, Telecom Tigers: Location Update Procedure

Wednesday, December 16, 2009

Location Update Procedure

                 In order to make a mobile terminated call, The GSM network should know the location of the MS (Mobile Station), despite of its movement. For this purpose the MS periodically reports its location to the network using the Location Update procedure.

Location Area (LA)
                A GSM network is divided into cells. A group of cells is considered a location area. A mobile phone in motion keeps the network informed about changes in the location area. If the mobile moves from a cell in one location area to a cell in another location area, the mobile phone should perform a location area update to inform the network about the exact location of the mobile phone.

The  Location Update procedure is performed:
  • When the MS has been switched off and wants to become active, or
  • When it is active but not involved in a call, and it moves from one location area to another, or
  • After a regular time interval.
                     
Location registration takes place when a mobile station is turned on. This is also known as IMSI Attach because as soon as the mobile station is switched on it informs the Visitor Location Register (VLR) that it is now back in service and is able to receive calls. As a result of a successful registration, the network sends the mobile station two numbers that are stored in the SIM (Subscriber Identity Module) card of the mobile station.

These two numbers are :-
  1. Location Area Identity (LAI) 
  2. Temporary Mobile Subscriber Identity (TMSI). 
The network, via the control channels of the air interface, sends the LAI. The TMSI is used for security purposes, so that the IMSI of a subscriber does not have to be transmitted over the air interface. The TMSI is a temporary identity, which regularly gets changed.
  • A Location Area Identity (LAI) is a globally unique number.
  • A Location Area Code (LAC) is only unique in a particular network.
Every time the mobile receives data through the control channels, it reads the LAI and compares it with the LAI stored in its SIM card. A generic location update is performed if they are different. The mobile starts a Location Update process by accessing the MSC/VLR that sent the location data.
A channel request message is sent that contains the subscriber identity (i.e. IMSI/TMSI) and the LAI stored in the SIM card. When the target MSC/VLR receives the request, it reads the old LAI which identifies
the MSC/VLR that has served the mobile phone up to this point. A signalling connection is established between the two MSC/VLRs and the subscriber’s IMSI is transferred from the old MSC to the new MSC. Using this IMSI, the new MSC requests the subscriber data from the HLR and then updates the VLR and HLR after successful authentication.


Periodic location update is carried out when the network does not receive any location update request from the mobile in a specified time. Such a situation is created when a mobile is switched on but no traffic is carried, in which case the mobile is only reading and measuring the information sent by the network. If the subscriber is moving within a single location area, there is no need to send a location update request.
A timer controls the periodic updates and the operator of the VLR sets the timer value. The network broadcasts this timer value so that a mobile station knows the periodic location update timer values.
Therefore, when the set time is up, the mobile station initiates a registration process by sending a location update request signal. The VLR receives the request and confirms the registration of the mobile in
the same location area. If the mobile station does not follow this procedure, it could be that the batteries of the mobile are exhausted or the subscriber is in an area where there is no network coverage. In such
a case, the VLR changes the location data of the mobile station to “unknown”.


The Location Update process consists of the following phases
  • Request for service; the MS detects that it has entered a new Location Area and requests to update its location. The new MSC/VLR identifies the MS.
  • Authentication - The new MSC/VLR requests to the AUC for authentication parameters (SRES, Kc, RAND). Using these parameters the MS is authenticated.
  • Ciphering - Using the parameters which were made available earlier during the authentication the uplink and the downlink are ciphered.
  • Update HLR/VLR - The new MSC/VLR requests to update the MS location in the HLR. The MS is de-registered in the old VLR.
  • TMSI re-allocation - The MS is assigned a new TMSI.

  1. The MS detects that it has entered a new Location Area and transmits a Channel Request message over the Random Access Channel (RACH).
  2. Once the BSS receives the Channel Request message, it allocates a Stand-alone Dedicated Control Channel (SDCCH) and forwards this channel assignment information to the MS over the Access Grant Channel (AGCH). It is over the SDCCH that the MS will communicate with the BSS and MSC.
  3. The MS transmits a location update request message to the BSS over the SDCCH. Included in this message are the MS Temporary Mobile Subscriber Identity (TMSI) and the old Location Area Identification (oldLAI). The MS can identify itself either with its IMSI or TMSI. The BSS forwards the location update request message to the MSC.
  4. The VLR analyzes the LAI supplied in the message and determines that the TMSI received is associated with a different VLR (old VLR). In order to proceed with the registration, the IMSI of the MS must be determined. The new VLR derives the identity of the old VLR by using the received LAI, supplied in the location update request message. It also requests the old VLR to supply the IMSI for a particular TMSI.
  5. The new VLR sends a request to the HLR/AUC (Authentication Center) requesting the “authentication triplets” (RAND, SRES, and Kc) available for the specified IMSI.
  6. The AUC, using the IMSI, extracts the subscriber's authentication key (Ki). The AUC then generates a random number (RAND), applies the Ki and RAND to both the authentication algorithm (A3) and the cipher key generation algorithm (A8) to produce an authentication Signed Response (SRES) and a Cipher Key (Kc). The AUC then returns to the new VLR an authentication triplet: RAND, SRES, and Kc.
  7. The MSC/VLR keeps the two parameters Kc and SRES for later use and then sends a message to the MS. The MS reads its Authentication key (Ki) from the SIM, applies the received random number (RAND) and Ki to both its Authentication Algorithm (A3) and Cipher key generation Algorithm (A8) to produce an authentication Signed Response (SRES) and Cipher Key (Kc). The MS saves Kc for later, and will use Kc when it receives command to cipher the channel.  
  8. The MS returns the generated SRES to the MSC/VLR. The VLR compares the SRES returned from the MS with the expected SRES received earlier from the AUC. If equal, the mobile passes authentication. If unequal, all signaling activities will be aborted.
  9. The new MSC/VLR requests the BSS to cipher the radio channel. Included in this message is the Cipher Key (Kc), which was made available earlier during the authentication.
  10. The BSS retrieves the cipher key, Kc, from the message and then transmits a request to the MS requesting it to begin ciphering the uplink channel.
  11. The MS uses the cipher key generated previously when it was authenticated to cipher the uplink channel, and transmits a confirmation over the ciphered channel to the BSS.
  12. The BSS upon ciphering the downlink channel sends a cipher complete message to the MSC. At this point, we are ready to inform the HLR that the MS is under control of a new VLR and that the MS can be de-registered from the old VLR.
  13. The new VLR sends a message to the HLR informing it that the given IMSI has changed locations and can be reached by routing all incoming calls to the VLR address included in the message.
  14. The HLR requests the old VLR to remove the subscriber record associated with the given IMSI. The request is acknowledged.
  15. The HLR updates the new VLR with subscriber data (mobiles subscriber’s customer profile).
  16. The MSC forwards the location update accept message to the MS. This message includes the new TMSI.
  17. The MS retrieves the new TMSI value from the message and updates its SIM with this new value. The mobile sends then an update complete message back to the MSC.
  18. The MSC requests from the BSS that the signaling connection be released between the MSC and the MS.
  19. The MSC releases its portion of the signaling connection when it receives the clear complete message from the BSS.
  20. The BSS sends a "radio resource" channel release message to the MS and then frees up the Stand-alone Dedicated Control Channel (SDCCH) that was allocated previously. The BSS then informs the MSC that the signaling connections has been cleared.

More Information from Readers are Expected !!!

Thanks
telecomtigers@gmail.com
http://homepageforu.webs.com/

    38 comments:

    1. Perfect and all the process are clearly mentioned....tnx mate :) Expect more informations regarding security issues of GSM and 3G from u tigers....Gud luck.

      ReplyDelete
    2. It is written: "The MS reads its Authentication key (Ki) from the SIM".
      In reality the Ki shall never leave the SIM and is thus not "read from the SIM". The cryptographic algorithm is executed internally on the SIM and only the result returned to the phone.

      ReplyDelete
    3. @Anonymous: Thanks for correcting us... you are absolutely correct....Ki never leaves SIM.

      ReplyDelete
    4. What if the mobile is in idle mode?
      How can we identify a mobile station in idle mode?
      If the mobile communicates with the BTS frequently during idle mode, what will be the minimum time period?
      Please send me a reply for these questions to josefmathew004@gmail.com
      Thanks & Regards:- Joseph Mathew

      ReplyDelete
    5. Dear Josef,

      Sorry for late response ....

      Answers to all your question revolves around term "Periodic Location Update".
      Periodic location update is procedure through which MSC comes to know whether mobile is active or not.

      What if the mobile is in idle mode?
      In idle mode there is Periodic Location update timers that keeps ticking in Mobile station.
      This timer is BTS specific and can be set according to network requirement and planning. Timer value is set and BTS and broad casted to all mobile stations under coverage of BTS.
      On expiry of this timer Mobile station has to do mandatory Locupd this Locupd is called Periodic Location update.
      One can see "type of location update" bit in trace.
      0--> Signifies Normal Location Update
      1--> Periodic Location update

      How can we identify a mobile station in idle mode?
      In idle mode MS only keeps listening to PGCH channel to responds in case it finds his own IMSI or TMSI

      If the mobile communicates with the BTS frequently during idle mode, what will be the minimum time period?
      Minimum time period for communication with BTS in idle mode will be "periodic location update timer".

      Feel free to revert for further Queries...........

      ChEEEErS!!!!
      Telecom TigerS

      ReplyDelete
    6. can you please explain me the procedure of update location during a call?? will there be any update in the hlr or the call will be forwarded from vlr-1 to vlr-2?? ( vlr-1 : previous vlr where the call was initiated & vlr-2 : present vlr)

      ReplyDelete
    7. Dear Anonymous,
      There is no information shared with HLR during call when subscriber moves form one VLR to another VLR.
      Normal location update will initiate as soon as call is ended in VLR2 and new VLR will be updated in HLR after that.

      ReplyDelete
    8. Thanks for your quick reply. can you please tell me the use of FACCH in the radio channel. I heard that FACCH will take care of fast handoff during call by replacing speech data with signaling data. so if no location update happens during a call then what is the use of FACCH??

      ReplyDelete
    9. Dear,
      FACCH is not designed to carry location related messages like "location update request", "Authentication request" etc.
      It can only carry "Handover" and "Power" related Messages like "Imsi detach" & "Ho performed" etc during the call.

      ReplyDelete
    10. Thanks for ur answer. i want to ask you one more question. if there is no UL happening during a call, the hlr will not be updated about the new vlr right?? so the first vlr where the call was initiated will remember the address of the new vlr and diverts the signaling to it for maintaining the session and to send SMS etc., right??

      ReplyDelete
    11. Dear,
      Sorry for late response...
      you are correct HLR will not be updated in handover case.
      Old VLR wont divert any signaling to new VLR.
      Regarding SMS they will be only delivered after fresh UL in new VLR.

      ReplyDelete
    12. During the Periodic Location Update any signaling traffic is initiated towards the HLR or not..?


      And also what is the advantage of using the IMEISV (IMEI Software Version) during the periodic location update.

      ReplyDelete
    13. Hi Rahul,

      In Location Update, signaling traffic will only be intited towards HLR in case of VLR change & fresh Location Update.

      IMEI & IMEISV is mainly used for mobile handset security.

      Feel free to revert for further Queries...........

      Thanks
      Gaurav Goel

      ReplyDelete
    14. Hi, I have a question.
      1)Is LAC stored in SIM card or the handset?
      2)Is LAC sent to network during every location update procedure?

      ReplyDelete
    15. if one person is moving from one msc to other msc during call conversation then what about Location update and hand over.

      ReplyDelete
    16. @priyaranjan:handover and LU take place when any mobile is in idle mode...no interMSC HO and LU take place when any MS is in busy condition..

      ReplyDelete
    17. Ashok: Will Authentication happen for the Periodic LU also?

      ReplyDelete
    18. Ashok : Can you please explain about 3G Authentication..

      ReplyDelete
    19. Hi,
      I want to know does a new TMSI is assigned in periodic location update or not?

      ReplyDelete
    20. Hi,
      I want to know the average time duration for the complete procedure of Location area update.

      ReplyDelete
    21. @Tini: No TMSI is not allocated in case of periodic location update

      ReplyDelete
    22. Hi,
      There is no such standard for average time duration for location update.
      According to current scenario wherein Authentication,EIR check and Chipering is compulsary , location update should ideally complete in less than 4-5 sec.

      ReplyDelete
      Replies
      1. What should happen first EIR check or Ciphering any recommendations on the sequence of events?

        Delete
    23. Hi,

      Can i know what error messages can we expect in update location response.

      ReplyDelete
    24. @Gaurav
      "no inter MSC HO takes place, when MS is in busy state"
      . could you please explain.

      Is it mean no HO for inter MSC when MS is in conversation

      ReplyDelete
      Replies
      1. @gaurav can u explain then what happens to the call when it moves from one location to other (i.e)from one MSC to other MSC but in conversation ??

        Delete
    25. @venkat :during call conversation inter msc HO takes place.after call disconnected LU initated by new msc.and during conversation mobile is always attached by old msc.

      ReplyDelete
      Replies
      1. @priyaranjan, LU is initiated by the MS or UE not by the MSS/VLR.

        Delete
    26. Hi,
      I have a question about the "periodic Location update",

      is it the same procedure as in the sketch for normal "Location update"? I dont think so because, there is no new VLR?What is the procedure in this case?

      I hope you can unterstand,
      with best regards
      Peter

      ReplyDelete
    27. @priyaranjan,
      New LU is initiated by the MS or UE not by the MSS/VLR.

      ReplyDelete
    28. Hi,
      In the periodic LU procedure it is mentioned that "In such
      a case, the VLR changes the location data of the mobile station to “unknown”."

      But MSS/VLR sets the MS/UE as absent and MNRF flag is set in the HLR.

      So that for any further incoming calls or SMS, MS/UE won't be paged. By this way radio resources can be saved from paging.

      ReplyDelete
    29. @Anonymous & @Tini
      TMSI can be allocated by MSS/VLR during a periodic location update and it can be set by the operator (i.e. to be allocated or not).

      @T.S.Ashok,
      Yes authentication can happen to periodic location update too and it can be set by the operator (i.e. to be done or not)

      ReplyDelete
    30. @Anonymous :Aside from fresh location update, an implicit detach timer is introduced in the VLR for the IMSI status management. In addition, measures are taken in BSS to force the MS to report its location periodically.Therefore, the network is informed of the status of MS. The network sends a periodic location updating time T3212 to all the users in the cell through BCCH to force the MS to send location updating request with the cause of periodic location updating after T3212 times out.After receiving Location update Request From MS.
      MSC has subscriber data in vlr(Set of triplet,subscriber basic info etc) so this requset not send to HLR.MSC send RAND(same triplet used which one received in fresh location update for perticuler MS from HLR) to MS.MS reply back with SRES.MSC compairs SRES->if matched location update acceptd.

      ReplyDelete
    31. @ Anonymous
      i knew one error msg "illegle MS" if SRES not matched .

      ReplyDelete
    32. what happens to MS when Periodic LU timer in a BTS is changed to anew value? Do all the MS in the coverage go for simultaneous LU or is the timer in MS reset and starts calculating for the new timer?

      ReplyDelete
    33. Hi,how is location area update procedure different from routing area update procedure?

      ReplyDelete
    34. Any difference when a prepaid subscriber is doing location update

      ReplyDelete

     
    Template design by Amanda @ Blogger Buster