Presentation on theme: "IN Intelligent Network Basic IN concept & technology Some basic IN services."— Presentation transcript:
IN Intelligent Network Basic IN concept & technology Some basic IN services
Intelligent Network (IN) Concept The intelligent network concept: intelligence is taken out of exchanges and placed in computer nodes that are distributed throughout the network. Intelligence => access to various databases This provides the network operator with the means to develop and control services more efficiently. New capabilities can be rapidly introduced into the network. Once introduced, services are easily customized to meet individual customer's needs.
Intelligent Network (IN) Concept Exchange STP SCP SSP Service Control Point (a network element containing the service logic, a database or register) Service Switching Point (enables service triggering in an exchange) MAP INAP CAP ISUP Operator implements service logic (IN Service )
IN service subscriber and customer In a typical IN service scenario, the network operator or a 3rd party service provider implements the service for one or several subscribers, after which customers can use the service. Service subscriber = company offering the service (e.g. the 0800 number that anybody can call) Customers = those who use the service (e.g. those who call the 0800 number) Confusion possible: IN service subscriber PSTN subscriber
Typical call-related IN procedure (1) SSP Exchange SCP Exchange 1. Call routing proceeds up to Exchange 2. Trigger activated in Basic Call State Model at SSP 3. SSP requests information from SCP (database) 4. SCP provides information 5. Call routing continues (routing to next exchange) based on information received from SCP
SSP Exchange SCP Exchange 2. Trigger activated in Basic Call State Model at SSP Typical triggers: Called number (or part of number) Called user (destination) is busy Called user does not answer in predefined time Typical call-related IN procedure (2)
SSP Exchange Exchange Example: Number translation in SCP SSP sends 800 number ( ) SCP translates into ”real” number which is used for routing the call ( ) 4. SCP provides information SCP Typical call-related IN procedure (3) translation may be based on several variables 4.
Destination 1 SCP decides the destination of the call depending on the calling time or date: => Destination => Destination 2 SCP Examples of how SCP can affect call (1) Destination 2 SSP Exchange Called number Time or date
Destination 1 SCP decides the destination of the call depending on the location of calling user: Calling user in southern Finland => Destination 1 Calling user in northern Finland => Destination 2 SCP Examples of how SCP can affect call (2) Destination 2 SSP Exchange Called number, Calling number
Destination 1 SCP decides the destination of the call depending on the traffic load in the network: Traffic load situation 1 => Destination 1 Traffic load situation 2 => Destination 2 SCP Examples of how SCP can affect call (3) Destination 2 SSP Exchange Called number Network load
Intelligent Peripheral (IP) can (a) send announcements to the user (usually: calling user) and (b) receive DTMF digits from the user. IP is not a database; connection to exchange not via SS7, instead via digital TDM channels. SCP Additional IN features (1) SSP Exchange IP
Typical applications: 1) Whenever services need user interaction 2) User authentication SCP Additional IN features (2) SSP Exchange IP
SCP User interaction in IN service SSP Exchange IP SCP orders IP to select and send announcement 2. IP sends announcement to calling user 3. User replies by giving DTMF number(s) to IP 4. IP sends number information to SCP in a signalling message Announcement: “for this.. press 1, for that.. press 2”
SCP User authentication (1) SSP Exchange IP SCP orders IP to select and send announcement 2. IP sends announcement to calling user 3. User gives authentication code (in DTMF form) to IP 4. IP sends authentication code to SCP in a signalling message Announcement: “please press your PIN code...”
SCP User authentication (2) SSP Exchange IP Display message: “please press your PIN code...” When connected to the network via a digital subscriber line, the calling user can be notified with a digital message (“please press your PIN code...”) instead of having to use the corresponding voice announcement. 1.
IN services A large number of IN services can be implemented by combining different “building blocks”: Called number translation (at SCP) Routing decision based on calling number, time, date, called user busy, called user alerting timeout, network load... Announcements (from IP) or user notification (<= ISDN user signalling) DTMF number reception (at IP) and analysis (at SCP) Customised charging (at exchanges)
IN service examples “Traditional” IN services: - Freephone / customised charging schemes - Virtual Privat Network (VPN) - Number portability - Televoting “IN” in mobile networks: - Mobility management (HLR, VLR = databases) - Security management (Authentication...) - Additional IN services in mobile networks => CAMEL (Customised Applications for Mobile networks Enhanced Logic )
Freephone (800) service User calls SSP sends this number to SCP which after number analysis sends back to SSP the real destination address ( ) and call can be routed to the destination. Called party is charged. SSP Exchange SCP Destination Charging: Destination (service subscriber) pays the bill
Premium rate service User calls SSP sends this number to SCP which after number analysis sends back to SSP the real destination address ( ) and call can be routed to the destination. Calling party is charged. SSP Exchange SCP Destination Charging: Calling user (customer) pays the (usually rather expensive) bill. Both service subscriber and service provider or network operator make profit!
Virtual private network (VPN) service A VPN provides corporate customers with a private number plan within the PSTN. The customer dials a private (short) number instead of the complete public number in order to contact another user within the VPN. User authentication is usually required. SSP Exchange SCP Destination IP User authentication Number translation: 1212 => Customised charging
Screening of incoming calls This is an example of an IN service related to the call destination end. Alert called user only if calling number is or , otherwise do something else (e.g. reject call or redirect call to another destination). SSP Exchange SCP Called user Calling number = or : Accept All other calling numbers: Reject or redirect Local exchange of called user
VLR Mobile terminated call (MTC) By far the most important "IN service" is mobility management during a mobile terminated call (MTC), which means finding out under which exchange or mobile switching center (MSC) a mobile user is roaming, so that the call can be routed to this exchange. More about this later. GMSC HLR Serving MSC
More about IN and IN services… The link provides some examples in Section 10 (AIN Service Creation Examples), for instance: Example of service creation template:
PLMN Public Land Mobile Network (official name for mobile network) Circuit-switched (CS) core network (radio access network is not part of this course) Basic concepts and network elements Mobility management in PLMN
Cellular concept A cellular network contains a large number of cells with a base station (BS) at the center of each cell to which mobile stations (MS) are connected during a call. BS MS If a connected MS (MS in call phase) moves between two cells, the call is not dropped. Instead, the network performs a handover (USA: handoff).
Mobility concept A cellular network is divided into location areas (LA), each containing a certain number of cells. As long as an idle MS (idle = switched on) moves within a location area, it can be reached through paging. If an idle MS moves between two location areas, it cannot be reached before it performs location updating. Location Area 1 Location Area 3 Location Area 2
Architecture of a mobile network GSM BSS 3G RAN PS core network CS core network GMSC MSC VLR HLR AuC EIR PSTN Internet MS
Serving MSC GSM BSS 3G RAN PS core network CS core network GMSC MSC VLR HLR AuC EIR PSTN Internet The serving mobile switching center (MSC) is the mobile counterpart to the local exchange in the PSTN. This is the MSC that is currently serving a mobile user.
VLR GSM BSS 3G RAN PS core network CS core network GMSC HLR AuC EIR PSTN Internet The visitor location register stores temporary information on mobile users roaming in a location area under the control of the MSC/VLR. MSC VLR
Gateway MSC GSM BSS 3G RAN PS core network CS core network GMSC HLR AuC EIR PSTN Internet MSC VLR The gateway MSC (located in the home PLMN of a mobile user) is the first contact point in the mobile network when there is an incoming call to the mobile user.
HLR GSM BSS 3G RAN PS core network CS core network GMSC HLR AuC EIR PSTN Internet The home location register stores information on mobile users belonging to this mobile network (e.g. subscription data and present VLR under which the mobile user is roaming). MSC VLR
AuC GSM BSS 3G RAN PS core network CS core network GMSC HLR AuC EIR PSTN Internet The authentication center safely stores authentication keys (Ki) of mobile subscribers belonging to this mobile network. MSC VLR
EIR GSM BSS 3G RAN PS core network CS core network GMSC HLR AuC EIR PSTN Internet The equipment identity register stores information on stolen handsets (not stolen SIMs). MSC VLR
SIM GSM BSS 3G RAN PS core network CS core network GMSC HLR AuC EIR PSTN Internet Important mobile user information is stored in the subscriber identity module within the handset. MSC VLR SIM
CS core network GSM BSS 3G RAN PS core network CS core network GMSC HLR AuC EIR PSTN Internet MSC VLR The CS core network architecture is basically the same in 2G (GSM) and 3G mobile networks. In North America, IS-MAP signalling is used instead of GSM-MAP signalling. Europe: GSM core network N. America: ANSI-41 core network
Basic functions in a mobile network Session Management (SM) Call Control (CC) Mobility Management (MM) Radio Resource Management (RRM) MOC, MTC PDP Context Random access and channel reservation Handover management Ciphering (encryption) over radio interface IMSI/GPRS Attach (switch on) and Detach (switch off) Location updating (MS moves to other Location Area) Authentication Number refers to following slides in the the slide set Later lecture
Range of functions GSM BSS or 3G RAN PS core network CS core network RRM MM CC SM
Random access in a mobile network Communication between MS and network is not possible before going through a procedure called random access. Random access must consequently be used in: Network-originated activity paging, e.g. for a mobile terminated call (MTC) MS-originated activity IMSI attach, IMSI detatch GPRS attach, GPRS detach location updating mobile originated call (MOC) SMS (short message service) message transfer 1
Random access in action (GSM) 1. MS sends a short access burst over the Random Access CHannel (RACH) in uplink using Slotted Aloha (in case of collision => retransmission after random time) 2. After detecting the access burst, the network returns an ”immediate assignment” message which includes the following information: - allocated physical channel (frequency, time slot) in which the assigned signalling channel is located - timing advance (for correct time slot alignment) 3. The MS now sends a message on the dedicated signalling channel assigned by the network, indicating the reason for performing random access. 1
Multiplexing vs. multiple access In downlink, multiplexing (e.g. TDM) In uplink, multiple access (e.g. TDMA) Multiple access is always associated with random access. MS requests signalling channel, and network decides which channel (e.g. time slot) will be used. Network decides channel… Network decides channel also in this case
1) PIN code (local authentication of handset => local security measure, network is not involved) 2) Authentication (performed by network) 3) Ciphering of information sent over air interface 4) Usage of TMSI (instead of IMSI) over air interface IMSI = International Mobile Subscriber Identity (globally unique identity) TMSI = Temporary Mobile Subscriber Identity (local and temporary identity) Security measures in a mobile network
Algorithm The same? If yes, authentication is successful SIM (in handset) Air interface Network (algorithm running in AuC) Random numberChallenge Response Authentication key RAND SRES S Ki Basic principle of authentication 2 SRES A
Algorithm for calculating SRES runs within SIM (user side) and AuC (network side). The authentication key (Ki) is stored safely in SIM and AuC, and remains there during authentication. The two SRES values are compared in the VLR. Where does the algorithm run? 2 AuC SIM VLR Air interface SRES S SRES A RAND Ki
Using output and one or more inputs, it is in practice not possible to calculate “backwards” other input(s), “brute force approach”, “extensive search” Key length in bits (N) is important (in case of brute force approach 2 N calculation attempts may be needed) Strength of algorithm is that it is secret => bad idea! “Security through obscurity” Better: open algorithm can be tested by engineering community (security through strong algorithm) Algorithm considerations 2
HLR MSC VLR 1 Most recently allocated TMSI and last visited LAI (Location Area ID) are stored in SIM even after switch-off. After switch-on, MS monitors LAI. If stored and monitored LAI values are the same, no location updating is needed. (Most generic scenario, see van Bosse for details) MSC VLR 2 IMSI LAI 1 TMSI LAI 1 IMSI LAI 1 3 (in broadcast messages) Case study: Location updating (1) SIM IMSI TMSI
SIM MSC VLR 1 MS has moved from a cell belonging to VLR 1 to another cell belonging to VLR 2. MS notices that the LAI values are different => location update is required! MSC VLR 2 LAI 2 HLR (in broadcast messages) 3 Location updating (2) IMSI LAI 1 IMSI TMSI IMSI LAI 1 TMSI
SIM MSC VLR 1 MSC VLR 2 HLR 3 Location updating (3) IMSI LAI 1 SIM sends old LAI (i.e., LAI 1) and TMSI to VLR 2. VLR 2 does not recognize TMSI since there is no TMSI- IMSI context. Who is this user? LAI 1, TMSI No TMSI - IMSI context! IMSI TMSI IMSI LAI 1 TMSI
SIM MSC VLR 1 MSC VLR 2 HLR 3 Location updating (4) IMSI LAI 1 However, VLR 2 can contact VLR 1 (address: LAI 1) and request IMSI. IMSI is sent to VLR 2. There is now a TMSI-IMSI context. IMSI Address: LAI 1 IMSI TMSI IMSI TMSI IMSI LAI 1 TMSI
SIM MSC VLR 1 MSC VLR 2 HLR 3 Location updating (5) IMSI TMSI Important: HLR must be updated (new LAI). If this is not done, incoming calls can not be routed to new MSC/VLR. HLR also requests VLR 1 to remove old user data. IMSI TMSI IMSI LAI 1 LAI 2 IMSI LAI 1 TMSI
SIM MSC VLR 1 MSC VLR 2 HLR 3 Location updating (6) IMSI LAI 2 VLR 2 generates new TMSI and sends this to user. User stores new LAI and TMSI safely in SIM. Location updating was successful! IMSI LAI 1 TMSI LAI 2 TMSI LAI 2 TMSI IMSI TMSI TMSI
Trade-off when choosing LA size Affects signalling load If LA size is very large (e.g. whole mobile network) location updating not needed very often paging load is very heavy If LA size is very small (e.g. single cell) small paging load location updating must be done very often High paging channel capacity required + + 3
Role of TMSI MS Network Random access Authentication Start ciphering IMSI detachNew TMSI allocated by network New TMSI stored in SIM CC or MM transaction Uses TMSI IMSI is not sent over air interface if not absolutely necessary!
Mobile network identifiers (1) SN CC MSISDN CC = Country Code (1-3 digits) NDC = National Destination Code (1-3 digits) SN = Subscriber Number NDC = Globally unique number E.164 numbering format Mobile station ISDN (MSISDN) numbers are based on the ITU-T E.164 numbering plan and can therefore be used for routing a circuit-switched call. When the calling (PSTN or PLMN) user dials an MSISDN number, the call is routed to the gateway MSC (GMSC) located in the home network of the called (mobile) user.
Mobile network identifiers (2) TN CC MSRN CC = Country Code (1-3 digits) NDC = National Destination Code (1-3 digits) TN = Temporary Number NDC = Temporarily allocated number E.164 numbering format Mobile station roaming numbers (MSRN) are also based on the ITU-T E.164 numbering plan and can therefore be used for routing a circuit-switched call. The MSRN is selected by the MSC/VLR serving the called (mobile) user, sent to the GMSC, and used for routing the call from the GMSC to the serving MSC.
Mobile network identifiers (3) MSIN MCC IMSI MCC = Mobile Country Code (3 digits) MNC = Mobile Network Code (2 digits) MSIN = Mobile Subscriber Identity Number (10 digits) MNC = E.212 numbering format The international mobile station identity (IMSI) is based on the ITU-T E.212 numbering plan and cannot be used for routing a circuit-switched call (exchanges or switching centers do not understand such numbers). The IMSI is stored in the HLR and SIM of the mobile user. Globally unique number
Mobile network identifiers (4) LAC MCC LAI MCC = Mobile Country Code (3 digits) MNC = Mobile Network Code (2 digits) LAC = Location Area Code (10 digits) MNC = E.212 numbering format The location area identity (LAI) points to a location area belonging to a certain MSC/VLR. This identity must be stored in the HLR so that mobile terminated calls can be routed to the correct serving MSC/VLR. Globally unique number IMEI ≈ ”Serial number of handset” (not SIM)
4 Case study: Mobile terminated call (1) VLR 1.Using the MSISDN number (dialled by the calling user located in the PSTN or the PLMN of another operator) and standard SS7/ISUP signalling, the call is routed to the GMSC in the home network of the called mobile user. GMSC HLR Serving MSC (see van Bosse for details)
4 Mobile terminated call (2) VLR GMSC HLR Serving MSC The GMSC contacts the HLR of the called mobile user. The SS7/MAP signalling message contains the MSISDN number which points to the mobile user record (containing IMSI, LAI where user is roaming, etc.) in the HLR database.
4 Mobile terminated call (3) VLR GMSC HLR Serving MSC Using global title translation (GTT), the HLR translates the IMSI and LAI information into the signalling point code of the serving MSC/VLR. The HLR sends SS7/MAP request “Provide roaming number” (i.e. MSRN) to the VLR.
4 Mobile terminated call (4) VLR GMSC HLR Serving MSC The VLR selects a temporary MSRN. Note that there must be binding between MSRN and IMSI in the VLR. The VLR sends the MSRN to the GMSC (using SS7/MAP signalling). MSRN IMSI
4 Mobile terminated call (5) VLR GMSC HLR Serving MSC Using the MSRN number and standard SS7/ISUP signalling, the call is routed to the serving MSC. Although not shown in the figure, there may be intermediate switching centers (serving MSC/VLR may be located at the other end of the world).
4 Mobile terminated call (6) VLR GMSC HLR Serving MSC MSC/VLR starts paging within the location area (LA) in which the called mobile user is located, using TMSI for identification. Only the mobile user with the corresponding TMSI responds to the paging via the random access channel (RACH). MSRN IMSI IMSI TMSI