`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 1
`
`
`
`p
`
`• 1
`
`GSM and Personal
`Com.m.unications Handbook
`
`Siegmund M. Redl
`Matthias I(.Weber
`Malcolm W. Oliphant
`
`Artech House
`Boston • London
`
`Mobile Communications
`s book.
`
`DEFPRIORART001818
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 2
`
`
`
`Library of Congress Cataloging-in-Publication Data
`Redl, Siegmund M.
`GSM and personal communications handbook I Siegmund Redl,
`Matthias Weber, Malcolm Oliphant
`p.
`cm. -
`(Artech House mobile communications library)
`Includes bibliographical references and index.
`ISBN 0-89006-957-3 (alk. paper)
`1. Global system for mobile communications. 2. Personal
`communication service systems.
`I. Weber, Matthias K.
`II. Oliphant, Malcolm W.
`III. Title.
`IV. Series
`TK5103.483.R44 1998
`621.3845'6-dc21
`
`98-4710
`CIP
`
`British Library Cataloguing in Publica~ion Data
`Redl, Siegmund M.
`GSM and personal communications handbook-(Artech House mobile
`communications library)
`1. Global system for mobile communications
`I. Title
`II. Weber, Matthias K.
`III. Oliphant, Malcolm W.
`621.3'8456
`
`ISBN 0-89006-957-3
`
`Cover and text design by Darrell Judd.
`
`© 1998 ARTECH HOUSE, INC.
`685 Canton Street
`Norwood, MA 02062
`
`All rights reserved. Printed and bound in the United States of America. No part of
`this book may be reproduced or utilized in any form or by any means, electronic or
`mechanical, including photocopying, recording, or by any information storage and
`retrieval system, without permission in writing from the publisher.
`All terms mentioned in this book that are known to be trademarks or service
`marks have been appropriately capitalized. Artech House cannot attest to the accu(cid:173)
`racy of this information. Use of a term in this book should not be regarded as
`affecting the validity of any trademark or service.mark.
`
`International Standard Book Number: 0-89006-957-3
`Library of Congress Catalog Card Number: 98-4710
`
`1098 7 6 543 2 1
`
`Contents
`
`Preface
`
`Ackrtowledgments
`
`Part I GSM in the light
`[!] The changing sce
`1. 1 The digital cel
`
`1.2 Basic market f
`
`1.2.1 Cellular and
`market presence c
`1.2.2 Meeting the
`
`1.3 Aspects on me
`
`1.3.1 Service prOT.
`1.3.2 Fulfillment h
`
`1.4 Phones: shrilli
`grow their features
`
`1.4.1 What's your
`
`DEFPRIORART001819
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 3
`
`
`
`Contents
`
`Preface
`
`Acknowledgments
`
`Part I GSM in the light of today
`[!] The changing scene-again
`1.1 The digital cellular evolution
`
`1.2 Basic market figures and the system standards
`
`1.2.1 Cellular and personal communications services:
`market presence and potential
`1.2.2 Meeting the demands
`
`1.3 Aspects on marketing the product
`
`1.3.1 Service providers
`1.3.2 Fulfillment houses
`
`1.4 Phones: shrink them; drop their price, and
`grow their features
`
`1.4.1 What's your size?
`
`xv
`
`xxi
`
`1
`
`3
`
`4
`6
`
`10
`13
`
`17
`
`18
`20
`
`20
`
`21
`
`v
`
`or
`d
`
`1-
`
`R
`
`DEFPRIORART001820
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 4
`
`
`
`vi
`
`GSM and Personal Communications Handbook
`
`Contents
`
`1.4.2 How long can you stand by?
`1.4.3 Ninety-nine cents?
`1.4.4 What can you do that 1 can't?
`1.4.5 Multiple bands and multiple modes
`
`1.5 What is personal communications?
`
`1.5.1 PCS: defining the requirements
`1.5.2 PCS: the technical solutions to the requirements
`1.5.3 PCS and what system technology?
`1.5.4 Where does it lead?
`1.5.5 GSM and PCS in the Um'ted States: an overview
`References
`
`W From Pan-European mobile telephone to global system
`
`for mobile communications
`
`2.1 GSM:'what it was meant to be and what
`it became
`
`2.1.1 The initial goals of GSM
`2.1.2 The initial results
`2.1.3 First expen'ences
`2.1.4 PCN networks and DCS 1800
`2.1.5 PCS 1900
`2.1.6 UIC
`
`2.2 The role of the GSM MoU
`
`> 2.3 ETSI and the Special Mobile Group
`
`2.4 Standards: the present and the future
`
`2.4.1 GSM Phase 1
`2.4.2 GSM Phase 2
`
`2.4.3 GSM Phase 2+
`
`2.5 GSM type approval issues
`
`2.5.1 The objectiVes
`2.5.2 The authon·ties
`
`21
`22
`23
`23
`
`26
`
`27
`30
`36
`37
`42
`x
`
`51
`
`52
`
`52
`52
`54
`55
`
`59
`
`63
`
`65
`
`67
`69
`
`72
`72
`74
`
`75
`
`77
`78
`
`References
`
`[i] A look over the fe
`3.1 Competition 0
`
`3.1.1 Cellular and
`3.1.2 Cordless aC(
`3.1.3 Wireless in t
`
`3.2 What else is 01
`
`3.2.1 Digital Enha
`3.2.2 Personal Hal
`3.2.3 Personal Ac(
`3.2.4 CDMA (IS-9
`3.2.5 TDMA (lS-l~
`IS-661
`3.2.6
`
`3.3 Noncellular di
`
`3.4
`
`Interference a
`
`References
`
`Part II GSM services a
`[!J The developmen
`4.1 Phase 1
`
`4.1.1 Phase 1 te1e.
`4.1.2 Phase 1 bea
`4.1.3 Phase 1 SUpj
`
`4.2 Phase 2
`
`4.2.1 Phase 2 te1e.
`4.2.2 Phase 2 SUpj
`4.2.3 Phase 2 net~
`
`DEFPRIORART001821
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 5
`
`
`
`Contents
`
`References
`
`W A look over the fence
`
`3.1 Competition or complement?
`
`3.1.1 Cellular and personal communications
`
`3.1.2 Cordless access
`3.1.3 Wireless in the local loop
`
`3.2 What else is out there?
`
`3.2.1 Digital Enhanced Cordless Te1ecommum'cations ,
`
`3.2.2 Personal Hi3.ndy Phone System
`3.2.3 Personal Access Communications System
`3.2.4 CDMA (1S-95)
`3.2.5 TDMA (1S-136)
`3.2.6 1S-661
`
`3.3 Noncellular digital trunking systems
`
`3.4
`
`Interference and health issues
`
`References
`
`Part II GSM services and features
`[i] The development of GSM standards and features
`4.1 Phase 1
`
`4.1.1 Phase 1 te1eservices
`4.1.2 Phase 1 bearer services
`4.1.3 Phase 1 supplementary services
`
`4.2 Phase 2
`
`4.2.1 Phase 2 te1eservices
`4.2.2 Phase 2 supplementary services
`4.2.3 Phase 2 network improvements
`
`vii
`
`x
`
`81
`
`83
`
`83
`84
`85
`
`86
`
`88
`96
`96
`101
`104
`111
`
`117
`
`122
`
`125
`
`127
`
`129
`
`132
`
`132
`132
`133
`
`134
`
`134
`135
`136
`
`DEFPRIORART001822
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 6
`
`
`
`viii
`
`GSM and Personal Communications Handbook
`
`Contents
`
`4.3 Phase 2+
`
`4.3.1 Release 96
`4.3.2 Release 97
`
`4.4 Conclusion
`
`References
`
`W GSM telecommunication services
`
`5.1 Bearer services in GSM
`
`5.2 Te1eservicesin GSM
`
`5.3 Connection types in a GSM PL:rvIJ\T
`
`5.3.1 Lower layer capabilities
`5.3.2 Connections
`
`5.3.3 Attributes between two networks
`
`5.4 Rate adaptation
`
`5.4.1 Error protection
`
`5.4.2 Terminal equipment and mobile tennination
`
`5.5 Radio link protocol
`
`5.5.1 Frame structure
`
`5.5.2 Contro10fRLP
`5.5.3 Error recove!}'
`5.5.4 RLP summa!}'
`
`5.6 Access to different networks
`
`5.6.1 Transmission into the PSTN
`5.6.2 FacsiITJlle transmission
`5.6,3 TransITJlssion into the ISDN
`5.6.4 Transmission into the PSPDN
`5,6.5 Transmission into the CSPDN
`
`5.7 Fax services
`
`5.7.1 End-to-end view via the GSM infrastructure
`
`138
`
`138
`
`143
`
`144
`
`146
`
`147
`
`149
`
`152
`
`152
`
`153
`
`153
`
`155
`
`157
`
`163
`
`164
`
`165
`
`166
`
`167
`
`171
`
`171
`
`172
`
`172
`
`174
`
`175
`
`175
`
`177
`
`178
`
`179
`
`5,7.2 Configurati
`5.7.3 Transparer.
`5.7.4 Nontranspe
`In-call moo
`5,7,5
`
`5,8 Connecting a
`
`5,8,1 App1icaUoI:
`5,8.2 Remote COl
`
`5.9 Future devel<
`
`5.9.1 High-speec
`5,9,2 Genera1pa
`5,9,3 Packet date
`5.9.4 The 14.4-Kl
`5.9,5 Facsimile e
`5.9.6 General bE
`5.9.7 Emergency
`References
`
`W Short message Sl
`
`6.1 Short messac
`
`6,1.1
`
`Imp1ementi
`6.1.2 Alphabet 0.
`6.1,3 Example 01
`6.1.4 Problems tl
`6.1.5 SMSandsu
`6.1.6 Use ofaddi
`6.1.7 The future
`
`6.2 SMS cell broe
`
`6.2.1
`Implement,
`6,2.2 Contents 0;
`6.2.3 Future de VI
`References
`
`DEFPRIORART001823
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 7
`
`
`
`k
`
`3
`
`8
`3
`
`Contents
`
`5.7.2 Configuration at the mobile station
`5.7.3 Transparent fax service
`5.7.4 Nontransparent fax service
`5.7.5
`In-call modification
`
`5.8 Connecting a mobile station to external devices
`
`5.8.1 App1icau'on for short message services
`5.8.2 Remote control of mobile equipment
`
`5.9 Future developments
`
`5.9.1 High-speed circuit-switched data
`5.9.2 General packet radio service
`5.9.3 Packet data on signaling channels
`5.9.4 The 14.4-Kbps user data rate
`5.9.5 Facsimile enhancements
`5.9.6 General bearer services
`5.9.7 Emergency call with additional data transfer
`References
`
`[§J Short message service
`6.1 Short 'message service: point to point
`
`Implementation of point-to-point SMS in the network
`6.1.1
`6.1.2 Alphabet ofSMS
`6.1.3 Example of a SMS-MT message frame
`6.1.4 Problems that can occur while sending short messages
`6.1.5 SMS and supplementary services
`6.1.6 Use of addlHona1 devices for SMS
`6.1.7 The future
`
`6.2 SMS cell broadcast
`
`Imp1ementau'on of CB in the network
`6.2.1
`6.2.2 Contents of a cell broadcast message
`6.2.3 Future developments for cell broadcast
`References
`
`ix
`
`181
`182
`185
`186
`
`187
`
`188
`190
`
`193
`194
`199
`202
`204
`204
`205
`206
`'206
`
`211
`
`212
`
`213
`228
`228
`231
`232
`233
`235
`
`237
`238
`240
`243
`244
`
`DEFPRIORART001824
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 8
`
`
`
`x
`
`GSM and Personal Communications Handbook
`
`Contents
`
`W Supplementary services
`
`7.1
`
`Introduction to supplementary services
`
`7.1.1 Network entJ'u'es
`7.1.2 Password handling
`
`7.2 Call forwarding supplementary service
`
`7.2.1 General behavior of call forwarding services
`7.2.2 Operau'on of call forwarding
`7.2.3 Conflicts for call forwarding
`7.2.4 Who pays for what?
`
`7.3 Call barring supplementary services
`
`7.3.1 Call barring for incoming and outgoing calls
`7.3.2 Applicability of call barring
`7. 3. 3 RestrictJ'ons to call barring
`
`7.4 Line identification supplementary services
`
`7.4.1 Calling line identificau'on
`7.4.2 Connected line identificatJ'on
`
`7.5 Call waiting
`
`7.6 Call holding
`
`7.7 Multiparty communication supplementary service
`
`7.8 Advice of charge supplementary service
`
`7.8.1 Charge advice informau'on
`7.8.2 Advice of charge (informau'on)
`7.8.3 Advice of charge (charging)
`
`7.9 Closed user group supplementary services
`
`7.10 Unstructured supplementary services data
`
`7.11
`
`Implementation of SS in a GSM mobile station
`
`7.11.1
`7.11.2
`
`Imp1ementau'on of non-call-re1ated SS
`Imp1ementau'on of call-related SS
`
`245
`
`246
`
`248
`251
`
`252
`
`253
`255
`259
`260
`
`262
`
`263
`264
`265
`
`266
`
`266
`268
`
`268
`
`271
`
`272
`
`275
`
`276
`277
`, 278
`
`279
`
`281
`
`283
`
`284
`288
`
`7.11.3
`
`Implement
`
`7.12 . Additional in
`
`7.13 FutUre devel
`
`7.13.1 Call deflec
`7.13.2 Cal1forwa;
`7.13.3 Call transfi.
`7.13.4 Call comp.
`7.13.5 Direct sub:
`access restriction
`7.13.6 Malicious (
`7.13.7 Mobile ace
`7.13.8 Support of
`7.13.9 MultJ'p1e SL
`7.13.10 Um'versa1
`7.13.11 Premium
`7.13.12 Charginf;
`7.13.13 User-to-u
`References
`
`[i] The subscriber ic
`8.1 Memory struc
`8.2 Security
`8.3 Phase 1 SIM
`8.4 Phase 2 SIM
`8.5 Phase 2+ SIM
`8.6 The SIM initia
`8.7 Electrical cha
`
`8.7.1 SIMPower,
`8.7.2 SIMmemOl
`8.7.3 SIM architel
`8.8 Outlook for fu
`
`DEFPRIORART001825
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 9
`
`
`
`Contents
`
`7.11.3
`
`Implementation into a menu structure of an MS
`
`7, 12 ,Additional implementations in the mobile phone
`7.13 FutUre developments for Phase 2+
`
`7.13.1 Call deflection
`7.13.2 Call forwarding enhancements
`
`7.13.3 Call transfer
`7.13.4 Call completion services
`7.13.5 Direct subscriber access and direct subscriber
`access restn'ction
`7.13.6 Malicious call identification
`7.13.7 Mobile access hunting
`7.13.8 Support of private numbering plan
`7.13.9 Multiple subscriber profile
`7.13.10 Um'versa1 access to freephone numbers
`
`7.13.11 Premium rate service
`7.13.12 Charging
`7.13.13 User-to-user signaling
`
`References
`
`~ The subscriber identity module
`8.1 Memory structure
`8.2 Security
`8.3 Phase 1 SIM
`8.4 Phase 2 SIM
`8,5 Phase 2+ SIM
`8.6 The SIM initialization process
`8,7 Electrical characteristics of the SIM
`
`~
`
`8.7.1 SIM Power Supply
`8.7.2 SIM memory
`8.7.3 SIM architecture
`8.8 Outlook for future applications
`
`xi
`
`288
`
`289
`290
`291
`291
`291
`292
`
`295
`295
`296
`296
`296
`297
`297
`298
`299
`300
`
`303
`
`305
`306
`309
`310
`323
`332
`333
`
`333
`334
`336
`338
`
`DEFPRIORART001826
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 10
`
`
`
`xii
`
`GSM and Personal Communications Handbook
`
`Contents
`
`8.8.1 NATELsicap by Swisscom
`8.8.2 Prepaid SIM
`
`8.8.3 Future parameters
`References
`
`W New Phase 2+ functions
`
`9.1 SIM application toolkit
`
`9.1.1 Overview of the SIM applicatJ.'on toolkit
`9.1.2 Profile download
`
`9.1.3 Proactive SIM
`
`9.1.4 Data dOwnload to SIM
`
`9.1.5 Apph·catJ.'ons using the SIM applicatJ.'on toolkit
`9.1.6 Conclusion
`
`9.2 Customized applications for mobile network
`enhanced logic (CAMEL)
`
`9.2.1 Functional descnption of CAMEL
`9.2.2 Network architecture
`
`9.2.3 A CAMEL example
`
`9.3 Railway applications
`
`9.3.1 Enhanced mu1Weve1 precedence and preemptJ.'on
`9.3.2 Voice group call service
`
`9.3.3 Voice broadcast service
`Refemces
`
`[!QJ Roaming and call routing
`10.1 Routing in GSM PLMNs
`
`10.1.1 Location registratJ.'on
`
`10.1.2 Routing within a PLMN
`
`10.1.3 Call routing when a mobile station is roaming
`
`10.2 Charging principles
`
`339
`340
`343
`344
`
`345
`
`346
`
`346
`347
`347
`350
`353
`357
`
`357
`358
`359
`360
`
`361
`
`361
`365
`368
`369
`
`371
`
`372
`372
`375
`376
`
`378
`
`10.2.1 National c
`10.2.2 Call chars
`10.2.3 Call forw6
`10.2.4 More eXCE
`
`10.3 Phase 2+: s
`
`10.3.1 Roaming!
`10.3.2 Call forwa
`10.3.3 Call forwa
`
`10.4 Conclusion
`
`References
`
`Part III GSM technolo
`[!lJ Introduction to
`11.1 Breaking G~
`
`11.1.1 Physical aJ.
`
`11.1.2 Physical aJ.
`
`11.2 Transmitters
`
`11.2.1 Transmitte
`
`11.2.2 Receivers
`
`11.3 MS and BTS-
`
`11.4 Baseband si~
`11.5
`. Speech codi
`
`11.5.1 Speech co
`11.8.2 Speech qu
`11.5.3 DTMFand
`11.5.4 GSMfull-n
`11.5.5 GSM half-l
`11.5.6 GSMenha.
`
`DEFPRIORART001827
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 11
`
`
`
`Contents
`
`10.2.1 National call charges
`10.2.2 Call charges when roaming
`10.2.3 Call forwarding
`10.2.4 More exceptions to the rule
`
`10.3 Phase 2+: support of optimal routing (SOR)
`
`10.3.1 Roaming mobl1e subscriber
`10.3.2 Call forwarding to home country
`10.3.3 Call forwarding to visited country
`
`10.4 Conclusion
`
`References
`
`xiii
`
`378
`379
`380
`380
`
`381
`
`382
`382
`384
`
`384
`
`385
`
`Part III GSM technology and implementation
`387
`[l!J Introduction to GSM technology and implementation 389
`11.1 Breaking GSM down
`
`391'
`
`11.1.1 Physical and logical blocks of a GSM mobl1e sta b.-on
`11.1.2 Physical and logical blocks of a GSM base station
`
`11.2 Transmitters and receivers
`
`11.2.1 Transmitters
`11.2.2 Receivers
`
`)
`11.3 MS and BTS-new roads to the ultimate radio
`11.4 Baseband signal processing
`
`11.5
`
`. Speech coding and speech quality in GSM
`
`"
`
`11.5.1 Speech coding tuton'a1
`11.5.2 Speechquality
`.
`11.5.3 DTMFand signaling tones
`11.5.4 GSM full-rate speech coding
`11.5.5 GSM half-rate speech coding
`11.5.6 GSM enhanced full-rate speech coding
`
`391
`396
`
`397
`
`398
`402
`
`410
`
`412
`
`415
`
`415
`422
`423
`424
`424
`425
`
`DEFPRIORART001828
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 12
`
`
`
`xiv
`
`GSM and Personal Communications Ha'ndbook
`
`11.5.7 Complexity comparison FR-HR-EFR
`11.5.8 The future for GSM speech coding
`11.5.9 Speech coding and ...
`
`11.6 Equalizers
`
`11.6.1 The problem-lSI
`11.6.2 General equalizers
`11.6.3 Viterbi equalizer
`
`11.7 Encryption and security in GSM
`
`11.7.1 Algorithms and keys
`11.7.2 Ciphering in GSM
`11.7.3 Regulations
`11.7.4 Secun'ty vs. fraud
`
`11.8 Mixed signals
`
`11.9 Microprocessor control
`
`11. 10 GSM timing
`
`11.11 Components qnd technology
`
`11.12 Guide to the literature
`
`11.12.1 General radio design
`11.12.2 Coding and its mathematics
`11.12.3 Digital radio
`References
`
`Appendix: Coding of the default GSM alphabet
`
`Glossary
`
`About the authors
`
`Index
`
`427
`427
`429
`
`433
`
`435
`441
`444
`
`459
`
`459
`460
`461
`461
`
`462
`
`465
`
`466
`468
`
`470
`
`470
`
`470
`471
`471
`
`475
`
`477
`
`499
`
`501
`
`( - -
`
`Preface
`
`Use of the global systt
`
`spread throughout
`liked. As is true of any n
`and equipment based (
`accommodate its new u:
`ices, improvements, ar:
`offered in the GSM ice c
`works. New terminals j
`their sizes shrink and t1
`pricing and access to a g:
`wider variety of users, m
`ing to a consumer produ(
`Interesting features'
`versation link typical of
`networks. Sophisticated
`connections, ISDN links,
`ed in wireline digital nl
`networks.
`Why have the authc
`(Artech House, 1995) d
`sidering the metamorp1
`remains an evolving Sti
`
`DEFPRIORART001829
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 13
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 14
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 15
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 16
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 17
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 18
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 19
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 20
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 21
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 22
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 23
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 24
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 25
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 26
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 27
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 28
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 29
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 30
`
`
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 31
`
`
`
`303
`
`gency services must be possible at any time
`are that emergency calls to selected emer(cid:173)
`cept for emergency calls. The requirements
`phone cannot receive or originate calls, ex(cid:173)
`ME + SIM = MS. Without a SIM, a mobile
`making the phone a mobile station, hence
`which can be inserted in any phone, thus
`subscriber's identity is confined to the SIM,
`be authorized for a particular subscriber. The
`mobile phone, because the phone's use must
`is not enough merely to identify a particular
`scriber is actually the data stored in the SIM. It
`The real identity of a GSM MS and its sub-
`
`card, or simply a SIM.
`fied for use in a GSM phone is called a SIM
`card as a smart card. A smart card that is speci(cid:173)
`embedded circuits, then we refer to the chip
`microprocessor or micro controller among the
`or more circuits are embedded [1]. If we find a
`plastic credit card-sized devices in which one
`card is a general term that refers to any of the
`ule, is a smart, plastic chip card. A chip
`
`The SIM, or the subscriber identity mod(cid:173)
`
`identity module
`The subscriber
`
`applications
`8.8 Outlook for future
`SIM
`characteristics of the
`8.7 Electrical
`initialization process
`8.6 The SIM
`8.5 Phase 2+ SIM
`8.4 Phase 2 SIM
`8.3 Phase 1 SIM
`8.2 Security
`8.1 Memory structlj.Ye
`
`Contents
`
`CHAPTER
`
`8
`
`Antipolis.
`User-to-User Signaling (UUS); Service Description (Stage I)," ETSI, Sophia
`
`[32] GSM 02.87, "Digital Cellular Telecommunications System (Phase 2+);
`
`Sophia Antipolis.
`Multiple Subscriber Profile (MSP); Service Description (Stage I)," ETSI,
`
`[31] GSM 02.97, "Digital Cellular Telecommunications System (Phase 2+);
`
`ETSI, Sophia Antipolis.
`Support of Private Numbering Plan (SPNP); Service Description (Stage I),"
`
`[30] GSM 02.95, "Digital Cellular Telecommunications System (Phase 2+);
`
`GSM and Personal Communications Handbook
`
`302
`
`DEFPRIORART001863
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 32
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 32
`
`
`
`master file directory there is only one EF containing the identity of the
`Figure 8.2 shows the organization of the SIM's memory. Under the
`
`that supports smart cards.
`use the phone book for applications around a public telephone service
`records and is part of the more general telecom directory. It is possible to
`cards. The phone book is an example of an EF that contains multiple
`directory can be used for other telecom applications in multipurpose
`and contains GSM-specific parameters and records, whereas the telecom
`The GSM directory is dedicated to the exclusive use of GSM networks
`
`where a word is 1 byte, which is 8 bits.
`on its purpose and significance. The record sizes are measured in words,
`consists of a string of variable size, some large and some small, depending
`records. A record is a small unit of information stored on a SIM. A record
`information, such as the phone book, which can hold up to 255 entries or
`is unique for each SIM. One single EF may also contain several records of
`example, could be the international mobile subscriber identity (IMSI), which
`TELECOM directories. One EF can contain only one record, which, for
`tary files (EF), which contain tl:.te actual information for the GSM or
`
`One level in hierarchy below these dedicated files, we find the elemen(cid:173)
`
`2. DFTELECOM contains the more common telecom service features.
`
`1. DFGSM contains specific applications for GSM, DCS 1800, or
`
`PCS 1900;
`
`two types by their content:
`tory), and not as files within those locations. The files are segregated into
`rather misleading. The DF should be regarded more as a location (a direc(cid:173)
`are specified, and it is with these differences that the file term becomes
`different directories that are called dedicated files (DF). Two different DFs
`the master file (MF). Under the MF the memory space is subdivided into
`the hard drive in your computer. The main directory in this structure is
`The SIM's memory is split up into directories in a manner similar to that of
`
`8.1 Memory structure
`
`discussed in more detail because they are different for every SIM
`
`of Schlumberger).
`Figure 8.1 Two different sizes of SIM cards are available (courtesy
`
`DEFPRIORART001864
`
`to security. The operating systems found on the various SIMs are not
`standard features used for accessing the memory and functions related
`with its operating system. There is also some memory and some other
`A SIM is structured similar to a computer. There is a micro controller
`
`each of the phases.
`dures that all of the SIMs support before considering the differences in
`ent of the GSM phases. We first explore the common features and proce(cid:173)
`and Phase 2+. Still, there are some general procedures that are independ(cid:173)
`phases for GSM handsets and infrastructure, namely, Phase I, Phase 2,
`different SIMs are named according to the different implementation
`phases for SIMs that follow and accommodate the enhancements. The
`and more functions and service features are added, there are different
`related functions. Because the GSM standard continues to evolve as more
`on the SIM, including user-specific network information and security(cid:173)
`in Section 8.7.3. Several different pieces of user information are stored
`vided by the mobile equipment (ME). The structure of the SIM is explained
`information. The operating power supply and the clock pulses are pro(cid:173)
`able and programmable read-only memory [EEPROM]) in which to store
`memory for programs (ROM) and some additional memory (electrical eras(cid:173)
`The heart of the SIM card is a micro controller that includes some
`
`out to become a plug-in SIM.
`that the smaller plug-in SIM comes as an ISO type, which can be popped
`shows the two different types of SIM cards. It should be noted, however,
`that cannot otherwise accommodate the larger full size SIM. Figure 8.1
`SIM. The little plug-in SIM is designed for use in small portable phones
`credit card type (ISO) and the smaller type, which is the so-called plug-in
`covered service area. The SIM comes in two different physical sizes: the
`without a SIM, as long as the mobile equipment is functional and within a
`
`305
`
`The subscriber identity module
`
`GSM and Personal Communications Handbook
`
`304
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 33
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 33
`
`
`
`1. The AC computes corresponding pairs of RAND and SRES values, which it provides to the
`
`HLR and VLR.
`
`1. Always means that the function for this field can always be
`
`executed.
`
`following access conditions:
`, tary files. These protection levels are distinguished from each other by the
`procedures for reading, updating, invalidating, and recovering elemen-
`significance and sensitivity. There are different protection levels for the
`access in accordance with different security levels proportional to their
`The information contained in each EF is protected against improper
`
`between the variables, and how ciphering is invoked can be found in [2].
`by the network. Further details on this mechanism, the relationship
`used to perform the ciphering function if, and when, ciphering is enabled
`the authentication procedure. The Kc result is stored in the ME where it is
`ME. The SRES result is transmitted back to the network, which completes
`mand to generate the SRES and the Kc. Both results are returned to the
`equipment, which passes this number to the SIM together with a com(cid:173)
`equipment, and the SIM. The network sends the RAND to the mobile
`procedure and the communications between the network, the mobile
`for itself in the authentication center (AC) 1 [2]. Figure S.3 shows the
`stored on the SIM. The network, of course, keeps a copy of each SIM's Ki
`the SIM. The other input to both algorithms is an internal key (Ki), which is
`station over the radio path. The radio (ME) internally passes the RAND to
`(RAND) that is generated by the net\:V0rk and transmitted to the mobile
`One of the inputs to both algorithms (A3 and AS) is a random value
`common algorithm (A3S) that computes both results at the same time.
`It is also possible, depending on the SIM manufacturer, to have a
`
`• Algorithm AS is used to generate Kc.
`
`• Algorithm A3 is used to generate SRES .
`
`contains two algorithms:
`
`• The ciphering key (Kc) is generated on the SIM.
`
`• The authentication result (SRES) is computed on the SIM.
`
`to the GSM security and authentication system:
`also contains other security parameters, algorithms, and features related
`after switching a GSM phone to its ON condition: "ENTER PIN." The SIM
`user is required to enter the PIN, which is only valid for a particular SIM,
`incorporated in the SIM, is the personal identification number (PIN). The
`The best lmown GSM security feature, which is actually related to and
`
`8.2 Security
`
`stored in a dedicated DCS IS00 directory.
`DCS IS00 operators call on their elementary files in the SIM, which are
`with the different phases of SIMs. The additional features specified by the
`files, which are described in Sections S.4 and S.5, which are concerned
`systems. Organized below these two directories are the actual elementary
`designated (and programmed) to support both the GSM andDCS IS00
`tory can support both the GSM and DCS IS00 systems in SIMs, which are
`directory is used for GSM, DCS IS00, or PCS 1900 SIMs. The same direc(cid:173)
`two directories: the telecom directory and the GSM directory. The GSM
`SIM, which will be discussed in Section S.4. Also under the MF we find
`
`Figure 8.2 Memory structure on a GSM SIM.
`
`EFGSM1 EFGSMn
`
`EFTCn
`
`EFTC1
`
`GSM
`
`Telecom
`
`DEFPRIORART001865
`
`To generate the authentication result and the ciphering key, the SIM
`
`EFMF1
`
`• The SIM has measures to protect its elementary files.
`
`307
`
`subscriber identity module
`
`GSM and Personal Communications H
`
`306
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 34
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 34
`
`
`
`ent phases of the SIM card.
`vides an overview of the various elementary files supported in the differ(cid:173)
`many Phase 1 SIMs remained in service. Table 8.1 (see Section 8.5) pro(cid:173)
`time of this writing, most newly issued SIMs were Phase 2 SIMs, and
`ported in the first GSM mobile phones and early GSM networks. At the
`storing short messages, even though short message service was not sup(cid:173)
`SIMs had space for a phone book and, eventually, some more space for
`SIM only supported the mandatory features related to security. Some
`support the teleservices and some very basic supplementary services. The
`tures (authentication and ciphering). The early mobile phones did well to
`was plain old voice telephony service (POTS) with some basic security fea(cid:173)
`demand for new features. In the beginning, the most important service
`Just as the whole GSM system grew, so did the SIM grow with the
`
`8.3 Phase 1 SIM
`
`but she can still can use the phone.
`PIN2 is blocked, then the user has merely lost access to certain functions,
`not directly related to granting access to the basic telephony service. If
`used for some much more obscure features (e.g., charging services) and is
`to the network, in any phone, except for emergency calls. PIN2 is only
`completely blocked and cannot be used to gain normal authorized access
`user uses up all three chances to guess (remember) PIN1, then the SIM is
`What are the different consequences for blocldng PIN 1 and PIN2? If a
`
`operator for reactivation.
`then the SIM is completely blocked, and has to he brought back to the
`ers who ask for their PUKs. If the PUK is entered incorrectly 10 times,
`unblock the SIM. These operators can collect a service fee from subscrib(cid:173)
`approach of not disclosing the PUK, but offer a dedicated service to
`"welcome kit" or other user documentation. Some operators take the
`unknown to the user even though it is usually included in the subscriber's
`known by the operator and stored on the SIM. But the PUK is, in general,
`enters an eight-digit personal unblocking key (PUK). This key is always
`then the SIM is blocked. The SIM can be unblocked if the user flawlessly
`is-the user must enter a PIN. If the PIN is entered incorrectly three times,
`entitled to use the phone-that the user is, in fact, who she says she
`
`switched on within the coverage area of a network. To prove that she is
`authentication of a user, which occurs whenever a mobile phone is
`A common procedure that happens millions of times every day is the
`
`ering them is indicated later in the chapter (Section 8.5) in Table 8.2.
`the GSM phases, the status for reading, updating, invalidating, and recov(cid:173)
`
`In the following sections on the different EFs as they apply to each of
`
`can never be changed.
`example is the SIM identification, which can always be read but
`5. Never is intended for files that should never be updated. One
`
`the IMSI needs to be updated.
`or set by the network operator. This is, for instance, the case when
`4. Administrative (ADM) is used for actions that can only be changed
`
`dures, for example, for changing some types of information.
`known as PIN2, only has to be entered for access to specific proce(cid:173)
`
`3. Card holder verification 2 (CRV2) information, which is commonly
`
`to disable the prompts for PIN1.
`subsequent sessions. The user has to know the valid PIN 1 in order
`user, which means it will never be requested for verification in
`entire session. The use of PINI (CRVl) can be disabled by the
`turned on. If CRVI is entered once, it will remain valid for an
`known as PINl, is usually requested when the mobile phone is
`2. Card holder veriflcation 1 (CRV1) information, also commonly
`
`SIM, mobile phone, and network.
`Figure 8.3 Procedure of passing RAND, SRES, and Kc through the
`
`GSM Infrastructure
`
`Mobile Equipment
`
`SIM card
`
`DEFPRIORART001866
`
`.I rH~
`
`Telephone
`
`Kc
`
`GSM.J
`
`SRES, Kc.
`
`~
`
`..L RAND
`
`••• •••
`
`A38/
`
`sse
`
`"---
`STS
`
`SRES
`
`RAND
`
`309
`
`The subscriber identity module
`
`GSM and Personal Communications Handbook
`
`308
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 35
`
`Telit Wireless Solutions Inc. and Telit Communications PLC Exh. 1032 p. 35
`
`
`
`! ~
`
`operator has set up some kind of streamlined billing arrangements or
`ferred operators in other countries, which may be those with which the
`country. The network operator usually presets this list with codes for pre(cid:173)
`ing' it does not make sense to list competing operators in the home
`works for an indi