Introduction of GSM Principle

1. Overview
1.1 1.2 2. 2.1 2.2 2.3 2.4 3. 4. 5. 6. 6.1 6.2 6.3 7. 7.1 7.2 8. 9. Development and basic parameters of GSM Division and usage of frequency bands System introduction System structure Subsystem introduction Interfaces and protocols Usage of TC and SM Division of service areas Numbering of GSM system Voice signal processing Air interface Logical channel Burst Mapping of Logical channel and Physical channel System management functions Security management (authentication and encryption) Mobility management Example of Call process Service introduction

Chapter 1

Overview

1.1 Development and basic parameters of GSM

Mobile communication means that both parties or at least one party in message communication is in the mobile status. In the 1920s, mobile communication began its application in the martial fields and other special areas, then expanded gradually to civil applications in the 40s. Only the last decade witnesses its robust development. Due to its obvious advantages, it has a bright prospect in the future. Mobile communication has developed from analog communication to digital communication. At present, the mature digital communication system includes GSM in pan-Europe, and ADC in America and JDC (now called PDC) in Japan. Among them, GSM attracts great concern. Its development process is as follows: In 1982, CEPT established a special working group on GSM to develop the 2nd generation mobile communication system.

In 1986, 8 recommended systems based on a lot of research and experiment in Europe were tested on site in Paris. 1n 1987, after the on-site test and demonstration, GSM members made a consensus on adopting TDMA (Time Division Multiple Access) standard, RPE-LTP (regular pulse excitation long-term prediction) voice encoding, and GMSK (Gauss Minimum Shift Keying) modulation. In 1988, 18 European countries signed a MOU on GSM. In 1989, GSM Standard took effect. 1n 1991, GSM system was officially released and the network was commissioned to operate, which marked the birth of the 2nd generation of the mobile communication.

1.2 Division and usage of frequency bands

Feature: GSM 900 DCS1800 Transmission type service channel control channel 271KF7W 271KF7W 271KF7W 271KF7W Radio frequency band (MHZ) base station mobile station 935-960 890-815 1805-1880 1710-1785 Interval of duplex (MHZ) 45 95 Interval of Radio frequency and carrier frequency (KHZ): 200 200 Max. and Min. radius of cell: 0.5 35 0.5 35 Connection mode: TDMA TDMA Modulation: GMSK GMSK Transmission rate (kbps): 270.833 270.833 Voice encoding at full speed Bit rate (bit rate) (kbitls) error protection 13 9.8 Encoding algorithm: RPE-LTP RPE-LTP Channel encoding: interleaving pulse error check and convolutional code with 1/2 encoding rate interleaving pulse error check and convolutional code with 1/2 encoding rate Control channel structure: Common control channel, channel associated control channel, broadcasting channel Yes Fast and slow speed Yes Yes Fast and slow speed Yes Time-relay balance capacity (215) 20 20 International roaming: capable capable

Chapter 2
2.1 System structure

System Introduction

The typical structure of GSM is as shown in Fig.2-1

OSS NMC NSS OMC DPPS PCS SEMC

BTS MS BSS BTS

BSC

MSC/VLR

HLR/AUC EIR PSTN ISDN PDN

Fig.2-1 GSM System Structure OSS: Operating Support System BSS: Base Station System NSS: Network Subsystem NMC: Network Management Center DPPS SEMC: Security Management Center PCS OMC: Operation Maintenance Center MSC: Mobil System Center VLR: Visitor Location Register HLR: Home Location Register AUC: Authentication Center EIR: Equipment Identification Register BSC: Base Station Controller BTS: Base Transmission Station PDN: Public Data Network PSTN: Public Service Telephone Network ISDN: Integrated Services Digital Network MS: Mobile Station One GSM system consists of three subsystems: OSS, BSS and NSS. BSS, which is the basic component with direct relation to cells, connects to a mobile station through radio interfaces to manage the radio transmitting& receiving and radio resources. NSS, the core of the whole system, serves to offer exchange, connection and management among GSM mobile subscribers or between GSM mobile subscribers and other communication network subscribers in the communication such as call processing, communication management, mobile management, partial radio resources management, security management, user data and equipment management, billing record management, public channels, signaling processing and local operation maintenance. BSS mainly serves to transmit & receive the radio message and manage the radio resources; BSS is also connected with NSS to transmit the system and user message among the mobile subscribers or between the mobile subscribers and fixed network subscribers; BSS and NSS are also connected with OSS.

2.2 Subsystem description

2.2.1 Mobile Station (MS) The mobile station refers to the equipment that the users directly use for mobile communication.

Digital communication is personalized to some extent with the advent of personal-data-contained SIM card and separation of physical equipment for communication. SIM card contains the userrelated messages of radio interface, authentication and encryption; the physical equipment could be handsets, a vehicle-borne system or mobile terminal directly connected to the terminal equipment. 1 Base Station Controller BSC, the control part of BSS, performs the following functions: a. Interface management: It supports A interface with MSC, Abis interface with BTS, and X. 25 with OMC. b. Land channel management of BTS-BSC It monitors the radio signaling link and operation & maintenance link between BSC and BTS, and manages the distribution of radio transaction channel. c. Management of radio parameter and radio resources Radio parameters include BTS carrier frequency, non-consecutive receiving and transmission application in air interface, min. level setting for mobile station connection network, mapping between logical channel and physical channel. Radio resources include cell internal channel configuration, distribution management of private channels and transaction channels, and management of switchover resources. d. Measurement and statistics Measurement on radio chain: process the measurement report from mobile station and BTS to consider whether adjust the power of BTS and mobile station or switchover; Traffic statistics: offer statistics of inhibition rate of transaction channel, call completion rate, across-cell switchover frequency, and voucher of system dilation and cell splitting. e. Switchover The switchover objects are chosen based on the cell power level, voice quality and jamming. BSC can fully control the switchover of the cell which is controlled by the same BSC. For cells controlled by a different BSC, the MSC will complete the switchover. f. Call support control It links voice channel through exchange circuit, and offers the caller and the called party distribution mechanisms. g. Operation and maintenance It serves to collect the alarm messages from BSC and BTS and transmit the messages to DMC, and update the internal resources list; and finally support OMC to upgrade the BBS software. 2 Base Transmission Signaling BTS, a wireless part of BSS, is under the control of the base station controller (BSC) to serve as the radio transmitting & receiving equipment in a certain cell. It acts as the air interface between BTS and mobile station (MS). BTS consists of a base band unit, a carrier frequency unit and a controlling unit. Among them, the base band unit serves for voice and data speed adaptation and channel encoding; the carrier frequency unit serves for the coupling between modulation/debugging and transmitter/receiver; and the controlling unit serves for the operation & maintenance of BTS.

2.2.3 Network Subsystem (NSS) 1 Mobile Service Center (MSC) MSC, the core of the whole network, can offer full or partial functions of NSS, coordinate and control each function entity of BSS and OSS in the GSM network. Firstly, MSC provides interfaces with BSC. The A interface provides the TDMA standard of GSM90011800, and the At interface provides access of CDMA. MSC also provides interfaces among internal function entities, and interfaces with PSTN, ISDN, PSPDN and PLMN for management; secondly, it supports a series of services including telecom services, carrier services and supplementary services; thirdly, it offers other network services such as location registration, across-cell switchover and automatic roaming. 2 Visitor Location Register (VLR) VLR serves the mobile subscribers within the control area. It stores messages of registered users within the control area and enables the registered mobile subscribers to make calls. When a certain user enters the control area of VLR, the home location register (HLR) will obtain and store the required data of the mobile subscriber. Once the user leaves the control area, VLR will delete the data of the user. VLR is realized in each MSC. 3 Home Location Register (HLR) Compare to VLR, HLR is a static database. It also stores some dynamic data of some roaming mobile subscribers within MSC including user identification No., access capacity, user type and supplementary services. HLR controls the whole mobile area and PLMN. 4 Authentication Center (AUC) The authentication center stores the authentication message and encrypting private key to prevent connection of unauthorized users with the system as well as the data theft of radio interface. 5 Equipment Identification Register (EIR) EIR stores the international mobile equipment identification (IMEI) of mobile equipment. By checking three kinds of list (white list, gray list and black list), EIR can prevent the switchover access of unauthorized users, monitor the operation of fault equipment, and guarantee the security of network operation. 2.2.4 Operation Subsystem (OSS) OSS consists of NMC, SEMC, DPPS and PCS. This section will not be described in detail as it is independent in management.

2.3 Interfaces and protocols

In the competitive mobile communication market, each manufacturer can produce its own communication equipment. To enable the telecom operators to choose the equipment made by different makers, technical specifications should be stipulated to offer interface standards for different equipment. To offer services of international roaming of the GSM system and ISDN, the No. 7 signaling system and signaling network are introduced to GSM system.

2.3.1 Main interfaces of GSM system

Fig. 2-2 Main interfaces of GSM system The main interfaces of GSM system refer to the A interface, the Abis interface and the Um interface. The standard of three interfaces enables the telecom operators to integrate various devices to one GSM digital telecom network. 1. A interface A interface is defined as the communication interface between NSS (network subsystem) and BSS( base station system). Systematically, it refers to the interface between MSC( mobile service center) and BSC( base station controller). The physical link adopts digital transmission link at the speed of 2.048Mb/s. This interface serves to transmit the messages of mobile station management, base station management, mobile management and connection management. 2. Abis interface Abis interface defines the communication standard between BSC(base station controller) of BSS (base station system)and BTS (base transmission system) for remote end interconnection. The BS interface shown in the above figure, an exception for Abis interface, defines the standard in which the distance between the BSC and BTS is less than 10 meters. They are connected by digital link at a rate of 2.048Mb/s PCM. The interface supports all customer-oriented services, control of BTS radio equipment and distribution of radio frequencies. 3. Um interface Ums interface is defined as the communication interface between mobile station and BTS (mobile transmission station), and intercommunication of fixed parts between mobile station and GSM system. The physical link adopts radio links. This interface transmits the messages of radio resources management, mobile function management and connection management. 2.3.2 Internal interface of NSS (Network Subsystem) The internal interface of NSS (Network Subsystem) sees to the Fig. 2-3

Fig. 2-3 Internal interfaces of NSS 1. B interface B interface, defined as the internal interface between VLR (visitor location register) and MSC (mobile service center), enables MSC to inquire VLR about the current location of mobile station, or inform VLR the updated location of mobile station. 2. C interface C interface, defined as the interface between HLR (hold location register) and MSC (mobile service center), serves to transmit the messages of routing choice and management. If HLR acts as the billing center, the MSC of the mobile station which sets up or receives a call will transmit the billing messages to the HLR. Once a call to a mobile subscriber is set up, GMSC (gateway mobile service center) will inquire HLR about the roaming number of the mobile subscriber. The physical link adopts PCM digital transmission link at the speed of 2.048 Mb/s. 3. D interface D interface, defined as the interface between LHL and VLR, serves to exchange the messages of the mobile station location and user management. D interface enables the mobile station to set up and receive a call within the whole service area. The practical GSM system integrates the VLR to MSC. HLR adopts the digital link at the speed of 2.048Mb/s. 4. E interface E interface refers to the interface which controls different MSC in the neighboring area. During the calling process, the across-cell channel switchover is required to prevent communication interruption when MS movers from the control area of one MSC to the neighboring MSC. This interface offers the message exchange to start and complete the switchover. The physical link of E interface adopts digital link at the speed of 2.048 Mb/s through MSC. 5. F interface F interface, defined as the interface between MSC and EIR (equipment identification register), serves to exchange the management messages of IMSI. The physical link of F interface adopts PCM digital link at the speed of 2.048Mb/s through MSC and EIR. 6. G interface G interface is defined as the interface between VLR. When TMSI (temporary mobile service identification) is adopted, G interface serves to inquire VLR about the IMSI messages of the mobile subscriber. The physical link of G interface adopts digital link at the speed of 2.048Mb/s.

2.3.3 Interfaces between GSM and other PSTN Other public telecom networks refer to PSTN, ISDN, PSPDN and CSPDN. The GSM system is interconnected with the public telecom network through MSC. The interface should conform to the standard of CCITT interfaces and signaling as well as that of the standards stipulated by state telecom operators. Based on the development of PSTN and prospect of ISDN in China, the interconnection of GSM system and PSTN and ISDN adopts No. 7 signaling system interface. The physical link adopts standard digital link at the speed of 2.048Mb/s through MSC. If equipped with an ISDN switch, HLR can establish direct signaling interfaces with ISDN to enable ISDN to inquire HLR about the mobile station location through ISDN number of the mobile subscriber. As a result, the call routing from mobile station to MSC is established. 2.3.4 Interfaces and protocols Protocol, the common language among each function entity, serves to transmit messages through each interface. In order to offer communication and management of the GSM system, different interfaces will adopt different physical links to establish an efficient message transmission channel. Whats more, the layered protocol configuration of the GSM interfaces takes the consideration of ISDN interconnection, and conforms to the reference model of open system interconnection. As to the function of the layer, it serves to separate each signaling protocol, and describe the protocol of consecutive independent layer. Each layer protocol will offer specific services to its upper layer protocol at the service access point. The structure chart of layered protocol of GSM system is as shown in Fig. 2-4.

Fig. 2.4 Protocol layer structure of the main interfaces of the system CM: consecution management BTSM: base station system management MTP: message transmission protocol MM: mobile management Um: interface between MS and BTC MSC: mobile service center RR : radio resource Abis: interface between BTS and BSC BSC: base station controller MS: mobile station SCCP: signaling connection control protocol BTS: base transmission station

L1-L3: Layer1-3 A: interface between BSC and MSC BSSMAP: base subsystem mobile application protocol LAP Dm: Dm digital link protocol of ISDN 1. Layer structure description of each protocol (1) Signal layer 1(also called physical layer) As the lowest part of a radio interface, it offers the physical link for transmitting bit flow and various logical channels including transaction channel and logical channel for upper layers. Each logical channel has its own logical access point. (2) Signal layer 2 It serves to establish a reliable and private data link between the mobile station and the base station. L2 protocol is D channel access protocol (LAP-D) based on ISDN. But the L2 protocol in the Um interface makes some change to be called LAPDm. (3) Signal layer 3 It serves to transmit the control and management message. L3 consists of three basic sublayers: RR, MM and CM. CM owns many control units to provide call processing; the SS (supplementary service) units and SMS (short message service) units in CM provide supplementary services and short message services. 2. Interconnection of Signal layer 3 The reference model of signaling protocol at A interface is as shown in Fig. 2-5

BSSAP: BSS application protocol SCCP: signaling connection controlling protocol DTAP: direct transfer application protocol MTP: message transfer protocol BSSMAP: base mobile application protocol Fig.2-5 Reference model of signaling protocol at A interface Base station offers the radio cellular management under the automatic control or control of MAS. RR defines such function. The messages of RR are processed to map to the messages of BSSMAP, and transmit through the A interface. The sublayer for mobile management and connection management is terminated at MSC. MM and CM messages at A interface are transmitted through DTAP (direct transmission application protocol). BSS transmits the messages of MM and CM transparently. 3. Protocol of NSS and protocol between GSM system and PSTN Protocol of NSS and protocol between GSM system and PSTN is as shown in Fig.2-6

MAP TUP ISUP BSSAP TCAP SCCP MTP

TUP: telephone user protocol BSSAP: BSS application protocol ISUP: ISDN user protocol SCCP: signaling connection control protocol MAP: mobile application protocol MTP: message transmission protocol TCAP: transaction control application protocol Fig.2-6 No.7 Signaling protocol layer in GSM system The interface communication of each function entity in the NSS is supported by the No.7 signaling system. The communication between GSM system and PSTN system takes priority on adopting No. 7 signaling. The principle of No.7 signaling protocol layers supporting GSM system is as shown in Fig. 2-6. The non-call-related signaling adopts MAP to communicated with each interface in the NSS; the call-related signaling adopts TUP and ISUP for communication between MSC and PSTN and between MSC and ISDN. The TUP and ISUP protocol should conform to the relevant state technical specification. MAP signaling should abide by the GSM specification.

2.4 Code converter and submultiplexing (SM/BIE)

The voice signal at air interface adopts RPE-LPT encoding to be transmitted at the speed of 13Kbit/s. But voice signal adopts A encoding in PSTN to be transmitted at the speed of 16Kbit/s. In order to process the signal, the TC should be used. When the signaling is transmitted at the speed of 16Kbit/s, 2 bit is occupied at each channel over PCM circuit. In such cases, those signaling could be multiplexed to save transmission circuit. The equipment offering such functions is called SM; and the equipment for multiplexing at the Abis interface is called BIE. The following figure illustrates their locations.

Fig. 2-7 Location of TC and SM/BIE 1 TC unit TC is located between BSC and MSC. Its voice signal over the channel at the A interface is transmitted at the speed of 64 Kbit/s. However, in the direction of BSC, the voice signal over the channel at the A interface is transmitted at the speed of 16Kbit/s. The A interface conforms to the G.703 specification of 2M, but the remaining 6 bits is not occupied over each channel. Fig.2-8 indicates the channel structure of A interface and the A interface. The figure shows that TS

signaling conforms to the specification of CCITT. When BSS operation and maintenance are under the remote end control through radio protocol operation and maintenance center, the time slot 1 at the A interface is used as X.25 communication link between operation & maintenance center and BSS. If the BSS operation & maintenance center is directly connected with BSC through X.25, the time slot 1 is used as transaction channel. The time slot 16 is used as No.7 signaling link for call processing between BSC and MSC. The time slot 31 is used as operation & maintenance signaling link LAPD between TSC and BSC.

Fig.2-8 Time slots of A and A interfaces 2 SM SM can provide multiple multiplexing solutions. At most, 90 voice transaction channels can be multiplexed to a PCM 2M transmission circuit. As shown in Fig.2-9, the time slots 4,8,12 are used on synchronous links of each tributary; and the time slots 20, 24, 28 are used as the No.7 signaling links of each tributary before multiplexing.

Fig.2-9 Time slot allocation of SM before and after multiplexing 3 BIE (base station interface equipment) The distance between BTS and BSC determines whether the BSS adopts BIE transmitting equipment. If the distance is over 15 meters, BIE should be used; if less, the carrier frequency unit and operation & maintenance unit of BTS can be directly connected with cables, then to the TCU of BSC through the BS interface. The signaling at the BS interface is transmitted over the PSM circuit at the speed of 16Kbit/s. 2 signaling bits are transmitted each time slot. The GSM system specifies that there is at least one 64Kbit/s RSL between BSC and each frame unit, and at least one 64Kbit/s OML between BSC and BTS. As shown in the Fig. 2-10, time slot 28 is used as the operation link between BSC and TSC.

Fig.2-10 Time slot structure of BS interface BIE has flexible multiplexing. Fig.2-11 indicates the normal multiplexing. BIE offers or analyses time slot for RSL and OML.

Fig.2-11 Multiplexing at full speed

Chapter 3 GSM Networking and Concept of Location Area

3.1 GSM networking
Telecom operators attach great concern to the system service capacity. As the radio frequency resources are limited, the designing of the network should consider how to offer customers more services. As the GSM system adopts digital processing, the frequency can be multiplexed within a

small area. The multiplexing area can cover the whole physical area. The network should take all this into consideration. Fig.3-1 indicates the outline of GSM network.
MSC GMSC MSC BSC BSC BTS BTS BTS BTS BSC BTS BTS

Fig.3-1 GSM network As shown in the figure above, one GSMC controls several SMC. And one SMC controls several BSC. One BSC controls several BTS. BTS offers services to the smallest cell in the GSM network. The whole mobile network has formed a regional level.

3.2 Conception of GSM location area

1. Service area The service area refers to the area which offers services to the mobile station. The users of different communication networks do not need to know the exact location of mobile station or communication area. 2. PLMN PLMN refers to the geography area of land mobile network. It is an independent network from other networks such as ISDN and PSTN. 3. MSC MSC refers to a part of PLMN which is the common area of all cells under the control of MSC (mobile service center). One MSC region is composed of several Location areas. 4. Location area The location area refers to the area where mobile stations can move at random without updating the location. One Location area is composed of several cells (or base station areas). A call can be set up in all base stations simultaneously to one mobile station. 5. Base station area The base station area refers to the covered area of all cells which belong to one or several BTS within the same region. 6. Cells The cell refers to the radio covering area identified by base station identifier or global cell identifier. In the omni-directional antenna configuration, a cell is just a base station area. One specific cellular represents a cell. The conception of area level is indicated in Fig. 3-2

Fig. 3-2

Chapter 4 Numbering Plan of GSM System

4.1 Identification code of the mobile subscriber and the mobile station
a. IMSIC (international mobile service identification code) Each subscriber is assigned a unique IMSI which is valid within the service area of GSM system. When the call is made and location is updated, IMSI will be used and stored in HLR and ULR. As shown in Fig.4-1, IMSI contains no more than 15 digits and adopts decimalization encoding.

Fig.4-1 IMSI structure MCC: The mobile country code, consisting of 3 digits, is the unique code representing the user s country. MCC for China is 460. MNC: The mobile network code consists of 2 digits for identifying the mobile communication network of mobile subscribers. MSIN: The mobile subscribers identification network is unique to identify the mobile subscribers of certain mobile communication network. NMSI: The national mobile subscribers identification consists of MNC and MSIN. b. TMSI (temporary mobile subscriber identification) For the transmission security of the mobile subscribers, the transmission through the air interface adopts TMSI instead of IMSI. VLR will assign each subscriber a unique TMSI after

each authentication. The TMSI is only valid within the service area of a certain VLR. When the subscriber leaves the service area of the VLR, the code will be automatically released. The TMSI can serve to set up a call and update the location. Its total length is less than 4 digits. The structure of the TMSI can be defined by the local telecom departments. c. LMSI (local mobile subscribers identification) To speed up the VLRs search for the data of the subscribers, the assistant LMSI can be used to offer support. When the location is updated, VLR will assign the call-in subscriber a unique identification code. The use of LMSI is not necessary but on your choice. When the mobile subscriber is assigned a MSRN on each call, the LMSI should be used. LMSI consists of 4 digits and its structure can be defined by the local service carriers. d. IMEI (international mobile equipment identification) IMEI is a unique code to identify the equipment of one mobile station. Its structure is as shown in Fig.4-2.

Fig.4-2 Structure of IMEI TAC: Type approve code is assigned by Europe Type Approve Center FAC: Final assembly code indicates the location of manufacturer or assembly site. The code is defined by the manufacturer. SNR: It is a unique serial number to identify the equipment of TAC and FAC. SP: Supplementary.

4.2 MSN (mobile station number)

The numbering of GSM system should meet the following requirements: ! Any subscriber of ISDN/PSTN can exchange a call with the mobile subscriber of GSM PLMN. That means the mobile ISDN number should be suitable for the ISDN numbering in each country. ! Each operator can develop its own independent mobile station numbering project. ! The numbering project should not limit the roaming possibility of mobile station within different GSM PLMN. ! The numbering project should allow the change of the ISDN No. of the mobile station without changing the IMSI of mobile station, or change the IMSI of mobile station without changing the ISDN No. of mobile station. a. MSISDN It refers to the number that caller calls the mobile subscriber. Its structure is as shown in Fig.4-3

CC

NDC

SN

Fig. 4-3 Structure of MSISD

CC: It is the country code that mobile station registers. CC of China is 86. NDC: National domestic code. Each PLMN has one NDC. SN: Subscriber number NDC and SN specify a valid ISDN. Its structure can be defined by the state service carriers. b. MSRN When the mobile station is roaming, the call is transmitted to MSC of the mobile station. And VLR will assign the mobile station a temporary number to guarantee routing choice of GSM communication network. In this case, MSRN refers to the temporary number. There are two kinds of assignment of MSRN: On initial registration or location updating, VLR will assign a MSRN and then transmit it to HLR. When the mobile station is away from the area, VLR and HLR will delete this number and assign the number to other roaming subscribers. When a call is set up from the mobile station, VLR will assign a MSRN at the request of HLR. This number is valid within a certain period (such as 90 seconds). MSRN and MSISDN have the same structure with Max. 15 digits. MSRN can serve as the GT address of SCCP to search the MSC visited by roaming subscribers. For the mobile station roaming in a certain area, the MSRN is the unique valid number in VLR. c. Channel switchover number This number serves to temporarily establish a call link between two MSC for switchover. Its structure is similar to MSRN.

4.3 Identification of location area and base station

a. LAI (location area identification) LAI serves to detect the updating location and switchover. It is indicated in the Fig.4-4.
MCC MNC LAI LAC

Fig.4-4 Structure of LAI

MCC: mobile country code, the same as MCC of IMSI MNC: mobile national code, the same as MNC of IMSI LAC: location area code serves to identify each location area of mobile communication network. It adopts HEX encoding with max. 2 bytes. 0 encoding is not used to indicate the location. LAC can be defined by each operating department. b. CGI CGI is the unique cell identification for all GSMPLMN. CGI is composed of LAI and CI. CI adopts HEX encoding with 2 bytes. CGI can be defined by each operating departments.

c. BSIC It serves for the identification of different neighboring BTS which adopt the same carrier frequency, especially for identification in the boundary of the countries. BSIC adopts 6 bits encoding. The structure is as shown in Fig.4-5.

Fig. 4-5 Structure of BSIC NCC-PLMN color code is the unique code to identify different PLMN of neighboring countries. BCC-TBS color code is the unique code to identify the neighboring BTS which adopts the same carrier frequency. BSIC is used for project designing.

Chapter 5 Voice Signal Transmission in GSM System

Fig. 5-1 has indicates the whole process of voice transmission from SM processing to transmission end. The voice signal processing of GSM system will be introduced as follows.

Fig.5-1 Voice Processing at MS First, the voice is sampled by 8KHz through one analog/digital converter to become a code stream of 13Kbit/s at each 125 US after quantization; each segment is 20 Ms; through voice encoding, the code transmission rate is lowered to 13 Kbit/s; through channel encoding, the code transmission rate becomes 22.8 Kbit/s; through code interleaving, encryption and burst formatting, the code stream is transmitted at the speed of 33.8 Kbit/s. Finally, the voice is transmitted after modulation. The processing at receiving end is a reverse process. 1. Voice encoding This encoding method is called RPE-LTP. First, make 8KHz sampling to adjust each frame to be 20ms. Each frame contains 4 subframes. Each subframe is 5ms. The pure bit rate is 13 Kbit/s. 2. Channel encoding In order to detect and correct the error during transmission, the redundancy is introduced to data stream. Then the message, obtained by message resource data calculation, will help to improve the

transmission speed. A code stream forms after channel encoding; the code length of voice is 456 bits. The code stream is 13 Kbit/s through voice encoder with each consecutive segment 20ms. Each segment contains 260 bits including 59 very important bits, 132 important bits and 78 ordinary bits on which redundancy processing will be made as shown on Fig. 5-2.

Fig. 5-2 Channel Encoding Process Block encoder will introduce 3 redundancy codes. And the activated encoder will introduce the 2fold redundancy plus 4 end bits. 3. Interleaving After encoding, the voice signals form a serial of sequential frames. During transmission, bit error occurs abruptly which will influence the correctness of consecutive frames. Therefore, the interleaving technique focuses on breaking the sequence of each code. GSM system adopts double interleaving. After channel encoding, 456 bits is divided into 8 groups for the first interleaving as shown in Fig.5-3.
1 9 17 2 10 3 11 4 12 5 13 6 14 7 15 8 16

57bit

449

450

451

452

453

454

455

456

Fig.5-3 456 Bit Interleaving It is the first frame of voice frame. Suppose there are three voice frames as shown in Fig. 5-4.
A 20ms 57 456bit B 20ms 456bit C 20ms 456bit

Fig.5-4 Three Voice Frames One burst contains two groups of one voice frame as shown in Fig. 5-5.
3 57 1 26 1 57 3

Fig. 5-5 Structure of Burst

The first and last three end bits are for message demarcation. There are 26 training bits. Each 1 bit on the left and right of the training bit acts as the stealing flag. One burst carries the voice messages of two 57-bit segments (the burst introduction will be given in the following chapter). The process of the second interleaving is as shown in Fig.5-6. A A A A BA BA BA BA CB CB CB CB C C C C Fig.5-6 The second interleaving of voice codes 4. Hopping After the processing and modulation of voice signals, the hopping technique is also used before the transmission. The hopping technique is to constantly change the carrier frequency at different time slots ( It should conform to frequency regulation). The following explains why the hopping should be introduced. a. As the attenuation has frequency band, hopping can reduce the influence of Rayleigh attenuation. b. Interleaving source division features: In a dense service region, cellular capacity is limited due to the interference of frequency multiplexing. As the system is targeted to meet the demand of buyers, the Max. capacity of the system is calculated when the interference makes the call quality quite low in a given group of call. The smaller of decentralization statistics in the vicinity of a given C/I value becomes, the better of the system capacity is. In such a system, the interference of a call is the average value of interfering level caused by other calls. Therefore, in a given sum, the more of the interference source, the better of the system performance. 5. Allocation of bit rate at transmission end The code rate at transmission end is 33.8 Kbit/s with the allocation as follows: Voice encoding 13 Kbit/s Error protection of voice 9.8 Kbit/s

Slow channel associated with control channel(SACCH) 0.95Kbit/s Protection time and synchronous 10.1Kbit/s

Chapter 6 Air Interfaces of GSM System

The radio interface of the GSM system serves for connection between BTS and MS. As air channels are characteristic of mobile communications, a detailed description is necessary.

6.1 Air Channels of GSM system

1. Physical channel One basic concept of transmission on the GSM radio path is that the transmission unit is a sequence of about 100 modulating bits which are called a burst. The burst needs a certain frequency and time for transmission over carrier frequencies. GSM specifies that the bandwidth of each carrier frequency is 200 KHz. Each carrier frequency adopts TDMA with 8 time slots. The air physical channel is a physical entity with frequency width 200 KHz and time interval 0.577 ms as shown in Fig. 6-1.
t

0.577MS

f 200KHZ

Fig.6-1 Area of physical channel The following part will explain why the time interval is 0.577ms. 2. Logical channel A lot of messages including voice and control messages will be transmitted between BTS and MS. Those messages will be classified and transmitted over corresponding physical channels. This partition is called logical channel. Logical channel can be divided into control channel and service channel according to the carried message. The introduction of control channel is as follows: (1) BCH It is lower channel served to transmit broadcasting message to MS. a. FCCH It serves MS to identify carrier frequency of BCCH and keep frequency synchronous with MS. b. SCH

It serves MS to receive TDMC and keep MS synchronous with the system. Also, it receives frame number of TDMA and BSIC. c. Broadcasting control channel When MS roams, waits for call or sets up a call, BCCH will transmit some messages of cell including LAI, allowable Max. power and BCCH carrier frequency of neighboring cells. As each station is not synchronous, MS can obtain an entry message to other cell through BCH. (2) Public control channel a. PCH MS will keep watch of PCH at intervals to determine whether the paging is from itself or IMSI or TMSI. It is lower channel. b. RACH MS will access the network through RACH when the call is made to itself. It is upper channel. c. AGCH The network will allocate a signaling channel (SDCCH) through AGCH. It is lower channel. (3) DCCH a. SDCCH MS and BTS is SDCCH. Through SDCCH, MC informs the network which physical channel is used for transmission. Besides setting up a call, SDCCH also serves to transmit short messages. It is two-way channel. b. SACCH MS transmits the control message and signaling strength of neighboring base station to the network, and also receives system messages including transmission power and advance time. It is two-way channel. c. FACCH FACCH adopts stealing model for transmission over a segment of TCH. It is lower channel served to transmit switchover order to MS. (4) TCH TCH, serving to carry voice traffic, has two types: Full speed TCH (TCH/F) and half-speed TCH(TCH/#). Full speed TCH allows voice transmission at the speed of 13 Kbit/s or data transmission at the speed of 3 Kbit/s. Half speed TCH allows voice transmission at the speed of 7 Kbit/s or data transmission at the speed of 3/6 Kbit/s. It is two-way channel.

6.2 Burst
Voice signals should be formatted through burst. There are five types of burst: Normal burst Frequency correction burst Synchronous burst Access burst Pseudo burst Three main types will be described in detail

(1) Normal burst It serves to carry the message at TCH and control and shutdown BCCH, PCH, AAGCH, SDCCH and FACCH. The structure is as shown in Fig. 6-2.
3 57bit 1 26 1 57 3

Fig.6-2 Normal Burst The first and last three bits are 000 for the message demarcation. Two 57-bit segments are for the encrypted voice or data. 26 training bits, used as a channel model, serves to reduce the influence of time diversity at receiving end. The right and left 1 bit beside the training bit is the flag to indicate whether the burst is borrowed by FACCH. To enable the voice transmission at the speed of 13 bit/s, an attenuation method should be found between TDMA time slots and bursts. Take 26TCH burst as a cycle of 120ms, the time slot of one TDMA is calculated by 120/26 8+0.577MS. To meet the code speed, 0.577MS should transmit 156.25 bits. The remaining 8.25 bits are used for the message protection. As the mobile subscriber keeps moving, it will cause the deviation of the neighboring message. 8.25 bits are matched with 30Us to keep the message receiving and transmission synchronous. (2) Access burst Access burst is as shown in Fig.6-3.

Fig.6-3 Access burst It has 8 end bits and a long protection period. As the messages of advance time (caused by distance) is unknown at the first access and switchover to new BTS, the protection period can guarantee the transmitted message to enter the specified receiving time slot instead of overflow to the next time slot. (3) Pseudo burst The pseudo burst will be transmitted in the case that no message is carried.

6.3 Correspondence between logical channels and physical channels

1. Corresponding mode of BCH and CCCH It requires that the carrier frequency of BTS is transmitted at zero time slot at the cycle of 51 TDMA frames. Both are lower channels. The cycle structure is as shown in Fig.6-4.

Fig.6-4 Cycle structure of BCH and CCCH F: FCCH S:SCH C: CCCH(PCH OR AGCH) B: BCCH I:IDLE F and S each occupy one time slot. B and C each occupy 4 time slots. I occupies 1 time slot. Altogether there are 51 time slots. 2. Corresponding mode of RACH

The cycle structure of RACH is as shown in Fig.6-5.

Fig.6-5 Cycle structure of RACH 3.Corresponding mode between SDCH and SACCH Corresponding mode between SDCH and SACCH is as shown in Fig.6-6.
D0 D0 D1 D1 D2 D2 D3 D3 D4 D4 D5 D5 D6 D6 D7 D7 A0 A4 A1 A5 A2 A6 A3 I I I A7 I I I

Fig.6-6 Cycle structure of SDCH and SACCH Dx: SDCCH number Ax: SACCH number I: idle Dx and Ax occupy 4 time slots. As the bit rate for setting up a call and registration is quite low, each cycle can serve 8 users in 6 time slots. The cycle of SDCCH and SACCH is 012 TDMA frames. It transmits at carrier frequency 0 and in time slot 1. Both are two-way channels. 4. Corresponding mode of TCH Corresponding mode of TCH is as shown in Fig6-7.

T T T T T T T T T T T T A T T T T T T T T T T T T I

Fig.6-7 Cycle structure of TCH T: TCH A: SACCH O: IDH It is a two-way channel occupying 26 TDMA frames. It transmits between the time slots of carrier frequency 0 and time slots 2-7.

Chapter 7 Introduction to System Management

! ! ! ! GSM system takes the following security measures: Access AUC and offer user authentication Radio channel encryption Mobile equipment confirmation Use IMSIs temporary identityTMSI

Content of SIM card: Data solidifying , IMSI, K security algorithm

Content of AUC: RAND-generating randomizer, authentication key K, various security algorithm. The details of GSM security measures are as follows: 1. Access AUC for user authentication AUC serves to generate three parameters (RAND, SRES, Kc). RAND is generated from randomizer. SRES is obtained by RAND, K and A3 algorithm; Kc is obtained by RAND, Ki and A8 algorithm. Three parameters are stored in HLR. For a registered MS, the MSC/VLR of its service region will store at least one group of three parameters in HLR to serve this MS. When a user sets up a call or updates the location, the authentication process is as follows: (1) MSC and VLR transmit RAND to MS (2) MS calculates SRES through RANS and Ki , then returns to MSC/VLR. (3) MSL/VLR compares the receiving SRES with the stored SRES to determine its authenticity. 2. Radio channel encryption The process is as follows: (1) MSC/VLR transmits encryption model order M and Kc to BTS. (2) Encryption model order is transmitted to MS. (3) Encryption model completion message M and Kc is encrypted by A5 algorithm. And TDMA frame is encrypted by A5 algorithm to form Mc. (4) Mc is transmitted to BTS. (5) Mc and Kc are decrypted by A5 algorithm. TDMA frame is also decrypted by A5 algorithm. (6) If Mc can de decrypted to M(encryption model success) and transmits to MSC, all the message are encrypted.

Fig.7-1 Encryption Process 3. Mobile equipment identification (1) MSC/VLR requires MS to transmit IMEI (2) MS transmits MIEI (3) MSC/VLR retransmits IMEI (4) EIR checks IMEI and returns the message to MSC/VLR. 4. Application of TMSI When MS serves to update the location, set up a call or activate the transaction, MSC/VLR will

assign IMSI a new TMSI which is stored in the SIM card. MSC/VLR will use TMSI for signaling communication with MS. TMSI serves for protecting the security of user number and avoiding orientation by others.

7.2 Mobility Management of GSM system

The purpose of the mobile management is to confirm the location of MS and keep the communication of MS and network in the best state. According to the state of MS, the mobile management is divided into roaming management and switchover management. 7.2.1 Roaming management When MS is idle, the location confirmation is quite important. Only when the MS location is confirmed, can the call be instantly connected to the called MS. Roaming is defined in that the mobile subscriber in the mobile status wishes to change the connection with the cell and the network. During roaming, the process of location area change and confirmation is called location updating. The mobile action in the same region does not need to inform MSC. But the mobile action in different locations between the cells needs to inform MSC. Location updating has the following types: 1. Normal location updating BCCH transmits LAI to confirm location updating. MS is connected with MSC/VLR through SDCCH to send request for updating the data of VLR. If LAI belongs to different MSC/VLR, the HLR needs updating. When the system confirms updating, MS and BTS will release the channel. 2. IMSI separation When MS is closed, the last message transmission requires separation. MSC/VLR will make a separation flag on IMSI of VLR. 3. IMSI attachment When MA is open and in the same Location area before separation, MSC/VLR will make an attachment flag on IMSI of VLR; if the Location area has changed, it needs normal location updating. 4. Force registration When IMSI requires separation (MS is closed), the system will mistake that MS is in the same location due to the signaling link of low quality. Therefore, MS is required to send messages of Location area every 30 minutes for system confirmation. 5. Hidden separation When MS does not response the signaling in the specified time after system force registration, a separation flag will be made on the IMSI of VLR.

7.2.2 Switchover Management

Switchover refers to relevant system operation caused by the cell change during communication. The switchover is carried according to three parameters: signaling strength measure report of MS to neighboring BTS, signaling transmission strength from BTS to MS, and communication quality. BSC will finally determine whether the switchover should be carried or not after confirmation. Three kinds of switchover will be introduced in detail.

1. Switchover between the cells controlled by the same BSC

Fig.7-2 Switchover between the cells controlled by the same BSC (1) BSC orders a new BIS to activate a TCH (2) BSC transmits the message including frequency, time slot and transmission power to MS through old BTS over FACCH. (3) MS transmits a switchover access burst at new frequency (transmitted over FACCH). (4) New BTS transmits advance time to MS over FACCH after receiving burst. (5) MS transmits switchover success message to BSC through new BTS. (6) BSC requires old BTS to release TCH. 2. Switchover between the cells controlled by the same MSC and different BSC

Fig.7-3 Switchover between the cells controlled by the same MSC and different MSC (1) Old BSC transmits the switchover request and flag of object cell for switchover to MSC. (2) MSC judges which BSC to control the BTS, and sends switchover request to new BSC. (3) New BSC resets the object BTS to activate a TCH. (4) New BSC transmits the parameters including frequency, time slot and transmission power to MS through MSC, old BSC and old BTS. (5) MS transmits access burst at new frequency over FACCH. (6) New BTS transmits advance time to MS after receiving the burst. (7) MS transmits the switchover success message to MSC through new BSC. (8) MSC orders the old BSC to release TCH. (9)BSC retransmits the order of MSC to BTS for execution. 3. Switchover between the cells controlled by different MSC

Fig.7-4 Switchover between the cells controlled by different MSC (1) Old BSC transmits the messages of changing object cell and switchover request to old MSC. (2) Old MSC decides which MSC to control the cell. (3) New MSC allocates a switchover number (for routing call) and transmits switchover request to new BSC. (4) New BSC activates one TCH of BTS (5) New MSC transmits the received message from BSC and switchover number to old MSC. (6) A connection between MSC has been established (maybe through PSTN). (7) Old MSC transmits switchover order including frequency, time slot and transmission power to MS through old BSC. (8) MS transmits an access burst at new frequency (over FACCH). (9) New BTS transmits advance time after receiving the burst (over FACCH). (10) MS transmits switchover success message to old SCM through new BSC and new MSC. Finally, old TCH is released and cell is still controlled by the old MSC.

Chapter 8 Examples of Call Process

Two examples will be given below to show how a mobile subscriber sets up a call. 1. Mobile subscriber calls fixed subscriber

Fig.8-1 Mobile subscriber calls fixed subscriber (1) MS requires to be allocated SDCCH through RACH. (2) BSC informs MS through AGCH after allocating SDCCH. (3) MC transmits the request of setting up a call to MSC/VLR through SDCCH. Then all the messages including authentication, encryption, equipment identification and the called number will be transmitted through SDCCH. (4) MSC/VLR requires BSC to allocate TCH to MS, and retransmits to BTS, and then BTS will inform MS. (5) MSC/VLR transmits the called number to PSTN to establish connection. 2. Fixed subscriber calls mobile subscriber (1) Fixed subscriber dials MSISDN number to GMS after analysis by the local switch. (2) GMSC analyzes the MSISDN to find the registered HLR of MS. (3) HLR releases the MSISDN to IMSI to find the MSC/VLR of MS. (4) HLR requires MSRN from MSC/VLR. (5) MSC/VLR transmits MSRN to HLR, then to GMSC. (6) GMSC transmits routing call to MSC/VLR. (7) MSC/VLR finds the location of MS and then requires BSC to call subscribers. (8) BSC allocates the paging message to BTS which transmits the message through PCH. (9) MS requires allocation of SDCCH after receiving the message. (10) BSC allocates SDCCH to MS through AGCH. (11) SDCCH serves to set up a call and allocate TCH to MS.

Chapter 9 Service Introduction

9.1 Introduction to main telecom services
This chapter will introduce several main telecom services of the GSM system. (1) Telecom services Telecom service, the most important service of GSM system, provides real time two-way communication among mobile subscribers or between mobile subscribers and fixed subscribers through the GSM network and a fixed network. (2) Emergency call service

Emergency call service, developed from telephone service, allows mobile subscribers to dial an emergency call number to connect to the emergency service center nearest MS of the mobile subscriber. It merely needs to dial a number which is 112 in Europe and 119 in China. Press the SOS key in the mobile phone, and it instantly connects to the emergency service center. This service is preferential than other services. Although the SIM card is not inserted in the mobile station or the mobile subscriber stays locked, the key can also connect to the emergency center. (3) Short message service There are 3 kinds of short message services: point-to-point short message service started from MS, point-to-point short message service ended at MS, and cell broadcasting message service. The short message service started from MS helps GSM users to transmit the point-to-point short messages to other GSM users. The message is stored and forwarded through short message service center. The message transmission among MS combines two kinds of short message services through short message center. The short message service center, an independent entity from GSM system, can offer better services to mobile subscribers and message-receiving-capable fixed subscribers by combining the short message service and voice mail box service. The point-to-point message transmitting and receiving can only be made in the idle or calling state. The traffic is limited to 160 bytes for short message transmission over control channels. Cell broadcasting short message service is to transmit repetitive general short messages such as road traffic messages at an interval in a fixed area of GSM land mobile communication network. Mobile station keeps monitoring the broadcasting messages and displays the message on the mobile station of the user. The short message is transmitted over control channel. Only in idle state that the mobile station can receive the messages whose traffic is limited to 93 bytes. (4) Videotext access Videotext access is a service to perform text and image message retrieval and E-mail functions through a network. (5) Intelligent user telegraph transmission Intelligent user telegraph transmission can provide text communication services between the terminals of intelligent user telegraphs. This terminal can edit, store and process the text messages. (6) Fax Alternating voice and grade 3 fax service refers to alternating transmission services of voice and grade 3 fax. The automatic grade 3 fax refers to the automatic exchange of letters in the form of fax encoding message text through PLMN. a) Classification of carrier services No. Category No. Name of carrier service Terminal network Access interface at MS PLMN0 PSTN1 ISDN2 CSPDN3 PSPDN4 direct access5 11 9 3.1kHz EX PLMN transparent Ax 1,2,3,4,5,6,7 10 3.1kHz EX PLMN opaque Ax 21 1 asynchronous 300bit/s duplex circuit type data transparent E2 E2 Ex

1 2 22 1 A 2 23 1 A 2 24 1 A 2 25 1 A 2 26 1 A 2

asynchronous 300bit/s duplex circuit type data opaque

E2 E2 Ex

asynchronous 1200bit/s duplex circuit type data transparent E2 E2 Ex 2 asynchronous 1200bit/s duplex circuit type data opaque E2 E2 Ex asynchronous 1200/75bit/s duplex circuit type data transparent FS FS FS 4 asynchronous 1200/75bit/s duplex circuit type data opaque FS FS FS asynchronous 2400bit/s duplex circuit type data transparent (0,2,5)A (1)6 asynchronous 2400bit/s duplex circuit type data opaque A asynchronous 4800bit/s duplex circuit type data transparent (0,2,5)A (1)6 asynchronous 4800bit/s duplex circuit type data opaque A asynchronous 9600bit/s duplex circuit type data transparent (0,2,5)A (1)6 asynchronous 9600bit/s duplex circuit type data opaque A A A A A A A A Ex A Ex A Ex Ex Ex Ex

31 1 synchronous 1200bit/s duplex circuit type data transparent A A Ax A 2 32 1 synchronous 2400bit/s duplex circuit type data transparent A A Ax A A (0)3,5,7 (1)3,5 (2,3)7 33 1 synchronous 4800bit/s duplex circuit type data transparent A A Ax A A (0)6,7 (1)6 (2,3)7 61 5 /nonfinite number(nonfinite number offers 21 34carrier service)to nonfinite number transparent A A Ax A 1,2,3,4, 5,6,9 6 alternating voice /nonfinite number(nonfinite number offers 21 34carrier service)to nonfinite number opaque A A Ax A 71 1 12kbit/snonfinite number A A A 81 7 subsequent voice data(nonfinite number offers 21 34carrier service)to nonfinite number transparent A A A A 1,2,3,4, 5,6,9 8 subsequent voice data (nonfinite number offers 21 34carrier service)to nonfinite number opaque A A A A Note: E1: required item, offered before the first stage E2: required item, offered before the second stage E3: required item, offered before the third stage A: attached item

Ax: attached item offered in the future FS: under research PAD: package add and drop b) Definition of Supplementary services

(1) Definition of number identification supplementary service CNIP: provide ISDN of the caller to the called party CNIR: restrict to provide the ISDN of the caller to the called party CONP: provide the ISDN of the called party to the caller CONR: restrict to provide the ISDN of the called party to the caller MCI: mobile subscribers can require the network to identify and record the malicious call source (2) Definition of call supplementary service CFU: The served mobile subscribers can require the network to connect its incoming call to another given number. CFB: When the line of called mobile subscriber is busy, the incoming call will connect to another given number. CFNRy: When the mobile subscriber does not answer the call, the incoming call will connect to another given number. CT: It enables the subscriber to transfer the incoming call (in a talk state) to the third party. The subscriber can be either the caller or the called party. MAN: The incoming call can be searched in a certain sequence within a group of access points to connect to a certain mobile subscriber. This group of access point is limited within one MSC region. Each mobile access search group is allocated a direct number which can be dialed to search the mobile subscriber who belongs to search group and is registered in the same MSC/VLR region. (3) Call completion supplementary service CW: It can inform the called mobile subscriber who is in busy state to wait for the incoming call. The called party can accept or refuse to wait for the call. CH: The mobile subscriber can terminate the call connection and make the third party listen to the recording. The call can be reconnected when needed. CCBS: When the called party is busy, the caller can be informed and connected later until the called party is idle. (4) Multi-communication supplementary service 3PTY:It enables to add a call to the third party based on the on-going call. So 3PTY can hear each others voice. Whats more, one party can hold the call to the second party but communicate with the third party. Any party can independently retreat from 3PTY. (5) Group supplementary service CUG: There is some limitation for call-in and call-out of the user group. A certain mobile subscriber can be a member of one CUG or different CUG. The members of one CUG can

communicate with each other, but can not communicate with the users outside of this group. Some members of CUG have the attachment ability to set up and/or receive the call with the users outside of the CUG. (6) Billing supplementary service AOC: It serves to inform the mobile subscriber of real-time billing message. AOC has one or several types. ! Billing messages of call termination ! Billing messages of ongoing call ! Billing messages of setting up a call FPH: The mobile subscriber will pay all the calls which are made to a given subscriber. REVC: Generally, the mobile subscriber is the called party. When the caller requests the opposing party to pay the call, the called party can agree or refuse to pay by the way of not answering the call or answering the call without admitting the caller. (7) Additional message transmission supplementary service UUS: It allows the mobile subscriber to transparently transmit the limited user message to another PLMN or ISDN user, or receive the message from those users. Through signaling channel, users can transmits user-to-user message during the different stages of setting up a call.

(8) Call restriction supplementary service BAOC: No outgoing call is allowed except emergency call. BOICL: Outgoing call can be made with the domestic PLMN or fixed network. BOIC-EXHC: Outgoing call can be made with the domestic PLMN or fixed network, or the PLMN or fixed network of the countries where the PLMN operates. BAIC: The mobile subscriber is not allowed to receive any outgoing call. When the roaming is outside the country where the PLMN belongs, the BAIC-Roam will be locked.