. 12
( 132 .)


The MSC deals with registration, authentication (the MSC requests information from the
authentication centre but it is the MSC which actually does the authentication), mobile
device location updating and routing of calls to and from a mobile user. An MSC which
provides the connectivity from the mobile network to the ¬xed network, e.g. ISDN or
PSTN, is known as a gateway-MSC (G-MSC).

Home location register (HLR)
When a subscriber registers with an operator, they enter into what is known as a service
level agreement (SLA). This operator™s mobile network is known as the home network or
home public land mobile network (H-PLMN). The HLR is a huge database located within
this home network which stores administrative information about the mobile subscriber.
The information stored for a user in the HLR will include their IMSI, service subscription
information, service restrictions and supplementary services. The HLR is also expected
to know the location of its mobile users. It actually knows their location only to the VLR
with which the mobile device is registered. The HLR also only knows the location of
a mobile device which is switched on and has registered with some mobile operator™s
network. This is the case even if the mobile is in a different country connected to another
mobile operator™s network, as long as a roaming agreement exists between the two mobile
operators. The GSM system provides all the technical capabilities to support roaming;
however, this roaming agreement is also required so that both operators can settle billing
issues arising from calls made by visiting mobile subscribers.

Visitor location register (VLR)
The VLR is another database of users and is commonly integrated with an MSC. Unlike
the HLR, where most information is of a permanent nature, the VLR only holds temporary
information on subscribers currently registered within its vicinity. This vicinity covers the
subscribers in the serving area of its associated MSC. When a mobile device enters a new
area, the mobile device may wish to connect to this network and if so informs the MSC of
its arrival. Once the MSC checks are complete, the MSC will update the VLR. A message

is sent to the HLR informing it of the VLR which contains the location of the mobile.
If the mobile device is making or has recently made a call, then the VLR will know the
location of the mobile device down to a single cell. If the mobile device has requested
and been granted attachment to a mobile network, but not made any calls recently, then
the location of the mobile device will be known by the VLR to a location area, i.e. a
group of cells and not a single cell. A mobile device that is attached to a mobile network
where a roaming agreement is in force, i.e. is not in its H-PLMN, is said to be in a visited

Equipment identity register (EIR)
The EIR is a list of all valid mobiles on the network. If a terminal has been reported
stolen or the equipment is not type approved then it may not be allowed to operate in the
network. The terminals are identi¬ed by their unique IMEI identi¬er.

Authentication centre (AuC)
The AuC is a database containing a copy of the secret key present in each of the users™
SIM cards. This is used to enable authentication and encryption over the radio link. The
AuC uses a challenge“response mechanism, where it will send a random number to the
mobile station; the mobile station encrypts this and returns it. The AuC will now decrypt
the received number and if it is successfully decrypted to the number originally sent, then
the mobile station is authenticated and admitted to the network.

To make and receive calls, the location of the mobile device has to be known by the
network. It would be extremely inef¬cient if a user needed to be paged across an entire
network, and almost impossible to support roaming to other networks. Each cell broad-
casts its globally unique identity on its broadcast channel, which is used by the mobile
device for location purposes. Mobility management is the mechanism that the network
uses for keeping a dynamic record of the location of all of the mobile devices currently
active in the network. In this context, location does not refer speci¬cally to the geo-
graphical location of the mobile device, but rather its location with respect to a cell in
which it is currently located. However, for the development of cellular towards third
generation, geographical location becomes important as an enabler for location-based
services (LBS).
The major bene¬t of the cellular telephone over a ¬xed landline is the mobility that it
presents to the subscriber. Initially, this mobility was merely allowing the user to move
around and be tracked within a certain area; however, now mobility extends to cover the
concept of roaming. Unfortunately, the provision of mobility makes the network much
more complex to design and operate. As a subscriber moves from one location to another,
the strength of the signal it receives from the base station to which it is currently listening
will ¬‚uctuate, and, conversely, the signal received by the base station from the mobile
device will also vary. Both the network and the mobile device must constantly monitor

the strength of the signal, with the mobile device periodically reporting the information it
has measured to the network. The mobile device also monitors the strength of other cells
in the vicinity. When the signal strength gets too weak from a particular base station, a
handover (also known as a handoff) to a base station in another cell may take place. The
network must try to guarantee that in the event of a handover, the user call is not dropped
and there is a smooth transition from cell to cell, even if the user is moving quite rapidly,
as is the case for a motorist. Figure 3.5 indicates the information that is stored within the
network when a mobile device is in idle and dedicated mode. The HLR, which is in the
home network, knows which VLR has information regarding the particular subscriber.
The information the VLR holds depends on the connection state of the mobile device: in
idle mode only the location area (LA) is known whereas in dedicated mode the actual
cell is known.
Much of the GSM mobile network is designed and implemented in a hierarchical
manner and it can be seen from Figure 3.6 that as a subscriber™s geographical location
changes, there may be rather frequent movements from one cell to another. The change
of a cell from one base station to another is relatively simple if the BTSs are controlled
by the same BSC. The change of a BSC is more complex and hence will require more
signalling but will occur less frequently since each BSC controls a number of BTSs. A
change of the MSC is also possible but, again, this should be rather infrequent for most
users. If a user is in a vehicle and moving at high speed, then a number of MSC handovers
may take place during a prolonged voice call. However, this will probably occur rarely as
the vehicle will likely have crashed or the driver been arrested before handover occurs!
This system of handover enables a subscriber to continue with a call in progress while
moving from one geographical area to another. This is illustrated in Figure 3.6.

• When User 1 changes from one cell to another, a cell update is required. As noted, this
does not require much in the way of signalling.
• When User 2 changes cell, a cell update and a BSC update are required. This will
require more signalling, with the MSC controlling the change in BSC.
• When User 3 changes cell, a cell update, a BSC update and an MSC update are required.
This is a much more complex task, which will require a greater amount of signalling.

Dedicated Mode Idle Mode

IMSI: known IMSI: known
LA: known LA: known
Cell: known Cell: ?????


IMSI: known IMSI: known
VLR: known VLR: known

Figure 3.5 GSM idle and dedicated mode

User 1 LA1


User 3


User 2



Figure 3.6 Location area updates

Note that these updates only take place when a mobile device has a call in progress,
or in what is referred to as dedicated mode. Mobile devices which do not have a call in
progress but may have registered with the network are said to be in idle mode. Mobile
devices in idle mode will only send periodic updates indicating that the mobile is still
active, thus reducing the signalling load on the network. When a user wishes to make a
call, the mobile device will transparently update the network as to its position and move
to dedicated mode. In idle mode the location of the mobile device is still known but over
a number of cells rather than a single cell. In idle mode the mobile device monitors a
certain area spanning a number of cells, known as a Location Area (LA, see below), and
sends location update information to the network when:

1. The mobile device physically crosses a boundary between LAs.
2. A certain period of time has elapsed. Even when the mobile device is stationary,
after a long period of inactivity it will send an update to allow the network to refresh
its stored information regarding the subscriber™s location. Devices which do not send
this update will be assumed to have left the coverage area and their data may be
removed from the network. This interval is network con¬gurable and could be, for
example, one hour.

Location area
An LA is a group of neighbouring cells that are controlled by a single MSC. As illustrated
in Figure 3.6 an MSC may control a number of LAs.

• The location of a mobile device in dedicated mode (making a call) is known down to
the cell level.
• The location of a mobile device in idle mode is only known down to the LA level. In
idle mode the mobile device can still listen to cell broadcasts and monitor for paging,
so that it can listen for incoming (i.e. mobile terminated) calls.

There is a tradeoff between a small LA and a large grouping of cells. A small LA
means that there are many location updates as subscribers move from LA to LA, which
may cause signalling congestion. There is also an issue of the power used by the mobile
device to transmit these updates, which may eventually cause the battery to go ¬‚at. A
larger LA, on the other hand, means that when it is required to locate a mobile device (for
a mobile terminated call) a page over all the cells in the LA is required. This increases the
downlink paging signalling, even in those cells within the LA where the mobile device is
not located. The size of an LA is very much in the hands of the mobile operator and its
network planning process. An LA could be one cell, or it could be all the cells under one
MSC. Generally, an urban area will have smaller LAs to reduce the amount of signalling
load during subscriber paging. The LA planning is in line with the demographic pro¬le
of the country.
One problem that often occurs in practice with LAs is a ping-pong effect, where a
subscriber moves a relatively short distance across an LA boundary, and performs an LA
update, only to move back again, resulting in another LA update. This problem can be
alleviated to some extent by network planning.

There is a limited spectrum of frequencies that is both available and suitable for GSM.
Cellular operators have to compete for this bandwidth with the likes of the military,
broadcast television and broadcast radio. The available electromagnetic spectrum has
been split into a number of bands by both national and international regulatory bodies.
However, in many cases, the national regulatory bodies of some countries had already
allocated the spectrum internally before international standardization had been rati¬ed.
The resulting effect is that cellular spectrum bands are not exactly the same worldwide.
Fortunately there was much international agreement on the frequencies in the 900 MHz
and 1800 MHz bands, which brought in large economies of scale, reducing the price of
handsets, and thus enabling GSM to ¬‚ourish. GSM was originally designed to work in a
900 MHz band but is now used in 1800 MHz, 1900 MHz and a number of others, such
as 450 MHz. As shown in Figure 3.7, the 900 MHz range is made up of two separate
25 MHz bands, between 890“915 MHz and 935“960 MHz. The lower 25 MHz is used
for the mobile station, or uplink, transmission and the upper 25 MHz of the range is

20 Mhz

GSM Mobile Station Transmits GSM Base Station Transmits

890 915 935 960
Mhz Mhz Mhz Mhz

Figure 3.7 Original GSM band

used for base station, or downlink, transmission. There is a gap of 20 MHz between the
transmission sub-bands i.e. the GSM base station transmit band starts at 890 + 45 MHz.
The mobile device transmits on the lower frequency since it is a physical property of
electromagnetic waves that there will generally be less attenuation on lower frequencies.
The base station is not reliant on a small battery and can therefore radiate greater power,
thus the greater attenuation in the downlink is not seen as a major problem, allowing the
mobile device to avail itself of better transmission characteristics.
As discussed, GSM works on a combination of frequency division multiplexing (FDM),
and time division multiplexing (TDM) multiple access schemes. It also uses slotted-Aloha,
a contention method which is similar in operation to Ethernet. This contention mechanism
is required since it is possible for two mobile subscribers to make a request for resources
at exactly the same time. The mobile stations use this contention method to compete with
each other to request a traf¬c channel (TCH), which is required for a call. Like Ethernet,
there is a chance that a collision will occur, so mechanisms are implemented to deal
with this.
The FDM allocates each GSM channel 200 kHz of bandwidth and therefore there are
25 MHz/200 kHz = 125 channels available in each direction. One of these channels is
not used for data transfer but is used as a guard band, leaving 124 channels available
for communication. A matching pair of GSM frequency channels, i.e. one uplink and a
corresponding downlink, is controlled by a device referred to as a transceiver (TRX). All of
the operators in a country using GSM900 have to share these 124 channels and they will be
allocated a licence covering a range of them by the national telecommunications regulator.
Say there are four mobile operators in a given country. Each of them may be allocated
31 channels (124/4). For example, Operator 1 may be allocated 31 channels starting from


. 12
( 132 .)