y) = Y
The parameters for calculating C1 are all broadcast in the system messages.
Cell Reselection
After the mobile station selects a cell, it will reside in the selected cell if there are no big
changes in conditions. At the same time, it begins to measure the signal level of the
BCCH carrier of neighboring cells, recording the six neighboring cells with the highest
2-2
signal levels. Next, the MS extracts the system messages and control information from
each of these six cells. When certain conditions prevail, the MS will move to another cell
from the current cell. This process is called cell reselection.
The reselection also considers multiple conditions, including whether the access to a cell
is forbidden. The most important factor, however, is also the strength of the radio signal.
The cell reselection uses C2 as the channel quality parameter, which is calculated with the
following formula:
If PENALTY TIME does not equal to 11111, C2=C1+CELL RESELECT OFFSET –
TEMPORARY OFFSET×H(PENALTY TIME-T)
If PENALTY TIME=11111, C2=C1-CELL RESELECT OFFSET
In the formula,
If X<0, H(X) = 0;
If X>=0, H(X) = 1.
T is a timer, whose initial value is 0. When a cell is recorded in a table as one of the six
cells with the largest signal levels, the counter in the cell begins to calculate, whose value
is accurate to one TDMA frame (about 4.62ms). When the cell is removed from the table
of six cells, the corresponding counter is reset.
CELL RESELECT OFFSET is used to manually correct the cell reselection parameter C2.
TEMPORARY OFFSET is used to provide a negative offset for C2 from the time when the
counter begins to calculate to the time when T reaches PENALTY TIME.
PENALTY TIME is the duration when TEMPORARY OFFSET is used to calculate C2.
However, the value 11111 for the parameter PENALTY TIME indicates the change in the
relation of CELL RESELECT OFFSET to C2.
CELL RESELECT OFFSET, TEMPORARY OFFSET, and PENALTY TIME are cell
reselection parameters. If PI (indication of cell reselection parameter) equals 1, the three
parameters are broadcast on the BCCH of a cell. If PI=0, the MS considers the three
parameters as 0, and that C2=C1.
If via calculation, the MS finds that the C2 of a neighboring cell (in the same location area
with the current cell) exceeds that value of the current cell, and that the situation remains
more than five seconds, the MS will start cell reselection to enter the cell with higher C2.
If via calculation, the MS finds that the C2 of a non-neighboring cell (not in the same
location area with the current cell) exceeds the sum of C2 of the current cell and CELL
RESELECTION HYSTERESIS, and that the situation remains more than five seconds,
the MS will start cell reselection to enter the cell with higher C2. It is worth noting that the
cell reselection caused by C2 comparison must wait an interval of at least 15 seconds to
avoid too frequent reselection of the MS.
2-3
MS concerns all cells in the location area. The concept location area is used to reduce
the system loads, because when the capacity of an MSC is too high, it is impossible to
send paging messages in all cells controlled by the MSC. When an MS moves from one
location area to another, it must register to the system, so that the network can send paging
messages to the MS.
Signaling Procedure
The location update of an MS occurs in the idle status and in the following three cases:
l The MS is powered on.
l The MS roams to a new location area.
l The periodical location updating timer T3212 times out.
Figure 2-1 illustrates the location update procedure.
1. Channel Request
The MS requests a channel from a BTS by dynamically sending a random access pulse
on the Random Access Channel (RACH). The channel request message includes the
reason for establishing a channel. The reason can be "paging response", "emergency
call", "other services (mobile originated call, short message service)", and "others"
(such as “location area update”). The message also includes a random parameter,
2-4
which is a 5-bit message randomly selected by the MS. These parameters can be
used by the network to discriminate between two MSs that access to the network
simultaneously. This is the function of the parameters.
2. Channel Required
The BTS sends a channel requirement message to the BSC about the channel request
by the MS. This message (Channel Required) includes not only the information in the
channel request message, but also the messages added by the BTS. The BTS keeps
calculating the number of channels, so that the number of uplink CCCH (RACH-pulse)
is also counted. The parameters are directly taken from the channel request message.
In this way, the BTS adds the initial timing advance (access delay) to this message.
3. Channel Activation
The BSC sends a channel activation message to the BTS. After receiving the channel
requirement message sent from the BTS, the BSC begins to find and distribute the
Separate Dedicated Control Channel (SDCCH). The most important for the BSC is
to distribute a proper BTS and a channel combination including the SDCCH to the
MS. The parameters included in the channel activation message are: DTX control,
channel identification (ID), channel description and mobile distribution, the maximum
power level for the MS and the BTS, the initial timing advance (related to the access)
calculated by the BSC.
4. Channel Activation ACK
Response to the channel activation message. After receiving this message, the
BTS begins to transmit and receive the Slow Assisted Control Channel (SACCH).
The parameter included in the message is the power level of the channel activation
message received by the BTS.
5. Immediate Assignment Command
The BSC informs the BTS about the SDCCH to be used.
6. Immediate Assignment
The Base Station Subsystem (BSS) notifies the MS via the Access Granted Channel
(AGCH) about the usage of the SDCCH. The message is actually a command sent
from the network to the MS. The command is sent to take effect from the AGCH to
the predefined SDCCH. The parameters included in the message are: paging mode,
SDCCH description, associated SACCH, frequency hopping, request parameter (the
same as the establishment reason), initial timing advance, and frequency distribution
(hopping application).
7. Set Asynchronous Balanced Mode (SABM) - Location Update Request
The MS sends the location update request to the network.
8. Unnumbered Acknowledgement (UA)
The unnumbered acknowledgement is implemented in layer-2 when the LAPDm link
is established.
9. Establish Indication (for location update)
2-5
The BTS returns this message (Establish Indication) to acknowledge the immediate
assignment command. The Establish Indication message has two functions. First,
the message indicates from the perspective of the BTS that the MS is currently on the
SDCCH. The BTS thus sends a message to the BSC, indicating that the CM service
requested by the MS is being transmitted on the SDCCH. Second, while identifying
the connection, the BTS add the received layer-3 message to this message.
10. Location Update Request - Connect Request
The location update request is sent to the MSC as a connection request (CR).
11. Connect Confirm
12. Identity Request
This is an identification process that checks the International Mobile Equipment
Identifier (IMEI). The Equipment Identification Register (EIR) sends the request to
control the hardware of the MS. Usually this check is not implemented every time
a call is established. As a typical setting (set in the Visitor Location Register), the
check of the IMEI is performed every 20 times a call is established. The network also
requires the International Mobile Subscriber Identifier (IMSI) to prevent the MS from
losing contact from the network. For example, if the Temporary Mobile Subscriber
Identity (TMSI) of a mobile station is lost in the network, when the MS attempts to start
a call by using the TMSI, the network cannot identify the subscriber but by inquring
the MS. The identification request is sent as a CC (Connection Confirm) message.
13. Identity Response
The MS responses to the identity request by sending a message including the mobile
identity.
14. Authentication Request
The Mobile Switching Center (MSC) sends an authentication request message to the
BSC as connection confirm (CC), including RAND.
15. Authentication Response
The MS returns the Signed Response to the authentication request. The
authentication response is sent to the BSC via the BTS.
The MS authentication uses two algorithms: A3 and A8. The algorithms and 32-digit
key are stored in the SIM card. When the network requests for the authentication
of the MS, the AUC/VLR sents a 32-digit random decimal number to the MS. The
MS then calculates the Signed Response (SRES), and returns the response to the
VLR. VLR then compares the received SRES with the one previously received from
the authentication group of the Authentication Center (AUC). If the two SRESs is the
same, the authentication succeeds. Then the MS can resume the call.
2-6
the A interface. If the network implements ciphering, the MS begins ciphering upon
receiving this message.
17. Ciphering Mode Command
The BSC stores the ciphering message to its memory, and sends a ciphering command
to the BTS to start the ciphering mode operation.
18. Ciphering Mode Command
The GSM system notifies the MS to start ciphering, and that the system is ready to
receive the ciphered messages.
19. Ciphering Mode Complete
The MS confirms the ciphering command.
20. Ciphering Mode Complete
During the ciphering process, this is the first ciphered message at the air interface.
The GSM system confirms the ciphering command, and notifies the MSC that the MS
starts ciphering and sending messages in ciphering mode.
21. Location Update Accepted
The MSC sends the Location Update Accepted message to the MS to indicate that the
update is finished.
22. TMSI Reallocation Complete
After receiving the TMSI Reallocation Complete message, the MS stores the Location
Area Identifier (LAI) to the SIM card. If the received identification is the IMSI, the MS
deletes the TMSI that is stored previously. If the received identification is the TMSI,
the MS stores it to the SIM card. In the two cases, the MS sends a TMSI Reallocation
Complete message to the network.
23. Clear Command
The MSC sends the message to release all relevant resources, which is the GSMAP
related to the call.
24. Channel Release
Stops the action of the Traffic Channel (TCH) in use. The message is sent from the
BSC to the MS. Another name of the message is "layer-3 disconnection message". If
the call is normally established, the calling reason is "normal".
25. Deactivate SACCH
The BSC sends the message in the downlink to indicate that the BSC stops sending
system messages to the MS. At this moment, it is not necessary to transmit/receive
any message on the SACCH, so deactivation is required.
26. DISC (SDCCH)
The MS sends the layer-2 frame to clear the uplink connection, and notifies the BTS
to stop the service connection on the TCH/FACCH.
27. UA (SDCCH)
2-7
The BTS confirms the removal of the frame. After that, the MS starts to monitor the
BCCH, and releases all radio interfaces.
28. Release Indication
The BTS notifies the BSC to release radio resources.
29. RF Channel Release
The BSC notifies the BTS to release the remaining radio resources.
30. RF Channel Release Ack
After all free radio resources have been released, the BTS sends a message to the
BSC. The released resources include the TCH/FACCH and SACCH.
31. Clear Complete
The acknowledgement is the SCCP data (clear command). The BSC notifies the MSC
that all radio resources related to the call have been released.
32. SCCP Release
After all radio resources are released, the GSMAP related to the call is not necessary.
The message is sent as the RLSD message, notifying the BSC to release the SCCP
connection.
33. SCCP Release Ack
The BSC notifies the MSC in an RLC message that the dedicated SCCP connection
related to the call is released.
Signaling Procedure
The mobile-originated call procedure is illustrated in Figure 2-2.
2-8
1. Channel Request
The MS requests a channel from a BTS by dynamically sending a random access pulse
on the Random Access Channel (RACH). The channel request message includes the
reason for establishing a channel. The reason can be "paging response", "emergency
call", "mobile originated call", "short message service", and "others" (such as "location
area update"). The message also includes a random parameter, which is a 5-bit
message randomly selected by the MS. These parameters can be used by the network
2-9
to discriminate between two MSs that access to the network simultaneously. This is
the function of the parameters.
2. Channel Required
The BTS sends a channel requirement message to the BSC. The BTS sends this
message to the BSC about the Channel Request started by the MS. This message
(Channel Required) includes not only the information in the channel request message,
but also the messages added by the BTS. The channel request parameters are taken
directly from the Channel Request message. Besides, the BTS adds the initial timing
advance (access delay) to the message.
3. Channel Activation
After receiving the channel requirement message sent from the BTS, the BSC begins
to find and allocate the Separate Dedicated Control Channel (SDCCH). At the same
time, the BSC sends a channel activation message to the BTS. The most important
in the activation message are the allocated BTS and a channel combination including
the SDCCH. The parameters included in the channel activation message are: DTX
control, channel identification (ID), channel description and mobile distribution, the
maximum power level for the MS and the BTS, the initial timing advance (related to
the access) calculated by the BSC.
4. Channel Activation ACK
The message is a response to the channel activation message. After the BTS receives
the message, it begins to transmit and receive messages on the Slow Associated
Control Channel (SACCH).
5. Immediate Assignment Command
The BSC informs the BTS about the SDCCH to be used.
6. Immediate Assignment
The Base Station Subsystem (BSS) notifies the MS via the Access Granted Channel
(AGCH) about the usage of the SDCCH. The message is actually a command sent
from the network to the MS. The command is sent to take effect from the AGCH to
the predifined SDCCH. The parameters included in the message are: paging mode,
SDCCH description, associated SACCH, frequency hopping, request parameter (the
same as the establishment reason), initial timing advance, and frequency distribution
(hopping application).
7. CM Service Request (SDCCH)
The MS sends the CM Service Request to the network to request a service for the
entities from the connection management sublayer. The services might include the
establishment of the CS connection, auxiliary service activation, or short message
transmission.
8. CM Service Request Establishment Indication
The BTS acknowledges the immediate assignment command via the returned
establishment indication message. The establishment indication message has two
2-10
functions. First, the message indicates from the perspective of the BTS that the MS is
currently on the SDCCH. The BTS thus sends a message to the BSC, indicating that
the CM service requested by the MS is being transmitted on the SDCCH. Second,
while identifying the connection, the BTS add the received layer-3 message to this
message.
9. CM Service Request
This CM request message is sent to the Mobile Switching Center (MSC).
10. UA (SDCCH)
The unnumbered acknowledgement is implemented in layer-2 when the LAPDm link
is established.
11. Connect Confirm
12. Authentication Request
The Mobile Switching Center (MSC) sends an authentication request message to the
BSC as connection confirm (CC), including RAND.
13. Authentication Response
The MS returns the Signed Response (SRES) to the authentication request. The
authentication reponse is sent to the BSC via the BTS.
The MS authentication uses two algorithms: A3 and A8. The algorithms and a 32-digit
key are stored in the SIM card. When the network requests for the authentication of
the MS, the AUC/VLR sents a random 32-digit decimal number to the MS. The MS
then calculates the Signed Response (SRES), and returns the response to the VLR.
VLR then compares the received SRES with the one previously received from the
authentication group of the Authentication Center (AUC). If the two SRESs are the
same, the authentication succeeds. Then the MS can resume the call.
The first 8 digits of the KI are used for the authentication and the SRES algorithm,
while the remaining 24 digits are reserved for the key algorithm.
14. Ciphering Mode Command
The MSC requires the BSC to start ciphering from the wireless channel. If the network
attempts to start ciphering from the radio interface, it needs to send messages from
the A interface. If the network implements ciphering, the MS begins ciphering upon
receiving this message.
15. Ciphering Mode Command
The BSC stores the ciphering message to its memory, and sends a ciphering command
to the BTS to start the ciphering mode.
16. Ciphering Mode Command (SDCCH)
The BTS informs the MS about the ciphered random number to start ciphering.
17. Ciphering Mode Complete (SDCCH)
2-11
2-12
The BTS returns the current TDMA frame number, and activates the TCH via the Abis
interface.
26. Assignment Command
The BTS sends the received message further to the MS. The contents of the message
include: channel description, power level, cell channel description, channel mode (full
rate/half rate), and mobile frequency point list.
27. SABM (Set Asynchronous Balanced Mode)
The message mainly includes some layer-2 messages. SABM is used to set up a
layer-2 connection.
28. Establish Indication
The establishment indication message has two functions. First, the application of
establishment indication message informs the BTS that the MS is currently on the
FACCH. The BTS thus sends a message to the BSC, indicating the channel usage by
the MS. Second, the BTS identifies the active signaling channel, and adds the layer-3
messages sent from the MS to the establishment indication message.
29. Unnumbered Acknowledgement (UA)
The unnumbered acknowledgement is implemented in layer-2 when the LAPDm link
is established.
30. Assignment Complete (FACCH)
The MS sends this message to the network to indicate that it has successfully set up
the active signaling channel.
31. BSC Confirm
The GSM system confirms that the MSC has acquired a channel.
32. RF Channel Release
When the MS notifies the network that it has occupied the traffic channel (TCH), the
Standalone Dedicated Control Channel (SDCCH) is not necessary to be occupied.
The channel release program releases the SDCCH.
33. RF Channel Release ACK
The BTS acknowledges the message of RF channel release.
34. Alerting
The MSC sends an alerting message to the MS.
35. Connect
The MSC sends a message to the MS via the BSC to indicate that the network
connection has been established.
36. Connect Ack
The MS sends this message to the MSC to indicate that the MS is in "active" state.
37. Measurement Report (SACCH)
2-13
After the active signaling channel is established, the MS sends the measurement
report about the voice quality every two seconds.
38. Measurement Report
If the measurement reports have been preprocessed in the BTS, the measurement
results are sent to the BSC. If the reports have not been preprocessed, the reports are
sent directly to the BSC.
39. Disconnect
The MS sends the connection removal message. The message contents are:
removing the terminal-to-terminal connection. The message will stop charging the
connected call.
40. Release
The MSC starts the actual release to stop the call.
41. Release Complete
The MS notifies the network that it will release the processing ID, indicating that release
is in process.
42. Clear Command
The MSC sends the message to release all relevant resources, which is the GSMAP
related to the call.
43. Channel Release
The message stops the action of the active Traffic Channel (TCH). The message is
sent from the BSC to the MS. Another name of the message is "layer-3 disconnection
message". If the call is normally established, the calling reason is "normal".
44. Deactivate Slow Associated Control Channel (SACCH)
The BSC sends the message in the downlink to indicate that the BSC stops sending
system messages to the MS. At this moment, it is not necessary to transceive any
message on the SACCH, so deactivation is required.
45. DISC (Disconnect)
The MS sends the layer-2 frame to remove the uplink connection, and notifies the BTS
to stop the service connection on the TCH/FACCH.
46. UA
The BTS confirms the removal of the frame. After that, the MS restarts to monitor the
BCCH, and releases all radio interfaces.
47. Release Indication
The BTS notifies the BSC that the MS does not have to many radio resources available.
48. RF Channel Release
The BSC notifies the BTS to release the remaining radio resources.
49. RF Channel Release Ack
2-14
After all free radio resources have been released, the BTS sends a message to the
BSC. The released resources include the TCH/FACCH and SACCH.
50. Clear Complete
The acknowledgement message is the SCCP data (clear command). The BSC notifies
the MSC that all radio resources related to the call have been released.
51. SCCP Release
After all radio resources are released, the GSMAP related to the call is not necessary.
The message is sent as the RLSD message, notifying the BSC to release the SCCP
connection.
52. SCCP Release Ack
The BSC notifies the MSC in an RLC message that the dedicated SCCP connection
related to the call is released.
Authentication
The authentication message is sent from the MSC to the MS. The BSC directly sends the
message without any processing. The authentication process is illustrated in the signaling
procedure of location update, specifically in the transparent transmission of authentication
request between the MSC and MS, and in the Authentication Response message.
The GSM system uses three algorithms for authentication and ciphering, including A3, A5,
and A8. A3 is used for authentication, while A8 for generating keys, and A5 for ciphering.
A3 and A8 are in the SIM card and authentication center (AUC), while A5 is in the MS and
BTS.
The mobile subscribers have been created in the AUC before the operator uses the security
functions. Following is the information required for creating users:
1. The International Mobile Station Identity (IMSI)
2. Subscriber's Ki
3. The algorithm version
The same information is also stored in the SIM card of the subscriber. Ths basic principle of
the security functionality in the GSM system is to compare the data in the network and those
stored in the SIM card. The International Mobile Subscriber Identity (IMSI) is the only ID for
a mobile subscriber, while Ki is an authentication key that is a 32-digit hexadecimal number.
The algorithms A3 and A8 use these numbers as the basic parameters for authentication.
The authentication center (AUC) can generate the information used for security purpose
during transaction. The information is called authentication data set.
The authentication data set consists of three numbers
1. RAND: a random number.
2. SRES: Signed Response is the result produced by the algorithm A3 based on certain
source information.
3. KC: KC is the ciphering key produced by the algorithm A8 based on certain source
information.
2-15
The three numbers in the authentication data set are interrelated, that is, a certain RAND
and KC can produce a certain SRES and a KC by certain algorithm.
When the Visitor Location Register (VLR) has the three-number data set, it can start the
authentication of the mobile subscriber. The VLR sends the RAND to the SIM card via
the BSS. The SIM has the same algorithm with the network in producing the data set.
Therefore, after receiving the RAND, the SIM should produce the same SRES with that
produced in the network. If the SRES calculated and sent by the MS is the same as the
SRES in the MSC/VLR, the authentication succeeds.
The function of authentication is to protect the network and avoid illegal use. Meanwhile,
authentication protects the mobile subscribers in the GSM system by rejecting the
"invasion" of fake subscribers. When a mobile subscriber switches on to request access
to the network, the MSC/VLR sends the RAND in the three-parameter data set to the
subscriber. The SIM card then calculates the SRES with the authentication Ki and the
received RAND by using the A3 algorithm, and sends the SRES to the MSC/VLR. The
VLR then checks whether the SRES calculated by the SIM card is the same as the SRES
in the data set of the VLR. If the two SRESs match, the subscriber is allowed to access
the network. Otherwise, the access request is rejected.
The authentication is required before registration, call establishment attempt, location
update, and before the activation, deactivation, registration and deletion of supplementary
services.
Encryption
The encryption process involves the BSC, which receives the encrypted message CIPH
MODE CMD sent from the MSC via the A interface. Next, the BSC sends the message to
the MS via the BTS. The MS then implements encryption and returns the message to the
BTS, which sends the CIPH MODE COM message to the BSC. Lastly, the BSC sends the
encrypted message to the MSC.
In the GSM system, encryption is implemented on the wireless path, that is, the
information transceived between the BTS and the MS is encrypted to avoid being
intercepted or monitored by illegal individuals or groups. In the authentication process,
besides calculating the SRES, the subscriber side also produces the ciphering key (KC)
by using the algorithm A8. Upon receiving the ciphering command sent by the MSC/VLR,
the BTS and MS sides both start using the KC. At the MS side, the KC, TDMA frame
number, and ciphering command M are used together based on the A5 algorithm in
ciphering the data flow of subscriber information. The encrypted information, also called
the scrambling code, is transmitted on the wireless path. At the BTS side, the encrypted
data flow sent from the radio channel, the KC and TDMA frame number are used based
on the A5 algorithm to decipher the information and send it to the BSC and MSC.
All voice, data, and all related subscriber parameters must be encrypted.
2-16
Signaling Procedure
The mobile-terminated call procedure is illustrated in Figure 2-3.
2-17
1. Paging
2-18
The MSC sends a paging message that can search for the called MS within the paging
range. The paging message includes four pieces of message: message type, the
IMSI, the TMSI, and cell identification table. If a TMSI is registered, it has the priority.
If for security reasons, the only TMSI available in the network is the IMSI, the number
will be sent to the BSC as a unit data message (UDT).
2. Paging Command
The network might include at least three different types of BCCH-TRX-radio time slot
configuration, so that the logical paging channel (PCH) can have at least three different
locations. As a result, the BSC keeps calculating the paging groups. The calculating
result indicates the radio slot where the BTS can send the paging request to the MS.
If the BSC receives the TMSI or IMSI at the same time, it uses the TMSI in sending
the paging message.
3. Paging Request
The BSC sends the paging message on the paging channel (PCH).
4. Channel Request
The MS requests a channel from a BTS by dynamically sending a random access pulse
on the Random Access Channel (RACH). The channel request message includes the
reason for establishing a channel. The reason can be "paging response", "emergency
call", "mobile originated call", "short message service", and "others" (such as "location
area update"). The message also includes a random parameter, which is a 5-bit
message randomly selected by the MS. These parameters can be used by the network
to discriminate between two MSs that access to the network simultaneously. This is
the function of the parameters.
5. Channel Required
The BTS sends a channel requirement message to the BSC. The BTS sends this
message to the BSC about the Channel Request started by the MS. This message
(Channel Required) includes not only the information in the channel request message,
but also the messages added by the BTS. The channel request parameters are taken
directly from the Channel Request message. Besides, the BTS adds the initial timing
advance (access delay) to the message.
6. Channel Activation
After receiving the channel requirement message sent from the BTS, the BSC begins
to find and allocate the Separate Dedicated Control Channel (SDCCH) according to
certain conditions. At the same time, the BSC sends a channel activation message to
the BTS. The most important in the activation message are the allocated BTS and a
channel combination including the SDCCH. The parameters included in the channel
activation message are: DTX control, channel identification (ID), channel description
and mobile distribution, the maximum power level for the MS and the BTS, the initial
timing advance (related to the access) calculated by the BSC.
7. Channel Activation ACK
2-19
The message is a response to the channel activation message. After the BTS receives
the message, it begins to transmit and receive messages on the Slow Associated
Control Channel (SACCH).
8. Immediate Assignment Command
The BSC informs the BTS about the Standalone Dedicated Control Channel (SDCCH)
to be used.
9. Immediate Assignment
The Base Station Subsystem (BSS) notifies the MS via the Access Granted Channel
(AGCH) about the usage of the SDCCH. The message is actually a command sent
from the network to the MS. The command is sent to take effect from the AGCH to
the predifined SDCCH. The parameters included in the message are: paging mode,
SDCCH description, associated SACCH, frequency hopping, request parameter (the
same as the establishment reason), initial timing advance, and frequency distribution
(hopping application).
10. SABM Paging Response
The MS responds to the paging on the SDCCH.
11. Paging Response (Establish Indication)
The BTS acknowledges the immediate assignment command via the returned
message (Establish Indication). The establishment indication message has two
functions. First, the message informs the BTS that the MS is currently on the SDCCH.
The message also indicates that the paging response sent from the MS is being
transmitted on the SDCCH. Second, while identifying the connection, the BTS add
the received layer-3 message to this message.
12. Paging Response
BSC sends a connection request message to the MSC via the paging response
message.
13. Unnumbered Acknowledgement (UA)
The unnumbered acknowledgement is implemented in layer-2 when the LAPDm link
is established.
14. Authentication Request
The Mobile Switching Center (MSC) sends an authentication request message to the
BSC as connection confirm (CC), which is transparently transmitted to the MS via the
BSC.
15. Authentication Response
The MS returns the Signed Response (SRES) to the authentication request. The
authentication response is sent to the MSC via the BTS.
The MS authentication uses two algorithms: A3 and A8. The algorithms and a 32-digit
key are stored in the SIM card. When the network requests for the authentication of
the MS, the AUC/VLR sends a random 32-digit decimal number to the MS. The MS
2-20
then calculates the Signed Response (SRES), and returns the response to the VLR.
The VLR then compares the received SRES with the one previously received from
the authentication group of the Authentication Center (AUC). If the two SRESs are the
same, the authentication succeeds. Then the MS can resume the call.
The first 8 digits of the KI are used for the authentication and the SRES algorithm,
while the remaining 24 digits are reserved for the key algorithm.
16. Ciphering Mode Command
The MSC requires the BSC to start ciphering from the wireless channel. If the network
attempts to start ciphering from the radio interface, it needs to send messages from
the A interface. If the network implements ciphering, the MS begins ciphering upon
receiving this message.
17. Ciphering Mode Command
The BSC stores the ciphering message to its memory, and sends a ciphering command
to the BTS to start the ciphering mode.
18. Ciphering Mode Command
The GSM system notifies the MS to start ciphering, and that the system is ready to
receive the ciphered messages.
19. Ciphering Mode Complete
The MS confirms the ciphering command.
2-21
2-22
The MS user accepts the call by sending this message. The MSC begins the control
of the call when the Connect message comes.
38. Connect Ack
The MSC notifies the MS by this message that the call connection completes.
Therefore, the voice coder can be opened on the MS. If the voice coder is not open,
the logical channel of the MS switches from the Fast Associated Control Channel
(FACCH) to the Traffic Channel (TCH).
39. Measurement Report (SACCH)
After the active signaling channel is established, the MS sends the measurement
report about the voice quality every two seconds.
40. Measurement Report/Result
If the measurement reports have been preprocessed in the BTS, the measurement
results are sent to the BSC.
If the reports have not been preprocessed, the reports are sent directly to the BSC.
41. Disconnect
The MS sends the connection removal message. The message will stop charging the
connected call.
42. Release
The MSC starts the actual release to stop the call.
2-23
The MS notifies the network that it will release the processing ID, indicating that release
is in process.
44. Clear Command
The MSC sends the message to release all related resources.
45. Channel Release (FACCH)
The message stops the active Traffic Channel (TCH). The message is sent from the
BSC to the MS. If the call is normally established, the calling reason is "normal".
46. Deactivate Slow Associated Control Channel (SACCH)
The BSC sends the message in the downlink to indicate that the BSC stops sending
system messages to the MS. At this moment, it is not necessary to transmit/receive
any message on the SACCH, so deactivation is required.
47. DISC (Disconnect)
The MS sends the layer-2 frame to remove the uplink connection, and notifies the BTS
to stop the service connection on the TCH/FACCH.
48. Unnumbered Acknowledgement
The BTS confirms the removal of the frame. After that, the MS restarts monitoring the
BCCH, and releases all radio interfaces.
49. Release Indication
The BTS notifies the BSC that the MS does not have to many radio resources available.
50. RF Channel Release
The BSC notifies the BTS to release the remaining radio resources.
51. RF Channel Release Ack
After all free radio resources have been released, the BTS sends a message to the
BSC. The released resources include the TCH/FACCH and SACCH.
52. Clear Complete
The acknowledgement message is the SCCP data (clear command). The BSC notifies
the MSC that all radio resources related to the call have been released.
53. SCCP Release
After all radio resources are released, the GSMAP related to the call is not necessary.
The message is sent as the RLSD message, notifying the BSC to release the SCCP
connection.
The BSC notifies the MSC in an RLC message that the dedicated SCCP connection
related to the call is released.
2-24
Signaling Procedure
The signaling procedure for the intra-cell handover is illustrated in Figure 2-4.
The BSC sends a channel activation message to the BTS. After receiving the handover
request from the BTS, the BSC starts searching and allocating the traffic channel
(TCH) for completing the call based on a certain protocol. The most important in the
activation message are the allocated BTS and a channel combination including the
SDCCH.
The parameters included in the channel activation message are: DTX control,
channel identification (ID), channel description and mobile distribution, the maximum
2-25
power level for the MS and the BTS, the initial timing advance (related to the access)
calculated by the BSC.
4. Channel Activation ACK
After receiving this message, the BTS begins to transmit and receive on the
TCH/SACCH. The parameter included in the message is the power level of the
channel activation message received by the BTS.
5. Assignment Command (FACCH)
The BTS sends the received message further to the MS.
The contents of the message include: channel description, power level, cell channel
description, channel mode (full rate/half rate), and mobile frequency point list.
6. Set Asynchronous Balanced Mode (SABM)
The message mainly includes layer-2 messages, with some layer-3 messages.
The contents of the message are: service request, key sequence number, Mobile
Station classmark, and mobile identification number (MIN).
7. Establish Indication
The BTS acknowledges the immediate assignment command via the returned
Establish Indication message.
The establishment indication message has two functions.
a. This procedure indicates to the BTS the new TCH where the MS is located. The
BTS thus sends the description of the new TCH to the BSC.
b. The BTS identifies the connected signaling channel by this message (Establish
Indication), while adding the layer-3 messages it received.
9. Assignment Complete
The MS sends this message to the network to indicate that it has successfully set up
the active signaling channel.
10. Handover Performed
When the MS notifies the network that it has been handed over to the new traffic
channel (TCH), the original TCH established for the call is no longer necessary and
has to be released by the channel release procedure.
12. RF Channel Release Ack
2-26
Signaling Procedure
The signaling procedure for the inter-cell handover is illustrated in Figure 2-5.
3. Channel Activation
The BSC sends a channel activation message to the BTS. After receiving the handover
request from the BTS, the BSC starts searching and allocating the traffic channel
(TCH) for completing the call based on a certain protocol. The most important in the
activation message are the allocated BTS and a channel combination including the
SDCCH.
2-27
The parameters included in the channel activation message are: DTX control,
channel identification (ID), channel description and mobile distribution, the maximum
power level for the MS and the BTS, the initial timing advance (related to the access)
calculated by the BSC.
4. Channel Activation ACK
After receiving this message, the BTS begins to transmit and receive messages on
the TCH/SACCH. The parameter included in the message is the power level of the
channel activation message received by the BTS.
5. Handover Command
The BSC sends the Handover Command message to the BTS for modifying the
dedicated channel and the required timing advance.
6. Handover Command (FACCH)
BTS sends the message to the MS.
7. Handover Access (FACCH)
The MS sends a handover access message in random mode to the new BTS.
8. Handover Detect
The new BTS notifies the BSC that it has detected the handover access message.
9. Handover Detect
The new BSC notifies the MSC that it has detected the handover access message.
10. Physical Info (FACCH)
The physical information includes the messages related to different physical layers.
The information ensures the accuracy in transmission.
11. Set Asynchronous Balanced Mode (SABM)
The message mainly includes layer-2 messages, with some layer-3 messages. The
contents of the message are: service request, key sequence number, MS classmark,
and mobile identification number (MIN).
12. Establish Indication
The BTS acknowledges the immediate assignment command based on the returned
Establish Indication message.
The establishment indication message has two functions.
a. This procedure indicates to the BTS the new TCH where the MS is located. The
BTS thus sends the description of the new TCH to the BSC.
b. The BTS identifies the connected signaling channel by this message (Establish
Indication), while adding the layer-3 messages it received.
13. Unnumbered Acknowledgement (UA)
The unnumbered acknowledgement is implemented in layer-2 when the LAPDm link
is established.
2-28
Signaling Procedure
Inter-BSC handover can be divided into two parts: part 1 is outgoing handover from the
source BSC, part 2 is incoming handover process to the target BSC.
Figure 2-6 illustrates the procedure for an inter-BSC handover.
2-29
1. Measurement Report
After the active signaling channel is established, the MS sends the measurement
report about the voice quality every two seconds.
2. Measurement Report
If the measurement reports have been preprocessed in the BTS, the measurement
results are sent to the BSC.
If the reports have not been preprocessed in the BTS, the reports are sent directly to
the BSC.
3. Handover Required
The BSC notifies the MSC of the handover requirement.
4. Handover Request
The MSC sends the handover request to the target BSC (BSC2), which implements
the channel activation later on.
5. Channel Activation
The target BSC (BSC2) sends a channel activation message to the target BTS. After
receiving the handover request from the BTS, the BSC starts searching and allocating
the traffic channel (TCH) for completing the call based on a certain protocol. The most
important in the activation message are the allocated BTS and a channel combination
including the SDCCH.
The parameters included in the channel activation message are: DTX control,
channel identification (ID), channel description and mobile distribution, the maximum
2-30
power level for the MS and the BTS, the initial timing advance (related to the access)
calculated by the BSC.
6. Channel Activation ACK
This message is a response to the channel activation message. After receiving this
message, the BTS begins to transmit and receive messages on the TCH/SACCH.
The parameter included in the message is the power level of the channel activation
message received by the BTS.
7. Handover Request Acknowledgement
After the channel is activated, the target BSC sends a message of handover request
acknowledgement to the MSC, and then implements channel activation.
8. Handover Command
The MSC sends the handover command to the BSC for modifying channel
configurations and the TA.
9. Handover Command (FACCH)
The BSC1 sends the handover command to the MS via the BTS1.
10. Handover Access (FACCH)
The MS sends the handover access message to the target BTS.
11. Handover Detect
The target BTS notifies the BSC2 that it has detected the handover access message.
12. Handover Detect
The target BSC sends the Handover Detect message to the MSC, indicating that
channel establishment has begun in the new GSM system.
13. Physical Info (FACCH)
The physical information includes messages related to different physical layers. The
MS then provides a proper transmission path.
14. Set Asynchronous Balanced Mode (SABM)
The message mainly includes layer-2 messages, with some layer-3 messages. The
contents of the message are: service request (refer to the establishment reason), key
sequence number, Mobile Station classmark, and mobile identification number (MIN).
15. Establish Indication
The BTS acknowledges the immediate assignment command based on the returned
Establish Indication message. The establishment indication message has two
functions. First, this procedure indicates to the BTS the new TCH where the MS is
located. The BTS thus sends the description of the new TCH to the BSC. Second,
the BTS identifies the connected signaling channel by this message (Establish
Indication), while adding the layer-3 messages it received.
16. Unnumbered Acknowledgement
2-31
When the MS notifies the network that it has been handed over to the new traffic
channel (TCH), the original TCH established for the call is no longer necessary and
has to be released by the RF channel release procedure.
21. RF Channel Release Ack
The original BTS acknowledges the message of RF channel release.
22. Clear Complete
The acknowledgement message is the SCCP data (clear command). The BSC notifies
the MSC that all radio resources related to the call have been released.
Signaling Procedure
l Basic handover
2-32
2-33
2-34
2-35
Signaling Procedure
Figure 2-10 illustrates the procedure for sending a point-to-point short message in idle
state.
Figure 2-10 Procedure for Sending Point-to-Point Short Messages (Idle State)
The procedure for sending a short message from an idle MS is similar with that for a
mobile-originated call. The procedure can be divided into three steps:
1. The procedure from 1 to 8 is the random access and immediate assignment, during
which time the BSS allocates the signaling channel for the MS.
2. The procedure from 14 to 21 is the short message sending process.
The MS re-sends the SABM frame, notifying the network side that the subscriber
requires to set up the short message service (SMS). Next, the BSC provides the
transparent transmission channel for exchanging short message information between
the MS and MSC. During the sending procedure, the MSC of some manufacturers
can send the ASS REQ message to the BSC, requiring the assignment of an SMS
channel. The time of sending the ASS REQ message is the same with a common
call procedure. The BSC can either assign another channel for the SMS, or use the
orignal SDCCH for the SMS.
3. The procedure from 22 to 32 is the release process. The MS starts the release of
resources upon completion of sending the short message.
2-36
Signaling Procedure
Figure 2-11 illustrates the procedure for receiving a point-to-point short message in idle
state.
Figure 2-11 Procedure for Receiving Point-to-Point Short Messages (Idle State)
The procedure for receiving a short message from an idle MS is similar with that for a
mobile-terminated call. The procedure can be divided into three steps:
2. The procedure from 17 to 25 are SMS setup and short message sending.
For the terminated SMS procedure, the BSC sends the EST REQ message to the MS
to request the SMS setup. After the BSC receives the EST CNF message from the MS,
the setup of the SMS channel succeeds. The BSC transparently transmits the short
2-37
message until the sending process completes. In the whole signaling procedure, 14
and 15 are optional.
3. The procedure from 26 to 36 is the release process.
Signaling Procedure
The channel is set up for a busy MS, so that requesting a new channel is not necessary
for sending a short message.
For sending a short message from a busy MS, the MS sends the CM SERV REQ message
on the FACCH to the MSC, which returns the CM SERV ACC message to set up a CC layer
connection. Next, the connection is set up on the SACCH for sending the short message.
After the short message is sent, it is also not necessary to release the channel resource.
Figure 2-12 illustrates the procedure for sending a point-to-point short message in busy
state.
Figure 2-12 Procedure for Sending Point-to-Point Short Messages (Busy State)
2-38
Signaling Procedure
The channel is set up for a busy MS, so that requesting a new channel is not necessary
for receiving a short message.
After receiving the CP DATA message sent from the MSC, the BSC set up the RR-layer
connection for the SMS. When receiving the acknowledgement by the MS, the BSC sends
the message to the MS.
After the short message is received, it is not necessary to release the channel resource.
Figure 2-13 illustrates the procedure for receiving a point-to-point short message in busy
state.
Figure 2-13 Procedure for Receiving Point-to-Point Short Messages (Busy State)
2-39
Signaling Procedure
The procedure for uplink one-step access on the CCCH is illustrated in Figure 2-14.
1. The MS sends the CHANNEL REQUEST message to the BSC via the BTS.
2. After receiving the message, the BSC requests for relevant radio resources, and sends
the channel activation message to the BTS.
3. After activating the channel, the BTS returns the Channel Activation Acknowledgement
message to the BSC, which then sends the Immediate Assignment message to the
MS.
4. After receiving the Immediate Assignment message, the MS starts sending uplink data
on the assigned radio channel. To introduce the conflict resolution mechanism, the
MS should add the Temporary Link Level Identity (TLLI) to the first three data block.
(The conflict-resolving mechanism is used to avoid the channel allocation conflict when
multiple MSs request for channels simultaneously.)
5. After receiving the first uplink data block, the BSC responses with the PACKET UPLINK
ACK message, which contains the TLLI.
6. After receiving the PACKET UPLINK ACK message, the MS checks whether the TLLI
is the same with that in itself. If yes, the radio channel is allocated to the MS, which can
then resume sending uplink data. Otherwise, the MS exits and re-starts the random
access procedure.
Signaling Procedure
The procedure for uplink two-step access on the CCCH is illustrated in Figure 2-15.
2-40
1. The MS sends the CHANNEL REQUEST message to the BSC via the BTS.
2. After receiving the message, the BSC requests for relevant radio resources, and sends
the channel activation message to the BTS.
3. After activating the channel, the BTS returns the Channel Activation Acknowledgement
message to the BSC, which then sends the Immediate Assignment message to the
MS.
4. After receiving the Immediate Assignment message, the MS sends the PACKET
RESOURCE REQUEST message to the BSC. The message contains the TLLI of the
subscriber.
5. After receiving the message, the BSC releases the single block resource and request
for another resource, while implementing channel activation for another time.
6. After receiving the Channel Activation Acknowledge message, the BSC sends the
PACKET UPLINK ASSIGNMENT message to the MS. The message includes the
information such as the USF and the TLLI.
Signaling Procedure
When the downlink TBF is established, the uplink access procedure on the PACCH is
shown in Figure 2-16.
2-41
1. If the MS attempts to establish the uplink TBF on the condition that the downlink TBF
has been established, the MS needs to send the PACKET DOWNLINK ACK message,
which contains the CHANNEL REQUEST message, to the BSC.
2. After receiving the message PACKET DOWNLINK ACK that contains CHANNEL RE-
QUEST message, the BSC releases the original downlink resources, and requests
new uplink and downlink resources. Meanwhile, the BSC requires the BTS to activate
channel.
3. After activating the relevant channel, the BTS returns the CHANNEL ACTIVATION
ACKNOWLEDGEMENT message to the BSC. After receiving the message, the
BSC sends the PACKET TIMESLOT RECONFIGURE message to the MS, and the
establishment of uplink TBF completes.
Signaling Procedure
The procedure for the uplink access on the CCCH is illustrated in Figure 2-17.
2-42
1. After receiving the downlink data unit BSSGP DL UNITDATA sent from the SGSN,
the BSC requests for relevant radio resources, while initiating the channel activation
process to the BTS.
2. After activating the relevant channel, the BTS returns the CHANNEL ACTIVATION
ACKNOWLEDGEMENT message to the BSC. Upon receiving the message, the BSC
sends the IMMEDIATE ASSIGNMENT message to the MS.
3. After receiving the PACKET_PTA_SEND message (indication of successful sending
of the IMMEDIATE ASSIGNMENT message) sent from the BTS, the BSC sends the
PACKET POLLING REQUEST message to the MS.
4. Upon receiving the message, the MS returns the PACKET CONTROL
ACKNOWLEDGEMENT message, calculating the value of TA during the process.
5. The BSC sends the PACKET POWER CONTROL/TIME ADVANCE message to the
MS. If there are multiple allocated downlink time slots, the BSC needs also to send the
PACKET DOWNLINK ASSIGNMENT message to the MS.
Signaling Procedure
The procedure for the downlink access on the PACCH is illustrated in Figure 2-18.
2-43
1. If the uplink TBF is established, when the BSC receives the downlink data unit BSSGP
DL UNITDATA sent from the SGSN, it is necessary to establish the downlink TBF.
BSC will release the original uplink resources and request for new uplink and downlink
resources. Meanwhile, the BSC requires the BTS to activate channel.
2. After activating the relevant channel, the BTS returns the CHANNEL ACTIVATION
ACKNOWLEDGEMENT message to the BSC. After receiving the message, the
BSC sends the PACKET TIMESLOT RECONFIGURE message to the MS, and the
establishment of downlink TBF completes.
2-44
1. Cell Selection
When the MS is switched on or moves from a blind area to a coverage area, the MS
will seek all frequency points allowed by the PLMN, while selecting an appropriate cell
to reside in. The process is called cell selection.
Before the allocation of the GPRS dedicated channel, the GPRS Mobile Stations use
the GSM signaling resources.
During cell selection, the Mobile Station (MS) first searches through 124 RF channels,
calculating the average level based on the received signal strength of each RF
channel. This process takes three to five seconds. At lease one measurement point
is taken from each RF channel.
After this process, the MS is modulated to the carrier with the highest reception level.
2. Cell Reselection
In the GPRS system, the cell reselection can be controlled by the network or
carried out by the MS itself. Compared with the MS-implemented cell reselection,
network-controlled reselection fully considers the information known to the network,
such as individual cell load, status, and level. Therefore, network-controlled cell
2-45
reselection can make reasonable reselection decisions via flexible control strategy,
thus optimizing the allocation of services within the network.
The general procedure for network-controlled cell reselection is illustrated in Figure
2-20.
2-46
cell. Pre-decision does not make the final choice. When the cell reselection
pre-decision decides that cell reselection is required, the BSC user plane notifies
the BSC control plane about the C31 and C32 of these neighboring cells via the
cell reselection request message.
The algorithm for pre-decision is explained as follows:
l If the value of C for the serving cell is below zero, reselection is required.
Rank the values of C31 of neighboring cells, or if C31 is below zero for all
neighboring cells, rank the value of C32. After that, the parameters C31 and
C32 are sent to the control plane, which selects a cell according to the network
conditions.
l If the value of C in the serving cell is above zero, the reselection module
selects a neighboring cell that is more appropriate than the current serving
cell. The parameters of the serving cell and neighboring cells are sent to the
control plane for decision. If no better cells are found, reselection will not
be carried out. Whether a neighboring cell is better than the serving cell is
decided by the value of C31.
d. Cell Reselection Decision
After receiving the cell reselection request message sent from the BSC user plane,
the BSC control plane implements cell reselection decision, selecting the target
cell. The BSC control plane checks the resources and service loads of several
strongest neighboring cells, and selects a best cell, while sending cell reselection
indication to the BSC user plane.
e. Sending the Cell Reselection Command
After receiving the Cell Reselection Indication message, the BSC user plane sends
a cell reselection command to the MS. For a mobile station in packet idle mode,
if a Packet Common Control CHannel (PCCCH) is configured, the cell reselection
command is sent to the MS on the PCCCH. If the PCCCH does not exist, the BSC
first assigns a downlink block via an IMMEDIATE ASSIGNMENT message, and
then sends the cell reselection command through the downlink block. For a mobile
station in packet transfer mode, the cell reselection command is sent to the MS
on the Packet Associated Control Channel (PACCH).
2.3.7 Attach
IMSI Attach refers to the process when the MS reports its IMSI to the system after it is
powered on.
Signaling Procedure
GPRS Attach is a procedure of the GPRS Mobility Management (GMM). The procedure is
triggered by the MS.
GPRS Attach has two types. The first type is regular GPRS Attach, during which process
the MS only attaches the IMSI to the GPRS service. The other type is combined GPRS
2-47
Attach, which implements both GPRS Attach and location update. Figure 2-21 illustrates
the Attach procedure.
1. The MS sets up an uplink temporary block flow (TBF) by two-step access with "MM
Program" as the access request. Upon receiving the PACKET UPLINK ASSIGNMENT
message sent from the BSC, the MS sends the LLC PDU, containing the ATTACH
REQUEST message, on the assigned RLC data block.
2. Upon receiving the ATTACH REQUEST message, the BSC puts the message on the
BSSGP UPLINK DATA UNIT and sends it data unit to the SGSN.
3. Upon receiving the ATTACH REQUEST message, the target SGSN gets the address
of the source SGSN based on the P-TMSI in the message and the source RAI. Next,
the target SGSN sends an IDENTITY REQUEST message to the source SGSN.
4. Upon receiving the message, the source SGSN, if it can identify the MS, sends an
IDENTITY RESPONSE message to the target SGSN.
5. The target SGSN, if cannot getting the identity of the MS from the source SGSN, sends
an IDENTITY REQUEST message to the MS for getting information such as IMSI,
while implementing authentication and encryption.
6. When authentication and encryption succeeds, the target SGSN looks for the HLR
where the MS belongs by the IMSI. The SGSN sends a LOCATION UPDATE
REQUEST message to the HLR.
2-48
7. Upon receiving the message, the HLR saves the information of the new SGSN, and
sends a location deletion message to the source SGSN, which, upon receiving the
message, deletes all information of the MS, and returns the ACK message to the HLR.
8. Upon receiving the ACK message sent from the source SGSN, the HLR sends a
INSERT SUBSCRIBER DATA message, with data related to the MS, to the target
SGSN. The target SGSN, upon receiving the message, returns the ACK message to
the HLR, which then sends the LOCATION UPDATE ACKNOWLEDGE message to
the target SGSN.
9. The SGSN, if accepting the attach request by the MS, sends the ATTACH ACCEPT
message to the MS. If the SGSN allocates a new P-TMSI, the new P-TMSI along with
the route identification information will be sent to the MS via the ATTACH ACCEPT
message.
10. For the Combined Attach, a new TMSI and a new LAI are included in the ATTACH
ACCEPT message.
11. The BSC, upon receiving the downlink data unit containing the ATTACH ACCEPT
message, allocates a downlink TBF, and sends the message to the MS via the
assigned downlink RLC data block.
12. Atfter receiving the ATTACH ACCEPT message, the MS stores the RAI information,
and enters the ready status. For a Combined Attach, the MS stores the TMSI and LAI
information, and sends the newly allocated TMSI included in the ATTACH COMPLETE
message to the SGSN.
13. SGSN considers the allocated P-TMSI valid when receiving the ATTACH COMPLETE
message. For a Combined Attach, the SGSN sends the TMSI Reallocation Complete
message to the MSN/VLR.
2.3.8 Detach
IMSI Detach refers to the process when the MS reports to the system before it is powered
off.
Signaling Procedure
When the MS is powered off, it needs to disable GPRS, thus triggering the Detach
procedure. The network can also trigger the GPRS Detach program to detach the IMSI
from the GPRS service.
1. The MS-initiated GPRS Detach procedure is shown in Figure 2-22.
2-49
a. The MS sends the Detach Request message, which includes the GPRS Detach
type, to initiate the GPRS Detach.
b. After receiving the Detach Request message, the SGSN, if finding it a
non-power-off detach, returns a Detach Accept message to the MS. The returned
message includes the IMSI of the MS. For a power-off detach, the procedure
completes after the SGSN receives the Detach Request message.
c. If the PDP context still exists, the SGSN, upon receiving the Detach Request
message, sends a Delete PDP Context Request message (including the TID, the
PDP Context Identifier for the MS) to the corresponding GGSN.
d. Upon receiving the request sent from the SGSN, the GGSN deletes the PDP
context related to the MS, and returns a Delete PDP Context Response message
to the SGSN.
e. If the Gs interface exists, and the SGSN finds the detach reason is Combined
GPRS/IMSI Detach, it will sends a GPRS DETACH INDICATION message to the
MSC/VLR.
2. The SGSN-initiated GPRS Detach procedure is shown in Figure 2-23.
2-50
a. The SGSN sends a Detach Request message to the MS, indicating the detach type
and reason. The detach types include re-attach required, re-attach not required,
and IMSI detach.
While sending Detach Request to the MS, the SGSN sends the Delete PDP
Context Request message to the GGSN, indicating TID, the identifier for the
PDP Context of the MS. Upon receiving the message, the GGSN deletes the
corresponding PDP context, and returns a Delete PDP Context Response
message to the SGSN.
b. Upon receiving the Detach Request sent from the SGSN, the MS, if finding
the request type is "re-attach required", removes the PDP context and the
corresponding logic link, while returning the Detach Accept message to the
SGSN. After the GPRS is successfully detached, the MS initiates the GPRS
Attach procedure again, and activates a new PDP.
If the request type is "Re-attach not required", and the reason is "IMSI not known
to the HLR", the MS will remove the PDP context and the logic link, while sending
the Detach Accept message to the SGSN.
If the detach type is "IMSI detached", the MS will not remove the PDP context,
while sending the Detach Accept message to the SGSN.
c. If the Gs interface exists, and the SGSN finds the detach reason is Combined
GPRS/IMSI Detach, it will sends a GPRS DETACH INDICATION message to the
MSC/VLR.
2-51
a. If the HLR attempts to delete the PDP context and the MM of an MS, the HLR
needs to send a Cancel Location message to the SGSN.
b. Upon receiving the message, the SGSN sends the Detach Request message to
the MS, while sending a Delete PDP Context Request message to the GGSN. After
deleting the PDP context, the GGSN returns a Delete PDP Context Response
message to the SGSN.
c. Upon receiving the Detach Request, the MS contacts the PDP context and the
logic link, and sends the Detach Accept message to the SGSN.
d. Upon receiving the Detach Accept message, the SGSN returns a Cancel Location
Ack message to the HLR.
e. If the Gs interface exists, and the SGSN finds the detach reason is Combined
GPRS/IMSI Detach, it will sends a GPRS DETACH INDICATION message to the
MSC/VLR.
1. Inactive: a PDP address for a subscriber has no activated data service, and the PDP
has no routing or mapping information. The routing area update of the MS at this time
will not initiate the PDP update.
2. Active: a PDP address for a subscriber has activated data service, as the PDP contexts
for the MS, SGSN, and GGSN all contain the PDU routing and mapping information
transmitted by the PDP address. The PDP context is in activated only when the MS is
in standby or ready state.
2-52
When the mobility management(MM) is in idle state, the MS first implements the attach
procedure for mobility management to enter the ready or standby state, before carrying
out activation of the PDP context.
Signaling Procedure
The PDP context activation can be initiated either by the MS or the GGSN.
1. The procedure for the MS-initiated activation of the PDP context is shown in Figure
2-25.
Figure 2-25 The Procedure for the MS-initiated Activation of a PDP Context
a. If the MS has finished GPRS Attach, and needs to transmit data in the network, it
first sets up an uplink TBF on which to initiate the Activate PDP Context Request
to the SGSN.
b. Upon receiving the message, the SGSN decides whether to implement
authentication, encryption, and the reallocation of the P-TMSI. For anonymous
transmission, authentication and encryption are not required.
c. After completing authentication and encryption, the SGSN validates the PDP type,
address, and APN provided by the MS according to the subscription record in the
PDP context.
d. Upon receiving the message sent from the MS, the GGSN finds the corresponding
access point based on the APN, and generates a charging ID. The GGSN then
returns a Create PDP Context Response message to the SGSN.
e. Upon receiving the response, the SGSN sends the Activate PDP Context Accept
message to the MS. At this time, the SGSN can initiate the routing and transfer
of the PDP PDU packet between the MS and GSGN, while starting the charging
process.
f. Upon receiving the Activate PDP Context Accept message, the MS enters the
PDP active state and starts data transfer.
2. GSGN-Initiated PDP Context Activation
If the PDP address is static, the PDP context activation can be initiated by the Gateway
EDGE/GPRS Support Node (GGSN), as shown in Figure 2-26.
2-53
a. When receiving the packet data sent from the packet data network (PDN), the
GGSN first checks whether there is a static address for the PDP and whether the
PDP context is set up. The GGSN stores the data, and sends the Send Routing
Info for GPRS message, including the IMSI of the MS, to the HLR.
b. Upon receiving the message, the HLR, if acknowledging to provide the service,
returns the Send Routing Info for GPRS ACK message to the GGSN. If the HLR
returns the UACK message, the message contains the reason for the error.
c. If the GGSN finds the MS accessible upon receiving the ACK message, it will
sends the PDP Notification Request message to the SGSN.
d. Upon receiving the message, the SGSN returns the PDP Notification Response
message to the GGSN. At the same time, the SGSN sends the Request PDP
Context Activation message to the MS. Then if the MS accepts the message, it
sends the PDP Context Activation Request to the SGSN.
2-54
Signaling Procedure
The PDP context deactivation can be initiated either the MS, GGSN, or SGSN.
1. The procedure for the MS-initiated deactivation of the PDP context is shown in Figure
2-27.
Figure 2-27 The Procedure for the MS-Initiated Deactivation of a PDP Context
a. The MS sends the Deactivate PDP Context Request message to the SGSN to
initiate the PDP deactivation procedure.
b. Upon receiving the message, the SGSN decides whether to implement
authentication, encryption, and the reallocation of the P-TMSI.
c. The SGSN sends the Delete PDP Context Request message, including the PDP
Context tunnel identifier (TID), to the GGSN.
d. Upon receiving the message, the GGSN deletes the PDP context. If the MS uses
the dynamic PDP address, the GGSN releases the address, and returns the Delete
PDP Context Response message to the SGSN.
e. Upon receiving the response, the SGSN sends the Deactivate PDP Context
Accept message to the MS. If the link is not occupied by another PDP context,
the MS and the network release the link.
2. The procedure for the GGSN-initiated deactivation of the PDP context is shown in
Figure 2-28.
Figure 2-28 The Procedure for the GGSN-Initiated Deactivation of a PDP Context
a. The GGSN sends a Delete PDP Context Request message to the SGSN.
b. Upon receiving the message, the SGSN sends the Deactivate PDP Context
Request message to the MS.
2-55
c. Upon receiving the message, the MS deletes the PDP Context, and returns the
Deactivate PDP Context Accept message to the SGSN.
d. Upon receiving the Accept message, the SGSN returns a Delete PDP Context
Response message to the GGSN. At last, the GGSN releases the PDP address.
3. The procedure for the SGSN-initiated deactivation of the PDP context is shown in
Figure 2-29.
Figure 2-29 The Procedure for the SGSN-Initiated Deactivation of a PDP Context
a. The SGSN sends a Delete PDP Context Request message to the GGSN.
b. Upon receiving the message, the GGSN deletes the PDP Context and the PDP
address, and returns a Delete PDP Context Response message to the SGSN.
c. Upon receiving the Response message, the SGSN sends a Deactivate PDP
Context Request message to the MS.
d. The MS deletes the PDP Context according to the message it receives, and returns
a Deactivate PDP Context Accept message to the SGSN.
During the data transfer process, if, based on signal measurement and the system
parameters broadcast on the PBCCH/BCCH, the MS finds a more appropriate
neighboring cell, the MS will stop monitoring the original cell for system messages to
2-56
start monitoring the target cell. Next, the MS accesses the cell, and sends the CELL
UPDATE message to the SGSN.
If the SGSN, upon receiving the cell update request, finds that the MS is implementing
downlink packet data transmission, the SGSN sends a FLUSH message to the BSC,
indicating that the MS has moved to a new cell.
The BSC finds the source cell by the original BVCI. If the BSC does not support LLC
frame transfer, it deletes the LLC frame in the source cell by the TLLI. If the BSC
supports LLC frame transfer, it transfers the LLC frame from the source cell to the
target cell. The BSC will reallocate resources to the MS in the new cell and set up
new temporary block flow (TBF) for starting data transmission in the new cell.
Signaling Procedure
l Intra-SGSN Routing Area Update
Intra-SGSN routing area update occurs in the following cases:
à For the cell reselection of an MS in standby or ready state, the original and new
cells belong to different routing areas (RA) administered by the same SGSN.
à Periodical routing update timer T3312 times out, but the MS is still in the old
routing area.
à After a class B mobile station leaves dedicated mode, the MS is still in the old
routing area (RA) when it restores suspended mobile services.
The procedure for intra-SGSN routing area update is shown in Figure 2-30.
1. The MS sends the Routing Area Update Request message to the SGSN to trigger
the intra-SGSN routing area update.
2-57
2. Upon receiving the message, the BSC adds the Cell Global Identity (CGI) of the
RAC and LAC to the message, and sends the message to the SGSN.
3. Upon receiving the message, the SGSN analyzes the message, and, if deciding to
implement authentication and encryption program, sends the authentication and
encryption request to the MS.
4. Upon completion of authentication and encryption, if the SGSN considers the RA
update is within the same SGSN, it will check whether the MS is a legal subscriber.
The SGSN returns a reject message to the MS upon one of the cases: illegal
MS, illegal ME, GPRS service forbidden, failure of importing the MS ID, PLMN
forbidden, location area forbidden, and roaming in the location area forbidden.
Otherwise, the SGSN returns the Routing Area Update Accept message to the
MS, and assigns the MS with a new P-TMSI and P-TMSI signature, which are
sent with the RAI to the MS in the Routing Area Update Accept message.
5. Upon receiving the ACCEPT message, the MS stores the RAI, new P-TMSI and
new P-TMSI signature, and returns a Routing Area Update Complete message.
Upon receiving the message, the SGSN uses the old P-TMSI if there is no new
P-TMSI.
l Inter-SGSN Routing Area Update
The procedure for inter-SGSN routing area update is shown in Figure 2-31.
1. The MS sends the Routing Area Update Request message to the new SGSN to
trigger the update procedure. The message contains the old P-TMSI, old P-TMSI
2-58
signature, and update type. After receiving the message, the BSC adds the CGI
and sends the message to the new SGSN.
2. If the new SGSN cannot identify the P-TMSI, and/or that the RAI does not match,
the new SGSN will send an SGSN Context Request message to the old SGSN
to get the Mobility Management (MM) Context and PDP Context of the MS. The
message contains the old P-TMSI signature, TLLI, RAI, and the new SGSN ad-
dress.
3. The old SGSN, upon receiving the message, returns an SGSN Context Response
message, containing such information as the MM Context and PDP Context.
4. Receiving the response message, the new SGSN implements authentication
and encryption on the MS based on the received message description, such as
authentication key triplet.
5. After authentication and encryption, the new SGSN sends an SGSN Context
Acknowledge message to the old SGSN, indicating that it (new SGSN) is ready
to receive active PDP information.
6. Upon receiving the ACK message from the new SGSN, the old SGSN sends the
N-PDU messages that have accumulated after some time to the new SGSN.
7. After receiving the accumulated N-PDU messages, the new SGSN sends an
Update PDP Context Request message to the GGSN.
8. Upon receiving the message, the GGSN returns an Update PDP Context
Response message to the new SGSN.
9. Receiving the response, the new SGSN sends an Update Location message to
the HLR, updating the information of the subscriber in the HLR.
10. Upon receiving the request, the HLR deletes the MS information for the old SGSN
(by sending the Cancel Location message to it), while adding new information
about the MS to the new SGSN (by sending the Insert Subscriber Data message
to the new SGSN).
11. Upon receiving the Update Location ACK message from the HLR, the new SGSN
sets up the MM Context and PDP Context for the MS, and allocates a new P-TMSI
signature, which is sent with the RAI to the MS in the Routing Area Update Accept
message.
12. Receiving the message, the MS returns the Routing Area Update Complete
message.
l Periodic Routing Area Update
The prevent the network from losing contact with the MS, the GPRS system
takes some measures to force the MS to report its current location to the network
periodically. This is called periodic routing area update.
The procedure for the periodic routing area update is the same with that for intra-SGSN
routing area update. They only differ in the update reason.
The periodic routing area update occurs in the following cases:
2-59
For a GPRS mobile station in standby state, if one of the following cases occurs, the
network will lose contact with the MS.
1. When the MS enters the blind area, the network cannot get the current MS state,
and still considers the MS in the Attach state.
2. When the MS sends the Detach Request message to the network, if the uplink is
interfered, the network may not be able to decipher the message due to the low
signal quality. In this case, the network still considers the MS in the Attach state.
3. When the MS encounters power failure and cannot report its state to the network,
the contact between the network and the MS is lost.
2-60
II
III
IV
CN
- Core Network
EIR
- Equipment Identity Register
FTP
- File Transfer Protocol
GERAN
- GSM/EDGE Radio Access Network
GPRS
- General Packet Radio Service
HLR
- Home Location Register
HTTP
- Hypertext Transfer Protocol
IP
- Internet Protocol
ISDN
- Integrated Services Digital Network
LLC
- Logic Link Control
MM
- Mobility Management
MS
- Mobile Station
MSC
- Mobile Switching Center
NSS
- Network Subsystem
OMC
- Operation & Maintenance Center
OSI
- Open System Interconnection
PSTN
- Public Switched Telephone Network
RR
- Radio Resource
SC
- Short Message Center
SCCP
- Signaling Connection Control Part
SGSN
- Serving GPRS Support Node
SMTP
- Simple Mail Transfer Protocol
SNDCP
- Sub Network Dependent Convergence Protocol
TA
- Timing Advance
TDM
- Time Division Multiplexing
TFTP
- Trivial File Transfer Protocol
VLR
- Visitor Location Register
VI