Presentation on theme: "IN Intelligent Network Basic IN concept & technology"— Presentation transcript:
1IN Intelligent Network Basic IN concept & technology Some basic IN services
2Intelligent Network (IN) Concept The intelligent network concept: intelligence is taken out of exchanges and placed in computer nodes that are distributed throughout the network.Intelligence => access to various databasesThis provides the network operator with the means to develop and control services more efficiently. New capabilities can be rapidly introduced into the network. Once introduced, services are easily customized to meet individual customer's needs.
3Intelligent Network (IN) Concept Operator implements service logic (IN Service)STPSCPService Control Point(a network element containing the service logic, a database or register)MAP INAP CAPSSPExchangeService Switching Point(enables service triggering in an exchange)ISUP
4IN service subscriber and customer In a typical IN service scenario, the network operator or a 3rd party service provider implements the service for one or several subscribers, after which customers can use the service.Service subscriber = company offering the service (e.g. the 0800 number that anybody can call)Customers = those who use the service (e.g. those who call the 0800 number)Confusion possible:IN service subscriber PSTN subscriber
5Typical call-related IN procedure (1) 3.SCP2.4.SSP1.5.ExchangeExchange1. Call routing proceeds up to Exchange2. Trigger activated in Basic Call State Model at SSP3. SSP requests information from SCP (database)4. SCP provides information5. Call routing continues (routing to next exchange)based on information received from SCP
6Typical call-related IN procedure (2) 3.SCP2.4.SSP1.5.ExchangeExchange2. Trigger activated in Basic Call State Model at SSPTypical triggers:Called number (or part of number)Called user (destination) is busyCalled user does not answer in predefined time
7Typical call-related IN procedure (3) 3.SCP2.4.SSP1.5.ExchangeExchange4. SCP provides informationExample: Number translation in SCPSSP sends 800 number ( )SCP translates into ”real” number whichis used for routing the call( )translation may be based on several variables
8Examples of how SCP can affect call (1) Called numberSCPTime or dateSSPExchangeDestination 1Destination 2SCP decides the destination of the call depending on the calling time or date:=> Destination 1=> Destination 2
9Examples of how SCP can affect call (2) Called number, Calling numberSCPSSPExchangeDestination 1Destination 2SCP decides the destination of the call depending on the location of calling user:Calling user in southern Finland => Destination 1Calling user in northern Finland => Destination 2
10Examples of how SCP can affect call (3) Called numberSCPNetwork loadSSPExchangeDestination 1Destination 2SCP decides the destination of the call depending on the traffic load in the network:Traffic load situation 1 => Destination 1Traffic load situation 2 => Destination 2
11Additional IN features (1) SCPSSPExchangeExchangeIPIntelligent Peripheral (IP) can (a) send announcements to the user (usually: calling user) and (b) receive DTMF digits from the user. IP is not a database; connection to exchange not via SS7, instead via digital TDM channels.
12Additional IN features (2) SCPSSPExchangeExchangeIPTypical applications:1) Whenever services need user interaction2) User authentication
13User interaction in IN service Announcement: “for this .. press 1, for that .. press 2”SCP1.SSP4.ExchangeExchange2.IP3.1. SCP orders IP to select and send announcement2. IP sends announcement to calling user3. User replies by giving DTMF number(s) to IP4. IP sends number information to SCP in a signallingmessage
14User authentication (1) Announcement: “please press your PIN code ...”SCP1.SSP4.ExchangeExchange2.IP3.1. SCP orders IP to select and send announcement2. IP sends announcement to calling user3. User gives authentication code (in DTMF form) to IP4. IP sends authentication code to SCP in a signallingmessage
15User authentication (2) Display message: “please press your PIN code ...”SCP1.SSP3.1.ExchangeIP2.When connected to the network via a digital subscriber line, the calling user can be notified with a digital message (“please press your PIN code ...”) instead of having to use the corresponding voice announcement.
16IN servicesA large number of IN services can be implemented by combining different “building blocks”:Called number translation (at SCP)Routing decision based on calling number, time, date, called user busy, called user alerting timeout, network load ...Announcements (from IP) or user notification (<= ISDN user signalling)DTMF number reception (at IP) and analysis (at SCP)Customised charging (at exchanges)
17IN service examples “Traditional” IN services: - Freephone / customised charging schemes- Virtual Privat Network (VPN)- Number portability- Televoting“IN” in mobile networks:- Mobility management (HLR, VLR = databases)- Security management (Authentication ...)- Additional IN services in mobile networks =>CAMEL (Customised Applications for Mobilenetworks Enhanced Logic)
18Freephone (800) serviceUser calls SSP sends this number to SCP which after number analysis sends back to SSP the real destination address ( ) and call can be routed to the destination. Called party is charged.3.SCP2.4.SSP1.5.ExchangeDestinationCharging: Destination (service subscriber) pays the bill
19Premium rate serviceUser calls SSP sends this number to SCP which after number analysis sends back to SSP the real destination address ( ) and call can be routed to the destination. Calling party is charged.3.SCP2.4.SSP1.5.ExchangeDestinationCharging: Calling user (customer) pays the (usually rather expensive) bill. Both service subscriber and service provider or network operator make profit!
20Virtual private network (VPN) service A VPN provides corporate customers with a private number plan within the PSTN. The customer dials a private (short) number instead of the complete public number in order to contact another user within the VPN. User authentication is usually required.Number translation: 1212 =>SCPSSPCustomised chargingExchangeDestinationIPUser authentication
21Screening of incoming calls This is an example of an IN service related to the call destination end. Alert called user only if calling number is or , otherwise do something else (e.g. reject call or redirect call to another destination).Calling number = or : Accept All other calling numbers: Reject or redirectSCPSSPExchangeCalled userLocal exchange of called user
22Mobile terminated call (MTC) By far the most important "IN service" is mobility management during a mobile terminated call (MTC), which means finding out under which exchange or mobile switching center (MSC) a mobile user is roaming, so that the call can be routed to this exchange. More about this later.2.HLR3.4.5.VLR1.6.7.GMSCServing MSC
23More about IN and IN services… The link provides some examples in Section 10 (AIN Service Creation Examples), for instance:Example of service creation template:
24Public Land Mobile Network (official name for mobile network) PLMNPublic Land Mobile Network (official name for mobile network)Circuit-switched (CS) core network(radio access network is not part ofthis course)Basic concepts and network elementsMobility management in PLMN
25Cellular conceptA cellular network contains a large number of cells with a base station (BS) at the center of each cell to which mobile stations (MS) are connected during a call.If a connected MS (MS in call phase) moves between two cells, the call is not dropped.Instead, the network performs a handover (USA: handoff).BSBSMSBSBS
26Mobility conceptA cellular network is divided into location areas (LA), each containing a certain number of cells.As long as an idle MS (idle = switched on) moves within a location area, it can be reached through paging.Location Area 1Location Area 2If an idle MS moves between two location areas, it cannot be reached before it performs location updating.Location Area 3
27Architecture of a mobile network CS core networkGSM BSSMSCGMSCPSTNVLRHLRMSAuCEIR3G RANInternetPS core network
28Serving MSC CS core network GSM BSS MSC GMSC VLR HLR PSTNVLRHLRThe serving mobile switching center (MSC) is the mobile counterpart to the local exchange in the PSTN.This is the MSC that is currently serving a mobile user.AuCEIR3G RANInternetPS core network
29VLR CS core network GSM BSS MSC GMSC VLR HLR PSTNVLRHLRThe visitor location register stores temporary information on mobile users roaming in a location area under the control of the MSC/VLR.AuCEIR3G RANInternetPS core network
30Gateway MSC CS core network GSM BSS MSC GMSC VLR PSTNVLRThe gateway MSC (located in the home PLMN of a mobile user) is the first contact point in the mobile network when there is an incoming call to the mobile user.HLRAuCEIR3G RANInternetPS core network
31HLR CS core network GSM BSS MSC GMSC VLR HLR PSTNVLRHLRThe home location register stores information on mobile users belonging to this mobile network (e.g. subscription data and present VLR under which the mobile user is roaming).AuCEIR3G RANInternetPS core network
32AuC CS core network GSM BSS MSC GMSC VLR HLR PSTNVLRHLRThe authentication center safely stores authentication keys (Ki) of mobile subscribers belonging to this mobile network.AuCEIR3G RANInternetPS core network
34SIM CS core network GSM BSS MSC GMSC VLR SIM HLR PSTNVLRSIMHLRImportant mobile user information is stored in the subscriber identity module within the handset.AuCEIR3G RANInternetPS core network
35CS core network CS core network GSM BSS MSC GMSC The CS core network architecture is basically the same in 2G (GSM) and 3G mobile networks.In North America, IS-MAP signalling is used instead of GSM-MAP signalling.Europe: GSM core networkN. America: ANSI-41 core networkPSTNVLRHLRAuCEIR3G RANInternetPS core network
36Basic functions in a mobile network Radio Resource Management (RRM)Number refers to following slides in the the slide set1Random access and channel reservationHandover managementCiphering (encryption) over radio interfaceMobility Management (MM)IMSI/GPRS Attach (switch on) and Detach (switch off)Location updating (MS moves to other Location Area)Authentication32Call Control (CC)MOC, MTC4Session Management (SM)PDP ContextLater lecture
37Range of functions RRM CS core network CC GSM BSS or 3G RAN MM SM PS core network
38Random access in a mobile network 1Communication between MS and network is not possible before going through a procedure called random access.Random access must consequently be used in:Network-originated activitypaging, e.g. for a mobile terminated call (MTC)MS-originated activityIMSI attach, IMSI detatchGPRS attach, GPRS detachlocation updatingmobile originated call (MOC)SMS (short message service) message transfer
39Random access in action (GSM) 11. MS sends a short access burst over the Random Access CHannel (RACH) in uplink using Slotted Aloha (in case of collision => retransmission after random time)2. After detecting the access burst, the network returns an ”immediate assignment” message which includes the following information:- allocated physical channel (frequency, time slot) inwhich the assigned signalling channel is located- timing advance (for correct time slot alignment)3. The MS now sends a message on the dedicated signalling channel assigned by the network, indicating the reason for performing random access.
40Multiplexing vs. multiple access In downlink, multiplexing (e.g. TDM)Network decides channel…In uplink, multiple access (e.g. TDMA)Network decides channel also in this caseMultiple access is always associated with random access. MS requests signalling channel, and network decides which channel (e.g. time slot) will be used.
41Security measures in a mobile network 1) PIN code (local authentication of handset=> local security measure, network is not involved)2) Authentication (performed by network)3) Ciphering of information sent over air interface4) Usage of TMSI (instead of IMSI) over air interfaceIMSI = International Mobile Subscriber Identity(globally unique identity)TMSI = Temporary Mobile Subscriber Identity(local and temporary identity)
42Basic principle of authentication 2SIM(in handset)Air interfaceNetwork (algorithm running in AuC)ChallengeRANDRandom numberResponseAlgorithmAlgorithmSRESSAuthentication keyAuthentication keyKiKiSRESAThe same? If yes, authentication is successful
43Where does the algorithm run? 2Algorithm for calculating SRES runs within SIM (user side) and AuC (network side). The authentication key (Ki) is stored safely in SIM and AuC, and remains there during authentication.The two SRES values are compared in the VLR.Air interfaceRANDSIMAuCSRESSSRESAVLRKiKi
44Algorithm considerations 2Using output and one or more inputs, it is in practice not possible to calculate “backwards” other input(s),“brute force approach”, “extensive search”Key length in bits (N) is important (in case of brute force approach 2N calculation attempts may be needed)Strength of algorithm is that it is secret => bad idea!“Security through obscurity”Better: open algorithm can be tested by engineering community (security through strong algorithm)
45Case study: Location updating (1) 3(Most generic scenario, see van Bosse for details)MSCIMSITMSILAI 1SIMVLR 1(in broadcast messages)IMSI LAI 1TMSIHLRMSCIMSILAI 1VLR 2Most recently allocated TMSI and last visited LAI (Location Area ID) are stored in SIM even after switch-off.After switch-on, MS monitors LAI. If stored and monitored LAI values are the same, no location updating is needed.
46(in broadcast messages) Location updating (2)3MSCIMSITMSI(in broadcast messages)SIMVLR 1LAI 2IMSI LAI 1TMSIHLRMSCIMSILAI 1VLR 2MS has moved from a cell belonging to VLR 1 to another cell belonging to VLR 2.MS notices that the LAI values are different => location update is required!
47Location updating (3)3MSCIMSITMSISIMVLR 1LAI 1, TMSIIMSI LAI 1TMSIHLRMSCIMSILAI 1VLR 2No TMSI - IMSI context!SIM sends old LAI (i.e., LAI 1) and TMSI to VLR 2.VLR 2 does not recognize TMSI since there is no TMSI-IMSI context. Who is this user?
48Location updating (4)3Address: LAI 1MSCIMSITMSISIMVLR 1IMSI LAI 1TMSIIMSIHLRMSCIMSILAI 1IMSITMSIVLR 2However, VLR 2 can contact VLR 1 (address: LAI 1) and request IMSI.IMSI is sent to VLR 2. There is now a TMSI-IMSI context.
49Location updating (5)3MSCIMSITMSISIMVLR 1IMSI LAI 1TMSIHLRIMSITMSIMSCIMSILAI 1LAI 2VLR 2LAI 2Important: HLR must be updated (new LAI). If this is not done, incoming calls can not be routed to new MSC/VLR.HLR also requests VLR 1 to remove old user data.
50Location updating (6)3MSCSIMVLR 1IMSI LAI 1TMSILAI 2 TMSIHLRMSCLAI 2TMSIIMSI TMSITMSIIMSILAI 2VLR 2VLR 2 generates new TMSI and sends this to user. User stores new LAI and TMSI safely in SIM.Location updating was successful!
51Trade-off when choosing LA size 3If LA size is very large (e.g. whole mobile network)location updating not needed very oftenpaging load is very heavyIf LA size is very small (e.g. single cell)small paging loadlocation updating must be done very often+High paging channel capacity required+Affects signalling load
52Role of TMSI CC or MM transaction UsesTMSI MS Network Random access AuthenticationIMSI is not sent over air interface if not absolutely necessary!Start cipheringCC or MM transactionIMSI detachNew TMSI allocated by networkNew TMSI stored in SIM
53Mobile network identifiers (1) E.164 numbering formatMSISDN=CCNDCSNGlobally unique numberCC = Country Code (1-3 digits)NDC = National Destination Code (1-3 digits)SN = Subscriber NumberMobile station ISDN (MSISDN) numbers are based on the ITU-T E.164 numbering plan and can therefore be used for routing a circuit-switched call.When the calling (PSTN or PLMN) user dials an MSISDN number, the call is routed to the gateway MSC (GMSC) located in the home network of the called (mobile) user.
54Mobile network identifiers (2) E.164 numbering formatMSRN=CCNDCTNTemporarily allocated numberCC = Country Code (1-3 digits)NDC = National Destination Code (1-3 digits)TN = Temporary NumberMobile station roaming numbers (MSRN) are also based on the ITU-T E.164 numbering plan and can therefore be used for routing a circuit-switched call.The MSRN is selected by the MSC/VLR serving the called (mobile) user, sent to the GMSC, and used for routing the call from the GMSC to the serving MSC.
55Mobile network identifiers (3) E.212 numbering formatIMSI=MCCMNCMSINGlobally unique numberMCC = Mobile Country Code (3 digits)MNC = Mobile Network Code (2 digits)MSIN = Mobile Subscriber Identity Number(10 digits)The international mobile station identity (IMSI) is based on the ITU-T E.212 numbering plan and cannot be used for routing a circuit-switched call (exchanges or switching centers do not understand such numbers).The IMSI is stored in the HLR and SIM of the mobile user.
56Mobile network identifiers (4) E.212 numbering formatLAI=MCCMNCLACGlobally unique numberMCC = Mobile Country Code (3 digits)MNC = Mobile Network Code (2 digits)LAC = Location Area Code (10 digits)The location area identity (LAI) points to a location area belonging to a certain MSC/VLR. This identity must be stored in the HLR so that mobile terminated calls can be routed to the correct serving MSC/VLR.IMEI≈ ”Serial number of handset” (not SIM)
57Case study: Mobile terminated call (1) 4(see van Bosse for details)Using the MSISDN number (dialled by the calling user located in the PSTN or the PLMN of another operator) and standard SS7/ISUP signalling, the call is routed to the GMSC in the home network of the called mobile user.2.HLR3.4.4.VLR1.5.6.GMSCServing MSC
58Mobile terminated call (2) 4The GMSC contacts the HLR of the called mobile user. The SS7/MAP signalling message contains the MSISDN number which points to the mobile user record (containing IMSI, LAI where user is roaming, etc.) in the HLR database.2.HLR3.4.4.VLR1.5.6.GMSCServing MSC
59Mobile terminated call (3) 4Using global title translation (GTT), the HLR translates the IMSI and LAI information into the signalling point code of the serving MSC/VLR.The HLR sends SS7/MAP request “Provide roaming number” (i.e. MSRN) to the VLR.2.HLR3.4.4.VLR1.5.6.GMSCServing MSC
60Mobile terminated call (4) The VLR selects a temporary MSRN. Note that there must be binding between MSRN and IMSI in the VLR.The VLR sends the MSRN to the GMSC (using SS7/MAP signalling).2.HLR3.MSRN IMSI4.4.VLR1.5.6.GMSCServing MSC
61Mobile terminated call (5) 4Using the MSRN number and standard SS7/ISUP signalling, the call is routed to the serving MSC.Although not shown in the figure, there may be intermediate switching centers (serving MSC/VLR may be located at the other end of the world).2.HLR3.4.4.VLR1.5.6.GMSCServing MSC
62Mobile terminated call (6) 4MSC/VLR starts paging within the location area (LA) in which the called mobile user is located, using TMSI for identification. Only the mobile user with the corresponding TMSI responds to the paging via the random access channel (RACH).2.HLR3.MSRN IMSIIMSI TMSI4.4.VLR1.5.6.GMSCServing MSC