3 GSM Communication Flow

Internal
GSM Communication
Flow
www.huawei.com
GBSS Training Team

HUAWEI TECHNOLOGIES CO., LTD.
All rights reserved
After the completion of this course, the trainees

should understand the following contents:
GSM security management
Call flow in GSM
Knowledge about Location update
SMS flow in GSM
Handover flow in GSM
All rights reserved
Page 2
GSM Security Management

GSM Basic Call Sequence
Location Update Sequence
SMS Sequence
Handover Sequence
All rights reserved
Page 3

PLMNs need a higher level of protection than traditional telecommunication
networks. Therefore, to protect GSM systems, the following security functions
have been defined:
Subscriber authentication: By performing authentication, the network ensures
that no unauthorized users can access the network, including those that are
attempting to impersonate others.
Radio information ciphering: The information sent between the network and an
MS is ciphered. An MS can only decipher information intended for itself.
Mobile equipment identification: Because the subscriber and equipment are
separate in GSM, it is necessary to have a separate authentication process for the
MS equipment. This ensures, e.g. that a mobile terminal, which has been stolen, is
not able to access the network.
Subscriber identity confidentiality: During communication with an MS over a
radio link, it is desirable that the real identity (IMSI) of the MS is not always
transmitted. Instead a temporary identity (TMSI) can be used. This helps to avoid
subscription fraud.
The AUC and EIR are involved in the first three of the above features, while the
last is handled by MSC/VLRs.
All rights reserved
Page 4

Authentication and
Ciphering Sequence
TMSI
Reallocation
Equipment
Identification
All rights reserved
Page 5
Authentication
Authentication may be executed during setup, location updating
and supplementary services. Authentication is done by AUC.

The primary function of an AUC is to provide information,
which is then used by an MSC/VLR to perform subscriber

authentication and to, establish ciphering procedures on the radio
link between the network and MSs. The information provided is
called a triplet and consists of:
A non predictable RANDom number (RAND)
A signed RESponse (SRES)
A ciphering key (Kc)
All rights reserved
Page 6
Provision of Triplets
At subscription time, each subscriber is assigned a subscriber authentication Key (Ki). Ki is
stored in the AUC along with the subscribers IMSI. Both are used in the process of
providing a triplet. The same Ki and IMSI are also stored in the SIM. In an AUC the
following steps are carried out to produce one triplet:
1. A non-predictable random number, RAND, is generated.
2. RAND and Ki are used to calculate SRES and Kc, using two different algorithms, A3 and
A8 respectively.
3. RAND, SRES and Kc are delivered together to the HLR as a triplet.
RAND -Random number

SRES-Signed Response
Kc-Ciphering key
Ki-Subscriber
authentication key
IMSI-International Mobile
Subscriber Identity
All rights reserved
Page 7
Authentication Procedure
1.
The MSC/VLR transmits the RAND to the MS.
2.
The MS computes the signature SRES using RAND and

the subscriber authentication key (Kii) through the A3
algorithm.
3.
The MS computes the Kc by using Ki and RAND through

A8 algorithm. Kc will thereafter be used for ciphering and
deciphering in MS.
4.
The signature SRES is sent back to MSC/VLR, which

performs authentication, by checking whether, the SRES
from the MS and the SRES from the AUC match. If so,
the subscriber is permitted to use the network. If not, the
subscriber is barred from network access.
All rights reserved
Page 8
1. RAND
MSC/VLR
3. SRES
2. MS calculates SRES using
RAND + Ki (SIM-card) through
A3 and Kc using RAND+Ki
through A8.
4. Compare SRES received from

MS with SRES in triplet. If they
are equal access is granted.
Authentication can by operators choice be performed during:

Each registration
Each call setup attempt
Location updating
Before supplementary service activation and deactivation
All rights reserved
Page 9
Ciphering Procedure
Confidentiality means that user information and signaling exchanged between BTSs
and MSs is not disclosed to unauthorized individuals, entities or processes.
A ciphering sequence is produced using Kc and the TDMA frame number as inputs in
the encryption algorithm A5. The purpose of this is to ensure privacy concerning user
information(speech and data) as well as user related signaling elements.
In order to test the ciphering procedure some sample of information must be used. For
this purpose the actual ciphering mode command (M) is used.
1. M and Kc are sent from the MSC/VLR to the BTS.
2. M is forwarded to the MS.
3. M is encrypted using Kc (calculated earlier with SRES in the authentication
procedure) and the TDMA frame number which are fed through the encryption
algorithm, A5.
4. The encrypted message is sent to the BTS.
5. Encrypted M is decrypted in the BTS using Kc, the TDMA frame number and the
decryption algorithm, A5.
6. If the decryption of M was successful, the ciphering mode completed message is sent
to the MSC. All information over the air interface is ciphered from this point on.
All rights reserved
Page 10
Ciphering Procedure
1. M+Kc
2. M
MSC/VLR
MS
4. Encrypted
TDMA
Frame no. Kc
6. Ciphering mode
complete
Mc
M
Decryption
process
using A5
Encryption
process
using A5
3. Encrypt M
5. Decryption of M successful
If yes
Kc
TDMA
Frame no.
A5 Encryption and decryption algorithm

M
Ciphering Mode Command
M Ciphering Mode Complete
Mc Ciphering Mode Complete, ciphered
Kc Ciphering key
MSC Mobile services Switching Center
VLR Visitor Location Register
All rights reserved
Page 11
Authentication and Ciphering Sequence

MS
BSS
MSC
VLR
1 Pre-send Triples to VLR
All rights reserved
Page 12
HLR

MS
BSS
MSC
VLR

2 Authenticate
Authentication Request
RAND
<SDCCH>
RAND
All rights reserved
Page 13
HLR

MS
BSS
MSC
VLR

2 Authenticate
3 Authenticate Response
RAND
<SDCCH>
RAND
<SDCCH>
(SRES)
All rights reserved
Page 14
HLR

MS
BSS
MSC
VLR

2 Authenticate
RAND
<SDCCH>
RAND
<SDCCH>
(SRES)
4 Start Ciphering
All rights reserved
Page 15
HLR

MS
BSS
MSC
VLR

2 Authenticate
RAND
<SDCCH>
RAND
<SDCCH>
(SRES)
4 Start Ciphering
5 Cipher Mode Command
Cipher Mode Complete
<SDCCH>
<SDCCH>
All rights reserved
Page 16
HLR
TMSI Reallocation
The Temporary Mobile Subscriber Identity (TMSI) is a temporary IMSI number
made known to an MS at registration. It is used to protect the subscribers identity
on the air interface. The TMSI has local significance only (that is, within the
MSC/VLR area) and is changed at time intervals or when certain events occur
such as location updating. Every operator can chose TMSI structure, but should
not consist of more than 8 digits.
MS
VLR
Location Update Req
Location Update Acc
(TMSI)
TMSI Reallocation Comp

All rights reserved
Page 17
EIR Function
Equipment Identification Procedure
The equipment identification procedure uses the identity of the equipment itself (IMEI) to
ensure that the MS terminal equipment is valid.
1. The MSC/VLR requests the IMEI from the MS.
2. MS sends IMEI to MSC.
3. MSC/VLR sends IMEI to EIR.
4. On reception of IMEI, the EIR examines three lists:
A white list containing all number series of all equipment identities that have been
allocated in the different participating GSM countries.
A black list containing all equipment identities that has been barred.
A gray list (on operator level) containing faulty or non -approved mobile equipment.
5. The result is sent to MSC/VLR, which then decides whether or not to allow network access
for the terminal equipment.
3. Check IMEI
1. IMEI Request
MSC/VLR
EIR
2. IMEI
4. Access/Barring info
All rights reserved
Page 18
Equipment Identification
MS
1 Equipment ID
Request
BSS
MSC
VLR HLR PSTN EIR
< SDCCH>
All rights reserved
Page 19
MS
1 Equipment ID
Request
2 ID Response
BSS
MSC
VLR HLR PSTN EIR
< SDCCH>
<SDCCH>
IMEI)
All rights reserved
Page 20
MS
1 Equipment ID
Request
2 ID Response
BSS
MSC
VLR HLR PSTN EIR
< SDCCH>
<SDCCH>
IMEI)
3 Check IMEI
Check IMEI
Response
All rights reserved
Page 21

SMS Sequence
Handover Sequence
All rights reserved
Page 22
Mobile to Land Sequence
Land to Mobile Sequence
All rights reserved
Page 23

The process for calling MS and called MS are two
independent flow. The calling party begins with

channel request and ends with TCH assignment
competition. In general, the calling party includes
following
several
stages:
access
process,
authentication and ciphering process, TCH assignment
process. So, we take the sequence from mobile to land
as example, in this sequence, we mainly devote to the
calling party.
All rights reserved
Page 24

MS
BSS
1 CHANNEL REQUEST
<RACH>
DCCH ASSIGN
<AGCH>
MSC
VLR
HLR
SIGNALING LINK
ESTABLISHED
All rights reserved
Page 25
PSTN

MS
BSS
1 CHANNEL REQUEST
<RACH>
DCCH ASSIGN
<AGCH>
MSC
VLR
HLR
SIGNALING LINK
ESTABLISHED
<SDCCH>
2 REQ. FOR SERVICE
CR
CC
All rights reserved
Page 26
PSTN

MS
BSS
1 CHANNEL REQUEST
<RACH>
DCCH ASSIGN
<AGCH>
MSC
VLR
HLR
SIGNALING LINK
ESTABLISHED
<SDCCH>
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
All rights reserved
Page 27
PSTN

MS
BSS
1 CHANNEL REQUEST
<RACH>
DCCH ASSIGN
<AGCH>
MSC
VLR
HLR
SIGNALING LINK
ESTABLISHED
<SDCCH>
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
4 SET-UP
<SDCCH>
SFOC
Call Info
All rights reserved
Page 28
PSTN

MS
BSS
1 CHANNEL REQUEST
<RACH>
DCCH ASSIGN
<AGCH>
MSC
VLR
HLR
SIGNALING LINK
ESTABLISHED
<SDCCH>
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
4 SET-UP
<SDCCH>
SFOC
Call Info
5 EQUIP. ID REQ.
All rights reserved
Page 29
PSTN

MS
BSS
1 CHANNEL REQUEST
<RACH>
DCCH ASSIGN
<AGCH>
MSC
VLR
HLR
SIGNALING LINK
ESTABLISHED
<SDCCH>
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
4 SET-UP
<SDCCH>
SFOC
Call Info
5 EQUIP. ID REQ.
6 COMPLETE CALL
CALL PROCEEDING
<SDCCH>
All rights reserved
Page 30
PSTN

MS
7 ASSIG. COMMAND
ASSIG. COMPLETE
BSS
MSC
VLR
HLR
<SDCCH>
<FACCH>
circuit
All rights reserved
Page 31
PSTN

MS
7 ASSIG. COMMAND
ASSIG. COMPLETE
BSS
<SDCCH>
<FACCH>
MSC
VLR
HLR
circuit
Initial and Final Address

8 Message (IFAM)
Address Complete(ACM)
Alerting
<FACCH>
MS hears ring
tone from land
phone
All rights reserved
Page 32
PSTN

MS
7 ASSIG. COMMAND
ASSIG. COMPLETE
BSS
<SDCCH>
<FACCH>
MSC
VLR
HLR
circuit

8 Message (IFAM)
Alerting
<FACCH>
MS hears ring
tone from land
phone
9 Answer (ANS)Connect
Ring tone
stops
<FACCH>
All rights reserved
Page 33
PSTN

MS
7 ASSIG. COMMAND
ASSIG. COMPLETE
BSS
<SDCCH>
<FACCH>
MSC
VLR
HLR
PSTN
circuit

8 Message (IFAM)
Alerting
<FACCH>
MS hears ring
tone from land
phone
9 Answer (ANS)Connect
Ring tone
stops
10 Connect Acknowledge
<FACCH>
<FACCH>
BILLING STARTS
HELLO!
<TCH>
All rights reserved
Page 34

For the called party, the flow for the called party
begins when MSC sends paging command to the

called party, ends when two party start talk. In
general, this call flow includes several stages: access
process, authentication and ciphering process, TCH
assignment process, talk process, release process.
All rights reserved
Page 35

MS
BSS
MSC
VLR
HLR
GMSC
Initial and Final

1 Address Message
PSTN
(MSISDN)
All rights reserved
Page 36

MS
BSS
MSC
VLR
HLR
GMSC
Initial and Final

1 Address Message
(MSISDN)
2 Send Routing Info

(IMSI)
PSTN
All rights reserved
(MSISDN)
Page 37

MS
BSS
MSC
VLR
HLR
GMSC
Initial and Final

1 Address Message
(MSISDN)
2 Send Routing Info

(IMSI)
(MSISDN)
(MSRN)
(MSRN)
3 Routing Info Ack

Initial and Final
Address Message
(MSRN)
PSTN
All rights reserved
Page 38

MS
BSS
MSC
VLR
HLR
GMSC
Initial and Final

1 Address Message
(MSISDN)
2 Send Routing Info

(IMSI)
(MSISDN)
(MSRN)
(MSRN)
3 Routing Info Ack

Initial and Final
Address Message
(MSRN)
4 Send Info For I/C
Call Setup
PSTN
(MSRN)
All rights reserved
Page 39

MS
BSS
MSC
VLR
HLR
GMSC
Initial and Final

1 Address Message
(MSISDN)
2 Send Routing Info

(IMSI)
(MSISDN)
(MSRN)
(MSRN)
3 Routing Info Ack

Initial and Final
Address Message
(MSRN)
4 Send Info For I/C
Call Setup
5 Page
Paging Request
PSTN
(MSRN)
<PCH>
(TMSI)
(LAI & TMSI)

(TMSI)
All rights reserved
Page 40

MS
6 Channel Request
BSS
MSC
HLR
GMSC
<RACH>
DCCH Assign
<AGCH>
Signaling Link
Established
<SDCCH>
Page Response
<SDCCH>
CR
(TMSI)
*Authentication
VLR
(TMSI &
Status)
(Status)
All rights reserved
Page 41
PSTN

MS
6 Channel Request
BSS
MSC
HLR
GMSC
<RACH>
DCCH Assign
<AGCH>
Signaling Link
Established
<SDCCH>
Page Response
<SDCCH>
CR
(TMSI)
*Authentication
7 Complete Call
Setup
VLR
(TMSI &
Status)
(Status)
<TMSI>
<SDCCH>
All rights reserved
Page 42
PSTN

MS
6 Channel Request
BSS
MSC
<AGCH>
Signaling Link
Established
<SDCCH>
Page Response
<SDCCH>
GMSC
PSTN
CR
(TMSI)
*Authentication
8 Call Confirmation
HLR
<RACH>
DCCH Assign
7 Complete Call
Setup
VLR
(TMSI &
Status)
(Status)
<TMSI>
<SDCCH>
<SDCCH>
Ring Tone at
the land
phone
All rights reserved
Page 43

MS
9 Assignment
Command
Assignment
Complete
BSS
(channel)
MSC
VLR
HLR
GMSC
PSTN
(circuit)
<FACCH>
Ring Tone at
the land
phone
<TCH>
Alert
Address Complete
All rights reserved
Page 44

MS
9 Assignment
Command
Assignment
Complete
BSS
(channel)
MSC
VLR
HLR
GMSC
PSTN
(circuit)
<FACCH>
Ring Tone at
the land
phone
<TCH>
Alert
Address Complete
10 Connect
<FACCH>
Ringing stops
at land phone
Subscriber
picks up
Connect ACK ANS
< FACCH>
Billing
starts
<TCH>
Hello...
All rights reserved
Page 45

SMS Sequence
Handover Sequence
All rights reserved
Page 46

Brief Introduction to Location
Update
Several Typical Location Update

Sequences
All rights reserved
Page 47
Brief Introduction to Location Update

The types of Location Update :
Normal Location Update
IMSI Attach/Detach
Periodic Location Update
Normal Location Update

Mobile powers on and is idle.
Reads the LAI broadcast on the BCCH.
Compares with the last stored LAI and if it is different does
a location update.
All rights reserved
Page 48
Location Update
IMSI Attach
Saves the network from paging a MS which is not active in the system.
When MS is turned off or SIM is removed the MS sends a detach signal to the
Network. It is marked as detached.

When the MS is powered again it reads the current LAI and if it is same does a
location update type IMSI attach.

Attach/detach flag is broadcast on the BCCH sys info.
Periodic Location Update

Many times the MS enters non-coverage zone.
The MS will keep on paging the MS thus wasting precious resources.
To avoid this the MS has to inform the MSC about its current LAI in a set
period of time.
This time ranges from 0 to 255 deci-hours.
Periodic location timer value is broadcast on BCCH sys info messages.
All rights reserved
Page 49
Several Typical Location Update Sequences
Intra-VLR Location
Update Sequence
Inter-VLR Location
Update Sequence
All rights reserved
Page 50
Intra-VLR Location Update Sequence

MS
1 Channel Request
DCCH Assign
BSS
MSC
VLR
HLR
<RACH>
<AGCH>
Only sent to HLR
if this is the first
time the MS has
Location Updated
in this VLR
All rights reserved
Page 51

MS
1 Channel Request
DCCH Assign
2 Location Update Request
BSS
MSC
VLR
HLR
<RACH>
<AGCH>
<SDCCH>
All rights reserved
Only sent to HLR

time the MS has
Location Updated
in this VLR
Page 52

MS
1 Channel Request
DCCH Assign
BSS
MSC
HLR
<RACH>
<AGCH>
Only sent to HLR
time the MS has
Location Updated
in this VLR
<SDCCH>
LAI & TMSI
3 Authentication & Ciphering
VLR
All rights reserved
Page 53

MS
1 Channel Request
DCCH Assign
BSS
MSC
VLR
HLR
<RACH>
<AGCH>
Only sent to HLR
time the MS has
Location Updated
in this VLR
<SDCCH>
LAI & TMSI
<TMSI>
4 Forward New TMSI

Location Update Accept
<SDCCH>
<TMSI>
All rights reserved
Page 54

MS
1 Channel Request
DCCH Assign
BSS
MSC
VLR
HLR
<RACH>
<AGCH>
Only sent to HLR
time the MS has
Location Updated
in this VLR
<SDCCH>
LAI & TMSI
<TMSI>
4 Forward New TMSI

5 TMSI Reallocate Complete
TMSI ACK
<SDCCH>
<TMSI>
<SDCCH>
All rights reserved
Page 55

MS
1 Channel Request
DCCH Assign
<RACH>
BSS
MSC
VLR
HLR
<AGCH>
Only sent to HLR
time the MS has
Location Updated
in this VLR
<SDCCH>
LAI & TMSI
<TMSI>
4 Forward New TMSI

5 TMSI Reallocate Complete
TMSI ACK
6 Clear Command
Clear Complete
<SDCCH>
<TMSI>
<SDCCH>
<SDCCH>
<SDCCH>
All rights reserved
Page 56
Inter-VLR Location Update Sequence
Location Update via IMSI
Location Update via TMSI
All rights reserved
Page 57
Inter-VLR Location Update Via IMSI

MS
BSS
MSC
VLRn
HLR VLRo
<RACH>
1 Channel Request
<AGCH>
DCCH Assign
All rights reserved
Page 58

MS
BSS
MSC
VLRn
HLR VLRo
<RACH>
1 Channel Request
<AGCH>
DCCH Assign
<SDCCH>
LAI & IMSI
All rights reserved
Page 59

MS
BSS
MSC
VLRn
HLR VLRo
<RACH>
1 Channel Request
<AGCH>
DCCH Assign
<SDCCH>
LAI & IMSI
3 Authentication Para. Req
Authentication & Ciphering
All rights reserved
Page 60

MS
BSS
MSC
VLRn
HLR VLRo
<RACH>
1 Channel Request
<AGCH>
DCCH Assign
<SDCCH>
LAI & IMSI

Insert Subscriber Data
Insert Subscriber Data Ack
Location Update accept
All rights reserved
Page 61

MS
BSS
MSC
VLRn
HLR
<RACH>
1 Channel Request
<AGCH>
DCCH Assign
<SDCCH>
LAI & IMSI

5 Cancellocation
Cancellocation
Ack
.
All rights reserved
Page 62
VLRo

MS
BSS
MSC
VLRn
HLR
6 Forward New TMSI

TMSI Reallocate Complete
TMSI ACK
All rights reserved
Page 63
VLRo

MS
BSS
MSC
VLRn
HLR
6 Forward New TMSI

TMSI ACK
7 Clear Command
Clear Complete
All rights reserved
Page 64
VLRo
Inter-VLR Location Update Via TMSI

MS
BSS
MSC
VLRn
HLR
<RACH>
1 Channel Request
<AGCH>
DCCH Assign
All rights reserved
Page 65
VLRo

MS
BSS
MSC
VLRn
HLR VLRo
<RACH>
1 Channel Request
<AGCH>
DCCH Assign
<SDCCH>
LAI & TMSI
All rights reserved
Page 66

MS
BSS
MSC
VLRn
HLR VLRo
<RACH>
1 Channel Request
<AGCH>
DCCH Assign
<SDCCH>
LAI & TMSI
TMSI&LAIO
3 Provide Identification
provide Identification Ack
TMSI,IMSI,KC,R,S)
All rights reserved
Page 67

MS
BSS
MSC
VLRn
HLR VLRo
<RACH>
1 Channel Request
<AGCH>
DCCH Assign
<SDCCH>
LAI & TMSI

TMSI&LAIO
3 Provide Identification
TMSI,IMSI,KC,R,S)
provide Identification Ack


All rights reserved
Page 68

MS
BSS
MSC
VLRn
HLR
5 Cancellocation
Cancellocation
Ack
.
All rights reserved
Page 69
VLRo

MS
BSS
MSC
VLRn
HLR
5 Cancellocation
Cancellocation
Ack
.
6 Forward New TMSI
TMSI ACK
All rights reserved
Page 70
VLRo

MS
BSS
MSC
VLRn
HLR
5 Cancellocation
Cancellocation
Ack
.
6 Forward New TMSI
TMSI ACK
7 Clear Command
Clear Complete
All rights reserved
Page 71
VLRo

SMS Sequence
Handover Sequence
All rights reserved
Page 72
MO SMS Transfer
MS
1 CHANNEL REQUEST
DCCH ASSIGN
BSS
MSC
VLR Interworking SC
MSC
<RACH>
<AGCH>
SIGNALING LINK
ESTABLISHED
All rights reserved
Page 73
MO SMS Transfer
MS
1 CHANNEL REQUEST
DCCH ASSIGN
BSS
MSC
VLR Interworking SC
MSC
<RACH>
<AGCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
<SDCCH>
CR
CC
All rights reserved
Page 74
MO SMS Transfer
MS
1 CHANNEL REQUEST
DCCH ASSIGN
BSS
MSC
VLR Interworking SC
MSC
<RACH>
<AGCH>
SIGNALING LINK
ESTABLISHED
2 REQ. FOR SERVICE
<SDCCH>
CR
CC
3 AUTHENTICATION
SET Cipher MODE
All rights reserved
Page 75
MO SMS Transfer
MS
1 CHANNEL REQUEST
DCCH ASSIGN
BSS
MSC
VLR Interworking SC
MSC
<RACH>
<AGCH>
SIGNALING LINK
ESTABLISHED
<SDCCH>
2 REQ. FOR SERVICE
CR
CC
3 AUTHENTICATION
SET Cipher MODE
4 RP_MO_DATA
SIF_MO_SMS
SIF_MO_SMS-Ack
All rights reserved
Page 76
MO SMS Transfer
MS
5 MO_Forward_SM
BSS
MSC
VLR Interworking SC
MSC
(SC_No.)
Short_Message
Short_Message_Ack
MO_Forward_SM_Ack
All rights reserved
Page 77
MO SMS Transfer
MS
BSS
MSC
VLR Interworking SC
MSC
(SC_No.)
5 MO_Forward_SM
Short_Message
Short_Message_Ack
MO_Forward_SM_Ack
6 RP_ACK
"Send Successfully" is displayed on the mobile
All rights reserved
Page 78
MT SMS Transfer
For Forwarding a
Short Message
For Forwarding Several

Short Message
All rights reserved
Page 79
MT SMS Transfer (A Message)

MS
Servicing
MSC
VLR
HLR
Gateway
MSC
1 Short Message
SRI_For_SM
SRI_For_SM_Ack
MT_Forward_SM
All rights reserved
Page 80
SC

MS
Servicing
MSC
VLR
HLR
Gateway
MSC
1 Short Message
SRI_For_SM
SRI_For_SM_Ack
MT_Forward_SM
2 SIF_MT_SMS
Page
Page
All rights reserved
Page 81
SC

MS
Servicing
MSC
VLR
HLR
Gateway
MSC
1 Short Message
SRI_For_SM
SRI_For_SM_Ack
MT_Forward_SM
2 SIF_MT_SMS
Page
Page
3 Paging Response
Authentication and Ciphering
All rights reserved
Page 82
SC

MS
Servicing
MSC
VLR
HLR
Gateway
MSC
1 Short Message
SRI_For_SM
SRI_For_SM_Ack
MT_Forward_SM
2 SIF_MT_SMS
Page
Page Request
3 Paging Response
4 Short_Message
Short_Message_Ack
MT_Forward_SM_Ack
Short_Message_Ack
All rights reserved
Page 83
SC
MT SMS Transfer (Several Messages)

MS
Servicing
MSC
VLR
HLR
Gateway
MSC
1 Short Message
SRI_For_SM
SRI_For_SM_Ack
MT_Forward_SM
MT_Forward_SM
(The More message To
Send Flag is True)
All rights reserved
Page 84
SC

MS
Servicing
MSC
VLR
HLR
Gateway
MSC
1 Short Message
SRI_For_SM
SRI_For_SM_Ack
MT_Forward_SM
MT_Forward_SM
Send Flag is True)
2 SIF_MT_SMS
Page
Paging Request
All rights reserved
Page 85
SC

MS
Servicing
MSC
VLR
HLR
Gateway
MSC
1 Short Message
SRI_For_SM
SRI_For_SM_Ack
MT_Forward_SM
MT_Forward_SM
Send Flag is True)
2 SIF_MT_SMS
Page
Paging Request
3 Paging Response
All rights reserved
Page 86
SC

MS
Servicing
MSC
VLR
HLR
Gateway
MSC
4 Short_Message
Short_Message_Ack
MT_Forward_SM_Ack
Short_Message_Ack
All rights reserved
Page 87
SC

MS
Servicing
MSC
VLR
HLR
Gateway
MSC
4 Short_Message
Short_Message_Ack
MT_Forward_SM_Ack
Short_Message_Ack
5 Short_Message
MT_Forward_SM
MT_Forward_SM
Send Flag is False)
Short_Message
Short_Message_Ack
MT_Forward_SM_Ack
Short_Message_Ack
All rights reserved
Page 88
SC

SMS Sequence
Handover Sequence
All rights reserved
Page 89
Handover Sequence
Inter - BSS handover
sequence
Inter - MSC handover
sequence
All rights reserved
Page 90
Inter - BSS Handover Sequence

oBSS
MS
1 Periodic Measurement
reports
nBSS
<SACCH>
All rights reserved
Page 91
MSC

oBSS
MS
reports
nBSS
<SACCH>
2 Handover required
All rights reserved
Page 92
MSC

oBSS
MS
reports
nBSS
MSC
<SACCH>
2 Handover required
3 Handover Request
TMSI cct. code
All rights reserved
Page 93

oBSS
MS
reports
nBSS
MSC
<SACCH>
2 Handover required
3 Handover Request
TMSI cct. code

HO Ref. No.
4 Handover REQ ACK
All rights reserved
Page 94

oBSS
MS
reports
nBSS
MSC
<SACCH>
2 Handover required
3 Handover Request
TMSI cct. code

HO Ref. No.
4 Handover REQ ACK

5 Handover Command
<FACCH>
HO Ref. No.
All rights reserved
Page 95

oBSS
MS
reports
nBSS
MSC
<SACCH>
2 Handover required
3 Handover Request
TMSI cct. code

HO Ref. No.
4 Handover REQ ACK

5 Handover Command
6 Information Interchange
<FACCH>
HO Ref. No.
<FACCH>
All rights reserved
Page 96

oBSS
MS
reports
nBSS
MSC
<SACCH>
2 Handover required
3 Handover Request
TMSI cct. code

HO Ref. No.
4 Handover REQ ACK

5 Handover Command
<FACCH>
HO Ref. No.
<FACCH>
7 Handover Complete
All rights reserved
Page 97

oBSS
MS
reports
nBSS
MSC
<SACCH>
2 Handover required
3 Handover Request
TMSI cct. code

HO Ref. No.
4 Handover REQ ACK

5 Handover Command
<FACCH>
HO Ref. No.
<FACCH>
7 Handover Complete
8 Clear Command
All rights reserved
Page 98

oBSS
MS
reports
nBSS
MSC
<SACCH>
2 Handover required
3 Handover Request
TMSI cct. code

HO Ref. No.
4 Handover REQ ACK

5 Handover Command
<FACCH>
HO Ref. No.
<FACCH>
7 Handover Complete
8 Clear Command
9 Periodic Meas. reports
<SACCH>
All rights reserved
Page 99
Inter - MSC Handover Sequence

Basic Inter-MSC handover
Subsequent Inter - MSC
handover
All rights reserved
Page 100
Inter-MSC handover
MSCA
MSCB
1 PrepareHandover
2 Allocate HandoverNo.
3 Send Handover Report
4 PrepareHandover_Ack
5 Send HO Report_Ack
6 Initial
Address Message
Address Completed
Answer
All rights reserved
Page 101
VLRB
Inter-MSC handover
MSCA
MSCB
VLRB
1 PrepareHandover
6 Initial
Address Message
Address Completed
Answer
All rights reserved
Page 102
Inter-MSC handover
MSCA
MSCB
VLRB
1 PrepareHandover
6 Initial
Address Message
Address Completed
Answer
All rights reserved
Page 103
Inter-MSC handover
MSCA
MSCB
VLRB
1 PrepareHandover
6 Initial
Address Message
Address Completed
Answer
All rights reserved
Page 104
Inter-MSC handover
MSCA
MSCB
1 PrepareHandover
6 Initial
Address Message
Address Completed
Answer
All rights reserved
Page 105
VLRB
Inter-MSC handover
MSCA
MSCB
1 PrepareHandover
6 Initial
Address Message
Address Completed
Answer
All rights reserved
Page 106
VLRB
Inter-MSC handover
MSC/VLRA
MSC/VLRB
7 Process Access Signal

Send End Signal
Forward Access Signal
Process Access Signal
8 Clear Forward
Release Guard
Send End Signal_Ack
All rights reserved
Page 107
Inter-MSC handover
MSC/VLRA
MSC/VLRB
7 Process Access Signal

Send End Signal
Forward Access Signal
Process Access Signal
8 Release
Release Complete
Send End Signal_Ack
All rights reserved
Page 108
Inter-MSC handover
MSC/VLRA
MSC/VLRB
HLRA
9 SendAuth. Info
Auth Info
Update Location
InsertSubs.Data
InsertSubs.Data_Ack
UpdateLocation_Ack
Cancellocation
Cancellocation_Ack
All rights reserved
Page 109
Subsequent Inter-MSC handover

MSC/VLRA
MSC/VLRB
1 PrepareSubsequentHOV
PrepareHandover
PrepareHandover
PrepareSubsequentHOV
2 Initial and Final
Address Message
Address Complete
Answer
3 RLS
RLC
All rights reserved
Page 110
HLRA

MSC/VLRA
MSC/VLRB
PrepareHandover
PrepareHandover
2 Initial and Final
Address Message
Address Complete
Answer
3 RLS
RLC
All rights reserved
Page 111
HLRA

MSC/VLRA
MSC/VLRB
PrepareHandover
PrepareHandover
2 Initial and Final
Address Message
Address Complete
Answer
3 RLS
RLC
All rights reserved
Page 112
HLRA

MSC/VLRA
MSC/VLRB
MSC/VLRC
4 ProcessAccessSignal
ForwardAccessSignal
5 RLS
RLC
6 SendEndSignal
SendEndSignal_Ack
7 Location Update
All rights reserved
Page 113

MSC/VLRA
MSC/VLRB
MSC/VLRC
4 ForwardAccessSignal
ProcessAccessSignal
5 RLS
RLC
6 SendEndSignal
SendEndSignal_Ack
7 Location Update
All rights reserved
Page 114

MSC/VLRA
MSC/VLRB
MSC/VLRC
ProcessAccessSignal
5 RLS
RLC
6 SendEndSignal
SendEndSignal_Ack
7 Location Update
All rights reserved
Page 115

MSC/VLRA
MSC/VLRB
MSC/VLRC
ProcessAccessSignal
5 RLS
RLC
6 SendEndSignal
SendEndSignal_Ack
7 Location Update
All rights reserved
Page 116
Summary
1. GSM Security Management
2. GSM Basic Call Sequence
3. Location Update Sequence
4. SMS Sequence
5. Handover Sequence
All rights reserved
Page 117
Thank You
www.huawei.com

3 GSM Communication Flow

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

3 GSM Communication Flow

Diunggah oleh

Hak Cipta:

Format Tersedia

Internal

GBSS Training Team

All rights reserved

After the completion of this course, the trainees

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

GSM Security Management

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

GSM Security Management

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

GSM Security Management

All rights reserved

and supplementary services. Authentication is done by AUC.

which is then used by an MSC/VLR to perform subscriber

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

RAND -Random number

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

The MSC/VLR transmits the RAND to the MS.

The MS computes the signature SRES using RAND and

The MS computes the Kc by using Ki and RAND through

The signature SRES is sent back to MSC/VLR, which

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

4. Compare SRES received from

Authentication can by operators choice be performed during:

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

A5 Encryption and decryption algorithm

All rights reserved

Authentication and Ciphering Sequence

1 Pre-send Triples to VLR

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Authentication and Ciphering Sequence

1 Pre-send Triples to VLR

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Authentication and Ciphering Sequence

1 Pre-send Triples to VLR

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Authentication and Ciphering Sequence

1 Pre-send Triples to VLR

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Authentication and Ciphering Sequence

1 Pre-send Triples to VLR

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Location Update Req

Location Update Acc

TMSI Reallocation Comp

All rights reserved

All rights reserved

VLR HLR PSTN EIR

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved