Internal

GSM Communication Flow

www.huawei.com

GBSS Training Team

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved

After the completion of this course, the trainees should understand the following contents: GSM security management Call flow in GSM Knowledge about Location update SMS flow in GSM Handover flow in GSM

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 2

 GSM Security Management

GSM Basic Call Sequence

Location Update Sequence SMS Sequence Handover Sequence

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 3

GSM Security Management

PLMNs need a higher level of protection than traditional telecommunication networks. Therefore, to protect GSM systems, the following security functions have been defined: Subscriber authentication: By performing authentication, the network ensures that no unauthorized users can access the network, including those that are attempting to impersonate others. Radio information ciphering: The information sent between the network and an MS is ciphered. An MS can only decipher information intended for itself. Mobile equipment identification: Because the subscriber and equipment are separate in GSM, it is necessary to have a separate authentication process for the MS equipment. This ensures, e.g. that a mobile terminal, which has been stolen, is not able to access the network. Subscriber identity confidentiality: During communication with an MS over a radio link, it is desirable that the real identity (IMSI) of the MS is not always transmitted. Instead a temporary identity (TMSI) can be used. This helps to avoid subscription fraud. The AUC and EIR are involved in the first three of the above features, while the last is handled by MSC/VLRs.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 4

GSM Security Management

Authentication and Ciphering Sequence

TMSI Reallocation Equipment Identification

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 5

Authentication
Authentication may be executed during setup, location updating

and supplementary services. Authentication is done by AUC.

The primary function of an AUC is to provide information,

which is then used by an MSC/VLR to perform subscriber authentication and to, establish ciphering procedures on the radio link between the network and MSs. The information provided is called a triplet and consists of: A non predictable RANDom number (RAND) A signed RESponse (SRES) A ciphering key (Kc)

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 6

Provision of Triplets
At subscription time, each subscriber is assigned a subscriber authentication Key (Ki). Ki is stored in the AUC along with the subscribers IMSI. Both are used in the process of providing a triplet. The same Ki and IMSI are also stored in the SIM. In an AUC the following steps are carried out to produce one triplet: 1. A non-predictable random number, RAND, is generated. 2. RAND and Ki are used to calculate SRES and Kc, using two different algorithms, A3 and A8 respectively. 3. RAND, SRES and Kc are delivered together to the HLR as a triplet.

RAND -Random number SRES-Signed Response Kc-Ciphering key Ki-Subscriber authentication key IMSI-International Mobile Subscriber Identity

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 7

Authentication Procedure
1. 2. The MSC/VLR transmits the RAND to the MS. The MS computes the signature SRES using RAND and the subscriber authentication key (Kii) through the A3 algorithm. The MS computes the Kc by using Ki and RAND through A8 algorithm. Kc will thereafter be used for ciphering and deciphering in MS. The signature SRES is sent back to MSC/VLR, which performs authentication, by checking whether, the SRES from the MS and the SRES from the AUC match. If so, the subscriber is permitted to use the network. If not, the subscriber is barred from network access.

3.

4.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 8

1. RAND

MSC/VLR
3. SRES 4. Compare SRES received from MS with SRES in triplet. If they are equal access is granted. 2. MS calculates SRES using RAND + Ki (SIM-card) through A3 and Kc using RAND+Ki through A8.

Authentication can by operators choice be performed during: Each registration Each call setup attempt Location updating Before supplementary service activation and deactivation

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 9

Ciphering Procedure
Confidentiality means that user information and signaling exchanged between BTSs and MSs is not disclosed to unauthorized individuals, entities or processes. A ciphering sequence is produced using Kc and the TDMA frame number as inputs in the encryption algorithm A5. The purpose of this is to ensure privacy concerning user information(speech and data) as well as user related signaling elements. In order to test the ciphering procedure some sample of information must be used. For this purpose the actual ciphering mode command (M) is used. 1. M and Kc are sent from the MSC/VLR to the BTS. 2. M is forwarded to the MS. 3. M is encrypted using Kc (calculated earlier with SRES in the authentication procedure) and the TDMA frame number which are fed through the encryption algorithm, A5. 4. The encrypted message is sent to the BTS. 5. Encrypted M is decrypted in the BTS using Kc, the TDMA frame number and the decryption algorithm, A5. 6. If the decryption of M was successful, the ciphering mode completed message is sent to the MSC. All information over the air interface is ciphered from this point on.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 10

Ciphering Procedure
1. M+Kc
MSC/VLR

2. M

MS TDMA Frame no. Kc 6. Ciphering mode complete 4. Encrypted Mc M

Decryption process using A5 Encryption process using A5

Kc
TDMA Frame no.

3. Encrypt M 5. Decryption of M successful

If yes

A5 Encryption and decryption algorithm M Ciphering Mode Command M Ciphering Mode Complete Mc Ciphering Mode Complete, ciphered Kc Ciphering key MSC Mobile services Switching Center VLR Visitor Location Register

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 11

Authentication and Ciphering Sequence

MS
1 Pre-send Triples to VLR

BSS

MSC

VLR

HLR

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 12

Authentication and Ciphering Sequence

MS
1 Pre-send Triples to VLR
RAND

BSS

MSC

VLR

HLR

2 Authenticate Authentication Request

< SDCCH>

RAND

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 13

Authentication and Ciphering Sequence

MS
1 Pre-send Triples to VLR
RAND

BSS

MSC

VLR

HLR

2 Authenticate Authentication Request 3 Authenticate Response

< SDCCH>

RAND

<SDCCH> (SRES)

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 14

Authentication and Ciphering Sequence

MS
1 Pre-send Triples to VLR
RAND

BSS

MSC

VLR

HLR

2 Authenticate Authentication Request 3 Authenticate Response 4 Start Ciphering

< SDCCH>

RAND

<SDCCH> (SRES)

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 15

Authentication and Ciphering Sequence

MS
1 Pre-send Triples to VLR
RAND

BSS

MSC

VLR

HLR

2 Authenticate Authentication Request 3 Authenticate Response 4 Start Ciphering 5 Cipher Mode Command Cipher Mode Complete

< SDCCH>

RAND

<SDCCH> (SRES)

< SDCCH> < SDCCH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 16

TMSI Reallocation
The Temporary Mobile Subscriber Identity (TMSI) is a temporary IMSI number made known to an MS at registration. It is used to protect the subscribers identity on the air interface. The TMSI has local significance only (that is, within the MSC/VLR area) and is changed at time intervals or when certain events occur such as location updating. Every operator can chose TMSI structure, but should not consist of more than 8 digits.

MS VLR Location Update Req

Location Update Acc

(TMSI)

TMSI Reallocation Comp

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 17

EIR Function
Equipment Identification Procedure
The equipment identification procedure uses the identity of the equipment itself (IMEI) to ensure that the MS terminal equipment is valid. 1. The MSC/VLR requests the IMEI from the MS. 2. MS sends IMEI to MSC. 3. MSC/VLR sends IMEI to EIR. 4. On reception of IMEI, the EIR examines three lists: A white list containing all number series of all equipment identities that have been allocated in the different participating GSM countries. A black list containing all equipment identities that has been barred. A gray list (on operator level) containing faulty or non -approved mobile equipment. 5. The result is sent to MSC/VLR, which then decides whether or not to allow network access for the terminal equipment.

3. Check IMEI

1. IMEI Request

EIR
4. Access/Barring info

MSC/VLR
2. IMEI

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 18

Equipment Identification
MS
1 Equipment ID Request

BSS

MSC

VLR HLR PSTN EIR

< SDCCH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 19

Equipment Identification
MS
1 Equipment ID Request 2 ID Response

BSS

MSC

VLR HLR PSTN EIR

< SDCCH>

<SDCCH> IMEI)

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 20

Equipment Identification
MS
1 Equipment ID Request 2 ID Response

BSS

MSC

VLR HLR PSTN EIR

< SDCCH>

<SDCCH> IMEI)

3 Check IMEI Check IMEI Response

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 21

 GSM Security Management

GSM Basic Call Sequence

Location Update Sequence SMS Sequence Handover Sequence

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 22

GSM Basic Call Sequence

Mobile to Land Sequence

Land to Mobile Sequence

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 23

GSM Basic Call Sequence

The process for calling MS and called MS are two

independent flow. The calling party begins with channel request and ends with TCH assignment competition. In general, the calling party includes following several stages: access process, authentication and ciphering process, TCH assignment process. So, we take the sequence from mobile to land as example, in this sequence, we mainly devote to the calling party.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 24

Mobile to Land Sequence

MS
1 CHANNEL REQUEST DCCH ASSIGN
SIGNALING LINK ESTABLISHED

BSS

MSC

VLR

HLR

PSTN

<RACH> <AGCH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 25

Mobile to Land Sequence

MS
1 CHANNEL REQUEST DCCH ASSIGN
SIGNALING LINK ESTABLISHED

BSS

MSC

VLR

HLR

PSTN

<RACH> <AGCH>

<SDCCH> 2 REQ. FOR SERVICE

CR CC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 26

Mobile to Land Sequence

MS
1 CHANNEL REQUEST DCCH ASSIGN
SIGNALING LINK ESTABLISHED

BSS

MSC

VLR

HLR

PSTN

<RACH> <AGCH>

<SDCCH> 2 REQ. FOR SERVICE 3 AUTHENTICATION SET Cipher MODE

CR CC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 27

Mobile to Land Sequence

MS
1 CHANNEL REQUEST DCCH ASSIGN
SIGNALING LINK ESTABLISHED

BSS

MSC

VLR

HLR

PSTN

<RACH> <AGCH>

<SDCCH> 2 REQ. FOR SERVICE 3 AUTHENTICATION SET Cipher MODE

CR CC

4 SET-UP

<SDCCH> Call Info

SFOC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 28

Mobile to Land Sequence

MS
1 CHANNEL REQUEST DCCH ASSIGN
SIGNALING LINK ESTABLISHED

BSS

MSC

VLR

HLR

PSTN

<RACH> <AGCH>

<SDCCH> 2 REQ. FOR SERVICE 3 AUTHENTICATION SET Cipher MODE 4 SET-UP 5 EQUIP. ID REQ. <SDCCH> Call Info

CR CC

SFOC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 29

Mobile to Land Sequence

MS
1 CHANNEL REQUEST DCCH ASSIGN
SIGNALING LINK ESTABLISHED

BSS

MSC

VLR

HLR

PSTN

<RACH> <AGCH>

<SDCCH> 2 REQ. FOR SERVICE 3 AUTHENTICATION SET Cipher MODE 4 SET-UP 5 EQUIP. ID REQ. 6 COMPLETE CALL CALL PROCEEDING <SDCCH> <SDCCH> Call Info

CR CC

SFOC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 30

Mobile to Land Sequence

MS
7 ASSIG. COMMAND ASSIG. COMPLETE

BSS

MSC

VLR

HLR

PSTN

<SDCCH> < FACCH> circuit

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 31

Mobile to Land Sequence

MS
7 ASSIG. COMMAND ASSIG. COMPLETE Initial and Final Address 8 Message (IFAM) Address Complete(ACM) Alerting <FACCH> MS hears ring tone from land phone < FACCH> circuit

BSS

MSC

VLR

HLR

PSTN

<SDCCH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 32

Mobile to Land Sequence

MS
7 ASSIG. COMMAND ASSIG. COMPLETE Initial and Final Address 8 Message (IFAM) Address Complete(ACM) Alerting < FACCH> circuit

BSS

MSC

VLR

HLR

PSTN

<SDCCH>

<FACCH>
MS hears ring tone from land phone

9 Answer (ANS)Connect <FACCH> Ring tone stops

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 33

Mobile to Land Sequence

MS
7 ASSIG. COMMAND
ASSIG. COMPLETE Initial and Final Address 8 Message (IFAM) Address Complete(ACM) Alerting <FACCH> MS hears ring tone from land phone < FACCH> circuit

BSS

MSC

VLR

HLR

PSTN

<SDCCH>

9 Answer (ANS)Connect <FACCH> Ring tone stops 10 Connect Acknowledge <FACCH> <TCH>

BILLING STARTS
HELLO!

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 34

GSM Basic Call Sequence

For the called party, the flow for the called party

begins when MSC sends paging command to the called party, ends when two party start talk. In general, this call flow includes several stages: access process, authentication and ciphering process, TCH assignment process, talk process, release process.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 35

Land to Mobile Sequence

MS
Initial and Final 1 Address Message

BSS

MSC

VLR

HLR

GMSC

PSTN

(MSISDN)

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 36

Land to Mobile Sequence

MS
Initial and Final 1 Address Message 2 Send Routing Info (IMSI)

BSS

MSC

VLR

HLR

GMSC

PSTN

(MSISDN)

(MSISDN)

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 37

Land to Mobile Sequence

MS
Initial and Final 1 Address Message 2 Send Routing Info (IMSI) 3 Routing Info Ack Initial and Final Address Message (MSRN) (MSRN) (MSRN)

BSS

MSC

VLR

HLR

GMSC

PSTN

(MSISDN)

(MSISDN)

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 38

Land to Mobile Sequence

MS
Initial and Final 1 Address Message 2 Send Routing Info (IMSI) 3 Routing Info Ack Initial and Final Address Message (MSRN) (MSRN) 4 Send Info For I/C Call Setup (MSRN)

BSS

MSC

VLR

HLR

GMSC

PSTN

(MSISDN)

(MSISDN)

(MSRN)

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 39

Land to Mobile Sequence

MS
Initial and Final 1 Address Message 2 Send Routing Info (IMSI) 3 Routing Info Ack Initial and Final Address Message (MSRN) (MSRN) 4 Send Info For I/C Call Setup 5 Page Paging Request < PCH> (TMSI) (TMSI) (MSRN)

BSS

MSC

VLR

HLR

GMSC

PSTN

(MSISDN)

(MSISDN)

(MSRN)

(LAI & TMSI)

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 40

Land to Mobile Sequence

MS
6 Channel Request

BSS

MSC

VLR

HLR

GMSC

PSTN

<RACH> <AGCH> <SDCCH> <SDCCH> (TMSI)

DCCH Assign
Signaling Link Established Page Response *Authentication

CR
(TMSI & Status) (Status)

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 41

Land to Mobile Sequence

MS
6 Channel Request

BSS

MSC

VLR

HLR

GMSC

PSTN

<RACH> <AGCH> <SDCCH> <SDCCH> (TMSI)

DCCH Assign
Signaling Link Established Page Response *Authentication 7 Complete Call Setup

CR
(TMSI & Status) (Status)

<TMSI> <SDCCH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 42

Land to Mobile Sequence

MS
6 Channel Request DCCH Assign Signaling Link Established Page Response *Authentication 7 Complete Call Setup

BSS

MSC

VLR

HLR

GMSC

PSTN

<RACH> <AGCH> <SDCCH> <SDCCH> (TMSI) (TMSI & Status)

CR
(Status)

<TMSI> <SDCCH> <SDCCH>

8 Call Confirmation

Ring Tone at the land phone

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 43

Land to Mobile Sequence

MS
9 Assignment Command Assignment Complete Alert Address Complete

BSS

MSC

VLR

HLR

GMSC

PSTN

(channel) <FACCH> <TCH>

(circuit)

Ring Tone at the land phone

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 44

Land to Mobile Sequence

MS
9 Assignment Command Assignment Complete Alert Address Complete 10 Connect <FACCH>

BSS

MSC

VLR

HLR

GMSC

PSTN

(channel) <FACCH> <TCH>

(circuit)

Ring Tone at the land phone

Subscriber picks up
Connect ACK ANS < FACCH>

Ringing stops at land phone Billing starts

< TCH> Hello...

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 45

 GSM Security Management

GSM Basic Call Sequence

Location Update Sequence SMS Sequence Handover Sequence

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 46

Location Update Sequence

Brief Introduction to Location Update

Several Typical Location Update Sequences

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 47

Brief Introduction to Location Update

The types of Location Update :
Normal Location Update
IMSI Attach/Detach Periodic Location Update

Normal Location Update

Mobile powers on and is idle. Reads the LAI broadcast on the BCCH.

Compares with the last stored LAI and if it is different does

a location update.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 48

Location Update
IMSI Attach
Saves the network from paging a MS which is not active in the system. When MS is turned off or SIM is removed the MS sends a detach signal to the

Network. It is marked as detached.

When the MS is powered again it reads the current LAI and if it is same does

a location update type IMSI attach.

Attach/detach flag is broadcast on the BCCH sys info.

Periodic Location Update

Many times the MS enters non-coverage zone. The MS will keep on paging the MS thus wasting precious resources. To avoid this the MS has to inform the MSC about its current LAI in a set

period of time.
This time ranges from 0 to 255 deci-hours. Periodic location timer value is broadcast on BCCH sys info messages.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 49

Several Typical Location Update Sequences

Intra-VLR Location Update Sequence

Inter-VLR Location Update Sequence

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 50

Intra-VLR Location Update Sequence

MS
1 Channel Request DCCH Assign
<RACH> <AGCH> Only sent to HLR if this is the first time the MS has Location Updated in this VLR

BSS

MSC

VLR

HLR

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 51

Intra-VLR Location Update Sequence

MS
1 Channel Request
<RACH> <AGCH> <SDCCH> Only sent to HLR if this is the first time the MS has Location Updated in this VLR

BSS

MSC

VLR

HLR

DCCH Assign
2 Location Update Request

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 52

Intra-VLR Location Update Sequence

MS
1 Channel Request
<RACH> <AGCH> <SDCCH> Only sent to HLR if this is the first time the MS has Location Updated in this VLR LAI & TMSI

BSS

MSC

VLR

HLR

DCCH Assign
2 Location Update Request 3 Authentication & Ciphering

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 53

Intra-VLR Location Update Sequence

MS
1 Channel Request DCCH Assign 2 Location Update Request 3 Authentication & Ciphering 4 Forward New TMSI Location Update Accept
<RACH> <AGCH> <SDCCH> Only sent to HLR if this is the first time the MS has Location Updated in this VLR LAI & TMSI <TMSI> <SDCCH> <TMSI>

BSS

MSC

VLR

HLR

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 54

Intra-VLR Location Update Sequence

MS
1 Channel Request DCCH Assign 2 Location Update Request 3 Authentication & Ciphering 4 Forward New TMSI Location Update Accept 5 TMSI Reallocate Complete TMSI ACK
<RACH>

BSS
<AGCH>

MSC

VLR

HLR

<SDCCH>

Only sent to HLR if this is the first time the MS has Location Updated in this VLR LAI & TMSI <TMSI>

<SDCCH> <TMSI> <SDCCH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 55

Intra-VLR Location Update Sequence

MS
1 Channel Request DCCH Assign 2 Location Update Request 3 Authentication & Ciphering 4 Forward New TMSI Location Update Accept 5 TMSI Reallocate Complete TMSI ACK 6 Clear Command Clear Complete
HUAWEI TECHNOLOGIES CO., LTD.
<RACH>

BSS

MSC

VLR

HLR
Only sent to HLR if this is the first time the MS has Location Updated in this VLR

<AGCH> <SDCCH>

LAI & TMSI <TMSI> <SDCCH> <TMSI> <SDCCH>

<SDCCH> <SDCCH>

All rights reserved

Page 56

Inter-VLR Location Update Sequence

Location Update via IMSI

Location Update via TMSI

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 57

Inter-VLR Location Update Via IMSI

MS
1 Channel Request DCCH Assign

BSS
<AGCH>

MSC

VLRn

HLR VLRo

<RACH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 58

Inter-VLR Location Update Via IMSI

MS
1 Channel Request DCCH Assign <SDCCH> 2 Location Update Request LAI & IMSI

BSS
<AGCH>

MSC

VLRn

HLR VLRo

<RACH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 59

Inter-VLR Location Update Via IMSI

MS
1 Channel Request DCCH Assign <SDCCH> 2 Location Update Request LAI & IMSI 3 Authentication Para. Req Authentication & Ciphering

BSS
<AGCH>

MSC

VLRn

HLR VLRo

<RACH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 60

Inter-VLR Location Update Via IMSI

MS
1 Channel Request DCCH Assign <SDCCH> 2 Location Update Request 3 Authentication Para. Req Authentication & Ciphering 4 Location Update Request Insert Subscriber Data Insert Subscriber Data Ack Location Update accept LAI & IMSI

BSS
<AGCH>

MSC

VLRn

HLR VLRo

<RACH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 61

Inter-VLR Location Update Via IMSI

MS
1 Channel Request DCCH Assign <SDCCH> 2 Location Update Request 3 Authentication Para. Req Authentication & Ciphering 4 Location Update Request Insert Subscriber Data Insert Subscriber Data Ack Location Update accept 5 Cancellocation Cancellocation Ack . LAI & IMSI

BSS
<AGCH>

MSC

VLRn

HLR

VLRo

<RACH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 62

Inter-VLR Location Update Via IMSI

MS
6 Forward New TMSI Location Update Accept TMSI Reallocate Complete TMSI ACK

BSS

MSC

VLRn

HLR

VLRo

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 63

Inter-VLR Location Update Via IMSI

MS
6 Forward New TMSI Location Update Accept TMSI Reallocate Complete TMSI ACK

BSS

MSC

VLRn

HLR

VLRo

7 Clear Command
Clear Complete

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 64

Inter-VLR Location Update Via TMSI

MS
1 Channel Request DCCH Assign

BSS
<AGCH>

MSC

VLRn

HLR

VLRo

<RACH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 65

Inter-VLR Location Update Via TMSI

MS
1 Channel Request DCCH Assign <SDCCH> 2 Location Update Request LAI & TMSI

BSS
<AGCH>

MSC

VLRn

HLR VLRo

<RACH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 66

Inter-VLR Location Update Via TMSI

MS
1 Channel Request DCCH Assign <SDCCH> 2 Location Update Request

BSS
<AGCH>

MSC

VLRn

HLR VLRo

<RACH>

LAI & TMSI 3 Provide Identification

provide Identification Ack Authentication & Ciphering TMSI&LAIO TMSI,IMSI,KC,R,S)

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 67

Inter-VLR Location Update Via TMSI

MS
1 Channel Request DCCH Assign <SDCCH> 2 Location Update Request LAI & TMSI 3 Provide Identification

BSS
<AGCH>

MSC

VLRn

HLR VLRo

<RACH>

TMSI&LAIO
TMSI,IMSI,KC,R,S)

provide Identification Ack Authentication & Ciphering

4 Location Update Request

Insert Subscriber Data Insert Subscriber Data Ack

Location Update accept

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 68

Inter-VLR Location Update Via TMSI

MS
5 Cancellocation Cancellocation Ack .

BSS

MSC

VLRn

HLR

VLRo

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 69

Inter-VLR Location Update Via TMSI

MS
5 Cancellocation Cancellocation Ack . 6 Forward New TMSI Location Update Accept TMSI Reallocate Complete TMSI ACK

BSS

MSC

VLRn

HLR

VLRo

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 70

Inter-VLR Location Update Via TMSI

MS
5 Cancellocation Cancellocation Ack . 6 Forward New TMSI Location Update Accept TMSI Reallocate Complete TMSI ACK

BSS

MSC

VLRn

HLR

VLRo

7 Clear Command Clear Complete

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 71

 GSM Security Management

GSM Basic Call Sequence

Location Update Sequence SMS Sequence Handover Sequence

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 72

MO SMS Transfer
MS
1 CHANNEL REQUEST
DCCH ASSIGN SIGNALING LINK ESTABLISHED

BSS

MSC

VLR

Interworking MSC

SC

<RACH> <AGCH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 73

MO SMS Transfer
MS
1 CHANNEL REQUEST
DCCH ASSIGN SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE <SDCCH> CR CC

BSS

MSC

VLR

Interworking MSC

SC

<RACH> <AGCH>

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 74

MO SMS Transfer
MS
1 CHANNEL REQUEST
DCCH ASSIGN SIGNALING LINK ESTABLISHED 2 REQ. FOR SERVICE <SDCCH> CR CC 3 AUTHENTICATION

BSS

MSC

VLR

Interworking MSC

SC

<RACH> <AGCH>

SET Cipher MODE

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 75

MO SMS Transfer
MS
1 CHANNEL REQUEST DCCH ASSIGN

BSS

MSC

VLR

Interworking MSC

SC

<RACH> <AGCH>

SIGNALING LINK
ESTABLISHED

<SDCCH>
2 REQ. FOR SERVICE

CR CC

3 AUTHENTICATION SET Cipher MODE 4 RP_MO_DATA SIF_MO_SMS SIF_MO_SMS-Ack

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 76

MO SMS Transfer
MS
5 MO_Forward_SM

BSS

MSC

VLR

Interworking MSC

SC

(SC_No.)

Short_Message
Short_Message_Ack MO_Forward_SM_Ack

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 77

MO SMS Transfer
MS
5 MO_Forward_SM Short_Message Short_Message_Ack MO_Forward_SM_Ack

BSS

MSC

VLR

Interworking MSC

SC

(SC_No.)

6 RP_ACK "Send Successfully" is displayed on the mobile

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 78

MT SMS Transfer

For Forwarding a Short Message

For Forwarding Several Short Message

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 79

MT SMS Transfer (A Message)

MS
1 Short Message SRI_For_SM SRI_For_SM_Ack MT_Forward_SM Servicing MSC

VLR

HLR

Gateway MSC

SC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 80

MT SMS Transfer (A Message)

MS
1 Short Message SRI_For_SM SRI_For_SM_Ack MT_Forward_SM 2 SIF_MT_SMS Page Page Servicing MSC

VLR

HLR

Gateway MSC

SC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 81

MT SMS Transfer (A Message)

MS
1 Short Message SRI_For_SM SRI_For_SM_Ack MT_Forward_SM 2 SIF_MT_SMS Page Page 3 Paging Response Authentication and Ciphering Servicing MSC

VLR

HLR

Gateway MSC

SC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 82

MT SMS Transfer (A Message)

MS
1 Short Message SRI_For_SM SRI_For_SM_Ack MT_Forward_SM 2 SIF_MT_SMS Page Page Request 3 Paging Response Authentication and Ciphering 4 Short_Message Short_Message_Ack MT_Forward_SM_Ack Short_Message_Ack Servicing MSC

VLR

HLR

Gateway MSC

SC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 83

MT SMS Transfer (Several Messages)

MS
1 Short Message SRI_For_SM SRI_For_SM_Ack MT_Forward_SM MT_Forward_SM (The More message To Send Flag is True) Servicing MSC

VLR

HLR

Gateway MSC

SC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 84

MT SMS Transfer (Several Messages)

MS
1 Short Message SRI_For_SM SRI_For_SM_Ack MT_Forward_SM MT_Forward_SM (The More message To Send Flag is True) 2 SIF_MT_SMS Page Paging Request Servicing MSC

VLR

HLR

Gateway MSC

SC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 85

MT SMS Transfer (Several Messages)

MS
1 Short Message SRI_For_SM SRI_For_SM_Ack MT_Forward_SM MT_Forward_SM (The More message To Send Flag is True) 2 SIF_MT_SMS Page Paging Request Servicing MSC

VLR

HLR

Gateway MSC

SC

3 Paging Response Authentication and Ciphering

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 86

MT SMS Transfer (Several Messages)

MS
4 Short_Message Short_Message_Ack MT_Forward_SM_Ack Short_Message_Ack Servicing MSC

VLR

HLR

Gateway MSC

SC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 87

MT SMS Transfer (Several Messages)

MS
4 Short_Message
Short_Message_Ack MT_Forward_SM_Ack Short_Message_Ack 5 Short_Message MT_Forward_SM MT_Forward_SM (The More message To Send Flag is False) Short_Message Short_Message_Ack MT_Forward_SM_Ack Short_Message_Ack Servicing MSC

VLR

HLR

Gateway MSC

SC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 88

 GSM Security Management

GSM Basic Call Sequence

Location Update Sequence SMS Sequence Handover Sequence

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 89

Handover Sequence
Inter - BSS handover sequence

Inter - MSC handover sequence

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 90

Inter - BSS Handover Sequence

MS
1 Periodic Measurement reports
<SACCH>

oBSS

nBSS

MSC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 91

Inter - BSS Handover Sequence

MS
1 Periodic Measurement reports 2 Handover required
<SACCH>

oBSS

nBSS

MSC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 92

Inter - BSS Handover Sequence

MS
1 Periodic Measurement reports 2 Handover required 3 Handover Request
TMSI cct. code <SACCH>

oBSS

nBSS

MSC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 93

Inter - BSS Handover Sequence

MS
1 Periodic Measurement reports 2 Handover required 3 Handover Request 4 Handover REQ ACK
TMSI cct. code HO Ref. No. <SACCH>

oBSS

nBSS

MSC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 94

Inter - BSS Handover Sequence

MS
1 Periodic Measurement reports 2 Handover required 3 Handover Request 4 Handover REQ ACK 5 Handover Command
<FACCH> HO Ref. No. TMSI cct. code HO Ref. No. <SACCH>

oBSS

nBSS

MSC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 95

Inter - BSS Handover Sequence

MS
1 Periodic Measurement reports 2 Handover required 3 Handover Request 4 Handover REQ ACK 5 Handover Command 6 Information Interchange
<FACCH> <FACCH> HO Ref. No. TMSI cct. code HO Ref. No. <SACCH>

oBSS

nBSS

MSC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 96

Inter - BSS Handover Sequence

MS
1 Periodic Measurement reports 2 Handover required 3 Handover Request 4 Handover REQ ACK 5 Handover Command 6 Information Interchange 7 Handover Complete
<FACCH> <FACCH> HO Ref. No. TMSI cct. code HO Ref. No. <SACCH>

oBSS

nBSS

MSC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 97

Inter - BSS Handover Sequence

MS
1 Periodic Measurement reports 2 Handover required 3 Handover Request 4 Handover REQ ACK 5 Handover Command 6 Information Interchange 7 Handover Complete 8 Clear Command
<FACCH> <FACCH> HO Ref. No. TMSI cct. code HO Ref. No. <SACCH>

oBSS

nBSS

MSC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 98

Inter - BSS Handover Sequence

MS
1 Periodic Measurement reports 2 Handover required 3 Handover Request 4 Handover REQ ACK 5 Handover Command 6 Information Interchange 7 Handover Complete 8 Clear Command 9 Periodic Meas. reports
<SACCH> <FACCH> <FACCH> HO Ref. No. TMSI cct. code HO Ref. No. <SACCH>

oBSS

nBSS

MSC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 99

Inter - MSC Handover Sequence

Basic Inter-MSC handover Subsequent Inter - MSC handover

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 100

Inter-MSC handover
MSCA
1 PrepareHandover 2 Allocate HandoverNo. 3 Send Handover Report 4 PrepareHandover_Ack 5 Send HO Report_Ack 6 Initial Address Message

MSCB

VLRB

Address Completed
Answer

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 101

Inter-MSC handover
MSCA
1 PrepareHandover 2 Allocate HandoverNo. 3 Send Handover Report 4 PrepareHandover_Ack 5 Send HO Report_Ack

MSCB

VLRB

6 Initial
Address Message Address Completed Answer

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 102

Inter-MSC handover
MSCA
1 PrepareHandover 2 Allocate HandoverNo. 3 Send Handover Report 4 PrepareHandover_Ack 5 Send HO Report_Ack

MSCB

VLRB

6 Initial Address Message

Address Completed Answer

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 103

Inter-MSC handover
MSCA
1 PrepareHandover 2 Allocate HandoverNo. 3 Send Handover Report 4 PrepareHandover_Ack 5 Send HO Report_Ack 6 Initial Address Message

MSCB

VLRB

Address Completed
Answer

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 104

Inter-MSC handover
MSCA
1 PrepareHandover 2 Allocate HandoverNo.
3 Send Handover Report

MSCB

VLRB

4 PrepareHandover_Ack 5 Send HO Report_Ack 6 Initial Address Message Address Completed Answer

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 105

Inter-MSC handover
MSCA
1 PrepareHandover 2 Allocate HandoverNo.
3 Send Handover Report

MSCB

VLRB

4 PrepareHandover_Ack 5 Send HO Report_Ack 6 Initial Address Message

Address Completed
Answer

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 106

Inter-MSC handover
MSC/VLRA
7 Process Access Signal Send End Signal Forward Access Signal Process Access Signal 8 Clear Forward Release Guard Send End Signal_Ack

MSC/VLRB

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 107

Inter-MSC handover
MSC/VLRA
7 Process Access Signal Send End Signal Forward Access Signal Process Access Signal 8 Release Release Complete

MSC/VLRB

Send End Signal_Ack

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 108

Inter-MSC handover
MSC/VLRA
9 SendAuth. Info Auth Info

MSC/VLRB

HLRA

Update Location
InsertSubs.Data InsertSubs.Data_Ack UpdateLocation_Ack Cancellocation Cancellocation_Ack

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 109

Subsequent Inter-MSC handover

MSC/VLRA
1 PrepareSubsequentHOV
PrepareHandover

MSC/VLRB

HLRA

PrepareHandover
PrepareSubsequentHOV 2 Initial and Final Address Message

Address Complete
Answer 3 RLS

RLC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 110

Subsequent Inter-MSC handover

MSC/VLRA
1 PrepareSubsequentHOV PrepareHandover PrepareHandover PrepareSubsequentHOV 2 Initial and Final Address Message Address Complete Answer 3 RLS RLC

MSC/VLRB

HLRA

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 111

Subsequent Inter-MSC handover

MSC/VLRA
1 PrepareSubsequentHOV PrepareHandover PrepareHandover PrepareSubsequentHOV 2 Initial and Final Address Message Address Complete Answer 3 RLS

MSC/VLRB

HLRA

RLC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 112

Subsequent Inter-MSC handover

MSC/VLRA MSC/VLRB MSC/VLRC

4 ProcessAccessSignal ForwardAccessSignal 5 RLS

RLC
6 SendEndSignal SendEndSignal_Ack 7 Location Update

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 113

Subsequent Inter-MSC handover

MSC/VLRA
4 ForwardAccessSignal ProcessAccessSignal 5 RLS RLC 6 SendEndSignal SendEndSignal_Ack 7 Location Update

MSC/VLRB

MSC/VLRC

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 114

Subsequent Inter-MSC handover

MSC/VLRA
4 ForwardAccessSignal

MSC/VLRB

MSC/VLRC

ProcessAccessSignal
5 RLS RLC 6 SendEndSignal SendEndSignal_Ack 7 Location Update
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 115

Subsequent Inter-MSC handover

MSC/VLRA 4 ForwardAccessSignal MSC/VLRB MSC/VLRC

ProcessAccessSignal
5 RLS RLC 6 SendEndSignal SendEndSignal_Ack 7 Location Update
Page 116

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Summary
1. GSM Security Management 2. GSM Basic Call Sequence 3. Location Update Sequence 4. SMS Sequence 5. Handover Sequence

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 117

Thank You
www.huawei.com