section two

©Informa Telecoms

UMTS System Overview

UMTS Services and Applications

©Informa Telecoms



1. FUNDAMENTAL UMTS SERVICE CONCEPTS1.1 Fundamental UMTS Service Concepts 1:

Service Support Requirements 11.2 Fundamental UMTS service concepts 2:

Interactive vs. Distribution Services 31.3 Fundamental UMTS service concepts 3:

Service Differentiation 51.4 Fundamental UMTS service concepts 4:

Telecommunications Service Types 71.5 Fundamental UMTS service concepts 5:

The Service Architecture Concept 15

2. EXAMPLE SERVICES2.1 Multimedia services – circuit-switched domain 172.2 Multimedia services – packet-switched domain 192.3 The Multimedia Messaging Service 21

3. QUALITY OF SERVICE 3.1 Quality of Service in UMTS 233.2 UMTS bearer service attributes 253.3 QoS Classes in UMTS 29

4. THE VIRTUAL HOME ENVIRONMENT 4.1 The VHE concept 314.2 Open Services Architecture (OSA) 334.3 Toolkits in UMTS 35

5. SECURITY5.1 Security requirements for UMTS services 415.2 UMTS Security Domains 43

6. USER EQUIPMENT6.1 Mobile Equipment service capabilities 476.2 The UMTS IC Card (UICC) and UMTS Subscriber

Identity Module (USIM) 49



1. FUNDAMENTAL UMTS SERVICE CONCEPTS

1.1 Fundamental UMTS Service Concepts 1: Service Support Requirements

The continued evolution of GSM is the foundation on which UMTS is based, andtherefore key GSM Phase 2+ features carry straight forward into UMTS.

In relation to services, some relevant GSM Phase 2+ features include:

• toolkits to provide operator-specific services: SIM Application Toolkit, CAMEL(Customised Applications for Mobile Networks Enhanced Logic) & MExE (MobileExecution Environment)

• AMR; the Advanced Multi-Rate codec, to deliver speech services

• CTS (Cordless Telephony System)

• the SIM, including Java on SIM and low voltage SIM

• Number Portability

• Cell Broadcast services

• SMS (Point to Point Short Message Service)

Specific service requirements also arise, adding the following features which are newor enhanced in UMTS:

• flexible support for a full range of services from narrowband (e.g. speech) towideband (up to 2Mbps). Note that the circuit-switched services are in practicelimited to 64kb/s in UMTS networks which retain the GSM-based circuit-switcheddomain, since this is the capability of the MSC switching

• service creation which allows innovative and individualised services, in some casesby third party developers or service providers. In order to achieve this goal, UMTSis designed to offer a “Toolkit of functionality”, i.e. guidelines and service capabilitydefinitions which application developers can follow, rather than fully standardisingthe various services themselves (which is the case in early GSM)

• efficient interworking with the Internet

• support for services made up of different media sources, capable of being deliveredat the same time (multimedia)

• definitions and guarantees on service quality

Seamless roaming with UMTS applications and services is of course another keyrequirement in building the UMTS system, and meeting the requirements of the globalIMT2000 vision.


©Informa Telecoms1

GSM Phase 2+ Services

EfficientInterworking

With the Internet

QoSGuarantees

Open ServiceCreation

Roaming With AllServices

Flexible andMultimedia

Service Support

HighData Rates

(up to 2Mbps)

Fig. 1 – UMTS Service Requirements

2©Informa Telecoms


1.2 Fundamental UMTS service concepts 2: Interactive vs. Distribution Services

Interactive services are two-way services, usually one-to-one, whereas distributionservices are one-to-many broadcast services. These two broad categories can besubdivided further as follows:

Interactive services• conversational (real-time communications, involving no storage of information.

Conversational services are usually symmetrical, with the same data rates in bothdirections)

• messaging (“store & forward” – units of data may be stored before being forwardedon to the user at a convenient time, or upon request)

• retrieval (of information stored somewhere, for example a user may request todownload a file)

Distribution services• without user control (broadcast services where information is supplied by a single

source and the user can access but without controlling the start or the order, e.g.broadcast TV)

• with user control (broadcast services where there is a repetitive sequence, andaccess to the sequence numbering allows the user to control the start or order)

Although not used greatly in GSM, Cell Broadcast is defined as a requirement inRelease ’99 to guarantee continuity with any such GSM services, and to providebroadcast services seamlessly across both GSM and UMTS.


©Informa Telecoms3

• Conversational, Real-time,• Messaging, Store & Forward• Retrieval

INTERACTIVE(2-way)

• Without User Control• With User Control

DISTRIBUTION(Broadcast)

Fig. 2 – Service Categories

4©Informa Telecoms


1.3 Fundamental UMTS service concepts 3: Service Differentiation

In terms of understanding the levels of standardisation and operator specificity ofservices and applications, three categories can be recognised:

1.3.1 Standardised servicesThese are implemented on GSM/UMTS network entities using standardised interfacesto ensure interoperability. This means that they are available to all operators, sincethey are defined “end-to-end”. Basic speech service is an obvious example. Underthis category fall services such as teleservices, bearer services and supplementaryservices.

1.3.2 Operator specific services These are not standardised, and thus offer differentiation between operators. Theycan be implemented at GSM/UMTS entities or by using toolkits, such as CAMEL,SAT, MExE. These toolkits use standardised interfaces to the underlying network oruse standardised bearers to transport the applications and data.

Implementation of these services on the different platforms is completely vendorspecific, but because the toolkits are standardised, developers who use a toolkit todevelop an application can be sure that the same application will work in othernetworks supporting such toolkits. Thus even an operator-specific service can beaccessed via a different operator’s network when roaming.

1.3.3 ApplicationsThese are not standardised, but can be implemented using standardised applicationprogramming interfaces (APIs) to the service capabilities (the underlying bearers andmechanisms to support services). They can be independent of operators.

Service Capability Features (which describe the functionality of the servicecapabilities) are standardised in UMTS, and therefore can be used by developers asguidelines to build applications and services which will work in other UMTS systems.Within the end-user terminal, service capabilities are again accessed via APIs, (MExE,SAT are examples), and so the terminals can communicate, using GSM/UMTSbearers, with applications which may be held either inside or outside the network.


©Informa Telecoms5

Fig. 3 – Service Differentiation

6©Informa Telecoms

STANDARDISED Defined Available to SERVICES “end-to-end” operators

OPERATOR- Use “toolkits” Enable SPECIFIC to ensure operator SERVICES roaming differentiation

APPLICATIONS Access May be UMTS network operatorthrough APIs independent


1.4 Fundamental UMTS service concepts 4: Telecommunications Service Types

Two types of basic telecommunications service exist, “bearer services” and“teleservices”, which can be offered within a network and/or by a network inconnection with other networks.

In addition, a third category is Supplementary Services, which cannot be offeredindependently, but must be offered in addition to a bearer or teleservice.


©Informa Telecoms7

Bearer Services TeleservicesBasic

Services

Bearer Service&

Supplementary Service

Teleservice&

Supplementary Service

AdditionalServices

Fig. 4 – Telecommunications Service Types

8©Informa Telecoms


1.4.1 Bearer ServicesBearer services are defined as basic transport “pipes” with specified capabilities.Thus in order for a user-requested service to be delivered, the network will assign themost relevant bearer services needed to carry that service type. Bearer services arean important element in the new QoS control capabilities of UMTS.

Assignment and release of bearers is provided by a bearer control function, andbearers are independent of radio environment, radio interface technology, or fixedwire transmission systems (i.e. the underlying transport).

Bearer services can be considered as layers. The overall UMTS bearer servicerequired to enable an end-to-end service must in turn depend on lower level bearerservices which cover specific parts of the network transport, for example RadioAccess Bearer and Core Network Bearer.

In general terms, bearer services fall into two categories. Circuit Switched bearerservices provide end-to-end connection for the duration of a call, whereas PacketSwitched bearer services create a logical link between entities over which packets ofinformation may be exchanged. The physical resources may in this case be used bypackets of information belonging to other logical links.


©Informa Telecoms9

MSCSGSN

GMSC

User Mobile Terminal

RadioAccess

Core Network

Edge

End-to-End Service

Gateway ServiceCreation

GGSN

ExternalNetwork

UTMS Network

Core Network

External Bearer ServiceUMTS Bearer Service

Local Bearer Service

Core Network Bearer Service

Radio AccessBearer Service

Backbone Bearer Service

Radio Bearers

Iu BearerService

Physical Bearer

ServiceUtra

Service

Fig. 5 – Bearer Services

10©Informa Telecoms


1.4.2 TeleservicesTeleservices are completely defined from an end-to-end perspective, so they includedefinition of the terminal equipment function.

The most well known teleservice is speech, which requires definition of a speechcodec to allow a default service to be achieved and inter-worked in all UMTSnetworks. In particular, the AMR (Adaptive MultiRate) codec has been defined, toprovide the option to vary the bit-rate assigned to voice in order to balance qualityrequirements flexibly with system capacity.

Another teleservice defined in UMTS is access to the Internet. Since this is clearly afundamental aim of the UMTS system, it is important that such access is defined toallow consistent optimisation & QoS when inter-working between networks.

Other basic teleservices defined in UMTS are:

• Emergency Call

• SMS (short message service), which is itself divided into three types:

– Mobile Terminated, point-to-point

– Mobile Originated, point-to-point

– Cell Broadcast

• Fax, divided into:

– Alternate speech & fax (“group 3” – an ITU definition)

– Automatic fax (“group 3”)

• Voice Group Services:

– Voice Group Call

– Voice Broadcast


©Informa Telecoms11

Voice GroupServices

InternetAccess

Speech(AMR)

Fax EmergencyCall

SMS

Teleservices

Fig. 6 – Teleservices in UMTS



1.4.3 Supplementary Services Supplementary services modify or supplement basic telecommunications services,and may be used by subscribers at their discretion. Therefore they cannot be offeredstandalone and must be associated with a basic telecoms service, either bearer orteleservice. The same supplementary service may be offered with more than onetelecoms service.

Supplementary services can be offered on a subscription basis, pre-arranged with the service provider, or can be offered to all users with access to the serving network.

For UMTS, Supplementary Services are almost all carried over from GSM and act to offer more advanced services than basic speech, so enabling Caller ID, Call Forwarding, Call Barring and so on.

The supplementary services which apply to UMTS are listed opposite.



Fig. 7 – UMTS Supplementary Services


•Call Deflection (Filtering)

•Number Identification (Calling line ID functions)

•Call Offering (Call forwarding functions)

•Call Completion (Call waiting, call hold)

•Multi Party Service

•Community of Interest (Closed User Groups)

•User to User signalling

•Charging Advice & Information

•Call Restriction (Call Barring functions)

•Call Transfer

•Call Completion when busy

•Name Identification

•Multicall


1.5 Fundamental UMTS service concepts 5: The Service Architecture Concept

The figure opposite summarises the service concept in UMTS, in particular theseparation of service creation, control and transport by standardised interfaces.

The “service platform” provides interfaces appropriate to support creation of services,and then also provides interfaces to functions which control the delivery. The latterfunctions include:

• Bearer Control = in order to assign the most appropriate resources in transport ofthe application data

• Call Control = to set-up, manage and release circuit-switched call connections

• Session Management = to manage packet-switched data transport

• Mobility Management = to track a user’s movements and ensure data delivery tothe current location

The key point is that creation and control of services is separated from delivery andtransport, and thus that services can be more easily created which will work correctlyregardless of the underlying network which carries them.



Service Platform

Wired/Wireless sub network

CONTROL

Interfaces

TRANSPORT

CREATION

SupplementaryServices

CallControl/Session

Management

Teleservices

BearerControl

Applications

MobilityManagement

Interfaces

Interfaces

Fig. 8 – Service Architecture Concept



2. EXAMPLE SERVICES

2.1 Multimedia services – circuit-switched domain

A multimedia service is one where two or more media components are combinedwithin one call, for example speech, video and graphic data. Such a call may involveseveral parties and connections, each supplying one or more media element.

Support for such services is one of the key differences between 2nd Generation andUMTS networks.

Circuit-switched (CS) Multimedia callsCS multimedia in UMTS is based on H324, a terminal codec defined by the ITU. In fact, a mobile specific subset of this, and 3G variant, known as 3G-324M is used.All call scenarios are supported (e.g. mobile originated/terminated, ISDN, PSTNconnected etc.).

In reality, the H.324 codec is made up of a number of different standards, and drawstogether codecs for video, speech and data which transpose the UMTS networktransmission to the relevant video, speech and data outputs in the terminal.

CS Multimedia Telephony in UMTS is a bearer service, although it does have someteleservice-like characteristics, since the application information must be signalled tothe network and to the end terminal.

Speech fallback is included, such that if the set-up of the multimedia call fails, thenthe call will be set up as speech only, rather than lost completely. In-call modificationis also supported, to change from a speech call to multimedia call and vice versa asthe user or application requires.

The following bitrate options are defined in UMTS, in order to ease internetworking of3G-324M calls with external networks:

• 64, 56, 33.6, 32 and 28.8 kb/s for mobile to mobile

• 64 & 56 for mobile to/from N-ISDN

• 33.6 and 28.8 for mobile to/from PSTN

• 32 for mobile to/from PHS call

Since CS multimedia telephony utilises a general bearer service, supplementaryservices can also apply, although some restrictions are defined. In particular, callholding, multiparty, call transfer and calling name presentation do not apply to datacalls. There may also be a future need for supplementary services to be defined inorder to provide some multimedia specific Call Barring.



VideoI/O

H.263MPEG4H.261

Scope of 3G-324M Terminal Codec

Video Codec

AudioI/O

3GPP-AMR

G.723.1UMTS

(3GPP)Network

Speech Codec

UserData Apps.

LAPM

Data Protocols

SystemControl H.245

System Control

Multiplex/De-Multiplex

H.223

Fig. 9 – Example: Circuit-Switched Multimedia



2.2 Multimedia services – packet-switched domain

PS Multimedia was originally the source of some debate, with two solutionsdiscussed.

The first was to use another ITU defined codec, H.323, but it was eventuallydetermined that SIP, an IETF protocol, would be chosen. SIP (Session InitiationProtocol) is a set of functions which provides services similar to H.323, but is lesscomplex and uses less resources, making it suitable for very small portable devices.

The SIP protocol creates, modifies and terminates sessions which can involve two ormore users. It is an application which is designed to be independent of the type ofunderlying transport technology used, although in practice it is discussed withreference to Internet (IP) telephony.

An initial invitation is used to locate all the user(s) to which a session is directed,where each “user” may be an actual mobile terminal, or could equally be a mediasource of some kind, for example a PC-based application. These users are identifiedby SIP URL’s, most commonly IP addresses.

A SIP Initiation/Invitation is sent out by the user who requests a session, and thisinvitation contains a Service Description Protocol (SDP) which enables participants toagree a set of compatible data types, and accept or reject involvement in the session.Service descriptions sent to a shared group who are invited to take part in aconference call are sent as a SIP Session Announcement.

The Service Description Protocol contains information on the session name andpurpose, time that the session is active, the media involved, the information neededto be able to receive those media, the bandwidth to be used for the session, and thecontact details of the person responsible for initiating the session.

SIP is well suited to mobility, in that users are able to register with the hosts whichthey are currently using, in which case requests to their normal locations can simplybe relayed on to their current locations.

Once the participating users and their locations have been established,communication of the various data streams which make up the service can occur.



Initiating User 1

Participating User 4

Note: “SDP” (Session Description Protocol) is being carried within SIP in this example.



Relay

“SDP”

“SDP”

“SDP”

“Accept”

“Accept” “SDP”

“Reject”

Fig. 10 – Example: Packet-Based Multimedia Service Set-up



2.3 The Multimedia Messaging Service

MMS is a non real-time service, in the same vein as SMS. Thus messages can bestored before being forwarded on to the recipient whenever they are available and/orrequest to see the message.

However multimedia messaging is a new service with no direct equivalent in the GSMworld or in the fixed world. It combines different networks and integrates messagingsystems which already exist in these networks, for example SMS in GSM and so-called “Instant Messaging” via the Internet.

MMS is designed to support either standard e-mail addresses or MSISDN addresses,and WAP development also provides significant support for MMS.

The user terminal operates the Multimedia Messaging Service Environment, MMSE.MMSE provides the service elements such as delivery, storage and notification, whichmay be located in one network or distributed across networks. The basis ofconnectivity between networks is provided by IP and its associated set of messagingprotocols, enabling 2G & 3G wireless messaging to be compatible with Internetmessaging.

The architectural elements of MMS are shown opposite, and are as follows:

The MMSE describes all the elements which provide the complete service to a user. Inthe case of roaming, the visited network is included within this environment.

The MMS Relay facilitates transfer between different messaging systems, and cangenerate charging data, enabling the service to be billed.

The MMS Server is responsible for storage and handling of incoming and outgoingmessages.

The MMS User Databases contain subscription information and so on.

The MMS User Agent resides on the user equipment or on a device attached to this(such as a PC). It is an application layer function providing the users with the ability toview, compose and handle messages.



MM

SEB

oundary

MM

SE

Bou

ndar

y

VisitedMobile

Network

2GMobile

Network

3G MobileNetwork Internet/IP

Network

MMSRelay

MMSServer

Message Store

User Databases

Mailbox

MMS User Agent

MMS User Agent

Roaming MMS User Agent

Fixed e-mailClient

Fig. 11 – Exmple: Multimedia Messaging Service



3. QUALITY OF SERVICE

3.1 Quality of Service in UMTS

Quality of service arises as a concept in UMTS in particular because of the newconcentration on packet-switched services. Since no guaranteed circuit remains openfor the duration of the connection, and since packets of data do not travel together,they can be lost or delayed en route.

In defining Quality of Service classes, there are some key requirements, in order to fitin with the vision of UMTS. In particular, any such definitions need to:

• be future-proof

• allow efficient use of radio capacity

• allow independent evolution of core & access networks

• keep overhead and complexity additions from QoS requirements reasonably low

• support asymmetric bearers, for browsing-type services

• ensure that applications can indicate QoS values for their transmissions

Network services are considered end-to-end. To realise a network QoS, a bearerservice with clearly defined characteristics and functionality is set up from source todestination. The bearer service includes all aspects to enable provision of the desiredQoS, including control signalling, characteristics of the user data transport plus anyQoS management functionality. The “UMTS bearer service” is the part offered by theUMTS operator and which provides UMTS QoS. This in itself will require the servicesof a radio access bearer and core network bearer.



Fig. 12 – UMTS and Quality of Service


•Important for packet-based services

•Designed for efficient use of resources

•Allow independent evolution of radio

access and core networks

•Support asymmetric services

•Enable applications to define required QoS

Based upon assignment of appropriate

UMTS bearer services


3.2 UMTS bearer service attributes

A UMTS bearer service will be defined on the basis of a number of factors, includingbit-rates, latency (delays), error rate and error handling, and so on. These categoriesare listed opposite. An overall UMTS bearer service can define some or all of thefollowing features, which will become important in controlling Quality of Servicelevels.

• Traffic class. There are four traffic classes; Conversational, Streaming, Interactive,Background

• Two types of information related to Data rates:

– Maximum bit-rate (kbps). This is the maximum data rate allowed for theparticular service, and can be up to 2048 in UMTS.

– Guaranteed bit-rate (kbps). This is the data rate which must be guaranteed inorder for the service to function to the required QoS.

• Delivery order. This can be a “yes” or “no”, to describe whether Service Data Units(SDUs), i.e. data packets, must be delivered in sequence.

• Two types of information relating to the size of the SDUs:

– Maximum size of SDU. This is the maximum length that a data packet can be.

– SDU format information. This lists the possible exact sizes of SDUs, and isrequired for the Radio Link Control function in the UTRAN (see later)

• Three types of information relating to errors and error control :

– SDU error rate. This describes the fraction of SDUs which may be lost or in error,and is used to configure protocols, algorithms and error detection schemes inthe UTRAN particularly.

– Residual bit error ratio. This indicates the undetected bit error ratio in deliveredSDUs – or the actual bit error ratio if error detection isn’t requested. Again this isused for radio interface planning.

– delivery of erroneous SDUs (“yes”, “no”, “–”). This provides a decision onwhether to deliver or discard erroneous SDUs. “–” means that error detectionisn’t even considered.

• transfer delay (ms). Defines the maximum delay for all delivered SDUs within thelifetime of the bearer service, where delay is defined as the time from request oftransfer to delivery (used to specify the delay tolerated by the application).



Fig. 13 – Bearer Service Attributes


• QoS class (Traffic classes)

• Maximum bit-rate

• Guaranteed bit-rate

• Delivery in-sequence?

• Size of data units

• Error rates

• Deliver erroneous data?

• Maximum transfer delay

• Traffic handling priority

• Allocation/retention priority

Possible sizes

Maximum size


• Two types of priority handling:

– Traffic handling priority, describes the relative importance of handling all SDUsbelonging to a UMTS bearer compared to the SDUs of other bearers.

– Allocation/Retention priority, describes the relative importance compared toother bearers for allocation and retention of the UMTS bearer. This is negotiatedfrom the mobile terminal and used for differentiating between bearers whenperforming allocation/retention policy when resources are scarce.



Fig. 13 – Bearer Service Attributes


• QoS class (Traffic classes)

• Maximum bit-rate

• Guaranteed bit-rate

• Delivery in-sequence?

• Sizes of data units

• Error rates

• Deliver erroneous data?

• Maximum transfer delay

• Traffic handling priority

• Allocation/retention priority

Possible sizes

Maximum size


3.3 QoS Classes in UMTS

Four classes of QoS have been defined in UMTS, corresponding to the traffic classesshown opposite (which also shows typical examples). The main distinguishing factoris delay sensitivity, although it is also worth noting that the last two classes below,which are not delay sensitive, can therefore provide lower error rates due to the useof retransmission and better coding.

In terms of standardisation, GPRS Release ’99 QoS attributes are equivalent to theUMTS QoS attributes

3.3.1 Conversational Class (delay sensitive, real time)Examples include speech, VoIP, video conferencing. The characteristics required arecontrolled by human perception, unlike the other schemes. This class needs very lowdelay and to keep the time relation between information entities in the stream.

3.3.2 Streaming Class (real time)For example listening to real time video or audio. This class involves one waytransport, live at the destination. There is the need to preserve the time relationbetween information by aligning at the receive end (delays are possible, but can’t betoo big).

3.3.3 Interactive ClassThis class is for Internet-type applications, requiring responsiveness, although nottrue real-time. At the message destination, a response is expected within a certaintime, so round-trip delay needs to be minimised. Content needs to have very low biterror rate (i.e. arrive with little or no loss of data)

3.3.4 Background ClassThe final class is for applications which are entirely delay insensitive. Thus informationis only sent when resource is available. Examples include file transfer, email delivery,SMS and so on, where there is no expectation of when data will arrive. However dataloss must be minor.

When matching these classes of QoS, all the various bearer service attributes listedpreviously will have values assigned, except for the following cases:

• The Interactive Class is the only one which uses Traffic Handling Priority.

• The Interactive and Background classes do not make use of transfer delay,guaranteed bit-rate or SDU format attributes in defining the bearer service.



Fig. 14 – QoS Classes in UMTS


QoS Delay Time Error ExampleClass Tolerance Relation Tolerance Service

Conversational <<1s Preserve <3% FER Speech (4-25kbps)Preserve <1% FER Video (32-384kbps)

– No Loss Interactive games (<1kbps)

Interactive <1s – tolerant Voice Messaging

– intolerant E-commercewww Browsing

Streaming <10s Preserve tolerant Audio StreamingVideo Streaming

Preserve intolerant Still ImagePaging

Background >10s – tolerant Fax

– intolerant E-mail arrivalnotification

FER – Frame Error Rate (Frame Erasure Rate)


4. THE VIRTUAL HOME ENVIRONMENT

4.1 The VHE concept

The Virtual Home Environment (VHE) is a cornerstone concept of UMTS. It is definedas a concept for personal service environment (PSE) portability across networkboundaries and between terminals.

PSE is defined in terms of one or more user profiles, which consist of two kinds of info:

i. interface related info (User Interface Profile – service look & feel)

ii. service related info (User Services Profile – personalisation etc.)

In the VHE, users are consistently presented with the same personalised features,user interface customisation and services, in whatever network or terminal they maybe located (assuming that capabilities in the network and terminal exist).

In defining the VHE it is useful to introduce the concept of the Home Environment.This can be synonymous with the user’s home network & subscribed services, butcan also include other value-added service providers (VASPs) which are accessedthrough this home network service provider. The Home Environment provides andcontrols the PSE in association with the user’s own personal profile. The servingnetwork describes the network to which the user is attached at the time, so may be anetwork in which they are roaming when travelling abroad. In the VHE concept, thisnetwork should be invisible to the user, with services transported seamlessly through.It may be another mobile network, but could equally also be applied to a fixednetwork, the Internet and so on, depending how the user chooses to access theirservices at any one time.

CAMEL, MExE and SAT are the key mechanisms supporting the VHE in R’99 of the3GPP specifications for UMTS. These provide the “toolkits” for service creation withinUMTS, with the capabilities of these toolkits defined, rather than the specific servicescreated on them.

VHE also takes account of the possibility of “Value added service providers”, whomay be part of neither the home nor serving environment. For example, a bankingservice may be provided directly from a bank VASP. Users should still be able totransparently access these services whether in their home network or not.



USER

UserProfile

ServicePlatform

Value AddedService Provider

Value AddedServiceProvider

PersonalService

Environment

ServingNetwork

HomeEnvironment

Fig. 15 – The VHE Concept



4.2 Open Services Architecture (OSA)

OSA defines an architecture to enable operators and 3rd party developers (e.g. VASPs) to make use of network functionality through an open standardisedApplication Programming Interface (API). It provides applications with access to“service capability servers”, and thus provides the “glue” between the applicationsand the service capabilities of the network. These service capabilities arestandardised, through the CAMEL Service Environment, MExE Servers, SAT Serversand so on.

In this way, applications become independent of the network, another key VHE feature.

Applications constitute the top layer of OSA. This level is connected to ServiceCapability Servers (SCSs) via the OSA API. These servers map the OSA API onto theunderlying telecom specific protocols for transport, and therefore hide networkcomplexity from the applications.

Applications can be either network/server centric, or terminal centric. The latter residein the user terminal, MExE and SAT applications being examples. This categoryincludes applications downloaded to the terminal as Java applets for example.

Network/server applications on the other hand can be located outside the corenetwork and make use of service capability features through the OSA API. Theseapplications can be executed in application servers physically separated from thecore network entities. They may be part of the operator “domain”, or may be 3rd party applications.

The OSA API is secure, independent of vendor specific solutions and programminglanguages, operating systems and so on. It is also independent of the location of thehome environment and of the supported server capabilities in the network.



OSA API

Standardised Protocols

Collectively provides a "Personal Service Environment"

ServiceCapabilityServers

NETWORK

Service CapabilitiesCAMEL MExEBearer Access

Control etc…

APPLICATIONSApplication Servers

Fig. 16 – The Open Services Architecture



4.3 Toolkits in UMTS

UMTS supports the following service creation toolkits carried over from GSM,enabling the development of operator specific services which can be deliveredwherever the appropriate environment is supported:

SIM Application Toolkit (SAT)

CAMEL (Customised Applications for Mobile Networks Enhanced Logic)

MExE (Mobile Execution Environment)

4.3.1 SIM Application Toolkit (SAT)All GSM phones contain a SIM card, which is owned by the operator and whoseprimary purpose is to provide authentication of the user to the network.

SIM Application Toolkit was standardised for GSM by ETSI in 1996 and allows the SIMto be programmed by downloading an application, which can then be seen (or heard)on the handset. The application runs on the handset rather than in the network.

The applications can be entirely operator defined, and the operator can also installadditional menus on the handset through the SIM (e.g. operator specific menus formobile banking etc.).

SIM Toolkit therefore provides a layer to install value added services on top of bearerservices, and was the first example of the toolkit concept applied to mobilecommunications.

The key reasons for putting VAS into the SIM are as follows:

• the SIM belongs to the operator

• the SIM can be remote controlled using appropriate tools

• operators keep control of the applications: i.e. when to download, when to remove

• the SIM is secure, so the operator can control whether applications downloaded arecertified or not, and stop access if need be (i.e. a “walled garden” of services)

In order to achieve these aims, SAT features fall into these categories:

• Control of the MMI (Man Machine Interface)

• Communications services

• Menu Management and application control

• Accessory management

• Miscellaneous

The SAT defines how the card should interact with the outside world, and extends tothe communications protocol between the card and handset. Thus the card has aproactive role and can initiate commands independently of the handset or network.



Fig. 17 – Features of SIM Toolkit


•SIM belongs to the operator

•Enables remote downloading ofValue Added Services

•Secure

•Enables operator-specific servicesand handset customisation:– control of MMI– menu management– application control– accessory management– communications & proactive

commands


4.3.2 CAMELCAMEL stands for “Customised Applications for Mobile Network Enhanced Logic”.It is an extension of the “Intelligent Network” service provision concept used by fixednetwork operators, and provides a mechanism to support these services consistently,independently of the serving network.

CAMEL facilitates service control of operator specific services external from theserving network (i.e. provision of operator-defined services even when roamingoutside the home network), and is a network feature, not a supplementary service.

CAMEL is defined in phases:

i. Phase I: covered simple mobile originated and terminated call related activities

ii. Phase 2: added supplementary services and user interactions

iii. Phase 3 : added –

SMS mobile originated,

GPRS sessions and PDP contexts;

control of HLR data

control of network signalling load

CAMEL Phase 4 is part of 3GPP Release ’00.

In order for CAMEL to work, information exchange is needed between the servingand home network (which contains a new element: the CAMEL Service Environment(CSE)). At a service event, the serving network will make contact with the CSE, withinformation related to the CAMEL subscriber. The CSE can then tell the servingnetwork whether to continue with the service, perform charging and so on.



CAMELService

Environment

Home Network

Interaction BetweenServing Network and

CSE in Order to Provide Required Service

Serving Network

Fig. 18 – CAMEL


• Roaming support for IN Applications andServices provided by CAMEL ServiceEnvironment in the Home Network

Phase 1 basic call-related activity

Phase 2 includes supplementaryservices and user interaction

Phase 3 includes SMS, GPRS, HLRdata, network signalling load

(Phase 4 is part of 3GPP Release 4)


4.3.3 MExE (Mobile Execution Environment)MExE provides a standardised execution environment within a mobile terminal, andthe ability for the terminal to negotiate its supported capabilities with the MExEservice provider. Thus applications can be developed independently of any particularterminal platform, and the terminal can support a range of implementations fromlimited (low bandwidth, small device) to full capabilities, with the MExE serviceprovider able to know which services it can send to the terminal, and which servicesthe terminal will be unable to handle. Negotiation may also include the user profileand network capabilities. Communication between the MExE application and theMobile terminal uses the HTTP protocol.

MExE servers may exist outside the UMTS network but must support the MExEservice environment. The make-up of the server itself is not specified, with thespecifications simply covering the interaction between the terminal and the MExEservice environment (the negotiation process). Thus the network is simply thetransport for the negotiation process, but doesn’t necessarily include the MExEservice provision itself: the latter may be network nodes, external nodes or even othermobile terminals.

MExE specifications are applicable to both GSM & UMTS. The bearers available toMExE applications of course depend on those available to the MS, as defined forGSM & UMTS.

Amongst the High-level requirements to support MExE are the following:

• a common set of APIs and development tools

• that both user and MExE service provider can control “look and feel”

• that MExE service providers can authenticate MExE users

• that users can control content and acceptance of any applets transferred by MExE

• that MExE applications can negotiate QoS requirements

The applications themselves are independent of the underlying wireless network anda generic API provides the link to lower level network bearers. Therefore developersneed not pay attention to the underlying transport.

Two types of execution environment are currently defined in MExE:

i. WAP 1.2

ii. Personal Java 1.1

A 3rd platform based on K-Java will be added soon.



WAPJAVA

MExE

MExE Service

Environment

API

Application Development

Authentication & Security

Capability Negotiation

Bearer/QoS Request

Transport Network(s)

Fig. 19 – Mobile Execution Environment



5. SECURITY

5.1 Security requirements for UMTS services

Given that a key aspect of UMTS services is to avoid excessive standardisation, andallow much more open access to UMTS networks, security needs to consider allpossible threats and aim at generic security requirements. There is clearly the needto update security systems as the standards evolve, and the real service marketbecomes clearer.

It is possible to define the general objectives for security, as follows:

• need to protect user info

• need to protect system resources and services

• must ensure worldwide security availability & inter-operability

• must improve on current mobile and fixed networks

• must be flexible enough to enhance in future

Evidence from existing mobile systems shows that the most significant threats comefrom these types of activity:

• masquerading as others to gain service access (which are then charged to anotheruser’s account)

• eavesdropping on calls or data transfer

• subscription fraud (usage without any intention to pay – e.g. setting up asubscription under a false identity)

Other generic security threats include:

• unauthorised manipulation of data

• misusing network services (e.g. denial of service/reduced availability may result), byjamming, overloading etc.

• repudiation (denial that an action has taken place)



Fig. 20 – Security Threats


• Masquerading

• Eavesdropping

• Subscription fraud

• Data manipulation

• Service mis-use

• Repudiation

most commonin 2G systems


5.2 UMTS Security Domains

The security architecture for UMTS has five feature groups:

– user domain security – providing secure access to the mobile terminal.

The cornerstone of this is the USIM. As in GSM, the USIM contains user i.d. and anassociation with a home environment, and is based on Phase 2+ GSM SIM. A validUSIM must be present before access is granted to any UMTS service. The exceptionis for emergency calls, which are at the discretion of the operator to allow withoutUSIM if they wish.

Authentication of the User by USIM is through a 4 to 8 digit PIN (which may bedisabled by the user). If the wrong PIN is entered three times, then a furtherunblocking PIN is needed to reactivate the card. The link between the USIM and theterminal itself is also through a PIN-type (secret sharing) arrangement.

– network access security – providing secure access to UMTS, in particularprotecting the radio access link.

The user is identified by a temporary ID given by the visited serving network, or byan encrypted permanent ID. Any signalling or user data which might reveal the ID isciphered on the radio access network. Authentication of the user and confirmationthat the network is permitted to provide services happens each time a user sets upa connection with the network.

Confidentiality is provided by a cipher algorithm operating between terminal and theserving network node, and another algorithm checks integrity of the data, byallowing the receiving entity (either terminal or serving network node) to ensure thatdata has not been modified since it was sent.

– network domain security – provides secure exchange of info between nodeswithin the fixed part of the network, e.g. between the serving network and homeenvironment.

– application domain security – enables users and applications to securelyexchange messages.

Application Domain Security involves secure messaging between the USIM andnetwork, which requires authentication of the application, and the origin of the datareceived. Once again a check is made that data has not been altered since beingsent. Other checks include the detection of replay of application data, arrival insequence, and proof of receipt. These features are all based on GSM SIMApplication Toolkit security features.



USIM HomeNetwork

Signalling

UserApplication

ProviderApplication

MobileEquipment

AccessNetwork

Home/ServingStratum

TransportStratum

Ciphering

Authentication

Authentication, data alteration checks etc

Pin

ApplicationsStratum

ServingNetwork

Network Access SecurityNetwork Domain SecurityUser Domain SecurityApplication Domain Security(plus Visibility & Configurability)

Fig. 21 – UMTS Security Architecture



– visibility and configurability of security – enables user to know whether a securityfeature is in operation, and whether service provision is dependent on the feature.

Visibility refers to an indication that encryption is enabled and may includeindication of the level of security provided. This may be particularly important whenroaming between networks providing different levels of security, e.g. from 3G to 2G.

Configurability means that the user and user’s home environment can both configurewhether provision of a service depends on a certain security feature being inoperation. For example a user and/or user’s home environment should be able tocontrol USIM authentication, reject non-ciphered incoming calls, reject non-cipheredcall setup, reject use of certain ciphering algorithms and so on.

For multiple services, user ID, authentication and key agreement take placeindependently in each service domain. User plane traffic is ciphered with the cipherkey agreed for a service domain.



USIM HomeNetwork

Signalling

UserApplication

ProviderApplication

MobileEquipment

AccessNetwork

Home/ServingStratum

TransportStratum

Ciphering

Authentication

Authentication, data alteration checks etc

Pin

ApplicationsStratum

ServingNetwork

Network Access SecurityNetwork Domain SecurityUser Domain SecurityApplication Domain Security(plus Visibility & Configurability)

Fig. 21 – UMTS Security Architecture



6. USER EQUIPMENT

6.1 Mobile Equipment service capabilities

Terminals must be able to establish and maintain several connections simultaneously,and also must be able to support a wide range of teleservices, bearer services andapplications. Terminals must be able to specify their capabilities to the network (e.g.for MExE negotiations), and to support new supplementary services which may bedeveloped.

There are basic mandatory requirements as shown opposite, but in general,standardisation and specification processes for UMTS aim to avoid limiting terminals,and so are not extensive. Certain interfaces within the terminal are referenced toexisting interface standards, and of course, the USIM forms a key part of serviceaccess and application control.

As well as the USIM, Mobile Equipment in UMTS must support both GSM phase 2and phase 2+ SIM as access modules to 3G, even if this limits security to GSM levels.



Fig. 22 – Mandatory User Equipment Requirements


• Encrypted interface between terminal & UICC(UMTS IC Card)

• Support GSM Ph2 & Ph2+ SIM

• Home & Serving Network registration/deregistration

• Location update

• Originate/receive a connection/connectionlessservice

• Possess an IMEI (International MobileEquipment Identifier)

• Terminal capability i.d. (e.g. MExE classmark,bearer service support)

• Emergency call support

• Encryption algorithm execution

• Ciphering indicator

• Network selection


6.2 The UMTS IC Card (UICC) and UMTS Subscriber Identity Module (USIM)

6.2.1 UICCA new feature in UMTS is the introduction of the UICC, a physically secure chip carddevice which can be removed from terminals.

The plug-in format of the UICC is as for GSM smart cards, although a smaller formatis undergoing further study. Electrical specifications cover the 1.8V and 3V rangesspecified for GSM.

However, unlike in 2nd generation SIM cards, the UICC can host a number ofapplications, of which USIM is just one. Others may include banking applications,address books and so on.

Each application has its own domain on the UICC, and it is possible to manage eachapplication separately, such that security and operation of one application is notinfluenced by the actions of one in a different domain. However, applications canshare common address book information.

In order to access a UMTS network, one of the applications on the UICC must be aUSIM, however it is also possible to host more than one USIM on a single UICC.Only one USIM is permitted to be active at a time.

6.2.2 USIMThe USIM provides storage for subscription and subscriber related information and isused to provide security features (as seen earlier). If the USIM is removed, serviceterminates immediately. The USIM may also contain the user profile(s).

Functions of the USIM include authenticating the user, and providing additionalsecurity functions which may be required.

It is not possible to access data which is for internal USIM use only(e.g. authentication keys).

USIM allows for the transfer of applications (download), and may include anapplication environment (such as MExE). In this respect, a mechanism is specified bywhich the Mobile Equipment, USIM and Network can exchange service capabilityinformation for QoS and negotiation purposes.



USIM1

USIM2

Application1

UICC

Application2

USIM

AddressBookInfo

Mobile Equipment

Standardised Interface

• Subscriber Information• Authentication & Security• Application Environments, eg MExE

Fig. 23 – Elements of the UMTS IC Card



6.2.3 Information Storage on UICC and USIMUICC related information includes:

– the IC card i.d., uniquely identifying the UICC and card issuer

– preferred language information

– a directory of applications stored on the UICC

Information related to the USIM is listed opposite. In addition to this, there is also information associated with security requirements, including the PIN, an indicator of whether it is enabled or not, and a counter for PIN errors. Other security information includes the Unblock PIN, which has its own errorcounter, as well as data integrity keys and subscriber authentication keys.

Address book information stored on the UICC may be available to both the USIMand to other applications.



Fig. 24 – Information Storage on UICC and USIM


a) UICC Information• UICC card i.d.

• Preferred language

• Directory of applications

b) USIM Information• Administrative info

• USIM service table: optional services provided

• IMSI (unique subscriber i.d. number)

• Language indicator

• Location information

• Cipher key and sequence number

• Access control classes

• Forbidden networks

• Phase identification (GSM Phase 2, 2+, UMTS Phase 1 etc.)

• Ciphering key for GPRS

• GPRS location information

• Cell broadcast information

• Emergency call codes

• Phone numbers

• Short messages and related info

• Capability & configuration info

• Home Network search period

• Broadcast channel info – used in cell selection

• Various security information

section two

Documents