PrePay CDMA Subscribers Can Now Roam Onto GSM NetworksRoaming services provider, Mach has launched a new service that enables prepay CDMAcustomers to roam on GSM networks. Mach, working with with Accuris Networks says that itis the first provider to offer an inter-standard roaming service for prepaid mobile users, andis the first to offer a fully integrated prepaid and post-paid inter-standard roaming capabilityto CDMA operators.Growth in mobile subscriber numbers today is driven mainly by prepaid mobile users,particularly in emerging markets and particularly among the lucrative younger generationusers. CDMA operators are currently forced to forego potential revenue when these prepaidusers travel out of region because it has not been possible for CDMA prepaid users to roamon a GSM network. Roaming customers, therefore, have been required to purchase aprepaid local SIM card or use Wi-Fi hotspots in the destination market. This also has asignificant negative impact on customer loyalty and retention rates as customers have beenrequired to buy services from and transition between multiple providers.The turnkey prepaid solution, which can be implemented using existing connections, offersprepaid end-users all of the services that are available on their home network when theyare travelling abroad.The service is offered under the Mach brand, and is delivered using the Accuris technologyplatform. Accuris Networks is a provider of Roaming Inter-Working and Convergencesolutions for mobile devices."Our mobile operator customers will reap three immediate benefits from this solution," saidArtur Michalczyk Mach COO. "First, they will immediately realise previously lost revenuestreams by enabling users to roam on their existing prepaid SIM, commanding a greatershare of revenues that would otherwise be spent on technologies like local prepaid GSM SIMcards or hotel and airport WiFi. Second, they will enhance the service they deliver to theircustomers, and increase customer loyalty, by providing a seamless service, wherever theuser is roaming. And third, with end-to-end, one number inter-operability, operators canprovide complete voice and messaging services without the time and investment required tobuild their own platform."RoamingIn wireless telecommunications, roaming is a general term referring to the extension ofconnectivity service in a location that is different from the home location where the service wasregistered. Roaming ensures that the wireless device is kept connected to the network, withoutlosing the connection. The term "roaming" originates from the GSM (Global System for MobileCommunications) sphere; the term "roaming" can also be applied to the CDMA technology.Traditional GSM Roaming is defined (cf. GSM Association Permanent Reference DocumentAA.39) as the ability for a cellular customer to automatically make and receive voice calls, sendand receive data, or access other services, including home data services, when travelling outsidethe geographical coverage area of the home network, by means of using a visited network. Thiscan be done by using a communication terminal or else just by using the subscriber identity inthe visited network. Roaming is technically supported by mobility management, authentication,authorization and billing procedures.
Contents • 1 Roaming in general • 2 Home and visited networks • 3 Roaming agreements • 4 The roaming process • 5 Tariffs ○ 5.1 Roaming in Europe • 6 Additional notions and types of roaming • 7 See also • 8 References • 9 Standardisation Organizations • 10 External links Roaming in generalRoaming is divided into "SIM-based roaming" and "Username/password-based roaming",whereby the technical term "roaming" also encompasses roaming between networks of differentnetwork standards, such as e.g. WLAN (Wireless Local Area Network) or GSM. Deviceequipment and functionality, such as SIM card capability, antenna and network interfaces, andpower management, determine the access possibilities.Using the example of WLAN/GSM roaming, the following scenarios can be differentiated (cf.GSM Association Permanent Reference Document AA.39): • SIM-based (roaming): GSM subscriber roams onto a Public WLAN operated by: ○ their GSM Operator, or ○ another Operator who has a roaming agreement with their GSM Operator. • Username/password based roaming: GSM subscriber roams onto a Public WLAN operated by: ○ their GSM Operator, or ○ another Operator who has a roaming agreement with their GSM Operator.Although these user/network scenarios focus on roaming from GSM Network Operatorsnetwork(s), clearly roaming can be bi-directional, i.e. from Public WLAN Operators to GSMNetworks. Traditional roaming in networks of the same standard, e.g. from a WLAN to a WLANor a GSM network to a GSM network, has already been described above and is likewise definedby the foreignness of the network based on the type of subscriber entry in the home subscriberregister.
3. If successful, the visited network begins to maintain a temporary subscriber record for the device. Likewise, the home network updates its information to indicate that the mobile is on the host network so that any information sent to that device can be correctly routed.Tata Indicoms international roaming service One World-One Number for all its post-paid CDMAcustomers across 20circles. This service will enable the use of both CDMA and GSM services using a single T-SIM product forinternational roaming. This means that users will not have to change their number to switch between two networksfreely and will be able to take advantage of zone-based tariffs.First telecom service provider in the world to launch a single T-SIM card for international roaming. This will provideseamless access of different networks to our customers in 186 countries via 291 GSM roaming partners and fiveCDMA partners.Seamless International RoamingWith the BlackBerry 8830 World edition dual mode smartphone, you can now experience seamless internationalroaming. Tata Indicom’s One World One Number T-SIM card which comes preloaded in your BlackBerry empowersyou to switch between CDMA & GSM networks.Tata Teleservices Ltd. has a roaming tie-up with CDMA & GSM networks across more than 178 countries.Now the world is no longer CDMA or GSM but one world where you get to choose the best service provider withouthaving to worry about CDMA or GSMThe BlackBerry Bold 9650, introduced exclusively by Tata Teleservices Limited is a new Smartphonefor CDMA subscribers, offering seamless global roaming, 512 MB of Flash Memory, an OpticalTrackpad, and enhanced Wi-Fi and GPS capabilitiesNEW DELHI, INDIA: Tata Indicom, the CDMA arm of Tata Teleservices Limited, a dual-technology pan-Indiatelecom services provider, and Research in Motion today announced the launch of the BlackBerry Bold 9650,the first combined CDMA-GSM 3G-ready Smartphone in the BlackBerry Bold series.The BlackBerry Bold 9650, introduced exclusively by Tata Teleservices Limited is a new Smartphone forCDMA subscribers, offering seamless global roaming, 512 MB of Flash Memory, an Optical Trackpad, andenhanced Wi-Fi and GPS capabilities, said a press release.Commenting on the launch of the BlackBerry Bold 9650, Sunil Batra, president of CDMA Operations at TataTeleservices Limited, said, “As the youngest dual-technology telecom service provider in India, the additionof a Smartphone like the BlackBerry Bold 9650 to our portfolio of products and services from Research InMotion is an important step in strengthening our offerings to consumers.”“The BlackBerry Bold 9650 Smartphone delivers premium phone and multimedia features, together withglobal roaming support and the industry’s leading mobile solution for e-mail, messaging and socialnetworking,” said Frenny Bawa, managing director-India, Research In Motion.Customers purchasing the BlackBerry Bold 9650 Smartphone in the month of October will also be given aspecial data usage offer. For the first two months, these customers will receive a free data pack worthRs.900 per month, as well as 500 MB of tethered modem data usage per month. Customers using theBlackBerry Bold 9650 smartphone will also have exclusive access to Tata’s Photon TV, powered by Photon +,on the go, the release said.The BlackBerry Bold 9650 Smartphone offers a compact design and an easy-to-use full-QWERTY keyboard. Itincludes a variety of useful productivity applications and a wide range of popular features, including
advanced multimedia capabilities, Bluetooth 2.1 and a 3.2-megapixel camera with flash, image stabilizationand video recording.Syniverse signs a contract with Tata Teleservices, one of Indias fastest growing mobile phoneservice providers with pan-India coverage. Syniverse will provide Tata Teleservices customerswith seamless international wireless roaming services.Syniverse Technologies (NYSE:SVR), a leading provider of mission-critical technology servicesto wireless telecommunications companies worldwide, announced today that it has signed acontract with Tata Teleservices of India to provide seamless CDMA international roamingservices. With Syniverses services, Tata Teleservices subscribers will now be able to use theirmobile phone for voice services and SMS on CDMA networks throughout the world whereCDMA coverage is available.Indias mobile subscriber base is approximately 50 million today and is considered to be one ofthe fastest growing telecommunications markets with less than 10% penetration. Additionally,the number of tourists traveling in and out of India is expected to grow by 30 percent this year,according to forecasts by the World Tourism Organization of Madrid. Syniverse will provideTata Teleservices with a multi-service offering that includes clearinghouse services for roamingrevenue settlement and exchange; SS7 transport and conversion; ANSI-41 signalinginteroperability; a near-real time, on-line customer management application used to track andtroubleshoot roamers; and SMS routing, which will enable SMS mobile origination andtermination for Tata Teleservices subscribers who are roaming internationally.On the occasion Mr. Firdose Vandrevala, Chairman, Tata Teleservices, said, "Tata Teleservicesalready has a pan-India operation and is the world leader in fixed wireless service. We plan toexpand our presence by further enhancing our service offerings. The ability to offer seamlessinternational roaming based on Syniverses proven interoperability solutions will help us to tapinto the potential of the booming international mobile communications market. This tie-up is anextension to our efforts of providing our customers the very best.""Tata Teleservices is an innovative technology leader in one of the fastest growing telecommarkets in the world. Their vision for subscriber growth and international roaming is perfectlymatched with our expertise in roaming interoperability services," said Syniverse CEO Ed Evans."We continue to secure significant customer contracts in Asia Pacific, which demonstrates ourcommitment to international expansion and our unique technical capabilities that enablesubscribers to take advantage of both voice and data services on a worldwide basis."About Tata TeleservicesTata Teleservices is one of Indias leading private telecom service provider. The company offersintegrated telecom solutions to its customers under the Tata Indicom brand, and uses the latestCDMA 3G1X technology for its wireless network. Tata Teleservices operates in 20 circles i.e.Andhra Pradesh, Chennai, Gujarat, Karnataka, New Delhi, Maharashtra, Mumbai, Tamil Nadu,Orissa, Bihar, Rajasthan, Punjab, Haryana, Himachal Pradesh, Uttar Pradesh (E), Uttar Pradesh(W), Kolkata, Kerala, Madhya Pradesh and West Bengal. The company has a customer base ofover 3.66 million.About SyniverseSyniverse is a leading provider of mission-critical technology services to wirelesstelecommunications companies worldwide. Syniverse solutions simplify technologycomplexities by integrating disparate carriers systems and networks in order to provide seamless
global voice and data communications to wireless subscribers. Carriers depend on Syniversesintegrated suite of services to solve their most complex technology challenges and to facilitatethe rapid deployment of next generation wireless services. Syniverse provides services to over300 telecommunications carriers in approximately 40 countries, including the ten largest U.S.wireless carriers and six of the ten largest international wireless carriers. Headquartered inTampa, Fla., U.S.A., with offices in major cities throughout North America and in TheNetherlands, Syniverse has a global sales force in London, Luxembourg, Rome, Beijing, HongKong, Rio de Janeiro and Belo Horizonte.If a call is made to a roaming mobile, the public telephone network routes the call to the phonesregistered service provider, who then must route it to the visited network. That network mustthen provide an internal temporary phone number to the mobile (MSRN). Once this number isdefined, the home network forwards the incoming call to the temporary phone number, whichterminates at the host network and is forwarded to the mobile.In order that a subscriber is able to "latch" on to a visited network, a roaming agreement needs tobe in place between the visited network and the home network. This agreement is establishedafter a series of testing processes called IREG (International Roaming Expert Group) andTADIG (Transferred Account Data Interchange Group). While the IREG testing is to test theproper functioning of the established communication links, the TADIG testing is to check thebillability of the calls.The usage by a subscriber in a visited network is captured in a file called the TAP (TransferredAccount Procedure) for GSM / CIBER (Cellular Intercarrier Billing Exchange Record) forCDMA, AMPS etc... file and is transferred to the home network. A TAP/CIBER file containsdetails of the calls made by the subscriber viz. location, calling party, called party, time of calland duration, etc. The TAP/CIBER files are rated as per the tariffs charged by the visitedoperator. The home operator then bills these calls to its subscribers and may charge a mark-up/tax applicable locally. As recently many carriers launched own retail rate plans and bundlesfor Roaming, TAP records are generally used for wholesale Inter-Operators settlements only.TariffsRoaming fees are traditionally charged on a per-minute basis and they are typically determinedby the service providers pricing plan. Several carriers in the both United States and India haveeliminated these fees in their nationwide pricing plans. All of the major carriers now offerpricing plans that allow consumers to purchase nationwide roaming-free minutes. However,carriers define "nationwide" in different ways. For example, some carriers define "nationwide"as anywhere in the U.S., whereas others define it as anywhere within the carriers network.An operator intending to provide roaming services to visitors publishes the tariffs that would becharged in his network at least sixty days prior to its implementation under normal situations.The visited operator tariffs may include tax, discounts etc. and would be based on duration incase of voice calls. For data calls, the charging may be based on the data volume sent andreceived. Some operators also charge a separate fee for call setup i.e. for the establishment of acall. This charge is called a flagfall charge.Roaming in EuropeIn the European Union, the Regulation on roaming charges has been in force since 30 June 2007,forcing service providers to lower their roaming fees across the 27-member bloc. It later alsoincluded EEA member states. The regulation sets a price cap of €0.39 (€0.49 in 2007, €0.46 in
2008, €0.43 in 2009) per minute for outgoing calls, and €0.15 (€0.24 in 2007, €0.22 in 2008,€0.19 in 2009) per minute for incoming calls - excluding tax. If the Commission is satisfiedthat competition will continue to keep prices at this level, or lower, the regulation will expire inmid 2012. Since mid 2009 there is also an €0.11 (excluding tax) maximum price for SMS textmessage included into this regulation.Additional notions and types of roaming • Regional roaming:This type of roaming refers to the ability of moving from one region to another region insidenational coverage of the mobile operator. Initially, operators may have provide commercialoffers restricted to a region (sometimes to a town). Due to the success of GSM and the decreasein cost, regional roaming is rarely offered to clients except in nations with wide geographic areaslike the USA, Russia, India, etc., in which there are a number of regional operators. • National roaming:This type of roaming refers to the ability to move from one mobile operator to another in thesame country. For example, a subscriber of T-Mobile USA who is allowed to roam on AT&TMobilitys service would have national roaming rights. For commercial and license reasons, thistype of roaming is not allowed unless under very specific circumstances and under regulatoryscrutiny. This has often taken place when a new company is assigned a mobile telephony license,to create a more competitive market by allowing the new entrant to offer coverage comparable tothat of established operators (by requiring the existing operators to allow roaming while the newentrant has time to build up its own network). In a country like India, where the number ofregional operators is high and the country is divided into circles, this type of roaming iscommon. • International roaming:This type of roaming refers to the ability to move to a foreign service providers network. It is,consequently, of particular interest to international tourists and business travellers.Broadly speaking, international roaming is easiest using the GSM standard, as it is used by over80% of the worlds mobile operators. However, even then, there may be problems, sincecountries have allocated different frequency bands for GSM communications (there are twogroups of countries: most GSM countries use 900/1800 MHz, but the United States and someother countries in the Americas have allocated 850/1900 MHz): for a phone to work in a countrywith a different frequency allocation, it must support one or both of that countrys frequencies,and thus be tri or quad band. • Inter-standards roaming (ISR):This type of roaming refers to the ability to move seamlessly between mobile networks ofdifferent technologies.Since mobile communication technologies have evolved independently across continents, thereis significant challenge in achieving seamless roaming across these technologies. Typically,these technologies were implemented in accordance with technological standards laid down bydifferent industry bodies and hence the name.A number of the standards making industry bodies have come together to define and achieveinteroperability between the technologies as a means to achieve inter-standards roaming. This iscurrently an ongoing effort.
• Mobile Signature Roaming:The concept of Mobile signature Roaming is: an access point should be able to get a MobileSignature from any end-user, even if the AP and the end-user have not contracted a commercialrelationship with the same MSSP. Otherwise, an AP would have to build commercial terms withas many MSSPs as possible, and this might be a cost burden. This means that a Mobile Signaturetransaction issued by an Application Provider should be able to reach the appropriate MSSP, andthis should be transparent for the AP(reference). • Inter MSC Roaming:Network elements belonging to the same Operator but located in different areas (a typicalsituation where assignment of local licenses is a common practice)pair depends on the switchand its location. Hence, software changes and a greater processing capability are required, butfurthermore this situation could introduce the fairly new concept of roaming on a per MSC basisinstead of per Operator basis. But this is actually a burden, so it is avoided. • Permanent Roaming:This type of roaming refers to customers who purchase service with a mobile phone operatorintending to permanently roaming, or be off-network. This becomes possible because of theincreasing popularity and availability of "free roaming" service plan, where there is no costdifference between on and off network usage. The benefits of getting service from a mobilephone operator that isnt local to you can include cheaper rates, or features and phones that arentavailable on your local mobile phone operator, or to get to a particular mobile phone operatorsnetwork to get free calls to other customers of that mobile phone operator through a freeunlimited mobile to mobile feature. Accidentally become a permanent roaming customer doesnot usually happen. Most mobile phone operators will require the customers living or billingaddress be inside their coverage area or less often inside the government issued radio frequencylicense of the mobile phone operator, this is usually determined by a computer estimate becauseit its impossible to guarantee coverage (see Dead zone (cell phone)). If a potential customersaddress is not within the requirements of that mobile phone operator, they will be denied service.In order to permanently roam customers may use a false address and online billing, or a relativeor friends address which is in the required area, and a 3rd party billing option.Most mobile phone operator discourage or prohibit permanent roaming since they must pay perminute rates to the network operator their customer is roaming onto to, while they can not passthat extra cost onto customers ("free roaming"). • Trombone roaming:Roaming calls within a local tariff area, when at least one of the phones belong outside that area.Usually implemented with trombone routing also known as tromboningThe routing of trombone roaming. • IEEE 802.11 ○ IEEE 802.11f ○ IEEE 802.11r • Home Location Register • Handoff • Mobile IP • Mobile phone
• Mobile phones on aircraft • Mobility management • Regulation on roaming charges in the European Union • Roaming sim • GSM frequency bands • UMTS frequency bands • Vertical handoff • Visitor Location RegisterStandardisation Organizations • ETSI website, European Telecommunications Standards Institute. • Direct access to ETSI standards publications. • GSM website, Global System for Mobile communications by the GSM Association (GSMA) • GSM operators and their roaming agreements - Index of GSM operators in a country, and their roaming partners indexed by country. Maintained by GSM Alliance • International Forum on ANSI-41 Standards Technology - Lists some of the issues in Inter-standards roaming • Local Roaming Number - Article talk about the Local Roaming Number Value Add Service.cdma_roamingAbout CDMA and GSM roaming you can find a lot of information from those sites:http://www.tsiconnections.comhttp://www.telesoft-technologies.comAnd there are some companies from India who provide soft-converters of IS41d GSM MAPprotocols.About GSM1X, its not intended to provide roaming capability. You can read from itsdescription, that the GSM1X have been created for GSM operators to be able to use CDMAradio network for enhanced radio frequency source of CDMA standard.
CDMA has already implemented full IMSI. It is just that most of the operators need to yetconvert their n/w in to full IMSI networks. This will happen but will take time. In fact in Indiasome networks are not even full MIN complient ( meaning that they are using some bulid upnumbers not the MIN ranges managed by some independent agencyLet us look at the factors which causes the problem and how to overcome them..1> difference between MIN and IMSIIMSI is MCC+MNC+SN=15MIN=10SO we have do some Mobile GTT to convert MIN in to the format of MCC+MNC+Min=IMSI2> GSM+CDMA handset.3> any other issue ...SMS-Interworking doesnt mean that roaming is possible between CDMA2000 and GSM.But this can provide a step forward towards MAP-Interworking...This is no roaming. This is interworking between GSM and CDMA n/w so that a GSMsubscriber can send message to CDMA subscriber and visa versa. This is kind of black boxthat converts the CDMA SMS messages of IS-41 format into GSM MAP format so that theGSM network entities can send that message to The GSM subscribers.This is in no way roaming.
IS41D and GSM - MAP Protocal Interworking is currenly used in INDIA for SMS-Interworkingbetween CDMA2000 and GSM Networks.For this the CDMA Operator is using a "SPECIAL UNIT" to do the CONVERSION JOB.Regarding roaming between GSM and CDMA, the answer is yes and did not have to wait 4Gor 3G and its available right now with GSM1X (u can refer to www.GSM1X.com). Theproduct and technology built by Qualcom and its already complete trial by ChinaUnicom( according to news)...GSM (Global System for Mobile communications, originally from Groupe Spécial Mobile) is the mostpopular standard for mobile phones in the world, with its promoter, the GSM Association, estimatingthat the GSM service provides 82% of the global mobile market and is used by over 2 billion peopleacross more than 212 countries and territories.Code division multiple access (CDMA) describes a communication channel access principle thatemploys spread-spectrum technology and a special coding scheme (where each transmitter isassigned a code). CDMA also refers to digital cellular telephony systems that use this multiple access
scheme, as pioneered by QUALCOMM, and W-CDMA by the International Telecommunication Union(ITU), which is used in GSM’s UMTS.Whereas Global System for Mobile Communications (GSM) is a specification of an entire networkinfrastructure, CDMA relates only to the air interface — the radio portion of the technology. Forexample, GSM specifies an infrastructure based on internationally approved standard, while CDMAallows each operator to provide network features it finds suitable. On the air interface, the signallingsuite (GSM: ISDN SS7) work has been progressing to harmonise these features.Subscriber Identity Module (SIM Card)SIM (subscriber identity module) card, the onboard memory device that identifies a user and stores allof his information on the handheld. You can swap GSM SIM cards between handsets when a new oneis necessary, which enables you to carry all of your contact and calendar information over to a newhandset with no hassle. CDMA operators answer this flexibility with their own service that stores userdata, including phone book and scheduler information, on the operator’s database. This service makesit possible to not only swap over to a new handset with little trouble, but it also gives users the abilityto recover contact date even if their phone is lost or stolen.International Roaming with GSM and CDMAWhere international business travel is an issue, GSM leaps forward in the race for the title of “MostAccessible.” Because GSM is used in more than 74% of the markets across the globe, users of tri-bandor quad-band handsets can travel to Europe, India, and most of Asia and still use their cell phones.CDMA offers no multiband capability, however, and therefore you can’t readily use it in multiplecountries. However, certain phones like the Blackberry Tour and the HTC Touch Pro 2 now have Quad-band GSM built in so they can be used overseas with special calling plans from carriers.Data Transfer Methods in GSM vs. CDMAAnother difference between GSM and CDMA is in the data transfer methods. GSM’s high-speedwireless data technology, GPRS (General Packet Radio Service), usually offers a slower databandwidth for wireless data connection than CDMA’s high-speed technology (1xRTT, short for singlecarrier radio transmission technology), which has the capability of providing ISDN (Integrated ServicesDigital Network)-like speeds of as much as 144Kbps (kilobits per second). However, 1xRTT requires adedicated connection to the network for use, whereas GPRS sends in packets, which means that datacalls made on a GSM handset don’t block out voice calls like they do on CDMA phones.Interaction between GSM and CDMAIn cities and densely populated areas, there are often high concentrations of GSM and CDMAconnection bases. In theory, GSM and CDMA are invisible to one another and should "play nice" withone another. In practice, however, this is not the case. High-powered CDMA signals have raised the"noise floor" for GSM receivers, meaning there is less space within the available band to send a cleansignal. This sometimes results in dropped calls in areas where there is a high concentration of CDMAtechnology. Conversely, high-powered GSM signals have been shown to cause overloading andjamming of CDMA receivers due to CDMA’s reliance upon broadcasting across its entire available band.The result of this little cross-broadcasting joust has led some cities to pass ordinances limiting thespace between cell towers or the height they can reach, giving one technology a distinct advantageover the other. This is something to note when choosing a wireless provider. The distance betweentowers will severely affect connectivity for GSM-based phones because the phones need constantaccess to the tower’s narrow band broadcasting.
Prevalence of CDMA vs. GSMGSM is a lot more widespread in Europe and Asia. In the United States, Sprint and Verizon networksare CDMA whereas AT&T and T-Mobile are on GSM. In India, Hutch, Bharti, TATA DOCOMO and BSNLare on GSM whereas Reliance and Tata INDICOM are on CDMA networks.HSPA is build on top of W-CDMA. It actually incorporates multiple technologies (TDMA, W-CDMA andcode multiplexing). Most GSM operators have a UMTS (aka. 3GSM, WCDMA, HSPA) overlay network.GSM also has had a constant roadmat through 3G to 4G. Also roaming works globally. LTE and WiMAXare essentially the same technology. WiMaxs main problem is that it didnt do mobility very well. LTEwas brought out to make sure mobility worksCDMA is actually a superior technology to GSM. It propagates further, works better inside structures,has built in noise cancellation, more calls per cel cite, automatically hands off calls to different celcites to minimize congestion, and works better in low signal areas to name a few. The only thing thatGSM brings top the table other than coverage, is better battery life, but thats because it is a lesspowerful chip-set. It is true that eventually almost everyone int he world is going LTE.LTE supports both FDD and TDD mode. GSM does not, it is strictly Time Division.WiMAX is a niche trechnology at best and is seriously struggling - its losing money all over the world.The future is quite clearly GSM - so HSPA, HSPA Evolved/+ and LTE. Theres no point comparingWiMAX with LTE - We should be comparing HSPA with WiMAX. HSPA and HSPA+ are used globally andgaining traction (200 million HSPA subscribers vs. WiMAXs 100,000 globally) - everything will lead toLTE (also part of the GSM family of technologies), but HSPA will be around for a good few years yet.Think global traction and economies of scale! Neither of which WiMAX has. So LTE is the future - justlook at what the operators in the US are doing: - Verizon moving from CDMA to LTE in 2010 - AT&Tmoving from HSPA to LTE - T-Mobile moving from HSPA to HSPA+, and the LTE Well ALL be usingLTE withing 10 years - CDMA and WiMAX will be technologies of the past. Johan Lassing, Sweden - by 220.127.116.11 on 2009-11-26 12:08:21
GSMs only advantage is data/voice simultaneously. CDMA is faster, clearer, more secure, and muchless likely to drop calls. Its the newest mobile technology. There could be an eventual change in thenear future shifting to WiMax and LTE using VoIP insead of traditional cellular voice. WiMax is thefuture. If the LTE network is eventually built, it will be very powerful. But WiMax may have astronghold on the wireless broadband industry by then.Data using HSDPA on mobiles is very fast. GSM phones can also be unlocked and used on differentnetworks, unlike CDMA thus, giveing customers greater choice.GSM -> GSM Vs CDMAThe ultimate outcome of the battle for dominance between these two competingcellular data transmission technologies may lie more in their history than their respectivemerits. To understand the current prevalence of GSM, one needs a foundation in the forces thatconverged to push one technology ahead of the other.One of the most contentious battles being waged in the wireless infrastructure industry is thedebate over the efficient use and allocation of finite airwaves. For several years, the worlds twomain methods -- Code-Division Multiple Access (CDMA) and Global System for Mobilecommunications (GSM) -- have divided the wireless world into opposing camps. Ultimately, theemergence of a victorious technology may owe more to historical forces than the latest wirelessinnovation, or the merits of one standard over the other.CDMAs World War II FoundationsCDMA, put into an historical context, is a recently patented technology that only becamecommercially available in the mid-1990s, but had its roots in pre-World War II America. In 1940, hollywood actress turned inventor, Hedy Lamarr, and co-inventor George Antheil, withWorld War II looming, co-patented a way for torpedoes to be controlled by sending signals overmultiple radio frequencies using random patterns. Despite arduous efforts by the inventors toadvance the technology from experiment to implementation, the U.S. Navy discarded their workas architecturally unfeasible. The idea, which was known as frequency-hopping, and later asfrequency-hopping spread-spectrum technology (FHSS), remained dormant until 1957 whenengineers at the Sylvania Electronic Systems Division, in Buffalo, New York took up the idea,and after the Lamarr-Antheil patent expired, used it to secure communications for the U.S.during the 1962 Cuban Missile Crisis. After becoming an integral part of government securitytechnology, the U.S. military, in the mid-80s, declassified what has now become CDMAtechnology, a technique based on spread-spectrum technology.What interested the military soon caught the eye of a nascent wireless industry. CDMA,incorporating spread-spectrum, works by digitizing multiple conversations, attaching a codeknown only to the sender and receiver, and then dicing the signals into bits and reassembling
them. The military loved CDMA because coded signals with trillions of possible combinationsresulted in extremely secure transmissions.Qualcomm, which patented CDMA, and other telecommunications companies, were attracted tothe technology because it enabled many simultaneous conversations, rather than the limited stop-and-go transmissions of analog and the previous digital option.CDMA was not field tested for commercial use until 1991, and was launched commercially inHong Kong in 1995. CDMA technology is currently used by major cellular carriers in the UnitedStates and is the backbone of Sprints Personal Communications System (PCS). Along withSprint, major users of CDMA technology are Verizon and GTE.Advantages of CDMA include: • Increased cellular communications security. • Simultaneous conversations. • Increased efficiency, meaning that the carrier can serve more subscribers. • Smaller phones. • Low power requirements and little cell-to-cell coordination needed by operators. • Extended reach - beneficial to rural users situated far from cells.Disadvantages of CDMA include: • Due to its proprietary nature, all of CDMAs flaws are not known to the engineering community. • CDMA is relatively new, and the network is not as mature as GSM. • CDMA cannot offer international roaming, a large GSM advantage.The Euro-Asian Alternative: GSMAnalysts consider Qualcomms major competitive disadvantage to be its lack of access to theEuropean market now controlled by Global System for Mobile communications (GSM). Thewireless world is now divided into GSM (much of Western Europe) and CDMA (North Americaand parts of Asia).Bad timing may have prevented the evolution of one, single global wireless standard. Just twoyears before CDMAs 1995 introduction in Hong Kong, European carriers and manufacturerschose to support the first available digital technology - Time Division Multiple Access (TDMA).GSM uses TDMA as its core technology. Therefore, since the majority of wireless users are inEurope and Asia, GSM has taken the worldwide lead as the technology of choice.Mobile Handset manufacturers ultimately split into two camps, as Motorola, Lucent, and Nextelchose CDMA, and Nokia and Ericsson eventually pushed these companies out and became thedominant GSM players.Advantages of GSM: • GSM is already used worldwide with over 450 million subscribers.
• International roaming permits subscribers to use one phone throughout Western Europe. CDMA will work in Asia, but not France, Germany, the U.K. and other popular European destinations. • GSM is mature, having started in the mid-80s. This maturity means a more stable network with robust features. CDMA is still building its network. • GSMs maturity means engineers cut their teeth on the technology, creating an unconscious preference. • The availability of Subscriber Identity Modules, which are smart cards that provide secure data encryption give GSM m-commerce advantages.ConclusionToday, the battle between CDMA and GSM is muddled. Where at one point Europe clearlyfavored GSM and North America, CDMA, the distinct advantage of one over the other hasblurred as major carriers begin to support GSM, and recent trials even showed compatibilitybetween the two technologies.GSM still holds the upper hand however. Theres the numerical advantage for one thing: 456million GSM users versus CDMAs 82 million.MACH’s ISR Solution Opens Up Roaming For Visafones Pre-Paid CDMACustomersMACH, the leading provider of hub-based mobile communication solutions, today announcedthe successful launch of Visafone’s pre-paid roaming service for CDMA subscribers usingMACH’s market leading Inter-Standard Roaming (ISR) Solution. Visafone, Nigeria’s fastestgrowing mobile network operator, will be able to provide more than three million mostly pre-paid customers with seamless access to international roaming on GSM networks and otherwireless technologies. By signing up yet another network operator to its industry-leadingsolution, MACH has firmed up its leadership position in the pre-paid roaming market.Network operators are striving to deliver seamless connectivity worldwide for both their pre-paidand post-paid subscribers. By doing so, they improve customer experience, reduce churn andincrease roaming revenues. Traditional inter-standard roaming solutions provide seamlessconnectivity for post-paid subscribers only. MACH’s ISR managed service solution is unique inthe industry as it is able to provide for both pre-paid and post-paid subscribers. It offers anefficient and value added approach for CDMA operators, unlocking new revenue opportunities,and providing service continuity for their customers whilst travelling.“One of Visafone’s stated goals is to be the pre-eminent and most customer focused telecomoperator in Nigeria. Part of the plan to achieve this is the emphasis on seamless and efficientservices that will ensure the best clarity and the widest coverage. By signing up to MACH’s ISRsolution, we are one step closer to achieving this aim. MACH’s fully managed, outsourcedsolution as it provides for both pre-paid and post-paid subscribers, it is quick and easy toimplement, and it has been adopted by major mobile operators around the world.”offer seamless roaming - with one device, one number and one bill – to its mostly pre-paidCDMA customers in a very short space of time. customers will have full access to all their usualservices while roaming, regardless of whether they are on pre-paid or post-paid packages.”
MACH ISR is a fully hosted inter-standard roaming solution in which a single agreementprovides full featured voice and data roaming in more than 200 countries with minimal capitalinvestment and operational expenditure. Based on Accuris Networks’ inter-working platform forvoice and SMS, and MACH’s own patented Mobile IP Proxy for seamless data roaming, it isdelivered through a proven managed services infrastructure. It offers turnkey interoperabilitybetween wireless technologies, including CDMA, 1X/EVDO, GSM, GPRS/UMTS, Wi-Fi,WiMAX and, soon, LTE. The solution, which can be implemented using existing connections,offers end users all of the services that are available on their home network, even when they aretravelling. With end-to-end, one number interoperability, mobile operators can provide completevoice and messaging services without the time and investment required to build their ownplatform.How handoffs could be performed between the two Technologies.R-UIM identity module. international roaming between CDMA and GSM networks, via a uniquesmart card. R-UIM (Removable User Identity Module) standard for CDMA phones, which allowsCDMA subscribers to place the card into the SIM slot of a GSM phone when travelling and obtainGSM network coverage.The RoamFree™ Gateway is designed to enable seamless roaming between GSM networks andIS-41 based CDMA networks that handoffs could be performed between the two.) to forum · permalink · 2001-09-20 15:26:32 · Top of Form reply Bottom of Form Anon This is the worlds first commercial application for the R-UIM. Schlumberger produced the new card for KTF to very tight timescales, to ensure that the new service would be available to Korean visitors to the Sydney Olympic games. The R-UIM specification provides subscribers with an internationally compatible and removable identity module for both the CDMA and GSM networks. As well as making it possible to enjoy GSM network coverage throughout the world, the R-UIM provides a flexible platform for the development and deployment of value- added services (VAS) for KTFs subscribers. Value added services can now be developed with the existing GSM SIM Toolkit (STK).
Thanks to compatibility with the Java Card standard, it is also possible to re-load and change applets on the Simera Airflex in the field. This approach greatly simplifies VAS development compared with producing dedicated application firmware for the embedded processor inside the phone. Moreover, the new card opens up a migration path for KTF to the use of identity modules in the 3G evolution for CDMA terminals, providing the benefits of smart card-based security for mobile commerce. KTFs CDMA subscribers travelling to countries within the global GSM footprint now simply take their R-UIM module and plug it into a GSM handset to gain instant access to the new network. KTF is offering rental handsets that are available at the companys lounge in Kimpo International Airport. "Simera Airflex cards give us a powerful platform for evolving our mobile communications brand", says Mr Pyo Hyun Myung, Vice President of Korea Telecom Freetel. "Right now, they help us to introduce truly international roaming services. In the future, they will give us an additional flexible route for delivering value-added services, which can be personalised to suit individual subscribers." What I would like to invetigate it the possibility for GSM subscribers to go roaming in CDMA networks. to forum · permalink · 2001-09-21 08:12:07 · Top of Form reply Bottom of Form After reading that, its not simply roaming from one type of network into the other, its that someone made a phone/card system for CDMA, where you take the card, get a separate GSM phone, and use the mballard card in the GSM phone for roaming on aPremium,ExMod 1999-03 GSM network. So if you own all your own join:1999-11-15 equipment for roaming/home use, you end up with two phones and one card, on one
Los Angeles, CA account, with one phone able to be used at a time. It also sounds like that a GSM provider could enable the same service, but they would have to choose so, and again it would still require two phones. to forum · permalink · 2001-09-21 12:36:26 · Top of Form reply Bottom of Form reply to Anon The CDMA providers in the states will provide users with a GSM SIM card, and will be glad to sell a phone. Then when people call your cell phone number, it gets dobie0 routed to a gsm phone. This is pretty much the same thing. The phones are stilljoin:2000-06-22 different. Englewood, CO to forum · permalink · 2001-09-21 14:56:04 · Top of Form reply Bottom of Form reply to Anon Hi ! Mork6 I belive that CDMA is involved when theyjoin:2001-09-14 move GSM into so-called 3G (3 Norway Generation). Is this the stuff you look for ? Try the headlines: "Ericsson - The TDMA Operator path to GSM" and "3GSM - The Future of Communications" on this link »www.gsmworld.com/technology/index.ht ml to forum · permalink · 2001-09-25 17:00:19 · Top of Form
reply Bottom of Form reply to Anon There are still 2 3g standards. One is CDMA2000 (the current upgrade path for CDMA providers like Sprint), and the other is WCDMA. WCDMA is the upgrade path dobie0 that most non CDMA operators are taking. join:2000-06-22 Englewood, CO International Roaming Using CDMA Courtesy of: CNP-WirelessInternational roaming allows users of CDMA wireless phones to travel to a foreigncountry and enjoy many of the same services there that they can at home.While there are still many challenges to obtain fully seamless international roaming,CDMA subscribers can enjoy some of the finest international roaming available. And,it will only get better in the future.What is Roaming?Roaming is the ability of a system to provide the same services to customers(roamers) from other systems, even from other countries. This involves theresolution of a number of business and technical challenges. Some of the majorservices that can be provided are: ○ The ability to make a call (Mobile Origination). While this sounds simple, this fundamental service requires a wireless system to verify that the customers subscription is valid, that the phone is not stolen, that it is not illegally emulating another phone, and to ensure that the type of call being made is not restricted. ○ The ability to receive a call (Mobile Termination or Call Delivery). This is technically much more complex, and requires the roamers phone to first register in the system in which it wishes to receive calls. This is done automatically, and causes an exchange of information over the SS7/ANSI-41 network to the home system. When a call comes in to the home system it already knows where the mobile is, and can route a call to it. ○ Inter-system handoff. This allows a mobile call to continue uninterrupted when the mobile crosses the boundary between two cellular systems. ○ Short Message Service. When an SMS message comes in to the home system it will be forwarded to the mobile, wherever it is. ○ Calling Name/Number Presentation. When receiving a call, the number of the caller or even their name will be displayed on their handset.
○ International dialing. Some phones provide a "+" key or equivalent menu option that makes it easy to place an international call without knowing the local access number.What Makes CDMA Roaming Work?A standard known as ANSI-41 (aka TIA/EIA-41 or IS-41) provides roaming services forAMPS and CDMA systems. It is a good example of a Mobile Application Protocol(MAP), which is a high-level protocol that allows major elements of the wirelessnetwork to communicate. The major network elements are: ○ Base Station. Contains the radio equipment for one or more cells. ○ MSC (Mobile Switching Center). Connects mobiles to other mobiles or to phones in the telephone network or on other cellular systems. ○ HLR (Home Location Register). Contains information about a subscription, including the types of services which are to be provided. ○ AC (Authentication Center). Contains cryptographic information that allows the network to determine that a mobile is valid. Usually contained within an HLR. ○ MC (Message Center). Stores and forwards short messages.Some of the more important roaming capabilities that are provided by ANSI-41 are: ○ Authentication, Registration and Location Management ○ Call Delivery ○ Short Message Service (SMS) ○ Mobile OriginationsInternationalization of ANSI-41ANSI-41 is often criticized for its international roaming capabilities. This was a validcriticism in the mid-1990s, but since then ANSI-41 has been upgraded withinternational roaming capabilities that make it fully equivalent with GSM. Some of thecapabilities that have been added are: ○ Support for international digit strings in IS-41 Revision C (1996) ○ Support for International Mobile Subscription Identifiers (IMSI) in TIA/EIA/IS- 751 (1998). ○ Assignment of International Roaming MINs by IFAST (1998). ○ Support for SS7 global titles in TIA/EIA/IS-807 (1999). ○ Enhancements for calling number identification, + code dialing and callback (2001).Although the roaming capabilities of ANSI-41 and GSM are largely comparable, thereare some ways in which ANSI-41 is superior:
○ Call forward no-answer/busy can be handled more efficiently by ANSI-41 systems. Calls are forwarded from the home system, with the connection to the serving system being released. GSM systems forward from the serving system, often resulting in calls looping from home system to serving system and back to the home system. ○ Inter-system handoff is supported more efficiently in ANSI-41. It is performed directly by neighboring MSCs, without requiring a special gateway MSC, as in GSM. ○ ANSI-41 supports mobiles that can operate in multiple technologies (e.g. analog and CDMA). ○ Authentication of mobiles can be done locally. In GSM authentication calculations must be performed by the AC, requiring one transfer of authentication data for every call. In practice, GSM carriers often avoid this, which reduces the level of security that their systems provide.What is SS7?Telephony networks contain many highly computerized elements, that need tocommunicate by sending messages. This is known as signaling. SS7 (SignalingSystem Number 7) is a digital signaling system that connects the telephony networktogether. It has largely replaced older, tone-based signaling systems, particularly inthe core network. SS7 is ideally suited for transporting ANSI-41 messages. It has theability to transport messages between any two points on the network (e.g. betweenan MSC and an HLR) quickly, reliably and because it is purely packet oriented,without setup delay. SS7 messages are addressed either by point-code (a uniquenumeric address assigned to every telephony network) or by global title (use of atelephony-oriented address, such as a calling card number, IMSI or phone number).The point-code corresponds to the IP address on the internet (it even has asubsystem number that corresponds to the port number used by TCP and otherhigher-level IP protocols) and the global title corresponds to a domain name.Most ANSI-41 networks either use the ANSI SS7 network, or have a method of directlyaddressing ANSI point codes. Use of global titles is a future development.Roaming with GSMThe other major network standard in the world is the GSM MAP, that supports theGSM radio interface. GSM roaming is usually done with a SIM, a Subscriber IdentityModule, also known as UIM or Smart Card. Originally, the SIM was credit-card sized,but now it is just a computer chip packaged so that it can be safely removed.Roaming with a SIM requires removing it from your phone at home and then placingit in a rented phone at your destination. Because your subscription identity (IMSI) ison the SIM, billing will be to the same account. Taking your phone would seem to bemore convenient, but is not possible if the destination country uses differentfrequencies, or even requires different plugs or voltages for your charger.Many CDMA companies are implementing SIM-roaming with GSM systems, or evenputting a SIM in their own phones. If a CDMA phone does not support a SIM, the
CDMA carrier can still provide them to their customers for use when they roam incountries that only support GSM systems.Future ChallengesNo system is perfect, and although ANSI-41 international roaming provides a highlevel of service, there are still has some improvements that should be made. Most ofthese have already been incorporated in standards, but still remain to beimplemented by carriers. Some of the major future challenges for this network are: ○ Transition to global title. This will simplify routing between network elements in different countries. Current international roaming systems work well, but cannot use standard international SS7 signaling gateways. ○ International TLDN (Temporary Local Directory Number). This is very important to routing and should be an internationally formatted phone number, as allowed by IS-41-C and TIA/EIA-41-D. The use of national numbers requires some complex digit translations. ○ Transition to IMSI (International Mobile Station Identity). The use of IMSI will allow each country to assign identifiers to its mobile phones independently. The use of the IRM (International Roaming MIN) requires coordination of each block of one million mobile identifiers through the International Forum on ANSI-41 Standards Technology (IFAST) organization. ○ Roaming with GSM. Several groups are working at improving the services that can be provided to subscribers who roam from a CDMA area, including the GSM Global Roaming Forum (GGRF) G-95 group. This involves interworking of signaling (ANSI-41 and GSM MAPs) as well as billing issues and many business and implementation issues.How did ANSI-41 Evolve?ANSI-41 has grown incrementally through a number of major revisions. Between eachrevision a number of application-specific interim standards (ISs) have beenproduced. The major revisions are: ○ 1983 - AMPS analog cellular started commercial service as standalone systems in Chicago and Washington/Baltimore. It quickly spread throughout the US, into Canada and into other countries. This provided a single standard cellular protocol while Europe had a large number of incompatible standards, each available in only a handful of countries. ○ 1988 - IS-41 Rev. 0 provided inter-system handoff and subscriber validation capabilities. These capabilities were not, in the grand scheme of things, all that important. What was important was that inter-system operations were a reality. They worked and worked well. This standard was published in 1988 and the first field trials were in 1989. ○ 1991 - IS-41 Rev. A added true networking, through the use of SS7 protocols, and the all-important capabilities of location management (letting the HLR know where a mobile is), call delivery, subscriber validation and profile transfer. It was published in January, 1991.
○ 1991 - IS-41 Rev. B was an incremental release over Revision A. The most important advance was to add forward/backward compatibility capabilities to ensure that a mixture of revision levels could co-exist. This was published in December, 1991 and is still in widespread use in systems that just did basic roaming capabilities - making and receiving calls. ○ 1993 - The first CDMA digital standard (IS-95 Revision 0) was published. IS-41 was quickly adapted to provide support for CDMA systems. Although there were now two different digital systems in North America (CDMA and TDMA), nationwide coverage was ensured by dual-mode analog/digital phones, with seamless roaming provided by IS-41. ○ 1996 - IS-41 Rev. C was a major advance over previous revisions, including the ability to incorporate Intelligent Network-like capabilities. This allows the development of services such as PBX-dialing extended worldwide. By querying the HLR, an MSC anywhere can translate an office extension into the real telephone number on a subscriber-by-subscriber basis. Itwas published in 1996. This version incorporated further support for CDMA digital systems. ○ 1997 - TIA/EIA-41 Rev. D was the first version to be approved by ANSI. It included only incremental improvements over IS-41-C. It was published in 1997. ○ 2002 - TIA/EIA-41 Rev. E is nearing completion. Several parts of this very large standard are already being balloted. It further extends the international capabilities of ANSI-41. It includes many enhancements, but notably incorporates IS-751 (IMSI) and IS-807 (global title recommendations), as well as the Wireless Intelligent Network (WIN), Calling Name presentation, data services, over-the-air programming and other capabilities that are currently available as separate IS documents ○ 2002/3 - TIA/EIA-41 Rev. F is being planned. It is likely that this will have enhancements to support better interworking with GSM, packet data support and location-based services.About the AuthorDavid Crowe is the editor of Cellular Networking Perspectives and Wireless SecurityPerspectives, monthly technical bulletins available by subscription. He is a well knownwireless standards consultant, and is a columnist for the Canadian WirelessTelecommunications Associations magazine Wireless Telecom.CDMA Authentication commands description Run CAVE Generate Key/VPM Base Station Challenge Update SSD Confirm SSD Store ESN
Below in this article we will go through CDMA CAVE atuhentication. Initial card values are as follows (some of them will change during authentication process): Start Values IMSI 255074400077067 UIMID A1A2A3A4 SSD A 0000000000000000 SSD B 0000000000000000 A-KEY 0102030405060708Run CAVEThis command is used to produce an Authentication response. The GET RESPONSEcommand shall be used to get the response data. If the SAVE_REGISTER flag is set, somevalues of the cave algorithm are held in the card to be used by the GENERATE KEY VPMcommand. For the calculation of the AUTHR/AUTHU value, the card uses the"Auth_Signature" procedure: Syntax CLA INS P1 P2 Lc A0 88 00 00 11 Data Bytes Description Length RANDTYPE 1 1 (RAND/RANDU) 2-5 RAND or RANDU 4 6 Digits Length 1 7-9 Digits 3 10 Process control 1 11-17 ESN (of the ME) 7 Response Bytes Description Length
The 18-bit authentication 1-3 signature 3 (AUTHR/AUTHU) value Example .DEFINE %RAND32 00000064 .DEFINE %DIG_LEN 00 .DEFINE %DIGITS 000000 .DEFINE %ESN 000000A1A2A3A4 .DEFINE %AUTH 006422 ; .DEFINE %PIN1 30303030 FFFFFFFF .POWER_ON ; A020 0001 08 %PIN1 (9000) ; verify PIN1 A0A4 0000 02 3F00 (9FXX) ; select MF Command A0 A4 00 00 02 Data In 3F 00 Data Out Status 9F 22 A0A4 0000 02 7F25 (9FXX) ; select DF_CDMA Command A0 A4 00 00 02 Data In 7F 25 Data Out Status 9F 22 A088 0000 11 00 %RAND32 %DIG_LEN %DIGITS 00 %ESN (9F03) ; run CAVE Command A0 88 00 00 11 Data In 00 00 00 00 64 00 00 00 00 00 00 00 00 A1 A2 A3 A4 Data Out Status 9F 03 A0C0 0000 03 [%AUTH] (9000) Command A0 C0 00 00 03 Data In Data Out 00 64 22 Status 90 00 ;; it is now time for Generate Key/VPM or for Base Station ChallengeGenerate Key/VPM
This command generates "key bits" and a "VPM key bits". Part of the VPM key bit is given asresponse to the ME. Syntax CLA INS P1 P2 Lc A0 8E 00 00 02 Data Bytes Description Length First octet of VPM to 1 1 be output Last octet of VPM to 2 1 be output Response Bytes Description Length 1-8 Key 8 9-* VPM Key part * (*) the number of VPM bytes varies as specified by command parameter. Example ;; run Cave just executed .DEFINE %KEY 933A0DC379956849 .DEFINE %VPM C2264FC8D8D0 A08E 0000 02 3B40 (9F0E) ; Generate Key/VPM Command A0 8E 00 00 02 Data In 3B 40 Data Out Status 9F 0E A0C0 0000 0E [%KEY %VPM] (9000) ; 8 bytes %KEY, 6 bytes %VPM Command A0 C0 00 00 0E Data In Data Out 93 3A 0D C3 79 95 68 49 C2 26 4F C8 D8 D0 Status 90 00 .POWER_OFF
Base Station ChallengeThis command is used to generate the RANDBS random value.The random value is held until a successful UPDATE SSD, otherwise it is lost.The GET RESPONSE command shall be used to get the response data of this command. Syntax CLA INS P1 P2 Lc A0 8A 00 00 04 Data Bytes Description Length 1-4 RANDseed 4 Response Bytes Description Length 1-4 RANDBS 4 Example ;; run Cave just executed A08A 0000 04 11223344 (9F04) ; Base Station Challenge Command A0 8A 00 00 04 Data In 11 22 33 44 Data Out Status 9F 04 A0C0 0000 04 (9000) Command A0 C0 00 00 04 Data In Data Out 33 2F F9 DF Status 90 00 ;; and now - time for Update SSD, Confirm SSDUpdate SSDThis command performs the calculation of a new Shared Secret Data (AUTHBS, SSD_A_NEWand SSD_B_NEW). These values are held until a successful CONFIRM SSD, otherwise they arelost. The card uses either ESN or UIMID (stored in EFUIMID) depending on the value stored inEF R-UIMID:
Syntax CLA INS P1 P2 Lc A0 84 00 00 0F Data Bytes Description Length 1-7 RANDSSD 7 8 Process Control 1 9-15 ESN 7 Response: 9000 Example ;; Base Station Challenge just executed .DEFINE %RANDBS R .DEFINE %AUTH 00750D .DEFINE %RANDSSD F24F2B0A9983D3 A0 84 00 00 0F %RANDSSD 00 %ESN (9000) ; Update SSD Command A0 84 00 00 0F Data In F2 4F 2B 0A 99 83 D3 00 00 00 00 A1 A2 A3 A4 Data Out Status 90 00 ;; and, finally, Confirm SSDConfirm SSDThis command is used to validate the new Shared Secret Data (SSD_A_NEW andSSD_B_NEW) by comparing the AUTHBS value calculated by the UPDATE SSD command withthe AUTHBS received from the system. If successful, SSD_A and SSD_B values are updatedin EF SSD. Example ;; Update SSD just executed A0 82 00 00 03 %AUTH (9000) ; Confirm SSD
Command A0 82 00 00 03 Data In 00 75 0D Data Out Status 90 00 .POWER_OFFStore ESNThis command is used to store the ESN of the ME into the EF ESN_ME file and return a flagindicating if ESN_ME is different from the previous ESN which was stored in EFESN_ME. Itmodifies the value stored in the EF R-UIMID. No modification are involved if the file isinvalidated. EF R-UIMID is always 0x00 (Usage Indicator Preference is RFU). Syntax CLA INS P1 P2 Lc A0 DE 00 00 08 Data Bytes Description Length ESN_ME Length 1 and ME Usage 1 Indicator Preference 2 - (X+1) ESN_ME X (X+2) - 8 Padding bytes 8-(X+1) Response Bytes Description Length Change Flag and 1 Usage Indicator 1 Confirmation EUIMID Migration: How To Overview • Existing hardware identifiers, ESN (Electronic Serial Number) and UIMID (User Identity Module Identifier), are almost completely depleted • A replacement mobile device hardware identifier is available – MEID (Mobile Equipment Identifier) • A replacement RUIM (Removable User Identification Module) identifier is available – EUIMID (Expanded UIMID)
• Networks need to be upgraded to support these new identifiers• New devices, such as phones and RUIMs must be capable of supporting these new identifiers• Operators must provision phones, RUIMs, back office systems and network databases with the new identifiers New Identifier: EUIMID• EUIMID – New identifier designed to address the exhaust of the UIMID resource• Two different formats of EUIMID ○ Short Form EUIMID (SF_EUIMID) – Share the same address space as the MEID. RUIM card manufacturers are allocated MEID manufacturer codes in the same manner, and from the same range, as handset manufacturers ○ Long Form EUIMID (LF_EUIMID) – This is equal to the value of the ICCID of the card SF_EUIMID: Short Form EUIMID SF_EUIMID – 56 bits identifier based on the MEID format When the SF_EUIMID is used, bit 2 of the Usage Indicator describes whether the SF_EUIMID of the card replaces the MEID of the device wherever it is used It is recommended that RUIMs be provisioned to provide not only a pUIMID but also the SF_EUIMID to override the phone’s MEID. This will, however, not allow EIR (Equipment Identity Register) capabilities Advantages Disadvantages ○ Familiarity ○ Card requirement - SF_EUIMID represents a - Cards which do not support minimum change from SF_EUIMID will not be able to current operation, where the override the device MEID UIMID overrides the device ESN ○ Stolen Phone - Device MEID is unlikely to be ○ Retrievable transmitted to the network, it - Available from MS in either is not possible to take the Status Response advantage of the new Message, or the Extended X.S0008 CheckMEID Protocol Capability Response operation to track lost/stolen Message (both methods phones through require the device itself to communications with an EIR have an MEID) ○ Common Identifier - Both the card and device
can be managed by a commonly formatted and administered 56 bit identifierLF_EUIMID: Long Form EUIMIDLF_EUIMID – 72 bits identifier based on the ICCID formatThe ICCID already exists on all RUIMs for all technologies Advantages Disadvantages ○ Simplicity ○ Not retrievable - ICCID already existed in the - This can have impact on card OTASP session, where there - No new storage may be a need to receive a requirements in terms of files unique card identifier in order on the RUIM to support to access card specific LF_EUIMID information - Administration procedures - New standards is currently are already established for in progress to retrieve the ICCID LF_EUIMID over the air ○ Backward compatibility ○ Long Identifier - As no new data structure, - 72 bit ICCID, if used to track current cards (that may not the card, will require separate support C.S0023-C) can handling from the device simply have pUIMID MEIDs programmed into the EFRUIMID file on the cards ○ Manufacturer Code ○ EIR Support Limitations - Countries with 3 digit - Device MEID remains telephony country codes are available to the network, use restricted to only 100 unique of LF_EUIMID allows the manufacturer codes. 2 digits – implementation of an 1000, 1 digit – 10,000 Equipment Identity Register to track/block lost/stolen devicepUIMID (Pseudo-UIMID)
pUIMID – A 32 bits identifier derived from EUIMID (either Short or Long Form), used in place of the UIMID pUIMID consists of an 8 bit reserved manufacturer’s code (Hex 80) and a 24 bit hashed EUIMID Derivation of the pUIMID Provide 16,777,216 pUIMID from this method The pUIMID is derived from the EUIMID in the same manner as the pESN is derived from the MEID (therefore shares the same space as the pESN) Authentication Authentication is performed on the basis of the pUIMID. The SF_EUIMID, if included, will not be used for authentication calculations. A-KEY checksum calculations should use the pUIMID as an input for verification.What is USSD Source: TruTeq University USSD (Unstructured Supplementary Service Data) is a unique service for mobile networks comprised of two-directional session-based exchange of unstructured data in GSM mobile networks. USSD technology is defined in GSM standard 02.90 (USSD Stage 1) and 03.90 (USSD Stage 2). The USSD service supports high-speed real-time information exchange between subscriber and service application. Originally, Supplementary Services Data was designed for use where
supplementary services such as call forwarding or multiparty calls were needed. Forinstance, a call-forwarding option is needed for all incoming calls. Such service canbe activated by this command: **21*#. There is a whole set of preset commands forcall-forwarding and for other purposes that work on all GSM telephones.Combinations that have not been reserved can be used for other services.The USSD bearer is accessed by calling a number that starts with an asterisk (star) orgate (hash) characters ("*" or "#") and then a combination of numerals, asterisks andfinally a gate or hash character "#". A handset recognizes such numbers and useëthe USSD bearer instead of a voice call. Instead of calling another subscriber or aservice, the handset communicates with the USSD infrastructure. The subscriberdoes not have to get special software for the handset or special SIM cards to be ableto use USSD.Unstructured Supplementary Service Data is a capability of all GSM phones. It isgenerally associated with real-time phone services. There is no store-and-forwardfunctionality typical of normal short messages (in other words, an SMSC is not usedin processing). Response times for interactive USSD based services are generallyquicker than those used for SMS. After entering a USSD code on your GSM handset,reply from an GSM operator is displayed within a few seconds. USSD Phase 1 onlysupports mobile initiated operation (pull operation). USSD Phase 2 specified supportsnetwork initiated operation (pull and push operations). Therefore, Phase 2 providesfor interactive dialogues.GSM handsets supported USSD from the first days of GSM. Phase 2 has beensupported for years and over 99% of handsets currently in use can use USSDsessions. Our technical support department agrees that almost all telephonessupport USSD. There are, however, exceptions: for instance, old Siemens phonesdisplay USSD-messages as a moving line that severely limits interaction with theUSSD menu (and if the subscriber does not know she will not understand what to do).Most handsets also support NI USSD (network initiated USSD), also called "USSDPush". With NI USSD, the network can push information to the subscribers handset.Where is USSD push used? USSD push does not manifest itself (the phone will notring, make sounds or vibrate) so that in order to get a message a user has to look atthe display at the very moment USSD push has come. Therefore, USSD push is usedin mixed services: a user sends an SMS or makes a call and in return gets a USSDmenu.Another important fact about USSD is that messages from handsets to the numbers100-149 always route to the home network. This means that if you are roaming inanother network, dialing a USSD number from 100 to 149 on your phone will alwaysroute to the application on your home network. If you are used to accessing aparticular service in your home network, then you will also be able to access it fromanother country. USSD codes other than within 100 and 150 are routed at discretionof a guest network.
USSD compared to SMS USSD differs from the other short message bearer, SMS, in a number of significant ways. It is not a store-and-forward bearer like SMS, but a transparent session-based bearer ideal for transacting. Information is delivered and responses obtained in real-time. Simply put, USSD is similar to speaking to someone on a phone as SMS is sending a letter. USSD is also not a point-to-point bearer such as SMS. One subscriber cannot send another text using USSD unless there is a special network application offering such an application. One can send 182 characters using USSD, but SMS only allows for 140 x 8-bit, or 160 x 7-bit characters. Like SMS, USSD uses the GSM control channels for data transfer. SMS and USSD both use the SDCCH (stand-alone dedicated control channel) when the handset is not in a call. When the handset is busy with a call, USSD will use the FACCH (fast associated control channel) with a significant improvement in transfer speed (1000 bits/second). This use of the SDCCH channel leads to the one drawback with USSD. Because the SDCCH channel is also used by GSM for call-setup, many open USSD sessions may limit new call-setups in congested networks. In practise, this doesnt happen often and GSM Network Operatorss can upgrade the radio resources in highly congested cells to prevent this from happening. Unlike SMS, the subscriber does not have to create a message. The USSD call string can even be stored in the phone book under a name. Some applications will also allow menu shortcuts where the subscriber can add the menu item selection after an "*" seperation character. In our earlier example, the user might create a phonebook entry call "Pretoria Weather" with the number *150*1234*12*3#. The additional "*3" denotes menu selection 3. On a GSM network level, the USSD Gateway is defined as a gsmSCF (GSM Service Control Function), whereas an SMSC is defined as another HLR (Home Location Register).Routing and Rating Historically, USSD Gateways have extremely limited routing and billing functionality and are limited to signalling. "Routing and Rating" platforms need to be added to the USSD Gateway to deconcentrate the connectivity to hundreds of application and content providers. When subscribers dial the published USSD strings, the Routing and Rating platform routes the sessions to the correct application via an interface such as XML over HTP, SMPP3.4, or SSMI.
The application must accept the session and serve the appropriate menu to the subscriber. The Routing and Rating platform maintains the session and will generate billing tickets for the billing system for post-paid subscribers and reserve funds and debit prepaid accounts. Depending on the sophistication of the Routing and Rating platform, the subscriber can be billed based on a once-off cost, the number of menu transactions, or the time spent browsing the menus. Due to the fact that an open USSD session takes up network resources, the time- based model is usually deployed and subscribers are encouraged to browse the menus quickly. For roaming subscribers, the service code is always sent back to the home network.Applications The menus are served by applications. This may not be at the GSM network operator, but at a content provider connected to the USSD infrastructure. Applications or content can therefore be served from: • Standard supplementary services • GSM Network Operators value-added services • Third party content and application providers Standard supplementary services The supplementary services are the standard offerings as described by the ETSI standards. These services are accessed by the handset without the need for the subscriber to know the codes. When the subscriber selects an action on the handsets internal menu, the handset will communicate with the GSM. Even though the handset hides the complexities in accessing the supplementary services, it is still possible to access them directly using USSD. One example of such a service is call forwarding. The service codes associated with call forwarding service, are 004, 21, 61, 62 and 67: All Service All Calls If No Reply If Unavailable If Busy Conditional Diverts **21*[dest **61*[dest **62*[dest **67*[dest **004*[dest Forwarding number]# number]# number]# number]# number]# Activate *21# *61# *62# *67# *004# Deactivate #21# #61# #62# #67# #004# Delete ##21# ##61# ##62# ##67# ##004# Check Status *#21# *#61# *#62# *#67# *#004# • These service codes are fixed and all GSM handsets will be able to use them to provision the relevant supplementary services.
GSM Network Operator services These services include value-adding services such as airtime top-up, airtime transfer, call-back services and prepaid roaming. The Network Operator service codes depend on the routing inside the GSM Network Operators and may be anything in the range 1XY, where X = 1,2,3,4 and Y=1,2,3,4,5,6,7,8,9 As an example, a call-back service to alert subscriber 0855551234 that another subscriber want to be called, might be *120*0855551234# The menu items could also be embedded in the dial string, so that an airtime transfer string might look like: *123*1234*2*0855551234# where "1234" is the pin number, "2" is the menu item for airtime transfer, and "0855551234" is the target number. Third Party Content and Services - application examples By connecting to the routing and rating platform on a USSD Gateway, third parties can offer services to all the subscribers on a GSM network. Some examples of USSD applications include: • Information services such as weather forecasts, traffic, news, geo-location services, directory services etc. • Entertainment services such as games, sports etc. • Lifestyle services such as dating, horoscopes etc. • Financial services such as airtime top-up, banking etc.R-UIM Tool Cave: Tool verifies Cave authentication, Update SSD, Confirm SSD commands CDMA2000: Tool verifies Compute IP 3GPD commands: HRPD, Simple IP, Mobile IP authentication commands Scan R-UIM: Performs R-UIM scan to build card file tree structure, and 3GPP2 standard compliance CDMA ST: Check the integrity of card and CDMA service table PRL: Update PRL, Extended PRL on the card Others... Additional features like to calculate CDMA specific parameters (IMSI_M, A-KEY crc, 3GPD Shared Secrets, etc) USIM Tool: The tool now has many useful functions to work with (U)SIM cards
18.104.22.168 Current version released 08-FEB-2011. Professional CDMA, GSM, UMTS support and consulting Download View Price Buy License Snapshot Buy with WebMoneyxOTA: Over-The-Air Tools and Services xOTA: PC software to create and test GSM 03.48 Envelopecard functionality Platform: We develope and run OTA capmaign according to your requiremets Flexibility: GSM 03.48 standard, proprietary solution, and CDMA standard supported Pilot: We are always open to perform a pilot, fast and reliable Cost Effective: Rent or Buy? You can choose any option to satisfy your needs the best way Network Access: xOTA tool supports network card readers over TCP/IP Questions? Contact us! Download More info
APDU Logger and Analyzer Visualization: It is an analysis tool that visualises the data exchanges between a Smart Card and Smart Card Reader (i.e. mobile handset, POS terminal, etc), with a very deep level of interpretation Debugging: The tool helps in debugging and analysing Smart Card communications 22.214.171.124 Current version released 29-NOV-2010. 00112 Current firmware build Try and Buy: Contact us and we discuss possibility of sending you the hardware to try it. Download Download FirmWare Manual Green Spy Flyer Snapshot2G + 3G/4G Auhtentication All Standard Algos: Powerful COMP128-1, COMP128-2, COMP128-3 and MILENAGE calculation Xor: Test AKA (aka XOR) algorithm is also supported Commands: Tool executes and verifies 2G and 3G Authentication commands,
including Run GSM Algo, 2G Virtual Context, and 3G Synchronisation Failure APDU Scripts: Detailed Authentication APDU scripts available for exploration Easy to use: Two-click card Authentication Standard: 3GPP Specifications compliant 4G: KASME derivation is now supported Download Demo View Price Buy Full Version Buy with WebMoneyCipher Box DES: DES and Triple DES (ECB, CBC) encryption and decryption AES: AES (Rijndael) 128-bit key encryption and decryption Hash: MD5 and SHA1 hash calculation RSA: RSA key generation, Encryption, Decryption, Signing and Sign Verification Others: Simple but yet powerfull ASCII expand/collapse, EMV MAC, XOR calculations GSM: 7-bit GSM Packing and Unpaking functionality HMAC: Keyed hashes (MD5, SHA-1, SHA256) have been implemented Download
cap2java: javacard decompiler Decompiler: Reconstructs .java source code from .cap file Flexibility: Different levels of source code optimization Smart: Intellectual analisys for naming of valiables, arrays and functions Javacard 2.1.1: Javacard Virtual Machine v. 2.1.1 .cap file format supported Javacard 2.2: Will be available soon Final java: .java source code is ready to be compiled again Coming soon: cap2java will be available in November 2010 View Price More infoAPDU Script Assistant & Network Reader Network Access: Network access to any PC/SC compliant smart card reader over TCP/IP stack Script Assistant: Powerfull APDU script Assistant to edit, manage and run APDU scripts on local or network reader At-Hand-Commands: Tool stores most frequently used script in database to be always ready executed (like Select MF - Get Response, or Change PIN1) Download Roaming