Location Update ( LU )

1) As we know that it is very important to make sure that only authenticated users accesses the network, & denying access to fraudulent one, concept of Location Update becomes important.

2) For any customer to get latch ( access ) to our network , their respective Mobile Identification no's need to be defined in local MSCs , our planning team instructs us for the same. 3) " hssdp:snb=MDN,list; " when executed in HLR , we get data print of that MDN :

HLR SUBSCRIBER DATA SNB 9223401064 MSNB IMSI SRNB 0341995167 404000341995167 80610E63

AUTH_PERIOD_UNIT DENIED_AUTH_PERIOD_UNIT AIR_INTERFA INDEFINITE PER AGREEMENT CDMA SCL CTV-1 MCT-1 PIC-1 SMO-1 PPA-10 ENQ-2 CBA-0 VMT-1 DLQ-0 LIA-1 VMN-1 ACTIVITY CNB MISCELLANEOUS PASSIVE 02266781883 ACTIVE

PASSIVE

PASSIVE 08066682201 ACTIVE LIALIST=9100 PASSIVE 08066682201

4) The above command output includes MDNs 10 digit MIN , 15 digit IMSI , along with 8 digit ESN no

5) E.g 404000341995167 is the IMSI for Given MDN , in which 1st three digit are MCC ( mobile country code i.e 404 ) , Next 2 digits are of MNC ( Network code i.e. 00 ) and remaining 10 digits are nothing but MIN ( Mobile Identification no ) of the repective MDN 6) " LST SCCPGT: DSPTY=COUNT;" is the command when executed in LMT , we do get a list of IMSI's that are defined in our network

E.g of 404000341995167 is captured below

TATA MUMBAI SWITCH LOCATION UPDATE

by SUMIT LOTANKAR

7) We all know that for Location update , Home Location Register ( HLR ) plays a vital role.

8) when we careful check the output captured above , we will understand the GT 40400034198 is pointed to SPC 500 (1F4 in Hex ) which is nothing but our HLR SPC ( home location register ), which is accessed using SSN - HLR 0x06 & with value of Translation type to be " 00 "

9) Executing command " LST N7DSP: LTP=LOCAL;" in LMT of local MSC and finding DSP with PC 500 ( HLR for mumbai ) , will give us the name of HLR with PC 500 i.e. DELHLR3-3.

10) Please note: HLR PC where all Local IMSI's to be pointed is decided and guided by corporate code opening team, i.e. At the time of MIN definition in local MSC, we are informed where these IMSI's to be pointed to, as different HLRs serves different part of country.

11) The HLR is connected to Local MSC via STP links 12) When MML command " LST N7RT: DPNM="DELHLR3-3", LTP=LOCAL; " is executed into LMT of local MSC , we do get the links that are used to establish the connectivity with serving HLR , o/p of which is captured below :

TATA MUMBAI SWITCH LOCATION UPDATE

by SUMIT LOTANKAR

13) Whenever any DN becomes active or when powered up , there goes the Locaation update request from local latched BTS i.e. from A interface , which contains the BTS id where MDN is latched , along with national reserve network code of MSC , which is captured below

TATA MUMBAI SWITCH LOCATION UPDATE

by SUMIT LOTANKAR

14) BTS ID where DN is latched, can be found out in VLR , as VLR gives the cell information of DN , which is captured below

TATA MUMBAI SWITCH LOCATION UPDATE

by SUMIT LOTANKAR

15) VLR gives 13 digit Cell no , which is further divided spitted in different part .

e.g 40400011303D1 is the current cell id of 9223401064 , in which 404 is the MCC , 00 is MNC , 0113 is the LAC , 03d ( in hex ) is the BTS id & last digit i.e. 1 is the sector

16) Command " LST IOFC: LTP=ALL;" when executed in Local MSC, we do get Local office information , which is captured below

17) As we know that For ESN ( Electronic Serial no ) , MIN , SSD ( secret shared Data ) , MDN & RAND ( Random value ) is used for authenticating the User latched in MSC.

18) When Location update request goes from A interface, then based on above mentioned parameter & CAVE algorithm (Cave = Cellular Algorithm for validation and encryption), AUTHENTICATION REPONSE PARAMETER IS CALCUALTED TATA MUMBAI SWITCH LOCATION UPDATE by SUMIT LOTANKAR

19) The secret shared data is stored in semi permanent memory of MS , Subscriber do not have access to this , BTS have copy of these parameter stored in Home location register/ Authentication centre ( HLR/AC )

20) For a successful authentication process, the system must validate that both MS (Mobile station) & BTS have same values of these parameters (i.e. authentication response parameter)

21) Hence the Authentication response is parameter originated by MS (authr) & calculated by MSC (authr), equals, successful Authentication happens.

TATA MUMBAI SWITCH LOCATION UPDATE

by SUMIT LOTANKAR

IMPORTANT : 22) SSD ( Secret shared data - 128 Bit , which is divided in to two Subsets of 64 bits each , called SSD A and SSD B , out of which SSD A is used for Authentication process and SSD B used for Voice privacy.

TATA MUMBAI SWITCH LOCATION UPDATE

by SUMIT LOTANKAR

23) After successful authentication , there goes Registration Notification request to HLR , in return of which HLR gives the authentication status along with activation status of user. 24) After all these triggers, Location update is accepted.

TATA MUMBAI SWITCH LOCATION UPDATE

by SUMIT LOTANKAR