Showing posts with label mobile telephone. Show all posts
Showing posts with label mobile telephone. Show all posts

Friday, April 25, 2008

Looking back at the future of SIM in 2002

Looking back at the future of SIM in 2002
.
I have always thought looking to the future is important, but equally looking back at what we know or think might be happening, from an historical perspective, can help see what problems can occur in the future and also to note whether foreseeable problems have been addressed or not, over time.
.
I have selected a summary of issues discussed in training back in 2002, which are set out in the downloadable .pdf document "SIM - The Future as Viewed in 2002".
.
.
For example, did you know or remember the slow down in SIM Card manufacturing in 2001? This is hard to believe when we think about the saturation levels of SIMs and handsets in the marketplace today.
.
What about SIM Application Toolkits, applets and the exciting development of Java Standard Edition for mobile phones (KJava and PJava)? Our concerns then were how these advancements were going to impact on mobile telephone and SIM examination. Remember at that time we saw problems and tried to anticipate how to combat problems, but we had no immediate solutions which invariable had to be produced in some instance "on-the-hoof", so to speak.
.
Cloning of SIM Cards had raised its head back in 1998 and devices were starting to appear on the market in 2000/01. The problems we faced then was knowing what to look for to deternmine whether a SIM was cloned or not? And then if the SIM was a clone what impact on evidence could/would it have?
.
What about SIM Cards with multiple IMSIs? Still an issue today as it was then in 2002. The problem being is that SIM readers do not have the capability to read more than one IMSI from a SIM Card at any one time. Consequently, invocation of an IMSI selection in EF-7F20 6F07 is not possible other than the SIM being placed in the handset and another IMSI being selected using the handset menu Network selection. Moreover, once that has been done the green button on the handset needs to be pushed and a location update (and an IMSI-attach) to the network is required, which cannot be performed in a faraday bag, radio dampening field or isolation chamber. The question arises when do you search for more than one IMSI recorded into a SIM? What cases warrant it? How many cases have been missed in the past where more than one IMSI resided in SIM but has gone undetected? Put simply, when should allocution take place?
.
There were a huge range of issues to be addressed then in early 2000, as there are now. When reading these brief discussion documents representing issues spoken about on my training courses, I hope they convey the message that plug and play (PnP) or universal plug and play (UPnP) systems used to extract and harvest data are simply not enough to satisfy the requirements for mobile telephone examination.
Posted by at
Labels: , , , , , , , , , ,

Friday, March 07, 2008

GSM Timers

GSM Timers


In the thread cell site anslysis call analysis <http://trewmte.blogspot.com/2006/12/cell-site-analysis-call-analysis.html> it highlighted the range of Cause Failures for mobile calls. The overview it provided can be quite helpful, but behind those Cause Failures there can be a range of Timers and some of them can be the reason a Cause Failure occurs (positive or negative outcome). For example we can see that timer T3216 (below) in essence relates to the failure of a Immediate Assignment Request, but the "root cause" of the failure can infact be due to SDCCH congestion or poor radio link, such as: interference, coverage restriction or radio path imbalance. Understanding the "Causes for the cessation or loss of mobile communication" requires more than knowing the Cause Code or Timer but all the "root cause" behind them.



The Timer table below provides a useful but not exhaustive list. It essential to keep monitoring the GSM and 3GPP standards. Finally, it is important to recognise that Timers have different durations dependent upon when the timer is applicable. For instance, for radio resources management the durations are often denoted in seconds and some timers are in milliseconds.



However, other timer durations (expiration) are used for internal operation for devices such as mobile telephone or SIM and can be in minutes and in some instances hours. An example of the latter can be the elementary file EFHPLMN (7F206F31) - see GSM11.11. The Timer is set in decimal-digit increments e.g. 01, 02, 03 and so on. Each increment represents a value of n-minutes which the standard GSM0211 refers to as 6 minutes, but commonly rapid updates can cause drain on the mobile telephone's battery it is understood that n-minutes can be 30-minutes. The maximum the timer can be set for is 8-hours. The timer value is network operator dependent, which means either timer method may be used.



Timers and counters for radio resource management



Timers on the mobile station side

T3122: This timer is used during random access, after the receipt of an IMMEDIATE ASSIGN REJECT message.Its value is given by the network in the IMMEDIATE ASSIGN REJECT message.



T3124: This timer is used in the seizure procedure during a hand-over, when the two cells are not synchronized.Its purpose is to detect the lack of answer from the network to the special signal. Its value is set to 675 ms if the channel type of the channel allocated in the HANDOVER COMMAND is an SDCCH (+ SACCH); otherwise its value is set to 320 ms.



T3126:This timer is started either after sending the maximum allowed number of CHANNEL REQUEST messages during an immediate assignment procedure. Or on receipt of an IMMEDIATE ASSIGNMENT REJECT message, whichever occurs first. It is stopped at receipt of an IMMEDIATE ASSIGNMENT message, or an IMMEDIATE ASSIGNMENT EXTENDED message. At its expiry, the immediate assignment procedure is aborted. The minimum value of this timer is equal to the time taken by T+2S slots of the mobile station's RACH. S and T. The maximum value of this timer is 5 seconds.



T3128:This timer is started when the mobile station starts the uplink investigation procedure and the uplink is busy.It is stopped at receipt of the first UPLINK FREE message. At its expiry, the uplink investigation procedure is aborted. The value of this timer is set to 1 second.



T3130:This timer is started after sending the first UPLINK ACCESS message during a VGCS uplink access procedure.It is stopped at receipt of a VGCS ACCESS GRANT message.At its expiry, the uplink access procedure is aborted.The value of this timer is set to 5 seconds.



T3110:This timer is used to delay the channel deactivation after the receipt of a (full) CHANNEL RELEASE. Its purpose is to let some time for disconnection of the main signalling link. Its value is set to such that the DISC frame is sent twice in case of no answer from the network. (It should be chosen to obtain a good probability of normal termination (i.e. no time out of T3109) of the channel release procedure.)



T3134:This timer is used in the seizure procedure during an RR network commanded cell change order procedure. Its purpose is to detect the lack of answer from the network or the lack of availability of the target cell. Its value is set to 5 seconds.



T3142:The timer is used during packet access on CCCH, after the receipt of an IMMEDIATE ASSIGNMENT REJECT message. Its value is given by the network in the IMMEDIATE ASSIGNMENT REJECT message.



T3146:This timer is started either after sending the maximum allowed number of CHANNEL REQUEST messages during a packet access procedure. Or on receipt of an IMMEDIATE ASSIGNMENT REJECT message during a packet access procedure, whichever occurs first. It is stopped at receipt of an IMMEDIATE ASSIGNMENT message, or an IMMEDIATE ASSIGNMENT EXTENDED message. At its expiry, the packet access procedure is aborted. The minimum value of this timer is equal to the time taken by T+2S slots of the mobile station's RACH. S and T are defined in section 3.3.1.2. The maximum value of this timer is 5 seconds.



T3164:This timer is used during packet access using CCCH. It is started at the receipt of an IMMEDIATE ASSIGNMENT message. It is stopped at the transmission of a RLC/MAC block on the assigned temporary block flow, see GSM 04.60. At expire, the mobile station returns to the packet idle mode. The value of the timer is 5 seconds.



T3190:The timer is used during packet downlink assignment on CCCH. It is started at the receipt of an IMMEDIATE ASSIGNMENT message or of an PDCH ASSIGNMENT COMMAND message when in dedicated mode.It is stopped at the receipt of a RLC/MAC block on the assigned temporary block flow, see GSM 04.60. At expiry, the mobile station returns to the packet idle mode. The value of the timer is 5 seconds.



Timers on the network side

T3101:This timer is started when a channel is allocated with an IMMEDIATE ASSIGNMENT message. It is stopped when the MS has correctly seized the channels. Its value is network dependent. NOTE: It could be higher than the maximum time for a L2 establishment attempt.



T3103:This timer is started by the sending of a HANDOVER message and is normally stopped when the MS has correctly seized the new channel. Its purpose is to keep the old channels sufficiently long for the MS to be able to return to the old channels, and to release the channels if the MS is lost. Its value is network dependent. NOTE: It could be higher than the maximum transmission time of the HANDOVER COMMAND, plus the value of T3124, plus the maximum duration of an attempt to establish a data link in multiframe mode.)



T3105:This timer is used for the repetition of the PHYSICAL INFORMATION message during the hand-over procedure. Its value is network dependent. NOTE: This timer may be set to such a low value that the message is in fact continuously transmitted.



T3107:This timer is started by the sending of an ASSIGNMENT COMMAND message and is normally stopped when the MS has correctly seized the new channels. Its purpose is to keep the old channel sufficiently long for the MS to be able to return to the old channels, and to release the channels if the MS is lost. Its value is network dependent. NOTE: It could be higher than the maximum transmission time of the ASSIGNMENT COMMAND message plus twice the maximum duration of an attempt to establish a data link multiframe mode.



T3109:This timer is started when a lower layer failure is detected by the network, when it is not engaged in a RF procedure. It is also used in the channel release procedure. Its purpose is to release the channels in case of loss of communication. Its value is network dependent. NOTE: Its value should be large enough to ensure that the MS detects a radio link failure.



T3111:This timer is used to delay the channel deactivation after disconnection of the main signalling link. Its purpose is to let some time for possible repetition of the disconnection. Its value is equal to the value of T3110.



T3113:This timer is started when the network has sent a PAGING REQUEST message and is stopped when the network has received the PAGING RESPONSE message. Its value is network dependent. NOTE: The value could allow for repetitions of the Channel Request message and the requirements associated with T3101.



T3115:This timer is used for the repetition of the VGCS UPLINK GRANT message during the uplink access procedure. Its value is network dependent. NOTE: This timer may be set to such a low value that the message is in fact continuously transmitted.



T3117:This timer is started by the sending of a PDCH ASSIGNMENT COMMAND message and is normally stopped when the MS has correctly accessed the target TBF. Its purpose is to keep the old channel sufficiently long for the MS to be able to return to the old channels, and to release the channels if the MS is lost. Its value is network dependent. NOTE: It could be higher than the maximum transmission time of the PDCH ASSIGNMENT COMMAND message plus T3132 plus the maximum duration of an attempt to establish a data link in multiframe mode.



T3119:This timer is started by the sending of a RR-CELL CHANGE ORDER message and is normally stopped when the MS has correctly accessed the new cell. Its purpose is to keep the old channels sufficiently long for the MS to be able to return to the old channels, and to release the channels if the MS is lost. Its value is network dependent.NOTE: It could be higher than the maximum transmission time of the RR_CELL CHANGE ORDER, plus T3134, plus the maximum duration of an attempt to establish a data link in multiframe mode.



T3141:This timer is started when a temporary block flow is allocated with an IMMEDIATE ASSIGNMENT message during a packet access procedure. It is stopped when the mobile station has correctly seized the temporary block flow. Its value is network dependent.



More on Cell Site Analysis: http://cellsiteanalysis.blogspot.com

Posted by at
Labels: , , , , ,
Subscribe to: Posts (Atom)