Within the U.S., different types of digital cellular networks follow distinct, incompatible sets of standards. The following sections discuss digital cellular networks, Mobile IP, and satellite phones.
The two most dominant digital cellular networks are Code Division Multiple Access (CDMA) and Global System for Mobile Communications (GSM) networks. Other common cellular networks include Time Division Multiple Access (TDMA) and Integrated Digital Enhanced Network (iDEN). iDEN networks use a proprietary protocol designed by Motorola, while the others follow standardized open protocols. A digital version of the original analog standard for cellular telephone phone service, called Digital Advanced Mobile Phone Service (D-AMPS), also exists.
CDMA refers to a technology designed by Qualcomm in the U.S., which employs spread spectrum communications for the radio link(4). CDMA spreads the digitized data over the entire bandwidth available rather than sharing a channel as many other network air interfaces do, distinguishing multiple calls through a unique sequence code assigned. Successive versions of the IS-95 standard define CDMA conventions in the U.S., which is why the term CDMA is often used to refer to IS-95 compliant cellular networks. IS-95 CDMA systems are sometimes referred to as cdmaOne. The next evolutionary step for CDMA to 3G services was CDMA2000. CDMA2000 is backward compatible with its previous 2G iteration IS-95 (cdmaOne). The successor to CDMA2000 is Qualcomm’s Long Term Evolution (LTE). LTE adds faster data transfer capabilities for mobile devices and is commonly referred to as 4G LTE. Verizon, US Cellular, and formerly Sprint, now the new T-Mobile, are common CDMA network carriers in the U.S.
GSM is a cellular system used worldwide that was designed in Europe, primarily by Ericsson and Nokia. AT&T and T-Mobile are common GSM network carriers in the U.S. GSM use a TDMA air interface. TDMA refers to a digital link technology whereby multiple phones share a single carrier, radio frequency channel by taking turns – using the channel exclusively for an allocated time slice, then releasing it and waiting briefly while other phones use it. A packet switching enhancement to GSM called General Packet Radio Service (GPRS) was standardized to improve data transmission. The next generation of GSM, commonly referred to as the third generation or 3G is known as Universal Mobile Telecommunications System (UMTS) and involves enhancing GSM networks with a Wideband CDMA (WCDMA) air interface. 4G LTE is also available to GSM mobile devices providing higher data transmission rates to its customers.
TDMA is also used to refer specifically to the standard covered by IS-136. Using the term TDMA to refer to a general technique or a specific cellular network type can be a source of confusion. For example, although GSM uses a TDMA air interface (i.e., the general technique), as does iDEN, neither of those systems is compatible with TDMA cellular networks that follow IS-136. Many mobile forensic tools refer to these devices as iDEN/TDMA phones. Mobile devices operating over the iDEN network often utilize a Push-To-Talk (PTT) function that provides subscribers with the ability to communicate with one another over a cellular network in a “walkie-talkie” fashion.
Integrated Digital Enhanced Network (iDEN), a mobile telecommunications technology developed by Motorola, provided the benefits of a two-way radio system and a cellular telephone. The iDEN project originally began as MIRS (Motorola Integrated Radio System) in early 1991. It was phased out in the summer of 2013 for the US markets, although coverage still exists in Mexico and Canada.
Digital AMPS (D-AMPS), IS-54, and IS-136 are 2G mobile phone systems once prevalent within the United States and Canada in the 1990s. Existing networks were mostly replaced by GSM/GPRS or CDMA2000 technologies.
Mobile devices work with certain subsets of the network types mentioned, typically those associated with a service provider from whom obtained the phone and with whom a service agreement was entered. Mobile devices may also be acquired without service from any manufacturer, vendor, or other sources and subsequently have their service set up separately with a service provider or network operator. Mobile devices permitted to be provisioned to more than one specific carrier are commonly referred to as “unlocked” as they may be used on various carriers by switching UICC’s for GSM mobile devices.
Mobile devices do exist that provide the user with both GSM and CDMA capabilities. Such devices are sometimes referred to as hybrid phones or global phones. These mobile devices contain two types of cellular radios for voice and data, providing the ability to operate over either the GSM or CDMA network.
As the name implies, cellular networks provide coverage based on dividing up a large geographical service area into smaller areas of coverage called cells. Cells play an important role in reusing radio frequencies in the limited radio spectrum available to allow more calls to occur than otherwise would be possible. As a mobile device moves from one cell to another, a cellular arrangement requires active connections to be monitored and effectively passed between cells to maintain the connection. To administer the cellular network system, provide subscribed services, and accurately bill or debit subscriber accounts, data about the service contract and associated service activities is captured and maintained by the network system.
Despite their differences in technology, cellular networks are organized similarly to one another, as illustrated in Figure 4. The main components are the radio transceiver equipment that communicates with mobile devices, the controller that manages the transceiver equipment and performs channel assignment, and the switching system for the cellular network. The technical names for these components are, respectively, Node B, representing a Base Transceiver Station (BTS), the Radio Network Controller (RNC), and the Mobile Switching Center (MSC). The RNCs and the Node B units are sometimes collectively referred to as a Radio Access Network (RAN).
Each MSC controls a set of RNCs and manages overall communications throughout the cellular network, including registration, authentication, location updating, handovers, and call routing. An MSC interfaces with the public switch telephone network (PSTN) via a Gateway MSC (GMSC). To perform its tasks, an MSC uses several databases. A key database is the central repository system for subscriber data and service information, called the Home Location Register (HLR). Another database used in conjunction with the HLR is the Visitor Location Register (VLR), which is used for mobile devices roaming outside their service area. An SGSN (Serving GPRS Support Node) performs a similar role as that of MSC/VLR but instead supports General Packet Radio Service (GPRS) (i.e., packet-switched services) to the Internet. Likewise, GGSN (Gateway GPRS Support Node) functionality is close to a GMSC and packet-switched services.
Account information, such as data about the subscriber (e.g., a billing address), the subscribed services, and the location update last registered with the network, are maintained at the HLR and used by the MSC to route calls and messages and to generate usage records called Call Detail Records (CDR). The subscriber account data, CDRs, and related technical information obtained from the network carrier are often valuable sources of evidence in an investigation.