NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY
FACULTY OF ELECTRICAL ENGINEERING AND TELECOMMUNICATIONS
Students name: Tore Terjesen
Field of study: Telematics
Title: Applikasjonsutvikling Ð mobile tjenester.
Text: Det skal redegj¿res for applikasjonsutvikling for trŒdl¿se enheter innenfor
teknologier ofte omtalt som GPRS, EDGE, UMTS, Wireless LAN og eventuelt andre
omrŒder. I begrepet applikasjonsutvikling legges bŒde forskning om hvordan
applikasjoner kan utvikles og hvilke tjenester/tilbud som kan v¾re aktuelt og mulig Œ
ta i bruk. Som resultat av oppgaven ser vi for oss en redegj¿relse for hvilke
infrastrukturer-/kommunikasjonsarkitekturer som er tilrettelagt for at
applikasjoner kan tilbys, hvilke utviklingsmilj¿er/sprŒk som er aktuelle for selve
applikasjonsutviklingen og eksempler pŒ og pilotutvikling tjenester/tilbud som kan
tenkes Œ v¾re aktuelle for trŒdl¿se enheter. Det er ¿nskelig at det legges mest vekt pŒ
de nye mulighetene som trŒdl¿st nettverk tilbyr, som for eksempel lokasjonsbaserte
tjenester. Innenfor hvert av omrŒdene ¿nskes redegj¿relser for hvilke muligheter
som eksisterer, og dr¿ftinger av styrker og svakheter ved de ulike l¿sningene. Det
er ¿nskelig at et pilotprogram utvikles innenfor omrŒdene bank eller e-handel.
Start: 2nd April 2001
Deadline: 2nd October 2001
Submitted: 9nd October 2001
Carried out at: HolteInnovation SL
Supervisors: Steinar A.
August 22, 2000
The intention of this thesis is to evaluate the services and capabilities offered by
wireless access networks and how third party services and applications can be
developed for such wireless networks.
The focus on access networks is put on GSM, GPRS, UMTS, WLAN and the Virtual
Environment concept as an enabler for service and application development.
The thesis is a theoretical evaluation of the networks being introduced today and the
next phase of UMTS still under standardization. Network architecture and principles
are presented, along with an evaluation of the network capabilities.
The Virtual Home Environment is introduced and Java J2ME technologies are
evaluated and compared.
General problems faced when developing applications for the wireless environment
are also discussed.
The thesis is submitted as a partial fulfillment of the requirements for the degree of
Sivilingeni¢r at the Norwegian University of Science and Technology in Trondheim.
The thesis text was written by Torbj¢rn Kr¢vel at Holte Innovation SL in Malaga,
Spain. My local tutor in Malaga has been Managing Director Pedro Pablo Sanches, as
Torbj¢rn Kr¢vel returned to Norway.
I would like to thank Pedro Pablo Sanches Perez, Steinar Andresen, Torbj¢rn Kr¢vel
and the other employees at HoteInnovation SL in Malaga.
Malaga, Spain. October 2nd, 2001
Table of contents
1. Concepts and definitions ................................................................................ 8
1.1. Mobile and wireless networks .................................................................... 8
1.2. Communication Protocols .......................................................................... 9
2. Wireless access networks............................................................................. 12
2.1. Global System for Mobile Communications (GSM) ................................. 13
2.1.1. Overall GSM network architecture ....................................................... 13
18.104.22.168. Mobile Station (MS)......................................................................... 13
22.214.171.124. Base Station Subsystem (BSS) ......................................................... 14
2.1.2. Core Network (CN).............................................................................. 15
2.1.3. Radio Link Aspects .............................................................................. 16
2.1.4. Services in GSM .................................................................................. 18
2.1.5. Conclusion ........................................................................................... 19
2.2. High Speed Circuit Switched Data (HSCSD) ........................................... 20
2.2.1. Radio Link Aspects .............................................................................. 20
2.2.2. Applications......................................................................................... 21
2.2.3. Conclusion ........................................................................................... 22
2.3. General Packet Radio System (GPRS) ..................................................... 22
2.3.1. Radio Link Aspects .............................................................................. 23
2.3.2. GPRS Network Architecture ................................................................ 23
2.3.3. GPRS Connections............................................................................... 24
2.3.4. Services ............................................................................................... 26
2.3.5. GPRS terminal classes ......................................................................... 26
2.3.6. Conclusion ........................................................................................... 27
2.4. Enhanced Data rates for Global Evolution (EDGE) .................................. 27
2.4.1. Radio Link Aspects .............................................................................. 27
2.4.2. Services ............................................................................................... 28
2.4.3. Conclusion ........................................................................................... 29
2.5. UMTS...................................................................................................... 29
2.5.1. UMTS Ð First version........................................................................... 30
126.96.36.199. UTRAN architecture ........................................................................ 31
188.8.131.52. A UMTS Evolution .......................................................................... 31
2.5.2. UMTS Ð IP Multimedia........................................................................ 32
184.108.40.206. Session Initiate Protocol (SIP) .......................................................... 32
220.127.116.11. Network Architecture ....................................................................... 35
18.104.22.168. IP Multimedia Network functionality ............................................... 37
22.214.171.124. IMS Services.................................................................................... 38
126.96.36.199. Conclusion ....................................................................................... 40
2.6. Wireless Local Area Network (WLAN) ................................................... 40
2.6.1. Common 802.11 architecture  ........................................................ 41
2.6.2. Architecture ......................................................................................... 41
2.6.3. Access control...................................................................................... 42
2.6.4. WLAN vs. UMTS ................................................................................ 44
2.7. Access Network evolution........................................................................ 44
3. Network Services......................................................................................... 45
3.1. Messaging Services.................................................................................. 45
3.2. Short Message Service (SMS).................................................................. 45
3.3. Enhanced Messaging Service (EMS)........................................................ 45
3.4. Multimedia Messaging (MMS) ................................................................ 46
3.4.1. Media Support ..................................................................................... 46
3.4.2. Multimedia Message Service Environment (MMSE)............................ 46
3.4.3. MMS Basic Functionality..................................................................... 49
3.4.4. Presentation ......................................................................................... 49
3.4.5. MMS Services ..................................................................................... 50
4. Application and service development........................................................... 51
4.1. The Virtual Home Environment (VHE).................................................... 52
4.2. SIM/USIM Application Toolkit (SAT/USAT) ......................................... 52
4.2.1. USIM................................................................................................... 52
4.2.2. JavaCard .............................................................................................. 53
4.2.3. SAT/USAT relation to VHE................................................................. 53
4.3. Customized Applications for Mobile Networks (CAMEL)....................... 53
4.3.1. CAMEL relation to the VHE................................................................ 53
4.4. Java for hand held devices (J2ME)  ................................................... 54
4.4.1. Profiles ................................................................................................ 54
4.4.2. Configurations ..................................................................................... 54
4.4.3. Java Virtual Machines.......................................................................... 55
4.4.4. MIDP - Mobile Information Device Profile .......................................... 55
4.4.5. J2ME relation to VHE.......................................................................... 55
4.5. Mobile Execution Environment (MExE) .................................................. 55
4.5.1. User Profiles ........................................................................................ 57
4.5.2. Security................................................................................................ 57
4.5.3. MEXE relation to VHE ........................................................................ 59
5. Application Programming Interfaces............................................................ 59
5.1. Open Service Architecture (OSA)   ............................................. 60
5.1.1. Initial Access ....................................................................................... 62
5.1.2. Authentication...................................................................................... 62
6. References ................................................................................................... 62
API Application Programming Interface
CAMEL Customized Application For Mobile Network Enhanced Logic
CN Core network
CSD Circuit Switched Data
CSE Camel Service Environment
FDMA Frequency Division Multiple Access
GERAN GSM/EDGE radio access network
HE Home Environment
HLR Home Location Register
HPLMN Home PLMN
HSCSD High Speed Circuit Switched Data
HSS Home Subscriber Server
IDL Interface Description Language
IMSI International Subscriber Identity Module
IN Intelligent Network
ISDN Integrated Service Digital Network
ISP Internet Service Provider
LAN Local Area Network
MAP Mobile Application Part
ME Mobile Equipment
MExE Mobile Execution Environment
MSC Mobile Switching Center
OSA Open Service Architecture
PLMN Public Land Mobile Network
PPP Pint-to-Point Protocol
PS Packet Switched
PSTN Public Switched Telephone Network
RNC Radio Network Controller
RNS Radio Network Subsystem
SIM Subscriber Identity Module
SIP Session Initiation Protocol
TDMA Time Division Multiple Access
UE User equipment
USAT USIM Application Toolkit
USIM Universal Subscriber Identity Module
VPLMN Visited PLMN
WLAN Wireless Local Area Network
3G Third Generation Mobile System
3GPP Third Generation Partnership Program
A and B subscriber: A is the caller and B is the receiver of the call.
Base station: Consists of antenna, transmitter and receiver equipment.
Node: Any database or server.
Operator: The owner and manager of a Public Land Mobile Network.
Session: A telephone call or transfer of data from A to B for some finite time.
Transceiver: Transmitter and receiver equipment in the same box.
3rd party: Anyone offering services via wireless networks not owned by themselves.
1. Concepts and definitions
1.1. Mobile and wireless networks
This chapter gives an introduction to important mobile and wireless network concepts.
Public Land Mobile Network (PLMN)
A Public Land Mobile Network is established and operated by an administration or
Recognized Private Operating Agency for the specific purpose of providing land mobile
telecommunications service services to the public . A GSM network is thus a PLMN.
A regular fixed telephone network will be referred to as a Public Switched Telephone
A PLMN is connected to the fixed telephone network (PSTN), Internet and other
PSTN PLMNs 2
PLMN 1 PLMN 2
Home PLMN Visited PLMNs
Figure 1: Fixed Telephone Network (PSTN) and Public Land Mobile
Network (PLMN) logical interconnection.
The PLMN where the subscriber belongs is called the Home PLMN (HPLMN). Any
other PLMN connected by the subscriber is referred to as Visited PLMN (VPLMN).
Core Network (CN) and Access Network (AN)
A PLMN infrastructure is logically divided into a core network (CN) and an access
network (AN). The core network provides the switching and routing of user information
and signaling to and from the access network. The Access Network is where the user
connects to the network and is composed of control logic, antennas, radio transmitters
Circuit Switched (CS) and Packet Switched (PS) Domain
The Core Network is logically divided into a Circuit Switched domain and a Packet
Switched domain. A PLMN can implement one or both of the domains. Until now the
operators have implemented only the Circuit Switched domain, but this is now changing
with the introduction of GPRS, which is a packet domain service. In the case when both
CS and PS are implemented, there may be common entities shared by both domains.
Circuit Switched (CS) Domain
The Circuit Switched domain is used for transport of both user traffic (speech and data)
and related signaling. For a CS type connection the network reserves dedicated network
resources for the entire duration of the connection e.g. a regular call from a mobile or
home telephone. The dedicated resources are reserved for the call is a logical channel
from A to B, where all the information traverses exactly the same path during the call.
Packet Switched (PS) Domain
The PS domain is used for both user traffic and related signaling. For a PS type of
connection the user information and related signaling are transported in autonomous data
packets, where each packet can be routed independently from the others.
Mobile Station (MS)
A Mobile Station in this thesis refers to any device capable of communicate with some
wireless network, such as a mobile network or a Wireless Local Area Network (WLAN).
Examples of Mobile Stations: PDA, mobile phone, Laptop with a WLAN card,
surveillance alarm transmitter, etc. Other valid names are terminal and user equipment.
To communicate with the Mobile Station (MS) the network needs to know where the MS
is located at any time. Location information from the network about a Mobile Station is
stored in a location information register, which is accessed by several different network
nodes when needed.
This is the area covered by a radio transceiver and itÕs antenna.
If a subscriber has an incoming call the PLMN must find out in which cell the Mobile
Station (MS) can be found. The exact location is found by broadcasting a message
marked with the name of the MS in question. The correct MS then reply to the network
via the cell where it is located when paged.
Roaming implies moving around. A subscriber abroad is roaming when connecting to an
unknown PLMN not subscribed to, i.e. a Visited PLMN. Roaming for subscribers
between networks requires an agreement between the operators of the HPLMN and the
1.2. Communication Protocols
A short introduction to communication protocols and related concepts referred to in this
Connection-less vs. Connection-oriented
Connection-less transport of information implies no communication between source and
destination before information is sent. Each data packet is assigned a destination address
and makes its way to the destination by itself via routers, where it may be received
correctly or not. This sort of communication is simple and unreliable, as it has no flow or
error connection control except for a simple checksum. This sort of protocols works best
over reliable networks, with low error rate. Connection less protocols are faster than
connection oriented due to the small overhead gained from its simplicity.
Connection-oriented transport requires communication between source and destination
before the actual information is sent. A virtual circuit is set up between source and
destination, enabling flow and error control. Connection oriented transfer is preferred
when reliability is more important than speed.
Open Service Interconnection (OSI) Basic Reference Model
The OSI reference model is a protocol stack for implementing communication between
two applications over some physical medium. Due to its many layers it has not been the
first choice when making communication equipment, but has rather served as reference
model for other protocol designs and as an introduction to students in computer science.
The layering clearly divides the different logical operations that have to be executed in
order to achieve reliable end-to-end communication between two applications over some
physical medium, let it be fixed or wireless. The IP protocol has fewer layers than the
OSI protocol, but the functionality found in the OSI protocol layers is not excluded,
instead more functionality has been included in each layer than in the OSI protocol.
Transport TCP or UDP
Network Internet - IP
Figure 2: OSI and IP protocol stacks
The Internet Protocol enables transfer and routing of data in autonomous packets between
computers or any network node that has been assigned at least one unique IP address. IP
only provides unreliable delivery of packets, as it does not provide any error correction or
retransmissions mechanisms. IP leaves for the higher layer protocols such as TCP and to
provide reliable packet delivery.
The User Data Protocol provides a connection-less datagram service for delivery of data
packets between two computers, usually over the Internet protocol. UDP does not provide
any reliability mechanisms like TCP does. UDP only provides error control, but no
retransmission mechanisms if errors are discovered, nor does it provide flow control.
UDP is sometimes preferred over TCP, due to its low overhead.
The Transmission Control Protocol provides a reliable connection oriented transfer of
data between two computers. It handles error control, flow control, retransmissions of
lost or duplicated data and connection setup. TCP is slower than UDP since its
connection setup and reliability mechanisms implies more overhead.
The Hypertext Transfer Protocol provides exchange of files, such as text, multimedia and
pictures over the Internet. HTTP is implemented over TCP/IP.
2. Wireless access networks
The next chapters gives an overview over existing wireless networks available today and
what is next to come.
GSM and its radio access network are introduced. Understanding of GSM and especially
its radio access network is important in order to easier understand the chapters about
GSM based technology, such as the introduction of packet switching in mobile networks.
The first phase of UMTS is only briefly mentioned due to the fact that the first phase of
UMTS is an evolution of GPRS. The next phase of UMTS is discussed more in detail, as
the implications are fare greater from an application programmer and service provider
The last chapter gives an introduction to the basic functionality of the most popular
wireless non-mobile network available today and the next generation based on the same
Today, existing digital mobile networks in Europe are based on the international
recognized GSM standard now deployed in most countries all over the world. The GSM
Association recently announced that there are now more than 500 million global GSM
customers in the world (nearly 70 percent of the world's digital wireless market).
GSM, which has evolved over the past 15 years, was developed with speech in mind as
the main application and is thus circuit switched due to its real time nature. However,
new services have been added over the years and today GSM offers short text messages,
Wireless Application Protocol, circuit switched data transfer and positioning services.
All these services though, are based on the circuit switched radio access interface of
GSM, allowing for only one user per channel, limiting user bandwidth and the number of
parallel users accessing the network. However, all this is now changing with the
introduction of three new enhancements of the existing GSM infrastructure: HSCSD
allowing for higher bit rates for circuit switched data, GPRS introducing packet switching
and EDGE introducing new modulation techniques on the radio interface and thus higher
bit rates available for GSM data and GPRS.
With the introduction of GPRS a new packet switched domain is introduced in the GSM
core network. Strict separation between the core network and the radio access network,
enables reuse of the core network with other radio access technologies, such as the radio
interface UTRAN for UMTS.
The first phase of UMTS introduces theoretically higher bandwidth in the mobile
wireless domain, while phase two brings mobile communication even closer to the
Internet by separating information from signaling and introducing IP in every part of the
Another network access technology gaining momentum today is Wireless LAN or
WLAN. This technology offers from 11Mbps to 54Mbps gross bit rate. Deployed in "hot
spots" like airports and other high-density areas, WLAN might turn out to be a serious
competitor to UMTS, but also a welcome complement.
The following of this chapter deals with the technology discussed above in a more
2.1. Global System for Mobile Communications (GSM)
In 1982 the Conference of European Posts and Telegraphs formed a study group called
the Groupe SpŽcial Mobile (GSM) to investigate and develop a European public and
mobile system (PLMN). In 1989 the responsibility was transferred to the European
Telecommunication Standards Institute (ETSI) and the first GSM specifications (Phase 1)
were published in 1990. The first commercial service was available in 1991 and today
GSM accounts for more 500 million subscribers worldwide.
In 1998 the 3rd Generation Partnership (3GPP) was founded to develop standards for a
new generation of mobile networks based on the new Universal Terrestrial Radio Access
Network (UTRAN) and an evolved GSM network. This new technology is referred to as
UMTS in Europe. UMTS is one of many technologies defined by the International
Telecommunication Union (ITU) for enabling third generation mobile networks (3G).
Since UMTS is based on reuse of existing GSM infrastructure the responsibility for the
GSM standards was transferred to 3GPP in 2000.
2.1.1. Overall GSM network architecture
The generic GSM mobile network can be divided into three parts divided by interfaces:
• Mobile Station carried by the subscriber.
• Base Station Subsystem. Controlling the radio link to the Mobile Station.
• Core Network: Handles all circuit switched services to and from the Mobile
188.8.131.52.Mobile Station (MS)
The MS consists of the mobile equipment, e.g. a mobile phone and a smart card called
Subscriber Identity Module (SIM) . The subscriber identity towards the mobile
network is contained within the SIM card and not the tied to the mobile equipment itself,
thus enabling personal mobility. The separation of identity from the device enables the
subscriber to place and receive calls irrespective of the device as long as the SIM card is
The SIM card contains the Mobile Subscriber Identity (IMSI), which uniquely identifies
the subscriber worldwide, a secret key for authentication and information encryption and
some other information. The SIM card is protected by a Personal Identification Number
The mobile device itself is uniquely identified by the International Mobile Equipment
Identity (IMEI). The IMEI can be used to black list the mobile equipment if stolen, thus
rendering it useless.
The Mobile Identity ISDN (MSISDN) or E.164 refers to the phone number used when
making a regular phone call.
GMSC MSC BSC
telephone User data BTS
Figure 3: Basic GSM network architecture.
184.108.40.206.Base Station Subsystem (BSS)
The Base Station Subsystem handles all the communication with the MS in a certain
coverage area defined by the area covered by all the cells controlled by the BSC. The
BSS consists of one or more base stations (BTSs) and one Base Station Controller (BSC).
The BSC connects the MS to the Core Network.
Base Transceiver Station (BTS)
The BTS contains a transceiver and an antenna that together deliver coverage in a certain
area. A BTS coverage area is referred to as a cell and is the smallest area to where a MS
can be located. A BTS will from here on be referred to as Base Station.
Base Station Controller (BSC)
The BSC manages the radio resources for one or more BTSs. The BSC is the connection
between the Mobile Station and the Mobile Switching Center (MSC) in the Core
Network. The BSC and MSC communicates over the A interface, which in some cases
restricts maximum bitrate available to the MS (See HSCSD chapter below).
220.127.116.11.Core Network (CN)
The core network consists of a switching unit and several registers, which together handle
all circuit switched services to and from the Mobile Station.
Mobile Switching Center (MSC)
The central node in the core network is the Mobile Switching Center (MSC). It acts in the
same way as a normal switch in PSTN and provides additional functionality to handle
mobile subscribers, such as registration, authentication, location updating, handover and
call routing to a roaming subscriber. The functionality is provided together with the
network entities HLR, VLR, EIR and the AuC (explained below), which together form
the Core Network.
Home Location Register (HLR)
The Home Location Register (HLR) contains all the administrative information about a
subscriber together with the current location of the MS, such as roaming restrictions and
subscribed services. The HLR, Visitor Location Register (VLR) and MSC provide the
call routing and roaming capabilities of GSM. The current location of the MS is
associated with the current VLR in charge of the MS. The MSC has no knowledge about
any particular Mobile Station, as this information is stored in the VLR and HLR.
The International Mobile Station Identity (IMSI) and the Mobile Station International
ISDN Identity (MSISDN) are used to access information in the HLR.
Visitor Location Register (VLR)
The Visitor Location Register contains selected administrative information from the HLR
necessary for Call Control and provision of services for each MS currently in the
geographical area under control of the VLR. The VLR can be implemented as an
independent unity, but is normally implemented together with the MSC, so that the
geographically area controlled by the MSC corresponds to that of the VLR.
Equipment Identity Register (EIR)
The EIR is a database that contains a list of all valid mobile equipment on the network.
Each mobile equipment is identified by its International Mobile Equipment Identity
(IMEI) number. An IMEI is marked as invalid if reported stolen and will be rejected from
the use of the network. IMEI numbers of black listed terminals can be distributed other
PLMNs at home and abroad depending of agreements between the different PLMNs.
Authentication Center (AuC)
The Authentication Center is a database that stores data that enables a International
Mobile Subscriber Identity (IMSI) to be authenticated in the GSM network. One of the
items stored is a copy of the secret encryption key stored in the subscribers SIM card.
This key is used for authentication of the MS and for encryption of the communication
over the radio channel. The AuC distributes the information necessary to perform
authentication and ciphering to the MSC and VLR via the HLR.
Gateway MSC and the Inter-working Function (IWF)
In order to deliver a call from an external PLMN/PSTN the calling network must find out
in which MSC area the Mobile Station is at the moment in order to route the call to the
correct MSC. The HLR is responsible for this information, but cannot always be
contacted directly from an external network. The Gateway MSC will handle the
interrogation if external interrogation is not possible and then route the call to the correct
The Inter-Working Function provides functionality to allow interworking between the
PLMN and external fixed networks, such as PSTN and ISDN. The IWF converts between
protocols used in the PLMN and the external networks if they are not compatible. If the
networks are compatible the IWF may have no function.
2.1.2. Radio Link Aspects
The International Telecommunication Union (ITU), which among other functions
manages the international allocation of radio spectrum, has allocated the spectrum 890-
915 MHz for the uplink from the MS to the BTS and 935-960 MHz for the downlink
from the BTS to the MS. Spectrum has also been allocated for 1800 MHz and 1900 MHz
as well, but will not be elaborated here as the principles are the same.
Radio spectrum is a limited resource shared by all users, so the bandwidth must somehow
be divided to allow for as many users as possible simultaneously accessing the network.
GSM has chosen a combination of FDMA and TDMA to achieve this. FDMA works by
assigning a different frequency to every user, while TDMA works by allowing several
users to share the same frequency. Used together, they allow for efficient use of the
There are 25 MHz available on the uplink and 25 MHz on the downlink. FDMA
frequency divides the 25MHz into 124 carrier frequencies 200Khz apart from each other.
One or more of these carrier frequencies are then assigned to each base station. Each of
these carriers is then divided in time by TDMA. The unit of time used in GSM TDMA is
called a burst period and refers to time a carrier is modulated by a data stream.
1 TDMA frame = 8 time slots (120/26 or 4.615 ms)
0 1 2 3 4 5 6 7 0 1 2
1 time slot = 156.25 symbol durations (15/26 or 0.577 ms)
TB Encrypted bits Training sequence Encrypted bits TB GP
3 58 26 58 3 8.25
Figure 4: TDMA frame with timeslots and bursts
There exists several types of bursts in GSM, but the most common last for 15/26 ms or
0.577 ms . Eight burst periods are then grouped into one TDMA frame, which lasts for
(8*15)/26 ms or 4.615 ms. A burst within a frame is also referred to as a timeslot. A
repeated timeslot is equal to one physical channel, e.g. timeslot number five in each
consecutive frame constitutes a physical channel even though seven other timeslots send
their data before timeslot number five burst is sent again. Physical channels carry both
user data and signaling for logical channels
The Mobile Station use one timeslot for transmission and one for reception and the
timeslots are separated by three timeslots so that the MS does not transmit and receive at
the same time, thus simplifying the electronics.
There are two types of logical channels, traffic channels and control channels.
Traffic channels carry either encoded speech or user data in circuit switched mode. A
traffic channel is usually bi-directional, i.e. carry user data both to and from the Mobile
Two different traffic channels are defined for regular GSM:
• Full rate traffic channel (TCH/F). Gross rate of 22.8 Kbps
• Half rate traffic channel (TCH/F). Gross rate of 22.4 Kbps
Multiple combinations of traffic channels can be allocated to one Mobile Station
simultaneously as done by HSCSD and GPRS (see later chapters), thus achieving higher
Control channels carry signaling or synchronization data. Control channels are used to set
up calls and data services, supervise the connections and mobility management. There
exist several different control channels. Some control channels are shared by all Mobile
Stations, while some are assigned and dedicated to only one MS at the time during call or
data services 
GSM has a capacity of 270.883 Kbps of encrypted information and error correction bits.
The digital signal is modulated onto one of the 124 carrier frequencies available on the
particular BTS using Gaussian-filtered-Minimum-Shift-Keying (GMSK). GMSK was
chosen more than a decade ago based on the knowledge at that time, but now new
electronics and battery capacity allow for the introduction of a new modulation
technique, thus allowing for higher transmission rates. This concept will be introduced in
the chapter about EDGE.
GSM is a digital mobile network, thus speech, which is inherently analogue must be
digitized before being transmitted. The output of the speech coder is encrypted, coded
and interleaved in a sophisticated way to allow Forward Error Correction to be applied,
i.e. leave error detection and correction to the receiver only.
The transmission is discontinuous over GSM due to the discrete time slots in each TDMA
frame, thus a continuous modem carrier cannot be established. This fact implies that a
regular analogue modem cannot be used to transmit data over GSM.
When sending data from the PC via the GSM terminal the data is transmitted as they are
without converting them to analogue signals. When received by the MSC the data are
passed through the GSM Inter Working Unit (GIWU) converting the data to analogue if
the receiver is an analogue modem in the PSTN. However if the data is going to another
mobile terminal the digital signal is forwarded without any converting.
2.1.3. Services in GSM
GSM service architecture is compromised of three different service types:
• Bearer service that offers a transport mechanism such as a circuit switched data
• Teleservices enables offers for example regular telephony and emergency calls.
• Supplementary service, such as call forwarding.
GSM bearer services offer transfer of speech and data over the radio interface to the
Mobile Station 
GSM offer data transparent communications, which implies no error correction on the air
interface or non-transparent communication that ensure a more reliable transmission by
introducing error correction control over the air interface.
GSM offer both transparent asynchronously and synchronously data and non-transparent
asynchronously and synchronously data services.
Circuit Switched Data (CSD) services
In regular GSM the only data service available is Circuit Switched Data. CSD works by
assigning a dedicated traffic channels to the Mobile Station during the entire session.
Circuit switched data traffic channels can carry a net data rate for the subscriber at the
following rates: 2.4, 4.8, 9.6 and 14.4 Kbps 
Circuit switched Teleservices are the basic building blocks for services in GSM. They
enable basic communication to take place in PLMN, built on top of different Bearer
• Facsimile group
• Emergency call
• Fax mail
• Voice mail or answering machine
Supplementary Services 
Supplementary services are modifications or enhancements to Teleservices and are thus
closely connected to the underlying Bearer Services. Supplementary services may differ
in functionality between PLMNs and may therefore not be available everywhere to a
General Supplementary services:
• Call forwarding
• Barring of different outgoing calls, e.g. international
• Barring of incoming calls, e.g. when roaming
• Call hold
• Call waiting
• Multiparty service
• Closed user Group, e.g. children can only call their parents
• Caller Identification
• Caller Identification restriction
GSM is a success, but has several inherent problems that become more evident as
customers demand more advanced services. Data services in GSM are slow and 3rd party
application developers and services providers have no access to internal GSM network
functionality and subscriber information useful for developing new services.
2.2. High Speed Circuit Switched Data (HSCSD)
HSCSD offers increased bandwidth for data transfer over a regular GSM network by
making only minor changes to the existing network infrastructure. As the name indicates
the increased bandwidth is for circuit switched data only and not for packet switched
data. Packet switching is introduced in GSM by GPRS and will be outlined in a later
chapter below. HSCSD requires special HSCSD enabled Mobile Stations.
Affected by HSCSD
HLR MSC BSC
Figure 5: Simplified drawing of HSCSD impacts on GSM
2.2.1. Radio Link Aspects
HSCSD can be seen on as an evolution for circuit switched data within the GSM
environment. Regular circuit switched data in GSM offers 14.4 Kbps, while HSCSD
offers a maximum of 64 Kbps depending on operator policy. Regular circuit switched
data is offered to the subscriber by assigning one timeslot of 14.4 Kbps during the entire
duration of the call.
HSCSD increases this bandwidth from 14.4 Kbps by assigning, two, three or four
timeslots simultaneously. GSM has a limited set of 8 channels or timeslots per frequency
in the Base Station, so in theory all eight channels could be assigned to one user.
However, due to limitations on the A-interface between the Base Station Controller and
the Mobile Switching center this it not possible . All user data on this interface is
transported over 64 Kbps channels, and control and signaling functionality does not allow
a single user to be assigned to more than one such 64 Kbps channel, thus limiting the
maximum available bandwidth.
New functionality is needed in the Mobile Station and the Base Station Subsystem to
provide splitting of the data stream into the number of 14.4 Kbps channels available for
transfer over the radio interface. The data stream is split up into 1 - 4 separate data
streams and then transferred in parallel over the same number of timeslots.
Once split, the data streams are treated as independent for the purpose of data relay and
radio interface error control until they are combined in the Base Station Controller.
However, logically the traffic channels belong to one HSCSD configuration and must
therefore be controlled as one radio link by the network for operations like handover
between Base Stations.
Bandwidth might vary during a HSCSD session. For example, one of the14.4 Kpbs
channels can be taken away from a HSCSD session and given to another subscriber that
is intending to make call. This only happens when all other channels are occupied in the
Base Station and more capacity is needed to provide call services. A HSCSD session will
regain lost channels when new channels are made available.
Another problem arises when a subscriber is doing a handover between Base Stations. If
the new Base Station has for example only two channels available, the HSCSD session
will be rendered with only two channels instead of the three or four it had at the old Base
How channels are managed during the session is up to the operator, which usually has
some policy regarding channel allocation. As an example the Norwegian GSM operator
Telenor only guarantees 9.6 Kbps if the network is heavily loaded.
• Data rates up to 57,6 Kbps assuming standard 14.4 kbps circuit switched data
• Might be rendered with only 14.4 Kbps or less during some period of the session,
due to voice calls stealing timeslots.
• Affects GPRS by having higher priority.
HSCSD is first of all a bearer service for applications that use the bearer continuously, for
example downloading large files and for streaming of audio and video. It is of course
possible to use HSCSD data for bursty applications as well, but it is not very efficient,
nor cost effective as one pays by the minute and not per bit. Such applications should use
GPRS as session bearer.
• Real time applications
• Streaming of video - MPEG 4
• Streaming of audio
• Large volume files of several MB
• (Surfing on the WEB) - depending on content
Not suitable applications
• Bursty applications
• Low volume files in the Kbytes range
HSCSD offers reasonable better performance compared to regular 14.4 Kbps circuit
switched data and by May 2001 HSCSD was available to 70 Million subscribers in 28
networks all over the world .
2.3. General Packet Radio System (GPRS)
GPRS connects the Mobile Station to the Internet by introducing packet switching in the
GSM network. The existing GSM infrastructure is maintained, but the packet switching
traffic and signaling are handled by two new servers installed in the GSM network. The
circuit switched data and speech services are not affected and go through the Mobile
Switching Center (MSC) as usual. Both circuit switched and packet switched traffic share
the same radio access network until the Base Station Controller (BSC) where circuit
switched traffic is sent to the MSC and the packet switched traffic to the new packet
network and from there on to the Internet.
The ÒAlways On ConceptÓ
Until the introduction of GPRS the only way to connect to the Internet from a Mobile
Station was by using a Circuit Switched Data (CSD) connection, which offers access to
the Internet by setting up permanent connection via the GSM core network to some
Internet Service Provider, usually the operator itself. The ISP provides the Mobile Station
with some temporarily IP address and the connection to the Internet Service Provider via
CSD is charged by the minute just as a regular call from a Mobile Station.
As explained in the chapter about GSM, connecting to the Internet via a Circuit Switched
Data connection, one full 14.4 traffic channel or timeslot is dedicated to the connection
during the whole session even if not a single byte is downloaded to the Mobile Station.
The timeslot is dedicated to your connection only and not used by any other connection,
equivalent to a regular call made from any mobile telephone. From an operator
perspective a CSD call is equal to any regular call and is therefore charged as such and
not by the actual data downloaded to the Mobile Station.
By using GPRS to connect to the Internet one is only charged by the amount of data
downloaded, and not for the duration of the call because there is no such concept as a call
in GPRS. When connecting to Internet via GPRS one or more 14.4 timeslots are shared
by several users and not dedicated to one user only.
Imagine reading a newspaper on the Internet. First we take a quick look on the headlines
and the click on the link that we find interesting. The page is downloaded and then we
read it. During the reading no data is sent between the device and the newspapers server,
thus rendering the 14.4 Kbps timeslot free to use for other subscribers. This is exactly
what GPRS does. Many users share regular GSM timeslots, when one user is reading
another can use the same timeslot to download his or hers data. Even though many users
share the timeslots the user perceives packet service as a dedicated connection always
available. When initiating a GPRS session the Mobile Station receives a temporarily IP
address which is kept until the GPRS connection or Mobile Station is turned off. During
the session the Mobile Station is always connected to the Internet, i.e. it is always on.
2.3.1. Radio Link Aspects
One to eight GPRS channels are defined from the eight timeslots available in a GSM
TDMA frame. Active GPRS users share available timeslots and uplink and downlink are
allocated separately e.g. one up and two down. The allocation of these channels is
flexible, depending mostly on how many speech or circuit switched connections that are
needed by other non-GPRS Mobile Stations. Speech and HSCSD have priority over
packet switched data and will steal channels from GPRS users if the network is heavily
loaded with traffic, thus rendering them with less bandwidth or periods of no connection
at all [TS 23.60 V4.0.0].
2.3.2. GPRS Network Architecture
GPRS is an extension of GSM and share the same radio access network (BSS) and some
of the regular core network functionality. The GPRS functionality is added to GSM by
introducing a new node that serves the Mobile Station and a gateway node providing
connection towards the Internet.
Other PLMN Radio access network shared
by GPRS and CSD
PDN GGSN SGSN BSC BTS
Circuit switched Packet switched
Figure 6: Logical architecture: SSGN and GGSN servers
introduced in GSM for handling of packet switched traffic.
Serving GPRS Support Node (SGSN)
The Serving GPRS Support Node is equivalent to the MSC of the circuit switched part of
the network. It is the connection point in the packet switched network for the Mobile
Station and performs mobility management, security and access control on individual
Mobile Stations in a certain coverage area controlled by the SGSN via the Base Station
Gateway GPRS node (GGSN)
The Gateway GPRS Support Node (GGSN) acts as a gateway to external networks for all
external packet traffic to and from the Mobile Station. In GPRS terminology, external
packet networks are named Packet Data Networks (PDNs). To external networks the
GGSN behaves like normal router and the GPRS domain as a regular LAN.
2.3.3. GPRS Connections
A Mobile Station makes its presence known to the Packet Switched domain by doing a so
called GPRS attach to the SGSN in charge of the area where the Mobile Station is
located. The Mobile Station is not available for communication before making its
presence known to the network, nor can it be reached in any way from the network if
anyone is trying to make contact.
The MS does a GPRS attach by supplying its International Mobile Subscriber Identity
(IMSI) and some other information to the SGSN. The SGSN checks with the HLR and
the AuC and verifies the subscriber. After a successful GPRS attach procedure the
Mobile Station is known to network as a GPRS enabled device and the SGSN will
perform Mobility Management. However, no data can be sent or received by the Mobile
Station as the network has not yet assigned any IP address to the MS.
A GPRS attach must also be performed if the Mobile Station already is known to the
MSC/VLR in the circuit switched domain.
The Mobile Station is now ready to initiate communication or to be contacted by the
network if there are incoming data ready to be delivered. However, before exchange of
data packets can take place the Mobile Station needs to be assigned an IP address in the
packet switched domain.
In GPRS, IP address assigning is achieved by performing a so-called Packet Data
Protocol context activation. A Packet Data Protocol (PDP) represents the network
protocol used by an external Packet Data Network (PDN) that is connected to GPRS. All
protocols that are supported by the underlying IP protocol are applicable to the GPRS
packet domain, including the Point-to-Point protocol (PPP). However, not all protocols
may behave as expected due to the difference in bearer service characteristics between
fixed networks and the GSM radio access network.
By performing the PDP context activation the GPRS network will provide a connection
to an external network point, such as an ISP, WAP gateway or corporate network.
However, in practice a GPRS operator may provide its own ISP that is connected to the
GPRS network and may use this ISP to provide general Internet access for all
subscribers. An external Packet Data Networks address is referred to as an Access Point
Name (APN) in GPRS terminology.
A GPRS attach requires and or set the following information in the Mobile Station,
SGSN and GGSN [TS 27.060]:
• Packet Data Protocol, e.g. IP or PPP
• Access Point Name, e.g. IP address or PPP address
• Protocol configurations options if required by the PDP type
• TCP/IP header on or off
• Requested quality of service
A GPRS attach can be initiated by the user or by the network, but when initiated by the
network only the static PDP addressing is applicable.
Interconnected GPRS networks provide roaming and provide worldwide access to Mobile
Stations ISP(s) or Intranet. The access provided by GPRS is analogous to a dialup or
leased lined over the PSTN to an ISP. The connection access or PDP context can be seen
as a tunnel through GPRS networks.
Domain IP backbone
Figure 7: Simplified GPRS interconnections.
GPRS nodes are interconnected on an IP network and the IP networks of each GPRS
network are interconnected on an inter-PLMN IP backbone. The inter-PLMN is an
isolated network and not connected directly to the public Internet. However, the SGSNs
and GGSNs have been assigned public IP addresses for future use if the network ever
should be directly connected to it.
The GPRS section of the access connection through the inter-PLMN backbone between
the SSGN serving the terminal and the GGSN of the home network is provided by the
GPRS tunneling protocol (GTP). The GTP protocol relives the GPRS networks of
understanding external Packet Data Networks protocols used by the Mobile Stations, so
that only one protocol has to be known by GPRS, namely the IP protocol.
When GPRS logs on to its home or visited network, it selects which ISP/Intranet it
wishes to access by specifying the Access Point Name (APN) of the ISP/Intranet. The
access may go through the visited GGSN or the home GGSN depending on if the
ISP/Intranet is known/connected to the visited network or not. So for example a MS can
access a local server of its ISP via the visited GGSN, without establishing a GPRS
Tunneling Protocol from the SGSN to the home GGSN.
The PDP context or access connection is connection oriented and is held as long as the
terminal remains logged on, being days or months. It extends from the terminal to the
• Offers "always on". No need to dial a number for every connection.
• Charging data based, not per minute/second, but per byte.
• Packet switched; Resources allocated only when data is to be sent/received.
• Connection with IP networks
• Packet transfer enables cost effective and efficient use of network.
• Theoretically maximum speed of 115Kbps
• Fast setup/access time compared to GSM circuit switched connections.
• Temporarily IPv4 address.
GPRS offer two categories of services :
• Point-to-Point (PTP) services. Offers connection-less transmission of packets
between two users.
• Point-to Multipoint (PTM) services. Offers transmission of packets between a
user and a group by IP-Multicast.
No supplementary services are defined for GPRS 
2.3.5. GPRS terminal classes
GPRS classes is not to be confused with MExE Classmarks.
• Class A
o Class A terminals are able to handle circuit switched and packet switched
simultaneously. Both type of services are handled independently.
• Class B
o Class B terminals handle one service at the time, circuit or packet
switched, and has a capability for automatic switching between the two
modes. E.g. a class B terminal suspends a packet transfer when receiving a
circuit switched call, and then resumes it afterwards.
• Class C
o Class C terminals must be set manually to either packet or circuit switched
mode. When a class C terminal is in packet mode, it is unreachable from
circuit switched traffic and vice versa.
o A special case of class C terminals is a packet only terminal.
GPRS is so far a success, with over 105 networks in Europe and 25 in the rest of the
world in service or under implementation . GPRS is unprecedented in mobile
communication. The Òalways onÓ concept introduced by GPRS combined with location
information should provide a solid base for 3rd parties and operators alike.
2.4. Enhanced Data rates for Global Evolution (EDGE)
EDGE offers the possibility of increasing data rates on GSM/GPRS networks towards
those expected from UMTS without substantial reengineering of the existing mobile
EDGE was initially developed for mobile network operators who fail to win a UMTS
license. The work on EDGE started in 1998, when the first UMTS specification was just
a year away from publication. Despite the fact that UMTS was regarded as superior to
GSM, it was not clear if every existing GSM operator would be able to obtain an UMTS
license, so in 1998 work was initiated to find out if EDGE was a feasible solution to
operators left out from UMTS.
New Mobile Stations are needed to take advantage of EDGE, but all main GSM and
GPRS concepts remain the same, except for the higher bit rates and some minor
difference in coverage area . The new EDGE transceivers in the Base Station can
automatically handle normal GSM traffic and switch to EDGE when needed.
EDGE is being developed in two phases, the first phase introduces EDGE for CSD and
GPRS, while the second deals with UMTS IP Multimedia issues and is therefore phase
Affected by EDGE
HLR MSC BSC
Figure 8: EDGE related to GSM architecture.
2.4.1. Radio Link Aspects
Since the data rates for GSM/GPRS is limited by the eight physical number timeslots
available, the only way to increase the data rate further is to transmit more bits in each
timeslot. This is achieved in EDGE by changing the modulation on the carrier from
GMSK to 8 Phase Shift Key (8PSK). 8PSK has the advantage over GMSK in that it
increases the number of bits from 1 bit to 3 bits per symbol. The symbol rate of 270.8
Kbps is equal to that of regular GSM, resulting in three times higher bandwidth for
EDGE compared to regular GSM.
180 360 (0,0,1) (1,1,1)
Figure 9. EDGE three bit values as related to modulated signal phase 
It is important to notice that the bit rates below may not be available in the full cell area.
A regular GSM time slot offers a maximum of 14.4 Kbps to GPRS and CSD.
Enhanced GPRS: 
• Urban/Suburban outdoors: 48 Kbps per timeslot between 3 Ð 100 Km/h.
• Rural outdoor: 18 Kbps per timeslot up to 250 Km/h.
Enhanced CSD: [3GPP TR 45.002 V4.430]
• 28.8 Kbps per timeslot
• 32 Kbps per timeslot
• 43.2 Kbps per timeslot
• Maximum 2 timeslots per CSD user.
Due to limitations on the A-interface between the Base Station Subsystem and the MSC
the maximum bandwidth available for CSD to one Mobile Station is 64 Kbps or two
The introduction of EDGE in GSM enhances CSD and GPRS by offering a new physical
layer and higher data rates. The GPRS and CSD services are not modified in any way.
The first phase of does not have support for real time. However, real time will be
introduced later when connected to a new UMTS IP Multimedia Core Network specified
in Release 5 from 3GPP. EDGE and how it works together with UMTS is explained in
the chapters about UMTS.
EDGE will deliver higher bandwidth and better latency to applications developed for
regular GSM/GPRS/CSD. The mobile network itself is perceived as the same from an
application perspective. The same services are offered, but with a higher bandwidth.
For services that uses CSD the maximum bandwidth is 64Kbps, while GPRS is limited
maximum eight timeslots or less depending on operator policy and Mobile Station
EDGE could be a feasible option, not only for non-UMTS licenses holders, but also for
operators of both GSM and UMTS networks to increase the bandwidth and thus their
ability to deliver reasonable high bandwidth services outside of densely populated areas.
Another advantage EDGE has over UMTS is that it does not require a new license from
the government. EDGE can be installed on 450, 900, 1800 and American 1900 MHz
EDGE offers substantially higher data rates, thus increasing the number of services and
applications that can be delivered over the old GSM network. Another advantage is the
similarity in bandwidth achieved compared to the first phase of UMTS. Many
applications and services developed for UMTS will thus continue to function when a user
roams into an EDGE enabled GSM network, thus offering the end user better seamless
service no matter the location or network.
In 1992 the World Administration Radio Conference decided to reserve the radio
spectrum between 1900 MHz and 2000 MHz for use by the Third Generation Mobile
System (3G). The telecommunication industry had by the year 2000 developed a family
of technologies for use in this spectrum around the world. In Europe the technology is
referred to as the Universal Mobile Telecommunication System (UMTS) and
standardized by the Third Generation Partnership (3GPP). The first standard by 3GPP for
implementation is known as Release 99, named after the year it was released. Later
releases by 3GPP have changed naming convention and the next was release 4 in March
2001, which was an evolution of Release 99. Release 5 is expected later this year in
December 2001  and will introduce IP for signaling in mobile networks.
There will be differences from continent to continent, although some access technology
will be found on more than one continent.
The International Telecommunication Union (ITU) supervises harmonization of the
different 3G technologies through the IMT2000 (International Mobile Communications
for the year 2000. In 1999 IMT2000 agreed on the following compatible radio access
technologies for 3G :
• IMT-DS: Based on ETSI W-CDMA, using Direct Spread CDMA (Code Division
• IMT-MC: Based on U.S.A cdmaOne, using Multi-Carrier CDMA.
• IMT-TC: Based on ETSI TD/CDMA, using Time and Code division multiple
• IMT-SC: Single Carrier. Based on UWC-136/EDGE (Enhanced Data Rates for
GSM and TDMA/136 Evolution.
• IMT-FT: Frequency Time. Based on DECT.
These technologies are going to be deployed as follows:
• Europe: DS/TC/SC
• Asia: DS/CS
• Americas: MC/SC
• Africa: FT
2.5.1. UMTS Ð First version
In Europe UMTS refer to a new radio access network attached to the familiar
GSM/GPRS network. The packet switched nodes SGSN and GGSN, the circuit switched
MSC, and other network nodes are reused, but with a theoretically higher bandwidth
delivered by the new radio access network. The new radio access network is called
Universal Terrestrial Radio access Network (UTRAN) and was developed to offer higher
data rates to the end user and at the same time increase the capacity in terms of number
simultaneously users than those possible by GSM. An evolution path was chosen by
reusing GSM/GPRS core network functionality because the main limitation in
GSM/GPRS is the radio access networkÕs bandwidth and not the packet and circuit
switched domains. By reusing the existing core network functionality, operators can rely
on well-tried and tested network equipment and only focus on the deployment of the new
antennas, transceivers and radio control subsystem, thus minimizing the risk.
Circuit Switched domain
GSM MSC PSTN
UTRAN Packet Switched domain
SGSN GGSN Internet
Figure 10: Universal Radio Access Network (UTRAN) added to the
exiting GSM/GPRS network.
UTRAN handles all communication with the Mobile Station over the air interface and
connects to both GSM and GPRS core network domains. Its architecture resembles the
architecture of the Base Station Subsystem (BSS) in GSM/GPRS, but the technology is
UTRAN consists of set of Radio Network Subsystems (RNSs) equivalent to the GSM
Base Station Subsystem (BSS). Each RNS is compromised of one Radio Network
Controller (RNC) comparable to a GSM Base Station Controller (BSC) and one or more
B-nodes similar to a GSM Base Station.
Figure 11: UMTS radio access network UTRAN 
The SGSN and GGSN are used by both GPRS and UMTS, but procedures and
information elements may be different in the SGSN and GGSN nodes depending on
which radio access network the subscriber are connecting from . These changes come
from physical differences between the two radio access networks and new features and
information elements only applicable to UMTS.
18.104.22.168.A UMTS Evolution
The first phase of UMTS differs in many aspects from GSM/GPRS, but the only
difference in physical implementation between UMTS and GSM/GPRS is UTRAN. If
UTRAN does not deliver bearer services better than GSM/GPRS/HSCSD/EDGE, the
user will perceive UMTS as just another GPRS/GSM network until the next phase of
UMTS is introduced. The next phase of UMTS will remove the circuit switched part
(MSC) of GSM and integrate UMTS with the Internet and other access networks.
2.5.2. UMTS Ð IP Multimedia
3GPP started the development of IP based multimedia services in 1999 based on the idea
of bringing IP telephony to the Mobile Station and to define a third generation network
that could function without the traditional GSM circuit switched domain. The resulting
infrastructure has been named IP Multimedia Core Network Subsystem and is due for
official release in December 2001 as part of release-5 from 3GPP.
The IP Multimedia Core Network subsystem introduces a complete new control and
signaling functionality for management of multimedia sessions , including call and
data sessions. The radio access systems are the same as for UMTS and GPRS, the GPRS
packet switched network also remains unchanged, but the circuit switched part of GSM is
no longer used.
The IP Multimedia Core Network subsystem provides the necessary functionality to set
up, supervise and tear down multimedia sessions. However, it does not handle the actual
transport of multimedia content. The existing GPRS packet switched core network
provides for transport of the actual user data.
IP Multimedia (IM) Core Network (CN) requirements
Some of the service requirements as specified by 3GPP  before the actual work was
started to define the IM architecture:
• Services shall not be standardized, i.e. no architecture specific services.
• Network access independence: Access should be possible via UTRAN, GPRS,
WLAN and PSTN.
• Automatic roaming: Automatic access to services when roaming.
• Support for interworking with the Internet, PSTN and ISDN.
• Negotiable Quality of Service.
• Hide network IP Multimedia Core Network topology from competitors.
22.214.171.124.Session Initiate Protocol (SIP)
The Session Initiate Protocol  has been chosen by 3GPP as main communication
protocol in the IP Multimedia Core Network. The rest of this chapter is a general
introduction of SIP as background material for the IP Multimedia Core Network.
SIP Network aspects
SIP is an end-to-end application layer session signaling and control protocol for
managing Internet telephone calls and multimedia sessions. SIP can for example be used
to set up regular telephone calls or redirect calls from unknown callers to secretary or
reply with a www-page if unavailable.
It is important to note that SIP itself does not carry any user data, nor does it deal with
QoS or gateway control , it only deals with session setup, modifying and termination.
However, it can convey to the invited system the necessary information to reserve
An implication of the separation of SIP and user data is that SIP packets and user data
packets does not necessarily travel the same path over the Internet. SIP manages the
session so that the end points can exchange information and is normally transported by
UDP or TCP, while user data can be transported over the protocol available for the
SIP is a textual oriented protocol based on HTTP/1.1, in fact it is so similar that much of
the message and header syntax is identical, however it is no extension of HTTP/1.1, but a
proper protocol on its own. SIP, for example, can use UDP as transport protocol, while
HTTP cannot .
SIP works by sending textual messages in a request/reply fashion. The SIP methods are:
• INVITE: Initiates a session
o ACK: Confirms session establishment. Only with INVITE.
• BYE: Terminates Session
• CANCEL: Cancel an INVITE
• OPTIONS: Enquire about capabilities, e.g. if UA handles video streaming.
• REGISTRAR: Binds a permanent address to a current location (IP address).
SIP conveys information by sending predefined response codes that are consistent with,
and extended, HTTP/1.1. There are several categories and only a few examples will be
1xx codes: These codes are informational and can have a more understandable
informational text about the current status. Codes are is intuitive and easy to work with,
thus facilitating service creation and user presentation.
• 100 Trying
• 180 Ringing
• 181 Call being forwarded
• 182 Queued
• 182 Queued, 2 people in front of you.
• 182 Queued, 2 people in front of you.
Other important codes are:
• 200 OK BYE
• 200 OK INVITE
• 200 OK REGISTER
• 301 Moved Permanently
• 301 Moved Temporarily
• 403 Forbidden
• 404 Not Found
• 415 Unsupported Media Type
The 6xx codes are defined by SIP and are not part of HTTP/1.1:
• 600 Busy Everywhere
There are two network entities in SIP: The User Agent (UA), which initiates calls and the
User Agent Server that listens for incoming calls. A User Agent can act as both server
and client depending on functionality. User Agents are addressable and can take on the
• Non-SIP addresses, including mailto: and http:
Addresses in SIP are made globally reachable by registration of the SIP address to some
current IP address in the SIP User Agent Register server.
REGISTER sip:company.com SIP/2.0
Via: SIP/2.0/UDP malaga.company.com
CSeq: 1 REGISTER
Figure 12: Example of a SIP registration .
SIP Proxy Server
Apart from the SIP UA Registration server there are UA Proxy server and UA Redirect
servers (see below).
The Proxy Server determines where to route the SIP message, i.e. to a User Agent, other
Proxy or Redirect server (see below). A Proxy server serving as the first connection point
for a User Agent, may provide services like routing an emergency call to the nearest
police station. A proxy server may also try to request several different UAs in serial or
parallel, e.g. if the first police station is occupied, then try the second closest.
SIP Redirect Server
The last server functionality in SIP is the UA Redirect server. The Redirect server are
useful for more permanent changes to the UAs availability, e.g. if the subscriber change
operator, then the operator could have a redirect server handling all requests to old
subscribers by replying the users new domain name.
IP Multimedia functionality is introduced by a SIP server called the Call State Control
Function (CSCF) and a subscriber database called the Home Subscriber Server (HSS).
There are three types of CSCFs in an IP multimedia network, each behaving differently
depending on its functions within the network. However, all of them are SIP servers.
Home Subscriber Server (HSS)
The Home Subscriber Server is a combination of the Home Location Register (HLR) in
the existing UMTS/GPRS/GSM network and new functionality required by the IP
Multimedia Subsystem. The HSS provides the following functionality :
• User identification, numbering and addressing information
• User security information: Network access control information for authentication
• User location information: Handles user registration and location information.
• User Profile: Subscribed services and service specific information (exact content
not yet defined)
IP Multimedia subsystem Visited PLMN
Signaling only I-CSCF
Figure 13: Basic IP Multimedia subsystem principles. Signaling and user
data are separated, but may travel the same path to the destination.
The Proxy-CSCF is the first contact point with the IP multimedia subsystem within the
network for a Mobile Station. The Proxy-CSCF acts like a proxy, i.e. accepts request and
either process them internally or forwards them on, possibly after translation.
The Proxy-CSCF address is discovered after a GPRS attach using either DCHP to
provide the Mobile Station with the domain name of the Proxy-CSCF and the address of
a DNS server, or by transferring the Proxy-CSCF address directly during PDP context
activation if the terminal does not support DCHP.
Proxy-CSCF main responsibility is to forward SIP register requests from the Mobile
Station to an Interrogating-CSCF based on the home domain name as provided by the
Mobile Station. After registration the Proxy-CSCF receives the address of the Server-
CSCF assigned to the Mobile Station and begin forwarding SIP requests and responses to
and from the Mobile Station to the Server-CSCF via the Interrogating-CSCF.
Home B Home A
8 7 4 3
9 6 5
S- I- S- I-
CSCF CSCF CSCF CSCF
14 15 16
10 13 17 2
Proxy- Visited B Visited A Proxy-
11 12 18 1
Radio Access Network Radio Access Network
Figure 14: SIP Call setup in IP Multimedia. All three types of
CSCF are involved.
Serving-CSCF is the main control server and performs the session control services for the
Mobile Station. There may be more than one Server-CSCF in the network.
A mobile Station must perform a registration at the Serving-CSCF before any services
can be performed. After registration all SIP requests for services, e.g. call to another
Mobile Station goes through the Serving-CSCF. For any call the Serving-CSCF must find
the address of the Interrogating-CSCF of the operator serving the destination subscriber
(dialed phone number or SIP URL) and forward the request. If the destination subscriber
is internal the request is forwarded to an internal Interrogating-CSCF.
The Serving-CSCF is also the main connection point to service providers internally and
externally, for example the Serving-CSCF may forward SIP request to an externally 3rd
party service provider.
Interrogating Ð CSCF is the contact point within an operatorÕs network for all
connections (external or internal) destined to a subscriber of that network, or to a visiting
roaming subscriber within the network operatorÕs service area. There may be multiple I-
CSCFs within one network. An operator may use the I-CSCF to hide the network
configuration, capacity and topology to the outside by forwarding SIP requests and
responses to another Interrogating-CSCF.
Interrogating-CSCF main responsibility is to assign a Serving-CSCF to a Mobile Station
doing a SIP registration and to route and forward SIP requests and responses from the
Mobile Station to the S-CSCF.
The assigning of a Serving-CSCF is based on information about subscriber location,
Serving-CSCFs locations in the network and their availability and capabilities. This
information is internal and not yet standardized. The Interrogating-CSCF finally obtains
the chosen Serving-CSCF address from the HSS.
126.96.36.199.IP Multimedia Network functionality
Service control for the subscriber is always performed in the home network and
controlled by the Serving-CSCF, even when roaming. However local services in a
visited network can be offered and executed locally under control by the Serving-CSCF
in the home network, e.g. an emergency call.
Earlier versions of the IP multimedia system had a Serving-CSCF in the visited network
as well, but this option was removed due to various problems. One of the problems was
that 3rd party service providers then had to relate to all operators that the subscriber could
roam into. Problems arise if the different visited networks do not have the same versions
of the service platform as the home network and the 3rd party service provider is offered
extra functionality only from the home network operator and not from every other
operator as well. If this happens the subscriber would not receive the same services
everywhere since services rely on the extra functionality in the home network, thus
ruining the Virtual Home Environment concept of the same services everywhere.
Every IP multimedia subscriber has private user identity assigned by the home network
operator and used for registration, authorization, administration and accounting purposes.
The private identity is a globally unique identity on the form of a Network Access
Identifier  and is stored in the USIM and HSS. The private identity is not used for
routing of SIP messages, but contained within different SIP requests to allow the Server-
CSCF in the home network to authenticate and charge the subscriber.
The private identity is tied up to at least one public identity on the form of a SIP URL
 or regular E.64 telephone number. The public identity is used by any user to request
communication with the public identity owner. The public identity is stored in the USIM
The home domain name is used to identify Interrogating-CSCF in the home network and
must be stored in the USIM.
When an IP multimedia Mobile Station moves between PLMNs it must require a new IP
address from the new network. When leaving the PLMN, the current IP address is
released by deactivating the PDP context supporting the SIP signaling. A new IP address
is obtained from the new network by activating a new PDP context. Then a SIP
registration request is sent via the local Proxy-CSCF to the home network based on the
home domain name stored in the Mobile Station, where the Interrogating-CSCF assigns a
Serving-CSCF to the Mobile Station based on the private identity and information
obtained from the HSS.
Use of Interrogating-CSCF is optional. Depending on the desire to hide the network
infrastructure, e.g. keep the Serving-CSCF IP address secret. If there is no Interrogating-
CSCF the SIP request will be routed directly to the Serving-CSCF.
The goal of the IP multimedia subsystem is to achieve network access independence and
to provide seamless multimedia services based upon Internet application services and
protocols. Services are not standardized within the IP multimedia system as in a regular
GSM network. Service development within the IP multimedia system is left to operators
and 3rd party suppliers using the mechanisms provided by the Internet and the IP
multimedia system. However some basic functionality, such as caller-ID blocking and
forwarding when busy are implemented in the network, but in a significantly different
manner than in the circuit switched domain of GSM, as all communication is based on
SIP messages between Mobile Stations and different CSCFs.
HSS S-CSCF Capability Server
Radio Access Network
Figure 15: Provision of services in the IP Multimedia system
Camel support in IMS
Although services are not standardized in the IP multimedia system, it has been decided
that operators shall be able to offer legacy CAMEL services to their subscribers in the
home network and when roaming in a foreign network that does not support CAMEL or
the required CAMEL version.
OSA support in IMS
The Open Service Architecture (OSA) is a new concept for allowing 3rd party service
providers and the applications access to the IP multimedia system or GSM/GPRS
network information previously only accessible to the operators. The access is provided
through an API, which is mapped to the OSA capability servers. Secure access to the IP
multimedia system from external service providers is only provided through (OSA).
However, access control does not reply to SIP messages, only to API calls via the Open
SIP is not mapped to the OSA API in the current 3GPP standard, but a EURSCOM
project  is investigating how to include access to SIP call control and mobility
functionality through the OSA API by introducing a SIP/OSA gateway in the network.
On the IMS the gateway would be seen as a SIP proxy and User Agent, while SIP call
control and mobility aspects would be accessible to 3rd party application developers
through the API.
SIP Application Server (AS)
The SIP Application Server is internal to the IP Multimedia Network and work together
with the Serving-CSCF, while OSA can be both internal and external.
The SIP Application Server and Serving-CSCF work together to provide services to the
subscriber. The Serving-CSCF can provide services by it self or it can leave the service
control to the SIP Application Server, which take on different roles depending the
required service .
• SIP Application Server acting as originating User Agent. AS initiates a session by
sending a SIP request if triggered by some event, such as a certain date/time
• SIP Application Server acting as a SIP proxy. Serving-CSCF receives the request
and forwards it to the AS, which analyze the request and maybe perform some
actions before forwards it to the recipient via the Serving-CSCF.
• SIP Application Server performing 3rd party call control. For example: The
Application Server could check availability at an external call center before
forwarding the call to an available operator.
• SIP Application Server acting as terminating User Agent or redirect server, e.g.
forwarding when busy.
The SIP Application Server, OSA and IM SSF exhibit the same interface behavior to the
Serving-CSCF. The Serving-CSCF decides if an incoming requests needs to be
forwarded any of the AS by contacting the HSS. The exact filtering mechanisms that is
used by the Serving-CSCF to decide what dot o based on the information received from
the HSS and other sources is still not decided.
SIP and IP Multimedia may be the technology that brings Internet to the whole wireless
community, including Wireless LAN (See below) and enables seamless services between
mobile subscribers independent of access networks, fixed or wireless.
2.6. Wireless Local Area Network (WLAN)
WLAN offers flexibility compared to its fixed counterpart. There are no cables and the
connection is available over some confined area, such as a building floor. To connect to a
WLAN some special hardware is required, usually a PCMCIA card with antenna. A
GSM or UMTS Mobile Station cannot connect to a WLAN without such equipment, as
mobile networks and wireless LANs are two different technologies.
There are several different wireless LAN standards available today. De facto standard
and only one commercially available at the moment, is the 802.11b standard from IEEE
that delivers a gross of 11Mbps, and some 5 to 6 Mbps to the Mobile Station. IEEE has
also developed a more powerful version called 802.11a, which delivers up to 54 Mbps
gross data rate and some 20 to 25 Mbps to the terminal. At the same time, the
telecommunication industry has been working on a competing technology called
HiperLAN/2. The telecommunications companies have promoted HiperLAN/2, while
802.11a has been promoted by the IT-business. In this thesis only 802.11 will be
elaborated, as HiperLAN/2 seems to have lost the battle against 802.11a.
2.6.1. Common 802.11 architecture 
The 802.11 Local Area Network is a shared medium point-to-point network that
broadcasts information for all stations to receive. Both 802.11a  and 802.11b are
based on 802.11 and share the principles explained.
Data Link Scope
MAC MAC of
Physical Physical Physical standard
Figure 16: The scope of WLAN 802.11
A well defined physical coverage area does not exist for WLAN. The high frequency
propagation characteristics are dynamic and unpredictable and only small changes in
position may result in dramatic differences in signal strength.
802.11 defines two pieces of hardware, a station, which can be a laptop or PDA with a
wireless PCMCIA card and an Access Point (AP), which is a extended station that acts as
bridge between the wireless and fixed LAN. Both a regular station and an AP are
There exists two 802.11 architecture configurations, the simplest one is the Ad-hoc
configuration. In an Ad-hoc configuration every station can communicate with every
other station. There is no base station acting as relay and there is no connection to the
Internet via the WLAN.
Distribution System (DS)
Figure 17: Extended Service Set (ESS)
The most common configuration is called Infrastructure. In an Infrastructure
configuration there is at least one station called Access Point connected to the fixed LAN
that acts as relay between the terminals and as connection point to the Internet. This
configuration is called a Basic Service Set (BSS).
Several BSSs are interconnected via a Distributed System (DS) referred to as an
Extended Service Set (ESS). The DS interconnects a set of BSS and LANs by using a
Distributed System Medium (MDS) for inter Access Point communication. The MDS can
be any network, not just regular fixed LAN, thus making it easy to interconnect APs; on
future networks over the Distributed System.
2.6.3. Access control
The task of the Medium Access Control (MAC) layer is to regulate the access to the
physical layer of the Wireless Local Area Network, thus enabling the terminal to send
and receive data from for example the Internet or other stations within the BSS.
The MAC layer is intended to be independent of the physical layer and provides the
• Access regulations by using the carrier sense multiple access protocol with
collision avoidance (CSMA/CA).
• Power management to reduce power consumption in the terminal.
The MAC layer is required to appear to higher layers as regular fixed 802 LAN. This
requires that 802.11 handles mobility within the MAC layer, thus incorporating
functionality not found in regular fixed LAN MAC layers.
The MAC protocol offers equal opportunities to all terminals to use the transmission
channel and any station may transmit directly to another.
Transmit & receive
A base station operates on one frequency, which is shared by all mobile terminals in the
base stationÕs coverage area. Information to a specific mobile terminal is broadcasted to
all mobile terminals the coverage area, which then check if the information carry their
address. The mobile terminal that recognize its address, process the information, while
the others discard it.
Since all mobile terminals and base station share the access medium (the radio
frequency), only one mobile terminal may transmit at the time, otherwise the receiver
would not be able to understand it, as the receiver cannot at any time decode and
understand more than one signal received at the antenna. Two signals received
simultaneously by the AP are referred to as a collision. To avoid collisions, some form of
access control must be deployed 
The access control used in 802.11 is Carrier Sense Multiple Access with Collision
Avoidance (CSMA/CA). Carrier sensing means that a station that wants to transmit
senses if anyone is transmitting, if not (no carrier), the mobile station start to transmit.
However the method is not perfect due to the physical limitations of radio waves as
transfer medium. Additional logic must be deployed to solve the following problems:
• Hidden Stations: Carrier sensing may fail to detect that another station on the
network is transmitting, due to obstruction of the radio waves from the other
station, thus resulting in collision at the Base Station (AP).
• Fading: Two terminals may be out of range of each other, but not of the Base
Station (AP), thus making it impossible for the mobile terminals to detect if the
other is transmitting.
When a station is ready to transmit it senses the medium (the carrier) to see if any one is
transmitting. If there is no carrier signal, the following can be assumed by the terminal:
1. The medium is available
2. An out of range terminal is in the process of requesting a slot.
3. An out of range terminal is using a slot that it had previously reserved.
The highest risk for collision occurs just after a medium has become idle, since more than
one mobile terminal could have been waiting to transmit. This is avoided by a random
backoff mechanism, where each mobile terminal waits some random time before sensing
the medium again after sensing the medium busy.
After transmitting a packet the sender waits for an acknowledgement (ACK) from the
receiver. If no ACK is received, the sender assumes that the packet or the ACK, and
transmit the packet after waiting some random time.
In addition to the mechanisms above 802.11 provides an optional method to solve the
hidden node problem. This scheme works by that the sending station first transmit Ready
To Send (RTS) and the AP reply with Clear to Send (CTS). All station can hear the CTS
from the AP (including hidden stations) and will delay their transmission, leaving the
medium free to the sending station, thus avoiding collisions.
2.6.4. WLAN vs. UMTS
The 802.11 standard is regarded as a very interesting wireless bearer in "hot spots" like
airports and indoor environments due to its high bandwidth. If WLAN pose a threat to
UMTS/UTRAN still remains to be seen. WLAN can be incorporated into mobile
networks when the IP Multimedia Subsystem is introduced. As explained above, SIP is
an application protocol that runs on top of IP and can easily set up sessions to any device
connected to the Internet, e.g. via WLAN. UMTS deliver 2 Mbps in indoor environments
and Òhot spotsÓ compared to 11 Mbps of today's 802.11b or the 54Mbps of 802.11a.
One the greatest strengths of WLAN is itÕs use of unlicensed spectrum. 802.11.b operates
in the 2.5 GHz band and 802.11.a in the 5 GHz band. The unlicensed spectrum implies
that it is open to everyone to buy and deploy WLAN wherever they want. This is sharp
contrast to the mobile industry, where operators pay huge sums for the right to use the
limited, low bandwidth UMTS spectrum.
2.7. Access Network evolution
UMTS still has a long way to go. The first roll out of UMTS is limited to UTRAN, which
will co-exist as islands of UMTS coverage within GPRS. GPRS coverage is equal to
GSM and is built upon a well-tried and tested access network, while UTRAN is new.
UMTS promise high bandwidth, but can be matched in theory by EDGE enhanced GPRS
up to 348 Kbps.
HSCSD is limited to 64Kbps even when used together with EDGE and maximum
bandwidth is not guaranteed during the entire session. However, it is still better than
GPRS for streaming, as it has some guaranteed minimum bitrate, while GPRS may be left
with no connection at all during some period of time during session.
WLAN offers better bandwidth than all the mobile networks and is license free.
However, connection with mobile networks and services is not available yet. IP
Multimedia Subsystem and SIP may facilitate seamless operation between mobile
networks and WLAN in the near future.
3. Network Services
Of the seven wireless network architectures and extensions outlined above, some offer
more network specific services than others. However, the single most important service
concept incorporated into the network architecture is the non-realtime store and forward
messaging service available in GSM, GPRS and UMTS. There are other services like
call barring and forward when busy, but these services are not so interesting from a 3rd
party service provider view. Multimedia Messaging receives the main focus in this
chapter due to the fact that is the most advanced messaging service ever created for
mobile networks and offer 3rd party service providers a new dimension in service creation
compared to SMS and EMS as explained below.
3.1. Messaging Services
Over the last few years SMS messaging has emerged as an important social and
economic service of unprecedented proportions. Billions of SMS messages are sent every
month over GSM networks all over the world, providing huge benefits in an era where
mobile network operators faces huge economic problems due to enormous investments in
UMTS licenses and equipment. The SMS market has increased from one billion SMS
messages in April 1999 to an average of 16 billion messages per month in the first quarter
of 2001 
3.2. Short Message Service (SMS)
Basic SMS  provides a simple non-realtime store and forward service of text
messages. A message is normally only 157 7-bit characters long, but can be as long as
39015 7-bit characters long if compression is used and messages are concatenated. The
SMS bearer is always one of two signaling channels in circuit switched GSM, and in
GPRS one of the two signaling channels or a regular GPRS traffic channel . A
signaling channel can be as slow as 0.39 Kbps net bit rate, while the slowest GPRS traffic
channel delivers 9.05 Kbps, thus SMS delivery via GPRS is normally a more radio
resource efficient method than SMS delivery via circuit switched GSM .
3.3. Enhanced Messaging Service (EMS)
Another messaging service for GSM has emerged called Enhanced Messaging Service
. EMS is based upon SMS and offers simple animations, small pictures, simple
melodies and text formatting. As EMS is an extension to SMS it requires no new network
infrastructure, only new EMS enabled handsets are necessary.
EMS allows for either 16*16 or 32*32 pixels or variable size pictures in plain black and
white. Animations cannot be sent over the air interface to the Mobile Station, but are pre-
stored and triggered by the message. However, it is possible to send user-defined
animations that consist of four pictures in two different sizes (8*8 or 16*16) over the air
Allowed text formatting is:
• Alignment: left, right and center
• Fonts: normal, small and large
• Style: Normal, bold, italic and underlined
There are 10 predefined sounds stored in the Mobile Station that can be triggered by the
incoming message. However, user defined melodies according to the iMelody format can
be transferred within a message and played by the receiver.
As seen above, EMS offers some enhancements compared to regular SMS, but does not
support color pictures, audio (speech, real music), video or complex documents. In order
to enable such multimedia content to the Mobile Station, 3GPP developed a completely
new standard independent of SMS called Multimedia Messaging.
3.4. Multimedia Messaging (MMS)
Multimedia Messaging is a non-realtime store and forward service for delivering
multimedia content to Mobile Stations over GSM, GPRS and UMTS. It supports virtually
any media format and delivers color pictures, video, audio and text to the Mobile Station.
Messages can be sent between mobile subscribers terminals, to and from 3rd party servers
outside the operator domain, between subscribers belonging to different mobile networks
within a country and abroad and when roaming into visited networks, just like SMS
3.4.1. Media Support
Text, Audio, Video and Images are the four basic media formats in MMS. Each media
format can be supported by several different media types, but for the moment only a basic
set of media types is mandatory: 
Minimum support of the basic media formats:
• Text: Plain text
• Audio: AMR
• Image: JPEG
As can be seen above, support for video is not required for the time being. However, as
MMS technology matures, video and more media formats will be supported. The
following formats are suggested for compliance with standard Internet content media
• Audio: MP3, MIDI, WAV
• Image: GIF
• Video: MPEG-4, ITU-T H.263 and QuickTime
It is likely that MP3 will be supported even before it becomes mandatory, as there already
exists MP3 enabled phones on the market today.
3.4.2. Multimedia Message Service Environment (MMSE)
The MMSE is the complete set of elements that is needed to support multimedia
messaging. The main new component introduced in the operators network is the MMS
Relay, Server and Message Store.
MMSE Message HLR,
Server MMS Value
GSM WAP Internet/
GPRS Added Service
Gateway Intranet Applications
MMS User Visited
Agent/Client Internet UMTS
Server User Agent
Figure 18: The Multimedia Messaging Service Environment.
MMS User Agent
The User Agent resides on the mobile terminal and provides the user with the ability to
view, hear, compose, send, receive and delete Multimedia Messages (MMs). However,
only presentation of the message, presentation of the notifications to the user and retrieval
of the MMs are minimum supported functionality. Optional functionality could be any of
• All aspects of storing the message on the terminal and/or in the SIM/USIM.
• End-to-end encryption
• Electronic message signing
• Handling external devices, such as cameras.
• Message composition
• Message submission, i.e. send the message.
This is the main element in the MMS architecture. It handles all major aspects of a MM
message lifecycle, including:
• Message conversion, e.g. to/from electronic mail, facsimile, voice mail.
• Media type conversion
• User notification
• Store (temporary or persistent) and forwarding.
• Address hiding and translation
• Negotiating terminal capabilities
An external server can be any server within the operator domain or an external, e.g. SMS
server, e-mail server and facsimile server. The MMS Relay is working as a convergence
function to enable integration of these servers into the MMS service environment.
MMS User Databases and HLR
The User Database provides information on how to handle each subscriber individually.
The database provides information about:
• Subscriber information
• Status of the current capabilities of the users terminal
• User available storage space on server
• Rules for handling messages
• Access information
MMS Value Added Service Applications
This is how third 3rd parties offer services via the MMS Relay to the user terminal. 3GPP
does not standardize in any way the services or how they are provided. However, the
VAS Applications behave like a fixed user agent, only with more features available
towards the MMS Server, such as recall of messages.
In order to route the multimedia message to the final destination an addressing scheme is
necessary. MMS supports regular telephone numbers (MSISDN Ð E.164) and e-mail
addressing, but not IP terminal addresses. However, in the future when terminals will
have fixed IP addresses this might change.
Interconnection between MMSEs is based on SMTP over TCP/IP, which implies that
each MMSE is assigned a domain name, e.g. mms.operator.es. A user address would then
be email@example.com. At the moment there exists no standard for translating between
a User Agent telephone number and a MMS domain name for routing between MMSE
domains over the Internet. Until then it is expected that operators cooperate and use some
static lookup tables or equivalent mechanism. It is expected that IETFs ENUM proposal
for mapping between telephone numbers (E.164) and e-mail will be adopted in the near
User profiles have not yet been standardized by 3GPP, but will receive more attention in
later releases. Still User Profiles are heavily referenced in current standards, all though
not part of the required implementation. So any reference made in this thesis regarding
User Profiles is valid for future implementations, but not for the first versions being
rolled out by the operators.
3.4.3. MMS Basic Functionality
MMS is a store and forward service because mobile terminals may be turned of or out of
reach of the network some period of time. The messages are stored in the Message Store
for time depending on operator policy or time limit set by the message sender.
MMS is transported over regular radio channels, while SMS is transported over a GSM
signaling channel. This is because the signaling channel only has limited bandwidth and
the transfer time for a 20-100 Kbytes MM would be unacceptable.
The transportation mechanism chosen for MMS is the Wireless Session Protocol ,
which is a tailor made to unreliable wireless networks. MMS requires minimum
There are several reasons why regular E-Mail is not suitable for viewing multimedia
content on a resource constrained mobile terminal. First of all a MMS presentation is
different from e-mail in which the message content is presented to the user with timing
and advanced layout in some specified order, while e-mail has no such functionality. If an
e-mail contains more than text this information is sent as attachments and the user must
open one by one of the attachments in an arbitrarily order. Further more the common
transport protocol for E-Mail is SMTP, which requires a reliable TCP/IP connection,
which does not exist in the imperfect world of wireless communication, hence the choice
of WSP, which provides adoption to all common mobile networks.
A MM can be sent from e-mail to a terminal via the MMS Relay for converting, but only
in theory because operators do not know how to charge it and will therefore not allow it.
A message can however be sent to e-mail from a MMS client without problems as e-mail
addressing is supported. If the e-mail client support or can start a program that supports
SMIL the MM will be presented as intended, on the other hand if there is no support for
SMIL the MM will be delivered as attachments.
WAP it is not used only for transportation and not for presentation of Multimedia
Messages. This is due to the fact that the WAP presentation layer is a simple text browser
and thus useless for presentation of sound, pictures and video.
The Multipurpose Internet Mail Extensions (MIME)  is used for identification of
media formats so that the client on the terminal can choose the right player for the
content, e.g. a MPEG-4 player. However, even though MIME can identify content, it
cannot be used for composing a multimedia presentation. A multimedia presentation
requires timing of audio, video, pictures and text in order to present the content, as the
sender would like at the receivers terminal.
To achieve such synchronization the Synchronized Multimedia Integration Language
(SMIL)  has been proposed as a suitable tool. SMIL is a XML based language that
allows multimedia presentations to be written using a simple text editor.
3.4.5. MMS Services
In addition to just plain relay of messages between end users and service providers, MMS
is supposed to provide a more rich set of services and functions than we know from SMS.
This will enable operators and service providers to offer a multitude of new services to
the benefit of the end user.
MMS equipment manufactures are not required to implement the majority of
functionality described in the standard, since the standard only requires a minimum
implementation. This has probably been done in order to facilitate the introduction of
MMS by making the equipment not to complex. The rest of the discussion here makes no
difference between required functionality and optional functionality, since required
functionality basically only enables the end user to receive and view the message, it does
not even require the ability to compose and send.
The sender defines several receivers, but only one message is sent to the MMS Relay,
where it is distributed to all recipients.
MMS Service Behavior
When a user submit a message to the MMS Relay for transfer several choices can made
regarding the treatment of the message by the MM Service Environment. Some of the
most important services are hiding the sender/submitter identity for the recipient, receive
notification when the message has been read and/or delivered, set earliest time of delivery
and set time of expiry.
A readÐreply report contains:
• Sender/receiver address
• Message identification for the message which the reply report regards
• If the original message was read or deleted without being read
MMS supports streaming of content to the terminal from the MMS Relay. Before the
streaming take place the MMS Relay delivers a representation report to the User Agent,
which contains all information necessary to initiate streaming.
All communication between MMSEs is based on SMTP and MIME. A MM consisting of
one or more elements is included within a single SMTP mail and identified by
appropriate MIME elements.
The communication between an external server and the MMS Relay is not standardized,
so service providers and operators are free do implement their particular solution.
However, it seems likely that this interworking will be IP, HTTP and SMTP based as
SMTP already is used for message transfer between MMSEs. Both the MMS Relay and
external must support conversion of message formats. For example the MMS Relay may
use the mobile phone number associated with an SMS message in order to map to a
routable e-mail address.
A 3rd party Value Added Service provider is regarded as a User Agent from the MMS
Relay point of view.
Recipient Recipient Originator Originator
MMS Relay MMS terminal MMS terminal MMS Relay
There is message
Read reply report
Read reply report
Figure 19: Multimedia Message signaling and message flow.
4. Application and service development
Mobile telecommunication network operators are not able to provide innovative services
in the same manner as what we see delivered over the Internet/World Wide Web. At the
same time, there are third parties that wish to access and make use of the intelligence
already available in the mobile networks. Such third parties would provide value added
services built on top of generic services provided by the networks, such as billing, end
user authentication, usage recording, roaming and connection control. 3GPP has realized
this problem and has taken several actions to come up with a solution for making mobile
networks more accessible to 3rd parties. These concepts and technologies proposed to
solve these problems are outlined in the remaining of the chapter.
4.1. The Virtual Home Environment (VHE)
The consolidation of the standardization effort for mobile networks forced by the creation
of 3GPP has increased the development of new concepts and technology for GSM and
UMTS networks. In order to respond to the fact that more and more people are
connecting to Internet not only through their personal computer, but also through mobile
phones and PDAs, 3GPP has come up with several new ideas to make access to content
on the Internet ubiquitous of the actual device. The new concepts defined are called the
Virtual Home Environment and the Mobile Execution Platform. Both concepts act like
umbrella technologies, defining some common rules for the technologies accepted in
under the umbrellas as means to realize the goal of ubiquitous access to information on
Today the services available to us depend on the network we use, the terminal and our
location. The goal of the Virtual Home Environment is to improve this by consistently
providing the user with the same personalized features, user interface and services,
independent of location, access network and terminal (within the capabilities of the
terminal and network) .
Services in the VHE will rely on a new concept called User Profiles, unique to the user.
The User Profile contains a collection of all subscriber data, including both Personalized
data, e.g. Mobile Station interface preferences and a User Services Profile.
Service creation in the VHE will not rely on the detailed service engineering as has been
done in GSM with operator specific services and Teleservices, but instead provide
services using the generic toolkits described below to provide horizontal service creation
independent of access networks, terminals and location.
4.2. SIM/USIM Application Toolkit (SAT/USAT)
The Subscriber Identity Module (SIM)  was originally developed to provide
authentication and encryption of the subscriber in a GSM network. The SIM is stored
inside a smart card, which provides a secure and tamper proof environment. As the
storage space on smart card increased, more information like phonebook and preferences
were stored on it.
SAT provides a standardized execution environment for applications stored in the SIM
card. It also provides for applications in the SIM to interact with any Mobile Equipment,
which supports the specified mechanisms, thus ensuring interoperability between the
HPLM operator and ME, independent of the respective operators and manufacturers of
The Universal SIM (USIM) is the next generation of smart cards based on the SIM. The
USIM is a part of the new UMTS standard introduced for UMTS. USAT allows service
provider to move service intelligence from the network to the mobile station, thus saving
radio and network resources, e.g. if call barring is done in the mobile station instead of
SAT/USAT is not directly available to 3rd parties. Deployment of services and
applications are done in close cooperation with the operators.
The introduction of java-compatible SIM cards compliant with the latest GSM 3.19 and
03.48 standards now enables the operators to develop applications once and get them
produced by several manufactures in parallel. Earlier cards had to be produced by only
JavaCard technology enables programs to be written in Java to run in smart cards and
other memory constrained devices.
• The Java Card Virtual machine specification defines a subset of the Java
programming language and a virtual machine specification suitable for smart card
• The Java Card Runtime Environment specification describes the Java Card
runtime behavior. This includes memory management, application management,
security enforcement, and other runtime features.
• The Java Card Application Programming Interface API specification describes the
set of core and extension Java Card packages and classes for programming smart
4.2.3. SAT/USAT relation to VHE
• Portability: The specification of interactions between ME, SIM/USIM and
network make the applications highly portable between networks and Mobile
• Security: the SIM/USIM provides a highly secure environment, which fully
satisfies the requirements of ubiquitous security.
4.3. Customized Applications for Mobile Networks (CAMEL)
CAMEL is a tool for GSM operators that enable them to offer operator specific services
built on top of Teleservices for their subscribers when roaming outside the HPLMN.
CAMEL service specific information and logic is stored in the HLR of the HPLMN and
transferred to the VPLMN to achieve service execution for the roaming subscriber. One
example of CAMEL is calling with prepaid when roaming. CAMEL is widely
implemented, but problems can occur when the VPLMN and HPLMN do not have the
same CAMEL version implemented. CAMEL is not available to 3rd parties.
4.3.1. CAMEL relation to the VHE
CAMEL supports some of the requirements in VHE, but not all . The range of
services is limited and not available for 3rd party services as they are made by
customizing standard Teleservices.
4.4. Java for hand held devices (J2ME) 
The Java 2 platform, Micro Edition or J2ME is Java for embedded devices with
constrained resources. It runs on the terminal and not on the SIM card, even though
modern SIM cards usually feature Java card extensions.
Supporters of J2ME include Ericsson, Nokia, Siemens, Motorola, Palm Computing,
Fujitsu, Samsung, Sony, Sun, Panasonic, NTT, DoCoMo, Symbian, NEC and others.
J2ME uses so called configurations and profiles to customize the Java Runtime
Environment (JRE). In order to be modular and scalable the complete JRE is defined in a
three-layer model built upon the host operating system of the device.
1. Profile Layer: This is the top layer and defines the minimum set of APIs available
on a particular family of devices representing a particular narrow vertical market
segment, e.g. mobile phones. Profiles are implemented "upon" a particular
configuration (see below). Applications are written for a particular profile and are
thus portable to any device that supports that profile. A device can support
2. Configuration Layer. The configuration layer defines the basic run time
environment as a minimum set of Java Virtual Machine features and Java class
libraries available on a particular category of devices. A category represents a
horizontal market segment like resource constrained devices such as mobile
phones and hand held computers.
3. Java Virtual Machine Layer: This layer is an implementation of a Java virtual
machine (VM) that is customized for a particular device's host operating system
and that supports a particular J2ME configuration. A VM can written by anyone
as long as it is compiled to be conformant to a specific configuration.
A profile is a contract between an application and a J2ME vertical market segment, e.g.
mobile phones. It provides a complete toolkit for a particular kind of device, such as a
mobile phone, a washing machine or interactive electronic toy. Thus all the mobile
phones agree to implement all the features defined in the profile and the application
agrees only to use those features defined in the profile. So any application written for a
particular profile will run on any device that supports that profile. This is very useful for
electronic banking since their customers will certainly have access to every imaginable
mobile phone. At the implementation level, a profile is defined simply as a collection of
Java APIs and class libraries that resides on top of a specified configuration, providing
additional domain specific capabilities for devices in a specific narrow market segment.
The Connected Limited Device Configuration (CLDC) is a specification for running Java
on machines with limited memory and slow processors. The CLDC defines requirements
for the virtual machine. The CLDC is aimed at memory-constrained devices with a
memory budget in the range of 128 to 512 Kb. Other configurations can be written for a
broad range (horizontal) of devices that share common hardware specifications.
4.4.3. Java Virtual Machines
The KVM is a virtual machine, which can be compiled to be conformant to the CLDC
specification, but it is not a requirement to use it. Vendors can also write their own VM
and compile it to conform to the CLDC. The K in KVM stands for Kilobyte, referring to
the small memory available.
4.4.4. MIDP - Mobile Information Device Profile
MIDP is the first profile available for mobile phones. A MIDlet is an application written
for the MIDP. The application must extend the MIDlet class to allow the application
management (runtime system) to control the MIDlet, retrieve properties from the
application descriptor, and notify and request state changes.
The MIDlet class provides APIs for invoking, pausing, restarting, and terminating the
The MIDP APIs is logically composed of high-level and low-level API«s. Low-level
functions deal with such as network access and high-level deals with the interface.
The use of high-level API«s enables the use of the application on several different
terminals, but limits the amount of control the developer has over the interface look and
The configuration CLDC 1.0 Specification defines that compliant implementations must
implement at least HTTP/1.1 stream based connections. It may also implement sockets,
datagrams and TCP/IP, but to make the MIDP fully portable it should only use
HTTP/1.1, as it is for the moment the only mandatory protocol.
HTTP/1.1 client connections imply that the server cannot initiate contact with the client,
except by responding to a client request. This of course limits the possible types of
MIDLET, as they would have to poll the server in order to receive e.g. messages from
4.4.5. J2ME relation to VHE
J2ME within the VHE is not intended to be used as a standalone tool, but as a part of the
Mobile Execution Environment (see below).
4.5. Mobile Execution Environment (MExE)
With the increasing diversity among wireless mobile terminals, it is hard to see that all
devices will be able to run the same applications and display the same content. Soon we
will se PDAs with GPRS and WLAN modules and these will probably be more powerful
than the tiny small mobile phones made primarily for voice and WAP. To cater for this
diversity, 3GPP decided to categorize devices by giving them different Mobile Execution
Environment  classmarks and define a common set of rules for each category that
devices must conform to.
The terminals are categorized by MExE classmarks, at the moment there exists three
different classmarks, but more will added as new technologies gain accept.
• MExE class mark 1: Requires support for WAP. The terminals need only have a
simple display and numeric keypad. This device is suitable to provide low volume
content over slow network connections.
• MExE classmark 2: Requires support for J2ME.
• MExE classmark 3: Requires support for tailor made Java for resource
To achieve a generic platform for mobile applications there must exist some common
rules. MExE defines common issues that all technologies that run on the Mobile
Execution platform must conform to, including:
• Capability and content negotiations
• User Profiles
The MExE specification includes both WAP, different flavors of JAVA and work has
also been started to include C-sharp and its runtime environment as well on a later stage.
WAP is included to enable the ability to browse Internet content, download java
applications, send and receive MMS and push content on to the terminal. Two flavors of
Java is included, the JavaPhone API and J2ME. The purpose of Java on the terminal is to
create standalone applications, such as games, but also to bring animation to server-
centric applications. There is some overlap between the two, because a Java program
running on a wireless device can be using WAP network protocols underneath to
communicate with servers on the Internet.
MExE is not the only toolkit available for developing GSM/3G applications. The other
three are CAMEL, SIM/USIM and OSA (see below). CAMEL and SIM/USIM are only
available to network operators and their partners and not available to any 3rd party service
providers. The Open Service Architecture is under development and will offer 3rd party
service providers access to operator network information through APIs.
The standard  does not say anything about the resulting classmark if combining e.g.
WAP and J2ME.
A MExE server is any server capable of serving WAP or Java content to a MExE client.
The server can reside in the operatorÕs network or may be a third party server. A MExE
server will also have additional functionality such as push, QoS, security and billing.
Content negotiation is used to avoid the terminal receives content that cannot be stored,
presented, manipulated or that the user does not want. Available methods today are
HTTP1.1 and WSP from WAP. In the future the goal is to implement Composite
Capability /Preferences Profile (CC/PP) standardized by W3C. CC/PP has been adopted
WAP in their UAProf specification and CC/PP support in MExE is a subset of this
specification, although it could implement more UAProf properties.
These are some of the recommended properties as listed in :
• MExE classmark
• Screen size
• Color capable
• Audio and video input encoders
• Supported bearers
CC/PP is based on RDF is extensible and allows interoperable encoding of metadata in
There are several ways of conveying CC/PP property information, one is of course to
send them from the terminal to the server, but it is also possible for the device to return a
URL pointing to where the server may fetch some or all the properties.
In the classmark 3 device category, the J2ME classmark, there exists another mechanism
as well to convey capability information. The Java Application Descriptor File (JAD),
contains information such as application name, version number, JAR file size and data
storage requirements. The JAR file is a compressed bundle of all the J2ME files in the
application. The JAD file can then be uploaded to the terminal before transferring the
application file, thus assuring that the application downloaded really works on the
4.5.1. User Profiles
The user profile is a collection of the users preferences, such as privacy settings and user
interface personalization for the device. Support of the user profile is for the moment
optional, since the standardization of it is still under development by 3GPP . The user
profile is also part of the Virtual Home Environment.
The user can have more than one user profile and the user can have more than more
profile activated at the same time, but same profile cannot be active on more than one
device at the time.
The user profile must be stored securely on the device, either in the SIM/USIM or on the
mobile station, however the user profile can also be fetched by referencing a URL in the
same way as property and capability information.
MExE defines generic security architecture to prevent damage from unfriendly sources
and applications running on the device. The security architecture defines permissions that
a MExE executable has on the device:
• A framework of permissions an executable has on the device.
• A secure storage of the permissions on the device.
• Ensure that the executable do not violate itÕs permission within the device.
The permission framework is defined as three security and one untrusted domains:
• Operator security domain
• Manufacturer security domain
• Third Party security domain
• Untrusted domain
The MExE device must support all three security domains or none of them. Support of
the untrusted domain is mandatory, even if the three security domains are supported.
Executables access device functionality through APIs, directly or indirectly. However, all
API calls requires explicit permission depending on the domain that the executable
No executable is allowed to:
• Turn on or off device
• Turn on or of radio transmitter and receiver.
• Change time and date.
• Activate a user profile
• Change a user profile
• Access low level SIM/USIM smart card functionality
• Access network security
Network operators are allowed to get IMSI, home network information and to select
network. The remaining categories, such call forwarding, get location information, launch
an application and uninstall a MExE executable are open for all three security domains,
but with some restrictions. For example, a 3rd party executable may only launch, start or
stop other executables that comes together with the running application, i.e. it can not
stop an application belonging to the operator or manufacturer domain.
The untrusted domain executables can perform the following actions if, and only if the
user has downloaded them. Pushed executables are not allowed to run at all on the
Most actions taken by untrusted executables must first granted permission by the user.
There is some difference between different classmarks regarding allowances, but
generally executables must ask for permission before even accessing the user interface.
Writing to files is not allowed under any circumstances by any executable. However,
classmark 2 and 3 executables can access files that belong to them.
Three user permission types have been identified:
• Single action (mandatory)
• Session (optional)
• Blanket (optional)
All prompts for user permission must be accompanied by a user friendly name
identifying the signer of the executable. If the executable is untrusted this must be
indicated to the user. Untrusted executables cannot be granted blanket permission, only
session or single action.
No executable is allowed to access any output / input stream belonging to another
executable, except for classmark 3 executables (J2ME), where several J2ME executables
constitute one program. In particular, no untrusted executable shall be able to eavesdrop
on communication to and from the user interface, proceeding from a trusted executable
, thus avoiding any malicious untrusted executable from stealing PIN codes.
If a user only downloads executables from one trusted source, e.g. Djuice.com in
Norway, then trust will not be a problem if the user regards this portal as trustworthy. The
user will be able to download executables and grant them trusted privileges and not worry
about malicious attacks. However, this being a likely scenario to begin with, experience
has shown us that users are not very loyal and they will probably start to download games
and other executables from different providers. This scenario requires a Public Key
Infrastructure (PKI), otherwise the user will not be able to determine if the executable is
trustworthy or not. In short, to validate the trustworthiness, the device will check that the
executable was signed by a private key, for which the device has the corresponding
public key that the device trust, i.e. that the public key has been signed by some trusted to
authenticate that public keys really belongs to company xyz.
4.5.3. MEXE relation to VHE
The MExE environment is one of the mechanisms intended to support the Virtual Home
Environment. With regard to the VHE requirements, the MExE has some properties that
will facilitate the VHE.
• Continuous service provisioning: Within a Classmark service execution and
behavior will remain the same.
• Security: Within a Classmark the same security environment can be expected.
• Portability: Applications developed for one Classmark is will in principle be
portable if screens can be handled.
• Adaptability: Capability and content negotiation will enable the user to adapt the
service and content to the users Profile, device and network profile.
• User Profile:
5. Application Programming Interfaces
Current telecommunication services are closely connected to the underlying network and
access technology, which makes it difficult to introduce new horizontal services
applicable to more than one network type. The introduction of more and more IP
technology into telecommunications network opens up for a more diverse and rapid
service development as IP runs over practically every type of network.
The trend today is to move away from the mobile network dominated Intelligent Network
(modified Teleservices) way of developing services to a more open environment which
enables 3rd party service providers to gain access to the end user terminal and network
intelligence previously only available to the mobile network operator.
The current trend in the standardization new service environments can be summarized in
general terms as:
• Decoupling of services from access and transport.
• From message based signaling to APIs.
• From vertical to horizontal, e.g. from network specific services to network
Today we have single service networks. A service developed for mobile networks is not
always available over Internet, over the fixed telephone network or visa versa. An
example is operator specific services offered to roaming subscribers via CAMEL. If the
VPLMN has implemented another CAMEL protocol version than the home network, then
service will not be available.
In order to develop services that can be deployed in different networks we need to
decouple the service from access and transport. Such a decoupling enables services to be
developed once and deployed to multiple access technologies.
Using open APIs to access network intelligence will enable access to information that
previously only has been accessible to the operator, such as terminal capabilities and
positioning services supported by general network functionality such as billing, end user
authentication, usage recording, roaming and connection control.
5.1. Open Service Architecture (OSA)  
The Open Service Architecture is standardized by 3GPP and defines an architecture that
enables operators and third party applications to make use of the operators network
functionality through an open standardized API, the Open Service Architecture API.
Positioning and terminal capabilities are examples of functionality that will be accessible
through the OSA API. The Open Service Architecture is network independent and goes
beyond IP and mobile networks.
The OSA API is the result of work done on APIs in several other standardization
organizations over the years, resulting in alignment of work done in 3GPP, Parlay, ETSI,
OMG and JAIN. As an example of this corporation there is now only one Call Control
Group between 3GPP, ETSI and Parlay. The OSA API is mainly an adoption of the work
done on APIs in Parlay.
The use of OSA for service development enables the developer to combine network
capabilities with information previously only available to the service provider. This could
for example be a combination of positioning information from the network and banks
knowledge of the situaion of its ATMs.
Application Application Application Application
OSA API - compiled from IDL OSA API - compiled from IDL
OSA Service Capability Feature (SCFs)/ Interfaces - IDL
Network functionality is offered to the application via a set of network Service
Capabilities Features (SCFs) or interfaces defined in the OSA API. The interfaces are
described in OMGÕs Interface Description Language (IDL) and are open and accessible
to all developers, enabling application development in any language supporting IDL.
The Service Capability Servers (SCSs) that provide the OSA interfaces are functional
entities that can be distributed across on or more physical nodes. Each node again maps
functionality to the underlying telecom specific protocols, such as MAP (Mobile
Application Protocol) and CAMEL, thus hiding the network complexity and at the same
time raising the abstraction layer. The SCSs also protects the core network from intrusion
Applications can be server centric or terminal centric. Terminal centric applications
reside in the mobile station. Such applications are MExE (J2ME and WAP) and SIM
Application Toolkit (SAT) applications. Network centric applications reside on servers
that are outside the core network and make use of service capabilities offered through the
OSA API by the operator. However J2ME applets and WAP clients run on the Mobile
Station and communicate with the server, which again is accessing the network
The Open Service Access consists of three parts :
• Applications: Conferencing and location based applications. These are the
applications offered by third parties and that run on servers outside the PLMN.
• Service capability servers: Providing the applications with service capability
features (SCFs), which are abstractions from the underlying network.
• Framework: Provides controlled access to Service Capabilities. It provides
applications with basic mechanisms that enable them to make use of the service
capabilities in the network via the API, such as authentication, authorization and
discovery of SCFs and framework functions.
5.1.1. Initial Access
Before being able to use the OSA SCFs the application must authenticate itself with the
Framework. In order to do so it needs a reference to the IpInitial interface in the
Framework (IpInitial refers to ÒInterface parlayÓ and not to the Internet protocol). This
reference can be obtained through an URL, a Naming and Trading service, a stringified
object reference or any equivalent method. The IpInitial interface only supports the
initiate Authentication method to allow the authentication method to take place.
Before an application any use of SCFs, the Framework will select an appropriate
encryption technique to ensure authentication, integrity and confidentiality. The selected
cryptographic methods depends on the given situation and level of security necessary.
A lot has happened on the service and application scene within mobile networks only in
the last few months. When I started to work on this thesis there were no information at all
about J2ME, OSA or MMS on any of the major telecommunications equipment
manufacturers web sites. This has all changed recently and everybody is preparing for the
introduction of GPRS and UMTS and the new opportunities this offer for new value
 3GPP TS 23.002 - V4.3.0 Network Architecture
 3GPP TS 45.001 - V4.0.1 Physical Layer on the Radio Path
 3GPP TS 22.002 Ð V4.2.0 Circuit Bearer Service supported by a PLMN
 3GPP TS 24.011 - V4.0.1 Point-to-Point SMS support on Mobile Radio Interface
 3G PP TS 22.003 Ð V.4.2.0 Circuit Teleservices supported by a Public Land
Mobile Network (PLMN)
 3GPP TS 22.004 Ð V4.0.0 General on Supplementary Services
 3GPP TS 23.034 V4.0.0 High Speed Circuit Switched Services (HSCSD)
 3GPP TS 22.060 Ð V4.2.0 General Packet Radio Service (GPRS) General
description: Stage 2
 3GPP TR 50.059 Project scheduling and open issues for EDGE
 3GPP TS 45.004 GSM/EDGE Radio Access Network
 3GPP TS 23.060 Ð V4.0.0 General Packet Radio Service (GPRS) Service
description: Stage 2
 3GPP TS 23.228 V5.1.0 IP Multimedia Subsystem; Stage1
 3GPP TS 22.228 V5.1.1 IP Multimedia Subsystem; Stage1
 RFC 2543 Session Initiate Protocol (SIP)
 RFC 2486 Network Access Identifier
 EURSCOM Project P1110. Date: 2001
 Ericsson paper Ð 3GPP Service Interface. Stephen Terril. Date 2001
 IEEE 802.11 Wireless LAN Medium Access Control (MAC) and Physical (PHY)
 IEEE 802.11a Wireless LAN Medium Access Control (MAC) and Physical Layer
(PHY) specification, 1999
 IEEE 802.11b Wireless LAN Medium Access Control (MAC) and Physical Layer
(PHY) specification, 1999
 3GPP TS 23.040 Ð V4.3.0 Technical Realization of Short Message Service
 3GPP TS 23.140 Ð V4.2.0 Multimedia Messaging Services
 3GPP TS 22.121 V5.1.0 Provision of Services in UMTS Ð The Virtual Home
Environment: Stage 1
 3GPP TS 22.038 Ð V4.1.0 SIM Application Toolkit (SAT); Stage 1
 VESPER VHE requirements. Date: 20/11/2000 http://vesper.intranet.gr/goals.htm
 3GPP TS 23.057 Ð 4.2.0 Mobile Station Execution Application Environment
 3GPP TS22.057 Ð 4.2.0 Mobile Station Execution Application Environment
(MExE); Stage 1
 3GPP TS 22.127 V4.1.0 Service Requirement for Open Service Access
 3GPP TS 22.227 V4.1.0 Service Requirement for Open Service Access
 3GPP TS 29.198-01 Open Service Access API; Part 1: Overview
 3GPP TS 29.198-03 Open Service Access API; Part 1: Framework
 3GPP TS 25.401 Ð V4.1.0 UTRAN Overall Description