Cellular system reference document by Blue Coyote


0. Introduction and revision history
1. TACS - an overview
2. GSM - an overview
3. TACS - detailed info

Vodafone/Cellnet system IDs
4. GSM - detailed info

SMS (Short Message Service) dialups 5. Acknowledgements / greetings

0. Introduction and revision history

This document covers all the topics you see above. It also reflects my state of knowledge of the above topics. So as time passes, more detailed revisions of this document will be released. The filename should be of the format BCCellxxx.TXT/ZIP where xxx is the version number. As I get more info I'll add it to the document, so tell me if there's something that you think needs mentioning.

  1. TACS - an overview

The original system in the UK is called TACS (Total Access Communication System) It occupies the 900MHz frequency band and has an RF channel spacing of 25kHz. The main specifications are:

Frequency range: transmit: 872.0125 to 904.9875MHz

receive: 917.0125 to 949.9875MHz Channel spacing: 25kHz

The base station is known as the mobile switching centre (MSC) or the mobile switching office (MTSO), and it automatically controls and mainatins all cals initiated by, or incoming to, a mobile phone in its cell. The MTSO also switches, bills, and administers telephone traffic. Each MTSO is connected to the PSTN by a local switching office (LSO).

When a mobile is turned on, it searches for both a dedicated control channel and a paging channel in the cell in which the mobile currently is located, and then it goes into its idle state in which it continuosly monitors the paging channel. If at any time, the amplitude of the pagaing signal falls below a set value, the mobile will search for another, stronger paging signal. At all times the mobile is automatically listening for an incoming call. As the mobile moves position it must register its whereabouts witrh the nearest base station so that its locatiuo is updated whenever it moves into another cell.

When a mobile wishes to initiate a call, the wanted telephone number is keyed and this information is sent over the control channel to the base station. If a speech chabnel is free, the MTSO allocates a channel to the mobile and sets up the required connection via the PSTN. Should there be no free channels at that time, the mobile will automatically try again after a random short interval of time. When the call is terminated, the mobile sends an 8kHz tone for 1.8 seconds to the base station to signal end of call before it returns to its idle state.

When there is an incoming call for a mobile, the LSO pages all base stations near the last known location of the wanted mobile by sensing a paging signal on the paging channel of each base station. When the wanted mobile receives the paging signal it automatically accesses the network. The mobile is then allocated a free speech channel by the nearest base station and the mobile tunes to that channel frequency. The base station the transmits a 8kHz tone across the control channel to the mobile to indicate there is an incoming call. When the mobile answers, this tone is turned off, and the connection is set up.

If, during the progress of a call the mobile travels from one cell to another, the received signal level will fall and this reduction in amplitude will start an in-call hand-over. The base station notifies the LSO and this tells all base stations to measure the signal from that mobile, and the call is handed over to the base station with the strongest signal. The phones transceiver is automatically tuned to the new carrier frequency. There are rarely more than one or two hand-overs in a single call. To reduce co-channel interference, adaptive power control is used. This means that the power transmitted by a mobile is controlled by the base station to just above the minimum level required to give an acceptable signal-to-noise ratio.

2. GSM - an overview

The Global System for Mobile communications (GSM) method of operatinn a cellular radio system uses digital techniques for modulation, speech and channel coding and also for timing and TDMA (Time Division Multiple Access) Besides giving a higher quality service, GSM is able to provide up to three times more traffic capacity than the earlier analogue systems. The mobile station may be a car mounted radio telephone, or a hand-held portable phone.

The same frequncy bands 890-915MHz for mobile transmit and 935-960MHz for base station transmit with 200kHz channel spacing have been allocated to GSM by all the countries in the European Union. A time division multiple access (TDMA) technique separates the different telephone conversations in progress between a base station and many mobile telephones in its cell by dividing each frequency channel into eight slots. Each telephone conversation is allocated to one of the time slots, and so eight conversations can be simultaneously transmitted on each channel, eight times as many as with TACS. The basic principle of TDMA is shown by <???> Each channel is allocated a 0.577ms time slot which occurs every 4.615ms. GSM transmissions are transmitted at 270.833 kbit/s.

Speech is transmitted in a digital form, using a modulation method known as Gaussian minimum shift keying (GMSK), and the data signal is encrypted both to provide security and to reduce the error rate. GMSK is a form of FSK in which the carrier frequency deviation is very sccurately controlled. To generate a GMSK waveform, the signal is first passed through a Gaussian filter to sahpe the bits, and then it is applied to a minimum shift keying (MSK) modulator. MSK isa variant of FSK that has a frequency deviation equal to one half of the bit rate.

Two RF channels are provided for each call, one for each direction of transmission, to provide full duplex working. The signal-to-noise ratio

When a mobile requests access to the network, system the mobile must supply its IMSI (International Mobile Subscirber Identity) The network will then check that the caller is authorized to use the network. Whenever the mobile is switched on, and at regular intervals thereafter it will register its location with the system. The local MSC uses the IMSI to interrogate to mobile's home location register and add the data to its local visitor location register (VLR). The VLR then contains the address of the mobile's HLR and the authentication request is routed back through the HLR to the subscriber's authentication centre. (AUC)

Once a mobile has been accepted by the network, it must indicate the kind of service that it requires, for example voice or data, and the wanted telephone number. A telephone channel is then allocated to the call, and the MSC will route the call to its destination.

If, during the progress of a call or while a call is being setbup, the obile should move outside the range of the BST, the call will be handed over to another BST. Hand-over takes place so fast that user is unaware that it has happened. The choice of the new BST may be made by the BSS if the mobile is within the range of another BST under the control of the same BSS. Otherwisem hand-over is cotrolled by the MSC.

When a call is to be set up from the PSTN to the mobile, the mobile is first located by means of a paging signal that covers the area with which the mobile has registered. Each mobile continuously monitors the pagaing channel and, when it detects a call addressed to itself, accepts the incoming call. The basic arrangement of the GSM network is shown in file <XXXXX>

3. TACS - detailed info

System IDs

VodaFone - 'Nobody goes phurther to keep you in touch' -------- - 'The clones are out there'

Prefix MIN ID System

   0374      2345      ETACS
   0378      2343      ETACS
   0831      2344      ETACS
   0836      2340      ETACS
   0589      2347      ETACS

Cellnet - 'The big network for cloned phones' ------- - 'The net where calls are free'

Prefix MIN ID System

   0585      2349      ETACS
   0850      2346      ETACS
   0860      2342      ETACS

4. GSM - detailed info

SMS (Short Message Service) dialups

System Number MaxBPS

Vodafone 0860 980 480 14400 } Require dedicated Orange 0973 100 602 14400 } client software Cellnet 0385 499 999 2400 Use with normal terminal program

5. Acknowledgements / greetings

In general, anyone cool enough for 1066, Beyond Phear, or DockMaster especially the SysOps: AtR0CitY, Kry0, and Eck. Also Darkcyde, Fugitive, and Harl.
And ZoČ

Blue Coyote