ericssonhistory.com

Ericsson 2/2000REVIEWTHE TELECOMMUNICATIONS TECHNOLOGY JOURNAL

EricssonREVIEWContentsTHE TELECOMMUNICATIONSTECHNOLOGY JOURNALThe purpose of Ericsson Review is toreport on the research, developmentand production achievements made intelecommunications technology atEricsson. The journal is published inEnglish and Spanish and distributedquarterly to leaders in more than 130countties.Address:Telefonaktiebolaget LM EricssonSE-126 25 Stockholm, SwedenPhone:+46 8 719 00 00Fax: +46 8 681 27 10Internet:http://www.ericsson.com/reviewNew subscriptions:ht tp: //www .ericsson .com/reviewAddress changes and distribution:Fax: +46 8 681 27 10inger.bergman.willix@lme.ericsson.sePublisher: Jan UddenfeldtEditorial board: Hans Alberg, MagnusFrodigh, Anders Hidmark, Lena Krogstad,Filip Lindell, Lennatt Norell,Hans Oskar, Sture Sjosttom, BengtStavenow, Lars-Gunnar Sundin, PeterSvard, Ulf Westin, Peter Ohman,Hakan OsterbergEditor Eric PetetsonProduction manager: Eva Karlsteineva.karlstein@lme.ericsson.seLayout: Paues Media, StockholmIllustrations: Claes-Goran Andersson, HaraPrinter Ljungfbretagen, OrebroISSN: 0014-0171Volume: 77, 2000Cover The R520 is the first Ericssonphone to support GPRS, HSCSD and Bluetooth—allin the same unit. It also hastriple-band functionality, which allowsusers to communicate on GSM networksthroughout five continents. Other featuresinclude WAP 1.2, which supports securedigital signature technology, e-mail functionality,a calendar function, and automaticsynchronization with a PC via the Internet,Bluetooth and infrared technology.© Telefonaktiebolaget LM EricssonEvolving from cdmaOne to third-generation systemsThrough the acquisition and development of industry-leading CDMA expertiseand resources, Ericsson has demonstrated strong commitment to the growth andevolution of IS-95-based CDMA systems. Ericsson has a strong product offeringand a comprehensive five-step plan for migrating CDMA systems into thirdgenerationsystems. Page 58Third-generation TDMAThe TDMA and GSM systems have chosen the same EDGE radio-access and GPRSpacket-switched core network technologies to provide third-generation services inexisting spectrum. EDGE can be deployed in two modes in TDMA systems:Classic and COMPACT. The COMPACT system supports UWCC requirementsfor third-generation services with high spectral efficiency and initial deploymentwithin less than 1 MHz of spectrum. Page 68Business solutions for mobile e-commerceAs the world wakes up to the huge potential of mobile e-commerce, mobile operatorsand service providers will have the unique opportunity to establish a lead inthe market. The right combination of mobile systems, Internet, payment, and securitytechnologies now exists to make mobile e-commerce a commercial reality.Ericsson's Mobile e-Pay solutions enable operators and service providers to generatenew classes of service based on each user's geographical location and personalprofile. Page 80The RBS 2206—A flexible ticket to third-generationwireless systemsThe migration from second-generation to third-generation mobile systems is oneof the core issues facing the industry as it enters into the new telecoms world.Ericsson is committed to making this migration as seamless as possible for theoperator. One of Ericsson's cornerstone products is a new, indoor macro-basestation—the RBS 2206. Page 93Communications security in an all-IP worldThe increased use of the IP suite creates a strong need for comprehensive securitysolutions. Today, malicious users can easily eavesdrop IP traffic, redirect traffic, introducefalse packets, modify packets, mount denial-of-service attacks, and introduceharmful software into systems. One way of countering these attacks is to maintainstrict control of access to the network by means of firewalls and secure loginprocedures. To complement access control and obtain the necessary level of security,the traffic itself must be protected. Cryptography provides the techniquesneeded to build secure communications. Protection mechanisms authenticate users,encrypt packets and protect them from being modified. Page 96HIPERLAN type 2 for broadband wirelesscommunicationThe aim of several standardization efforts, including GPRS, EDGE, and UMTS, isto meet the requirements being put on wireless data communication. The HIPER-LAN/2 standard specifies a short-range (150 m), high-speed (up to 54 Mbit/s)radio-access system that can be used globally in the 5 GHz band. This attractivestandard enables low-cost devices in a system that yields high throughput withQoS support. Page 108Ericsson Review No. 2, 2000 53

ContributorsIn this issueLuis BarrigaRolf BlomChristian GehrmannJamshid Khun-JushOlle KallstromGwenn LarssonSara MazurJohan MolnoMats NaslundPeter SchrammJohan Torsner!•[ ] Luis Barriga is a researcherOOOODDD at the Communications SecurityLab, Ericsson Research. From 1986to 1997 he worked in academia as systemsadministrator and research engineer in operatingsystems and parallel computing. Hejoined Ericsson in 1997 to work in securityfor e-commerce, messaging, WAP, and theInternet. He holds an M.S. in applied mathematicsand a Ph.D. in computer systemsfrom the Royal Institute of Technology,Stockholm.Luis.Barriga@ericsson.comDiDDDDDD Rolf Blom is an expert inDD[][][][][] mobile communicationssecurity and manager of the CommunicationsSecurity Lab at Ericsson Research. Hefirst joined Ericsson in 1984, working mainlywith the development of crypto andcrypto-based products for defense communicationsuntil 1995. After a period of workabroad he returned to Ericsson in 1998 andbecame active in establishing the researchand development of security withinEricsson. He holds an M.S. in electrical engineeringfrom the Royal Institute of Technologyin Stockholm, and a Ph.D. in informationtheory from Linkoping University.rolf.blom@era.ericsson.seDD100DDD Christian Gehrmann, whoDDDDDDD joined Ericsson Research in1997, works with issues relating to protocolsand ad hoc security. He has also participatedin WAP standardization as relates to security.He was one of the founders of what is nowthe security unit at Ericsson Research. Heholds an M.S. in electrical engineering and aPh.D. in Information Theory, both from theLund Institute of Technology.christian.gehrmann@era-t.ericsson.seDDDiDDDD Jamshid Khun-Jush is aDDDDDDD Senior Specialist in thefield of wireless LANs at the research departmentof Ericsson Eurolab in Nuremberg,Germany. Since joining Ericsson, in1996, he has been engaged in the researchand development of broadband radio-accesssystems. He chaired the physical-layer specificationwork of the HIPERLAN type 2standard within the ETSI BRAN projectand acts as the coordinator of all workinggroups related to this standard. In addition,he has chaired the BRAN project since May1999- He had a key role in the cooperationbetween three projects—BRAN, IEEE802.11, and the Japanese MMAC—resultingin closely aligned specifications for a 5GHz radio for wireless broadband LAN andshort-range applications. He received a B.S.from the Sharif Technical University inTehran, Iran, in 1978, and Dipl.-Ing. andDr.-Ing. degrees from the Technical Universityof Darmstadt, Germany, in 1989and 1995, respectively, all in electrical engineering.jamshid.khun-jush@eed.ericsson.seDDDDIDDD Olle Kallstrom is current-••••••• ly manager of mobile e-commerce business strategies at EricssonRadio Systems' Internet Applications businessunit. He has worked within the wirelessand Internet industry since 1985, gainingextensive experience from within thefields of operational management, engineering,product management, standardization,systems design, and development. Fortwo years, while serving as a senior telecommunicationsconsultant, he helped launchdata clearing and financial net settlementservices. Since joining Ericsson, in 1995, hehas held strategic product manager positionsfor GPRS, mobile Internet applications,and mobile e-commerce.olle.kallstrom@era.ericsson.seDDDDDiDD Gwenn Larsson, whoDDDDDDD joined Ericsson in 1999 aspart of the Qualcomm acquisition, is currentlythe Director of Technical and StrategicMarketing in the new CDMA Systemsbusiness unit. Prior to joining Ericsson,Gwenn worked for three-and-a-half years invarious technical and product marketingroles at Qualcomm. She began her career inwireless systems in 1989, working for Mo-54 Ericsson Review No. 2, 2000

ChristoferLindheimerGoran MalmgrenHis research interests are focused on cryptographicalgorithms.mats.naslund@era-t.ericsson.seDDnnnDDD Peter Schramm works forDDDiDnn Ericsson Research atEricsson Eurolab Deutschland in Nuremberg.At present, he is on assignment atEricsson Radio Systems in Stockholm,where he heads up research on radio-accessalgorithms for EDGE. Since joiningEricsson in 1996, he has contributed to workon the development of baseband algorithmsfor HIPERLAN/2 and EDGE. He has alsobeen involved in the standardization ofHIPERLAN/2. He holds a Dr.-Ing. degreefrom the University of Erlangen-Nuremberg,Germany.peter.schramm@eedn.ericsson.seMagnus WaleijPer Wilentorola as a systems engineer. She holds a B.S.in electrical engineering from MichiganTechnological University,g. larsson@ericsson. comDDDDDDiD Christofer Lindheimer re-0000000 ceived an M.S. in engineeringphysics from the Lund Institute of Technology,Lund, Sweden. He joined Ericssonin 1996, and has worked at the business unitfor TDMA systems since 1998, participatingin the development of EDGE as a thirdgenerationsolution for radio access.christofer.lindheimer@era.ericsson.se•••QDDDI Goran Malmgren is cur-Dnnnnnn rently manager of the air interfacearchitecture group at Ericsson Research.Since joining Ericsson in 1997, he hasprimarily been engaged in the development ofwireless LANs. In particular, he has had overallresponsibility for HIPERLAN/2 standardization.He holds an M.S. in computer scienceand engineering from Linkoping Institute ofTechnology, and a Ph.D. in radio communicationsystems from the Royal Institute ofTechnology, Stockholm.goran.g.malmgren@era.ericsson.se•••••••• Sara Mazur received M.S.•••••QD and Ph.D. degrees in electricalengineering from the Royal Instituteof Technology, Stockholm, Sweden. InEricsson Review No. 2, 20001995, she joined the Radio Access and AntennaSystems Research department atEricsson Radio Systems, to research adaptiveantennas in cellular systems. In 1998,she moved to the business unit for TDMAsystems where she is manager of the TechnologyEvolution Radio Access Networkunit within the Systems and Technology department.Sara is currently active in developingEDGE as a third-generation solutionfor radio access.sara.mazur@era.ericsson.sennDDDDDD Johan Molno joined Erics-• I • • D • D son in 1995 and has workedat the business unit for TDMA systemssince 1998, participating in the developmentof EDGE as a third-generation solutionfor radio access. He holds an M.S. inelectrical engineering from the Royal Instituteof Technology, Stockholm, and a Licentiateof engineering degree fromChalmers University of Technology, Goteborg,Sweden.johan.molno@era.ericsson.seDDDDnDDn Mats Naslund joinednniDDDD Ericsson in 1999 andmoved to the newly formed CommunicationsSecurity Lab at Ericsson Research afterfinishing a Ph.D. in cryptography at theRoyal Institute of Technology, Stockholm.Mats also holds an M.S. in computer science.••••DDDD Johan Torsner joinedDDDDiDn Ericsson in 1998 to serve asthe leader of radio network system design atEricsson WLAN Systems. In this role, hewas mainly involved in standardization andalgorithm development for the HIPER­LAN/2 system. In January 2000, he movedto Ericsson Finland as system expert onWCDMA. He holds an M.S. in electrical engineeringfrom the Royal Institute of Technology,Stockholm.johan.torsner@lmf.ericsson.seDDDnDDDD Magnus Waleij joined theDDDDDBD department of Systems Engineering,Radio Network Design for AmericanStandards at Ericsson Radio Systems in1994. In 1998 he moved to the TechnologyEvolution Radio Access Network unit withinthe Systems and Technology departmentof the TDMA Systems business unit wherehe works with EDGE as a third-generationsolution for radio access. He holds a B.S. inelectrical engineering from the Royal Instituteof Technology, Stockholm, Sweden.magnus.waleij@era.ericsson.sennnnDDDD Per Wilen works as Strate-•••DDDi gic Product Manger ofGSM macro-base stations at Ericsson RadioSystems. In his current capacity, he is responsiblefor the RBS 2206 and EDGEstrategies for GSM macro-base transceiverstations. He joined Ericsson Radio Systems'design department for GSM base transceiverstations in 1994. He holds a Master of Sciencedegree from the Royal Institute ofTechnology in Stockholm.per.wilen@era.ericsson.se55

Ericsson Review is also published onthe Web. Visit us atwww.ericsson.com/review.56 Ericsson Review No. 2, 2000

EditorialEric PetersonThe purpose of Ericsson Review is to reporton the research, development and productionachievements made in telecommunicationstechnology at Ericsson. The purposeof this column, on the other hand varies,but I generally attempt to tie technology toreal-life applications—I often employ"what if" scenarios to describe how I hopewe might benefit from technology. I alsouse this space to give voice to different personalitiesat Ericsson. In this issue, however,I want to use this column to highlighttwo programs initiated and funded byEricsson that promote the use of technologyfor the express purpose of helping peoplein need.ERICANow in its second year, the Ericsson InternetCommunity Awards (ERICA) program seeksto transcend borders by using the Internetand technology as a platform for exchangingideas and information, while building acommunity that is based on cooperation, innovationand partnership. The ERICA programgrew out of Ericsson's strong commitmentto use technology to connectpeople and improve lives. Ericsson is bridgingthe digital divide by developing Internet-basedapplications to expand and increasephilanthropic goals and aspirations ofnon-profit organizations. The ERICA 1999winners were:• The National Library for the Blind (NLB),Stockport, UK—Dedicated to ensuringthat visually impaired people get the sameaccess to library services as sighted people,the NLB will improve its websitewith the latest database technology to createa well-stocked bookshop online thatpresents information on new books in anexciting, dynamic and revolutionary way.• Medical Training Worldwide, Novato,CA, USA—In order to teach modernsurgery, anesthesia, and critical care techniquesto physicians and nurses in developingcountries, Medical TrainingWorldwide will create an online databaseto assist in the collection of donated medicalequipment, coordinate physicians/nurse volunteers and search for areas inneed of medical training.• Kids HealthLINK, San Francisco, CA,USA—With the ERICA program, KidsHealthLink will broaden the support andresources available to children from lowincomehouseholds living with severe illnesses,such as cancer and HIV/AIDS.After their release from the hospital, childrenwill be able to communicate via personale-mail accounts with their physiciansand school-based peers and other recoveringchildren.Ericsson ResponseThis past April, Ericsson announcedEricsson Response, a global initiative aimed atdeveloping better and faster response tohuman suffering caused by disasters. Thisinitiative formalizes Ericsson's commitmentto the issue based on its previous involvementin and experience of various disasterresponse efforts throughout the world.Throughout our history, Ericsson hasbeen involved in numerous disaster responseefforts. Recent experiences range from providingmobile base stations for refugeecamps during the Kosovo crisis and reinstallingdamaged telecom equipment forearthquake victims in Turkey, to providingphones to flood victims in Venezuela.Ericsson Response includes the followinginitiatives:1. Ericsson offices around the world are establishinglocal disaster preparedness programsin partnership with the United NationsDevelopment Program (UNDP),the Office for the Coordination of HumanitarianAffairs (OCHA), and the InternationalFederation of Red Cross andRed Crescent Societies (IFRC).2. Rapid deployment communications solutionswill be developed that encompassEricsson technologies to support and respondto the unique communicationschallenges of each disaster.3 • The development of an Ericsson Responsevolunteer program will give employeesthe opportunity to become involved in responseefforts.4. The initiation of a global issue advocacycampaign with the aim of increasingawareness and rallying support for disasterresponse as a means of driving additionalcorporate involvement in the issue.5. Ericsson is hosting a virtual Web-basedcommunity for knowledge managementand expertise on disaster response.6. Ericsson is gathering international expertiseon disaster response to garnerlessons learned and to share new technologiesfor communications during disasters.7. Ericsson is sponsoring an ITU handbook:"Disaster Communications Handbook forDeveloping Countries."Eric PetersonEditorEricsson Review No. 2, 2000 57

Evolving from cdmaOne to third-generationsystemsGwenn LarssonThe evolution to third-generation services is a hot topic in the CDMAindustry. The convergence of voice and data services and packetswitchednetworks is transforming the entire playing field for mostcdmaOne providers. Additionally, the division between wireline, wireless,and Internet service providers (ISP) is beginning to blur. The wireless networksof the future must be able to handle certain traffic loads and providetelecommunications reliability to all customers—even those who useInternet services.Although Ericsson CDMA Systems is a relatively new player in the wirelessmarket, thanks to the cooperation of numerous contributing productunits, it can provide a total system offering of CDMA and thirdgenerationservices.The author describes Ericsson's comprehensive, but flexible and variedfive-step path for migrating present-day IS-95 systems to a fully layered,third-generation solution.IntroductionAs cdmaOne (IS-95 CDMA) operatorsbegin delivering a wide range of voice anddata services over diverse media, their networksmust evolve to support a complex mixof user demands. Ericsson's cdmaOne productsand services are positioned to guaranteean effective and cost-conscious deliveryof all telecom services—today andtomorrow.Figure 1 illustrates the layered networkarchitecture of the future, which will enablethe efficient delivery of voice and data services.A layered network architecture, coupledwith standardized open interfaces forwireless networks, will allow operators tointroduce and roll out new applications andservices more rapidly than they ever imagined.Ericsson is aggressively developingproducts that allow for the delivery of traditionaltelecom services and newly formedpacket-based (Internet) services over thesame backbone. We are committed to helpingcdmaOne operators to make the transitionfrom present-day IS-95 networks to thethird-generation networks of tomorrow.Our comprehensive and varied migrationpath allows operators to choose to what extentas well as how fast they want to evolvetheir networks. These migration options canmost easily be understood in terms of fivesteps, as described below. Any or all of thesesteps can be adopted on the road to a profitablethird-generation business.In addition to migrating their networkstoward a layered network architecture, someoperators want to implement all-IP deliveryof services. That is, they want to eliminatecircuit-switched services from their networks.The standards for third-generationall-IP networks are being defined for IS-95 -based systems in the Third Generation PartnershipProject (3GPP2).Figure 1Future layered network architecture.58 Ericsson Review No. 2, 2000

Evolution of the IS-95 airinterfaceIS-95-ABefore we discuss the evolution of specificproducts, we need to review the evolutionof the IS-95 air interface, which was standardizedby the Telecommunications IndustryAssociation (TIA) in July 1993. Networksthat utilize the IS-95 CDMA air interfaceand the ANSI-41 network protocolare branded as cdmaOne networks. EricssonIS-95 networks utilize one or more1.25 MHz carriers and operate within the800 and 1900 MHz frequency bands.The first commercial launch of a cdmaOnenetwork was in Hong Kong, in September1995. Today, there are more than 50 millioncdmaOne subscribers worldwide. Somekey benefits of the IS-95 air interface are softhandoffs (a make-before-break concept that reducesdropped calls) and increased capacitycompared to AMPS networks.Ericsson's current cdmaOne productportfolio was designed from the ground up• to maximize the advantages of CDMAdigital wireless technology; and• to incorporate the efficiencies of IP—forexample, the Ericsson cdmaOne network,known as CMS 11, supports packet dataat rates of up to 14.4 kbit/s (as supportedin the IS-95-A standard) and packetbasedtransport on the backhaul.IS-95-BThe original IS-95-A air-interface standardwas supplemented with the IS-95-B standard,which includes several improvementsfor hard-handoff algorithms in multicarrierenvironments and in parameters that affectthe control of soft handoffs. Nonetheless, theprimary change in the standard had to dowith higher data rates for packet- andcircuit-switched CDMA data: data rates ofup to 115 kbit/s can now be supported bybundling up to eight 14.4 or 9-6 kbit/s datachannels (14.4 kbit/s • 8 = 115.2 kbit/s).Today, some operators in Asia are implementingIS-95-B data with service rates ofup to 64 kbit/s.3G IS-95/cdma2000The third-generation evolution of IS-95-based systems is referred to as cdma2000.This wireless standard was developed to supportthird-generation services (IMT-2000)as defined by the International TelecommunicationUnion (ITU). The standard isdivided into two phases, commonly knownas IX and 3X.IS-2000/cdma20001XThe cdma2000 IX standard (IS-2000) hasbeen completed and published by TIA. Theterm IX, derived from IXRTT (radiotransmission technology), is used to signifythat the standatd carrier on the air interfaceis 1.25 MHz—the same as for IS-95-A andIS-95-B (that is, 1 • 1.25 MHz). This standardcan be implemented in existing spectrumor in new spectrum allocations. Thestandard also paves the way for the nextphase of thitd-generation networks—cdma2000 3X (IS-2000-A). In brief,cdma2000 IX, which is implemented in existingspectrum allocations,• delivers approximately twice the voice capacityof cdmaOne;• provides average data rates of 144 kbit/s;• is backward-compatible with cdmaOnenetworks and terminals; and• enhances performance.BOX A, ABBREVIATIONS1X3GPP23XAAAACAMPSANSIATMBSCBSSCDMACORBADS-41GCPGPRSGSMHAHDMLHLRIMT-2000IOSIPFrom cdma2000 1X (IS-2000),derived from 1XRTT), which signifies1 • 1.25 MHz carrierThird-generation Partnership ProjectFrom cdma2000 3X (IS-2000-A),derived from 3XRTT, which signifies3 • 1.25 MHzAuthentication, authorization andaccountingAuthentication centerAdvanced mobile phone serviceAmerican National Standards InstituteAsynchronous transfer modeBase station controllerBase station subsystemCode-division multiple accessCommon object request brokerarchitectureDirect-sequence air interface on anANSI-41 core networkGateway control protocolGeneral packet radio serviceGlobal system for mobile communicationHome agentHandheld device markup languageHome location registerInternational mobile telecommunication2000Interoperability standardInternet protocolIS-2000IS-2000-AIS-95ISPITUIWFLMDSMAPMGWOHAPCNPCSPDSNPSTNQoSRBSRTTSBSSCESCPSMSSMSCTIAVoIPWAPWCDMAWINcdma2000 1Xcdma2000 3XSpecification of the air interfaceused for CDMAInternet service providerInternational TelecommunicationUnionInterworking functionLocal multipoint distribution systemMobile application partMedia gatewayOperators Harmonization AgreementPacket core networkPersonal communication servicesPacket data service nodePublic switched telephone networkQuality of serviceRadio base stationRadio transmission technologySelector bank subsystemService creation environmentService control pointShort message serviceSMS centerTelecommunications IndustryAssociationVoice over IPWireless application protocolWideband CDMAWireless intelligent networkEricsson Review No. 2, 2000 59

Figure 2Operators Harmonization Agreement.IS-2000-A/cdma2000 3XThe cdma2000 3X standard is scheduled forcompletion in early 2000. The term 3X, derivedfrom 3XRTT, is used to signify threetimes 1.25 MHz or approximately3.75 MHz. The cdma2000 3X multicarrierapproach, or wideband cdmaOne, is animportant part of the evolution of IS-95-based standards. In all likelihood,IS-2000-A will be followed by supplementalstandards that offer additional functionalityas the industry evolves. In short,cdma2000 3X• offers greater capacity than IX;• offers data rates of up to 2 Mbit/s;• is backward-compatible with IX andcdmaOne deployments; and• further enhances performance.DS-41Another migration path for cdmaOne operatorsis to evolve from cdma2000 IX toDS-41, or to introduce DS-41 into newIMT-2000 spectrum. As part of the OperatorsHarmonization Agreement (OHA) forthird-generation systems, cdma2000 systemsthat are based on the multicarrier airinterface and WCDMA systems based onthe direct-sequence (DS) air interface (3.84MHz) will be compatible with ANSI-41/mobile IP and GSM-MAP/general packetradio services (GPRS) core networks (Figure2). Accordingly, cdmaOne operators canimplement a solution that uses the directsequenceair interface on an ANSI-41 corenetwork (DS-41).Most cdmaOne operators plan to implementcdma2000 1X for increased voice capacityand faster data rates. But instead ofmigrating to cdma2000 3X, many are eyeingother technologies, such as IX with enhanceddata, DS-41, or even local multipointdistribution system (LMDS), for highspeeddata access. Ericsson understands themarket's need for different paths of evolutionand is fully prepared to support them.Step 1: UpgradingcdmaOne systems withEricsson infrastructureFigure 3 shows the typical components ofthe cdmaOne system infrastructure.Ericsson provides the items depicted in blue,for expanding coverage and capacitythrough an open interface from the mobileswitching center (MSC) to the CDMA accessnetwork. In cdmaOne systems, the openinterface between the MSC and the base stationcontroller (BSC) is generally referred toas the interoperability standard (IOS).The original standard for the MSC-BSCinterface in CDMA systems was defined in60 Ericsson Review No. 2, 2000

the IS-634 specification from TIA. The IOS,which is a refinement of the IS-634 specification,has been broadly embraced bycdmaOne operators worldwide. Ericsson hasdeployed several IS-634 and IOS networks,and supplied equipment to the base stationsubsystem (BSS) of the world's first commercialimplementation of the IOS(Figure 3).The primary nodes in most present-dayCDMA systems are the MSC, the radioaccessnetwork, a home location register(HLR), an interworking function (IWF),and a handheld device markup language(HDML) server. Other key elements includeoperations and network management systems,voice-mail servers and short messageservice centers (SMSC).In most cdmaOne systems, the interworkingfunction is an external piece ofequipment that provides subscribers withdata services and Internet connections.However, for more efficient and costeffectivedelivery of data services, Ericsson'sCDMA network offers the choice of embeddingthe interworking function and packetdatarouters in the BSC.The HDML server is used for deliveringInternet content to cdmaOne phones thatare equipped with HDML microbrowsers.In the near future, wireless application protocol(WAP) microbrowsers will also be introduced.Radio base stationsEricsson's cdmaOne radio base stations(RBS) and BSCs support the current IOS interface.The RBS 1106 and 1107—which isEricsson's most recent RBS product forCDMA—were designed using direct operatorinput for requirements such as:• rapid network build-out;• support of high-capacity and long-rangecoverage;• low operating costs;• high reliability;• simple operation;• low deployment costs; and• support of future generations of technology(upgradeable to third-generation systems).Available for operation in the 800 and1900 MHz frequency bands, the RBS 1106is a modular product that consists of a mainunit and up to three isolated remote units(Figure 4). It is a true macro-cellular product(15 watts of output power at the antenna)in a micro-cellular package. The RBS1107, which is a multicarrier version, wasFigure 3Step 1: The Ericsson BSS, which can interoperate with any present-day cdmaOne network.Figure 4The Ericsson RBS 1106—typical installationconfiguration.Ericsson Review No. 2, 2000 61

more features, and greater reliability. TheEricsson CMS 11 products that can be integratedfor this step include the IWF, HLR,WAP gateway, and AXE 10 CDMA switchingplatform, each of which will be commerciallyavailable before the end of 2000.Because these products make use of open interfaces,they can be integrated into anyCDMA network (Figure 5).Figure 5Step 2: Enhancing service offerings. New additions to the network are shown highlightedin blue.announced in February and will be commerciallyavailable during the second half ofthis year.BSCEricsson's CMS 11 BSC is a flexible and scalablepacket-based product. When designingthis product, engineers put special emphasison• the efficient handling of backhaul to andfrom base stations;• advanced power control—to improveCDMA air-link capacity; and• best-in-class processing of soft handoffs.The CMS 11 BSC is currently the only productin the industry that can supportcdmaOne packet-data services. It also has anintegrated interworking function that allowsoperators to offer voice and data servicesvia the same selector cards from the selectorbank subsystem (SBS.)Step 2: Increasing serviceofferingsService differentiation and reduced costs ofdelivering existing services are operators'primary requirements. Step 2 of Ericsson'smigration path introduces enhanced data,MSCAXE 10, which is one of the most acclaimed,highly reliable switches in the industry forwireless applications, is well configured fordelivering the services and features of tomorrow'slayered network architecture.Ericsson's feature-rich switching platformcan be installed by new customers or by existingcdmaOne operators who are interestedin replacing their current switching solution.The AXE will be IOS-compliant andcapable of supporting over 400,000 wirelesssubscribers. The CDMA version of theAXE 10 MSC will be available in mid-2000.IWFIn response to operator demands for greatercapacity, Ericsson will soon begin offeringan external interworking function for processingcdmaOne data calls through theMSC. The interworking function, whichwill be based on the Tigris platform 1 , caneasily be migrated to new standards forthird-generation systems. Ericsson's interworkingfunction will offer more than threetimes the capacity of the nearest competitor'sproduct.HLRTo maintain a strong and loyal subscriberbase, operators need new, high-value servicesthat target an increasingly segmentedend-user market. The open-interface Jambalaplatform 2 , which is Ericsson's next-generationapplication platform, facilitates thedelivery of industry-leading user featuresand introduces wireless intelligent networking(WIN) capabilities into CDMAsystems.Ericsson's CDMA HLR provides reliableoperations with zero downtime. Furthermore,in addition to (or instead of) servingas an HLR, this multi-application platformcan function as a service control point (SCP)or authentication center (AC). And becauseit supports Java and CORBA technology,the CDMA HLR also provides operatorswith an ideal service creation environment(SCE).62 Ericsson Review No. 2, 2000

WAP gatewayWAP-capable phones will become availableon the market in mid-2000. CDMA operatorswho want to offer WAP functionalitycan integrate Ericsson's CDMA WAP gateway.The WAP gateway system thus satisfiesoperator requirements for a server thatprovides standardized delivery of microbrowserInternet applications. Like theCDMA HLR, Ericsson's WAP gateway forCDMA is based on the Jambala platform.Step 3: Improved packethandling,Phase I 3GTo offer third-generation services, operatorswill have to invest in the access and core networksof their systems. Obviously, operatorswill be looking for solutions that are easy toadopt and provide a wide range of services.Initially, emphasis will be put on the introductionof high-speed mobile data services,multimedia services, and services that requirea guaranteed quality of service (QoS).End-users will expect to have access to servicesanywhere and at any time. Moreover,they will expect reliable, secure connectionsduring transmissions. Step 3 in Ericsson'ssolution for migrating cdmaOne systems tofuture third-generation systems begins withthe addition of a cdma2000 IX access networkand the introduction of new packetdataservices, mainly in the form of mobileIP (Figure 6).cdma2000 packet core networkDuring the first quarter of 2001, operatorswill be able to enhance interworking functionsfrom Ericsson with software and hardwarethat support the packet-handling capabilitiesdefined for third-generation systems.The interworking function will thusalso become a packet data service node(PDSN). Similarly, a new server can beadded for authentication, authorization andaccounting (AAA). Ericsson will also introducehome-agent infrastructure andhome/foreign-agent software to supportmobile IP functionality.Mobile IP, which gives data users seamlessmobility in and between CDMA networks,is the basis of the cdma2000 packetcore network (PCN). Based on the Internetstandard for mobility, mobile IP incorporateshome agents (HA) and foreign agents(FA) into the CDMA packet data equation.The cdma2000 packet core network also offersmechanisms for more secure data delivery.The PCN standards for cdma2000 areFigure 6Step 3: Phase I 3G wireless capabilities.being defined by the TR45.6 workinggroup within TIA.Because Ericsson's PCN solution is basedon open interfaces, it can easily be integratedinto any IOS-compliant cdma2000 infrastructure.The design of the cdma2000PCN draws on the know-how Ericssongained while developing its GPRS nodes forGSM and WCDMA systems. The EricssonPCN makes efficient use of available spectrumand alleviates the need to use MSCchannel resources when setting up data calls.cdma2000 1X-capable BSSOperators are demanding greater capacityfor voice and faster data solutions. Havinganticipated this development, Ericsson hasdesigned a BSS for cdma2000 IX. The BSS(BSC and multi-carrier macro-RBS) forthird-generation wireless network systemsis based on an ATM/IP platform—the sameplatform on which Ericsson bases itsWCDMA products. The RBS 1106 andEricsson Review No. 2, 2000

Figure 7Ericsson's third-generation BSC.RBS 1107 compact radio base stations (introducedin Step 1) can also be upgraded tosupport cdma2000 IX.The third-generation BSS (BSC and RBS)for cdma2000 IX combines the advantagesof IP with the QoS capabilities of ATM (Figure7). Because the platform has been optimizedfor mobile technology, it can deliverIP services with the same kind of reliabilityas is associated with traditional telecommunications.Ericsson's BSS architecture alsofacilitates migration to voice-over-IP (VoIP)services and serves as the basis for mediagateways (MGW, see Step 5).Step 4: Phase II 3GWhile many of today's cdmaOne operatorsare certain to migrate to cdma2000 IX,many are still defining their needs for migratingto even higher capacity, higherspeed data networks. By supportingcdma2000 3X, DS-41, or other IX enhancements,Ericsson's products are designedto give operators a number of optionsin the future.Phase II 3G RBSEricsson's RBS products for Phase I 3G canbe upgraded to support either cdma20003X or DS-41 wideband technology (PhaseII 3G). After they have been upgraded, theradio base stations will support IMT-2000data speeds of up to 2 Mbit/s over the air.The upgrade to Phase II 3G also includesimproved capacity for voice (Figure 8).Moreover, the technology facilitates internationalroaming between cdma2000 andWCDMA systems (Figure 9).Step 5: Fully layeredarchitectureStep 5 of Ericsson's migration solution resultsin a fully layered network architecture(Figure 10). Wireless operators will structurerheir networks in layers for packet- andcircuit-switched services, or migrate to all-IP systems. The finished network is composedof three layers:• the user application layer;• the control layer; and• the connectivity layer.User application layerThe user application layer will contain theservices for which end-users are willing topay. These services include e-commerce,global positioning services, and other differentiatingservices—each of which resideson off-network servers. In addition, someapplications will be implemented in mobileterminals. Open application programmingwill be used between the off-network serversFigure 8Phase II 3G, Step 4: the addition ofcdma2000 3X- or DS-41 -capable radiobase stations.64 Ericsson Review No. 2, 2000

Figure 9Design of Ericsson's third-generationRBS.and the on-network control plane, to definethe interfaces and to promote developmentcompatibility with CDMA.Control layerThe control layer, which is the "brains" ofthe overall network, incorporates all the networkservers that are needed to provide servicesto any subscriber, regardless of whetherhe or she accesses the network from a wireline,wireless, or IP world. Typical serversin this layer are the HLR, SMSC, AC, AAA,and the newly introduced MSC server.Connectivity layerThe connectivity layer handles the transportof all information, tegardless of whether itis data or voice. This layer can use IP transpott,ATM transport, or a combination ofthe two. The connectivity infrastructure cancarry traffic from fixed line, cable-TV, wirelessor mobile, and private networks, whichmeans that investments made in transportgateways and transmission equipment areprotected even if the traffic mix does notevolve as first expected.The architecture of the connectivity backboneis divided into two parts: the core andthe edge. Cote network equipment transportsall types of traffic between the servicenodes in the operator's network. Typicalcomponents of the infrastructure includerouters, ATM switches, and transmissionmedia. Edge equipment, which provides theadded intelligence that is needed to supportthe core bit stream of voice and data, is necessaryfor interpreting customer-specific instructions,guaranteeing QoS delivery, andforwarding information—for instance,billing information—to the control layer.Two examples of edge equipment technologyin a cdma2000 network are the mediagateway and the packet data service node.Media gatewayThe final step (Step 5) in migtating to athird-generation network is achieved primarilyby dividing the functions of the MSCbetween a media gateway and an MSC server(Figure 10). This is accomplished byadding an IP/ATM interface to the currentMSC and by introducing an open-interfacemedia gateway into the network. AXE 10Figure 10Step 5: Introduction of media gateways.Ericsson Review No. 2, 2000 65

Figure 11Ericsson's timeline for evolving CDMA tothird-generation capabilities.TRADEMARKScdmaOne is a registered trademark of theCDMA Development Group (CDG).Java is a trademark owned by SunMicrosysttems Inc. in the United States andother countries.JAMBALA is a trademark owned by TelefonaktiebolagetLM Ericsson, Sweden.can be logically separated into an MSC serverand a media gateway that supports ATMand IP transport.Ericsson's media gateway for thirdgenerationCDMA systems is based on thesame third-generation ATM/IP platformthat is being used for the BSC and the radiobase stations. Since the emerging ITU standardsfor the gateway control protocols(GCP) are open, Ericsson's media gatewaywill interface to any MSC. The media gateway,which is controlled remotely by theMSC using GCP, contains a full set of voiceand transport resources for converting protocolsbetween different networks. It alsoprovides signaling functionality for convertinglower layer control protocols. In athird-generation system, the media gatewayserves as the "edge" equipment for voice traffic;similarly, the PDSN becomes the mediagateway for data traffic. This is why edgeequipment in the layered architecture is labeledMGW/PDSN. Media gateways alsoserve as points of entry into the publicswitched telephone network (PSTN)—thecircuit-switched world—while routers withor without home agents serve as edge equipmentto the packet-switched world.In terms of transmission, the layered architectureallows transcoders to be locatedat the edge of the cellular network, whichyields gains in transmission efficiency. Intraditional CDMA networks, the transcodersare located at the BSC and restrictedby the IOS specification. Ericsson is workingwith standards bodies to promote optionaltranscoder locations, in order to exploitthe full potential of the layered architecture.Introduction timelineEricsson's timeline for Steps 1 through 5 isshown in Figure 11, where the X-axis indicatesthe introduction of commercial solutions—customerand field trials will occurprior to these dates. The Y-axis serves to remindoperators of the benefits they stand togain from each step in the evolution.End-to-end solutionsAlthough the focus of this article has beenon network elements that are specific to theevolution of systems based on IS-95 CDMA,it should be noted that Ericsson providesbackbone solutions to complement thisstrategy. Indeed, Ericsson can provide operatorswith end-to-end network solutions—including routers, ATM switches, and edgeand core network equipment—that meetcurrent and future demands. As a leader inIP and ATM solutions, Ericsson can provideturnkey solutions for every possible element66 Ericsson Review No. 2, 2000

cdma2000 3X7DS-41cdma2000 3X/DS-41Figure 12Ericsson's end-to-end solutions. Note:network elements are highlighted in blue.Ericsson can supply every element of athird-generation network.of an operator's telecommunications network(Figure 12).ConclusionThe market dynamics for cellular and PCSoperators is quickly changing. Competitionis increasingly being felt from wireline,ISPs, and VoIP providers. Through the acquisitionand development of industry-leadingCDMA expertise and resources, Ericssonhas demonstrated strong commitmentto the growth and evolution of IS-95-basedCDMA systems. Ericsson has a strong productoffering and a comprehensive five-stepplan for migrating CDMA systems intothird-generation systems.A key consideration for operators is theinstallation of high-capacity access equipmentthat is small, simple to deploy, easilyexpandable, and can be adapted to new technologies.Ericsson's compact RBS platformwas designed to fulfill these requirements.A second consideration is the support ofopen interfaces and standardized systemplatforms. Ericsson has a full portfolio ofIOS- and 3GPP2-compliant products.A third consideration is the establishmentof a packet core and switching platformthat is positioned for future multimediaand data services. Here, too, Ericssonhas the products operators need for earlymarket entry.A fourth consideration is the migration toa layered network architecture that paves theway for an all-IP network. Ericsson's endto-endsolutions enable operators to makethis transition at their own pace.As a strong participant in standardsrelatedactivities regarding the evolution ofthe air interface and wireless networks,Ericsson has a leading position relative tothe introduction of centralized control andto the development of a single-transmissionnetwork for customer services. Operatorswho currently deliver wireless services with,or who are planning to install, cdmaOnetechnology can rest assured that Ericsson hassolutions to all their current and future networkneeds.REFERENCES1 Curtin, P. and Whyte, B.: Tigris—A gatewaybetween circuit-switched and IP networks.Ericsson Review Vol. 76(1999):2, pp. 70-81.2 Jones, F.: Jambala—Intellience beyond digitalwireless. Ericsson Review Vol.75(1998):3, pp. 126-131.Ericsson Review No. 2, 2000 67

Third-generation TDMAChristofer Lindheimer, Sara Mazur, Johan Moino and Magnus WaleijBy adopting a common radio-access standard and a common core datanetworkstandard, TDMA and GSM systems can share a common solutionfor third-generation networks.The standardization of the first phase of EDGE is presently about to befinalized in the ETSI Special Mobile Group. Phase I of EDGE includes supportfor best-effort packet-data services with high data rates. Phase II,targeted for the end of 2000, will comprise support for real-time applications.Compared to present-day data services in GSM and TDMA systems,EDGE will provide significantly higher user bit rates and spectralefficiency. It can be introduced smoothly into these systems in existingfrequency bands, reusing the cell planning of previously deployed networks.In this article, the authors describe the concepts for introducing EDGEinto TDMA systems, and address performance issues by means of systemsimulations.IntroductionThe standardization of third-generationmobile communication systems is rapidlyprogressing in all regions of the world. Thework is based on the International TelecommunicationUnion's (ITU) recommendationsfor International Mobile Telecommunications-2000(IMT-2000). By offeringhigh data rates and multimedia capabilities,IMT-2000 systems will enhance the servicesprovided by second-generation systems.'GSM and TDMA (TIA/EIA-136) are twohighly successful second-generation cellularstandards:• more than 256 million people in morethan 120 countries subscribe to GSM; and• the family of TDMA systems (includingEIA-553 and IS-54) serves more than 115million subscribers in over 100 countries.The enhanced data rates for global evolution(EDGE) concept, which is a new timedivisionmultiplexing-basedradio-accesstechnology, gives GSM and TDMA an evolutionarypath for delivering thirdgenerationservices in the 400, 800, 900,1800 and 1900 MHz frequency bands. Theadvantages of EDGE include rapid availability,the reuse of existing GSM andTDMA infrastructure, and support for gradualintroduction. The excellent performanceof EDGE has been demonstrated in a numberof papers."BackgroundEDGE was first proposed to the EuropeanTelecommunications StandardsInstitute(ETSI) in 1997 as an evolution of GSM. Asubsequent feasibility study (completed andapproved by ETSI) paved the way for standardization.7 Although EDGE reuses theGSM carrier bandwidth and timeslot struc-BOX A, ABBREVIATIONS136HS8PSKACANSIARQBCCHBLERBSBSSBSSAP+BSSGPCDFCFCCH136 HighspeedEight-symbol phase-shift keyingAuthentication centerAmerican National StandardsInstituteAutomatic repeat requestBroadcast control channelBlock error rateBase stationBase station systemEnhanced BSS application partBSS GPRS protocolCumulative distribution functionCOMPACT frequency correctionchannelCarrier-to-interference ratioC/lCPAGCH COMPACT packet access grantchannelCPBCCH COMPACT packet broadcastcontrol channelCPCCCH COMPACT packet common controlCPPCHCPRACHCSCHDCCHECSDchannelCOMPACT packet paging channelCOMPACT packet random accesschannelCOMPACT synchronizationchannelDigital control channelEnhanced circuit-switched dataEDGEEGPRSEIAETSIFCCHGGSNGMSCGMSKGPRSGPSGSMEnhanced data rates for globalevolutionEnhanced GPRSElectronic Industries AssociationEuropean TelecommunicationsStandards InstituteFrequency correction channelGateway GPRS support nodeGateway MSCGaussian minimum-shift keyingGeneral packet radio serviceGlobal positioning systemGlobal system for mobilecommunicationHome location registerHLRIMT-2000 International mobileIRISITUIWMSCLALLCLQCMACMCMCSMSCtelecommunications-2000Incremental redundancyInterim standardInternational TelecommunicationUnionInterworking MSCLink adaptationLogical link controlLink quality controlMedia access controlMessage centerModulation and coding schemeMobile services switching centerMTMTPOTAFPACCHPBCCHPCCCHPDNPDTCHPTCCHQoSRLCRTTSCSCCPSGSNSMESMSTDMATETIATNTOMTSTU3UWCCVLRMobile terminalMessage transfer partOver-the-air activation functionPacket-associated control channelPacket broadcast control channelPacket common control channelPacket-data networkPacket-data traffic channelPacket timing advance controlchannelQuality of serviceRadio link controlRadio transmission technologyService centerSignaling connection control partServing GPRS support nodeSignaling message encryptionShort message serviceTime-division multiple accessTerminal equipmentTelecommunications IndustriesAssociationTimeslot numberTunneling of messagesTimeslotTypical urban 3 km/hUniversal Wireless CommunicationConsortiumVisitor location register68 Ericsson Review No. 2, 2000

ture, it is by no means restricted to use withinGSM cellular systems. Instead it can beseen as a generic air interface for efficientlyproviding high bit rates. It thus facilitatesan evolution of existing cellular systems towardthird-generation capabilities.While developing third-generation wirelesstechnology, the TDMA communitychose to adopt an evolutionary approach,basing its proposal for third-generationtechnology on the evolution of currentsecond-generation systems. The UniversalWireless Communication Consortium(UWCC) proposed the 136 High-Speed(136HS) radio interface as a means of satisfyingrequirements for IMT-2000 radiotransmission technology (RTT). Additionalrequirements called for commercially effectiveevolution and deployment in TDMAnetworks:• flexible spectrum allocation;• high spectral efficiency;• compatibility with TDMA;• coverage equivalent to TDMA;• support for macrocellular performance athigh mobile velocities—in particular, theinitial macrocellular deployment shouldnot require more than 1 MHz of spectrum;and• ability to coexist in the same spectrumwith second-generation systems withoutdegrading their performance.After evaluating various proposals, theUWCC adopted EDGE, in January 1998,as the outdoor component of 136HS (laterreferred to as EGPRS-136) to provide 384kbit/s data services. One argument in favorof this approach is that the same technologyevolution can be leveraged for GSM andTDMA systems—which also facilitatesglobal roaming. EDGE was thus includedin the UWC-136 IMT-2000 proposal. InFebruary 1998, this proposal was adoptedby TR-45 and submitted by the US delegationto ITU as an RTT candidate for IMT-2000. 8 In November 1999, the proposal wasapproved as a radio-interface specificationfor IMT-2000. EDGE is currently being developedin two modes for TDMA systems:COMPACT and Classic.COMPACT employs a new 200 kHzcontrol-channel structure. Synchronizedbase stations are used to maintain a minimalspectrum deployment of 1 MHz in a 1 /3frequency-reuse pattern.Classic employs the traditional GSM 200kHz control-channel structure with a 4/12frequency-reuse pattern on the first frequency.EDGE is being developed concurrently inETSI and the UWCC to guarantee a highdegree of synergy in GSM and TDMA systems.The standardization roadmap forEDGE comprises two phases:• Phase I emphasizes enhanced GPRS(EGPRS) and enhanced circuit-switcheddata (ECSD), which technologies were includedin ETSI's 1999 release of the standard.Commercial products will follow in2001.• Phase II, which is being targeted for releasein 2000, is currently being definedto include improvements for multimediaand real-time support.EDGE and EGPRSThe GPRS packet-data system uses the samephysical carrier structure as present-dayGSM cellular communication systems andis designed to coexist with and provide thesame coverage as GSM. The radio interfaceis based on the TDMA-structured GSM systemwith 200 kHz carriers divided intoeight timeslots (TS) using Gaussian minimum-shift-keying(GMSK) modulation. InGPRS, each timeslot can typically serve severalpacket-data users, and users can be allocatedmore than one timeslot to increasedata throughput.The GPRS specification includes fourcoding schemes—which scheme is used dependson the quality of the radio carrier.With GPRS, it will be possible to obtaindata rates well over 100 kbit/s.'EDGE introduces higher level modulationand new coding schemes for packetswitchedand circuit-switched data communication.In addition to GMSK modulation,EDGE introduces eight-symbol phaseshift-keying(8PSK) modulation. The symbolrates for GMSK and 8PSK are the same;that is, approximately 271 kilosymbols persecond. The introduction of EGPRS increasesmaximum bit rates to approximatelythree times that of standard GPRS.New techniques introduced with EDGEoptimize the data throughput for each radiolink. One such technique, called link qualitycontrol (LQC), combines link adaptation(LA) and incremental redundancy. The LAfunctionality adapts coding and modulationrelative to signal quality. In poor radio conditions,robust coding and GMSK modulationare selected, whereas in good radio conditions,less robust coding and 8PSK modulationare employed. EGPRS also featuresbackward error-correction functionality,Ericsson Review No. 2, 2000

TABLE 1 MODULATION AND CODING SCHEMES FOR EGPRSSchemeMCS-9MCS-8MCS-7MCS-6MCS-5MCS-4MCS-3MCS-2MCS-1Modulation8PSK8PSK8PSK8PSK8PSKGMSKGMSKGMSKGMSKMaximumrate [kbit/s]59.254.444.829.622.417.614.811.28.8Code rate1.00.920.760.490.371.00.800.660.53Headercode rate0.360.360.361/31/30.530.530.530.53FamilyAABABCABCwhich means that it can request the retransmissionof erroneously received blocks.This mechanism is called automatic repeatrequest (ARQ). EGPRS uses an enhancedvariant of ARQ called incremental redundancy(IR). With IR, all information iscoded with a convolution code at a rate of1/3. The code is punctured to a certain rateand transmitted over the air. If the decodingfails, a retransmission is formed using adifferent puncturing scheme. Because theretransmission is combined with the previouslytransmitted block, the process yieldsa lower bit rate, which facilitates decoding.At present, nine coding schemes have beendefined for EGPRS, see Table 1.The "Family" column in Table 1 indicatesthe coding schemes that can be used for retransmission.For example, if the initialtransmission with MCS-9 fails and the qualityof the radio channel diminishes, the retransmissioncan use more robust codingschemes from the same family.Had the retransmission used a differentcoding scheme than the original transmission,then it would have to be resegmentedinto new radio link control (RLC) blocks.This is what limits the selection of codingschemes. Blocks that are initially transmittedwith MCS-8 can be retransmitted usingMCS-6 or MCS-3, by adding padding bitsto the data field.It should also be noted that even whenthere is nothing with which to combine aretransmission—that is, if the initial transmissionis lost altogether—it is nonethelesspossible to decode a retransmission. Thereis flexibility in the implementation of LQCfor EGPRS in the system: LA will be mandatory,while IR is optional.GPRS in TDMA systems—system architectureThe packet core network for COMPACTand Classic, which is based on the core networkarchitecture for GPRS networks, is integratedwith TIA/EIA-136 circuitswitchednetworks via a serving GPRS supportnode (SGSN). Figure 1 shows the referencemodel for the resulting network.Figure 1Reference model for an EGPRS-136 networkintegrated into a TIA/EIA-136 circuitswitchednetwork through an SGSN gatewayMSC/VLR.70 Ericsson Review No. 2, 2000

"Gs" is the interface between the ANSI-41 MSC/VLR and the SGSN. This interfacehas been extended to include the tunnelingof non-GSM messages, which enables thetransparent transmission of TIA/EIA-136signaling messages between the mobile terminaland the MSC/VLR through theEGPRS-136 packet-data network. The signalingmessages are transported using thetunneling-of-messages (TOM) protocollayer (Figure 2). This protocol layer uses logicallink control (LLC) unacknowledgedmodeprocedures to tunnel messages betweenthe mobile terminal and the SGSN.Between the SGSN and the MSC/VLR, themessages are transported using an enhancedbase station system application part(BSSAP+) protocol. 10For cell selection, terminals that support30 kHz circuit-switched services scan for a30 kHz digital control channel (DCCH) accordingto TIA/EIA-136 procedures. If anacceptable 200 kHz EGPRS-136 system exists,a pointer to this system will be availableon the 30 kHz DCCH. On finding thepointer, the terminal leaves the 30 kHz systemand begins initiating access to theEDGE system. The terminal starts its initialscanning of 200 kHz carriers accordingto information in the pointer. When it findsthe 200 kHz control carrier, the mobile terminalbehaves much the same as aGSM/GPRS terminal would.With the circuit system, locations areupdated using the TOM protocol for transmittinga registration message to theMSC/VLR. When an incoming circuitswitchedcall arrives for a certain mobile terminal,the gateway or serving MSC/VLR associatedwith the latest registration initiatescircuit-switched paging—either a hardpage (circuit voice page without additionalparameters but with small delay) or atransparent layer 3 page (to which additionalinformation can be added; this pageintroduces more delay than the hard page).For a hard page, the Gs interface paging proceduresare used by the MSC/VLR and theSGSN. For a layer 3 page, the TOM protocolis used. To answer a circuit-switchedpage, the mobile terminal suspendspacket-data traffic (if any) and starts lookingfor a 30 kHz DCCH. The 200 kHzbroadcast information provides mobile terminalswith a list of DCCH carriers. Mobileterminals that only support 200 kHzimmediately search for a 200 kHz carrierand solely register in the 200 kHz packetdatasystem.Figure 2Protocol stack for an EGPRS-136 network and a TWEIA-136 circuit-switched network.ClassicThe Classic system uses standard GSM carriersand control channels. Thus, Classic canbe deployed using, for example, 12 carriersallocated in a 4/12 frequency-reuse pattern.The carriers provide data traffic and all necessarycontrol signaling according to theGSM/GPRS standard with EDGE additionsbeing finalized in ETSI.One timeslot on the first carrier is usedfor control signaling. The structure of thecontrol channel, which is basically identicalto GSM control channels and transmitted ina 51 multiframe structure", accommodatesall necessary control signaling on the200 kHz carriers. The network supplies interconnectionwith the TDMA system forcircuit-switched paging and functions thatrelate to mobility management.Classic can be extended to include additional200 kHz carriers that carry either controlchannels or pure packet-data channelsand associated signaling or combinationsthereof. These carriers can be introduced ina 1/3 frequency-reuse pattern, which meansthat capacity can be increased significantly.The control channels, however, are not usedin a 1/3 frequency-reuse pattern.COMPACTThanks to link quality control, EGPRS canbe introduced in a tight frequency plan andstill provide high data rates for packet-dataservices. The COMPACT system can be deployedusing only 600 kHz of spectrum. Al-Ericsson Review No. 2, 2000 71

Figure 3An example of a cell pattern for a 4/12time and frequency-reuse pattern.though the radio network uses three carriersin a 1/3 frequency-reuse pattern, itachieves an effective 3/9 or 4/12 frequencyreusepattern for the control channels by employingtime groups obtained through thesynchronization of base stations.The three carriers carry data traffic,packet-associated signaling, and packetcommon control signaling according to theGPRS standard with EDGE additions. Thesynchronization of base stations makes itpossible to allocate packet common controlchannels and packet broadcast control channelsin a way that prevents simultaneoustransmission in the cluster. Thus, it createsan effective reuse for control signaling of,say, 3/9 or 4/12. Synchronization is requiredat the symbol level and can be achieved bymeans of global positioning system (GPS)receivers.Each base-station sector is assigned onetime group. A different time group is usedin a neighboring site sector that uses thesame frequency. Figure 3 illustrates the distributionof frequencies and time groupsover cells and sectors.COMPACT includes modifications of allpacket common control channels defined forGPRS, including• COMPACT packet paging channel(CPPCH);• COMPACT packet access-grant channel(CPAGCH);• COMPACT packet random-access channel(CPRACH);• COMPACT packet broadcast channel(CPBCCH); and• packet timing-advance control channel(PTCCH).The packet-data traffic channels (PDTCH)and packet-associated control channels areidentical to those defined for Classic.Different time groups share the same frequency,but split the timeslots for controlsignaling. Figure 4 shows multiframe structuresfor an effective 4/12 frequency-reusepattern. The 52 multiframe structure is illustrated.The time-group division between sitesdoes not affect the timeslots and blocks thatcarry data traffic; that is, the data traffic continuesto employ a 1/3 frequency-reuse pattern.It should be noted, however, thatblocks which coincide with a neighboringsite's control block using another timegroup are not used. In Figure 4, these blocksare shaded. If an effective 3/9 frequencyreusepattern is employed for control signaling,only three time groups are used withcontrol blocks.The number of blocks allocated for CP­BCCH and CPCCCH is flexible—from 4 toEricsson Review No. 2, 2000

12 blocks per timeslot in each 52 multiframe."Figure 4 shows a feasible block configuration,where one block is allocated forCPBCCH and three blocks for CPCCCH.A synchronization burst designed forCOMPACT, called the COMPACT SCH,or CSCH, features unique coding of theframe numbers, an indication of time group,and an extended training sequence. Thisburst is transmitted in the last GSM frameof every 52 multiframe. The COMPACTfrequency correction channel (CFCCH) is allocatedin GSM frame 25. The bit patternof the CFCCH differs from the frequencycorrection channel (FCCH) found on thebroadcast control channel (BCCH) carrier inGSM.System performanceGeneral assumptionsThe simulations described in this article assumethat 6.67 TS are available for traffic inthe COMPACT mode (1/3 frequency-reusepattern). This corresponds to four blocks allocatedfor CPBCCH and CPCCCH in aneffective 4/12 frequency-reuse pattern. TheClassic mode has 7 TS available for traffic(4/12 frequency-reuse pattern)—one timeslotis always assigned for broadcast andcommon control. Table 2 summarizes certainbasic characteristics of the two modes.The simulations described share the followingassumptions:• EDGE radio interface with incrementalredundancy.• The channel model used is ETSI typicalurban for 3 kmlh (TU3).• No frequency hopping—minimum deploymentis emphasized and only one carrieris used per sector.• Downlink—due to asymmetrical usage,the downlink is anticipated to be the re-Figure 4A 52 multi-frame structure showing 4 time groups. B(0) shows the position of CPBCCHwhereas C(i) is the position of CPCCCH in block /'.stricting link for packet data. The uplinkperformance is expected to be similar tothat of the downlink.No receiver antenna diversity in the mobileterminal.TABLE 2. SOME BASIC CHARACTERISTICS FOR CLASSIC AND COMPACTClassic Mode• All control and packet traffic channels on200 kHz• 4/12 reuse• 2.4 MHz + guard band• No requirement for synchronized BS• 7 TS available for traffic• Carrier transmits constantlyCOMPACT Mode• All control and packet traffic channels on 200 kHz• 1/3 reuse• 0.6 MHz + guard band• Synchronized BS providing 4/12 reuse forPBCCH, PCCCH, PSCH, PFCCH• 6.67 TS available for traffic• No transmission in idle slotsEricsson Review No. 2, 2000 73

Figure 5Curves illustrating maximum datathroughput for MCS-4 and MCS-9 versusC/l.Figure 6Carrier throughput and spectral efficiencyfor three different frequency-reuse patterns.EDGE radio-link performanceEDGE radio-link performance has beenevaluated extensively by ETSI and UWCC.Figure 5 shows the throughput for onetimeslot as a function of the carrier-tointerferenceratio (C/I). The throughput isobtained from simulations of the IR LQCscheme. This radio-link simulation createsthe basis for all subsequent system simulationsdescribed in this article.Static system-level simulationsFigure 6 shows the maximum performanceof EDGE packet traffic channels for differ-ent frequency-reuse patterns (maximum inthe sense that channel utilization is 100%and all 8 TS are used for traffic). The resultsare based on static system-level simulationsand the radio-link simulations mentionedabove. As expected, a tighter frequencyreusepattern with higher interference reducesmean throughput per carrier. What isinteresting, however, is that the spectral efficiencyof EDGE increases with tighter frequencyreuse (that is, the smaller bandwidthrequired by tighter frequency reuse outweighsthe reduction in throughput). Thisconfirms EDGE's capacity to perform wellin situations characterized by high interference,such as in a 1/3 frequency-reuse pattern.One way of analyzing the system performanceof a packet-data network is to studythe average throughput per carrier. Figure7 shows the impact of channel utilization(traffic intensity) on this metric on the firstcarrier. The results are based on static system-levelsimulations and the radio-linksimulations described above, with 7 TS usedfor Classic and 6.67 TS for COMPACT datatraffic. As can be seen, performance in Classicmode with one carrier per sector does notdepend on traffic load. This is because thecarrier transmits constantly; that is, channelutilization on the first carrier is always100%. As expected, average throughput inCOMPACT mode for a particular carrier de-74 Ericsson Review No. 2,2000

Figure 7Carrier throughput versus channel utilizationfor the first carrier using Classic andCOMPACT.creases with increased traffic load. Figure 8shows the maximum spectral efficiency andaverage throughput on the first carrier forthe different modes. Maximum spectral efficiencyis obtained when channel utilizationis 100%, which means that all capacityfor packet traffic is used. The data capacityfor COMPACT is 6.67 TS; for Classic, 7TS.If a second carrier is added, it can carrytraffic on all 8 TS for both modes, typicallyin a 1/3 frequency-reuse pattern. As seen inFigure 9, throughput for an additional carrierdepends on system load, for COMPACTas well as Classic.the radio-link simulations described abovewith 7 TS used for data traffic both forCOMPACT and Classic. As seen from Figure10, 10% percentile of packet throughputis plotted against the average numberof users per sector. The QoS limit is 10% ofthe available peak bit rate. COMPACT canhandle about 30 users per sector, whereasClassic can handle 60 users per sector.It is also interesting to study the distributionof user throughput, and not just the10% percentile of packet throughput. Figures11 and 12 show the cumulative distri-Dynamic packet-data systemsimulationsIt is easier to evaluate the system performance(simulation) of a packet-data networkif the traffic in the system is generateddynamically. The results discussed beloware based on dynamic simulations of packet-datatraffic where a large number of terminalsare studied over a period of time. 6 Apacket traffic model for Web-browsing trafficis used. 12 Table 3 summarizes the parametersused in the dynamic simulations.Figure 10 shows the number of users thatcan be served while guaranteeing thequality-of-service (QoS) limit of 90% of thepackets. The results are obtained with dynamicpacket-data system simulations andAverage throughput per carrier (kbit/s)Spectral efficiency (kbit/s/MHz/sector)Figure 8Throughput and spectral efficiency for thefirst carrier in Classic and COMPACT.Ericsson Review No. 2, 2000 75

TABLE 3. DYNAMIC PACKET DATA SIMULATION PARAMETERSTime stepMobilityMultislot allocationPower controlAdmission controlPacket schedulingUser droppingUser arrivalsPacket traffic model:• Number of packets per user• Time between packets• Packet size20 msNoNoNoNoFIFOYes, according to a leaky bucket algorithm (lessthan1%)Poisson processWeb browsing:• Geometrical distributionmean of 10 packets• Pareto distributionmean of 10 secondspareto shape parameter 1.4• Log-normal distributionmean of 4.1 kbytesbution function (CDF) of user throughputduring a Web-browsing session for Classicand COMPACT modes. Since the simulationsdo not model multislot allocation, userthroughput on the x-axis is for one timeslot.To obtain a rough estimate of the correspondingdistribution for 7 TS, we canmultiply the values on the x-axis by seven.A multislot allocation scheme, however,will provide an improvement of the actualdistribution that is not captured by suchsimplistic scaling. When the systems areloaded to capacity as defined by the QoSlimit on packet throughput, user throughputis still high. In the COMPACT system,90% of the users obtain throughput that exceeds12 kbit/s per timeslot with 30 activeWeb-browsing sessions on the first carrier.Similarly, in the Classic system, 90% of theusers obtain throughput exceeding17 kbit/s per time-slot with 60 active Webbrowsingsessions.Finally, a look at spectrum efficiency forthe two modes (Figure 13) shows that eventhough COMPACT handles about half asmany users per sector as Classic, it has twicethe spectrum efficiency, thanks to a slimmedbandwidth of 0.6 MHz.Figure 9Carrier throughput versus channel utilizationfor three different frequency-reusepatterns.76 Ericsson Review No. 2, 2000

Figure 1010% percentile of packet throughput pertimeslot versus number of users. Note:90% of the packets have higher throughput.CoverageOne requirement put on EGPRS-13 6 is thatto enable an introduction in present-day cellplans and using existing base stations, thecoverage it provides must equal or surpassthat of TDMA. EGPRS with link qualitycontrol satisfies this requirement. Indeed,thanks to link quality control, poor radiolinkquality does not cause packet calls tobe dropped, but only reduces the user bitrate.A static simulation technique can be usedin coverage-limited cases, since performancedoes not depend on interference or traffic dynamics.Snapshots of the system are taken,in which stationary mobile terminals areplaced randomly according to a uniform distribution.To determine what kind of cov-Figure 11CDF of user throughput per timeslot forClassic, 4/12 frequency-reuse patternwith 5, 45, 60 and 70 users per sector.Ericsson Review No. 2, 2000 77

erage can be achieved in existing cell plans,a TDMA system with 95% voice coverageis used as reference. With this reference, theresults are valid fot the downlink. EDGEperformance is analyzed assuming the samecattier output power as in the reference system.Additionally, within EGPRS, the sameaverage power is assumed for GMSK and8PSK. For TDMA, the requirement is anE b /N 0 of 15.7 dB. Thus, this is the valuefound at the 5% percentile of E b /N 0 distributionsin the cell. When the 8PSK EDGEmodulation scheme is introduced, the E b /N 0distributions diminish due to the highergross bit rate. Assuming the same carrieroutput power, the difference in E b /N 0 forEDGE compared to that of standard TDMAmodulations is calculated asFigure 12CDF of user throughput per timeslot for COMPACT, 1/3 frequency-reuse pattern with 5 to30 users per sector.Figure 1310% percentile of packet throughput per timeslot versus spectral efficiency for Classicand COMPACT.where RTDMA an^ REDGE are tne gross ratesof standard TDMA and EDGE, respective-ly-The coverage simulations result in E b /N 0distributions. From these original distributions,we can calculate distributions for8PSK. Additionally, we can determine theblock error-rate performance of differentmodulation and coding schemes from theradio-link-level simulations for the downlinkwith noise but without interference(E b /N 0 ). The results do not include antennadiversity; similarly, body loss is neglectedfor packet-data traffic. Given the performanceresults derived from the block-errorrate, we can transform the E b /N 0 distributioninto a packet-bit-rate distribution,using an E b /N 0 curve, which is similar to theC/I curve in Figure 5.Assuming a system with 95% TDMAvoice coverage, then EDGE coverage is excellent(Figure 14). Approximately 95% ofthe users obtain a packet bit rate that exceeds120 kbit/s using 7 TS. Existing sitescan thus be reused with excellent performance.Even better coverage can be achievedby employing smart antennas or antennadiversitytechniques.""" 1Terminal capabilitiesGPRS and EGPRS terminals can supportdifferent modes of operation. For example,the GSM/GPRS standard for pure 200 kHzuse specifies class B and class C modes of operation.In the class B mode of operation, amobile terminal can be attached to GPRSand other GSM services simultaneously, but78 Ericsson Review No. 2,2000

can only operate one set of services at a time.In the class C mode of operation, the mobileterminal can attach to either GPRS or otherGSM services but not both. According tothese definitions, mobile terminals will bemade available for class B136 and CI36modes of operation, with a 200 kHz GPRSbasedpacket-data mode and a TIA/EIA-13630 kHz-based circuit-switched mode. TheCOMPACT and Classic systems accommodatethe class B136, CI36, and pure200 kHz class C (GPRS) modes of operation.ConclusionThe TDMA and GSM systems have chosenthe same EDGE radio-access and GPRSpacket-switched core network technologiesto provide third-generation services in existingspectrum. Accordingly, a commonaccess for data services can be offered to morethan 370 million mobile subscribers.EDGE can be deployed in two modes inTDMA systems: Classic and COMPACT.The Classic system requires only minimumextension to GSM EDGE and uses standardGSM/GPRS control channels, which facilitatesglobal roaming.The COMPACT system introduces anovel control channel configuration, synchronizedbase stations, and discontinuoustransmission on the first carriers, which facilitatesthe deployment of EDGE controlchannels in a 1/3 frequency-reuse pattern.Thus, the initial deployment of COMPACTrequires only a very limited amount of spec-Figure 14Throughput CDF in a coverage-limited system.trum—600 kHz plus guard bands. Withfractional loading, excellent spectral efficiencycan be attained with data rates of upto 384 kbit/s. COMPACT thus supportsUWCC requirements for third-generationservices with high spectral efficiency andinitial deployment within less than 1 MHzof spectrum.REFERENCES1 Recommendation ITU-R M.1225, "Guidelinesfor Evaluation of Radio TransmissionTechnologies for IMT-2000."2 Furuskar, A., Frodigh, M., Olofsson, H. andSkold, J.: "System Performance of EDGE, aProposal for Enhanced Data Rates in ExistingDigital Cellular Systems," in proceedingsof IEEE VTC'98.3 Zangi, K., Furuskar, A. and Hook, M.: "EDGE:Enhanced Data Rates for Global Evolution ofGSM and IS-136," in proceedings of MultiDimensional Mobile Communications 1998(MDMC'98).4 Furuskar, A., Hook, M., Johansson, C. Javerbring,S. and Zangi, K.: "EDGE-EnhancedData Rates for Global Evolution," in proceedingsof Nordic Radio Symposium 1998(NRS'98).5 Furuskar, A., Mazur, S., Muller, F. and Olofsson,H.: "EDGE, Enhanced Data Rates forGSM and TDMA/136 Evolution," IEEE PersonalCommunications, June 1999.6 Furuskar, A., Naslund.J. and Olofsson, H.:EDGE, Enhanced Data Rates for GSM andTDMA/136 Evolution. Ericsson Review Vol.76(1999):1, pp. 28-37.7 ETSI. Tdoc SMG2 95/97. "EDGE FeasibilityStudy, Work Item 184; Improved Data Ratesthrough Optimised Modulation," version 0.3,December 1997.8 The UWC-136 RTT Candidate Submission.9 ETSI. TS 03.64V8.3.0 (2000-02), "Digital CellularTelecommunications system (Phase 2+);General Packet Radio Service (GPRS); OverallDescription of the GPRS Radio Interface;Stage 2 (GSM 03.64 ver-sion 8.3.0)."10 ETSI. TS 09.18 V8.0.0 (1999-07), "Digital CellularTelecommunications system (Phase 2+);General Packet Radio Service (GPRS); ServingGPRS Support Node (SGSN) - VisitorsLocation Register (VLR); Gs interface layer 3specification (GSM 09.18 version 8.0.0)."11 ETSI. TS 05.02 V8.3.0 (2000-01), "Digital CellularTelecommunications system (Phase 2+);Multiplexing and multiple access on the radiopath (GSM 05.02 version 8.3.0)."12Blomquist, K., Kjellberg, J.-A.: "A Study ofSelf-Similar Data Traffic and Development ofa WWW Traffic Model", MSc Thesis,Linkbping University, Sweden, June 1997.13Derneryd, A and Johannisson B.: Adaptivebase-station antenna arrays. EricssonReview Vol. 76(1999):3, pp. 132-137.14Andersson, S., Carlqvist, B., Hagerman, B.and Lagerholrn, R.: Enhancing cellular networkcapacity with adaptive antennas. EricssonReview Vol. 76(1999):3, pp. 138-141.Ericsson Review No. 2, 2000 79

Business solutions for mobile e-commerceOlle KallstromDemand is building for consumer-to-business mobile e-commerce thatwill enable consumers to use mobile phones to perform financial transactionsin a secure manner. Mobile e-commerce literally puts Internet-basedpurchasing power into the hands of consumers, allowing a degree of personalizationnever before seen. It opens up a new path to the market fortoday's content and service providers and enables the creation of anarray of services native to mobile communications. In all likelihood, mobilee-commerce solutions will generate a variety of totally new applications inthe same way as the mobile Internet—which while an extension of fixedInternet has also given rise to completely new applications driven bymobility.The author describes the prerequisites for this market and the valueaddedsolutions that mobile telephony services can contribute to theworld of Internet e-commerce. He explains how end-users, serviceproviders, merchants, and network operators are likely to benefit frommobile e-commerce solutions—like Ericsson's Mobile e-Pay combinedwith other solutions—that will give rise to new services and businessopportunities.BOX A, ABBREVIATIONS3DESAPICADESGPRSGSMHMACHTTPIPIPPISPMACMD5MSISDNOA&MPINPKCSPKIRSASATSHA-1SIMSMSSMSCSSLTDMAWAPWIMWPKIWTLSTriple DESApplication program interfaceCertificate authorityDigital encryption standardGeneral packet radio serviceGlobal system for mobile communicationKeyed-hashing message authenticationcodeHypertext transfer protocolInternet protocolInternet payment providerInternet service providerMessage authentication codeMessage digest 5 (algorithm)Mobile station integrated servicesdigital numberOperation, administration and maintenancePersonal identification numberPublic key cryptographic standardPublic key infrastructureRivest-Shamir-AdlemanSIM application toolkitSecure hash algorithm 1Subscriber identity moduleShort message serviceSMS centerSecure socket layerTime-division multiple accessWireless application protocolWireless interface moduleWireless PKIWireless transport layer securityBoth the Internet and wireless systems areexpanding at a rapid pace. In the overlap ofthese growth areas, we find the mobile Internet.One of the most interesting businessopportunities here is mobile electronic commerce(e-commerce). In the emerging globaldigital economy, mobile e-commerce willprovide secure financial transaction servicesfor consumers anywhere, anytime. Initially,mobile e-commerce services will be adaptedfrom conventional Internet services extendedto mobile phones. Later, new serviceswill be based on the unique demands of mobileusers.The roots of e-commerceMany people regard e-commerce as buyingand selling products and services over theInternet, but it has many more aspects. Fromits inception, e-commerce consisted primarilyof purchase transactions and thetransfer of funds over computer networks.Now it has grown to include the buying andselling of new commodities such as electronicinformation. Thus, the opportunitiesfor companies seeking to take advantage ofthe capabilities of e-commerce are greaterthan those offered by merely moving ourpresent ways of performing commercialtransactions to electronic networks.E-commerce has its roots in online transactionsbetween large corporations, banks,and other financial institutions. But smallcompanies are just as capable of conductingbusiness online as their biggest competitors.Businesses of all sizes are finding that theycan lower their e-commerce costs, either byreplacing other networks with the Internet,by using it as another communicationsmedium, by converting their business datato digital form, or by incorporating Internetfunctions into their business practices.Whatever the case, the rapid growth in buyingand selling over the Internet by privateindividuals has only recently attracted theattention of the business community andmass media.Given the transportation systems oftoday, the world is the market for anyonewith a product—provided potential customersare aware of the product and have reliablemethods for ordering and paying forit. The Internet and e-commerce have finallygiven us the information technology systemsthat can interact with and exploit theglobal transport systems for deliveringproducts worldwide. The concepts time ofday and location have lost their importance;instead, online access and availability are thekey factors for success.A new business paradigm, spawned by theemerging global digital economy, promisesexplosive growth in electronic commerce onthe Internet. In a global market, competitionis widespread. Those companies thatcan cultivate the global marketplace byusing the Internet effectively will eventuallyemerge as winners. We see this today inportals like AOL and Yahoo, and sites likeAmazon and eBay.Electronic marketplacesThe explosion of e-commerce activity isleading to the creation of electronic marketplaces.These are made up of digital virtualbusinesses that band together in an openbut secure environment to interact witheach other and customers. On the Internettoday, we already see• virtual superstores;• electronic storefronts for existing services;• auctions and flea markets;• virtual order centers;• intranet-based electronic business communities;and• virtual trading marketplaces.These new digital marketplaces have onething in common: they are closed in thesense that they are run by one company andinclude handpicked business partners orloyal online consumers who are found at asingle website. As the e-commerce businessmatures, new forms of the open electronicmarketplace will evolve, confirming the Internet'strue nature as a global marketplace.80 Ericsson Review No. 2, 2000

Thus, e-commerce is part of a largerprocess of change that is engendering a completelynew market environment and newbusiness relationships. The new, electroniceconomy will be as different from today's industrialeconomy as the latter was from theeconomy of agrarian societies.Payments over theInternetThe market for inexpensive digital goodsand services has not grown as much as predicted.It is hard to tell whether this is dueto a lack of demand or a lack of secure andcommercially viable methods of makingmicro-payments. Nonetheless, the growinguse of the Internet for trading in goods andservices has heightened the need for robustpayment solutions. During the past fewyears, many initiatives have been adopted todevelop and market entirely new paymentmethods and to adapt existing payment systemsto the Internet. The main focus of developmentfor these systems has been on security.In the past, systems devised for bothmicro-payments and regular transactionsoften required customers to download andinstall software in their computers and toregister with the system offline—for example,by letter or fax. For payment to be effected,both supplier and customer had tobe connected to the same system or company.Today, most systems of this kind havedisappeared or are in decline.In the global market for online payments(especially in the US), payment by credit andcharge cards (SSL-protected or otherwise)has now become the most common methodof payment on the Internet, despite the factthat the seller cannot verify the customer'spossession of the card or establish the customer'sidentity by the usual methods (a signatureor photo ID). If the customer refusesto acknowledge the transaction, the sellerhas the burden of proof, because the customer'ssignature cannot be taken as evidenceof approval. Consequently, enterpriseswith online sales anticipate fraud as partof their overhead. Many selling enterprisesprefer cash on delivery (COD) payment orpurchase orders, instead of completing thetransaction online.Notwithstanding, card payments dominateall other methods of payment. One reasonis that international debit and creditcards are widely current, with more than abillion cards in circulation worldwide. NoFigure 1Mobile e-commerce is an "anywhere, anytime" sales channel that puts purchasing powerdirectly into the hands of the consumer.additional enrollment or connection is needed.Consumers do not need to install specialsoftware and they are familiar with thismethod of payment.Now that the market for Internet e-commerceand online transactions has expandedand matured, the focus of payment solutionshas shifted from the technology to the markets,and from security to user-friendliness.As a result, companies have realized that itis often easier to start with the software andmeans of payment already in use by customersthan it is to develop entirely new solutions.Companies who use the Internet for e-commerce no longer view it as a pilot mediumbut rather as a key sales channel. Consequently,these companies' choice of an e-commerce system will depend on whetherit can reuse or recycle content from othersales channels and whether profit from e-commerce sales will outweigh the expenseof introducing and operating the system.Moving e-commerce tothe mobile networkAs trade over the Internet increases, the nextlogical step is to support e-commerce solu-Ericsson Review No. 2, 2000 81

Figure 2Comparison of traditional and online commerceand mobile e-commerce.tions on mobile phones. WAP technologyand GSM, TDMA and third-generation systemshave several strengths in common: awireless global footprint, Internet connectivity,and reliable and secure transactions.These strengths make them the ideal technologicalfoundation for mobile e-commerce.Several manufacturers have alreadyannounced that they will market solutionsthat are optimized for mobile e-commerceusing WAP technology.Mobile e-commerce will complementtoday's Internet e-commerce by providing asecure means of financial transactions. Consumerswill come to regard their mobilephones as the preferred instrument for makingpayments or financial transactions.Wireless technology will deliver e-commerceinto consumers' hands.Mobile e-commerce applications willstimulate end-users to make impulse purchasesand to perform other transactions instantly.Such transactions will serve as a complementto traditional commerce and Internete-commerce. Figure 2 shows the relationshipbetween traditional commerce, In-Figure 3The five prime categories of mobile e-commerce: trading, banking, reservations and ticketing,shopping, and games and betting.ternet e-commerce and mobile e-commerce.Early in this millennium, a significantproportion of mobile phone subscribersaround the world will use mobile e-commerceapplications. In some cases, these applicationswill be integrated into normalvoice services; in others, they will be dedicatedvalue-added solutions.Mobile e-commerce solutions can be seenas solutions that enhance business-toconsumertrading over the Internet. Theyshould be seamless and invisible to the enduser.They must also support any type of mobileInternet application that requires financialtransactions. End-users should nothave to know anything about how the systemactually works. Instead, they should beable to rely on their mobile phones to executepayment.From the end-user's perspective, mobiletelephony adds value to Internet e-commercein two ways: through mobility andthrough the diversity of terminals. Wirelesssystems allow users to access services practicallyanywhere. Also, thanks to the widespreaddistribution of mobile phones, smallhandheld devices (such as GSM phones thatcontain a keypad, display, and card readerwith SIM smartcard capabilities) shouldachieve a much broader installed base thanpersonal computers (PC). Consequently,end-users gain at least four major benefits:• convenience—end-users always have instantaccess to financial services, to makee-commerce payments anytime, anywhere;• flexibility—users can choose the methodof access and payment depending on theirindividual requirements;• secure transactions—mobile terminalsare reliable devices that ensure a high levelof security for financial transactions; and• familiarity—mobile phones are tools thatcan be personalized to present informationin the format preferred by the user.Further development of the phone user interfacewill offer improved service interactionand extend this interaction beyondwhat can be achieved with today's plasticcards.Incumbent mobile operators who face thethreat of competing networks can use mobilee-commerce solutions to retain keybusiness subscribers. At the same time, newand established operators can use these solutionsto target new segments and userswith sophisticated requirements.The mobile e-commerce marketplacepromises to become highly competitive.82 Ericsson Review No. 2, 2000

Operators in many countries already havemany value-added services in place, andcompetition will intensify as the roll-out ofmobile data networks continues. Most of thenew services will be offered by variousproviders of content or services. And somemobile operators are likely to offer bundledservices.As competition intensifies, operators willneed to define their position more clearlyand approach their market more aggressively.As operators struggle to win marketshares, their interest in market segmentationwill increase. Finally, as subscriber volumesgrow, new end-user segments—eachwith different needs and demands—will bethe target of focused marketing.Mobile e-commerce andthe wireless walletMobile e-commerce can be offered as an extensionto Internet e-commerce by introducingfeatures for mobility and the "wirelesswallet" concept.Mobile e-commetce will deliver the goodsto consumers' handsets using wireless technologythat turns a mobile phone into awireless wallet. This application can be locatedon an individual computer terminaland in a service provider's mobile networkdomain (or both). Witeless wallets will containdigital versions of what we might carryin a conventional wallet: electronic money(virtual cash), reference pointers to bank accounts,credit card numbers, certificateswith digital signatures, personal data andsettings, customer bonus points, tickets,and so on.We define mobile e-commerce as a valueaddedservice that enables end-users to conductreliable, secure financial transactionsthat involve trade or payment. We also includee-banking and e-brokerage applicationsin our definition. Mobile e-commerceservices can be classified into categories suchas banking, trading, reservations and ticketing,shopping, and games and gambling(Figure 3).Ericsson offers mobile e-commerce packagesfor mobile banking, mobile trading,mobile ticketing, mobile shopping and mobilebetting. Each package can provide functionalityfor specific end-user services andapplications (Figure 4).BankingBanking service concepts, which are an extensionof Internet banking (or home bank-Figure 4Solutions platform for mobile e-commerce applications.ing), allow customers to use digital signaturesand certificates• to manage personal account information(account history, transfers);• to transfer funds in bank accounts or prepaidaccounts;• to receive alerts regarding bank informationor payments due; and• to handle electronic invoice payments.Each of these services is performed from thehandheld unit and has secure end-to-end access.TradingTrading and brokerage applications consistof general real-time information, such asstock quotes, notification of events, portfoliomanagement assistance and confirmedtrading orders using digital signatures.TicketingAn electronic ticket—for an event or travel—resultsfrom transactions that involvebooking, purchasing, invoicing, payment,and receipt. Optional service delivery couldsupply "virtual" tickets. These could be usedEricsson Review No. 2, 2000 83

BOX B, THE E-COMMERCE TIMELINE1999E-commerce on the Internet increases. Business-to-consumercommerce reaches beyondearly adopters. Business-to-business e-commerceachieves substantial volumes in certaincompanies.2000Initial signs of the explosion of business-toconsumere-commerce, to continue the followingtwo years.2002Consumer-to-business e-commerce isaccepted and forces companies overall—including those who are not IT-sawy—to offere-commerce services.2005E-commerce is a natural part of our society,integrated into all facets of day-to-day communications.Reasons for the explosion of e-commerce in2000-2005:• Sufficiently improved infrastructure (commerce,communications)• Deregulation• Integration of e-commerce into existing systems• Generations X and Y enter the workforce• Merchants learn how to sell electronically• Inexpensive access devices available(USD 100-200)• New distribution companies in placewith a wide range of businesses: airlines,railways, mass transit, tollway authorities,theaters, sporting event organizers, themeparks, and so on.ShoppingShopping applications will enable regularInternet e-commerce via a mobile phone;that is, the booking and ordering of, andpaying for, physical goods and services frome-shops, virtual malls and portals. Anotherpossible use is the confirmation of paymentfor goods in the physical world; for instance,in shops where the user interacts directlywith a cashier or a vending machine.Games and gamblingOne of the more appealing groups of applicationsfor mobile e-commerce is likely tobe entertainment. The service provider willsupply a means for users to pay or sign contractselectronically. This might involve theuse of payment or charging mechanisms,such as prepaid games, or direct chargingvia the user's phone bill. All manner of gamblingis possible with pay-per-game or bettingfeatures. Online games, adventuregames, and other services with pay-pergamefeatures should also port well to mobilee-commerce.Prerequisites for themarketThe market needs a high-use penetration ofmobile telephony and the Internet as wellas broad acceptance of e-commerce. Indeed,Internet maturity in each local market is akey enabler for e-commerce. As with any innovation,customers must also demand newservices; that is, the market should have asufficient proportion of early adopters.Ericsson's applications and solutions addressthe new end-user segment representedby an Internet generation, which we referto as pioneers and achievers. These users aregenerally young but experienced users ofmobile phones; they are accustomed to shoppingonline; and they have a stable incomeand their own mobile phone subscriptions.They also use mass-market consumer services—includingpersonal financial services—anddemand access to personal informationand applications. End-users withthis profile, who are eager to use new productsand willing to pay for them, will constitutethe market that is ready for mobilee-commerce.Players in the market will have to focustheir attention on potential key success factors.Up to now, mobile operators have usuallyfocused on the subscriber base, attractingnew subscribers by subsidizing packagesand offering low-cost subscriptions. However,in some markets we can already see operatorsshifting their focus to services andtargeting specific end-user segments. In thefuture, we will probably see even more ofthese targeted efforts by mobile operatorsand new service providers.Mobile e-commerce services will evolvefirst in the mature GSM markets. One keycomponent and advantage of GSM systemscompared with other wireless standards(TDMA, CDMA and PDC) is the subscriberidentity module (SIM), which enablestighter application security for financialtransactions.For service providers, the most interestingmarkets for mobile e-commerce servicesare those with a high degree of IT maturityand a deep penetration of mobile services.This puts Scandinavia and certain countriesin northwestern Europe, such as the UK andthe Netherlands, at the top of the list. NorthAmetica, South Africa, Singapore, HongKong, Australia, and some parts of the PacificRim are also promising markets. Anothermain market (non-GSM mobile standards)with outstanding potential is Japan.Immediate future of themarketThe world of telecommunications is changing,and new players are entering the marketto compete with traditional players. Themarket for mobile e-commerce is just openingup, so there is little real competition asyet. However, activity is increasing, and severalcompanies have announced products inthe pipeline. These include mobile e-commerceproducts and technologies to be suppliedby Ericsson, other wireless system vendors,specialized companies, and smartcardcompanies. The market for mobile e-commerceis expected to take off in earnestaround 2001, but the scenario is closelylinked to predictions of a boom in Internete-commerce and the further evolution of themobile Internet.Just as big investments are currentlybeing pumped into Internet retailing, thesame can be expected in mobile e-commerce.Now is the perfect time for vendorsand operators to take the lead by investingin functionality and establishing their profile.The high-end segment of the market,84 Ericsson Review No. 2, 2000

which will see the roll-out of WAP-enabledhandsets, will be a driving factor. Figure 5shows forecasts for the reach of wired andmobile e-commerce.Ericsson supplies mobile e-commerce applicationproducts (for transferring, organizingand presenting digital information)that are mainly directed toward theconsumer-to-business market. In additionto being independent of wireless transportservices, the products• promote the evolution of wirelineconsumer-to-business Internet e-commerceservices into wireless;• exploit the market by expanding today'svalue-added services to include the wirelesswallet concept for managing moneyin a mobile context;• promise increased profitability for mobileoperators and providers of e-commerceservices, such as Internet paymentproviders (IPP);• target the banking and financial servicesmarket; and• cater for new wireless Internet serviceproviders (ISP) who host or own merchantsand content providers.Ericsson aims to provide solutions for threecustomer categories: operators, serviceproviders and IPPs. Each one of these categoriesmay be active in local (or national),geopolitical or global markets. However,they must have the drive to maintain andexpand their existing customer bases, toreach out through new mobile channels, andto set up and maintain loyalty programs.Applications for mobilenetwork operatorsOperators who are interested in mobile datacommunication make up one of the maintarget groups for mobile e-commerce. Thesolutions Ericsson offers are not infrastructure;they are application-enabling servicesand servers that are independent of the underlyingnetwork design. Ericsson has acomplete portfolio for providing enhancedvalue-added services, such as end-to-end applicationsecurity for financial transactionsand payments.By offering mobile e-commerce services,mobile operators, ISPs and other serviceproviders will be able to share in the overallrapid growth of e-commerce. They willdiscover new business opportunities thatcan help them to grow and increase revenuesand profits. Operators and service providersalike can create flexible charging optionsthat allow users to pay, via their mobilephones, any amount for any service. Mobilee-commerce capabiliry will help these organizationsto position their mobile services asthe best way of gaining access to goods andservices, anytime, anywhere. And for thosewho are among the first in each market tooffer these services, competitive advantagecan be won through establishing a leadingedgeimage.Benefits for mobileoperatorsMobile e-commerce extends the wirelessmarket beyond voice, thus enhancing thevalue of the operator's mobile network andterminals. New types of application will expandtraffic and revenue sources for wirelessoperators. Mobile e-commerce is an importantdata application driver for the wirelessapplication protocol (WAP) and generalpacket radio service (GPRS). It will help operatorsto build loyalty, reduce churn anddifferentiate services. Mobile e-commercewill also enable operators to reinvent theirbusiness by assuming new roles that brokere-commerce services.Similar benefits apply to service and contentproviders, regardless of whether mobileEricsson Review No. 2, 2000 85

Figure 6Mobile e-Pay end-user services and functionality.e-commerce is used to aid them in complementingtheir range of services or in competingwith other companies. Operators andservice providers strive to position themselvesin the market through differentiationfrom competitors, which enables them torise higher in the chain of value-addedservices.Benefits for ISPs andIPPsFirst and foremost, mobile e-commerce canexpand the overall volume of transactionsfor ISPs and IPPs. More transactions boosttraffic and thus revenues. IPPs will reach theexisting customer bases of ISPs, but theywill also have access to completely new segments,such as end-users who use their mobilephones frequently. As they reach moreusers, the number of transactions will grow,enabling them to pay off investments faster,decreasing the cost per transaction.Benefits for service andcontent providersService and content providers can offer servicesto new markets via this new distributionchannel. Every person who has access toa mobile network is a potential customer,giving service providers virtually globalreach. Electronic requests for new servicesallow customers to access them immediately,which means new revenue flows start immediately.Yet costs are reduced becausetransactions are executed electronicallyrarher than manually. Mobile e-commercesolutions enable service providers to personalizedifferentiated services for narrowercustomer segments, such as young peopleand persons with financial clout.In addition, service providers that deploymobile e-commerce can gain direct access tonew customers by partnering with major institutions,such as credit card issuers. Theycan boost their own customers' loyalty byoffering the new mobile access method.What is more, they can take advantage ofadvertising via paging notices, which stimulatesimpulse purchases.Retailers and banks are likely to use theirmassive brand and distribution strength tomarket mobile e-commerce terminals tohigh-value customers. Retailers will collaboratewith banks and operators to offer marketableinformation services that make personalizedcontent available via handsets andallow payments to be made electronically.The race is on to establish partnerships with86 Ericsson Review No. 2, 2000

anks, travel agencies and other leadingbusinesses that intend to use the mobilephone as a retail outlet.Mobile e-PayEricsson's solution, Mobile e-Pay, deliversmobile e-commerce services. As shown inFigure 6, the solution includes features foraccessing the mobile network and the Internet(via WAP or SMS communication) aswell as other functionality not directly relatedto security and payments. The securityfeatures provide authentication, encryption,digital signing and non-repudiation oftransaction data. Payment features use directlinks to manage accounts in financialinstitutions and those dedicated to mobilee-commerce.Mobile e-Pay is offered in packages for theoperator and the enterprise market segments.Each package provides a set of featuresfor building flexible solutions for deployingnew services. Mobile e-Pay is a scalableand modular solution, ready for rapidlaunch of mass-market services and preparedfor the evolution of terminal and networktechnologies.Mobile e-Pay s features for mobile financialtransactions include security, payment,and mobile access functionality. These featuresare packaged for different market segments(Figure 7):• The Mobile e-Pay Operator/ISP packagetargets mobile operators or mobile ISPs.• The Mobile e-Pay Enterprise package targetsservice providers who want to offersecure transactions through multiple networks.Mobile e-Pay is implemented as a set of functionson standard server platforms located inthe e-commerce environment. For the mobilenetwork, Mobile e-Pay interfaces witha mobile operator's own IP network, whichgives it access to a WAP gateway and, optionally,SMS access nodes.For the fixed network, Mobile e-Pay interfaceswith content providers' WAP/Webapplications. It can also interface with externalfinancial institutions, giving access tocredit card payments, and with certificationauthorities (CA) for integration into thepublic key infrastructure (PKI). The solutionalso supports connections with mobilefinancial institutions, provided an operatorwants to offer dedicated financial accounts.In the Mobile e-Pay Enterprise package, thecontent provider and the financial institutionmight be the same service provider,Figure 7Mobile e-Pay environment in a generic network.typically a bank offering mobile banking.When deployed by a mobile operator,Mobile e-Pay is located on the operator'spremises behind the firewall. When deployedby an enterprise, Mobile e-Pay is typicallylocated inside the enterprise's IP network.Mobile e-Pay's basic functionality supportsfinancial transactions over the mobilephone and basic interfaces to payment orback-end systems (customization servicesare optional). The basic package also providesfunctions for converting algorithms tosupport security requirements; functions forconverting fixed network protocols to adaptto mobile terminals (to support mobile networkbearers); and operation, administrationand maintenance (OA&M) functions,including transaction logging. Optionalfeatures provide payment solutions andbrowsing on mobile terminals.Technical descriptionMobile e-Pay includes access, payment, andsecurity modules that form the core of themobile e-commerce solution.Ericsson Review No. 2, 2000 87

Figure 8Access features with push-and-pull services.Access featuresPull requestsWhen used for browsing, the mobile terminalcommunicates with content providersvia a gateway—for example, a WAP gateway.A pull request occurs when the contentprovider directs a request (authentication orsign operation) from the mobile terminal toMobile e-Pay (Figure 8). Mobile e-Payprocesses the request and returns the resultsto the content provider, either directly or viaa mobile-terminal redirect. Mobile e-Paydoes not support pull requests using SMSand the SMS center (SMSC).Push requestsPush requests are initiated from devicesother than mobile terminals (for instance, aPC). Push requests are made to Mobile e-Pay through an interface to the contentprovider—in the example shown in Figure8, this is done using the hypertext transferprotocol (HTTP). Until WAP-based pushrequests become available, push requests arehandled using the SMSC. A push request issent to an SMS gateway, which forwards therequest to the SMSC using a vendorspecificSMSC communication protocol.Mobile networkA WAP gateway or SMSC provides accessto Mobile e-Pay (Figure 8). Mobile e-Paycurrently supports WAP 1.1 and providesan HTTP interface to the WAP gateway,which should be able to provide an end-userID. If necessary, an SSL connection to theWAP gateway can also be supported.InternetContent providers can access Mobile e-Payusing HTTP from an intranet or Internetconnection. The interface to the contentprovider supports payment, authentication,digital signatures, and receipt handling. Italso permits an SSL connection to be established.Mobile e-Pay might request the SSLconnection during a pull request; similarly,the content provider might request the SSLconnection during a push request.Receipt handlingDepending on the application, a contentprovider might provide receipts (scriptsavailable for end-users). This solution mightnot be acceptable, however, since end-userssometimes prefer to access receipts locallyfrom their devices. Since WAP does not currentlysupport persistent storage, Mobile e-Pay provides an "Info" interface that can beused to send receipts as short messages toend-user devices.SecuritySecurity is a key issue for mobile e-commerce,and application security systems areEricsson Review No. 2, 2000

eing included in Ericsson's mobile e-commercesolutions. Designed primarily for financialservices, such as banking and trading,Ericsson's security systems enable thecompletion of high-security transactionsfrom a mobile phone. These transactions caninclude account balance inquiries, the transferof money between accounts, billing services,and stock trading.End-to-end security in the system meansthat the user's personal identification number(PIN), which is used to authenticate thegeneration of a digital signature, offers thenecessary authentication and data integrityrequired to verify banking transactions.Each authentication is unique and does notrely on intermediary network functionality.The system also supports established techniquesfor data integrity and encryption, includingwireless public key infrastructure(WPKI). The system can thus be integratedinto existing IT infrastructure and securityfeatures.WPKI, which consists of protocol extensionsand software and hardware additionsto terminals and networks that expand traditionalPKI to wireless networks, is intendedto enable the implementation of scalablesecurity solutions that are independentof the application, network, and supplier.PKI is an application-independent securityinfrastructure that is based on publickey cryptography services for data integrity,confidentiality, authentication and nonrepudiation.Using applied cryptography,PKIs govern the distribution and managementof cryptographic keys and digital certificatesthat allow users to take advantageof several fundamental features.• Confidentiality of information ensuresthat user communications are safe and cansolely be read by the intended recipient.Message encryption using digital certificatesguarantees confidentiality.• Integrity of data guarantees that messagecontents are not altered during transmissionbetween the originator and the recipient.PKIs provide digital signaturesto ensure the integrity of all transmittedinformation.• User authentication enables systems andapplications to verify that users are whothey claim to be and that they have beenauthorized to access resources. PKIs usedigital signatures and user certificates toguarantee the authentication of all end entitiesand system resources.• Non-repudiation prevents users of thePKI from falsely denying that they haveparticipated in a transaction or sent a messageto another user or resource. With alegitimate digital signature in hand and alegitimate digital certificate to accompanyit, the chances of a message being forgedor originating elsewhere are next to nil.Security features and optional packagesMobile e-Pay offers flexible packages of securityfeatures suitable for high- and lowvaluetransactions.• Two-zone (PIN) security. SSL is used toverify the identity of the parties and to encryptthe connection from the Mobile e-Pay node to the connected Internet node.In GSM, native network security is usedfor authenticating end-users. This schemeis enhanced with user pass-code schemes,which require end-users to know andinput a pass code (a specific e-commercePIN) to approve ttansactions.• Two-zone PKI security. Using aPKI/RSA digital signature, Mobile e-Paysigns a contract after having presented itto the end-user. The digital signature istriggered when the end-user enters a staticpass code to confirm a purchase. Thisfeature, which does not require SIM applicationtoolkit (SAT) support, can beused to receive and sign contracts from- WAP 1.1 terminals; or- plain SMS.• End-to-end triple digital encryption standard(3DES) SAT security. End-users canauthorize digital contracts with SAT-enabledphones. On a combined WAP1.1/SAT phone, this means that messageauthentication code (MAC) authenticationcan be used to verify that the enduserapproves the transaction. The 3DESkey is stored in the SAT application. AnySAT phone—including non-WAPphones—can be used for push paymentsthat are initiated from another terminal.• End-to-end WPKI SAT security. Theend-user can sign a digital contract usinga SAT-enabled phone. RSA asymmetricalkeys are supported. The private key isstored in the SIM, which enables the useof true end-to-end RSA keys with nonrepudiation.Any SAT phone—includingnon-WAP phones—can be used for pushpayments that are initiated from anotherterminal.For end-to-end SAT security schemes, theSAT applications are also protected by a personalPIN on the SIM. This protects endusersagainst misuse by persons who find orsteal an authenticated GSM phone.Ericsson Review No. 2, 2000 89

AuthenticationTo verify that end-users are who they claimto be, content providers must authenticatethem. The results of an authentication operationare either success (that is, the user iswho he claims to be) or invalid (a fraudulentattempt has been made).PIN securityPIN security is the simplest authenticationmethod. The end-user is presented with thecontract and asked to input a secret PIN,which is returned to Mobile e-Pay. The applicationthen authenticates the end-user byverifying the mobile station (terminal) integratedservices digital number (MSIS-DN).Digital signaturesDigital signatures are used to sign text orcontracts, so that content providers can verifya user and ensure that a third party hasnot tampered with the contract. The resultsof a sign request are the text and a digitalsignature.Security zonesMobile e-Pay can provide end-to-end securityor two-zone security. End-to-end securitymakes use of a SAT application whichgenerates a digital signature on the mobileterminal that can be passed to contentproviders.Two-zone security is defined as follows:Zone 1 comprises communication betweenthe mobile terminal and Mobile e-Pay; Zone2 comprises communication between Mobilee-Pay and the content provider. Mobilee-Pay verifies the end-user using PIN security.A combination of the phone numberand a PIN are used to decrypt a private keyand determine which security algorithm isto be executed. Mobile e-Pay can thus digitallysign contracts in proxy. The contractand signature are then delivered to the contentprovider. Two-zone security requiresthat the Mobile e-Pay system must reside ina trusted and secure environment (Figure 9).Mobile e-Pay might also add a certificate tothe contract.ConfidentialityIn this context, we use the term confidentialityto mean that if a packet is interceptedit cannot be easily read. Mobile e-Pay cancommunicate with content providers usingSSL, which provides Zone 2 confidentiality.However, since wireless transport layer security(WTLS) terminates an end-to-end solutionin a WAP gateway, Zone 1 confidentialityis dependent on the mobile network.Security methodsMobile e-Pay incorporates the MAC, DES,MD5, SHA-1, and PKCS security methods.MACA message authentication code is generatedwhen a hash value of the contract is generatedusing a digest algorithm. The hashvalue is then encrypted with a symmetric algorithmand key. Some SIM manufacturessupport MAC generation. Mobile e-Pay currentlysupports MAC generation using theDES and 3DES symmetric algorithms. Thekey-hashing MAC (HMAC), which is aMAC mechanism based on cryptographichash functions, can be used with any iterativecryptographic hash function in combinationwith a secret shared key. Mobile e-Pay supports message digest (MD5) and thesecure hash algorithm (SHA-1). MAC generationalgorithms can be implemented as aSIM application. Which of these algorithmsis used, however, varies according to SIMmanufacturer.DESThe data encryption standard (DES) describesa block cipher data encryption algorithm(DEA) that encrypts data in 64-bitblocks using a 56-bit key that is shared bythe communicating parties. Simply put, a64-bit block of plain text goes in one end ofthe algorithm and a 64-bit block of ciphertextcomes out the other end. DES is a symmetricalgorithm; that is, the same algorithmand key are used for encryption anddecryption. 3DES entails encrypting thedata three times using DES. Mobile e-Paysupports triple DES.MD5MD5 is a message digest algorithm thattakes a message of arbitrary length and producesa 128-bit fingerprint or message digestof the input. The MD5 algorithm is intendedfor digital signature applications,where a large file must be compressed securelybefore it is encrypted with a private(secret) key under a public-key cryptosystem,such as RSA.SHA-1The secure hash algorithm is used for computinga condensed representation of a messageor data file. When a message of anyEricsson Review No. 2, 2000

length less than 264 bits is input, the SHA-1 produces a 160-bit output called a messagedigest. This can be fed to the digitalsignature algorithm, which generates or verifiesthe signature for the message. The samehash algorithm must be used to create andverify a digital signature.PKCSThe public key cryptographic standard no.1 (PKCS# 1) is the standard method for encryptingdata using the Rivest-Shamir-Adleman (RSA) public-key cryptosystem.For digital signatures, the content to besigned is reduced to a message digest witha message-digest algorithm (such as MD5).An octet string (which contains the messagedigest) is then encrypted with the RSA privatekey of the signer of the content. Thecontent and the encrypted message digestare represented together according to thesyntax in PKCS#7 to yield a digital signature.Mobile e-Pay returns PKCS#7 formatsignatures for the MD5 and SHA-1 securitymethods.Payment featuresMobile e-Pay payment features enableproviders to offer a complete payment solutionwhich gives end-users a new electronicwallet that is accessible via the mobilephone. Thus, mobile users can use their mobilephones as a device for paying for goodsor services.Basic payment featuresEricsson has developed a standard communicationinterface to the payment server.Operators can use this interface to integrateMobile e-Pay into any suitable paymentserver solution—for example, if they do notpurchase the payment servers offered withMobile e-Pay.Jalda payment featuresJalda is a multipurpose payment methodthat supports convenient, fast and secure financialtransactions on the Internet. It isopen and flexible and can handle transactionsof any amount—from fractions of acent to huge sums—without requiring thetransfer of credit card numbers or electroniccurrencies. Jalda is a session-based Internetpayment method that enables paymentby the second, item, quantity, mouse click,search, character, page, or practically anyother parameter. Jalda consists of two parts:• an application program interface (API)—the Jalda API; and• a payment server that administers userdata and keeps track of transactions.The Jalda API can be embedded into virtuallyany application, which paves the wayfor content and service providers to sellgoods and services on the Internet and toreach end-users on wireless networks. Alltransactions between the end-user and thecontent or service provider are managed bya trusted third party—an Internet paymentprovider—who owns and operates the paymentserver.Mobile e-Pay can connect to Internet e-commerce applications using the Jalda API.Doing so extends the Jalda payment standardtoward mobile end-users. In a configurationin which the payment system is onthe Internet side, mobile users can thus usetheir mobile phones to sign digital contracts.Payment features including payment serverfunctionalityA payment server, which is offered togetherwith the mobile pay features, serves theinterface to external financial institutions,such as credit card companies. It also logsall financial transactions.Credit card paymentWhen end-users subscribe to Mobile e-Pay,they can register one or more credit cards inthe Mobile e-Pay system. They can then usethese cards to pay content providers forgoods and services. Payment is made onlinevia the card issuer, which is to say that userscan leave their cards at home and instead useFigure 9Two-zone security or end-to-end securityalternatives.Ericsson Review No. 2, 2000 91

BOX C, MARKET HARMONIZATIONOn Tuesday, April 11, 2000, Ericsson, Motorolaand Nokia announced that they have teamedup to create a common framework for mobilee-commerce. The main objective of this jointindustry effort is to ensure complete marketharmonization in terms of how certificates,keys, processes and services are implementedin mobile phones and offered to end-users.The framework for how mobile transactions areto be handled and implemented will be draftedand distributed for comment from relatedplayers in the industry (operators, serviceproviders, bankers, credit card companies,retailers, and so on). The framework will bebased on the wireless application protocol(WAP), WIM/WTLS, WPKI and Bluetooth.the phone as a payment device. Support isoffered for several major credit cards, includingVISA, MasterCard, American Expressand Diners Club.Mobile e-Pay prepaidaccountA dedicated e-commerce prepaid accountcan be connected to the mobile e-commerceservice. The prepaid account, which is administeredand issued by the Mobile e-Payoperator, can be used to pay contentproviders for goods and services. Mobileusers can check account balances from theirphones. The accounts can be filled manuallyby the Mobile e-Pay operator, or users canfill them using credit cards in combinationwith the credit card payment or the bankaccount /debit card payment features.Bank account/debit card paymentThe payment server can implement marketdependentinterfaces to partnering banks ornational banking networks. The implementationof market-specific banking interfacesis a common practice with payment serverdeliveries. Bank or debit card payment is notpart of the standard Mobile e-Pay offering.To the end-user, the procedure is the sameas for credit card payments.Content provider API (software library) forpaymentsAn application program interface and an IPconnection are all that content providersneed to connect to Mobile e-Pay paymentfunctions which are connected to financialinstitutions. To use Jalda payments, a separateJalda API is also needed.ConclusionAlthough the global digital economy is stillin its infancy, it will grow to support a hugeand complex market. Service providers whohave the tools that help consumers experiencethis new market as easy-to-understand,user-friendly and convenient will be handsdownwinners. In fact, we might define thetrue value of mobile e-commerce as the abilityto make specially tailored services directlyavailable to the consumer via a familiar,portable device.For mobile operators and content and serviceproviders, mobile e-commerce representsa new way of adding value and of differentiatingthe services they offer, as wellas of expanding their markets and buildingcustomer loyalty. It is quite simply an entirelynew sales and promotion channel. Unlikebrick-and-mortar retail outlets, mobilee-commerce can be thoroughly tailored to aconsumer's individual needs and tastes. Andit is available to that consumer anywhere,anytime. In short, mobile e-commerce is allabout consumer empowerment.The right combination of mobile systems,Internet, payment, and security technologiesnow exists to make mobile e-commercea commercial reality. Ericsson's Mobile e-Pay solutions enable operators and serviceproviders to generate new classes of servicebased on each user's geographical locationand personal profile. As the world wakes upto the huge potential of mobile e-commerce,mobile operators and service providers willhave the unique opportunity to establish alead in the market.92 Ericsson Review No. 2, 2000

The RBS 2206—A flexible ticket to third-generationwireless systemsPer WilenThe migration from second-generation to third-generation mobile systemsis one of the core issues facing the industry as it enters into the new telecomsworld. Ericsson is committed to making this migration as seamlessas possible for the operator. One of Ericsson's cornerstone products is anew, indoor macro-base station—the RBS 2206.Twice the capacity, samefootprintThe RBS 2206 is a successor to theRBS 2202, which is the world's most deployedGSM base station. A new doubletransceiver unit (dTRU) in the RBS 2206gives it unsurpassed capacity: with room forsix dTRUs, it can serve as a 12-transceiverbase station, which is twice the capacity ofthe RBS 2202. Nonetheless, the footprintof the two models is exactly the same, whichis an important point—today, many basestation sites host two RBS 2202 units. Ifthese units were replaced with the RBS2206, the extra space gained at the site couldbe used for a second unit, say, one that supportsthird-generation standatds (Figure 2).Thus, operators can build a third-generationnetwork using existing sites. This is goodnews, since site space is a valuable operatorasset.True bridge from 2G to 3GWhen an operator decides to implementthird-generation technology, the RBS 2206can provide coverage quickly. Indeed, theRBS 2206 is a true bridge from second- tothird-generation systems. Full support forenhanced data rates for global evolution(EDGE) is achieved by adding one or moreplug-in transceiver units in the cabinet'stransceiver slots; support for widebandcode-division multiple access (WCDMA) isachieved by adding a plug-in WCDMAtransceiver unit (WTRU) and a remote radiounit (RRU). The RBS 2206, which representsa flexible, low-cost ticket to thirdgenerationcapabilities, is especially suitedto sites where space is a premium (urbanareas) or where coverage is the main priority(rural areas).Plug-in WTRU and remote radio unitAs mentioned above, the RBS 2206 can beexpanded to support WCDMA using aplug-in WTRU, which contains basebandfunctionality (Figure 3). A remote radiounit, which can be placed anywhere betweenthe cabinet and the antenna, contains radiofunctionality and power amplification. Theconnection between the base station and theremote unit is made by means ofa fiber opticcable, making installation flexible and easy.Up to three RRUs can be deployed, dependingon the number of sector configurations(one, two or three).Figure 1Photograph of the RBS 2206. Dimensionsin mm (height x width x depth):1900x600x400.Ericsson Review No. 2, 2000 93

Figure 2The footprint of the RBS 2206 is one-halfthat of the RBS 2202. Thus, by upgradingto the RBS 2206, operators have spaceover for, say, a second unit that supportsthird-generation standards.BOX A, ABBREVIATIONS2G Second-generation mobile/wireless3GsystemThird-generation mobile/wirelesssystemCDU-FCDU-GdTRUDXUEDGECombiner and distribution unit (F)Combiner and distribution unit (G)Double transceiver unitDistribution switch unitEnhanced data rates for global evolutionGPRSGSMGeneral packet radio serviceGlobal system for mobile communicationHSCSDRBSRRUTRUHigh-speed circuit-switched dataRadio base stationRemote radio unitTransceiver unitWCDMA Wideband code-division multipleaccessWTRU WCDMA TRUGeneration 2.5In the interim before third-generation systemsare introduced, the RBS 2206 can aptlyfulfill several roles, since it provides full supportfor the technologies that pave the wayfor third-generation systems. The RBS 2206is• fully prepared for GSM data services, including14.4 kbit/s time slots, high-speedcircuit-switched data (HSCSD), and generalpacket radio service (GPRS); and• equipped with a powerful distributionswitch unit (DXU) and fastinternalbuses, which guarantee full EDGE supporton all time slots. Moreover, the DXUis prepared for Internet protocol-based(IP) A-bis transmission.Immediate benefitsThe RBS 2206 also offers several immediatebenefits to present-day GSM networks.Apart from having twice the capacity of itspredecessor, the RBS 2206 also gives improvedradio performance. For example, inaddition to standard, two-branch diversity,it supports four-branch receiver diversity,which improves the uplink with up to 4 dB.BOX B, THE RBS 2206Key features• Six double transceiver units (dTRU) for a totalof 12 transceivers• Hybrid combining one, two or three sectors inone cabinet• Filter combining one, two or three sectors inone cabinet• 35/16 W output power from cabinet (CDU-G)• 20 W output power from cabinet (CDU-F)• Synthesized and baseband frequency hopping• Prepared for data: 14.4 kbit/s, HSCSD, GPRS• Prepared for two-slot WTDUs• Supports 12 EDGE transceivers on all timeslots• All speech codes: HR, FR, EFR• Dual-band (GSM 900/GSM 1800)• Extended range 121 km• Supports software power boost• Prepared for IP-based transmission• Prepared for four-branch receiver diversity• Prepared for GPS-assisted positioning servicesTechnical specifications• Frequency band• Transmission (Tx)• Reception (Rx)• Dimensions• Weight (equipped)• Power intoantenna feeder• Receiver sensitivity• Power supplyE-GSM 900, GSM 1800925-960,1805-1880 MHz880-915,1710-1785 MHz1900x600x400 mm230 kg35 W (GSM 900)28 W (GSM 1800)-110 dBm120 to 250 VAC, 50/60 Hz-48 to -72 VDC+20 to +29 VDCEricsson Review No. 2, 2000

The combination of two unique features—Extended range 121 km, and four-branch receiverdiversity—gives almost immediaterural coverage at the lowest possible cost.The RBS 2206 also comes with two newcombiners—the CDU-F and CDU-G—which when compared to the combiners ofthe RBS 2202, increase output power by1 dB. Obviously, increased output powerimplies greater site-to-site distance. Thus,compared to the RBS 2202, networks builtwith the RBS 2206 require approximately15% fewer sites (Figure 4).The CDU-G combiner can be configuredin either capacity or coverage mode. In coveragemode, its output power is increased by3 dB to 35 W, making it ideal for rural sitesor roll-outs where speed or cost is a key factor.Because it is fully compatible withEricsson's RBS 2202, the RBS 2206 canquickly and easily be implemented in present-daynetworks. The RBS 2206 will becomecommercially available during thefirst quarter of 2001. EDGE functionalitywill be introduced a few months later. Theplug-in WTRU will be offered for deploymentin 2002.ConclusionThe RBS 2206 gives operators flexible entryinto the world of third-generation systems.Having the same footprint as the RBS 2202but double the capacity, the RBS 2206 freesup 50% of the cabinet space currently occupiedat base station sites. Operators canuse this extra space to install a thirdgenerationbase station; for example, theWCDMA macro-base station/RBS 3202.The RBS 2206 is fully prepared for EDGEand WCDMA. To add WCDMA functionality,operators need only plug in aWCDMA transceiver unit and remote radiounit. Thus, because major site investmentscan be reused, the RBS 2206 gives operatorsrapid, low-cost roll-out of a thirdgenerationnetwork.Figure 3The RBS 2206 can be expanded to supportWCDMA using a plug-in WTRU andremote radio unit.Figure 4The increased site-to-site distance affordedby the CDU-F combiner means thatcomparedto the RBS 2202—networksbuilt with the RBS 2206 require approximately15% fewer sites.Ericsson Review No. 2, 2000

Communications security in an all-IP worldLuis Barriga, Rolf Blom, Christian Gehrmann, and Mats NaslundThe increased use of the IP suite creates a strong need for comprehensivesecurity solutions. In an all-IP world, users will have connectivity viaresidential LANs, at work, at public kiosks or Internet cafes, at hotels, andwhile on the move, over the air via the mobile Internet.In this article, the authors exemplify the need for security in differentcommunications scenarios. They also give an overview of basic protectionmechanisms and protocols and describe how security has beenincorporated into various applications and products. Finally, they discussfuture trends in the field of security.IntroductionThe increased use of the Internet protocol(IP) suite creates a strong need for comprehensivesecurity solutions. Packet networks,such as the Internet and intranets, introducemany new security threats. Today, malicioususers can easily tap (eavesdrop) IP traffic,redirect traffic, insert false packets, modifypackets, mount denial of service attacks,and introduce harmful software into systems.One way of countering these attacksis to maintain strict control of access to thenetwork by restricting access to trustedusers. This kind of control can be achievedusing• firewalls to control packet flows at the networkborder; and• secure login procedures.Most corporations currently protect theirintranets in this way. However, it is usuallydifficult to maintain security in the networksimply by restricting access. In thefirst place, the main objective of the networkis to give easy and open access to the Internet.What is more, in a large network withmany users it is difficult to maintain strictcontrol of each user and each machine. Andsecurity-related problems proliferate asusers become mobile—users will soon enjoycontinuous, anywhere IP connectivity, employingmany different methods to accessthe Internet and intranets.To complement access control and obtainthe necessary level of security, the traffic itselfmust be protected. Cryptography providesthe basic techniques needed to buildsecure communications solutions. Protectionmechanisms authenticate users, encryptpackets, and protect them from beingmodified. Security mechanisms of this kindare already part of Ericsson's products. Forexample, the GSM system contains mechanismsfor authenticating users in the net-BOX A, ABBREVIATIONS3GPPA5/1AAAACCAESCADESDHCPEESSIESPGGSNGPRSGSMHLRHMACIETFIKEIPIPsecIPv4ISAKMPISPIVLANMACThird-generation Partnership ProjectStream-cipher in GSMAuthentication, authorizationand accountingAdvanced computercommunicationsAdvanced encryption standardCertificate authorityData encryption standardDynamic host configuration protocolEuropean Electronic SignatureStandardization InitiativeEncapsulation security payloadGateway GPRS support nodeGeneral packet radio serviceGlobal system for mobilecommunicationHome location registerKeyed-hashing for messageauthenticationInternet Engineering Task ForceInternet key exchangeInternet protocolIP securityIP version 4Internet security association and keymanagement protocolInternet service providerInitialization vectorLocal area networkMessage authentication codeNESSIENISTPKIPKIXPoPPOPRADIUSRC4RC5RSASASGSNSMGS/MIMESSHSSLTLSUDPURLVPNWAPWLANWPKIWTLSX.509New European schemes forsignatures, integrity, and encryptionNational Institute of Standards andTechnology (US)Public-key infrastructurePublic-key infrastructure (X.509)Point of presencePost office protocolRemote authentication dial-in userservicePopular stream cipherPopular block cipherRivest-Shamir-Adleman public-keysystemSecurity associationServing GPRS support nodeSecure mail gatewaySecure multipurpose Internet mailextensionSecure shellSecure socket layerTransport layer securityUser datagram protocolUniversal resource locatorVirtual private networkWireless application protocolWireless LANWireless PKIWireless TLSITU standard for public keycertificatesEricsson Review No. 2, 2000

work and for protecting traffic over the airlink. However, for a communication systemto use crypto-based security mechanisms,these mechanisms must be packaged intoprotocols and supported by key distributionprotocols or key infrastructures. Furthermore,the security mechanisms must nothinder usability. Obviously, the user of thecommunication system must also set up anduse the communication equipment correctly.In practice, however, this is a problem—misconfigurations often leave big holes inthe security system.It is difficult to build efficient and practicalsecurity systems. In particular, becauseof its size and availability to the public, theInternet constitutes a major security challenge.Notwithstanding, several protocolsand system architectures have been designedto protect IP traffic.ScenariosIn an all-IP world, users will have IP connectivityeverywhere (Figure 1): at home,they will connect via residential local areanetworks (LAN); at work, they will connectvia the corporate intranet; they will also beable to connect at public kiosks or Internetcafes and at hotels; and while on the road,they will be able to connect over the air (mobileInternet). The roaming experience thatthe cellular phone industry has given itsusers will also apply to IP users when, forexample, they temporarily use a foreign domainto access the Internet. Furthermore,thanks to wireless communications, userswill enjoy always-connected service (alwaysconnected, always online). Users will thusexperience seamless IP services when movingacross wireless and fixed access. The servicesthemselves will span across differentnetworks, allocating along their paths variousresources, such as proxies, mobilityagents, and brokers.Throughout this article, we use the termadministrative domain to denote an IP serviceprovider—either an operator or Internet serviceprovider (ISP). In the all-IP world, boththe user's IP device and the administrativedomain need to protect their resources frompotential attacks, since hostile mobile hostsin any domain might attack other mobilehosts or network nodes or abuse resources.To prevent this from happening, serviceproviders need a mechanism for regulatingaccess to their domains and for getting paid.The most straightforward mechanism forregulating access consists of building trustFigure 1An all-IP world In which IP is run over all kinds of access network—wireless or wireline aswell as core networks and intranets.relationships: each user, host, and service isassigned an Internet identity and associatedcredentials. In this way, any actor can beidentified and authorized to use a tesource.Service providers can then allocate resourcesto authenticated users and charge for theirusage. Roaming agreements between administrativedomains allow users to visit anduse foreign network resources. Arrangementsof this kind imply a certain amountof trust between administrative domains;that is, they must exchange information ontheir subscribers, in order to authorize andallocate resources.In an important business scenario, the administrativedomain is a corporate networkto which employees can connect when awayfrom the office. In this case, two separatemodels of trust relationships can be adoptedto provide secure remote access to the corporateintranet via the Internet.• The corporate domain signs an agreementwith a service provider that handles securetunnels between remote employees andthe corporate network.• If the enterprise can solely trust its employees,then only end-to-end security isacceptable, in which case employees musthandle secure tunnels from their IP devicesto the corporate intranet.Ericsson Review No. 2, 2000 97

BOX B, SYMMETRIC KEY SYSTEMSGood symmetric key systems are consideredto be secure against (essentially) all but bruteforce,exhaustive key searches. The mostwidespread symmetric system is the dataencryption standard (DES), which was developedby IBM in the mid-1970s. The DES has akey size of 56 bits. With recent hardware developments,however, a 56-bit key size is nolonger considered secure. In fact, specialpurposemachines have been built that cansearch the entire key space in just a few hours.For this reason, the National Institute of Standardsand Technology (NIST) initiated thedevelopment of the advanced encryption standard(AES), which supports 128- to 256-bitkeys. Moreover, unlike the development ofDES, the AES design process is open to thepublic. From an initial set of 15 algorithms, theNIST has selected a set of five finalists. Thefinal AES algorithm is to be selected later thisyear, see http://www.nist.gov/aes/. A similarwork—the NESSIE project—is under way inEurope, see http://www.cryptonessie.org.Wireless networks add yet another dimensionto this scenario, making it necessary tosupport mobile virtual private networks(VPN) for mobile or remote employees.Communication securitymechanismsBasic cryptographyThe two main purposes of cryptography are• to maintain the confidentiality of messages;and• to guarantee the integrity of messages.Confidentiality is provided by encryption,whereas integrity can be provided by authenticationcodes or digital signatures.EncryptionThe encryption of packets protects IP traffic(Figure 2). Before sending a message (m)the sender uses a key (kl) to encrypt it. Theciphertext (c) is then sent over a public channelthat is open to eavesdroppers. To readthe message, the recipient uses a key (k2) todecrypt the ciphertext, thereby retrieving m.Although active adversaries can insert packetsand modify communication, for this discussionwe assume only passive listening.If kl and k2 are equal, the system is symmetric.Otherwise, it is said to be asymmetric.To guarantee security, k2 must alwaysbe kept secret, whereas kl can be madepublic—provided it is infeasible to derivek2 from kl. If indeed this is the case, thenthe system is called a public key system.Public key systems offer many interestingpossibilities; for instance, anyone can sendan encrypted credit card number to an onlineshop using the shop's public kl. Sinceonly the shop possesses k2, no one but theshop can determine the number. If a symmetricsystem were used, the shop wouldhave to exchange unique keys—privatelyand in advance—with every potential customer.The security of public key systems isalways based on the difficulty of solving certainmathematical problems, whereas symmetricschemes are more ad hoc in nature.The main drawback of public key systemsis that their mathematical nature alwaysmakes them less efficient than symmetricsystems; in particular, because the size ofkeys in public key systems is measured inkilobits—the keys of symmetrical systemsare only one tenth as large. Thus, the choiceof encryption method depends on the intendedapplication.Figure 2Use of encryption to protect a messagefrom eavesdropping.98 Ericsson Review No. 2, 2000

Figure 3Use of encryption and message authenticationcode (MAC) to protect a messagefrom eavesdropping and ensure messageintegrity.An example of a popular public key systemis the Rivest-Shamir-Adleman (RSA)system, which encrypts a message by interpretingit as a sequence of large integers thatare transformed via modular arithmetic.Throughput is in the kbit/s tange. Popularsymmetric systems include the data encryptionstandard (DES, Box B) and RC5.These systems, which belong to a categoryknown as block ciphers, encrypt at a rate ofseveral Mbit/s by dividing messages intoblocks, and using very efficient "bitfiddling"operations on each block. Themost efficient symmetric systems—calledstream ciphers—produce an "infinite"pseudo-random bit stream that is combinedor added to the message, bit by bit. Examplesof stream ciphers are RC4 and A5/1 (theencryption system used in GSM).In practice, a good cryptographic systemmakes it impossible for an outsider to readthe content of messages. However, encryptiondoes not protect data packets from beingmodified. For example, let us assume that apacket consists of one bit of data—"0" or" 1"—which corresponds to an encrypted "0"or "1" message. By changing the packet,someone could also change the message.Message authentication codesObviously, an integrity mechanism is neededto protect packets. The addition of a messageauthentication code (MAC) field enablesrecipients to detect whether or not any packetshave been modified. A MAC field is a sequenceof bits added to the original message.Modifications are detected by comparing thereceived MAC field with a checksum that isderived from the received message and a secretkey. If the output matches the teceivedMAC field, then the message is accepted asbeing authentic. Several MAC algorithmsexist. The one most commonly used in theInternet is the HMAC algorithm (Figure 3).A related security mechanism is the digitalsignature, which serves the same purposeas a MAC. However, whereas the MACcan only be verified by the intended recipient,a digital signatute can (in principle) beconfirmed by anyone. Keeping the terminologydefined above, a MAC is a symmetrictechnique, and a digital signature isasymmetric. Accordingly, in contrast to aMAC, a digital signature can give nonrepudiation;that is, if only one individualknows the secrer key, then no one but thatperson can have sent or used it.Ericsson Review No. 2, 2000 99

Figure 4Construction of an ESP-protected IP packet in transport mode. IPsec outgoing messagesare processed for Internet protocol version 4 (IPv4). In the encapsulation security payload(ESP) transport mode, in which the payload is encrypted and the integrity of the ESP headerand payload are protected, the communication peers share a security association databasethat contains parameters necessary for secure communication. The database containsshared secret keys and a counter that counts each packet sent over the channel. Asequence number identifies the secure session. The encryption and authentication functionsare denoted by f and h respectively.Protocols for Internet securityCryptographic algorithms make up thebasic mechanisms for secure communication.But we also need standardized ways ofauthenticating users, exchanging keys, decidingwhich algorithm and message formatsto use, and so on. This is where protocolscome into play. Several different securityprotocols are in use in the Internet; forexample, TLS 2 , SSH 5 , IPsec 4 and IKE 5 , eachof which uses common techniques to establisha secure session.• Authentication. Before a communicationsession can begin, the communicatingparties must verify each other's identity.An authentication protocol does this. Authenticationcan be based on a public orsecret key. If public keys are used, theyare often obtained using some kind ofpublic key infrastructure (PKI).• Cryptographic algorithms. The communicatingparties negotiate to determinewhich cryptographic algorithms shouldbe used for exchanging keys and protectingdata.• Key exchange. The parties exchange cryptographicsession keys. This phase oftenincludes public key cryptography.• Generation of session keys. Symmetric sessionkeys are calculated and used to en-Figure 5IKE Phase I mode, authentication withsignatures.100 Ericsson Review No. 2, 2000

crypt all subsequent packets and to appenda MAC field to each packet.The different protocols protect informationat different levels in the protocol stack. TheIP security (IPsec) protocol, which is a technologythat protects all IP packets at the networklayer, forms a secure layer from onenetwork node to another. IPsec can even beused to create IP-based VPNs. However, theprotocol does not stipulate how peers are tobe authenticated or session keys are exchanged.These tasks are handled by the Internetkey exchange (IKE) protocol.The secure shell (SSH) protocol is the basicprotocol for remote terminal connectionsover the Internet. It is used to make securetext-based management connections to networknodes. The transport level security(TLS, formerly secure socket layer, SSL) protocolis used to protect secure Web servers,such as those used in Internet banking solutions.The WAP Forum has standardizedits own version of the TLS protocol, calledwireless TLS (WTLS). An important distinctionbetween the two protocols is thatWTLS can be used over an unreliable transportlayer such as the user datagram protocol(UDP); TLS cannot (Figure 6).IPsec, SSH, and TLS are useful in theirown special areas. For a terminal-connectionFigure 6The different security layers and their positions in an IP stack.application, SSH has authentication mechanismsthat make it the best choice. Forclient-server applications where the clientside involves human interaction, TLS is preferred.However, to encrypt all packets, includingconnectionless packets and IP controlpackets, IPsec is a good choice. IPsec isBOX C, IKEThe Internet key exchange (IKE) protocol is usedto establish a security association (SA) betweentwo peers. An SA is a shared secret (togetherwith a policy for the secret) between the communicatingparties. The SA is needed to protectreal communication between peers. IKE is generallyused to negotiate an SA for IPsec. IKE isbased on the Internet security association andkey management protocol (ISAKMP), whichsuggests a key negotiation based on two differentphases:Phase IThe two peers establish a secure channel for furthercommunication by negotiating ISAKMPSAs.Phase IIUnder the protection of the SA negotiated inPhase I, the peers negotiate SAs that can beused to protect real communication; that is, theIPsec SA.IKE defines two Phase I modes:• MAIN MODE gives authenticated keyexchange with identity protection.• AGRESSIVE MODE gives quicker authenticatedkey exchange without identity protection.For Phase I, IKE defines (for main and aggressivemodes) four different authentication methods:1. authentication with signatures;2. authentication with public key encryption;3. authentication with a revised mode of publickey encryption; and4. authentication with a pre-shared key.In methods 2,3 and 4, it is assumed that the initiatorof the key negotiation has already receivedthe public key or a pre-shared key from therespondent. Figure 5 shows IKE authenticationwith the signature protocol for main and aggressivemodes. The different fields in the protocolare as follows:• HDR—the header field includes a randomcookie chosen by the initiator and respondent.The asterisk (*) in the figure indicates that allpayload following the HDR field is encryptedusing the newly negotiated keys.• SA—the security association field includesseveral parameters together with a proposalfor the cryptographic attributes that the peerwants to use during IKE negotiations. The initiatorsends the proposals; the respondentchooses from among these and returns a newSA.• KE—the value of the public key exchange.• N—a random value used to calculate keymaterials shared by the peers.• ID—an identity field; for example, an IPv4address.• CERT—a certificate that contains a signaturecheck key.• SIG—a digital signature calculated over ahash value. The initiator hash value is obtainedfrom the initiator and respondent cookie values,a "premaster secret," KE values, SAvalue, and the initiator ID. The respondenthash value is obtained in exactly the same waybut using the ID value of the respondent.IKE Phase II has only one mandatory mode:QUICK MODE. IKE Phase II is solely used fornegotiating security parameters for another protocolsuch as IPsec. No certificates are involvedin this phase.Ericsson Review No. 2, 2000 101

Figure 7An X.500 database structure for a CA and the X.509 certificate structure.certificate can be trusted if the signature iscorrect and a trusted party has signed it. Ifthe signature on the certificate is not correct,or if a trusted party did not sign it, thena secure session will not be created. Ordinarily,a trusted party is a well-known certificateauthority (CA) that issues certificatesin a secure way. VeriSign is an exampleof a large certificate authority on the Internet.VeriSign's business concept is to providecertificate services to its customers. Serviceproviders pay a fee to receive a certificatethat they can use in their secure servers.Most Internet browsers currently includeVeriSign's public signature key in their software,and by default most browsers treatserver certificates signed by VeriSign astrusted certificates.Most certificates are only valid for a certainperiod of time. However, if a user loseshis private key, or if for some other reasonhis certificate is invalid, then the issuing certificateauthority must revoke the certificate.It does so by distributing signed listsof revoked certificates.The framework for issuing, revoking anddistributing certificates is called a publickey infrastructure. Certificates are oftenstored in and can be fetch from an X.500database. To make communication flexibleand secure, the protocols we have describedthus far need some kind of supporting PKI(Figure 7).BOX D, ERICSSON IPSECCOMPETENCE CENTERThe Ericsson IPsec competence center, in Jorvas,Finland, provides Ericsson product unitswith IPsec software, knowledge and training.The center, which is funded through EricssonResearch, has developed an implementationof IPsec that was originally developed for theACC platforms. The center has licensed an IKEimplementation and developed its own prototypeimplementation of IKE.also preferred for general secure networklayer connections, such as VPNs.PKIPublic key cryptography can be used to authenticateusers and machines. It can also beused for the secure exchange of session keys.In the security protocols we have described,authentication and key exchange are oftenclosely tied to one another, to ensure thatthe public keys for key exchange belong toa certain person or organization. One way ofmatching an identity to a public key valueis to include both parameters in a certificate.A certificate is an information sequence thatconsists of fields and a digital signature thatencompass these fields. Several different certificatestructures exist. The most commoncertificates in the Internet are based on theX.509 format. 6 The holder of a certificatecan present it to other users or network nodesfor identification or secure key exchange.When a certificate is received during sessionset-up, the receiving machine checksthe signature on it. The public key in theAAAAn administrative domain keeps customerinformation in authentication, authorizationand accounting (AAA) servers. Forroaming purposes, the AAA servers that belongto different administrative domainsneed to be able to communicate securelywith each other, either directly or, in the absenceof a direct roaming agreement, via abroker. This allows for the composition ofnetwork services that demand resourcesfrom more than one administrative domain.It also means that the corresponding AAAservers must authorize the allocation of resources.In some cases, however, authenticationand authorization are not necessary;for example, when credit cards or prepaidcards are accepted for a service (Figure 8).AAA servers represent an outgrowth ofservers that were developed for specific purposes;more particularly, when the service inuse is associated with a communicationlayer. In the GSM system, for example, customerinformation is kept in a home locationregister (HLR) and the system was de-102 Ericsson Review No. 2, 2000

signed for cellular telephony, even thoughtoday's mobile services can also be used forother purposes. On the Internet, remote authenticationdial-in user service (RADIUS)servers are commonly used for dial-up users.For electronic commerce (e-commerce), digitalcertificates are stored in databases. Ingeneral, each communication layer belongsto a different administrative domain. Consequently,a single user often has numerousidentities and must be authorized severaltimes before he or she can use a service.While it might be possible to hide this fromthe user, by employing some kind of logonscheme, each separate authentication mustbe performed. Standard AAA protocols androaming consortiums can do away with thisproblem. Organizations that manage allthree communication layers should be ableto bundle authentication services for theircustomers.Deploying IP securityAlthough they have not as yet been widelydeployed, mechanisms for secure IP networkshave been available for some time.IPsec was standardized in 1999, but preliminaryimplementations were availablesome years before. Similarly, TLS/SSL iswidely used on the World Wide Web.One reason for the delayed utilization ofsecurity solutions has been US export restrictions.Since a considerable share of Internetdevelopment takes place in the US,encryption has not been a top priority instandardization or in the marketing messagesof leading data communication companies.Today, however, the US is beginningto lift export regulations and the EuropeanUnion is increasing requirements for confidentialcommunications, thereby makingIP security products a necessary part of datacommunication portfolios. Thus, the commercialuse of cryptography products is increasingrapidly.Applications and productsEricsson implements IPsec in many productsincluding Tigris access servers 7 , Telebitrouters 8 , and general packet radio service(GPRS) nodes' to provide transparent andhigh-level security for many applications.Ericsson's wireless LAN (WLAN) solutionuses IPsec to encrypt airborne traffic.TLS has been used in many Web-basedapplications. In particular, a wireless applicationprotocol (WAP) variant, WTLS, willplay an important role in the future.Security in GPRS productsEricsson's serving GPRS support node(SGSN) and gateway GPRS support node(GGSN) contain full support for the IPsecFigure 8AAA servers and their relationships whenproviding IP access and services tomobile users.Ericsson Review No. 2, 2000 103

Figure 9GPRS VPN scenarios.Figure 10The Ericsson WLAN security solution.protocol. IKE is not supported in the currentrelease but will be supported in the nearfuture. The flexible design of the GGSN allowsfor various VPN tunnel options betweenthe GGSN and a corporate network.RADIUS authentication can be handled atthe corporate site. As shown in Figure 9, astatic IPsec connection is set up between theGGSN and a gateway in the corporate network.Alternative locations of RADIUS anddynamic host configuration protocol(DHCP) servers within the external networksare indicated in the figure. Corporatenetwork no. 1 uses RADIUS for authenticatingclients and assigning addresses. Corporatenetwork no. 2 relies on the GSM attachauthentication mechanism and utilizesDHCP to assign client IP addresses. Finally,corporate network no. 3 uses a hybrid approach,in which DHCP manages client IPaddresses, and RADIUS authenticatesclients.The WLAN security productEricsson's WLAN solution provides transparentmobility and security for mobileusers who want to access their company networks.WLAN Guard provides firewall protection,preventing unauthorized access tothe wireless LAN. WLAN Guard also servesas the security link in a wireless network,safeguarding user information over thewireless network and ensuring that unauthorizedmonitoring of the network or intrusiondoes not occur. The WLAN Guardsecurity solution is based on IPsec. Encryption/decryptionand authorization keys arealso employed to provide authentication,automatic security association management,and to protect wireless traffic. The authorizationkeys are compliant with the IKEstandard. The WLAN Guard control databaseretains records of all authorized usersand their required keys (Figure 10).Secure corporate e-mail on the InternetThe Internet standard S/MIME was developedto provide authentication, integrityand confidential services for Internet e-mail.It is also attractive for corporate use, nowthat more and more mobile users need tocommunicate securely with colleagues oncorporate intranets. S/MIME relies on theexistence of a PKI under the control of atrusted CA.S/MIME is fundamentally used for pointto-pointsecurity. Thus, for secure e-mail betweenparties, each party must obtain a digitalcertificate. This requires full PKI de-104 Ericsson Review No. 2, 2000

ployment, which is a complex task. Furthermore,for a mobile user on the Internetto use S/MIME to exchange e-mail withusers on the intranet, the corporate PKIneeds to be accessible from the Internet,which might conflict with corporate securitypolicies.Ericsson Research has designed a flexibleS/MIME-based architecture that employsdomain-to-point security. The solution allowsmobile users to manage corporate e-mail using an untrusted Internet e-mailserver; for example, at an ISP. The solutionrequires minimal PKI deployment, does notaffect the intranet infrastructure, and can beconstructed from standard components(Figure 11).The CA issues digital certificates to mobileusers and to a secure mail gateway(SMG) that implements domain-to-pointsecurity for outgoing and incoming e-mailbetween mobile and corporate users. E-mailfrom the intranet to the mobile user is automaticallysecured with S/MIME by theSMG, using the mobile user's certificate.Similarly, e-mail from the mobile user to auser on the intranet is automatically securedwith S/MIME on the mobile device (usingthe SMG's certificate) and forwarded to theSMG. Upon reception, the SMG restores thee-mail to its original form and forwards itto the intended recipient. An added benefitis that mobile users who do not know eachother's certificate can communicate securelyvia the SMG. This benefit can also be exploitedto distribute certificates.Future trendsThreats and opportunitiesIn the all-IP world, access will be separatedfrom services, and end-users will have a singlesubscription from which they can accessany service on the global Internet. Whilethis openness of access and services will increasethe value of the Internet, it will belike an open door to malicious users, fraudulentservice providers, and deceitful accessnetworks. Denial-of-service attacks mightdisturb IP traffic or destroy services. Threatsof this kind put strong security requirementson roaming, authentication, authorization,operation and management, andbilling. But the openness and service thatcan be furnished will also give operators andISPs new opportunities, such as the meansof providing security. For example, operatorsor ISPs might also function as CAs.Figure 11Secure corporate e-mail on the Internet.New solutionsThe mechanisms we have described will reducethe impact of new threats. In the future,firewalls and flexible trustmanagementengines will continue to beimportant security components. These aregood tools in terms of protecting networksfrom denial-of-service attacks from the Internet.Attacks from terminals must bedealt with using encrypted radio links,ingress filtering firewalls, fraud detection,and auditing mechanisms. Cryptographicprotection of all control and managementtraffic in the network prevents unauthorizedusers from accessing core functionality inthe network. Protocols, such as IKE/IPsecand TLS, can be used as the basic protectionmechanism for several different applications.Likewise, necessary AAA mechanismsare required for reliable user authenticationand billing services. These mechanisms willprovide security for large-scale roaming,Ericsson Review No. 2, 2000 105

TRADEMARKSRC4 and RC4 are registered trademark of RSASecurity Inc. All rights reserved.management, and scalable trust mechanisms.Various PKI solutions will have a keyrole. The AAA functions will be based onIP protocols. However, the new, IP-basedAAA protocols must be adapted to handlethe huge amount of previously implementedAAA functions in cellular systems.PKIPKI is an essential technology that can meetthe scalability requirements for managingkeys in networks and for supporting networkservices such as e-commerce. In thiscontext, the role of the CA role is vital. PKIbasedsubscriptions put this role on a parwith that of an operator. The lack of strongCAs is a potential threat to operators andISPs. Ericsson will work to develop and promotetechnical solutions that pave the wayfor a large number of independent CAs.Ericsson participates in all major forumsthat deal with PKI standardization and development.E-commerce applications will acceleratePKI deployment. But technical solutionsare not enough; a legal framework fore-commerceis also necessary. One example is theongoing European Electronic SignatureStandardization Initiative (EESSI), whichrecently developed a framework for legal andsecurity requirements for the use of electronicsignatures within the EuropeanUnion. At the same time, several countriesare introducing personal electronic identitycards, which involve nationwide PKIs. InSeptember 1999, Ericsson supported thefounding of Radicchio, a global partnershipof companies and organizations that arecommitted to the development of securewireless e-commerce and the promotion ofpublic key infrastructure for wireless devicesand networks. This important step is expectedto boost the acceptance of wireless e-commerce services, many of which will bebased on WAP technology.Another fundamental component is themanagement of roaming agreements. Functionalityis being sought that will introduceautomatic procedures for establishing agreements.In all likelihood, the managementwill rely on trusted third parties that usePKIs and certificate polices and practices.For roaming purposes (between AAAs), securecommunication is best handled withIKE/IPsec and PKI. The distribution of keysin mobile IP is best handled with PKI.Although PKI standards based on X.509(PKIX) are mature and several products areavailable, PKIX handles authorization in aninefficient way. Better alternatives (such asauthorization-based certificates like thoseaddressed by AAA) that are better suited tocomplex trust-management scenarios areneeded.WAPWith the advent of wireless networks, severalcompanies have identified the necessityof designing protocols that are suitablefor narrowband communications. The wirelessapplication protocol, for example, wasdesigned for this purpose. WAP securityprotocols are influenced by security technologiesused on the Internet; for example,the TLS protocol was enhanced to supportconnectionless bearers and compact MACsand signatures, resulting in the WTLS protocol.The Internet PKIX standard is alsounder revision by the WAP Forum, and apreliminary proposal of a Wireless PKI(WPKI) has been developed and will soonbe released. Certificate handling in WPKIhas been adapted to wireless conditions. Acompact certificate format is supported anda universal resource locator (URL) pointerto X.509 certificates can be used instead ofstoring and sending the certificate to thewireless terminal. WPKI contains descriptionsof how a PKI is to be handled in theWAP environment. WTLS and WPKI willbe important parts of future secure WAPservices.Internet standardsThe IKE/IPsec combination of communicationprotocols is more secure and generalthan its predecessors, SSL and SSH.Notwithstanding, because IKE/IPsec is acomplex protocol, it has not gained wide acceptance.One problem with IKE/IPsec isthat it does not fully address the new requirementsof the all-IP world, which includereal-time traffic optimizations, proxyservices, narrowband channels, and legacyauthentication. Consequently, a new protocolneeds to be designed that addresses theseissues.Ericsson actively supports the developmentof security solutions that meet requirementsfrom large IP-based core networksand mass services. Most of these technologiesare standardized by the InternetEngineering Task Force (IETF), of whichEricsson is an increasingly active participant.Ericsson also participates in3GPP/3GPP2 standardization.We believe that openness plays a majorpart in gaining wide acceptance for securi-106 Ericsson Review No. 2, 2000

ty solutions. Accordingly, we actively promotethe use of open and publicly scrutinizedprotocols, mechanisms and algorithms.ConclusionToday, malicious users can easily eavesdropIP traffic, redirect traffic, introduce falsepackets, modify packets, mount denial-ofserviceattacks, and introduce harmful softwareinto systems. One way of counteringthese attacks is to maintain strict control ofaccess to the network by means of firewallsand secure login procedures.To complement access control and obtainthe necessary level of security, the traffic itselfmust be protected. Cryptography providesthe basic techniques needed to buildsecure communications solutions. Protectionmechanisms authenticate users, encryptpackets and protect them from beingmodified.The most straightforward mechanism forregulating access consists of building trustrelationships. Cryptography is used tomaintain the confidentiality of messagesand to guarantee their integrity. Confidentialityis provided by encryption and integritycan be provided by authenticationcodes or digital signatures.Although cryptographic algorithmsmake up the basic mechanisms for securecommunication, standardized methods arebeing sought for authenticating users, ex-changing keys, deciding which algorithmand message formats to use, and so on. Thisis where protocols come into play:• Before a communication session canbegin, the communicating parties mustverify each other's identity. An authenticationprotocol does this. Authenticationcan be based on a public or secret key. Ifpublic keys are used, they are often obtainedusing some kind of public key infrastructure—thisis an essential technologythat can meet the scalability requirementsfor managing keys in networks andfor supporting network services such as e-commerce.• The communicating parties negotiate todetermine which cryptographic algorithmsshould be used for exchanging keysand protecting data.• The parties exchange cryptographic sessionkeys—this phase often includes publickey cryptography, which can be usedto authenticate users and machines and forthe secure exchange of session keys.• Symmetric session keys are calculated andused to encrypt all subsequent packets andto append a MAC field to each packet.Ericsson implements IPsec in many products,including Tigris access servers, Telebitrouters, and GPRS nodes. Ericsson's wirelessLAN solution uses IPsec to encrypt airbornetraffic, and TLS has been used in manyWeb-based applications—in particular, aWAP variant (WTLS) will play an importantrole in the future.REFERENCES1 Menezes, A. J., van Oorschot, P. C. and Vanstone,S. A.: Handbook of Applied Cryptography,CRC Press, 1997.2 Dierks, T. and Allen, C: "The TLS Protocol,"IETF RFC 2246, January 1999.3 Ylonen Et. Al., SSH protocols,http://www.ietf.org/html.charters/secshcharter.html.4 Kent, S. and Atkinson, R.: "Security Architecturefor the Internet Protocol," IETF RFC2401, November 1998.5 Harkins, D. and Carrel, D.: "The Internet KeyExchange (IKE)," IETF RFC 2409, November1998.6 ISO/IEC 9594-8 (1988). CCITT InformationTechnology - Open Systems Interconnection- The Directory: Authentication Framework.Standard X.509,1988.7 Curtin, P. and Whyte, B.: Tigris—A gatewaybetween circuit-switched and IP networks.Ericsson Review Vol 76 (1999):2,pp. 70-81.8 Saussy, G.: The AXI 540 router and the publicIP network edge. Ericsson Review Vol 76(1999):4, pp.182-189.9 Granbohm, H. and Wiklund J.: GPRS—Generalpacket radio service. Ericsson ReviewVol. 76 (1999): 2, pp. 82-88.Ericsson Review No. 2, 2000

HIPERLAN type 2 for broadband wirelesscommunicationJamshid Khun-Jush, Goran Malmgren, Peter Schramm and Johan TorsnerThe aim of several standardization efforts, including GPRS, EDGE, andUMTS, is to meet the requirements being put on wireless data communication.These standards are for wide-area wireless data services with fullmobility up to 2 Mbit/s. In addition, standards are being developed inEurope, Japan, and the US for wireless local area network multimediacommunication in the 5 GHz band.HIPERLAN/2, which is being specified by the ETSI BRAN project, willprovide data rates of up to 54 Mbit/s for short-range (up to 150 m) communicationsin indoor and outdoor environments. Almost total harmonizationwas achieved between the standardization bodies in Europe (ETSI)and Japan (ARIB) when the core parts of the specification were finalizedin 1999.In this article, the authors present an overview of the HIPERLAN/2 standardand results of link and system performance.IntroductionThe key drivers of demand for radio-basedbroadband access networks are massivegrowth in wireless and mobile communications,the emetgence of multimedia applications,demands for high-speed Internet access,and the deregulation of the telecommunicationsindustry. Present-day wirelesstelecommunications networks, which areprimarily narrowband, are mostly used forcircuit-switched voice services. The evolutionof second-generation and the developmentof third-generation mobile wirelesssystems aim to enable networks to provideinstantaneous user bit rates of up to 2 Mbit/sper radio channel. This capacity will significantlyimprove packet-data and mobilemultimedia applications. In addition, evenFigure 1Current spectrum allocation of HIPERLAN/2 at 5 GHz. In Europe, a 455 MHz bandwidthhas been allocated (license-exempt band); in Japan, 100 MHz (with sharing rules); and inthe US, 300 MHz (U-NII band).higher data rates can be obtained for localarea networks using novel short-range wirelesstechnologies. Bandwidth-hungry, realtimeand interactive multimedia services,such as high-quality video distribution,client/server applications, and data-bank access,are typical applications for this technology.Therefore, new wireless networkswith broadband capabilities are beingsought to provide high-speed integratedservices (data, voice, and video) with costeffectivesupport for quality of service (QoS).Considerable research and standardizationefforts have been expended to devise appropriatetransmission and networkingtechnologies. The Internet EngineeringTask Force (IETF), the InternationalTelecommunication Union (ITU) and theATM Forum are defining the fixed core network.Similarly, the Broadband Radio AccessNetworks (BRAN) project of the EuropeanTelecommunications Standards Institute(ETSI) is working on standards for differentkinds of wireless broadband accessnetwork. One of these standards, called highperformanceradio local-area network, type 2(HIPERLAN/2) will provide high-speedcommunications access to different broadbandcore networks and moving terminals(portable as well as mobile). 1 ' 9 In Japan, asystem that is very similar to HIPERLAN/2has also been specified. The main differencebetween it and HIPERLAN/2 is that thespectrum-sharing rule of the Japanese systemintroduces a carrier-sensing mechanism.Before beginning standardization workon HIPERLAN/2, ETSI had developed theHIPERLAN/1 standard for ad hoc networkingof portable devices. This standard mainlysupports asynchronous data transfer andapplies a multiple access mechanism—fromthe carrier-sense multiple access (CSMA)family—with collision avoidance (CA).Using the CSMA/CA technique for resolvingcontention, the scheme shares availableradio capacity between active users who attemptto transmit data during an overlappingtime span. Although HIPERLAN/1provides a means of transporting timeboundedservices, it does not control orguarantee QoS on the wireless link. It is thusconsidered a system for best-effort deliveryof data. This is what motivated ETSI to developa new generation of standards thatsupport asynchronous data and timecriticalservices (for example, packetizedvoice and video) that are bounded by specifictime delays.108 Ericsson Review No. 2, 2000

MobilityVehicleWalkFixedData rate[Mbit/s]Figure 2Mobility and data rates for communicationsstandards.While ETSI was working on the HIPER-LAN/2 standard, the Institute of Electricaland Electronic Engineers (IEEE) beganspecifying a physical layer for the Unli­BOX A, ABBREVIATIONScensed National Information Infrastructure(U-NII) band, to extend its IEEE 802.11standard for high-speed applications. TheIEEE 802.11a reuses the medium accesscontrol (MAC) protocol already specified forthe Industrial Scientific Medical (ISM) band(2.4GHz).In contrast to HIPERLAN/2, thescope of the IEEE 802.11—as a mandatoryoperation mode—mainly applies to asynchronousdata applications.In Japan, the Multimedia Mobile AccessCommunications (MMAC) promotion associationwithin the Association of Radio Industriesand Broadcasting (ARIB) hadbegun developing various high-speed radioaccesssystems for business and home applicationsat 5 GHz. One such system, for businessapplications in corporate and publicnetworks, has been aligned with HIPER­LAN/2.The HIPERLAN/2 standard is a complementto present-day wireless access systems,giving high data rates (capacity andthroughput) to end-users in hot-spot areas.Compared to other cellular systems, the outdoormobility of HIPERLAN/2 is limited.Typical application environments are offices,homes, exhibition halls, airports, trainstations, and so on (Figure 2). In these environments,HIPERLAN/2 offers wireless16QAM64QAMACHAPARIBARQATMBCHBPSKBRANCAC/lCLCMCSMADFSDLCDMECEDGEEIRPETSIFCHFECGPRSH2GFHIPERLAN/216-ary quadrature amplitudemodulation64-ary quadrature amplitudemodulationAccess feedback channelAccess pointAssociation of Radio Industriesand BroadcastingAutomatic repeat requestAsynchronous transfer modeBroadcast channelBinary phase-shift keyingBroadband Radio AccessNetworksCollision avoidanceCarrier-to-interferenceConvergence layerCentralized modeCarrier-sense multiple accessDynamic frequency selectionData link controlDirect modeError controlEnhanced data rates for globalevolutionEffective isotropic radiatedpowerEuropean TelecommunicationsStandards InstituteFrame channelForward error controlGeneral packet radio serviceHIPERLAN/2 Global ForumHigh-performance radiolocal-area network, type 2IEEEIETFIFFTIPISMITULCHMACMMACMTOFDMPDUPHYPPPQoSQPSKRCHRLCRRCSCHSDUSRSSCSTDDTDMAUMTSU-NIIInstitute of Electrical andElectronic EngineersInternet Engineering Task ForceInverse fast Fourier transformInternet protocolIndustrial Scientific Medical(2.4 GHz frequency band)InternationalTelecommunication UnionLong transport channelMedium access controlMultimedia Mobile AccessCommunicationsMobile terminalOrthogonal frequency-divisionmultiplexingProtocol data unitPhysical (layer)Point-to-point protocolQuality of serviceQuaternary phase-shift keyingRandom access channelRadio link controlRadio resource controlShort transport channelService data unitSelective repeatService-specific convergencesublayerTime-division duplexTime-division multiple accessUniversal mobiletelecommunications systemUnlicensed National InformationInfrastructureEricsson Review No. 2, 2000 109

Figure 3Typical usage of communications standards.access to terminals (laptops, VCRs, and soon). Figure 3 illustrates the end-user's personalarea network (PAN). Via HIPER-LAN/2, users gain access to their network—for instance, to the Internet, an intranet, oranother HIPERLAN/2-capable device. Bycontrast, Bluetooth technology is mainlyused for linking individual communicationdevices within the personal area network.System overviewThe HIPERLAN/2 standard specifies aradio-access network that can be used witha variety of core networks. This is made possiblethanks to• a flexible architecture that defines corenetwork independent physical (PHY) anddata-link-control (DLC) layers; and• a set of convergence layers that facilitateaccess to various core networks (Figure 4).Several convergence layers have been or arecurrently being defined for interworkingwith• Internet protocol (IP) transport networks(Ethernet and the point-to-point protocol,PPP);• asynchronous transfer mode-based (ATM)networks;• third-generation core networks; and• networks that use IEEE 1394 (Firewire)protocols and applications.The data units that are transmitted withinthese core networks can differ in length,type, and content. A specific convergencelayer in HIPERLAN/2 segments data unitsinto fixed-length HIPERLAN/2 DLC userservice data units (U-SDU) that are transmittedto their destination by means of DLCand PHY data-transport services.The HIPERLAN/2 standard supports ter-Figure 4Architecture of the HIPERLAN/2 protocols.110 Ericsson Review No. 2, 2000

minal mobility at velocities of up to 10 m/s.In addition, it provides a means of handlingdifferent interference and propagation environments,with the aim of• maintaining the communications link atlow signal-to-interference ratios;• maintaining quality of service; and• finding a suitable trade-off between communicationsrange and data rate.The air interface of the HIPERLAN/2 standardis based on time-division duplex(TDD) and dynamic time-division multipleaccess (TDMA). HIPERLAN/2 is a flexibleplatform on which a variety of business andhome multimedia applications can be basedto provide bit rates of up to 54 Mbit/s. In atypical business application scenario, a mobileterminal receives services over a fixedcorporate or public network infrastructure.In addition to quality of service, the networkprovides mobile terminals with security andmobility management services when theymove between networks—for example,when terminals move between local area andwide area networks or between corporateand public networks. In a home applicationscenario, low-cost and flexible networkingis supported to interconnect wireless digitalconsumer devices.HIPERLAN/2 relies on cellular networkingtopology combined with ad hoc networkingcapability. It supports two basicmodes of operation: centralized mode (CM)and direct mode (DM).The centralized mode of operation appliesto the cellular networking topology whereeach radio cell is controlled by an accesspoint (AP) that covers a certain geographicalarea. In this mode, mobile terminalscommunicate with one another or with thecore network through the access point. Thecentralized mode of operation is mainly usedin indoor and outdoor business applicationswhere the area to be covered is larger than aradio cell.The direct mode of operation applies tothe ad hoc networking topology of privatehome environments and where the entireserving area is covered by one radio cell. Inthis mode, mobile terminals in a single-cellhome network can exchange data directlywith one another. The access point controlsthe assignment of radio resources to the mobileterminals.Convergence layerThe convergence layer (CL) has two mainfunctions: it adapts service requests fromhigher layers to the service offered by theFigure 5General structure of the convergence layer.DLC, and it converts higher-layer packets offixed or variable length into a fixed-lengthservice data unit (SDU) that is used withinthe DLC.The convergence layer thus maps incomingdata onto different bearers of the DLC.For example, if we assume that Ethernetquality of service is supported via IEEE802.lp, then the priority indicated in theadditional tag field stipulates the type oftraffic to be carried in the packet. 10 The convergencelayer maps different traffic typesinto different classes and consequently ontodifferent radio bearers.There are two types of convergence layer:• a cell-based convergence layer, whichhandles higher layers with fixed-lengthpackets—for instance, ATM-based corenetworks; and• a packet-based convergence layer, whichhandles higher layers with variablelengthpackets—for instance, Ethernet.Separate service-specific convergence sublayers(SSCS) have been defined to make theappropriate service adaptation for Ethernet,IEEE 1394, PPP, and the universal mobiletelecommunications system (UMTS). Figure5 depicts the basic structure of each typeof convergence layer.The padding, segmentation and reassemblefunction of the fixed-length DLC servicedata units is a key feature that makes it pos-Ericsson Review No. 2, 2000 111

Figure 6Mapping of higher layer packets onto the layers of HIPERLAN/2.sible to standardize and implement the DLCand PHY layers independently of the corenetwork. Figure 6 depicts the mapping ofhigher-layer data uni ts down to PHY bursts.For transmission, the data units on the DLClayer are long transport channel (LCH) packetdata units (PDU); for control messages,short transport channel (SCH) PDUs areused.DLC layerThe DLC layer consists of a radio link control(RLC) sublayer, an error control (EC)protocol, and a MAC protocol.RLC sublayerThe RLC handles three main control functions:1. The association control function is usedfor authentication, key management, association,disassociation, and encryptionseed.2.The radio resource control (RRC) functionmanages handover (generic solution),dynamic frequency selection, mobile terminalalive/absent, power saving, andpower control.3. The DLC user-connection control functionsets up and releases user connections,multicast and broadcast.In summary, the RLC is used for exchangingdata in the control plane between an accesspoint and a mobile terminal—for instance,the mobile terminal forms associationswith the access point via RLC signaling.After completing the association procedure,the mobile terminal can request adedicated control channel for setting upradio bearers. Within the HIPERLAN/2specification, radio bearers are referred to asDLC connections. The mobile terminalmight even request multiple DLC connections,each offering unique support for qualityof service (QoS) as determined by the accesspoint.Set-up of the connection does not necessarilyresult in immediate assignment of capacityby the access point. Instead, the mobileterminal receives a unique DLC addressthat corresponds to the DLC connection.ErrorcontrolThe error control modes of operation are definedto support different types of service:1. The acknowledged mode uses retransmissionto improve link quality and guarantee reliabletransmission. The acknowledgedmode is based on selective-repeat (SR) automaticrepeat request (ARQ)." Low latencycan be provided by means of a discardmechanism.2.The repetition mode repeats the databearingDLC PDUs (LCH PDU) to providefairly reliable transmission (Figure4). No feedback channel is available. Thetransmitter can arbitrarily retransmitPDUs. The retransmission of PDUs enhancesreception. However, the receiveronly accepts PDUs whose sequence numbersare within its acceptance window.The repetition mode is typically used fortransmitting broadcast data.3. The unacknowledged mode provides unreliable,low-latency communication withoutretransmissions. Hence, no feedbackchannel is available.4.Unicast data can be sent using either acknowledgedor unacknowledged mode.Broadcast services can be supported by eitherrepetition mode or unacknowledgedmode. Multicast services can be sent inunacknowledged mode or they can bemultiplexed onto existing unicast transmissions.MACThe basic frame structure on the air interfacehas a fixed duration of 2 ms and comprisesfields for broadcast control, frame control,access feedback control, data transmissionin the downlink and uplink, and randomaccess (Figure 7). During direct-linkcommunication, the frame contains an ad-112 Ericsson Review No. 2, 2000

Figure 7Basic frame structure (one-sectorantenna).ditional direct-link field (not shown in Figure7). The duration of broadcast control isfixed, whereas the duration of other fields isdynamically adapted to the traffic situation.The broadcast channel (BCH), which containscontrol information that is sent inevery MAC frame, mainly enables the controlof radio resources. The frame channel(FCH) contains an exact description of theallocation of resources within the currentMAC frame. The access feedback channel(ACH) conveys information on previous attemptsat random access. Downlink or uplinktraffic consists of data to or from mobileterminals. Traffic from multiple connectionsto or from a mobile terminal canbe multiplexed onto one PDU train, whereeach connection contains 54-octet LCHs fordata and 9-octet SCHs for control messages.HIPERLAN/2 supports multibeam antennas(sectors) as a means of improving thelink budget and of reducing interference inthe radio network. The MAC protocol andthe frame structure in HIPERLAN/2 supportmultibeam antennas with up to eightbeams (not shown in Figure 7).When a mobile terminal has data to transmiton a certain DLC connection, it mustfirst request capacity by sending a resourcerequest (RR) to the access point. The resourcerequest contains the number of pendingLCH PDUs in the mobile terminal forthe particular DLC connection. Based on aslotted scheme, the mobile terminal can usecontention slots to send the RR message. Byvarying the number of contention slots (randomaccess channels, RCH), the access pointcan decrease access delay. If a collision occurs,the mobile terminal is informed in theACH of the next MAC frame. The mobileterminal then backs off a random number ofaccess slots.After sending the resource request to theaccess point, the mobile terminal enters acontention-free mode where it is scheduledfor transmission opportunities (uplink anddownlink). The scheduling of resources isperformed in the access point—a centralizedcontroller enables efficient QoS support.From time to time the access point mightpoll the mobile terminal for information onpending PDUs. Similarly, the mobile terminalmight inform the access point of itsstatus by sending a resource request via theRCH.Radio network functions and QoS supportThe HIPERLAN/2 standard defines measurementsand signaling that support anumber of radio-network functions, includingdynamic frequency selection, link adaptation,handover, multibeam antennas, andpower control. The algorithms are vendorspecific.The supported radio-network functionsallow the cellular deployment ofHIPERLAN/2 systems with full coverageand high data rates in a variety of environments.The system automatically allocatesfrequencies to each access point for communication—dynamicfrequency selection(DFS) allows several operators to share availablespectrum and avoids the use of interferedfrequencies. Frequency selection isbased on interference measurements performedby the access point and associatedmobile terminals. 12The quality of the radio link, which is dependenton the radio environment, changesEricsson Review No. 2, 2000 113

TABLE 1PHYSICAL LAYER MODES OF HIPERLAN/2Mode1234567ModulationBPSKBPSKQPSKQPSK16QAM16QAM64QAMFigure 8The preambles of HIPERLAN/2.Code rate1/23/41/23/49/163/43/4Physical layer bit rate6 Mbit/s9 Mbit/s12 MbiVs18 Mbit/s27 MbiVs Mbit/s36 MbiVs Mbit/s54 MbiVs Mbit/sover time and in accordance with traffic insurrounding radio cells. To cope with variations,a link-adaptation scheme is applied:the adaption of the physical layer mode—that is, the code rate and modulationscheme—is based on measurements of linkquality (Table 1). Link adaptation is used inthe uplink and downlink. The access pointmeasures link quality on the uplink and indicates,in the FCH, which PHY mode themobile terminal should use for uplink communication.Similarly, the mobile terminalmeasures quality on the downlink and suggests,in each resource request signaled tothe access point, a PHY mode for downlinkcommunication. The access point selects thefinal PHY mode for both the uplink anddownlink.Transmitter power control is supported inthe mobile terminal (uplink) and accesspoint (downlink). Power control in the mobileterminal is used mainly to simplify thedesign of the access point receiver, by avoidingautomatic gain control. Power controlin the access point has been introduced primarilyfor regulatory purposes, to decreaseinterference to other systems on the sameband.HIPERLAN/2 supports quality of serviceby allowing the access point to set up andmanage different radio bearers during transmission.The access point selects the appropriateerror control mode (acknowledged,unacknowledged and repetition) includingdetailed protocol settings (for example,ARQ window size, number of retransmissions,discarding). Scheduling is performedat the MAC level, where the access point determineshow much data and control signalingwill be sent in the current MACframe. For example, by regularly polling amobile terminal for its traffic status (pendingdata to be transmitted), the access pointprovides the terminal's radio bearer withshort access delay. The polling mechanismprovides rapid access for real-time services.Additional QoS support includes link adaptationand internal functions (admission,congestion, and dropping mechanisms) foravoiding overload situations.Physical layerThe data units to be transmitted via thephysical layer of HIPERLAN/2 are bursts ofvariable length. Each burst consists of a preambleand a data field. The data field is composedof a train of SCH and LCH PDUs thatare to be transmitted or received by a mobileterminal.Orthogonal frequency-division multiplexing13 - " (OFDM) has been selected as themodulation scheme for HIPERLAN/2, dueto good performance on highly dispersivechannels. 15 In terms of sensitivity and performancewhen subjected to co-channel interferenceat a bit rate of 25 Mbit/s, coherentOFDM outperforms single-carrier modulationby 2 to 3 dB. Single-carrier modulationcannot efficiently support high bitrates—this is an important factor, sinceHIPERLAN/2 is required to support muchhigher bit rates. A drawback of OFDM ispower amplifier back-off, which affects coverage.For the spectrum mask that has beenspecified for HIPERLAN/2, the OFDMrelatedpower amplifier back-off is 2 to 3 dBgreater than that of single-carrier modulation.In terms of coverage, however, this"weakness" of OFDM is compensated for bygreater sensitivity. Power consumption inmobile terminals, which is also affected bypower amplifier back-off, should be consideredtogether with• reduced power consumption in theOFDM receiver; and• the ratio of downlink and uplink traffic,which is expected to be highly asymmetrical.Based on these and other arguments, OFDMis favored over single-carrier modulation.A 20 MHz channel raster has been selectedto provide a reasonable number of channelsin a 100 MHz bandwidth, which mightbe the narrowest continuous system bandwidthavailable (for instance, in Japan). Toavoid unwanted mixed frequencies in implementations,the sampling frequency isalso 20 MHz (at the output of a 64-point inversefast Fourier transform, IFFT, in themodulatot). The obtained subcarrier spacingis 312.5 kHz. To facilitate the implementationof filters and to achieve sufficientadjacent channel suppression, 52 subcarriersare used per channel; 48 subcarriers carrydata and 4 are pilots that facilitate coherentdemodulation. The duration of the cyclicprefix is 800 ns, which is sufficient for en-114 Ericsson Review No. 2, 2000

abling good performance on channels witha root-mean-square delay spread of at least250 ns. An optional short-cyclic prefix with400 ns can be used for short-range indoorapplications.A key feature of the physical layer is thatit provides several physical layer modes withdifferent coding rates and modulationschemes, which are selected by link adaptation.The physical layer supports binary andquaternary phase-shift keying (BPSK,QPSK) as well as 16-ary quadrature amplitudemodulation (16QAM) for subcarriermodulation. In addition, 64QAM can beused in an optional mode.Forward error correction (FEC) is performedby aconvolutional code with rate 1/2and constraint length 7. The 9/16 and 3/4code rates are obtained by means of puncturing.The physical layer modes are chosensuch that the number of encoder output bitsmatches an integer of OFDM symbols. Toaccommodate tail bits, appropriate dedicatedpuncturing is applied before the encodedbit sequence is punctured.Seven physical layer modes have beenspecified (Table 1). Six of the physical layermodes are mandatory; 64QAM is optional.Each physical layer burst includes a preamble,of which rhere are three kinds for:• the broadcast control channel;• other downlink channels; and• the uplink and the random-accesschannel.The preamble of optional direct-link burstsis identical to that of the long uplink preamble.The preamble in the broadcast controlchannel enables frame synchronization,automatic gain control, frequency synchronization,and channel estimation. By contrast,the preamble in downlink trafficbursts is solely used for channel estimation.The uplink traffic bursts and the random accessbursts enable channel and frequency estimation.Consequently, there are severalpreambles with different structures andlengths (Figure 8, Box B). Depending onits receiver capabilities, the access point canchoose from two uplink preambles. Eachpreamble is mandatory for the mobile terminal.The performance of initial synchronization—thatis, when terminals synchronizeonto the BCH preamble—is characterizedby detection-failure probability and falsealarmprobability. Simulation results showthat even in a worst-case scenario (lowsignal-to-noise power ratio of 5 dB, a highly-dispersivefading channel with 250 nsEricsson Review No. 2, 2000delay spread, and a frequency offset of 40ppm), the probability of successful synchronizationin HIPERLAN/2 is 96%. 16 Thus,HIPERLAN/2 provides a fast, efficient, androbust means of synchronization.PerformanceLink performanceThe PDU error rate (PER)—which is convenientlygiven as a function of carrier-tointerferencepower ratio (C/I) ininterference-limited systems—gives a suitablemeasute of performance for packet datacommunication. During standardization,channel models for simulating links havebeen developed from measurements in typicalindoor and outdoor environments. 17 ""The power-delay profiles show exponentialdecay. The channel taps are statistically independentwith complex Gaussian distributionand zero mean (except for the Riceanchannel tap). The channel model "A" (usedfor the simulations discussed below) typifieslarge office environments with non-line-ofsightpropagation.Figure 9 shows the LCH PDU error rarefor all physical layer modes. As expected, theC/I required for a certain error rate increaseswith bit rate. Only the 9 Mbit/s mode behavesdifferently.Figure 9LCH PDU error rate versus C/I for channel model "A".BOX B, PREAMBLES OF HIPERLAN/2The A- and B-symbols are composed of 16time-domain samples. The symbols denotedby -A and -B are negative replicas of A and B,respectively.The block of four symbols A, -A, A, -A canbe generated by a 64-point IFFT from a frequency-domainsymbol with 12 subcarriers atthe frequency indices +1-2, +1-6, and so forth.The additional -A symbol is appended by repetitionin the time domain. Similarly, the B-symbolsare generated from a frequency-domainsymbol with the subcarriers used at the indices+/-4, +/-8, and so on.Thanks to the time-domain structures of theA, -A, A, -A and B, B, B, B sequences, it is easyto distinguish broadcast control channels anduplink bursts. The appended -A and -B symbolsimprove timing estimation.The C-part, which is included in every preamble,is composed of two training symbolsthat use 52 subcarriers and a cyclic prefix of1.6 us. The C-part is used for channel estimation,whereas the previous short symbols areused for all other purposes, such as frame synchronization,frequency estimation, and so on.115

Queen City WaterfrontEMERGING PROJECTSScajaquada Creek Clean-UpBecause Scajaquada Creek is located along aheavily developed transportation corridor andhas been highly manipulated, water quality,hydrologic regime, wildlife habitat, and overallstream health have been seriously degraded.Two projects have been completed toimprove the health of the Creek channel:the separation of the Creek from Hoyt Lakein the late 1970s to reduce the amount ofraw sewerage entering the lake, and theremediation of contaminated sedimentslocated beneath the Scajaquada Expresswayin 1999. Today, the Creek remains animpaired water body with much work to bedone. The 2002 Scajaquada CreekManagement Plan developed by a WatershedAdvisory Council provides managementstrategies, goals, and action items to restoreand protect the ecological quality of thewatershed. In addition, some considerationhas been given to extending coastal zonemanagement regulation to ScajaquadaCreek, and this should be pursued.Tonawanda/Ontario Business DistrictThe business district surrounding the intersectionof Tonawanda and Ontario Streets hasbeen designated by BERC as a city "LiveZone." Redevelopment of commercial uses inthis near-waterfront location can help achievethe goals of economic development andimproved neighborhood/waterfront connections.A program is in place and action ispending. The potential for the neighborhoodis worthy of further effort.H.H. Richardson RestorationLocated between the Scajaquada ExpresswayGrant Street and Elmwood Avenue exits, theBuffalo State College and H.H. RichardsondesignedBuffalo State Hospital complexconstitute an important regional heritageand educational resource area. This area hasa number of pending projects that can helpcontribute to meeting economic development,neighborhood improvement, andpublic access goals.Governor Pataki allocated $100 million in his2003-2004 budget to rehabilitate the historictwin-tower Buffalo State Hospital complexand support efforts to find new uses suchas a combined Frederick Law Olmsted SchoolComplex, a new Burchfield-Penny Art Center,and a Buffalo architectural museum. Inaddition, the State Dormitory Authority hasannounced a $4 million down payment oncourt-ordered preservation of the facility.Renovations to McKinley Vocational HighSchool and Campus West are included inthe Joint Schools Construction program.The economic revitalization of the site isconnected to the success of the OlmstedCrescent, a coordinated marketing effortfor geographically concentrated art, cultural,and heritage resources generally locatedalong the Scajaquada Creek and Expressway.Niagara StreetSeveral different plans have offered thesuggestion that the section of Niagara Streetbetween Tonawanda and Austin has significantpotential for redevelopment. It is currentlya mix of industrial, commercial, retail, andresidential uses with some vacancies. Someof the businesses are marine-related (andtherefore water-dependent) and the segmentis a portion of the City’s Seaway Trail route.BERC has designated the strip as a “LiveZone” and action is pending. The potential isworthy of further effort.60 Achieving the Vision: Projects in the Buffalo Waterfront Corridor

Figure 12Floor of simulated office building, andposition of access points (*).signal for various back-off values. By backoffwe mean the input back-off relative tothe 1 dB compression point. For reference,the HIPERLAN/2 spectrum mask is also depicted.As can be seen, the spectrum requirementscan be achieved by backing off4.0 dB.The requirement for adjacent channelsuppression can be fulfilled with current requirementsfrom the spectrum mask. Thatis, a back-off of 4 or 5 dB for typical poweramplifier models is sufficient. Thus, this requirementis only about 2 or 3 dB greaterthan for typical single-carrier modulationschemes.System performanceThe performance of representative HIPER­LAN/2 systems was evaluated for two indoorenvironments: an office building andan exhibition hall. The office scenario includeda building with five floors and severalmobile terminals. Eight access pointsper floor, located at the same position oneach floor, provided coverage (Figure 12).The average path loss (that is, without fastfading) between a mobile terminal and anaccess point was calculated using the extendedKeenan-Motley model, which includesattenuation by distance, walls, andfloors in the direct propagation path. 20The exhibition hall scenario consisted ofa large building with one floor and no interiorwalls. The hall was covered with 16 accesspoints placed in a rectangular grid witha site-to-site distance of 60 m. We assumeda requirement for very high capacity in thisenvironment, which motivated the largenumber of access points. We used a line-ofsightpropagation model. Furthermore, weadded log-normal fading with a standard deviationof 2 dB (in both scenarios) to modelshadowing-—for instance, due to peoplemoving about in the buildings.The mobile terminals were randomlyplaced in the buildings according to uniformdistribution. The simulation techniquewas static: each iteration correspondedto a traffic situation that was unrelatedto the previous one; that is "snapshots" weretaken of the situation in the building. Ineach snapshot, one mobile terminal was activefor each access point. Interference on alink arose from access points and mobile terminals,due to the unsynchtonized TDDMAC frame. External interference was modeledby assuming that a second operator uses11 of the 19 available carriers.Before running the simulations, we obtaineda frequency plan and a downlinkpower setting. The frequency plan was obtainedby a distributed DFS algorithm' 2 , andthe access point power settings were set individually,so that the received signal powetof each mobile terminal exceeded the targetvalue.Fast uplink power control was used—thisaims at constant received power in the ac-Ericsson Review No. 2, 2000 117

TABLE 2. IMPORTANT PARAMETERS FOR NETWORK SIMULATIONSSimulation parameterNumber of frequenciesDownlink trafficAdjacent channel suppressionHandover hysteresisMax. AP/MT power (EIRP)Noise powerAntennas (omni)Uplink power control targetDownlink power control targetWall attenuation (office building)Floor attenuation (office building)Standard deviation of log-normal fadingValue8 and 1975%25 dB5dB23dBm-90 dBmOdBi- 55 dBm- 55 dBm3dB20 dB2dBTABLE 3. SYSTEM THROUGHPUT FOR19 AND 8 FREQUENCY REUSEExhibition hallPHY modes1-61-7OfficePHY modes1-61-7Reuse 1936 MbiVs54 Mbit/sReuse 1936 Mbit/s52 Mbit/sReuse 825 Mbit/s27 Mbit/sReuse 835 Mbit/s49 Mbit/scess point.' The link adaptation was modeledby updating the PHY mode every tenthMAC frame. The position of the receiver wasfixed during the update interval, and interfereswere placed randomly for each MACframe. In each update interval, the throughputfor all PHY modes was estimated (asshown in Figure 10), and the mode thatachieved the highest throughput was usedduring the next update interval. The mostimportant simulation parameters have beensummarized in Table 2.Figure 13 shows the downlink and uplinkC/I distribution for the office buildingwith 19 and 8 frequency reuse, whichcorrespond to• a single-operator; and• a two-operator scenario.Figure 14 shows the C/I distribution in theexhibition hall. These distributions formedthe basis of estimating system throughput.It is worth noting that C/I varies greatly betweenthe exhibition hall and the office environment.We estimated the throughput distributionwithin the network by mapping theFigure 13Downlink (DL) and uplink (UL) C/I distributionin the office building.118 Ericsson Review No. 2, 2000

link throughput in Figure 10 onto the C/Idistributions. We then calculated systemthroughput as the mean throughput for allusers. This corresponds to a schedulingstrategy where each user is allocated thesame amount of radio resources in terms oftransmitted OFDM symbols per time unit.System throughput is summarized inTable 3.ConclusionThe HIPERLAN/2 standard specifies ashort-range (150 m), high-speed (up to 54Mbit/s) radio-access system that can be usedglobally in the 5 GHz band. This attractivestandard enables low-cost devices in a systemthat yields high throughput with QoSsupport.Studies show that very high performancecan be achieved in most environments. Tooperate in environments with varying propagationconditions and severe interference,the standard featutes centralized control(QoS support), selective repeat ARQ, linkadaptation, and dynamic frequency selection.It also supports interworking with differentbroadband core networks.HIPERLAN/2 is being promoted by theHIPERLAN/2 Global Forum, H2GF(http://www.hiperlan2.com).Figure 14Downlink (DL) and uplink (UL) C/I distribution in the exhibition hall.REFERENCESTS 101 475, Broadband Radio Access Networks(BRAN); HIPERLAN Type 2; Physical(PHY) LayerTS 101 515-1, Broadband Radio Access Networks(BRAN); HIPERLAN Type 2; Data LinkControl (DLC) Layer; Part 1: Basic TransportFunctionsTS 101 515-2, Broadband Radio Access Networks(BRAN); HIPERLAN Type 2; Data LinkControl (DLC) Layer; Part 2; Radio Link Control(RLC) SublayerTS 101 515-4, Broadband Radio Access Networks(BRAN); HIPERLAN Type 2; Data LinkControl (DLC) Layer; Part 4: Extension forHome EnvironmentTS 101 516, Broadband Radio Access Networks(BRAN); HIPERLAN Type 2; NetworkManagementTS 101 517-1, Broadband Radio Access Networks(BRAN); HIPERLAN Type2; Cell basedConvergence Layer; Part 1: Common PartTS 101 517-2, Broadband Radio Access Networks(BRAN); HIPERLANType2; Cell basedConvergence Layer; Part 2: UNI Service SpecificConvergence Sublayer (SSCS)TS 101 493-1, Broadband Radio Access Networks(BRAN); HIPERLANType2; Packet basedConvergence Layer; Part 1: Common Part9 TS101 493-2, Broadband Radio Access Networks(BRAN); HIPERLAN Type 2; Packetbased Convergence Layer; Part 2: EthernetService Specific Convergence Sublayer(SSCS)10 ISO/IEC 15802-3 (1998) [ANSI/IEEE Std802.1 D, 1998 Edition]: "Information technology- Telecommunications and informationexchange between systems - Local and metropolitanarea networks - Common Specifications- Media access control (MAC)bridges"11 H. Li, J. Lindskog, G. Malmgren, G. Myklos,F. Nilsson, G. Rydnell, "Automatic RepeatRequest (ARQ) Mechanism in HIPERLAN/2,"VTC 200012 J. Huschke, G. Zimmermann, "Impact ofDecentralized Adaptive Frequency Allocationon the System Performance of Hiper-LAN/2," VTC 2000 Spring13 B. Saltzberg. Performance of an Efficient ParallelData Transmission System. IEEE Trans,on Communication Technology, vol. COM-15, pp. 805-811,1967.14 S. Weinstein, P. Ebert. Data Transmission byFrequency-Division Multiplexing Using theDiscrete Fourier Transform. IEEE Trans.Communications, vol. 19, pp. 620-634,1971.15 U. Dertmar, J. Khun-Jush, P. Schramm, J.Thielecke, U. Wachsmann. Modulation forHIPERLAN/2. Proc. of VTC '99 Spring (Houston),pp. 1094-1100.16 J. Khun-Jush, P. Schramm, U. Wachsmann,F. Wenger. Structure and Performance of theHIPERLAN/2 Physical Layer. VTC '99 Fall(Amsterdam), pp. 2667-2671.17 BRAN WG3 PHY Subgroup. Criteria for Comparison.ETSI/BRAN document no. 30701F,1998.18 J. Medbo, H. Hallenberg, J.-E. Berg. PropagationCharacteristics at 5 GHz in TypicalRadio-LAN Scenarios. Proc. of VTC '99Spring (Houston), pp. 185-189.19 J. Medbo, P. Schramm. Channel Models forHIPERLAN 2. ETSI/BRAN document no.3ERI085B, 1998.20 C. Tomevik et al, "Propagation Models, CellPlanning and Channel Allocation for IndoorApplications of Cellular systems," Proc. ofVTC '93 (New Jersey).21 J. Torsner, G. Malmgren. Radio NetworkSolutions for HIPERLAN/2. Proc. of VTC '99Spring (Houston), pp. 1217-1221.Ericsson Review No. 2, 2000 119

Previous issuesNo. 1,2000IPv6—The new generation InternetWAP—The catalyst of the mobile InternetThe challenges of voice over IP over wirelessOpenness in AXEManagement solutions for IP networksNo. 4,1999Network evolution the Ericsson wayThe AXI 540 router and the public IP network edgeReal-time routers for wireless networksEricsson's Bluetooth modulesMobile Internet—An industry-wide paradigm shift?Ericsson's mobile location solutionNo. 3,1999Third-generation radio access standardsToward third-generation mobile multimedia communicationAdaptive base-station antenna arraysEnhancing cellular network capacity with adaptive antennasMessaging-over-IP—A network for messaging and information servicesAPZ 212 30—Ericsson's new high-capacity AXE central processorTelORB—The distributed communications operating systemNo. 2,1999Cello—An ATM transport and control platformWCDMA evaluation system—Evaluating the radio access technology of thirdgenerationsystemsTigris—A gateway between circuit-switched and IP networksGPRS—General packet radio servicesJambala Mobility Gateway—Convergence and inter-system roamingProfessional Services—Meeting the changing needs of network operators120

Teiefonaktiebolaget L M EricssonSE-126 25 Stockholm, SwedenPhone: +46 8 7190000 ISSN 0014-0171Fax: +46 8 6812710 Ljungforetagen, Orebro 2000