The following 14 MTC Features have been identified during the 3GPP Release-10 timelines:
Packet Switched (PS) Only
Small Data Transmissions
Mobile Originated Only
Infrequent Mobile Terminated
Priority Alarm Message (PAM)
Location Specific Trigger
Network Provided Destination for Uplink Data
Group Based MTC Features
In Rel 10, 3GPP will focus on the general functionality required to support these features:
Overload control (Radio Network Congestion use case, Signalling Network Congestion use case and Core Network Congestion use case)
The following specifications are associated with the MTC work
Spec - Specifications associated with or affected by MTC work 22.011 - Service accessibility 22.368 - Service requirements for Machine-Type Communications (MTC); Stage 1 23.008 - Organization of subscriber data 23.012 - Location management procedures 23.060 - General Packet Radio Service (GPRS); Service description; Stage 2 23.122 - Non-Access-Stratum (NAS) functions related to Mobile Station (MS) in idle mode 23.203 - Policy and charging control architecture 23.401 - General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access 23.402 - Architecture enhancements for non-3GPP accesses 23.888 - System improvements for Machine-Type Communications (MTC) 24.008 - Mobile radio interface Layer 3 specification; Core network protocols; Stage 3 24.301 - Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 24.368 - Non-Access Stratum (NAS) configuration Management Object (MO) 25.331 - Radio Resource Control (RRC); Protocol specification 29.002 - Mobile Application Part (MAP) specification 29.018 - General Packet Radio Service (GPRS); Serving GPRS Support Node (SGSN) - Visitors Location Register (VLR); Gs interface layer 3 specification 29.060 - General Packet Radio Service (GPRS); GPRS Tunnelling Protocol (GTP) across the Gn and Gp interface 29.118 - Mobility Management Entity (MME) - Visitor Location Register (VLR) SGs interface specification 29.274 - 3GPP Evolved Packet System (EPS); Evolved General Packet Radio Service (GPRS) Tunnelling Protocol for Control plane (GTPv2-C); Stage 3 29.275 - Proxy Mobile IPv6 (PMIPv6) based Mobility and Tunnelling protocols; Stage 3 29.282 - Mobile IPv6 vendor specific option format and usage within 3GPP 31.102 - Characteristics of the Universal Subscriber Identity Module (USIM) application 33.868 - Security aspects of Machine-Type Communications 36.331 - Evolved Universal Terrestrial Radio Access (E-UTRA); Radio Resource Control (RRC); Protocol specification 37.868 - RAN Improvements for Machine-type Communications 43.868 - GERAN Improvements for Machine-type Communications 44.018 - Mobile radio interface layer 3 specification; Radio Resource Control (RRC) protocol 44.060 - General Packet Radio Service (GPRS); Mobile Station (MS) - Base Station System (BSS) interface; Radio Link Control / Medium Access Control (RLC/MAC) protocol 45.002 - Multiplexing and multiple access on the radio path
Here are couple of presentations I have extracted the above information from:
The ETSI Technical Committee (TC) on Reconfigurable Radio Systems (RRS) has the responsibility for standardization activities related to Reconfigurable Radio Systems encompassing system solutions related to Software Defined Radio (SDR) and Cognitive Radio (CR), to collect and define the related Reconfigurable Radio Systems requirements from relevant stakeholders and to identify gaps, where existing ETSI standards do not fulfil the requirements, and suggest further standardization activities to fill those gaps.
dynamic spectrum access radio systems and networks with the focus on improved use of spectrum,
new techniques and methods of dynamic spectrum access including the management of radio transmission interference, and
coordination of wireless technologies including network management and information sharing amongst networks deploying different wireless technologies.
In December 2010 the IEEE SCC41 was re-organized as IEEE DySPAN-SC and its sponsor was changed from the IEEE Standards Coordinating Committee (SCC) to the IEEE Communications Society Standards Development Board (CSDB).
Included in the IEEE DySPAN SC are following working groups:
1900.1 Working Group on Definitions and Concepts for Dynamic Spectrum Access: Terminology Relating to Emerging Wireless Networks, System Functionality, and Spectrum Management
1900.2 Working Group on Recommended Practice for Interference and Coexistence Analysis of In-Band and Adjacent Band Interference and Coexistence Between Radio Systems
1900.4 Working Group on Architectural Building Blocks Enabling Network-Device Distributed Decision Making for Optimized Radio Resource Usage in Heterogeneous Wireless Access Networks
1900.5 Working Group on Policy Language and Policy Architectures for Managing Cognitive Radio for Dynamic Spectrum Access Applications
1900.6 Working Group on Spectrum Sensing Interfaces and Data Structures for Dynamic Spectrum Access and other Advanced Radio Communication Systems
P1900.7 White Space Radio Working Group: Radio Interface for White Space Dynamic Spectrum Access Radio Systems Supporting Fixed and Mobile Operation
Ad hoc group on Dynamic Spectrum Access in Vehicular Environments (DSA-VE)
DySPAN SC is currently one of the most active standardization bodies for dynamic spectrum access radio systems and networks.
CEPT/ECC WG Spectrum Engineering (SE), project team SE43
The ECC WGSE (Spectrum Engineering) has set up a special project dealing with cognitive radio matters. The SE43 was set up in May 2009 and finished its work in January 2011 by completing the ECC Report “Technical and Operational Requirements for the Possible Operation of Cognitive Radio Systems in the ‘White Spaces’ of the Frequency Band 470-790 MHz”. The WG SE adopted the ECC Report 159 on white space devices for publication, in January 2011. This report can be downloaded from the CEPT/ECC website.
The main focus of the report is, as the title suggest, on coexistence with incumbent or primary systems. It contains definitions of “White Space”, cognitive radio and introduces the term “White Space Device” – WSD. The latter being the term used for the cognitive radio unit. The definition of “White Space” is taken from CEPT Report 24 “Technical considerations regarding harmonisation options for the Digital Dividend “ The report defines different scenarios for CR operation in terms of WSD types (personal/portable, home/office and public access points) and also discusses the three well known types of cognitive techniques: spectrum sensing, geo-location and beacons.
The report is focussed on protection of four possible incumbent systems: broadcast systems (BS), Program making and special events (PMSE), radio astronomy (RAS) and aeronautical radio navigation systems (ARNS). Comprehensive data on possible sensing and separation distances are given, and ends in operational and technical characteristics for white spaces devices to operate in the band. An estimate of available white space is also included.
Weightless operates in an 8MHz-wide channel, to fit into the slots used for broadcast TV (and will thus have to squeeze into 6MHz if used across the pond where TV is smaller). Weightless is a Time Division Duplex (TDD) protocol, so access point and clients take turns to transmit.
When the hub device checks with the national database, it supplies a location and receives a list of 8MHz slots which aren't being used to transmit TV in that location. Weightless will hop between available slots every second or so, skipping any which turn out to be too cluttered (though periodically checking back in case they've cleared).
Showing its M2M roots, a Weightless access point only pages connected devices every 15 minutes, so those devices only need power up the radio four times an hour. Neul reckons that running the radio for two seconds at such intervals results in power consumption roughly equal to the decay rate of an idle battery, so being connected (and idle) has no perceivable impact on battery life.
That means a single Weightless hub can run connections to hundreds devices, across a network spanning 10km or so. Those devices could easily have a battery life measured in years, and be capable of responding with megabytes of data within 15 minutes.
A device which wants to connect to the network won't want to wait that long, and neither will one with something to report. In such circumstances the client can pick up a transmitted frame, which comes every second or two, and register an interest in sending some data upstream.
The security side of Weightless has yet to be worked out, with mutual authentication being considered more important than encrypting the content. Having someone listening in to a meter reading isn't that important, having someone faking a reading is, and content can always be encrypted at a higher level (Weightless will happily carry IPv4 and IPv6 packets).
Once on the network, a device has to wait for the hub to say when it can talk, though it has the chance to request communication slots. The speed of transmission is dependent on the quality of the signal. Each frame is addressed in a basically encoded header; all other devices can switch off their radios once they know the frame isn't addressed to them, and if the receiving device is nearby (as established by the signal strength) then the rest of the frame can be tightly encoded in the knowledge that little will be lost en route.
That means a Weightless hub can speak to hundreds of devices on the same network, with the speed of connection varying between devices. A receiver near the hub might therefore get 10Mb/sec or better, but one operating on the same network, from the same hub, could be running at a few hundred Kb in the same timeframe.
BBC reported that there is some dispute between Apple and Nokia/Rim for the next generation of SIM cards, 'nano-SIM'. You can read more about that here.
While looking for how the nano-SIM is different from other SIM cards I came across an interesting presentation from G&D. The above picture summarises the different types of SIM cards in use. The following is an extract from their whitepaper:
When the GSM network first appeared, mobile devices resembled bricks or even briefcases, and SIM cards were the size of credit cards. The subsequent miniaturization of the phones led to the standardization of smaller SIMs, the Plug-in SIM, and later the Mini-UICC also known as 3rd form factor (3FF). With the introduction of Apple’s iPad, the 3FF, or the Micro-SIM as it was then called, established itself widely in the market. Nevertheless, the trend towards miniaturization of the SIM card is still not over. The latest form factor which is currently in discussion at ETSI (European Telecommunications Standards Institute) is the 4th form factor (4FF) or Nano-SIM. Measuring 12.3 x 8.8 mm, the Nano-SIM is about 30 percent smaller than the Micro-SIM. Even the thickness (0.7 mm) of the card has been reduced by about 15 percent – a tremendous technical challenge. The Nano-SIM offers device manufacturers the crucial advantage of freeing up extra space for other mobile phone Nano-SIM The smallest SIM form factor on the market components such as additional memory or larger batteries. Popular smart phones in particular have to strike a balance between the need for components that are more powerful but bulkier and a slim design. The reduced volume of the 4FF gives manufacturers the opportunity to produce devices that are thinner and more appealing.
In case you were wandering the differences that are causing the disagreements, here are the differences between the formats:
This is a summary of a paper from IEEE Communications Magazine, Dec 2009 issue titled "Technologies and Standards for TD-SCDMA Evolutions to IMT-Advanced" by Mugen Peng and Wenbo Wang of Beijing University of Posts and Telecommunications with my own comments and understanding.
As I have blogged about in the past that China Mobile has launched TD-SCDMA network in China and the main focus to to iron out the basic problems before moving onto the evolved TD-SCDMA network. Couple of device manufacturers have already started working on the TD-HSPA devices. Couple of months back, 3G Americas published a whitepaper giving overview and emphasising the advantages of TDD flavour of LTE as compared to FDD. The next milestone is the IMT-Advanced that is under discussion at the moment and China has already proposed TD-LTE-Advanced which would be compatible with the TD-SCDMA technology.
For anyone who does not know the difference between TDD, FDD and TD-SCDMA please see this blog.
The TD-SCDMA technology has been standardised quite a while back but the rollout has been slow. The commercial TD-SCDMA network was rolled out in 2009 and more and more device manufacturers are getting interested in the technology. This could be due to the fact that China Mobile has a customer base of over 500 million subscribers. As of July 2009 over 100 device manufacturers were working on TD-SCDMA technology.
The big problem with TD-SCDMA (as in the case of R99 3G) is that the practical data rate is 350kbps max. This can definitely not provide a broadband experience. To increase the data rates there are two different approaches. First is the Short Term Evolution (STE) and the other is Long Term Evolution (LTE).
The first phase of evolution as can be seen in the picture above is the TD-STE. This consists of single carrier and multi-carrier TD-HSDPA/TD-HSUPA (TD-HSPA), TD-MBMS and TD-HSPA+.
The LTE part is known as TD-LTE. There is a definite evolution path specified from TD-SCDMA to TD-LTE and hence TD-LTE is widely supported by the TD-SCDMA technology device manufacturers and operators. The target of TD-LTE is to enhance the capabilities of coverage, service provision, and mobility support of TD-SCDMA. To save investment and make full use of the network infrastructure available, the design of TD-LTE takes into account the features of TD-SCDMA, and keeps TD-LTE backward compatible with TD-SCDMA and TD-STE systems to ensure smooth migration.
The final phase of evolution is the 4G technology or IMT-Advanced and the TD-SCDMA candidate for TD-LTE+ is TD-LTE-Advanced. Some mature techniques related to the TD-SCDMA characteristics, such as beamforming (BF), dynamic channel allocation, and uplink synchronization, will be creatively incorporated in the TD-LTE+ system.
Some academic proposals were also made like the one available here on the future evolution of TD-SCDMA but they lacked the industry requirements and are just useful for theoretical research.
The standards of TD-SCDMA and its evolution systems are supervised by 3GPP in Europe and by CCSA (Chinese Cellular Standards Association) in China. In March 2001 3GPP fulfilled TD-SCDMA low chip rate (LCR) standardization in Release 4 (R4). The improved R4 and Release 5 (R5) specifications have added some promising functions including HSDPA, synchronization procedures, terminal location (angle of arrival [AOA]-aided location), and so on.
When the industry standardizations supervised by CCSA are focusing on the integration of R4 and R5, the N-frequency TD-SCDMA and the extension of HSDPA from single- to multicarrier are presented. Meanwhile, some networking techniques, such as N-frequency, polarized smart antenna, and a new networking configuration with baseband unit plus remote radio unit (BBU+RRU), are present in the commercial application of TD-SCDMA.
For the first evolution phase of TD-SCDMA, three alternative solutions are considered. The first one is compatible with WCDMA STE, which is based on HSDPA/HSUPA technology. The second is to provide MBMS service via the compatible multicast broadcast single-frequency network (MBSFN) technique or the new union time-slot network (UTN) technique. The last is HSPA+ to achieve similar performance as LTE.
On a single carrier, TD-HSDPA can reach a peak rate of 2.8 Mb/s for each carrier when the
ratio of upstream and downstream time slots is 1:5. The theoretical peak transmission rate of a three-carrier HSDPA system with 16-quadrature amplitude modulation (QAM) is up to 8.4 Mb/s.
Single-carrier TD-HSUPA can achieve different throughput rates if the configurations and parameters are varied, including the number of occupied time slots, the modulation, and the transport block size in bytes. Considering the complexity of a terminal with several carriers in TD-HSUPA, multicarrier is configured in the Node B, while only one carrier is employed in the terminal.
In Rel-7 based TD-HSPA+, In order to match the performance of orthogonal frequency-division multiple access (OFDMA)-based TD-LTE systems, some advanced techniques are utilized, such as multiple-input multiple-output (MIMO), polarized BF, higher modulation and coding schemes (64-QAM is available), adaptive fast scheduling, multicarrier techniques, and so on. Theoretically, 64-QAM can improve performance by a factor of 1.5 compared to the current 16-QAM; for single-carrier the peak rate reaches 4.2 Mb/s, and three-carrier up to 12.6 Mb/s.
For the MIMO technique, double transmit antenna array (D-TxAA), based on the pre-coding method at the transmitter, has been employed in frequency-division duplex (FDD)-HSPA+ systems, while selective per antenna rate control (S-PARC), motivated by the Shannon capacity limit for an open loop MIMO link, has been applied in TD-HSPA+ systems.
The TD-SCDMA LTE program was kicked off in November 2004, and the LTE demand report was approved in June 2005. The LTE specified for TD_SCDMA evolution is named TD-LTE.
LTE systems are supposed to work in both FDD and TDD modes. LTE TDD and FDD modes have been greatly harmonized in the sense that both modes share the same underlying framework, including radio access schemes OFDMA in downlink and SC-FDMA in uplink, basic subframe formats, configuration protocols, and so on.
IMT-Advanced can be regarded as a B3G/4G standard, and the current TD-SCDMA standard migrating to IMT-Advanced can be regarded as a thorough revolution. TD-LTE advanced (TD-LTE+) is a good match with the TD-SCDMA revolution to IMT-Advanced.
It is predicted that the future TD-SCDMA revolution technology will support data rates up to approximately 100 Mb/s for high mobility and up to approximately 1 Gb/s for low mobility such as nomadic/local wireless access.
Recently, some advanced techniques have been presented for TD-LTE+ in China, ranging from the system architecture to the radio processing techniques, such as multi-user (MU)-BF, wireless relaying, and carrier aggregation (CA).
For MU-BF see the paper proposed by Huawei, CHina Mobile and CATT here (http://www.3gpp.org/ftp/tsg_ran/WG1_RL1/TSGR1_55b/Docs/R1-090133.zip).
For Wireless Relaying see the ZTE paper here (http://www.3gpp.org/ftp/tsg_ran/WG1_RL1/TSGR1_56b/Docs/R1-091423.zip).
To achieve higher performance and target peak data rates, LTE+ systems should support bandwidth greater than 20 MHz (e.g., up to 100 MHz). Consequently, the requirements for TD-LTE+ include support for larger transmission bandwidths than in TD-LTE. Moreover, there should be backward compatibility so that a TD-LTE user can work in TD-LTE+ networks. CA is a concept that can provide bandwidth scalability while maintaining backward compatibility with TD-LTE through any of the constituent carriers, where multiple component carriers are aggregated to the desired TD-LTE+ system bandwidth. A TD-LTE R8 terminal can receive one of these component carriers, while an TD-LTE+ terminal can simultaneously access multiple component carriers. Compared to other approaches, CA does not require extensive changes to the TD-LTE physical layer structure and simplifies reuse of existing implementations. For more on Carrier Aggregation see CATT, LGE and Motorola paper here (http://www.3gpp.org/ftp/tsg_ran/WG1_RL1/TSGR1_56b/Docs/R1-091655.zip).
Finally, there are some interesting developments happening in the TD-SCDMA market with bigger players getting interested. Once a critical mass is reached in the number of subscribers as well as the manufacturers I wouldnt be surprised if this technology is exported beyond the Chinese borders. With clear and defined evolution path this could be a win-win situation for everyone.
Depending on which camp you belong to, you would have read atleast one press release.
The 3GPP Partners, which unite more than 370 leading mobile technology companies, made a formal submission to the ITU yesterday, proposing that LTE Release 10 & beyond (LTE-Advanced) be evaluated as a candidate for IMT-Advanced. Complete press release here.
The IEEE today announced that it has submitted a candidate radio interface technology for IMT-Advanced standardization in the Radiocommunication Sector of the International Telecommunication Union (ITU-R).
The proposal is based on IEEE standards project 802.16m™, the “Advanced Air Interface” specification under development by the IEEE 802.16™ Working Group on Broadband Wireless Access. The proposal documents that it meets ITU-R’s challenging and stringent requirements in all four IMT-Advanced “environments”: Indoor, Microcellular, Urban, and High Speed. The proposal will be presented at the 3rd Workshop on IMT-Advanced in Dresden on 15 October in conjunction with a meeting of ITU-R Working Party 5D. Complete press release here.
Femtocells have been around since 2007. Before Femtocells, the smallest possible cell was the picocell that was designed to serve a small area, generally a office or a conference room. With Femtocells came the idea of having really small cells that can be used in houses and they were designed to serve just one home. Ofcourse in my past blogs you would have noticed me mentioning about Super Femtos and Femto++ that can cater for more users in a small confined space, typically a small office or a meeting room but as far as the most common definition is concerned they are designed for small confined spaces and are intended to serve less than 10 users simultaneously.
This blog post is based on IEEE paper on "Standardization of Femtocells in 3GPP" that appeared in IEEE Communications Magazine, September 2009 issue. This is not a copy paste article but is based on my understanding of Femtos and the research based on the IEEE paper. This post only focusses on 3GPP based femtocells, i.e., Femtocells that use UMTS HSDPA/HSPA based technology and an introduction to OFDM based LTE femtocells.
The reason attention is being paid to the Femtocells is because as I have blogged in the past, there are some interesting studies that suggest that majority of the calls and data browsing on mobiles originate in the home and the higher the frequency being used, the less its ability to penetrate walls. As a result to take advantage of the latest high speed technologies like HSDPA/HSUPA, it makes sense to have a small cell sitting in the home giving ability to the mobiles to have high speed error free transmission. In addition to this if some of the users that are experiencing poor signal quality are handed over to these femtocells, the overall data rate of the macro cell will increase thereby providing better experience to other users.
Each technology brings its own set of problems and femocells are no exception. There are three important problems that needs to be answered. They are as follows:
• Radio interference mitigation and management: Since femtocells would be deployed in adhoc manner by the users and for the cost to be kept down they should require no additional work from the operators point of view, they can create interference with other femtocells and in the worst possible scenario, with the macro cell. It may not be possible initially to configure everything correctly but once operational, it should be possible to adjust the parameters like power, scrambling codes, UARFCN dynamically to minimise the interference.
• Regulatory aspects: Since the mobiles work in licensed spectrum bands, it is required that they follow the regulatory laws and operate in a partcular area in a band it is licensed. This is not a problem in Europe where the operators are given bands for the whole country but in places like USA and India where there are physical boundaries within the country for the allocation of spectrum for a particular operator. This brings us to the next important point.
• Location detection: This is important from the regulatory aspect to verify that a Femtocell can use a particular band over an area and also useful for emergency case where location information is essential. It is important to make sure that the user does not move the device after initial setup and hence the detection should be made everytime the femto is started and also at regular intervals.
3GPP FEMTOCELLS STANDARDIZATION
Since the femtocells have been available for quite a while now, most of them do not comply to standards and they are proprietary solutions. This means that they are not interoperable and can only work with one particular operator. To combat this and to create economy of scale, it became necessary to standardise femtocells. Standardized interfaces from the core network to femtocell devices can potentially allow system operators to deploy femtocell devices from multiple vendors in a mix-and-match manner. Such interfaces can also allow femtocell devices to connect to gateways made by multiple vendors in the system operator’s core network (e.g., home NodeB gateway [HNB-GW] devices).
In 2008, Femto Forum was formed and it started discussion on the architecture. From 15 different proposals, consensus was reached in May over the Iuh interface as shown below.
There are two main standard development organizations (SDOs) shaping the standard for UMTS-related (UTRAN) femto technology: 3GPP and The Broadband Forum (BBF).
More about 3GPP here. BBF (http://www.broadbandforum.org) was called the DSL Forum until last year. As an SDO to meet the needs of fixed broadband technologies, it has created specifications mainly for DSL-related technologies. It consists of multiple Working Groups. The Broadband Home WG in particular is responsible for the specification of CPE device remote management. The specification is called CPE wide area network (WAN) Management Protocol (CWMP), which is commonly known by its document number, TR-069.
There are several other important organisations for femto technology. The two popular ones are the Femto Forum (www.femtoforum.org) and Next Generation Mobile Network (NGMN).
3GPP has different terminology for Femtocells and components related to that. They are as follows:
Generic term: Femtocell
3GPP Term: home NodeB (HNB)
Definition: The consumer premises equipment (CPE) device that functions as the small-scale nodeB by interfacing to the handset over the standard air interface (Uu) and connecting to the mobile network over the Iuh interface.
Generic term: FAP Gateway (FAP-GW) or Concentrator
3GPP Term: home NodeB gateway (HNB-GW)
Definition: The network element that directly terminates the Iuh interface with the HNB and the existing IuCS and IuPS interface with the CN. It effectively aggregates a large number of HNBs (i.e., Iuh interface) and presents it as a single IuCS/PS interface to the CN.
Generic term: Auto-Configuration Server (ACS)
3GPP Term: home NodeB management system (HMS)
Definition: The network element that terminates TR-069 with the HNB to handle the remote management of a large number of HNBs.
In addition, there is a security gateway (SeGW) that establishes IPsec tunnel to HNB. This ensures that all the Iuh traffic is securely protected from the devices in home to the HNB-GW.
The HNB-GW acts as a concentrator to aggregate a large number of HNBs which are logically represented as a single IuCS/IuPS interface to the CN. In other words, from the CN’s perspective, it appears as if it is connected to a single large radio network controller (RNC). This satisfies a key requirement from 3GPP system operators and many vendors that the femtocell system architecture not require any changes to existing CN systems.
The radio interface between HNB and UE is the standard RRC based air interface but has been modified to incude HNB specific changes like the closed subscriber group (CSG) related information.
Two new protocols were defined to address HNB-specific differences from the existing Iu interface protocol to 3GPP UMTS base stations (chiefly, RANAP at the application layer).
• HNB Application Protocol (HNBAP): An application layer protocol that provides HNB-specific control features unique to HNB/femtocell deployment (e.g., registration of the HNB device with the HNBGW).
• RANAP User Adaptation (RUA): Provides a lightweight adaptation function to allow RANAP messages and signaling information to be transported directly over Stream Control Transport Protocol (SCTP) rather than Iu, which uses a heavier and more complex protocol stack that is less well suited to femtocells operating over untrusted networks from home users (e.g., transported over DSL or cable modem connections).
Figure above is representation of the protocol stack diagram being used in TS 25.467.
Security for femtocell networks consists of two major parts: femtocell (HNB) device authentication, and encryption/ciphering of bearer and control information across the untrusted Internet connection between the HNB and the HNB-GW (e.g., non-secure commercial Internet service). The 3GPP UMTS femtocell architecture provides solutions to both of these problems. 3GPP was not able to complete the standardization of security aspects in UMTS Release 8; however, the basic aspects of the architecture were agreed on, and were partially driven by broad industry support for a consensus security architecture facilitated in discussions within the Femto Forum. All security specifications will be completed in UMTS Release 9 (targeted for Dec. 2009).
Management of femtocells is a very big topic and very important one for the reasons discussed above.
The BBF has created CWMP, also referred to as TR-069. TR-069 defines a generic framework to establish connection between the CPE and the automatic configuration server (ACS) to provide configuration of the CPE. The messages are defined in Simple Object Access Protocol (SOAP) methods based on XML encoding, transported over HTTP/TCP. It is flexible and extensive enough to incorporate various types of CPE devices using various technologies. In fact, although TR-069 was originally created to manage the DSL gateway device, it has been adopted by many other types of devices and technologies.
The fundamental functionalities TR-069 provides are as follows:
• Auto-configuration of the CPE and dynamic service provisioning
• Software/firmware management and upgrade
• Status and performance monitoring
The auto-configuration parameters are defined in a data model. Multiple data model specifications exist in the BBF in order to meet the needs of various CPE device types. In fact, the TR-069 data model is a family of documents that has grown over the years in order to meet the needs of supporting new types of CPE devices that emerge in the market. In this respect, femtocell is no exception. However, the two most common and generic data models are:
• TR-098: “Internet Gateway Device Data Model for TR-069”
• TR-106: “Data Model Template for TR-069-Enabled Devices”
HAND-IN AND FEMTO-TO-FEMTO HANDOVERS
The 3GPP specifications focused on handovers in only one direction initially — from femtocell devices to the macrocellular system (sometimes called handout). A conscious decision was made to exclude handover from the macrocellular system to the femtocell devices (sometimes called macro to femtocell hand-in). This decision was driven by two factors:
• There are a number of technical challenges in supporting hand-in with unmodified mobile devices and core network components.
• The system operator requirements clearly indicate that supporting handout is much more important to end users.
Nonetheless, there is still a strong desire to develop open, interoperable ways to support handin in an efficient and reliable manner, and the second phase of standards in 3GPP is anticipated to support such a capability.
3GPP Release 8 defines the over-the-air radio signaling that is necessary to support LTE femtocells. However, there are a number of RAN transport and core network architecture, interface, and security aspects that will be addressed as part off 3GPP’s Release 9 work efforts. While it is preliminary as of the publication of this article, it seems highly likely that all necessary RAN transport and core network work efforts for LTE femtocells will be completed in 3GPP Release 9 (targeted for completion by the end of 2009).
3GPP STANDARDS ON FEMTOCELLS
 3GPP TS 25.331: RRC
 3GPP TS 25.367: Mobility Procedures for Home NodeB (HNB); Overall Description; Sage 2
 3GPP TS 25.467: UTRAN Architecture for 3G Home NodeB; Stage 2
 3GPP TS 25.469: UTRAN Iuh Interface Home NodeB (HNB) Application Part (HNBAP) Signaling
 3GPP TR 33.820: Security of H(e)NB 3GPP TR 32.821: Telecommunication Management; Study of Self-Organizing Networks (SON) Related OAM Interfaces for Home NodeB
 3GPP TS 32.581: Telecommunications Management; Home Node B (HNB) Operations, Administration, Maintenance and Provisioning (OAM&P); Concepts and Requirements for Type 1 Interface HNB to HNB Management System (HMS)
 3GPP TS 32.582: Telecommunications Management; Home NodeB (HNB) Operations, Administration, Maintenance and Provisioning (OAM&P); Information Model for Type 1 Interface HNB to HNB Management System (HMS)
 3GPP TS 32.583: Telecommunications Management; Home NodeB (HNB) Operations, Administration, Maintenance and Provisioning (OAM&P); Procedure Flows for Type 1 Interface HNB to HNB Management System (HMS)
 3GPP TS 32.584: Telecommunications Management; Home NodeB (HNB) Operations, Administration, Maintenance and Provisioning (OAM&P); XML Definitions for Type 1 Interface HNB to HNB Management System (HMS)
I would strongly recommend reading  and  for anyone who wants to gain better understanding of how Femtocells work.