[X]Assistant

[win_mob]

Radio control

Mr. “X” buys a GSM mobile station (8 W output power, 2MS class) and a personalized SIM card for the D-1 network from the D-1 dealer. After embedding the mobile station in the car, he leaves.
1. It turns on the mobile station and inserts the SIM card into the card reader, but it is not ringing yet.
The mobile station is in idle mode and conducts the cell selection / reselection process, i.e. the device, if possible, adapts to work with the radio cell as follows:
After switching on, the mobile station first checks for the presence of “VSSN information”, i.e. list of frequencies of VSNS of potential neighboring base stations, in the device itself or in the SIM. Because the device is turned on for the first time, this information is still missing. In this situation, the receiver of the mobile station sequentially at intervals of several seconds is tuned to all 124 GSM channels and conducts the corresponding measurements of the receiving power. Then, the receiver tunes to the frequency with the highest signal level at the reception and checks whether a suitable cell is transmitted there (“suitable cell”) to which the mobile station can tune (camp on the cell).
In order for a cell to be considered suitable, three criteria must be met:
1. The cell refers to the corresponding network (“selected PLMN”), i.e., in this case, the D-1 network.
2. Honeycomb is not blocked.
3. The C1 path availability criterion (“path loss criterion”) is met.
Item 1 is fulfilled if the mobile country code (MCC) and mobile network code (MNC) emitted in the system information elements ("system information type 1 ... 4") correspond to the information stored in the SIM card memory.
Clause 2 is executed if the CELL_BAR_ACCESS flag transmitted in the HSCH system information is also set to zero.
Clause 3 is completed if the reception level is higher than the minimum level specified by the hundredth RXLEV_ACCESS_MIN taking into account the correction factor Min {MS_TXPWR_MAX_CCH}, Pmax (MS) which should be understood as follows:
There is a typical reception level (DAWNLINK) RXLEV_ACCESS_MIN in a cell, which at a minimum must be received by a mobile station from a base station transmitting with maximum power BS_TXPWR_MAX in order to be able to confidently decode the signal. Given the channel attenuation reversibility from MS to BS (radio channel reversibility property), it should be assumed that the mobile station can be received by the base station if the MS has MS_TXPWR_MAX_CHH transmit power (this value should be appropriately designed during frequency-spatial planning).
However, it may happen that a given mobile station, which would have to transmit with a power of 20 W (43 dBm) so that the BS can receive it, can transmit only with a power of 2 W (33 dBm). To account for this difference, the difference of 10 dB is superimposed on the value of RXLEV_ACC_MIN. Thus, the MS avoids the misperception of channel availability.
This criterion is very important, because all cells that do not correspond to it will be ignored by the mobile station.
The value is calculated as follows:
C1 = Reception level - (RXLEV_ACC_MIN + correction factor).
The criterion is met if C1> 0.
Mr. "X" is just passing through the terrain, where, as an exception, base station D2 is better received than base station D1. The mobile station tunes in to the channel with the highest reception level, and checks if a HCH is available. Initially, a frequency correction channel (FCH) is searched, which serves to fine-tune the frequency of the synthesizer to compensate for the errors in the LO frequency of the master oscillator and the doubling effects arising from the vehicle speed. Next, the synchronization channel (SCH) is searched, which serves for synchronization with bit accuracy and thus transmits the current frame number of the TDMA, as well as the BSIC and at the same time the TSC BCCH. With all this information, the MS may now attempt to decode the BCHN.
Because in this case, we are talking about the base station D2, the MS, although it matches the MCC code (262 Germany), but at the same time the difference in the MNC code is determined (D1 = 01, D2 = 02). In this regard, the MS refuses to work with this cell and begins to work with the channel having the next signal level in power.
Here, the MS determines that it is an open-access cell D1 (CELL_DFR_ACCESS = 0). The reception level is -93 dBm, RXLEV_ACC_MIN = - 96 dBm and MS_TXPWR_MAX_CCH = 43 dBm. Because it has a transmission power of 39 dBm, it needs to add 4 dBm to RXLEV_ACC_MIN, after which it finds out that the channel availability criterion is not met. MS again refuses to work with the hundredth. However, since This time it was a D1 cell, the MS uses its BCCH information catalog, namely the list of all frequencies of the neighboring D1 stations. Among these frequencies, she finds the one that has the highest level of reception.
The reception level is 95 dBm, RXLEV_ACC_MIN is 96 dBm, and MS_TXPWR_MAX_CCH is 39 dBm. Access (CELL_BAR_ACCESS) is allowed, i.e. The mobile station has finally found a suitable cell (“suitable cell”) and can begin the initial registration in the network (“location registration”).
4. Mr. “X” noted with satisfaction that his device was registered on the network. He goes on, still not going to call. At the same time, he enters a different coverage area.
The mobile station calculates that the C1 value of the neighboring cell, the transmission frequency of which it took from the HCHS system information, already exceeds the C1 value of the cell in which it was just registered, and with which it communicated, despite a lack of conversation (“ cell "). If the cell belongs to the same “location area”, the cell reselection process (“cell reselection”) should immediately take place, i.e. MS should reconfigure to work with the next hundredth. The network would know nothing about it, i.e. the network does not receive any additional information about the transition to another cell.
However, the MS determines that the neighboring cell transmits another “location area code” (LAC), i.e. moving to another cell would require a “location update” message.
The determination of which “location area” a particular cell refers to occurs arbitrarily in the network planning process. A “zone of location” is the minimum territorial unit that is known for HLR or VLR. When a call is made to a mobile station (“paging”), this call must be transmitted by all BSs in the same “location zone”. Thus, when planning “location zones”, it is necessary to find agreement between a high call load (Paging Last) of a large location zone and a large load due to the Location Update when using small “location zones”.
In order to prevent high loadings due to Location update, which bring the network load to the operator, but do not give tariffs, more often than is urgently needed, the MS should further reduce the value of C1 for hundreds of other location zones by the value of CELL_RES_HYST (CELL_RESELECT_HYSTERESIS). The value of CELL_RES_HYST is accordingly reported in the BCCH information.
Only if the value
C1 '= C1 (new cell) - CELL_RES_HYST of a new cell of another location area exceeds the value of C1 of all other available cells of the same location area, MS can retune to this cell.
Because Mr. X’s mobile station is already clearly located in a new area, the condition for re-registration has been fulfilled, and the mobile station transmits a requirement for a location update to a new cell.
5. Mr. "" "gets into a traffic jam and turns off the motor. Due to an error in connecting the wires in the car, the mobile station also turns off at the same time. Since Mr." X "wants to inform his wife about being late, he first re-enables the motor. After re-enabling the MS, it first re-conducts the cell selection process of the cell selection process, however, the BSSN allocation, i.e., the list of the BCHCH frequencies received from the last BS with which the MS worked, has already been added to the memory block. Therefore, the MS is not requesting all 124 HSSN frequencies, but only those that were indicated in the “HSCN allocation.” Thus, He quickly finds the cell in which he was previously registered, since all the “3 Cell Suitability Conditions” (see above) are fulfilled simultaneously (see above), the MS checks whether the location zone code (LAC) has changed in the intervening time and did not work Timer 73112 (periodic location update timer). Neither happened, and the MS assumes that it is spelled correctly.
6. Finally, Mr. “X” decided to call his wife. He picks up the phone, dials the number and presses the "SEND" button.
Until now, the MS was in the “idle mode” mode. After the transmission of one or more communication request signals (random access bursts) from the MS and the subsequent assignment of the SDCCH signaling channel, this mode changes to the “connected mode”.
The most important differences between the “idle” and “connected” modes in terms of Radio Link Control are:
1. In addition to the connection along the “down” line, the connection is also performed along the “up” line;
2. Radio control is no longer carried out by the mobile station, but by the base station.
Simultaneously with the assignment of the SDCCH signaling channel (dedicated channel) or the TCH communication channel, the slow associated control channel, which is rigidly associated with the channel, is also assigned.
Immediately after assignment of the signaling channel, the MS starts transmitting, through the SACCH to the BS, measurement data for the errors of the channel bit discharge and the reception level of the channel of its own station, as well as measurements of the BCCH frequency in the form of “measurement results”.
Mainly
• receive level of the RXLEV_DL own cell,
• error rate of the binary digit of the RXQUAL_DL channel of the own cell,
• RXLEV_NCELL, BSIC_NCELL and HSSN frequency, a maximum of 6 strongest neighboring cells.
At the same time, BS starts measuring
• reception level of the RXLEV_UL mobile station,
• reception quality (value of binary bit errors) of the RQUAL_UL signal transmitted by the mobile station.
Each time measurements are performed on the full SACCH multiframe, i.e. for 480 ms. The exact duration depends on the type of channel. For simplicity, the abbreviation Tsacch will be used to denote the length of the period.
The measurement data of the channels "up" and "down" in the complex are transmitted from the BS to the controller at intervals of Tscch. After receipt of the first measurement data on the controller, the following radio communication control processes begin:
1. The process of allocating averages (Preprocessing),
2. The process of adaptive adjustment of transmitter power (Power Control Process),
3. The process of comparing the thresholds for the transfer of communication (Handover Comparison Process).
The process of allocating averages (Preprocessing)
Measurement data, primarily level measurement data, is subject to, among other things, significant fluctuations in field strength (Fading). In order, despite this, to derive sufficiently reliable data from the measurement data, the procedure of extracting the corresponding average values ​​is carried out.
The length of the window of selection of average values ​​depends on the purpose of the initial value. In the D1 network, for each cell, there are 6 adjustable by width windows for selecting the averages A _ *** _ *** (see Fig. 1).
In general, we can say that large windows for selecting average values ​​provide fairly reliable solutions, the adoption of which takes, however, considerable time. Small windows of the selection of averages give the opportunity to quickly obtain results, which, however, give a large dispersion and often lead, therefore, to making wrong decisions. The compromise that must be found for a particular cell must take into account the purpose of the source data, the typical qualities of the oscillations of the field strength (the task of the coverage measurement system) and dependence on other processes.
Figure 1 The lengths of the selection of averages and corresponding thresholds. (missing)
Establishing a connection was successful, Ms. "X" picked up the phone after a few seconds. The quality of communication is very good, because Mr. "X" is located near the base station.
For the first access to the network, MS used MS_TXPWR_MAX_CCH power. This power in close proximity to the BS is unnecessarily high, which leads to increased power consumption and emission of an increased interference signal, which should be avoided as much as possible (each emitted GSM radio signal is a useful signal only for its recipient, for other elements of the GSM network this signal is also an obstacle) . Therefore, after the averaging process provides the first measurement data, the process of power control in the controller (Power Control) begins to reduce the power of the mobile station and the BS.
Adaptive transmitter power control process (Power Control Process)
The task of the Power Control Process is to adjust the power of the BS and MS transmitter to the conditions of the radio field so that, on the one hand, at the expense of sufficiently high power, to ensure reliable communication and, on the other hand, at the expense of the minimum possible power, to ensure a sparing mode of expenditure of the limited MS battery capacity and minimizing the level of interference in the network.
Mobile stations should have a normal range from maximum power to 13 dBm (20 mW) in 2 dB steps (GSM recommendations, В§ 4.1.1).
For the BS from the GSM side, there are no specific definitions, since downlink control (Downlink Power Control) is optional; the recommended range is up to 15 steps of 2 dB.
In the D1 network, downlink power control is also used in principle.
Thus, at all frequencies, the processes of Downlink Power Control and Uplink Power Control occur with one exception:
so that the obtained MS values ​​of the measurements of the level of neighboring cells (RXLEV_NCELL (n)) are not subjected to distortions, it is not allowed to deviate from the BS_TXPWR_MAX value at the HCHF frequency. For details, see the GSM recommendations, clauses 7.1 and 8.1.3.
The Downlink Power Control and Uplink Power Control processes run independently in the controller using the same method. Therefore, here we will talk only about Uplink (MS) Power Control.
After each time interval Tscch, all newly obtained measurement data (in this case AV_RQUAL_UP_PC, AVRXLEV_UL_PC) are compared with the corresponding threshold values. If one of the values ​​exceeds the threshold, a signal is sent for correction in the opposite direction (Power Command), with the size of the steps regulated by the control and maintenance system (O & M) (Fig. 2).
Due to the signaling time of the signaling system, the time to change the power and the required duration of the selection of average values, it takes some time until new measurement data appear that determine the transmission with the changed powers due to the change in levels. For this reason, standard dead time zones are provided, as determined by the P_CON_INTERVAL timer. The dead time zone should be carefully aligned with the process of extracting averages.
After changing the power, the process can continue only after the controller receives confirmation from the mobile station of the new transmitter power.
Naturally, the process must constantly ensure that a command is not given to use power that cannot be implemented by system elements.
8. In parallel with the Power Control process, the comparison process for the Handover is constantly underway (reconfiguring to work with a new cell), which is restarted each time similarly to each newly calculated average value.
In general, the D1 network has 4 technical rationales for initiating a Handover:
1. Too bad level (Uplink and Downlink),
2. Binary system error level is too high (Uplink and Downlink),
3. The maximum allowable distance to the base station is exceeded, or
4. There is a neighboring cell with a lower attenuation of the radio field (the best Power Budget PBGT (n)).
While the first three reasons should lead to a reconfiguration to work with a new hundredth - Handover, to keep in touch during a conversation, the fourth criterion is a kind of “luxury” criterion, which should allow continuous work with the hundredth attenuation. radio field to constantly work at the lowest possible power.
The task that the controller should solve is to determine the attenuation of the radio field not only of its own BS, but also of neighboring BSs.
The controller receives the values ​​of RXLEV_NCELL (n) from measurement messages (measurement report) of a mobile station, MS_TXPWR_MAX (n) values ​​from its O & M database, which, among others, must also have these parameters. On this basis, attenuation of the radio field of its own and neighboring cells is constantly calculated and compared with each other. For all neighboring cells, in order to preserve the stability of decision-making and greater freedom in determining the cell boundaries, the hysteresis term HO_MARGIN (n) is taken into account.
9. Mr. "X" is in a hurry to get home and quickly drives on. Gradually, he leaves the coverage area of ​​the new cell.
Initially, a good level quickly decreases, while increasing the level of errors of the binary system. However, Mr. "X" does not notice this, because due to an error correction process based on a high level of coding, up to a certain level of errors corrects almost all errors.
Gradually, the measurement data fell so low that the Power Control process commands the use of maximum power.
After this, the Handover comparison process, which until now could not find the best cell in the PBGT (n), that the downlink (Pegel) communication level was too weak. Because It has already been noted earlier that the transmitter power is already maximum, an alarm is given to the Handover Decision algorithm that it is necessary to carry out a Handover due to the “Downlink level”.
In principle, the handover comparison process should only constantly check whether the average value of measurements is not inferior to the threshold value, or whether there is access to the best cell, and provide relevant information.
Until now, the “Intracell Handover” has not been mentioned, which is next to the above-described “real” versions of the Handover, i.e. variable cell, occupies a special place, because no cell change occurs.
The goal of Intracell Handover is to switch to another channel of the same cell in case of interference from the original channel, in search of better quality of communication.
An interference situation is detected by a high level in combination with a high binary error value.
Result Conclusion
Downlink communication is too bad (AV_RXQUAL_DL_H>L_RXQUAL_DL_H) and BS power maximum handover cause downlink signal quality
The uplink link is too bad (AV_RXQUAL_UL_H>L_RXQUAL_UL_H) and MS power maximum handover cause up uplink signal quality
Downlink communication level (Downlink-Pegel) bad (AV_RXLEV_DL_H
Uplink link level (Upwnlink-Pegel) bad (AV_RXLEV_UL_H<L_RXLEV_UL_H) MS power maximum handover cause upnlink signal strength
PBGT (neighbor cell) - HO_MARGIN (neighbor cell)>PBGT (own cell) handover cause better cell
The distance is too large (timing advance>MS_RANGE_MAX) handover cause distance
Downlink communication is too bad (AV_RXQUAL_DL_H>L_RXQUAL_DL_H) but the downlink communication level (Downlink-Pegel) is very good (AV_RXLEV_DL_H>L_RXLEV_DL_H) Intracell handover
Uplink link level (Upwnlink-Pegel) too bad (AV_RXLEV_UL_H L_RXLEV_UL_H) Intracell handover
Fig. 3: Decision criteria for the comparison process for performing a cell change (Handover Comparison Process)
10. The quality of communication has become so bad that Mr. “X” is no longer believing the advertising slogan “digital communication = communication without interference”. However, just at that very moment, when he already wanted to hang up, there was a short click and the connection became clear and clear again.
The Handover Comparison Process determined the need for a Handover due to the “downlink signal strength”, i.e. The process has identified the presence of problems by not taking independent remedial measures.
The next step, namely, checking the availability of target cells for a Handover, as well as which of the cells is the best from a radio engineering point of view, is the BSS handover decision process.
For all cells declared in the last seconds (depending on A_PBGT_HO), their compliance with the criterion of the channel suitability is initially checked, similar to the C1 criterion:
C1ho (n) = RXLEV_NCELL (n) -RXLEV_MIN (n) -MAX {0, MS_TXPWR_MAX (n) -P}
P is the maximum possible output power of the mobile station, i.e. in our example, 39 dBm.
For all cells that meet the condition C1ho>0 the corresponding check of РВGТ (n) value is carried out. Then a Handover Requiered Message requirement is generated and transmitted to the MSC. The message contains information about the cause of the Handover and a list of available neighboring cells. The information is ordered by size РВGT, i.e. The “desirable candidate” with the best PBGT indicator comes first, then second in quality, and the like. Thus, there is room for maneuvering if the “Handover Request” request for the “desired candidate” is rejected.
The list may have a maximum of “n” candidates (n is also an O & M parameter).
Usually, the “Handover Request” is followed by the “Handover Request Acknowledge”, which is transmitted to the mobile station processed as the “Handover Command”. Handover Command contains all the information that a mobile station needs to communicate with a new cell, including an accurate description of the channel.
The mobile station is registered in the new cell by the “Handover Burst” in order to save time not on the Random Access Channel, but directly on its new communication channel TSN. Thus minimization of the break time in the conversation is achieved.
As soon as the mobile station sends the “Handover Complete” command to the new cell, the connection with the old cell to the MSC is interrupted (the control is provided by timer T. Thus, the Handover process is completed.
Not every inter cell handover procedure has to be done through the MSC. If the cell to which the link is transmitted is connected to the same controller as the previous cell, which will occur quite often, the controller is able to perform the Handover procedure itself, giving the MSC about Handover only the “Handover Performed” information. This handover is called the “Internal Intercell Handover”. This decision-making right of the controller may, if necessary, be transferred to the MSC by changing the EN_BSS_HO.
11. Mr. "X" is still ringing. He is now almost in the center of the cell and the call quality is very good. The Power Control process has already significantly reduced transmitter power. However, Mr. “X” needs to drive through a 200-meter-long tunnel, and he is not surprised that the quality of communication becomes very poor. However, even before it leaves the tunnel, the quality of communication again rises to an acceptable level.
Naturally, in a tunnel, the field strength is significantly reduced if the tunnel is not provided with radio engineering coverage due to special measures. The error level of Mr. X’s binary communication system has significantly decreased, so that the SACCH control channel could no longer be decoded. In this case, the BS and the MS begin, at each un-decoded SACCH-Multiframe, to recalculate their S (RadioLink Counter) counter, which is previously occupied by the maximum RADIO_LINK_TIMEOUT value provided for the cell, down one. If the frame is decoded, it is recalculated to the big side by 2.
Both the BS and MS interrupt the connection as soon as this counter reaches the value 0 (“Radio Link Failure”).
Additionally, there is another threshold THRES_PC_RLF in the D1 network. As soon as the counter S in the BS reaches a level below this value, a command is given to immediately turn on the maximum power on both the BS and the MS. In this way, the threat of interruption of communication should be avoided, and thus it can be explained that the quality of communication in Mr. “X” has increased again in the tunnel.
12. Mr. "X" leaves the cell coverage area. Unfortunately, the development stage of the network has not yet reached such a level that a new cell becomes available, which could accept this connection. Therefore, after some time, the connection is completely interrupted.
However, Mr. X is almost at home and does not feel any particular problems due to communication failure.
The resulting measurement averages again result in the Handover Comparison process deciding whether to conduct a Handover. However, the BSS Handover Decision algorithm does not find a cell that meets the C1ho criterion. The truth is there is a honeycomb, which can be received with a level of -100 dBm, which, under the best of circumstances, could be enough. However, since the process is forced to ignore this cell due to design data, in which the RXLEV_MIN (n) of this cell is specified in -96dBm, the generation of the Handover Required message does not occur. The conversation is interrupted after the counter S reaches the value 0.




Positioning subscribers in GSM networks.

With the advent of various developments in the field of protection and control of remote sites, as well as the emergence of new services based on subscriber positioning, the issue of high-precision positioning (mobile terminal) in the GSM network is becoming increasingly important. In this article I will try to set out the basic principles and possibilities of navigation, based on the functionality of the GSM standard.

Standard features
As you know, a mobile phone in the switched on state always “monitors” the nearest base stations *, while it receives signals from one (the strongest station) and constantly monitors the signal level from several more. For any communication with the network (call, SMS, etc.), the phone establishes in most cases a connection with the strongest station. Usually the same station is the nearest.
The distance from the phone to the nearest station may be different and depends on how large the station has the operator. In a big city it is usually up to 400 meters. In the regional center to the kilometer. In the countryside and on the roads up to 15-20 km. The MSC (mobile switchboard) identifies and saves to the journal (CDR) the serial number of the phone and the cell ID number *** in which the terminal is located at each communication with the network. Thus, in a standard GSM network, the subscriber’s location can be determined with an accuracy to the transmitter (cell), which gives a definition in a large city a maximum of 200-400 meters. In the city of regional significance, an error of 800 meters is a kilometer. In the countryside 15-20 km




Additional features
With the advent of various developments in the field of protection and control of remote sites, as well as the emergence of new services based on subscriber positioning, the issue of high-precision positioning (mobile terminal) in the GSM network is becoming increasingly important. In this article I will try to set out the basic principles and possibilities of navigation, based on the functionality of the GSM standard.

Standard features
As you know, a mobile phone in the switched on state always “monitors” the nearest base stations, while it receives signals from one (the strongest station) and constantly monitors the signal level from several more. In any communication with the network (call, SMS, etc.), the phone establishes in most cases a connection with the station with the strongest signal strength. Usually the same station is the nearest.
The distance from the phone to the nearest station may be different and depends on how large the station has the operator. In a big city it is usually up to 400 meters. In the regional center to the kilometer. In the countryside and on the roads up to 15-20 km. The MSC (mobile switchboard) identifies and saves to the journal (CDR) the serial number of the phone and the cell ID number in which the terminal is located at each communication with the network. Thus, in a standard GSM network, the subscriber’s location can be determined with an accuracy to the transmitter (cell), which gives a definition in a large city a maximum of 200-400 meters. In the city of regional significance, an error of 800 meters is a kilometer. In the countryside 15-20 km




Additional features
Of course, the GSM network carries a lot more opportunities that can be realized through the integration of special equipment by the mobile operator. This equipment is quite expensive and is installed by the operator usually in the case of launching new services based on the location of mobile subscribers. Let's try to figure out how such systems work, and what set of services they offer. The definition of a subscriber in a cellular communication network (without using satellite navigation systems) is based on two main methods: the EOTD method (time difference method) and TOA (method for estimating “receiving time”). There are a few more methods, but they are less common or are a variation of the methods described. Both methods give the accuracy of determining the location of the subscriber 50-150 meters and differ only in implementation technology. The ability to determine the position of the subscriber with an accuracy of "cell" is widely used in Western Europe (operators ORANGE, VODAPHONE). These operators provide services allowing to determine the location of the nearest stores, payment points. Any subscriber, by sending an SMS to a special number, will receive information about where he is located, which is especially useful for tourists. Currently, not a single Ukrainian operator, unfortunately, provides services to determine the location of a subscriber, but the growing market of mobile subscribers and the need to introduce new services suggest the likelihood of the described service in the near future. The final part of the article is unlikely to be of interest to the ordinary man in the street, since it will describe the main technical aspects of the two methods of accurate positioning.

Accurate Positioning System Implementation Methods
As mentioned earlier, there are two main methods: the time difference method (Enhanced Observed Time Difference, EOTD) and the time of arrival method (TOA).
Both methods require installation of a special LMU module (position location module) on the base stations. Only when integrating the EOTD system, LMU units need three to four times less, which significantly reduces operator costs. The method of receiving time (Time of Arrival - TOA) is similar to GPS satellite navigation technology and is based on measuring the delay in frame shift when a signal passes from a base station to a telephone (which in turn is an indicator of the distance to base stations). To determine the coordinates, you need at least “three simultaneous bearings” (distance measurements) to different base stations equipped with LMUs. Ideally, more accurate coordinates can be obtained by measuring the signal transit time of up to four or five base stations. All the calculations are done by the equipment installed by the operator (using triangulation algorithms), while, as we are talking about the difference in receiving signals in microseconds, there is an urgent need to synchronize all LMUs. To initiate the process of determining the location can both the user and the operator. Of course, such a method inevitably increases the load on the service channels of the network at the time of the coordinate request.
The time difference method (Enhanced Observed Time Difference, EOTD) was developed by Cambridge Positioning Systems and has similar principles as TOA, only measurements occur up to two of the three nearest available LMUs and the difference in signal delay time is measured. In the future, this difference is converted into the distance from the mobile phone to two specific base stations. The exact coordinates of the base stations are found in the data processing system, further calculation is not difficult. According to some estimates, the accuracy of this method even exceeds the TOA method. A feature of the EOTD method is the need to integrate the computing module into the mobile terminal. This method has become widespread in the USA (CDMA networks) and is only beginning to be introduced by manufacturers of GSM terminals.


What is SIM-LOCK
SIm-lock, SP-lock, "encoding": all these words speak of one thing; the phone has a software restriction on the operation of a mobile phone on one network only. This is done so that the person who bought the phone from a particular operator did not have the opportunity to switch to another GSM network. Such phones are usually sold by the operator for 10-20 percent of their real value. The rest of the cost is paid by the operator. The meaning of such actions is simple: a phone with a SIM-Lock will always remain working only in one network and sooner or later will pay the operator the part of the money that he made for it. In some European countries, a subscriber in a year, two can remove the LOCK in a service center or store because the phone has already paid off. SIM-LOCK is removed by dialing a code from the keyboard, usually 8-15 digits. Install a SIM-lock on the phone manufacturer or its representatives. The operator orders a large batch of phones from the manufacturer and the manufacturer, together with the phones, supplies the code for removing the Sim-Lock. The physical meaning of the Sim-lock is as follows: The Sim card stores the unique country and operator code. For example, the operator Kyivstar has the MCC-255, NCC-03. The phone checks these codes when turned on. If the codes match, the phone works fine, if not, then the message “SIM does not fit or erroneous” appears on the screen or requests a code to remove SIM LOCK. In addition, there are other ways to encode the phone, but this is the most common.
How SIM-LOCK is removed
The first way to remove the Sim-lock official, I described it above. Sim-lock is also possible to remove the artisanal way. Information about Sim-lock is stored in the phone's memory. Knowing exactly where it is sewn, it is possible to remove it. A special cable is connected to the phone. And on this cable, the program gives the command to remove the Sim-lock.
How legal and ethical
The legality of the Sim-lock removal procedure depends on the laws of the country. Having received legal advice, I found out that in Ukraine there is no law directly prohibiting it. However, this procedure can be summarized under the article "On the penetration of computer and information technology." On the other hand, the person who bought the phone has the right to do whatever it wants with it. For example: if you bought a PAL system TV, which does not support the color standard of Ukraine and the CIS, no one will judge you if you put a color decoder inside. You also have the right to remake it as you like. The only thing you lose is the warranty for repair in the service center. Thus, if a precedent arises, everything will be determined by the level of lawyers and lawyers. This is if we are talking about the decoding of the phone. A completely different thing is the illegal importation of telephones from the west, non-payment of taxes. Representatives of phone manufacturers are trying to deal with this. By my estimate, about 85% of all GSM terminals in Ukraine are imported illegally. Legal delivery is carried out only through the phone manufacturer or its representatives. Naturally, a German, Polish or other operator remains at a loss if a new phone purchased for 10 percent cost is taken from the operator’s network to another network.
How well does the phone work after removing the SIM-LOCK
As mentioned above, Sim-lock is a software product. Normally, a properly removed SIM-LOCK has no effect. And the phone works fine. However, in some cases, programs for removing the SIM-LOCK are written in haste and work incorrectly. Either the person who wrote the program did not know the nuances (secrets) of the manufacturer. Then the phone may have incorrect items in the menu and problems with some functions. One thing can be said for sure after the removal of the lock over time, the operation of the phone will not deteriorate. That is, how the phone works immediately after unlocking (with what problems or without) so it will work.
How to find out if the phone has been uncoded
By external signs: logos on the front of the phone, E-plus, etc. Sticker under the battery in Polish, German and other languages. Visible traces of opening a new phone. And the last - low price.

Features of the GSM standard.
The main feature of the standard is that the maximum communication range with a standard cell configuration is possible at a distance of no more than 35 km from the base station. At the same time, 8 time intervals (time slot) are formed in one frequency channel - one of which is service time and the other seven are conversational. However, GSM also provides a cell configuration, in which the communication range is increased to 70 km (Extended cell configuration). Unfortunately, when using this cell configuration, the number of conversational channels is reduced to 3. Sometimes this mode is applied on the coast to create a coastal coverage area.
One of the problems that often occurs in areas of uncertain reception is the interference between channels with the same frequencies and neighboring frequencies. Unfortunately, the frequency resource allocated to GSM-900 operators in Ukraine is limited. Because of this, often in the zone of uncertain reception, frequencies from different base stations with the same or adjacent values ​​are “visible”. Such frequencies create mutual interference, interfering communication, and at certain signal levels, communication becomes impossible. Determining the presence of such a problem is relatively easy: when the signal from the base station is strong, and the connection cannot be established or is succeeded, but with strong speech drops. In this situation, it is not always possible to “force” the phone to choose another frequency.
Happening. The phone received adjacent frequency channels with levels of 70 dBm, 73 dBm and 72 dBm, but the quality of communication left much to be desired and only the forced choice of another frequency channel with a lower level - 80 dBm, solved the problem. With a limited frequency resource, it is not always possible to solve this problem even by the frequency rescheduling of the network.
The GSM standard stipulates that the base station transmits in the band 935.2-959.8 MHz, and the mobile phone - 890.2 - 914.8 MHz. When planning a GSM network, there is such a thing as an uplink budget (Up link) and a downlink budget (Down link). And the essence of calculations to ensure a stable connection comes down to the necessity of the energy equation of these two lines. The following parameters are taken into account: phone sensitivity, output power, telephone antenna gain, output power and base station sensitivity, cable attenuation, transceiver output stages, gain due to the use of diversity reception, and radio wave attenuation parameters in the propagation medium . But if in zones of reliable reception, the difference in the budget of the upward and downward directions of communication in several decibels is not critical, then in the zone of uncertain reception this may be a critical factor. Often a mobile phone shows the signal level from a base station of 1-2 cubes (on a scale), but cannot establish a connection. At such times, phone parameters such as sensitivity and output power are particularly important. And although the standardization of ETSI regulates the standard power output for various classes of phones, in reality this value may slightly change.
The sensitivity of the phone is mainly determined by the technology used to create low-noise input devices. In fact, the sensitivity of cell phones is in the range from -100 dBm to -106 dBm, and the output power is 0.5-2 W for portable phones. Therefore, when calculating a directional antenna like a wave channel, it is advisable to determine whether the budget of the uplink or downlink directions of communication should be increased. Naturally, the user can not know exactly the parameters of the equipment operator and the parameters of the phone. In this regard, it is best to do it this way: there is the nearest place where reception is possible and the connection is established. If at the same time the audibility of speech is normal and the subscriber does not hear the effect of “falling out of parts” of speech, then the energy of both lines is balanced and you can use a wave channel tuned to the middle frequency between reception and transmission. But, if the interlocutor is heard with interruptions - it is necessary to “raise” the downward direction and vice versa. Already at this stage, it becomes obvious that the choice of the type of antenna and its parameters is desirable to make personally, depending on the operator and reception conditions.

What to do when stealing a mobile phone.
I want to warn you immediately that all information is my personal recommendation. I advise you to do just that. To do or not to do so is up to you.
There are two situations: your first deposit is more than the cost of the phone. Second: Your deposit is small. In the second case, I would recommend to remove the PIN code request when you turn on the phone. As a rule, the person who found the phone will try to turn it off and on. The phone asks for a PIN code, who found it does not know it. At this point, your device has become hopelessly lost. If the phone is 4 times less than the amount of the deposit on your account, I do not advise to risk, it is better to leave the PIN. So trouble happened. After a while you find the lack of a phone in your pocket, car, office. Either it was stolen from you, or you lost it. As soon as you realize this, try asking the operator to close all outgoing calls from your number and leave only incoming calls. If you succeed in this operation, you have nothing to worry about. If that doesn't work, deactivate your number and forget about your phone. Suppose it turned out: Try to call your number and arrange to return the phone. If the phone is found by a simple person, usually $ 20 is enough. Maybe the phone will be turned off, it is naturally hard to call every 2 minutes and wait until it is turned on. I advise you to find a friend with any mobile phone. Let him send an SMS to your number, while including a report on the delivery of the message. When your phone is turned on, a friend will receive a report on the delivery of the message to your number. He will call you back and you will know that your missing phone is online. If the negotiations do not help, the person who found the phone does not pick up the phone, and has already managed to speak through part of your deposit, disconnect the phone from the operator. After that, ask for your detail for the last day. There will be indicated the calls of the person who stole your phone. Further business of your imagination and cunning. Another tip: under the battery, attach the inscription of the type that found the request to contact by phone XXX-XX-XX. Everyone believes that the phone can be lost by anyone, but not by him.

Cell broadcast


What is Cell Info (Cell Broadcast, cellular index or broadcast), why is it needed, and how to turn it on.

Cell info or cellular index is a function of the GSM network that allows the operator to transmit various information that can be displayed on the phone display (for example, news, weather, traffic conditions, etc.). This information may vary depending on the location of the subscriber. Different topics are broadcast by the operator on various channels. Reception of such information is free. In Ukraine, a similar service is supported by UMC, Kyivstar and Golden Telecom.
The UMC operator broadcasts through channel 50 information about the locality, with the base stations of which the subscriber’s telephone is connected.
The value of this information is rather low, since the information is often very inaccurate and the subscriber’s location on the phone screen is interesting only for general orientation after a hefty dose of alcohol.
Unlike UMC, similar information transmitted by one of the Moscow operators is more important, since the amount of payment depends on the zone in which the subscriber is located (Moscow or region).
In addition, information is transmitted on the launch of the GSM1800 standard network (UMC 1800). The presence of the inscription UMC 1800 does not guarantee that the phone works in this standard. This is more information of a promotional nature.

The Kyivstar operator on channel 50 also broadcasts information about the village, with the base stations of which the subscriber’s phone number is connected or about the number of the road along which the subscriber moves.

The operator GOLDEN TELECOM transmits various information on channels 10, 20, 30, 40.
Channel 10 - mobile news;
Channel 20 and 30 - news from GOLDEN TELECOM
Channel 40 - UNI distributors in the nearby area.


Turning on Cell Info reception can speed up the discharge of a phone's battery.
Now about the setting. You wanted to see on the display of your phone the inscription UMC 1800 and make sure that the UMC is really expanding the GSM1800 network or read the congratulations from Golden Telecom on the New Year. To do this, you must perform two steps:
1. Enable Cell Broadcast reception.
2. Select a channel.
How to do this, you can read the instructions for your phone.
After doing this, the display of your phone will appear in the form of a running line or alternately with the name of the operator the desired information.



Stories about the long-range propagation of radio waves.
Historical facts.
After the revolution, the first amateur station, earned from the Nizhny Novgorod laboratory with the call sign R1FL, which meant Russia first, Fedor Lbov.
The frequency was about 4 MHz, power up to 5 watts. They did not have a receiver and they worked only on transmission. Transferred call and coordinates. Two days later, telegrams began to arrive from Africa, Asia, and Europe, from a radio station that heard this program. It all started with this.
Before the war, the scientist Nobil decides to fly on a dirigible, which was called Italy, to the North Pole. The expedition had an accident on the way back, several people survived in the ice. The main transmitter crashed when dropped. As far as I remember, the expedition was financed by the Italian pro-fascist organizations that forbade taking an additional radio station. Nevertheless, Nobil took it, it was a portable transmitter. From which the remnants of the expedition gave the coordinates and a distress signal for several weeks. The transmitter was weak 2-3 watts (like a mobile phone), the ski stick served as an antenna. Obviously, the expedition would have perished if not a radio amateur from Russia, who, using wire instead of an antenna, did not accidentally catch a distress signal before a kite.
This, as for the History, NMT reaches Serpentine Island, which is in the Black Sea (more than 80 km) with an antenna wave channel and power of 10 watts. In the NMT, he pulled about 50 kilometers, but the guys from the UMC would be better off telling about the NMT.

MYTHS
Myth 1. It is possible to remake the phone or reprogram the SIM card to use the GSM phone for free.
These rumors come from the United States. The basic standard of US AMPS really allows you to do things like this with some tricks. By some estimates, up to 10 percent of phones in the US are illegal. With a huge amount of traffic, mobile operators in America do not consider this a serious problem. Moreover, such phones “live” not for long.
The myth of remaking the phone:
Calculating the number and duration of calls does not occur in the phone or in the SIM card, as many believe, but in the GSM switchboard (with the exception of prideid cards of the same type). Calculating the cost of calls produces a billing system that takes data from the switch. Mobile phone can not force the switch to stop monitoring calls.
The myth of cloning (creating a copy of the Sim card).
Inside the SIM card contains a variety of information, such as PIN code, PUK code, subscriber's notebook. But there is also service information unavailable to the user. The basis of SIM card security is the Ki code. This code is stored in the card and the operator. Based on this code, tricky authentication processes (authentication) of the subscriber, according to algorithm A3, occur. There are three versions of this algorithm COMP 128-1, 2 and 3. Unfortunately, the first version of the algorithm has been cracked. That is, it is possible at the amateur level to attack the key Ki to read this key and create SIM clones. But if the operator uses its own, non-standard encryption algorithm (this is UMC) - attempts to create a clone will fail. The rest of the operators are starting to order the COMP 128-2 algorithm cards.
Myth 2. Is it possible to listen to the GSM talks at the amateur level?
The most available listening interval: mobile phone - base station. That is, in the area of ​​the radio interface. To begin with, the information is transmitted in digital form. If you tune the receiver to GSM frequencies, you will only hear a crash and a squeak. This is how a digital signal “sounds”. In addition, special encryption algorithms are used at this site, for example, A5.2, A8. This algorithm is difficult to describe at the user level, therefore, speech is not just transmitted, but also encoded. Most networks use the Frequency Hopping function, its essence is that the mobile phone jumps between several frequencies at a speed of 217 times per minute, which makes listening more difficult. When you move around the city, your phone “jumps” from cell to cell, which further complicates the tracking of your conversation.
Myth 3. Even when the GSM phone is turned off, you can remotely turn on the microphone in it and listen to your conversations.
Without changes in the phone software, this option is impossible ..
Myth 4. The location of the owner of a GSM phone can be tracked to the nearest meter.
In a standard GSM network, it is really possible to find out the cell in which the phone is located and the distances to it (not exactly 540 meters), which gives accuracy, in the center of a large city, 500-4000 square meters. kilometers, on the outskirts of 2-25 square meters. kilometer. To improve the accuracy of determining the coordinates, the operator must install additional expensive equipment. In this case, the accuracy of determination rises to the area of ​​50x50 meters and even more. Abroad, in some countries, similar services are provided to everyone, for example, to search for your car or control the location of a child.


Frequencies

Channel RX Frequency TX Frequency Channel RX Frequency TX Frequency
Decimal Hexadecimal MHz MHz Decimal Hexadecimal MHz MHz
1 01 890.20 935.20 63 3F 902.60 947.60
2 02 890.40 935.40 64 40 902.80 947.80
3 03 890.60 935.60 65 41 903.00 948.00
4 04 890.80 935.80 66 42 903.20 948.20
5 05 891.00 936.00 67 43 903.40 948.40
6 06 891.20 936.20 68 44 903.60 948.60
7 07 891.40 936.40 69 45 903.80 948.80
8 08 891.60 936.60 70 46 904,00 949.00
9 09 891.80 936.80 71 47 904.20 949.20
10 OA 892.00 937.00 72 48 904.40 949.40
11 0Р’ 892.20 937.20 73 49 904.60 949.60
12 OS 892.40 937.40 74 4A 904.80 949.80
13 OD 892.60 937.60 75 4B 905.00 950.00
14 OE 892.80 937.80 76 4C 905.20 950.20
15 OF 893.00 938.00 77 4D 905.40 950.40
16 10 893.20 938.20 78 4E 905.60 950.60
17 11 893.40 938.40 79 4F 905.80 950.80
18 12 893.60 938.60 80 50 906.00 951.00
19 13 893.80 938.80 81 51 906.20 951.20
20 14 894.00 939.00 82 52 906.40 951.40
21 15 894.20 939.20 83 53 906.60 951.60
22 16 894.40 939.40 84 54 906.80 951.80
23 17 894.60 939.60 85 55 907.00 952.00
24 18 894.80 939.80 86 56 907.20 952.20
25 19 895.00 940.00 87 57 907.40 952.40
26 1A 895.20 940.20 88 58 907.60 952.60
27 1B 895.40 940.40 89 59 907.80 952.80
28 1C 895.60 940.60 90 5A 908.00 953.00
29 ID 895.80 940.80 91 5B 908.20 953.20
30 IE 896.00 941.00 92 5C 908.40 953.40
31. IF 896.20 941.20 93 5D 908.60 953.60
32 20 896.40 941.40 94 5E 908.80 953.80
33 21 896.60 941.60 95 5F 909.00 954.00
34 22 896.80 941.80 96 60 909.20 954.20
35 23 897.00 942.00 97 61 909.40 954.40
36 24 897.20 942.20 98 62 909.60 954.60
37 25 897.40 942.40 99 63 909.80 954.80
38 26 897.60 942.60 100 64 910.00 955.00
39 27 897.80 942.80 101 65 910.20 955.20
40 28 898.00 943.00 102 66 910.40 955.40
41 29 898.20 943.20 103 67 910.60 955.60
42 2A 898.40 943.40 104 68 910.80 955.80
43 2B 898.60 943.60 105 69 911.00 956.00
44 2C 898.80 943.80 106 6A 911.20 956.20
45 2D 899.00 944.00 107 6B 911.40 956.40
46 2E 899.20 944.20 108 6C 911.60 956.60
47 2F 899.40 944.40 109 6D 911.80 956.80
48 30 899.60 944.60 110 6E 912.00 957.00
49 31 899.80 944.80 111 6F 912.20 957.20
50 32 900.00 945.00 112 70 912.40 957.40
51 33 900.20 945.20 113 71 912.60 957.60
52 34 900.40 945.40 114 72 912.80 957.80
53 35 900.60 945.60 115 73 913.00 958.00
54 36 900.80 945.80 116 74 913,20 958.20
55 37 901.00 946.00 117 75 913.40 958.40
56 38 901.20 946.20 118 76 913.60 958.60
57 39 901.40 946.40 119 77 913.80 958.80
58 FOR 901.60 946.60 120 78 914.00 959.00
59 3B 901.80 946.80 121 79 914.20 959.20
60 AP 902.00 947.00 122 7A 914.40 959.40
61 3D 902.20 947.20 123 7Р’ 914.60 959.60
62 WE 902.40 947.40 124 7C 914.80 959.80

[ZVS]

Is it possible to catch the signal of a neighboring phone with the help of a telephone antenna? I wonder if it is possible to identify it by any GSM features?

[lngkiss]

Onlinehttp://teltos.ru/andhttp://diktos.ru/You can find all the information of interest about the standards gsm and not only

[Roman Dmitrievich]

Is there a similar on WCDMA and LTE?