Module-2

GSM and TDMA

Technology
Presented by: Ms Deepthi S R
B. E, M. Tech (Ph.D)
Assistant Professor
Department of ECE, SJEC
 CONTENT
● GSM System overview:
○ Introduction
○ GSM Network and System Architecture
○ GSM Channel Concept
● GSM System Operations:
○ GSM Identities
○ System Operations –Traffic cases
○ GSM Infrastructure Communications
(Um Interface)
 PART - I
GSM System overview
 INTRODUCTION
Evolution of Network Generation
 INTRODUCTION
● Global System for Mobile
Communications (GSM) -
standard collection of
applications and features
available to mobile phone
subscribers
● Used for transmitting
mobile voice and data
services using digital
modulation
 HISTORY

1982 1989 1990 1995

Developed by
Under ETSI, GSM is Full set of Phase 2 of the GSM
Group Special
Mobile which was named as “Global specifications specifications
an initiative of System for Mobile phase-I
CEPT communication”
 GSM Services
GSM Services

Bearer Services Supplementary services Tele Services

There are services

that enhance or Voice
support a tele communication
services provided by between two
the network. users

Provide the user with ability to

transfer data between user network
interfaces.
 GSM Services
GSM ervices
1.GSM Tele-services
a. Voice Calls
b.Videotext and Facsmile
c.Short Text Messages
d. Emergency call
2.GSM Bearer or Data Services
Provide the user with ability to transfer data between user network intefaces
(Asynchronous /synchronous data)
 GSM Services
GSM ervices
3.Supplementary services
a. Call Waiting- Notification of an incoming call while on the handset
b.Call Hold- Put a caller on hold to take another call
c.Call Barring- All calls, outgoing calls, or incoming calls
d.Call Forwarding- Calls can be sent to various numbers defined by the user
e.Multi Party Call Conferencing - Link multiple calls together
GSM Radio frequency carriers:
● Global Positioning system consists of the channel
GSM ervicesthat has frequency separation of
200 KHz.
● The GSM 900 band has 124 carriers Frequencies, and the 1800 band has 374
carrier frequency and GSM 1900 band has 299 carrier frequencies.
● Each carrier can be shared by upto 8 users.
● The total number of channels for each system is
○ 124x8=992 channels for GSM 900
○ 374x8=2992 channels for GSM 1800
○ 299x8=2392 channels for GSM 1900/PCS 1900.
GSM Frequency Bands
 ● GSM frequency allocations in the
1900-MHz PCS bands
MTA - Major trading area
BTA - Basic Trading area
● The A, B and C bands are each 15-MHz
wide and the D, E and F bands are each
5MHz wide.

For a particular carrier frequency,

a channel consists of a single
time slot that occurs during
TDMA frame of eight timeslots
GSM Network and System
Architecture GSM ervices
★ Network Switching System (NSS)

★ Operation and Support System (OSS)

★ Mobile Station (MS)

★ Base Station Controller (BSC)

★ Base Station Sub - System (BSS)

GSM Network and System
Architecture GSM ervices

How are
you?
How are
How are you? How are
you? you? How are
you?
GSM Network and System
Architecture GSM ervices
 GSM Network

Network Switching
Subsystem (NSS) Base Station Mobile
Subsystem (BSS) Station (MS)

● Mobile Switching Center (MSC) ● The Mobile Station (MS) is the

● Base Transceiver device provides the radio link
● Home Location Register (HLR)
Station (BTS) between the GSM subscriber &
● Visitor Location Register (VLR)
● Base Station Controller the wireless mobile network.
● Authentication Center (AUC)
(BSC) ● Also called as, Mobile Equipment
● Equipment Identity Register (EIR)
(ME)
● The GSM also make use of a
Subscriber Identity Module (SIM)
that when inserted into the MS
makes it functional.
Mobile Station (MS):
● MS provides subscribers the means to control their access to the PSTN and PDN
● MS can make calls without SIM card
Subscriber Identity Module (SIM)
Mobile Equipment
● Smart card contains the International Mobile Subscriber
Identity (IMSI)
● Portable, vehicle mounted, hand held
● Allows user to send and receive calls and receive other
device
subscribed services
● Uniquely identified by an IMEI number ● Protected by a password or SIM PIN Can be moved from phone
L

(International Mobile Equipment Identity) to phone – contains key information to activate the phone
● Voice and data transmission ● Security/authentication parameters and also address book
● Monitoring power and signal quality of contact information saved by users.
surrounding cells for optimum handover • ● SIM card also stores the SMS received by the users and saves.
Power level : 0.8W – 20 W ● Portability of SIM is possible
● 160 character long SMS
System Architecture of Base Station Subsystem
(BSS):
● The BSS is the link between the MS and GSM
Mobile switching centre.
● Base Station Subsystem is composed of two parts
that communicate across the standardized Abis
interface allowing operation between components
made by L different suppliers - Base Transceiver
Station (BTS) and Base Station Controller (BSC).
● The BSS communicate with MS over air interface
using protocols
● BSC and BTS communicate using LAPD protocol -
Link access protocol for D-Channels.
Base Transceiver Station (BTS):
● Encodes, encrypts, multiplexes, modulates and feeds
the RF signals to the antenna.
● Communicates with Mobile station and BSC.
● Consists of Transceivers (TRX) units
● Also called as Radio base station or RBS.
● RBS is the interface corresponds to the subscribers
MS. L

● Provides radio link to the MS over the air interface

● Basic components of BTS are radio receivers units, a
switching and distribution units, RF power combining
and distribution and Environmental control unit, A
power system and A processing and database storage
unit.
Base Station Controller (BSC):
● The components of BSC are input and output interface multiplexers, a time slot
inter change group switch, sub rate switch, speech coder/decoders, transcoders
and rate adapters , signalling system number 7, power supply and distribution
units, Environmental control unit, Various control and signal processor
● Manages Radio resources for BTS
● Assigns Frequency and time slots for all MS’s in its area
● Handles call
L
set up
● Handover for each MS. It communicates with MSC and BTS.
● Its also contains Transcoder controller (TRC).
● Urban and suburban area traffic are handled by BSC/TRC
 Network Switching Subsystem(NSS):
The system contains the following functional units
● Mobile Switching Center (MSC)
● Home Location Register (HLR)
● Visitor Location Register (VLR)
● Authentication Center (AUC)
● Equipment Identity Register (EIR) has a switching System may have flexible number in
register and interworking location register to provide more system functionalities
L

● Short message services need to have an SMS gateway MSC(SMS-GMSC) and an SMS
interworking MSC(SMS-IWMSC)
● The implementation of GPRS for high-speed data transmission and reception requires
the use of two additional switching elements
● A serving GPRS support node (SGSN) &A Gateway GPRS support node (GGSN)
Mobile Switching Centre (MSC)
● Heart of the network
● Manages communication between GSM and other networks
● Billing information and collection
● Mobility management
- Registration
- Location Updating
- Inter
L
BSS and inter MSC call handoff
- SS7 Protocol
Home Location Registers (HLR)
● Stores information about each subscriber that belongs to it MSC in permanent and
temporary fashion.
● As soon as mobile subscriber leaves its current local area, the information in the HLR is
updated.
● Database contains IMSI, MSISDN, prepaid/postpaid, roaming restrictions,
supplementary services.
Visitor Location
L
Registers (VLR)
● Temporary database which updates whenever new MS enters its area, by HLR
database.
● Assigns a TMSI (Temporary Mobile Subscriber Identity) to each MS entering the VLR
area which keeps on changing.
● Controls those mobiles roaming in its area.
● Database contains IMSI, MSISDN, Location Area, authentication key
Authentication Centre (AUC):
● Contains the algorithms for authentication as well as the keys for encryption.
● Protects network operators from fraud.
● Situated in special protected part of the HLR.
Equipment Identity Register (EIR):
● Stores all devices identifications registered for this network.
● Database that is used to track handsets using the IMEI (International Mobile
Equipment Identity)
● Prevents calls from stolen, unauthorised or defective mobile devices
L

● The AUC and EIR in conjunction with MSC/VLR and HLR provides the additional
GSM network security and facilitates international roaming within GSM network.
● The flexible numbering register (FNR) -> provides portability to a subscriber
Operation and Support System and Other Nodes
● The centralized operation of the various units in the system and functions
needed to maintain the subsystems.
● Dynamic monitoring and controlling of the network.
● Functions :
○ Configuration management
○ Fault report and alarm handling
○ Performance supervision/management
○ Storage of system software and data
L
 GSM network interfaces and protocols
GSM interfaces

● The air interface between the MS and the BTS is the Um interface
● The physical interface between the BTS and the BSC is known as the Abis Interface
● The interface between the BSC and MSC is known as the A interface
● The MSC has various interfaces between it and the other network switching system
elements or other MSCs.
 Subscriber information
updation and call routing for Authentication of mobile user
subscribers moving between
different MSCs

Exchange subscriber
information

Allows the HLR to update the VLR with

subscriber information.

Handles handovers and call routing

between different MSCs

Facilitatts authentication and

Verify the status of mobile devices encryption processes
GSM protocols and Signaling Model

GSM Signalling model

● The MS communicates with the MSC to provide system connection,
mobility etc. by sending messages back and forth over the air interface
from the MS to the BTS, between the BTS and BSC and between the BSC
and MSC.

1.Um interface
● The layer 2 protocol used on the Um interface is LAPDm a modified version
of LAPD.
○ The major difference between LAPD and LAPDm protocol are
■ For LAPDm no error correction is employed
■ LAPDm messages are segmented into shorter messages than LAPD
2.Abis Interface
The layer2 protocol used on the Abis interface is LAPD.
3.A Interface
The A interface exists between the BSC and MSC
 GSM Channel Concept
The cellular telephone network use various control and traffic
channels to carry out
● The operations necessary to allow for the setup of a subscriber
radio link for the transmission of voice or data.
● To provide subsequent system support for the subscriber
mobility.
● The GSM cellular system is based on the use of TDMA technique
to provide additional user capacity over a limited amount of
radio frequency spectrum.
● This is accomplished by dividing the air interface connection
period into timeslots that can be used by different subscribers
for data or voice traffic.
 GSM Channel Concept
The cellular telephone network use various control and traffic channels to carry out
● The timeslots are arranged in sequence and are conventionally numbered 0 to 7.
● Each time slot is considered as logical channel.
● Each time slot carry either subscriber traffic or signalling and control information
required for the management of the radio link and other system resources.

TDMA time frame structure

Logical Channels
● Each time slot is considered as logical channel.
● Each channel carry either subscriber traffic or signalling
and control information required for the management of
the radio link and other system resources
● Presently, there are three types of traffic channels (TCHS).
1.The full-rate traffic channel (TCH/F or Bm)
2.Half-rate traffic channel (TCH/H or Lm)
3.Enhanced full-rate (EFR) traffic
Full-rate traffic channel (TCH/F or Bm)
● The full-rate traffic channel (TCH/F or Bm) carries one
conversation by using one timeslot.
● The transmitted voice signal is encoded at a 13-kbps rate, but it is
sent with additional overhead bits.
● This information plus additional channel overhead bits yields a
final channel data rate of 22.8 kbps.
● The full-rate traffic channel may also carry data at rates of 14.4,
9.6, 4.8, and 2.4 kbps.
Half-rate traffic channel (TCH/H or Lm)
● The half-rate traffic channel (TCH/H or Lm) carries voice encoded
at 6.5 kbps or data at rates of 4.8 or 2.4 kbps .
● With additional overhead bits, the total data rate for TCH/H
becomes 11.4 kbps.
● Therefore, two conversations or a conversation and a data
transfer or two data transfers may be transmitted over one
channel at the same time.
Enhanced full-rate (EFR) traffic channel
● Enhanced full-rate (EFR) traffic encodes voice at a 12.2-kbps rate
and like TCH/F adds overhead bits to yield a 22.8 kbps channel
data rate.
● The EFR channel may also transmit data at the TCH/F rates.

The signaling and control channels consist of three channel sub

categories:
1. Broadcast channels, 2. Common control channels, 3. Dedicated
control channels.
1. Broadcast channels
● The GSM cellular system uses broadcast channels (BCHS) to provide
information to the mobile station about various system parameters
and also information about the location area identity (LAI).
Three types BCHs
Broadcast control channel- It contains information that needed by MS
concerning the cell that it is attached to in order for the MS to be able to
start making or receiving calls, or to start roaming
Frequency correction channel - It transmits bursts of zeros to the MS.
This signaling is done for two reasons:
i) MS can use this signal to synchronize itself to the correct frequency
ii)MS can verify that this is the BCCH carrier.
Synchronization channel-It transmit the required information for the MS to
synchronize itself with the timing within a particular cell.
2.Common Control Channels
● The common control channels (CCCHS) provide paging messages to the MS
and a means which the mobile can request signaling channel that it can use to
contact the network.
● The three CCCHs are
1. Paging channel, 2. Random access channel, 3. Access Grant channel
Paging Channel:
● It is used by the system to send paging messages to mobiles attached to
cell.
● The mobile will paged whenever the network has an incoming call ready
for mobile or some type of message (e.g., short message, multimedia
message) to deliver to the mobile.
● The information transmitted in the PCH will consist of paging message
and the mobile's identity number.
Random access channel:
● It is used by the mobile to respond a paging message.
● If the mobile receives page on the PCH, it will reply on the RACH(Random
Access Channel) with request for signaling channel.
Access Grant channel:
● It is used by the network to assign a signaling channel to the MS.
● After the mobile requests a signaling channel over the RACH (Random Access
Channel), the network will assign a channel to the mobile by transmitting this
information over the AGCH (Access Grant Channel).
● The AGCH is only transmitted in the downlink direction.
3.Dedicated Control Channels
● These dedicated channels are used for specific call setup, handover,
measurement, and short message delivery functions.
● The four DCCHs are
• Standalone dedicated control channel
• Slow associated control channel
• Fast associated control channel
• Cell Broadcast channel
Standalone dedicated control channel:
● Both the mobile station and the BTS switch over to the network-assigned
stand-alone dedicated control channel (SDCCH) that is assigned over the
access grant channel in response to the mobile's request that has been
transmitted over the random access channel.
Slow associated control channel: (SACCH )
● It is used to transmit information about measurements made by the MS or
instructions from the BTS about the mobile's parameters of operation
Fast associated control channel:
● It is used to facilitate the handover operation in a GSM system.
● If handover is required, the necessary handover signaling information is
transmitted instead of a 20-ms segment of speech over the TCH.

Cell Broadcast channel :

● It is used to deliver short message service in the downlink direction.
● It uses the same physical channel as the SDCCH.
GSM Speech Processing
Transmission Path (Upper Half of the Diagram):
1. A/D Conversion (Analog to Digital):
○ The speech signal, initially analog, is converted into a digital signal.
○ The conversion takes place at 8 kbps with 13 bits per sample.
2. Segmentation:
○ The digital speech signal is divided into 160 samples of 13 bits per 20 milliseconds
(ms), preparing it for encoding.
3. Speech Coding:
○ This step reduces the amount of data by compressing the voice samples using a
speech codec.
○ The resulting output is 260 bits per 20 ms or a 13 kbps data stream.
4. Channel Coding:
○ Extra bits are added for error detection and correction to ensure the integrity of the
transmitted signal. This step increases the bit count to 456 bits per 20 ms (or 22.8
kbps).
Transmission Path (Upper Half of the Diagram):
5. Interleaving:
○ The bits are rearranged to spread out the information over multiple frames, making
the data more resistant to errors due to noise or interference.
6. Encryption:
○ The interleaved data is encrypted to ensure the privacy and security of the
conversation.
7. Burst Formatting:
○ The encrypted data is formatted into bursts, which are blocks of data that fit into
specific time slots for transmission in the GSM network.
8. Modulation/Transmission:
○ The formatted bursts are transmitted at a rate of 270 kbps during the actual
transmission phase using the GSM modulation techniques.
●
Reception Path (Lower Half of the Diagram):
1. Receiver/Demodulator:
○ The modulated data is received and demodulated to retrieve the digital signal from
the transmitted carrier wave.
2. Viterbi Equalizer:
○ The received signal is equalized to correct distortions and eliminate interference that
may have occurred during transmission.
3. Decryption:
○ The encrypted data is decrypted to retrieve the original interleaved data.
4. De-interleaving:
○ The decryption is followed by de-interleaving, which rearranges the data back to its
original order before the interleaving process.
5. Viterbi Decoder:
○ The channel-coded data is decoded, correcting any errors that occurred during
transmission, and the original 260 bits per 20 ms speech data is recovered.
6. Speech Decoder:
○ The compressed speech is decoded back into the original form.
7. D/A Conversion (Digital to Analog):
○ Finally, the digital speech signal is converted back into an analog signal, which can be
played through the receiver's speaker.
 Timeslots and TDMA Frames

● GSM has 8 Timeslots in one TDMA frame.

● The System assigns numbers to frames sequentially from 0 to 2,715,648 and the
process repeats it self.
● The grouping of successive TDMA frames is known as Hyper frame
 GSM hyperfame
● A hyperframe is a multiframe sequence that is composed
of 2048 superframes and is largest time interval in the
GSM system (3 hours, 28 minutes, 53 seconds).
● Every time slot during a hyperframe has a sequential
number (represented by an 11 bit counter) that is
composed of a frame number and a time slot number.
● The counter allows the hyperframe to synchronize
frequency hopping sequence, encryption processes for
voice privacy of subscribers' conversations.
● The fundamental unit of time is called a burst period and
it lasts for approximately 0.577 ms (15/26 ms).
● Eight of these burst periods are grouped into is known
as a TDMA frame. This lasts for approximately 4.615 ms
(i.e.120/26 ms) and it forms the basic unit for the
definition of logical channels.
● One physical channel is one burst period allocated in
each TDMA frame
 GSM hyperfame
● GSM Hyperframe include functions such as:
1.Frequency hopping:
■ It can help reduce interference and fading issues, but for it to work, the
transmitter and receiver must be synchronized so they hop to the same
frequencies at the same time.
2.Encryption:
■ The encryption process is synchronised over the GSM hyperframe period where
a counter is used and the encryption process will repeat with each hyperframe.
■ However, it is unlikely that the cellphone conversation will be over 3 hours and
accordingly it is unlikely that security will be compromised as a result.
GSM multiframe
● Traffic multiframe:
○ The Traffic Channel frames are organised into
multiframes consisting of 26 bursts and taking
120 ms.
○ In a traffic multiframe, 24 bursts are used for
traffic.
○ These are numbered 0 to 11 and 13 to 24.
One of the remaining bursts is then used to
accommodate the SACCH, the remaining
frame remaining free.
○ The actual position used alternates between
position 12 and 25.
● Control multiframe:
○ The Control Channel multiframe that
comprises 51 bursts and occupies 235.4 ms.
○ This multiframe is subdivided into logical
channels which are time-scheduled
 GSM air interface timeslot

● The timeslot has a duration of

3/5200 sec or 577μs or 0.577ms.
● It transmits the voice traffic, data
or signalling and control
messages.
● The start of a TDMA frame on the
uplink is delayed by three
timeslot periods fro the downlink
frame
GSM Traffic
and control
signal bursts
 GSM air interface timeslot

● Normal burst
● Frequency correction burst
● Synchronization burst
● Access burst
● Dummy burst
Normal burst:
● Here two groups of 57 encrypted bits are transmitted on either side of a
training sequence of bits.
● 3 tail bits precede the first group of traffic bits and 3 tails bits the last group of
traffic bits.
● It has 8.25 bit long guard period (GP) at end where no transmission activity
take place.
Frequency correction burst (FCB):
● It is used by the mobile to obtain the frequency synchronization.
● It consists of 142 fixed bits and followed by 3 tail bits.
● It has 8.25 bit long guard period (GP) at end.
● The repetition of FCB by the BTS within the GSM frame structure
becomes the frequency correction channel (FCCH).
Synchronization burst:
● It is used by the mobile to obtain the timing synchronization.
● It consists of 3 tail bits followed by 39 encrypted bits, a 64 bit
synchronisation sequence 39 more encrypted bits, 3 tail bits, and the
same 8.25 bit long guard period.
● The reputation of synchronising sequence was by the BTS within the
GSM frame structure becomes the synchronising channel(SCH)
Access burst:
● It is used by the mobile to facilitate random access request by the mobile and
handover operations.
● It consists of 8 tails with followed by 41-bits synchronization sequence , then 36
encrypted bits and 3 tail bits.
● The length of the guard bit time period is equal to 252 μs or 68.25 bits.
● The access burst is used on both the Random Access channel on the fast
associated control channel during handover.
Dummy burst:
● The dummy bus is transmitted on the radio frequency designated as C0 when no
other type of burst signal is being transmitted.
● It consists of 3 tail bits, 58 mixed bits, a- 26 bits training sequence, 58 more mixed
bits,3 tail with the same 8.25 bit longer guard period.
● The dummy burst is used to ensure that the base station is always transmitting the
frequency carrying system information. It helps for the power measurement on the
strongest BTS.
 PART -II
GSM System Operations
 GSM Identities
1.Mobile Subscriber ISDN Number (MSISDN)
● The authentic telephone number of a mobile station
is the Mobile Subscriber ISDN Number (MSISDN).
● Based on the SIM, a mobile station can have many
MSISDNs, as each subscriber is assigned with a
separate MSISDN to their SIM respectively.
○ Country Code (CC) − Up to 3 decimal places.
○ National Destination Code (NDC) − Typically 2-3
decimal places.
○ Subscriber Number (SN) − Maximum 10 decimal
places.
 GSM Identities
2.Network Numbering Plans
● GSM has both LAI (Location area identity) and
CGI (Cell global Identity) .
● The LAI is used for MS paging and location
updating. CGI is used for cell identification
within a location area.
● The LAI hierarchy is based on international
standard and structured in a unique format as
mentioned below
○ Country Code (CC) − 3 decimal places.
○ Mobile Network Code (MNC) − 2 decimal
places.
○ Location Area Code (LAC) − maximum 5
decimal places or maximum twice 8 bits
coded in hexadecimal (LAC < FFFF).
Mobile Station Roaming Number (MSRN):
● Mobile Station Roaming Number (MSRN) is an
interim location dependent ISDN number,
assigned to a mobile station by a regionally
responsible Visitor Location Register (VLR).
● Using MSRN, the incoming calls are
channeled to the MS.
● The MSRN has the same structure as the
MSISDN.
○ Country Code (CC) − of the visited
network.
○ National Destination Code (NDC) − of the
visited network.
○ Subscriber Number (SN) − This is the
number of the serving MSC.
GSM call setup using
the MSRN (Mobile
Subscriber Roaming
Number
 GSM call setup using the MSRN (Mobile Subscriber Roaming Number
○ Step1: Initial address message
○ Step2: Send routing Information
○ Step3: HLR uses MSISDN to find the subscriber data in the data base.
○ Step4: Provide Roaming Number
○ Step5: VLR asks MSC to reserve idle MSRN number
○ Step6: the MSC/VLR sends the MSRN back to HLR
○ Step7: HLR sends the MSRN back to GMSC
○ Step8: GMSC uses the MSRN to route the call to the Correct MSC. IMSI is used by
MSC for final establishment of call.
■ **IMSI-International Mobile Subscriber Identity
■ **GMSC- Gateway Mobile Switching Centre
■ **MSRN -Mobile Station Roaming Number
 GSM System Operations

1.Registration, call setup, and Location Updating

●The mobile can be in either of two states
(1) The idle state in which the MS( Mobile station) has no dedicated channel allocated
to it and it just listens to the broadcast control channels (BCCH) and the paging channels
(PCH)
(2) The active or dedicated state in the MS has a dedicated connection to the GSM
network.
●While in the attached mode, the MS may change from the idle to the active mode as the
result of call setup, short message service transfers, location updating or supplementary
service procedures.
 GSM System Operations

2.Call Setup
● Call setup within a GSM system consists following operations.
● For either a mobile-originating call or a mobile-terminating call the following operations
need to be performed.
1.Interrogation (only for a mobile-terminating call) 2. Radio resource connection
establishment.
3. Service request 4. Authentication
5. Ciphering mode setting 6. IMEI number check
7. TMSI (Temporary Mobile Subscriber Identity)allocation 8. Call initiation
9. Assignment of a traffic channel 10. User alerting signaling
11. Call accepted signaling
 1.GSM Interrogation Phase of call setup
○ For the interrogation operation, initial address message (IAM) comes outside the
GSM network using ISUP (Integrated Services Digital Network User Part )
/TUP(Telephone User Part ) protocols.
2.Radio resource
connection
establishment
 2.Radio resource connection establishment
○ The MSC/VLR initiates the call set up process by sending a layer 3 paging message to
the appropriate BSC.(IMSI number)
○ The BSC sends the paging command message to the appropriate BTSs .(IMSI number,
the paging group &channel number)
○ The BTS sends a paging request message to the MS.
○ The MS responds to the paging request message by sending channel request
message to the BTS.
○ The MS responds to the paging request message by sending channel request
message to the BTS.
○ This message will contain the informations like originating call,location
updating,emergency call etc.
○ When BTS detects an access burst,it sends a channel required message to BSC
○ The BSC examines the information contained within the channel required message
and determines whether the MS is within the allowed range of the cell.
 2.Radio resource connection establishment
○ BSC determines what channel to use and sends a channel activation message to the
BTS
○ The BTS activates this channel and then sends a channel activation
acknowledgement back to the BSC.
○ The BSC then sends an immediate assignment command message back to the BTS
that includes an immediate assign message for the MS.
3.Service Request
 3.Service Request
○ The service request phase occurs as soon as the MS has tuned to the new
channel assigned to it by the immediate assignment message sent during the
radio resource connection phase.
○ At this time a layer 2 message known as set asynchronous balance
mode(SABM) is sent from the MS to the BTS.
○ Then the BTS sends back to the MS a message that contains the original
paging response message.
○ This operation prevents the chance occurrence of two MS accessing the same
channel simultaneously.
○ The paging response message from MS includes MS identity, the ciphering key
sequence number and MS class mark.
○ When the paging response arrives at BTS it is forwarded to the BSC in an
establish indication message.
 3.Service Request
○ This message causes the BSC to activate radio connection quality supervision
and initiates power control algorithm for the dynamic control of MS output
power level.
○ Eventually paging response message is delivered to MSC as connection
request message.
○ Finally MSC sends a connection confirm message back to the BSC.
4.Authentication
 4.Authentication
○ Depending upon the exchange properties stored in the MSC/VLR,the
authentication is either activated or not activated.
○ If the authentication is activated,an authentication request message is sent
transparently to the MS.
○ The message containing a 128-bit random number (RAND) and ciphering key
sequence number (CKSN) is sent to the MS over SDCCH.
○ The MS stores the CKSN and then calculates the value of a signed response
(SRES) by using RAND and value of KI and KC.
○ The value of SRES is returned to the MSC/VLR as transparent authentication
response message.
 4.Authentication
○ Between BSC and BTS a data request frame and a data indication frame are
used to pass message.
○ A timer is set in the MSC/VLR when the first authentication request message is
sent.
○ If the timer expires , the request is sent again. If the timer expires a second
time, the radio resources are released.
○ If authentication is unsuccessful,the GSM system may initiate a procedure to
identify the MS.
○ Depending upon the results of this procedure the MS may be barred from the
system or sent a message indicating that the IMSI is unknown in VLR or PLMN
not allowed.
5.Ciphering mode setting
 5.Ciphering mode setting
○ If the authentication process is successful, the next step in the call set up
process is initiated.
○ The MSC/VLR sends a ciphering mode command to the BSC. This message
contains the value of KC.
○ It is then forwarded to the BTS with an encryption command message.
○ The BTS stores the value of KC and sends a nonciphered ciphering mode
command message to MS.
○ MS inserts KC & TDMA frame number into another authentication algorithm.
And thus a ciphering sequence is created
○ This ciphering mode complete message is sent to BTS
○ BTS, upon reception of this message deciphers it and sends it to MSC via
BSC.
6.IMEI check
 6.IMEI check
○ If the IMEI number is to be checked, the MSC/VLR sends an identity request
message to the MS.
○ The value of IMEI sent by the mobile is checked against the EIR database.
○ The EIR can return three status modes for the MS back to the network.
■ The MS can be “whitelisted” and allowed to use the network.
■ The MS can be “blacklisted” and cannot be allowed to use the network.
■ The MS can be “greylisted” and the network operator can decide to
use/not use the network.
 7.TMSI(Temporary Mobile Subscriber Identity) reallocation
○ The value of the TMSI number to be used is determined by the MSC/VLR.
○ If a TMSI number is to be used,it is sent transparently to the MS from the
MSC/VLR via the TMSI reallocation command.
○ This mobility management message is transmitted from the BTS to the MS.
○ The value of TMSI is stored in the SIM Card.
8.Call Initiation Procedure
○ The next step is the transmission of the setup message transparently from
the MSC to the MS.
○ This message contains a request for GSM bearer services(speech,data etc..)
○ The MS will send a call confirmed message if it can handle the requested
service.
9.Assignment of a traffic channel
○ The traffic channel
assignment is initiated by the
MSC
○ The MSC sends an assignment
request message to the BSC.
○ This message contains
information about the call
priority,a circuit identity code
to indicate the transmission
path for the speech/data
between the MSC and BSC.
10.Call
confirmation,Call
Accepted and Call
Release
10.Call confirmation, Call Accepted and Call Release

○ The call confirmation procedure starts when the MS sends a transparent

alerting message to the MSC.
○ This message indicates that a ringing tone has been generated in the mobile.
○ When the alerting message is received the MSC/VLR sends a message to the
calling subscriber who can now hear the ringing tone generated in the MSC.
○ When the MS user answers,the connect message is sent to the MSC.
○ The MSC then sends a connect acknowledgement message back to the MS.
GSM Infrastructure Communications (Um
Interface)

Gives details ab
the type
communications
messages that
sent across the ra
link or Um interfac
Layer 3: Networking Layer Operations
● Within the GSM network,layer 3 provides the mobile network
signaling(MNS) service for the mobile subscriber’s application.
● The MNS operations include the following:
○ Connection Management
○ Mobility Management
○ Radio Resource Management
● These are the 3 sublayers of layer 3.
 Connection Management
●The CM sublayer contains the functions for call control,call related supplementary services
management,non call related supplementary service and short message service.
A. Call Control
● Call control(CC) procedures are used during the call establishment.
● For a mobile originated call,the mobile subscriber starts the call establishment procedure by
dialling the digits.
● When request is made to establish a call
1.Free or idle CC establish a CC connection between MS and GSM
2.Request MM sublayer to establish a MM connection
3.After confirming MM connection CC entity sends a message to MSC.
4.Two peer sub layers enter an active state and call establishment signaling phase is complete.
5.When a mobile-terminating call occurs,the CC entity establishes a connection between the
network and the MS.
6.Call clearing procedures are initiated through the sending of a disconnect message by the
CC.
7.MM connection is released and CC return tom an idle or null state.
B.Short message service support
● Short message control(SMC) uses short message control protocol.
● These entities are used to transfer short messages between the MS and
the MSC.
● SMC entities provide service to the SMS application through the mobile
network SMS service access point(MNSMS-SAP).
C.Supplementary Services Support
● Supplementary services(SS) handle services that are not related to a
specific call.
Eg: Call forwarding and Call waiting
Mobility Management(MM)
● MM procedures include authentication,TMSI reallocation
and MS identification through IMSI or IMEI.
● MM sublayer sends a request message for the
establishment of a RR connection to the RR sublayer.
● After the RR connection is established the network may
start the MM procedure of authentication,TMSI
reallocation and the network may also ask the RR sublayer
to perform ciphering mode setting.
Radio Resource Management
● The Radio Resource sublayer receives service from Layer2 and
provides service to the mm sublayer.
● Primary function of the RR procedures is to establish and maintain
a connection between the MS and the BTS.
● For the establishment of RR connection,the MS’s RR entity
transmits a channel request message that asks for a signaling
channel.
● The network responds by allocating a dedicated channel to the
MS by sending an immediate assignment message.
2. Layer 2: Data Link Layer

● It serves as an interface between the layer 3 entities and the physical

layer(layer 1).
● LAPDm is a protocol that is used at the data link layer of the OSI model
● It provides a reliable signaling link.
● It receives services from the physical layer and provides services to the l
3.
Thank you