NETWORK SUB-SYSTEM (NSS)

The network subsystem, often identified as Intelligent Network (IN),

supplies a lot of services.

The mobile phone system GSM is a public telecommunications network, consequently it must include some telephone exchanges that can route the calls.

Then the central component is the Mobile services Switching Center (MSC).

An MSC will cover a certain area of the territory (consequently it controls all the BSC of that zone) and it must serve all the MS moving in that area.

It can manage the users’ mobility by exchanging information continuously with a data base, called Visitor Location Register (VLR),

that store the information concerning the MS available in that area (user identity, IMEI, phone number, MSISDN, authentication parameters, etc…) temporarily.

These MS are merely "visitors" in the area served by the VLR. In fact, they can move to an area served by another VLR in any time. Although the VLR can be implemented as functional unit, separately from the MSC, all the manufacturers prefer to assemble them together (the interface between these two elements can be proprietary) and the resulting assembly is usually defined MSC/VLR.

In this case both the units will cover the same geographic area, called MSC/VLR area.

Every administrator has its own central data base, named Home Location Register (HLR), where both the subscribers’ data (known as

static) and other (dynamic) data that can vary for actions of the same users (activation of additional services, etc…), as well as the identity of the VLR where the user’s MS is recorded as "visitor", are stored permanently.

As the HLR is merely a data base, it only storse the safety parameters, without generating them.

These parameters are calculated with proper algorithms by a functional unit named Authentication Center (AuC).

The problem of the possible use of stolen, faulty or not approved mobile equipment ME can find a solution in the use of a functional unit, the Equipment Identity Register (EIR), that stores all the IMEI codes

signalled as faulty or stolen.

This the network can check the IMEI asking it to the MS and prevent the access if this is not regular.

2.3.1 Mobile Services Switching Center (MSC)

The most important component of a network subsystem is the Mobile services Switching Center (MSC).

It carries out the functions of a normal network switching node, that is: • setting up (including authentication)

• checking and • taxing

the calls from/to the MS present in the geographic area served by it. Moreover it performs all the essential operations to manage a mobile user such as the mobility management and call routing.

These functions are carried out in collaboration with the other units of the network subsystem.

The MSC supplies the links with the following fixed networks: • Public Switching Telephone Network (PSTN)

• Integrated Services Digital Network (ISDN)

• Packet Switched Public Data Network (PSPDN) or Circuit Switched Public Data Network (CSPDN).

2.3.2 Gateway Mobile Switching Center (GMSC)

All the calls coming from fixed networks or from mobile networks of other administrators and sent to a GSM network, are forwarded to a special MSC, called Gateway MSC (GMSC): this is the access point to the GSM PLMN (Public Land Mobile Network) where the called mobile user is recorded.

The GMSC interrogates the subscriber’s HLR that questions the proper VLR, in its turn; then it will route the call to the MSC controlling the zone where the subscriber meets.

2.3.3 Home Location Register (HLR)

The HLR is the data base where an administrator of GSM network stores the data concerning its own subscribers permanently.

Every administrative action affecting the user data is carried out by the network administrator on the HLR.

It can be unique, or stand-alone, for the whole network, or it can be distributed in the system: then some MSC cannot have any HLR, but they can be connected with that of other MSC.

An AuC for generating the safety parameters can be associated with a HLR.

A HLR number is assigned to each HLR; this number is supplied to the concerned VLRs and it enables to identify the HLR corresponding to every MS recorded in them.

In its turn, each VLR is identified by a VLR number, so that the HLR knows in which VLR every MS of its is currently recorded.

But, as a GSM network is interconnected with other networks (PSTN, ISDN, other PLMN), a numbering plan consistent with these networks must be programmed.

A phone number (MSISDN) is assigned to every MS: this number

uniquely identifies a subscriber in the numbering plan of the international public switching telephone network, according to the specifications E.164 on the numbering for ISDN (natural replacements of the traditional PSTN).

An MSISDN has a maximum length of 15 digits with the following configuration:

CC NDC IN

where:

• CC: Country Code, international code number complying with the

specifications E.163

• NDC: National Destination Code; it identifies a GSM PLMN at

national level. Several NDC can be located in a PLMN

• SN: Subscriber Number, that identifies the subscriber in the PLMN

of his/her own operator.

The CC and NDC codes enable to identify the GSM operator, whereas the first digits of SN enable to go back to the HLR where the called MS is recorded.

The main user data stored in a HLR are:

• International Mobile Subscriber Identity (IMSI), that identifies

the subscriber uniquely inside any GSM network; it is also included in the SIM card

• Mobile Station ISDN Number (MSISDN), that identifies a

subscriber uniquely in the numbering plan of the international public switching telephone network. public switching telephone network. There may be several numbers according to the subscribed services (for instance, voice, data, fax can be identified by separate numbers) • Type and state of the additional services and of the services available

for the subscriber (voice, data, SMS)

• VLR number, for knowing the VLR where the MS is currently

recorded.

The main functions of a HLR can be summarized as follows: • security: dialogue with AuC and VLR

• location management: dialogue with VLR

• routing information (MSRN): dialogue with GSMC • managing the user data and the costs of calls

2.3.4 Visitor Location Register (VLR)

This register (VLR) storse and refreshes the information concerning the MS that move temporarily within the area covered by it.

Thse data selected by the HLR are necessary for the check of calls and the control of additional services.

On the whole the geographic territori covered by a GSM network can be divided into several service areas: each are is controlled by a MSC and is provided with a VLR.

When a MS enters the area covered by a new MSC, it is stored in the register of the visitors (VLR) of that MSC; at the same time the general register od users (HLR) is updated to record the new geographic position of the terminal.

The main user data stored in the VLR are:

• IMSI, MSISDN, MSRN and safety parameters • HLR number: for identifying its own HLR

• Temporary Mobile Subscriber Identity (TMSI): used to censure the safety of IMSI. It is assigned every time the Location Area (LA) varies

• State of the MS (off, not reachable, etc…), category (operator, ordinary user, test call) and possible priority

• State of the additional services (Call Waiting, Call Divert, Call Barring, etc…)

• Types and state of the services available for the subscriber (voice, data, fax, SMS, etc…), called bearer services and teleservices

• Location Area Identity (LAI) of the area where the MS meets within those controlled by the MSC/VLR.

2.3.5 Authentication Center (AuC)

AuC is the functional unit of the GSM system charged with the generation of the necessary parameters for the authentication of users. It will check whether the service has been requested by a rightful subscriber, supplying both the codes for authentication and encryption, to guarantee the subscriber and the network operator from undesired infringements of any third party.

The authentication verifies the rightfulness of the SIM without transmitting any personal data of the subscriber such as IMSI and cipher key, on the radio channel, to check whether the subscriber who is trying to enter is the true one and not a clone.

On the contrary, the encryption generates some secret codes that will be used to encrypt all the communication exchanged on the radio channel. AuC will store:

• the IMSI code

• the current TMSI code and • the current LAI code

that are used to authenticate and encode the radio channels, besides a generator of random numbers (RAND), the algorithms A3 and A8. Authentication is always carried out every time a MS is connected with the network: when it receives or sends a call, at the expiry of the periodical location updates, at the request of enabling, disabling or questioning the additional services.

As the data handled by AuC are extremely important for the network and for the user, special safety and protection measures are normally taken for their preservation.

2.3.6 Equipment Identity Register (EIR)

Every mobile equipment (ME) is uniquely indentified by the IMEI code, in the GSM system.

The IMEI does not concern the subscriber’s identity (IMSI stored in the SIM card).

EIR is a data base storing the IMEI codes.

An IMEI can be invalidated when the mobile equipment is stolen or when it is not approved.

A correct operation of EIR requires the definition of various "lists" such as:

• White list: it includes the IMEI of all the ME of approved type and

operating, available in the countries adhering to GSM. Threfore they are authorised to be connected with the network

• Black list: it includes all the IMEI that are locked (for instance, those

stolen or of not approved type); therefore they are not authorized to be connected with the network

• Grey list: it includes all the IMEI marked as faulty, or those of

equipment not approved (at the administrator’s discretion). The terminals inserted in this list are signalled to the system operators with an alarm signal when they request the access, so that the subscriber using the equipment and the area from where he/she calls, can be identified.

Every time a terminal tries to connect with the network, the MSC checks with the EIR whether the ME is not included in the Black list or in the Grey list: in this case, the access to the network is forbidden. The EIR can be unique for all the system, or it can be implemented in a distributed configuration.

Generally it is better to keep it physically separated from the other units (HLR, AuC, etc…) for safety reasons.

This is also accessibile in remote way to enable the updating of its various lists from any point of the network.

All the EIR of the different GSM operators will be interconnected in the future, to avoid any use of stolen equipment in different countries from that where the theft was committed.