Mobile Station (MS)
The mobile station is made up of the subscriber identity module (SIM) and the Mobile Equipment (ME, or just "phone" to the rest of us).
The SIM card and phone (ME) both have internationally unique identification numbers. The number for the SIM card is called the IMSI (International Mobile Subscriber Identity) and for the phone it is called the IMEI (International Mobile Equipment Identity). The IMEI is a 14 digit number that is visible when the battery of the phone is removed.
From the IMSI abbreviation we can already deduce that the identity of the subscriber is not associated with the phone, but with the SIM card. This allows the subscriber to insert his SIM card into any phone and get exactly the same services.
The network allocates a telephone number called an MSISDN (Mobile Subscriber ISDN) used to dial the subscriber to the SIM card during provisioning. The term MSISDN hints at the fact that GSM speficiation was based on the ISDN system. This association between IMSI and MSISDN is stored in the HLR. More than one MSISDN may be associated with a single IMSI.
In order to protect the subscriber's privacy, the VLR will assign a temporary mobile subscribe identity (TMSI) during registration. The TMSI is used after registration instead of the IMSI. It is specific to a location, so it is update every time the subscriber changes location area (LA). The VLR may also change it regularly.
The mobile station roaming number (MSRN) is a temporary directory number that contains routing information to the subscriber.
Base Station Subsystem (BSS)
The BSS is made up of the Base Station Transceivers (BTS) and the Base Station Controllers (BSC). The BTS is the part that you can see and are more commonly know as "cells" This is the part where the radio transmissions take place. A common misconception is that a "tower" is a "cell". This is not always the case as more than one BTS may be collocated on a single high site.
BTSs are always grouped into geographical areas called Location Areas (LA). When a call is established to an MS, the HLR will know in which LA the subscriber is. Only the BTSs in a that LA will page all the phones in order to find the targeted phone. This saves a lot of signalling resources. When a phone moves from one LA to another, it will request a position update and the HLR will update its database with the new location of the phone. A BTS can only belong to one LA.
A BTS will cover a specific geographical area depending on the location and subscriber density. In low traffic locations such as rural areas, the BTSs will tend to be omni-directional. Omni-directional BTSs cover a circular area around the BTS.
In urban areas, three BTSs will usually share a high site. Each will have directional antennas and cover a 120° arc away from the high site.
The first BTS will be directed due north. The second BTS will be 120° away and the third BTS another 120°.
When a road is covered without the need for coverage a distance away from it, then the BTS will usually be bidirectional along the direction of the road. It aims to cover a strip along the road.
The cellular structure of GSM allows for an efficient use of the radio spectrum by the re-use of frequencies. By limiting the transmitted power, the network is granularised as shown below. In practice there will be overlap between the cells, so the frequencies are allocated in such a way that the distance between BTSs that use the same frequencies, are maximised.
In the example below, three BTSs are co-located per high site. The three BTSs are shown as three sectors named A, B and C. As shown in the previous section, Sector A is directed due North, Sector B towards 120° and Sector C towards 240°.
On GSM900, there are 124 frequencies available. The norm is to use a four-cell repeating pattern, so the frequencies need to be allocated within this structure.
There are a total of 12 sectors in a four-cell repeat pattern (3 sectors times 4 repeats) and the frequencies are allocated within this pattern. Each sector can use one twelfth of the total number of frequencies, so each 12th frequency will be allocated per sector. As an example, Sector 1A in the above illustration will use frequencies 1,13,25,37,49,61,73,85,97,109 and 121. Sector 1B will use frequencies 2,14,26,38,50,62,74,86,98,110 and 122 and so on.
A single BSC (Base Station Controller) controls a number of BTSs and MSs.
It handles the radio resource (RR) management of the BTSs such as frequency allocation, timeslot allocation, and handles handovers between cells under its control. Under heavy traffic conditions, it reallocates frequencies to areas to relieve congestion. The functions may be summarised as:
- Radio Resource Management
- Handover between BTSs under its control
- Reallocation of frequencies between BTSs
- Power control of BTSs
- Synchronization of BTSs
- Time delay measurement of received signals (to be used to calculate the timing advance)
- Frequency hopping
- Optimizing the resource usage towards the MSC
Network Subsystem (NSS)
The Mobile services Switching Centre coordinates the call setup and termination of MSs in its area and performs the switching between MSs in the local mobile network (PLMN). If an MSC also acts as a switching centre between the PLMN and other networks such as mobile (PLMN) or fixed line networks (PSTN), it is called a Gateway MSC (GMSC).
It also performs mobility tasks such as inter-BSS and higher level handovers. Its functions may be summarised as:
- Call setup of all MSs in its areas including paging
- Higher-level handovers
- Location registration
- Billing for MSs in its own area
- Allocation and reallocation of radio resources to manage congestion
- Receiving the Kc key used for encryption from the AuC.
- Echo cancelling to external PSTNs (GMSC)
- Synchronization with BSSs.
- Delivery of short messages (SMSs) between MSs and the SMSC
When a MS originates a call and is then handed over to a BSS under the control of another MSC, the first MSC (now called the Anchor MSC) will remain in the switching chain and is responsible for the billing of that call.
An MSC will always be associated with a VLR.
The Visitor Location Register (VLR) is a temporary database used by an MSC. The VLS and MSC are usually co-located and may even be implemented on the same hardware.
Each MS has a profile of services and supplementary service stored in an HLR. During MS activity, the MSC needs this information to be able to perform its switching tasks.
In a network, calls are being set up and terminated all the time. In order to reduce the signalling traffic between different MSCs and an HLR, the VLR will retrieve the MS profile from the HLR when the MS roams into a VLR's area of control. The MSC will also update the HLR with the subscriber location at this point. When the MS roams out of a VLR's area, the VLR will delete the temporary information.
For security reasons, the IMSI information of an MS is only transmitted during registration. The VLR will assign and change a temporary mobile subscriber identity (TMSI).
The VLR will update a subscriber's location when the subscriber moves from one location area (LA) to another in its area. When the subscriber mover from one LA to another under the control of a new VLR, then the old VLR will delete the information of the MS and the new VLR will draw the information from the HLR and also update the HLR with the new location. Its functions may be summarised as:
- Temporary storage of subscriber information
- Handles authentication and encryption
- Assignment of temporary mobile station roaming number (MSRN)
- Keeps the state of all MSs in its area
The HLR is the central database where a subscriber's profile is held against the IMSI of the SIM card.
It contains permanent information such as allowed services, status of supplementary services (such as call diverts) as well as other dynamic information such as the subscriber location.
In order to accommodate more subscribers, a PLMN may have a number of HLRs and the subscribers will be provisioned across them. One method of associating a subscriber to a specific HLR is by using the MSISDN. Ranges of MSISDNs can be allocated to specific HLRs.
An Authentication Centre (AUC or AuC) is usually co-located with an HLR.
The AUC contains the 128 bit Ki key used with the IMSI to generate the triplets used by the MSC during authentication. The Ki is a secret key known only to the AUC and the SIM card and is never transmitted in any part of the network.
The Ki key is used with a random number called the RAND to generate the Kc key. The Kc is a 64 bit key is used by the A5 encryption algorithm to encrypt data between the MS and the BTS. The Kc key is ultimately transmitted down to the BTS for encryption, but it is never transmitted across the air (Um) interface.
With the initial design of the GSM syste, it was anticipated that mobile phones (MEs) will be targets of thieves and that there needs to be a mechanism of rendering stolen devices useless in order to deter theft of them.
The Equipment Identity Register is a database with the IMEI's of all the registered MEs (GSM devices). This database is consulted by the HLR during registration to determine the status of the ME associated with the IMEI. There are three possibilities:
- White listed
White listing is the default state of any type approved Mobile Equipment
- Grey listed
Grey listing is used to monitor malfunctioning equipment
- Black listed
Black listed devices are those that have been listed as being stolen or malfunctioning
An EIR is usually associated and co-located with an HLR.
A Signal Transfer Point (STP) is an intelligent router that relays SS7 traffic between different signalling end-points (SEP) such as Service Switching Points (SSPs) and Service Control Points (SCPs).
An STP may also route to other STPs.
An STP may route based on destination address or even packet content. The ability to inspect content enables an STP to filter suspect traffic or traffic from suspect sources. They are also able to perform address translation.
The main function of an STP is to determine the optimal path to a destination to enhance network performance as well as the robustness of communication by rerouting traffic when paths fail.
STPs are typically deployed in pairs for failover purposes.
An Intelligent Network (IN) is a technology that allows network operators to provide unique services to their subscriber base.
Customised Applications for Mobile networks Enhanced Logic (CAMEL) is an IN function that allows for advanced call control functions. A big advantage is the ability of a network to allow the subscriber access to all the 'usual' services whilst roaming. Typical services could be prepaid calling, reverse charge calling, premium rated calls, location-based calling discounts etc.