STATION ID - 7047/3.12 9x Datakit Network FOR OFFICIAL USE ONLY This is a 9x system, restricted to authorized persons and for official 9x business only. Anyone using this system, network or data is subject to being monitored at any time for system administration and for identifying unauthorized users or system misuse. Anyone using this system expressly consents to such monitoring and is advised that any evidence of criminal activity revealed through such monitoring may be provided to law enforcement for prosecution. MORE ON GSM by mastry0da mastry0da@usa.net During the early 1980s, analog cellular telephone systems were experiencing rapid growth in Europe, particularly in Scandinavia and the United Kingdom, but also in France and Germany. Each country developed its own system, which was incompatible with everyone else's in equipment and operation. This was an undesirable situation, because not only was the mobile equipment limited to operation within national boundaries, which in a unified Europe were increasingly unimportant, but there was a very limited market for each type of equipment, so economies of scale, and the subsequent savings, could not be realized. The Europeans realized this early on, and in 1982 the Conference of European Posts and Telegraphs (CEPT) formed a study group called the Groupe Sp‚cial Mobile (GSM) to study and develop a pan-European public land mobile system. The proposed system had to meet certain criteria: good subjective speech quality, low terminal and service cost, support for international roaming, ability to support handhald terminals, support for range of new services and facilities, spectral efficiency, and ISDN compatibility. In 1989, GSM responsibility was transferred to the European Telecommunication Standards Institute (ETSI), and phase I of the GSM specifications were published in 1990. Commercial service was started in mid-1991, and by 1993 there were 36 GSM networks in 22 countries, with 25 additional countries having already selected or considering GSM [DS93]. This is not only a European standard - South Africa, Australia, and many Middle and Far East countries have chosen GSM. By the beginning of 1994, there were 1.3 million subscribers worldwide [Nil]. The acronym GSM now (aptly) stands for Global System for Mobile telecommunications. The developers of GSM chose an unproven (at the time) digital system, as opposed to the then-standard analog cellular systems like AMPS in the United States and TACS in the United Kingdom. They had faith that advancements in compression algorithms and digital signal processors would allow the fulfillment of the original criteria and the continual improvement of the system in terms of quality and cost. The 8000 pages of the GSM recommendations try to allow flexibility and competitive innovation among suppliers, but provide enough guidelines to guarantee the proper interworking between the components of the system. This is done in part by providing descriptions of the interfaces and functions of each of the functional entities defined in the system. 2 Services provided by GSM >From the beginning, the planners of GSM wanted ISDN compatibility in services offered and control signalling used. The radio link imposed some limitations, however, since the standard ISDN bit rate of 64 kbps could not be practically achieved. Using the ITU-T definitions, telecommunication services can be divided into bearer services, teleservices, and supplementary services. The digital nature of GSM allows data, both synchronous and asynchronous, to be transported as a bearer service to or from an ISDN terminal. Data can use either the transparent service, which has a fixed delay but no guarantee of data integrity, or a non-transparent service, which guarantees data integrity through an Automatic Repeat Request (ARQ) mechanism, but with a variable delay. The data rates supported by GSM are 300 bps, 600 bps, 1200 bps, 2400 bps, and 9600 bps [Har93a]. The most basic teleservice supported by GSM is telephony. There is an emergency service, where the nearest emergency-service provider is notified by dialling three digits (similar to 911). Group 3 fax, an analog method described in ITU-T recommendation T.30 [Har93b], is also supported by use of an appropriate fax adaptor. A unique feature of GSM compared to older analog systems is the Short Message Service (SMS). SMS is a bidirectional service for sending short alphanumeric (up to 160 bytes) messages in a store-and-forward fashion. For point-to-point SMS, a message can be sent to another subscriber to the service, and an acknowledgement of receipt is provided to the sender. SMS can also be used in a cell-broadcast mode, for sending messages such as traffic updates or news updates. Messages can be stored in the SIM card for later retrieval [Bal93]. Supplementary services are provided on top of teleservices or bearer services, and include features such as caller identification, call forwarding, call waiting, multi-party conversations, and barring of outgoing (international) calls, among others. 3 Architecture of the GSM network A GSM network is composed of several functional entities, whose functions and interfaces are defined. Figure 1 shows the layout of a generic GSM network. The GSM network can be divided into three broad parts. The Mobile Station is carried by the subscriber, the Base Station Subsystem controls the radio link with the Mobile Station. The Network Subsystem, the main part of which is the Mobile services Switching Center, performs the switching of calls between the mobile and other fixed or mobile network users, as well as management of mobile services, such as authentication. Not shown is the Operations and Maintenance center, which oversees the proper operation and setup of the network. The Mobile Station and the Base Station Subsystem communicate across the Um interface, also known as the air interface or radio link. The Base Station Subsystem communicates with the Mobile service Switching Center across the A interface. 3.1 Mobile Station The mobile station (MS) consists of the physical equipment, such as the radio transceiver, display and digital signal processors, and a smart card called the Subscriber Identity Module (SIM). The SIM provides personal mobility, so that the user can have access to all subscribed services irrespective of both the location of the terminal and the use of a specific terminal. By inserting the SIM card into another GSM cellular phone, the user is able to receive calls at that phone, make calls from that phone, or receive other subscribed services. The mobile equipment is uniquely identified by the International Mobile Equipment Identity (IMEI). The SIM card contains the International Mobile Subscriber Identity (IMSI), identifying the subscriber, a secret key for authentication, and other user information. The IMEI and the IMSI are independent, thereby providing personal mobility. The SIM card may be protected against unauthorized use by a password or personal identity number. 3.2 Base Station Subsystem The Base Station Subsystem is composed of two parts, the Base Transceiver Station (BTS) and the Base Station Controller (BSC). These communicate across the specified A-bis interface, allowing (as in the rest of the system) operation between components made by different suppliers. The Base Transceiver Station houses the radio tranceivers that define a cell and handles the radio-link protocols with the Mobile Station. In a large urban area, there will potentially be a large number of BTSs deployed. The requirements for a BTS are ruggedness, reliability, portability, and minimum cost. The Base Station Controller manages the radio resources for one or more BTSs. It handles radio-channel setup, frequency hopping, and handovers, as described below. The BSC is the connection between the mobile and the Mobile service Switching Center (MSC). The BSC also translates the 13 kbps voice channel used over the radio link to the standard 64 kbps channel used by the Public Switched Telephone Network or ISDN. 3.3 Network Subsystem The central component of the Network Subsystem is the Mobile services Switching Center (MSC). It acts like a normal switching node of the PSTN or ISDN, and in addition provides all the functionality needed to handle a mobile subscriber, such as registration, authentication, location updating, handovers, and call routing to a roaming subscriber. These services are provided in conjuction with several functional entities, which together form the Network Subsystem. The MSC provides the connection to the public fixed network (PSTN or ISDN), and signalling between functional entities uses the ITU-T Signalling System Number 7 (SS7), used in ISDN and widely used in current public networks. The Home Location Register (HLR) and Visitor Location Register (VLR), together with the MSC, provide the call-routing and (possibly international) roaming capabilities of GSM. The HLR contains all the administrative information of each subscriber registered in the corresponding GSM network, along with the current location of the mobile. The current location of the mobile is in the form of a Mobile Station Roaming Number (MSRN) which is a regular ISDN number used to route a call to the MSC where the mobile is currently located. There is logically one HLR per GSM network, although it may be implemented as a distributed database. The Visitor Location Register contains selected administrative information from the HLR, necessary for call control and provision of the subscribed services, for each mobile currently located in the geographical area controlled by the VLR. Although each functional entity can be implemented as an independent unit, most manufacturers of switching equipment implement one VLR together with one MSC, so that the geographical area controlled by the MSC corresponds to that controlled by the VLR, simplifying the signalling required. Note that the MSC contains no information about particular mobile stations - this information is stored in the location registers. The other two registers are used for authentication and security purposes. The Equipment Identity Register (EIR) is a database that contains a list of all valid mobile equipment on the network, where each mobile station is identified by its International Mobile Equipment Identity (IMEI). An IMEI is marked as invalid if it has been reported stolen or is not type approved. The Authentication Center is a protected database that stores a copy of the secret key stored in each subscriber's SIM card, which is used for authentication and ciphering of the radio channel. 4 Radio link aspects The International Telecommunication Union (ITU), which manages the international allocation of radio spectrum (among other functions) allocated the bands 890-915 MHz for the uplink (mobile station to base station) and 935-960 MHz for the downlink (base station to mobile station) for mobile networks in Europe. Since this range was already being used in the early 1980s by the analog systems of the day, the CEPT had the foresight to reserve the top 10 MHz of each band for the GSM network that was still being developed. Eventually, GSM will be allocated the entire 2x25 MHz bandwidth. Since radio spectrum is a limited resource shared by all users, a method must be devised to divide up the bandwidth among as many users as possible. The method chosen by GSM is a combination of Time- and Frequency-Division Multiple Access (TDMA/FDMA). The FDMA part involves the division by frequency of the total 25 MHz bandwidth into 124 carrier frequencies of 200 kHz bandwidth. One or more carrier frequencies are then assigned to each base station. Each of these carrier frequencies is then divided in time, using a TDMA scheme, into eight time slots. One time slot is used for transmission by the mobile and one for reception. They are separated in time so that the mobile unit does not receive and transmit at the same time, a fact that simplifies the electronics. In the rest of this section, the procedure involved in digitally transmitting a voice signal in a GSM network is examined, along with some of the features, such as discontinuous transmission and reception, used to improve voice quality, reduce the mobile unit's power consumption, and increase the overall capacity of the network. 4.1 Channel structure The structure of the most common time-slot burst is shown in Figure 2. A total of 156.25 bits is transmitted in 0.577 milliseconds, giving a gross bit rate of 270.833 kbps. There are three other types of burst structure for frame and carrier synchronization and frequency correction. The 26-bit training sequence is used for equalization, as described below. The 8.25 bit guard time allows for some propagation time delay in the arrival of bursts. Each group of eight time slots is called a TDMA frame, which is transmitted every 4.615 ms. TDMA frames are further grouped into multiframes to carry control signals. There are two types of multiframe, containing 26 or 51 TDMA frames. The 26-frame multiframe contains 24 Traffic Channels (TCH) and two Slow Associated Control Channels (SACCH) which supervise each call in progress. The SACCH in frame 12 contains eight channels, one for each of the eight connections carried by the TCHs. The SACCH in frame 25 is not currently used, but will carry eight additional SACCH channels when half-rate traffic is implemented. A Fast Associated Control Channel (FACCH) works by stealing slots from a traffic channel to transmit power control and handover-signalling messages. The channel stealing is done by setting one of the control bits in the time slot burst. In addition to the Associated Control Channels, there are several other control channels which (except for the Stand-alone Dedicated Control Channel) are implemented in time slot 0 of specified TDMA frames in a 51-frame multiframe, implemented on a non-hopping carrier frequency in each cell. The control channels include: Broadcast Control Channel (BCCH): Continually broadcasts, on the downlink, information including base station identity, frequency allocations, and frequency-hopping sequences. Stand-alone Dedicated Control Channel (SDCCH): Used for registration, authentication, call setup, and location updating. Implemented on a time slot, together with its SACCH, selected by the system operator. Common Control Channel (CCCH): Comprised of three control channels used during call origination and call paging. Random Access Channel (RACH): A slotted Aloha channel to request access to the network Paging Channel (PCH): Used to alert the mobile station of incoming call. Access Grant Channel (AGCH): Used to allocate an SDCCH to a mobile for signalling, following a request on the RACH. 4.2 Speech coding GSM is a digital system, so speech signals, inherently analog, have to be digitized. The method employed by ISDN, and by current telephone systems for multiplexing voice lines over high speed trunks and optical fiber lines, is Pulse Coded Modulation (PCM). The output stream from PCM is 64 kbps, too high a rate to be feasible over a radio link. The 64 kbps signal contains much redundancy, although it is simple to implement. The GSM group studied several voice coding algorithms on the basis of subjective speech quality and complexity (which is related to cost, processing delay, and power consumption once implemented) before arriving at the choice of a Regular Pulse Excited - Linear Predictive Coder (RPE-LPC) with a Long Term Predictor loop. Basically, information from previous samples, which does not change very quickly, is used to predict the current sample. The coefficients of the linear combination of the previous samples, plus an encoded form of the residual, the difference between the predicted and actual sample, represent the signal. Speech is divided into 20 millisecond samples, each of which is encoded as 260 bits, giving a total bit rate of 13 kbps. 4.3 Channel coding and modulation Due to natural or man-made electromagnetic interference, the encoded speech or data transmitted over the radio interface must be protected as much as is practical. The GSM system uses convolutional encoding and block interleaving to achieve this protection. The exact algorithms used differ for speech and for different data rates. The method used for speech blocks will be described below. Recall that the speech codec produces a 260 bit block for every 20 ms speech sample. From subjective testing, it was found that some bits of this block were more important for perceived speech quality than others. The bits are thus divided into three classes: Class Ia 50 bits - most sensitive to bit errors Class Ib 132 bits - moderately sensitive to bit errors Class II 78 bits - least sensitive to bit errors Class Ia bits have a 3 bit Cyclic Redundancy Code added for error detection. If an error is detected, the frame is judged too damaged to be comprehensible and it is discarded. It is replaced by a slightly attenuated version of the previous correctly received frame. These 53 bits, together with the 132 Class Ib bits and a 4 bit tail sequence (a total of 189 bits), are input into a 1/2 rate convolutional encoder of constraint length 4. Each input bit is encoded as two output bits, based on a combination of the previous 4 input bits. The convolutional encoder thus outputs 378 bits, to which are added the 78 remaining Class II bits, which are unprotected. Thus every 20 ms speech sample is encoded as 456 bits, giving a bit rate of 22.8 kbps. To further protect against the burst errors common to the radio interface, each sample is diagonally interleaved. The 456 bits output by the convolutional encoder are divided into 8 blocks of 57 bits, and these blocks are transmitted in eight consecutive time-slot bursts. Since each time-slot burst can carry two 57 bit blocks, each burst carries traffic from two different speech samples. Recall that each time-slot burst is transmitted at a gross bit rate of 270.833 kbps. This digital signal is modulated onto the analog carrier frequency, which has a bandwidth of 200 kHz, using Gaussian-filtered Minimum Shift Keying (GMSK). GMSK was selected over other modulation schemes as a compromise between spectral efficiency, complexity of the transmitter, and limited spurious emissions. The complexity of the transmitter is related to power consumption, which should be minimized for the mobile station. The spurious radio emissions, outside of the allotted bandwidth, must be strictly controlled so as to limit adjacent channel interference, and allow for the co-existence of GSM and the older analog systems (at least for the time being). 4.4 Multipath equalization At the 900 MHz range, radio waves bounce off everything - buildings, hills, cars, airplanes, etc. Thus many reflected signals, each with a different phase, can reach an antenna. Equalization is used to extract the desired signal from the unwanted reflections. Equalization works by finding out how a known transmitted signal is modified by multipath fading, and constructing an inverse filter to extract the rest of the desired signal. This known signal is the 26-bit training sequence transmitted in the middle of every time slot burst. The actual implementation of the equalizer is not specified in the GSM specifications. 4.5 Frequency hopping The mobile station already has to be frequency agile, meaning it can move between a transmit, receive, and monitor time slot within one TDMA frame, which may be on different frequencies. GSM makes use of this inherent frequency agility to implement slow frequency hopping, where the mobile and BTS transmit each TDMA frame on a different carrier frequency. The frequency hopping algorithm is broadcast on the Broadcast Control Channel. Since multipath fading is (mildly) dependent on carrier frequency, slow frequency hopping helps alleviate the problem. In addition, co-channel interference is in effect randomized. 4.6 Discontinuous transmission Minimizing co-channel interference is a goal of any cellular system, since it allows better service for a given cell size, or the use of smaller cells, thus increasing the overall capacity of the system. Discontinuous transmission (DTX) is a method that takes advantage of the fact that a person speaks less that 40 percent of the time in normal conversation [S+89], by turning the transmitter off during silence periods. An added benefit of DTX is that power is conserved at the mobile unit. The most important component of DTX is, of course, Voice Activity Detection. It must distinguish between voice and noise inputs, a task that is not as trivial as it appears, considering background noise. If a voice signal is misinterpreted as noise, the transmitter is turned off and a very annoying effect called clipping is heard at the receiving end. If, on the other hand, noise is misinterpreted as a voice signal too often, the efficiency of DTX is dramatically decreased. Another factor to consider is that when the transmitter is turned off, there is a very silent silence heard at the receiving end, due to the digital nature of GSM. To assure the receiver that the connection is not dead, comfort noise is created at the receiving end by trying to match the characteristics of the transmitting end's background noise. 4.7 Discontinuous reception Another method used to conserve power at the mobile station is discontinuous reception. The paging channel, used by the base station to signal an incoming call, is structured so that the mobile station knows when it needs to check for a paging signal. In the time between paging signals, the mobile can go into sleep mode, when almost no power is used. 4.8 Power control There are five classes of mobile stations defined, according to their peak transmitter power, rated at 20, 8, 5, 2, and 0.8 watts. To minimize co-channel interference and to conserve power, both the mobiles and the Base Transceiver Stations operate at the lowest power level that will maintain an acceptable signal quality. Power levels can be stepped up or down in steps of 2 dB from the peak power for the class down to a minimum of 13 dBm (20 milliwatts). The mobile station measures the signal strength or signal quality (based on the Bit Error Ratio), and passes the information to the Base Station Controller, which ultimately decides if and when the power level should be changed. Power control should be handled carefully, since there is the possibility of instability. This arises from having mobiles in co-channel cells alternatingly increase their power in response to increased co-channel interference caused by the other mobile increasing its power. This in unlikely to occur in practice but it is (or was as of 1991) under study. 5 Network aspects Ensuring the transmission of voice or data of a given quality over the radio link is only half the problem in a cellular mobile network. The fact that the geographical area covered by the network is divided into cells necessitates the implementation of a handover mechanism. Also, the fact that the mobile can roam nationally and internationally in GSM requires that registration, authentication, call routing and location updating functions exist in the GSM network. The signalling protocol in GSM is structured in three layers [Rah93, Aud88], shown in Figure 3. Layer 1 is the physical layer, which uses the channel structures discussed above. Layer 2 is the data link layer. Across the Um interface, the data link layer uses a slight modification of the LAPD protocol used in ISDN, called LAPDm. Across the A interface, the lower parts of Signalling System Number 7 are used. Layer 3 is subdivided into 3 sublayers. Radio Resources Management controls the setup, maintenance, and termination of radio channels Mobility Management manages the location updating, handovers, and registration procedures, discussed below Connection Management handles general call control, similar to CCITT Recommendation Q.931, and provides supplementary services. Signalling between the different entities in the network, such as between the HLR and VLR, is accomplished throught the Mobile Application Part (MAP). Application parts are the top layer of Signalling System Number 7. The specification of the MAP is complex. It is one of the longest documents in the GSM recommendations, said to be over 600 pages in length [Che91]. Described below are the main functions of the Mobility Management sublayer. 5.1 Handover Handover, or handoff as it is called in North America, is the switching of an on-going call to a different channel or cell. There are four different types of handover in the GSM system, which involve transferring a call between channels (time slots) in the same cell, cells (Base Transceiver Stations) under the control of the same Base Station Controller (BSC), cells under the control of different BSCs, but belonging to the same Mobile services Switching Center (MSC), and cells under the control of different MSCs. The first two types of handover, called internal handovers, involve only one Base Station Controller (BSC). To save signalling bandwidth, they are managed by the BSC without involving the Mobile service Switching Center (MSC), except to notify it at the completion of the handover. The last two types of handover, called external handovers, are handled by the MSCs involved. Note that call control, such as provision of supplementary services and requests for further handoffs, is handled by the original MSC. Handovers can be initiated by either the mobile or the MSC (as a means of traffic load balancing). During its idle time slots, the mobile scans the Broadcast Control Channel of up to 16 neighboring cells, and forms a list of the six best candidates for possible handover, based on the received signal strength. This information is passed to the BSC and MSC, and is used by the handover algorithm. The algorithm for when a handover decision should be taken is not specified in the GSM recommendations. There are two basic algorithms used, both closely tied in with power control. This is because the BSC usually does not know whether the poor signal quality is due to multipath fading or to the mobile having moved to another cell. This is especially true in small urban cells. The 'minimum acceptable performance' algorithm [Bal91] gives precedence to power control over handover, so that when the signal degrades beyond a certain point, the power level of the mobile is increased. If further power increases do not improve the signal, then a handover is considered. This is the simpler and more common method, but it creates 'smeared' cell boundaries when a mobile transmitting at peak power goes some distance beyond its original cell boundaries into another cell. The 'power budget' method [Bal91] uses handover to try to maintain or improve a certain level of signal quality at the same or lower power level. It thus gives precedence to handover over power control. It avoids the 'smeared' cell boundary problem and reduces co-channel interference, but it is quite complicated. 5.2 Location updating and call routing The MSC provides the interface between the GSM mobile network and the public fixed network. >From the fixed network's point of view, the MSC is just another switching node. However, switching is a little more complicated in a mobile network since the MSC has to know where the mobile is currently roaming - and in GSM it could even be roaming in another country. The way GSM accomplishes location updating and call routing to the mobile is by using two location registers: the Home Location Register (HLR) and the Visitor Location Register (VLR). Location updating is initiated by the mobile when, by monitoring the Broadcast Control Channel, it notices that the location-area broadcast is not the same as the one previously stored in the mobile's memory. An update request and the IMSI or previous TMSI is sent to the new VLR via the new MSC. A Mobile Station Roaming Number (MSRN) is allocated and sent to the mobile's HLR (which always keeps the most current location) by the new VLR. The MSRN is a regular telephone number that routes the call to the new VLR and is subsequently translated to the TMSI of the mobile. The HLR sends back the necessary call-control parameters, and also sends a cancel message to the old VLR, so that the previous MSRN can be reallocated. Finally, a new TMSI is allocated and sent to the mobile, to identify it in future paging or call initiation requests. With the above location-updating procedure, call routing to a roaming mobile is easily performed. The most general case is shown in Figure 4 [Aud88], where a call from a fixed network (Public Switched Telecommunications Network or Integrated Services Digital Network) is placed to a mobile subscriber. Using the Mobile Subscriber's telephone number (MSISDN, the ISDN numbering plan specified in the ITU-T E.164 recommendation), the call is routed through the fixed land network to a gateway MSC for the GSM network (an MSC that interfaces with the fixed land network, thus requiring an echo canceller). The gateway MSC uses the MSISDN to query the Home Location Register, which returns the current roaming number (MSRN). The MSRN is used by the gateway MSC to route the call to the current MSC (which is usually coupled with the VLR). The VLR then converts the roaming number to the mobile's TMSI, and a paging call is broadcast by the cells under the control of the current BSC to inform the mobile. 5.3 Authentication and security Since the radio medium can be accessed by anyone, authentication of users to prove that they are who they claim to be, is a very important element of a mobile network. Authentication involves two functional entities, the SIM card in the mobile, and the Authentication Center (AC). Each subscriber is given a secret key, one copy of which is stored in the SIM card and the other in the Authentication Center. During authentication, the AC generates a random number that it sends to the mobile. Both the mobile and the AC then use the random number, in conjuction with the subscriber's secret key and a ciphering algorithm called A3, to generate a number that is sent back to the AC. If the number sent by the mobile is the same as the one calculated by the AC, the subscriber is authenticated. The above calculated number is also used, together with a TDMA frame number and another ciphering algorithm called A5, to encipher the data sent over the radio link, preventing others from listening in. Enciphering is an option for the very paranoid, since the signal is already coded, interleaved, and transmitted in a TDMA manner, thus providing protection from all but the most persistent and dedicated eavesdroppers. Another level of security is performed on the mobile equipment, as opposed to the mobile subscriber. As mentioned earlier, each GSM terminal is identified by a unique International Mobile Equipment Identity (IMEI) number. A list of IMEIs in the network is stored in the Equipment Identity Register (EIR). The status returned in response to an IMEI query to the EIR is one of the following: white-listed The terminal is allowed to connect to the network grey-listed Under observation from the network, possible problems black-listed The terminal has either been reported as stolen, or it is not type approved (the correct type of terminal for a GSM network). The terminal is not allowed to connect to the network. 6 Conclusion and comments In this paper I have tried to give an overview of the GSM system. As with any overview, and especially one covering a standard 8000 pages long, there are many details missing. I believe, however, that I gave the general flavor of GSM and the philosophy behind its design. It was a monumental task that the original GSM committee undertook, and one that has proven a success, showing that international cooperation on such projects between academia, industry, and government can succeed. It is a standard that ensures interoperability without stifling competition and innovation among suppliers, to the benefit of the public both in terms of cost and service quality. For example, by using Very Large Scale Integration (VLSI) microprocessor technology, many of functions of the mobile station can be built in one chipset, resulting in lighter, smaller, and more energy-efficient terminals. Telecommunications are evolving towards personal communication networks, whose objective can be stated as the availability of all communication services anytime, anywhere, to anyone, by a single identity number and a pocketable communication terminal [Win93]. Having a multitude of incompatible systems throughout the world moves us farther away from, not closer to, this ideal. The economies of scale created by a unified system are enough to justify its implementation, not to mention the convenience to people of carrying just one communication terminal anywhere they go, regardless of national boundaries. The GSM system, and its twin system operating at 1800 MHz, called DCS1800, are a first approach at a true personal communication system. The SIM card is a novel approach that implements personal mobility in addition to terminal mobility. Together with international roaming, and support for many other services such as data transfer, fax, Short Message Service, and supplementary services, in addition to telephony, GSM comes close to fulfilling the requirements for a personal communication system: close enough that it is being used as a basis for the next generation of communication technology in Europe. Another point where GSM has shown its commitment to openness, standards and interoperability is the compatibility with the Integrated Services Digital Network (ISDN) that is evolving in most industrialized countries, and Europe in particular (the so-called Euro-ISDN). GSM is the first system to make extensive use of the Intelligent Networking concept in ISDN, in which services like 800 numbers are concentrated and handled from a few centralized service centers, instead of being distributed over every switching center in the country. This is the concept behind the use of the various registers such as the HLR. In addition, the signalling between these functional entities uses Signalling System Number 7, an international standard already used in many countries and specified for ISDN. GSM is a very complex standard, but that is probably the price that must be paid to achieve the level of integrated service and quality offered while subject to the fairly severe restrictions imposed by the radio environment. mastry0da P.S. This is the last about GSM you will hear from me, in my next article(s) you will find out how I went about cloning GSM, and I will point out some of the other succesful GSM cloning projects. Below I have enclosed some data about using GSM for Data transmission, as well as some pc cards and hardware that support GSM. ALso, I have included a list of GSM operators and network codes at the very end, which some of you requested that i publish. Data Services GSM offers a very wide range of data services which can be applied in a host of different situations. Considerable effort has been made to simplify the method of use to encourage those inexperienced in this field. It can also be seen that a very wide-ranging list of data services has been specified. Not all GSM Network Operators will offer all of them, at least not at first, but popularity and competition may determine which ones are made available. Data Transmission Data Transmission to a choice of popular standards may be sent or received, at all standard rates up to 9600 bits/sec. Examples include asynchronous data to a standard modem or a packet switched network via a PAD. Similarly, synchronous connection may be available to a modem, or directly to a packet switched network. In all these cases, no modem is required at the mobile - a suitable data terminal or lap top computer is connected directly to the mobile GSM phone - a great advance over previous systems, and much more convenient to use. When used in error correcting mode, extremely low data error rates are guaranteed, even under badly fading conditions. Facsimile Group 3 Telefax messages may be sent to, or received from a standard Group 3 machine anywhere in the world. Rates up to the Group 3 maximum of 9600 bits/sec are supported, so a high speed service is available. Connection to other data services By using the data transmission described above, a wide range of services may be obtained. These include: Electronic Mail - including the new X.400 standard access to international databases. GSM Messaging (Short Message) Service This service allows the transmission of messages up to 160 alphanumeric characters to be sent to a GSM phone and displayed on the terminal. This can be seen as an advanced form of paging, but has a number of advantages. If the phone is switched off, or out of the area covered by GSM, the message is stored and offered to the subscriber when he reappears. This gives much greater confidence that it has been received. Also, the user needs only one piece of equipment (the mobile phone), and the caller needs to know only one number (the mobile phone number) for telephony and messaging service. Some phones will be equipped for originating these messages, but it is expected that telephony will typically be used to call an operator who types in the message at a Service Centre. Access points will also be made available by some networks for messages to be originated via the internet or World Wide Web. Cell Broadcast This provides short messages to be sent to all phones in a geographical area. A wide range of applications for this service can be envisaged, but typical applications might include warnings of traffic delays or accidents. It works in a way somewhat similar to Teletext on television where you can select types of message which may be of interest. Currently, you need the following equipment to enable GSM Data and Fax on your Notebook PC: A Notebook PC with a type 2 or 3 PC Card or Card Bus slot A data-compatible GSM handset that supports 9.6 Kbps A GSM Data Card that works with your handset Step 1 Selecting your Notebook PC Generally speaking, there are no special requirements for using GSM data, that restrict your choice from the vast offerings of notebook PCs. You are therefore free to make your selection based primarily on features such as price, performance, brand preference, or which models are supported by your corporate IT. However, here are things to consider when making a purchase: The notebook should include a PC Card (formerly called PCMCIA) or CardBus slot. This is what enables you to use a GSM Data Card, and is a standard feature on most notebooks. The notebook should have Windows 95 installed, since this OS has special features designed for travelling professionals, such as Plug n' Play, OS-level modem support, Dial-Up Networking, and built-in fax support, that make it easier to connect to the Internet and send faxes. If the notebook is unavailable with Windows 95, then either consult with the manufacturer for its compatibility with Windows 95, or consider other models. If you would like to use Windows NT, you can, but will not presently benefit from Plug n' Play or OS-level power-management support that is important for notebooks. Most major notebook manufacturers have already compatibility-tested their products with a number of GSM data cards, and in many cases either publish a "compatible" list or market GSM data cards under their own brand name. Look for notebook PCs that are offered bundled with a GSM data card and phone. This not only assures compatibility, but may offered a reduced price over the individual components. AST Compaq Compaq PC Card Solutions List Dell Hewlett Packard IBM Thinkpad Proven Solutions List Olivetti Siemens Nixdorf Data Communication via the Mobile Phone Network Toshiba Step 2 Selecting your GSM Handset If you already own a GSM handset, and it supports data transfers at 9.6 Kbps, then your next task is to choose a GSM data card that works with your handset. Use the tables below to help determine if your phone is data-compatible, and supports a 9.6 Kbps data rate. Otherwise, it is best to shop for your handset, data card, and GSM network together, since this will assure compatiblity among the handset, data card, and network, and you may benefit from bundling discounts. You can buy your phone at any store but you might get a discount if you buy your phone with GSM Service. Typically, there are two or three GSM operators in each country. For each of these operators, there may be several service providers who sell GSM services. After signing up for GSM service, you will receive a Subscriber Information Module or SIM. SIMs are small cards which must be placed into GSM phones. These register the user with the GSM network and allow calls to be routed to your location. You will receive a SIM card when you register with a GSM service provider. Make sure when you contact your service provider that you tell them you will be using your GSM service for data and fax transmissions. Also, if you would like other people to be able to make fax or data calls to your mobile PC, you will have to relay this information to your service provider. They will then issue you a separate number for your fax and data lines. 9.6 Kbps Data-compatible GSM Phones Brand Model(s) Ericsson GF788, GH688, GA 628, GH398, GH/GF388, GA318 Motorola StarTAC, SlimLite, d470, d460, 8700, 8800, 2700 Nokia 2110, 3110, 8110 Orbitel PPU 907 Panasonic G350, G400, G500 Philips Spark Sharp TQ-G400 Siemens S3 com, S4 Sony CM-DX1000 The following GSM phones have data-card functionality integrated into the handset and connect to your Notebook PC by serial cable. This eliminates the need of a separate GSM data card, and frees up an extra PC card slot. 9.6 Kbps GSM "Data" Phones Brand Model(s) Availability Ascom Axento Now Sagem RD 435 Now Ericsson GS 18, SH888 Now These PC cards incorporate both the GSM phone and data card into a single PC card, eliminating the need for a separate phone and adapter cable. Watch for these cards in the second half of '97. 9.6 Kbps GSM Card Phones Brand Model(s) Ericsson GC 25 Nokia Cellular Card Phone Option International FirstFoner Step 3 Selecting your GSM Data Card The final piece of hardware you need is a GSM Data Card. These are credit-card shaped devices that plug into your PC Card or CardBus slots on your computer. An external cable is used to connect the card with the GSM Phone. Since there is no standard interface between a GSM phone and data card, data cards are designed to work with specific phones. For data cards that work with more than one model of phone, there are usually different adapter or kit options available for the different phones. For these reasons, it's a good idea to purchase the phone and data card together. If you already own a phone, then consult with the dealer or phone manufacturer to make sure you get the right modem and adapter. Remember, you must pick a data card which is compatible with your phone! Below is a selection of some of the GSM Data Cards on the market today. GSM data cards Make Model(s) Compatible Phones AVM Mobile ISDN-Controller M1 Mobile ISDN-Controller M2 Deutsch English Siemens S3, S4 AEG Teleport 9070 DTFX MGSM (GSM Only MC217D (GSM/PSTN) MC218D (GSM/PSTN) Communicate Atlas GSM (GSM Only) Atlas GSM Plus (GSM/PSTN) Liberty GSM (GSM Only) Liberty GSM Prima (GSM/PSTN) Motorola data-capable (Atlas) Orbitel PPU 907 (Liberty) Dr. Neuhaus Gipsy Card MNP (GSM Only) Fury Card 19.2 Duo (GSM/PSTN) Siemens S3, S4 Ericsson GH/GF388, GH/GF/PH337 Ericsson DC-23 (GSM Only) DC-12 (GSM Only) DC-33 (GSM/PSTN) Ericsson GH/GF338, GA318 DC-12 Motorola CELLectTM 1+ (GSM) CELLectTM 2 (GSM/PSTN) CELLectTM 3 (GSM/PSTN) Motorola data-capable Nokia Cellular Data Card DTP-2 Ver II (GSM Only) Cellular Data Card DTP-2 (GSM Only) Cellular Data Suite ("soft modem") Nokia 2110, 3110, 8110 Option International GSM-Only PC Card Modem GSM-Ready PC Card Modem (GSM/PSTN) Philips Mobile Data Card Twin Data Card Philips Spark Psion Dacom Gold Card Global Series Gold Card Network Series Gold Card Classic Range Siemens GSM Modem Card (GSM Only) Siemens S3 com, S4 GSM operators and network codes by country Country Operator name Network code Tel to customer service ------ ------------- ------------ ----------------------- Albania AMC 276 01 Andorra STA-Mobiland 213 03 Int + 376 824 115 Argentina Armenia Armentel Australia Optus 505 02 Int + 61 2 9342 6000 Telecom/Telstra 505 01 Int + 61 18 01 8287 Vodafone 505 03 Int + 61 2 9415 7236 Austria Mobilkom Austria 232 01 Int + 43 664 1661 max.mobil. 232 03 Int + 43 676 2000 Azerbaidjan Azercell 400 01 Int + 994 12 98 28 23 Bahrain Batelco 426 01 Int + 973 885557 Bangladesh * Grameen Phone Ltd ??? ?? Belgium Belgacom 206 01 Int + 32 2205 4912 Mobistar 206 10 Int + 32 95 959500 Bosnia Cronet 218 01 PTT Bosnia 218 19 Botswana Brunei DSTCom 528 11 Jabatan Telekom 528 01 Bulgaria Citron 284 01 Int + 359 88 500031 Burkina Faso OnaTel Cambodia CamGSM Cameroon PTT Cameroon Cellnet 624 01 Chile China Guangdong MCC 460 00 Beijing Wireless China Unicom 460 01 Zhuhai Comms DGT MPT Jiaxing PTT Tjianjin Toll Congo * African Telecoms Croatia HR Cronet 219 01 Int + 385 14550772 Cyprus CYTA 280 01 Int + 357 2 310588 Czech Rep. Eurotel Praha 230 02 Int + 42 2 6701 6701 Radio Mobil 230 01 Int + 42 603 603 603 Denmark Sonofon 238 02 Int + 45 8020 2100 Tele Danmark Mobil 238 01 Int + 45 8020 2020 Egypt Arento Estonia EMT 248 01 Int + 372 6 397130 Radiolinja Eesti 248 02 Int + 372 6 399966 Ritabell Ethiopia ETA 636 01 Fiji Vodafone 542 01 Int + 679 312000 Finland Radiolinja 244 05 Int + 358 800 95050 Telecom 244 91 Int + 358 800 17000 * Alands Mobil 244 05 * Telivo Ltd. France France Telecom 208 01 Int + 33 1 44 62 14 81 SFR 208 10 Int + 33 1 44 16 20 16 Fr.Polynesia Tikiphone 547 20 Fr.W.Indies Ameris 340 01 Georgia Superphone * Geocell 282 01 * Magticom 282 02 Germany D1, T-Mobil 262 01 Int + 49 511 288 0171 D2, Mannesmann 262 02 Int + 49 172 1212 Ghana Franci Walker Ltd * ScanCom 620 01 Gibraltar GibTel 266 01 Int + 350 58 102 000 G Britain Cellnet 234 10 Int + 44 753 504548 Vodafone 234 15 Int + 44 836 1191 Jersey Telecom 234 50 Int + 44 1534 882 512 Guernsey Telecom 234 55 Manx Telecom 234 58 Int + 44 1624 636613 Greece Panafon 202 05 Int + 30 94 400 122 STET 202 10 Int + 30 93 333 333 Guinea Int'l Wireless * Spacetel Hong Kong HK Hutchison 454 04 SmarTone 454 06 Int + 852 2880 2688 Telecom CSL 454 00 Int + 852 2888 1010 Hungary Pannon GSM 216 01 Int + 36 1 270 4120 Westel 900 216 30 Int + 36 30 303 100 Iceland Post & Simi 274 01 Int + 354 800 6330 India Airtel 404 10 Int + 91 10 012345 Essar 404 11 Int + 91 11 098110 Maxtouch 404 20 BPL Mobile 404 21 Command 404 30 Mobilenet 404 31 * Skycell 404 40 Int + 91 44 8222939 RPG MAA 404 41 Usha Martin Modi Telstra Sterling Cellular Mobile Telecom Airtouch BPL USWest Koshiki Bharti Telenet Birla Comm Cellular Comms TATA Escotel JT Mobiles Indonesia * TELKOMSEL 510 10 Int + 62 21 8282811 PT Satelit Palapa 510 01 Int + 62 21 533 1881 PT Kartika Excelcom 510 11 Iraq Iraq Telecom 418 ?? Iran T.C.I. 432 11 Int + 98 2 18706341 Celcom Kish Free Zone Ireland Eircell 272 01 Int + 353 42 38888 Digifone 272 02 Int + 353 61 203 501 Italy Omnitel 222 10 Int + 39 349 2000 190 Telecom Italia Mobile 222 01 Int + 39 339 9119 Ivory Coast Ivoiris 612 03 Int + 225 23 90 00 Telecel 612 Comstar 612 01 Int + 225 21 51 51 * Loteny Telecom 612 05 Japan Jordan JMTS 416 01 Kenya Kenya Telecom Kuwait MTCNet 419 02 Int + 965 484 2000 La Reunion SRR 647 10 Laos Lao Shinawatra 457 01 Latvia LMT 247 01 Int + 371 256 2191 Lebanon Libancell 415 03 Cellis 415 01 Lesotho Vodacom 651 01 Liechtenstein Natel-D 228 01 Lithuania Omnitel 246 01 Bite GSM 246 02 Int + 370 2 232323 P&T LUXGSM 270 01 Int + 352 4088 7088 Lybia Orbit Macao CTM 455 01 Int + 853 8913912 Macedonia PTT Makedonija 294 01 Madagascar * Sacel Malawi TNL 650 01 Malaysia Celcom 502 19 Maxis 502 12 Malta Advanced 278 ?? * Telecell 278 01 Marocco O.N.P.T. 604 01 Int + 212 220 2828 Mauritius Cellplus 617 01 Int + 230 4335100 Monaco France Telecom 208 01 Int + 33 1 44 62 14 81 SFR 208 10 Int + 33 1 44 16 20 16 Office des Telephones Mongolia MobiCom Mozambique Telecom de Mocambique Namibia MTC 649 01 Int + 264 81 121212 Netherlands PTT Netherlands 204 08 Int + 31 6 0106 Libertel 204 04 Int + 31 6 54 500100 New Caledonia Mobilis 546 01 New Zealand Bell South 530 01 Int + 64 9 357 5100 Nigeria EMIS Norway NetCom 242 02 Int + 47 92 00 01 68 TeleNor Mobil 242 01 Int + 47 22 78 15 00 Oman General Telecoms 422 02 Pakistan Mobilink 410 01 Int + 92 51 273971-7 Philippines Globe Telecom 515 02 Int + 63 2 813 7720 Islacom 515 01 Int + 63 2 813 8618 Poland Plus GSM 260 01 Int + 48 22 607 16 01 ERA GSM 260 02 Portugal Telecel 268 01 Int + 351 931 1212 TMN 268 06 Int + 351 1 791 4474 Qatar Q-Net 427 01 Int +974-325333/400620 Reunion * Romania MobiFon 226 01 Int + 40013022222 MobilRom 226 10 Int + 40012033333 Russia Mobile Tele... Moscow 250 01 Int + 7 095 915-7734 United Telecom Moscow NW GSM, St. Petersburg 250 02 Int + 7 812 528 4747 Dontelekom 250 ?? KB Impuls 250 ?? San Marino Omnitel 222 10 Int + 39 349 2000 190 Telecom Italia Mobile 222 01 Int + 39 339 9119 SaudiArabia Al Jawal 420 01 EAE 420 07 Senegal Sonatel 608 01 Seychelles SEZ SEYCEL 633 01 Serbia Singapore Singapore Telecom 525 01 Int + 65 738 0123 MobileOne 525 03 Slovak Rep Eurotel 231 02 Int + 421 903 903 903 Globtel 231 01 Int + 421 905 905 905 Slovenia Mobitel 293 41 Int + 386 61 131 30 33 Digitel 293 ?? South Africa MTN 655 10 Int + 27 11 445 6001 Vodacom 655 01 Int + 27 82 111 Sri Lanka MTN Networks Pvt Ltd 413 02 Spain Airtel 214 01 Int + 34 07 123000 Telefonica Spain 214 07 Int + 34 09 100909 Swaziland * Sweden Comviq 240 07 Int + 46 586 686 10 Europolitan 240 08 Int + 46 708 22 22 22 Telia Mobile 240 01 Int + 46 771 91 03 50 Switzerland PTT Switzerland 228 01 Int + 41 46 05 64 64 Syria SYR MOBILE 417 09 Tahiti * Taiwan LDTA 466 92 Int + 886 2 321 1962 Tanzania Tritel 640 01 Thailand TH AIS GSM 520 01 Int + 66 2 299 6440 * Total Access Comms 520 18 Tunisia * Tunisian PTT Turkey Telsim 286 02 Int + 90 212 288 7850 Turkcell 286 01 Int + 90 800 211 0211 UAE UAE ETISALAT-G1 424 01 UAE ETISALAT-G2 424 02 Int + 971 4004 101 Uganda Celtel Cellular 641 01 Ukraine * Mobile comms 255 01 * Golden Telecom 255 05 * Radio Systems * Kyivstar JSC Vatican Omnitel 222 10 Int + 39 349 2000 190 Telecom Italia Mobile 222 01 Int + 39 339 9119 Vietnam MTSC 452 01 * DGPT 452 02 Yugoslavia Mobile Telekom Pro Monte Zaire African Telecom Net Zimbabwe NET*ONE 648 01