Advanced Vehicle Theft control

You are not Member of this Project.
Project Owner : VenkataPramod
Created Date : Tue, 10/07/2012 - 17:41
Project Description :







The rapid development of electronics provides secured environment to the human. As a part of this ‘ADVANCED VEHICLE SECURITY SYSTEM WITH THEFT CONTROL AND ACCIDENT NOTIFICATION’ is designed to reduce the risk involved in losing the vehicle and providing accident notification  which will reduce the rate of deaths.

This tracking system is composed of a GPS receiver, Microcontroller and a GSM Modem. GPS Receiver gets the location information from satellites in the form of latitude and longitude

This is an inexpensive device which reduces the problem associated with accident notification and antitheft control.

















Fig 2.1 Block diagram of the project.


In this project the GPS is used to provide the exact position of the vehicle. The information that is collected by the GPS modem is passed to the microcontroller on its request. The information provided by the GPS system contains longitudinal and latitude positions .It also provide the speed and time of the vehicle.

Here we use PIC17f877A microcontroller. It mainly controls the all function of the project. It gets the information fro the GPS modem and passed it to the GSM modem. It controls the ignition sensor and accident sensor.

GSM modem is used to send messages to the predefined numbers stored in the microcontroller. This GSM modem uses AT commands in order to send messages to the predefined number.



Fig.2.2 Schematic Diagram of the project.







3.1. Power supply



Power supply is the major concern  for every electronic device .Since the controller and other devices used are low power devices there is a need to step down the voltage and as well as rectify the output to convert the output to a constant dc.



3.1.1 Transformer


Transformer is a device used to increment or decrement the input voltage given as per the requirement. The transformers are classified into two types depending upon there functionality.

·         Step up transformer

·         Step down transformer


Here we use a step down transformer for stepping down the house hold ac power supply i.e. the 230-240v power supply to 5 v .We use a 5-0-5 v center tapped step down transformer.



 3.1.2 Rectifier


The output of the transformer is an ac and should be rectified to a constant dc for this it is necessary to feed the output of the transformer to a rectifier.


          The rectifier is employed to convert the alternating ac to a constant dc. There are many rectifiers available in the market some of them are:-


  • Half wave rectifier
  • Full wave rectifier
  • Bridge rectifier

The rectification is done by using one or more diodes connected in series or parallel.


         If only one diode is used then only first half cycle is rectified and it is termed as half wave rectification and the rectifier used is termed as Half wave rectifier.  If two diodes are employed in parallel then both positive and negative half cycles are rectified and this is full wave rectification and the rectifier is termed as Full wave rectifier.

         If the diodes are arranged in the form of bridge then it is termed as Bridge rectifier, it acts as a full wave rectifier.


These rectifiers are available in the market in the form of integrated chips (I.Cs)


3.1.3 Voltage regulator


The voltage regulator is used for the voltage regulation purpose. We use IC 7805 voltage regulator.

                The IC number has a specific significance. The number 78 represents the series while 05 represent the output voltage generated by the IC.


3.1.4 Light emitting diode


We employ a light emitting diode for testing the functionality of the power supply circuit. Here we use a 5 volts LED which is connected in series with the power supply circuit it verifies the functioning of the power supply.


          LED’s are also employed in other areas for many purposes. The fallowing are the advantages of using LED’s.


·         It helps us while troubleshooting the device i.e. when the device is malfunctioning it would be easy to detect where the actual problem araised

·         LED employed with microcontroller verifies whether data is being transmitted

·         It verifies the functionality of the power supply.


3.2 Microcontroller PIC16F877A


3.2.1. Introduction

The PIC16F877A CMOS FLASH-based 8-bit microcontroller is upward compatible with the PIC16C5x, PIC12Cxxx and PIC16C7x devices. It features 200 ns instruction execution, 256 bytes of EEPROM data memory, self programming, an ICD, 2 Comparators, 8 channels of 10-bit Analog-to-Digital (A/D) converter, 2 capture/compare/PWM functions, a synchronous serial port that can be configured as either 3-wire SPI or 2-wire I2C bus, a USART, and a Parallel Slave Port.


3.2.3. High-Performance RISC CPU

Ø  Lead-free; RoHS-compliant

Ø  Operating speed: 20 MHz, 200 ns instruction cycle

Ø  Operating voltage: 4.0-5.5V

Ø  Industrial temperature range (-40° to +85°C)

Ø  15 Interrupt Sources

Ø  35 single-word instructions

Ø  All single-cycle instructions except for program branches (two-cycle)

3.2.4 Special Microcontroller Features

Ø  Flash Memory: 14.3 Kbytes (8192 words)

Ø  Data SRAM: 368 bytes

Ø  Data EEPROM: 256 bytes

Ø  Self-reprogrammable under software control

Ø  In-Circuit Serial Programming via two pins (5V)

Ø  Watchdog Timer with on-chip RC oscillator

Ø  Programmable code protection

Ø  Power-saving Sleep mode

Ø  Selectable oscillator options

Ø  In-Circuit Debug via two pins


3.2.5Peripheral Features

Ø  33 I/O pins; 5 I/O ports

Ø  Timer0: 8-bit timer/counter with 8-bit prescaler

Ø  Timer1: 16-bit timer/counter with prescaler

Ø  Can be incremented during Sleep via external crystal/clock

Ø  Timer2: 8-bit timer/counter with 8-bit period register, prescaler and postscaler

Ø  Two Capture, Compare, PWM modules

Ø  16-bit Capture input; max resolution 12.5 ns

Ø  16-bit Compare; max resolution 200 ns

Ø  10-bit PWM

Ø  Synchronous Serial Port with two modes:

Ø  SPI Master

Ø  I2C Master and Slave

Ø  USART/SCI with 9-bit address detection

Ø  Parallel Slave Port (PSP)

Ø  8 bits wide with external RD, WR and CS controls

Ø  Brown-out detection circuitry for Brown-Out Reset

Ø  Analog Features

Ø  10-bit, 8-channel A/D Converter

Ø  Brown-Out Reset


3.2.6 Analog Comparator module

Ø  2 analog comparators

Ø  Programmable on-chip voltage reference module

Ø  Programmable input multiplexing from device inputs and internal VREF

Ø  Comparator outputs are externally accessible



Program memory (FLASH) is used for storing a written program. 
Since memory made in FLASH technology can be programmed and cleared more than once, it makes this microcontroller suitable for device development. 

EEPROM - data memory that needs to be saved when there is no supply.
It is usually used for storing important data that must not be lost if power supply suddenly stops. For instance, one such data is an assigned temperature in temperature regulators. If during a loss of power supply this data was lost, we would have to make the adjustment once again upon return of supply. Thus our device looses on self-reliance. 

RAM - Data memory used by a program during its execution.

In RAM are stored all inter-results or temporary data during run-time.

PORTS are physical connections between the microcontroller and the outside world. PIC16F877A has five I/O Ports and 33 pins in all 5 ports. 

FREE-RUN TIMER is an 8-bit register inside a microcontroller that works independently of the program. On every fourth clock of the oscillator it increments its value until it reaches the maximum (255), and then it starts counting over again from zero. As we know the exact timing between each two increments of the timer contents, timer can be used for measuring time which is very useful with some devices. 

CENTRAL PROCESSING UNIT has a role of connective element between other blocks in the microcontroller. It coordinates the work of other blocks and executes the user program.



                                    Fig.3.1 Architectures of the System.



It has already been said that PIC16F877A has a RISC architecture. This term is often found in computer literature, and it needs to be explained here in more detail. Harvard architecture is a newer concept than von-Neumann's. It rose out of the need to speed up the work of a microcontroller. In Harvard architecture, data bus and address bus are separate. Thus a greater flow of data is possible through the central processing unit, and of course, a greater speed of work. Separating a program from data memory makes it further possible for instructions not to have to be 8-bit words. PIC16F877A uses 14 bits for instructions which allows for all instructions to be one word instructions. It is also typical for Harvard architecture to have fewer instructions than von-Neumann's, and to have instructions usually executed in one cycle. 

Microcontrollers with Harvard architecture are also called "RISC microcontrollers". RISC stands for Reduced Instruction Set Computer. Microcontrollers with von-Neumann's architecture are called 'CISC microcontrollers'. Title CISC stands for Complex Instruction Set Computer.

Since PIC16F877A is a RISC microcontroller, that means that it has a reduced set of instructions, more precisely 35 instructions. (Ex. Intel's and Motorola's microcontrollers have over hundred instructions) All of these instructions are executed in one cycle except for jump and branch instructions. According to what its maker says, PIC16F877A usually reaches results of 2:1 in code compression and 4:1 in speed in relation to other 8-bit microcontrollers in its class.


3.2.7 Applications

PIC16F877A perfectly fits many uses, from automotive industries and controlling home appliances to industrial instruments, remote sensors, electrical door locks and safety devices. It is also ideal for smart cards as well as for battery supplied devices because of its low consumption.

EEPROM memory makes it easier to apply microcontrollers to devices where permanent storage of various parameters is needed (codes for transmitters, motor speed, receiver frequencies, etc.). Low cost, low consumption, easy handling and flexibility make PIC16F877A applicable even in areas where microcontrollers had not previously been considered (example: timer functions, interface replacement in larger systems, coprocessor applications, etc.).

 System Programmability of this chip (along with using only two pins in data transfer) makes possible the flexibility of a product, after assembling and testing have been completed. This capability can be used to create assembly-line production, to store calibration data available only after final testing, or it can be used to improve programs on finished products.


3.2.8 Clock / instruction cycle

Clock is microcontroller's main starter, and is obtained from an external component called an "oscillator". If we want to compare a microcontroller with a time clock, our "clock" would then be a ticking sound we hear from the time clock. In that case, oscillator could be compared to a spring that is wound so time clock can run. Execution of instruction starts by calling an instruction that is next in string. Instruction is called from program memory on every Q1 and is written in instruction register on Q4. Decoding and execution of instruction are done between the next Q1 and Q4 cycles. On the following diagram we can see the relationship between instruction cycle and clock of the oscillator (OSC1) as well as that of internal clocks Q1-Q4. Program counter (PC) holds information about the address of the next instruction.

Fig 3.2 Clock/Instruction Cycle




Instruction cycle consists of cycles Q1, Q2, Q3 and Q4. Cycles of calling and executing instructions are connected in such a way that in order to make a call, one instruction cycle is needed, and one more is needed for decoding and execution. However, due to pipelining, each instruction is effectively executed in one cycle. If instruction causes a change on program counter, and PC doesn't point to the following but to some other address (which can be the case with jumps or with calling subprograms), two cycles are needed for executing an instruction. This is so because instruction must be processed again, but this time from the right address. Cycle of calling begins with Q1 clock, by writing into instruction register (IR). Decoding and executing begins with Q2, Q3 and Q4 clocks.

                                                Fig 3.3 Instruction Pipeline Flow


TCY0 reads in instruction MOVLW 55h (it doesn't matter to us what instruction was executed, because there is no rectangle pictured on the bottom).TCY1 executes instruction MOVLW 55h and reads in MOVWF PORTB.TCY2 executes MOVWF PORTB and reads in CALL SUB_1.TCY3 executes a call of a subprogram CALL SUB_1, and reads in instruction BSF PORTA, BIT3. As this instruction is not the one we need, or is not the first instruction of a subprogram SUB_1 whose execution is next in order, instruction must be read in again. This is a good example of an instruction needing more than one cycle. TCY4 instruction cycle is totally used up for reading in the first instruction from a subprogram at address SUB_1.TCY5 executes the first instruction from a subprogram SUB_1 and reads in the next one.

Pin description

PIC16F877A has a total of 40 pins. It is most frequently found in a DIP40 type of case but can also be found in SMD case which is smaller from a DIP. DIP is an abbreviation for Dual In Package. SMD is an abbreviation for Surface Mount Devices suggesting that holes for pins to go through when mounting aren't necessary in soldering this type of a component.

                                                Fig.3.4 Pin Diagram of PIC16F877A

Pins on PIC16F877A microcontroller have the following meaning:

There are 40 pins on PIC16F877A. Most of them can be used as an IO pin. Others are already for specific functions. These are the pin functions.
1. MCLR – to reset the PIC
2. RA0 – port A pin 0
3. RA1 – port A pin 1
4. RA2 – port A pin 2
5. RA3 – port A pin 3
6. RA4 – port A pin 4
7. RA5 – port A pin 5
8. RE0 – port E pin 0
9. RE1 -  port E pin 1
10. RE2 – port E pin 2
11. VDD – power supply
12. VSS – ground
13. OSC1 – connect to oscillator
14. OSC2 – connect to oscillator
15. RC0 – port C pin 0
16. RC1 – port C pin 0
17. RC2 – port C pin 0
18. RC3 – port C pin 0
19. RD0 - port D pin 0
20. RD1 - port D pin 1
21. RD2 - port D pin 2
22. RD3 - port D pin 3
23. RC4 - port C pin 4
24. RC5 - port C pin 5
25. RC6 - port C pin 6
26. RC7 - port C pin 7
27. RD4 - port D pin 4
28. RD5 - port D pin 5
29. RD6 - port D pin 6
30. RD7 - port D pin 7
31. VSS - ground
32. VDD – power supply
33. RB0 - port B pin 0
34. RB1 - port B pin 1
35. RB2 - port B pin 2
36. RB3 - port B pin 3
37. RB4 - port B pin 4
38. RB5 - port B pin 5
39. RB6 - port B pin 6
40. RB7 - port B pin 7

By utilizing all of this pin so many application can be done such as:
1. LCD – connect to Port B pin.
2. LED – connect to any pin declared as output.
3. Relay and Motor - connect to any pin declared as output.
4. External EEPROM – connect to I2C interface pin – RC3 and RC4 (SCL and SDA)
5. LDR, Potentiometer and sensor – connect to analogue input pin such as RA0.
6. GSM modem dial up modem – connect to RC6 and RC7 – the serial communication interface using RS232 protocol.

For more detail function for each specific pin please refer to the device datasheet from Microchip. 


3.2.8 Clock generator – oscillator

Oscillator circuit is used for providing a microcontroller with a clock. Clock is needed so that microcontroller could execute a program or program instructions.


Types of oscillators

PIC16F877A can work with four different configurations of an oscillator. Since configurations with crystal oscillator and resistor-capacitor (RC) are the ones that are used most frequently, these are the only ones we will mention here. Microcontroller type with a crystal oscillator has in its designation XT, and a microcontroller with resistor-capacitor pair has a designation RC. This is important because you need to mention the type of oscillator when buying a microcontroller. 





XT Oscillator

Crystal oscillator is kept in metal housing with two pins where you have written down the frequency at which crystal oscillates. One ceramic capacitor of 30pF whose other end is connected to the ground needs to be connected with each pin.

Oscillator and capacitors can be packed in joint case with three pins. Such element is called ceramic resonator and is represented in charts like the one below. Center pins of the element is the ground, while end pins are connected with OSC1 and OSC2 pins on the microcontroller. When designing a device, the rule is to place an oscillator nearer a microcontroller, so as to avoid any interference on lines on which microcontroller is receiving a clock.RC Oscillator.

In applications where great time precision is not necessary, RC oscillator offers additional savings during purchase. Resonant frequency of RC oscillator depends on supply voltage rate, resistance R, capacity C and working temperature. It should be mentioned here that resonant frequency is also influenced by normal variations in process parameters, by tolerance of external R and C components, etc.

Above diagram shows how RC oscillator is connected with PIC16F877A. With value of resistor R being below 2.2k, oscillator can become unstable, or it can even stop the oscillation. With very high value of R (ex.1M) oscillator becomes very sensitive to noise and humidity. It is recommended that value of resistor R should be between 3 and 100k. Even though oscillator will work without an external capacitor (C=0pF), capacitor above 20pF should still be used for noise and stability. No matter which oscillator is being used, in order to get a clock that microcontroller works upon, a clock of the oscillator must be divided by 4. Oscillator clock divided by 4 can also be obtained on OSC2/CLKOUT pin, and can be used for testing or synchronizing other logical circuits.


                                                Fig 3.5 Clock and Instruction Cycles

Following a supply, oscillator starts oscillating. Oscillation at first has an unstable period and amplitude, but after some period of time it becomes stabilized.

To prevent such inaccurate clock from influencing microcontroller's performance, we need to keep the microcontroller in reset state during stabilization of oscillator's clock. Diagram above shows a typical shape of a signal which microcontroller gets from the quartz oscillator.



Reset is used for putting the microcontroller into a 'known' condition. That practically means that microcontroller can behave rather inaccurately under certain undesirable conditions. In order to continue its proper functioning it has to be reset, meaning all registers would be placed in a starting position. Reset is not only used when microcontroller doesn't behave the way we want it to, but can also be used when trying out a device as an interrupt in program execution, or to get a microcontroller ready when loading a program.

In order to prevent from bringing a logical zero to MCLR pin accidentally (line above it means that reset is activated by a logical zero), MCLR has to be connected via resistor to the positive supply pole. Resistor should be between 5 and 10K. This kind of resistor, whose function is to keep a certain line on a logical one as a preventive, is called a pull up.

Microcontroller PIC16F877A knows several sources of resets:

a) Reset during power on, POR (Power-On Reset)
b) Reset during regular work by bringing logical zero to MCLR microcontroller's pin.
c) Reset during SLEEP regime
d) Reset at watchdog timer (WDT) overflow
e) Reset during at WDT overflow during SLEEP work regime.

The most important reset sources are a) and b). The first one occurs each time a power supply is brought to the microcontroller and serves to bring all registers to a starting position initial state. The second one is a product of purposeful bringing in of a logical zero to MCLR pin during normal operation of the microcontroller. This second one is often used in program development. 

During a reset, RAM memory locations are not being reset. They are unknown during a power up and are not changed at any reset. Unlike these, SFR registers are reset to a starting position initial state. One of the most important effects of a reset is setting a program counter (PC) to zero (0000h) , which enables the program to start executing from the first written instruction. 

Reset at supply voltage drop below the permissible (Brown-out Reset) Impulse for resetting during voltage voltage-up is generated by microcontroller itself when it detects an increase in supply Vdd (in a range from 1.2V to 1.8V). That impulse lasts 72ms which is enough time for an oscillator to get stabilized. These 72ms are provided by an internal PWRT timer which has its own RC oscillator. Microcontroller is in a reset mode as long as PWRT is active. However, as device is working, problem arises when supply doesn't drop to zero but falls below the limit that guarantees microcontroller's proper functioning. This is a likely case in practice, especially in industrial environment where disturbances and instability of supply are an everyday occurrence. To solve this problem we need to make sure that microcontroller is in a reset state each time supply falls below the approved limit. 

                                        Fig.3.6 Voltage Drop Below the Proper Level

If, according to electrical specification, internal reset circuit of a microcontroller can not satisfy the needs, special electronic components can be used which are capable of generating the desired reset signal. Beside this function, they can also function in watching over supply voltage. If voltage drops below specified level, a logical zero would appear on MCLR pin which holds the microcontroller in reset state until voltage is not within limits that guarantee accurate performance.

Central Processing Unit

Central processing unit (CPU) is the brain of a microcontroller. This part is responsible for finding and fetching the right instruction which needs to be executed, for decoding that instruction, and finally for its execution. Central processing unit connects all parts of the microcontroller into one whole. Surely, its most important function is to decode program instructions.

When programmer writes a program, instructions have a clear form like MOVLW 0x20. However, in order for a microcontroller to understand that, this 'letter' form of an instruction must be translated into a series of zeros and ones which is called an 'opcode'. This transition from a letter to binary form is done by translators such as assembler translator (also known as an assembler). Instruction thus fetched from program memory must be decoded by a central processing unit. We can then select from the table of all the instructions a set of actions which execute a assigned task defined by instruction. As instructions may within themselves contain assignments which require different transfers of data from one memory into another, from memory onto ports, or some other calculations, CPU must be connected with all parts of the microcontroller. This is made possible through a data bus and an address bus.

Arithmetic logic unit is responsible for performing operations of adding, subtracting, moving (left or right within a register) and logic operations. Moving data inside a register is also known as 'shifting'. PIC16F877A contains an 8-bit arithmetic logic unit and 8-bit work registers.

                                                Fig 3.7 STATUS Register format


In instructions with two operands, ordinarily one operand is in work register (W register), and the other is one of the registers or a constant. By operand we mean the contents on which some operation is being done, and a register is any one of the GPR or SFR registers. GPR is an abbreviation for 'General Purposes Registers', and SFR for 'Special Function Registers'. In instructions with one operand, an operand is either W register or one of the registers. As an addition in doing operations in arithmetic and logic, ALU controls status bits (bits found in STATUS register). Execution of some instructions affects status bits, which depends on the result itself. Depending on which instruction is being executed, ALU can affect values of Carry (C), Digit Carry (DC), and Zero (Z) bits in STATUS register.


3.2.9 Ports

Term "port" refers to a group of pins on a microcontroller which can be accessed simultaneously, or on which we can set the desired combination of zeros and ones, or read from them an existing status. Physically, port is a register inside a microcontroller which is connected by wires to the pins of a microcontroller. Microcontroller uses them in order to monitor or control other components or devices. Due to functionality, some pins have twofold roles like PA4/TOCKI for instance, which is in the same time the fourth bit of port A and an external input for free-run counter. Selection of one of these two pin functions is done in one of the configuration registers. An illustration of this is the fifth bit T0CS in OPTION register. By selecting one of the functions the other one is disabled.

All port pins can be designated as input or output, according to the needs of a device that's being developed. In order to define a pin as input or output pin, the right combination of zeros and ones must be written in TRIS register. If the appropriate bit of TRIS register contains logical "1", then that pin is an input pin, and if the opposite is true, it's an output pin. Every port has its proper TRIS register. Thus, port A has TRISA, and port B has TRISB. Pin direction can be changed during the course of work which is particularly fitting for one-line communication where data flow constantly changes direction. PORTA and PORTB state registers are located in bank 0, while TRISA and TRISB pin direction registers are located in bank 1.

Memory organization

PIC16F877A has two separate memory blocks, one for data and the other for program. EEPROM memory with GPR and SFR registers in RAM memory make up the data block, while FLASH memory makes up the program block. 

Program memory

Program memory has been carried out in FLASH technology which makes it possible to program a microcontroller many times before it's installed into a device, and even after its installment if eventual changes in program or process parameters should occur. The size of program memory is 1024 locations with 14 bits width where locations zero and four are reserved for reset and interrupt vector.


Data memory

Data memory consists of EEPROM and RAM memories. EEPROM memory consists of 256 eight bit locations whose contents is not lost during loosing of power supply. EEPROM is not  directly addressable, but is accessed indirectly through EEADR and EEDATA registers. As EEPROM memory usually serves for storing important parameters (for example, of a given temperature in temperature regulators) , there is a strict procedure for writing in EEPROM which must be followed in order to avoid accidental writing. RAM memory for data occupies space on a memory map from location 0x0C to 0x4F which comes to 68 locations. Locations of RAM memory are also called GPR registers which is an abbreviation for General Purpose Registers. GPR registers can be accessed regardless of which bank is selected at the moment. 

Memory Banks

Beside this 'length' division to SFR and GPR registers, memory map is also divided in 'width' (see preceding map) to two areas called 'banks'. Selecting one of the banks is done via RP0 bit in STATUS register.


  bcf STATUS, RP0
Instruction BCF clears bit RP0 (RP0=0) in STATUS register and thus sets up bank 0.
 bsf STATUS, RP0

Instruction BSF sets the bit RP0 (RP0=1) in STATUS register and thus sets up bank1.
It is useful to consider what would happen if the wrong bank was selected. Let's assume that we have selected bank 0 at the beginning of the program, and that we now want to write to certain register located in bank 1, say TRISB. Although we specified the name of the register TRISB, data will be actually stored to a bank 0 register at the appropriate address, which is PORTB in our example.

      BANK0 macro
      Bcf STATUS, RP0   ;Select memory bank 0

      BANK1 macro
      Bsf STATUS, RP0   ;Select memory bank 1

        Bank selection can be also made via directive banksel after which name of the register to be accessed is specified. In this manner, there is no need to memorize which register is in which bank.

Program Counter

Program counter (PC) is a 13-bit register that contains the address of the instruction being executed. It is physically carried out as a combination of a 5-bit register PCLATH for the five higher bits of the address, and the 8-bit register PCL for the lower 8 bits of the address.

By its incrementing or change (i.e. in case of jumps) microcontroller executes program instructions step-by-step.

PIC16F877A has a 13-bit stack with 8 levels, or in other words, a group of 8 memory locations, 13 bits wide, with special purpose. Its basic role is to keep the value of program counter after a jump from the main program to an address of a subprogram . In order for a program to know how to go back to the point where it started from, it has to return the value of a program counter from a stack. When moving from a program to a subprogram, program counter is being pushed onto a stack (example of this is CALL instruction). When executing instructions such as RETURN, RETLW or RETFIE which were executed at the end of a subprogram, program counter was taken from a stack so that program could continue where was stopped before it was interrupted. These operations of placing on and taking off from a program counter stack are called PUSH and POP, and are named according to similar instructions on some bigger microcontrollers.


In System Programming

In order to program a program memory, microcontroller must be set to special working mode by bringing up MCLR pin to 13.5V, and supply voltage Vdd has to be stabilized between 4.5V to 5.5V. Program memory can be programmed serially using two 'data/clock' pins which must previously be separated from device lines, so that errors wouldn't come up during programming.


Fig 3.8 Direct addressing format


Indirect Addressing

Indirect unlike direct addressing does not take an address from an instruction but derives it from IRP bit of STATUS and FSR registers. Addressed location is accessed via INDF register which in fact holds the address indicated by a FSR. In other words, any instruction which uses INDF as its register in reality accesses data indicated by a FSR register. Let's say, for instance, that one general purpose register (GPR) at address 0Fh contains a value of 20. By writing a value of 0Fh in FSR register we will get a register indicator at address 0Fh, and by reading from INDF register, we will get a value of 20, which means that we have read from the first register its value without accessing it directly (but via FSR and INDF). It appears that this type of addressing does not have any advantages over direct addressing, but certain needs do exist during programming which can be solved smoothly only through indirect addressing.

Indirect addressing is very convenient for manipulating data arrays located in GPR registers. In this case, it is necessary to initialize FSR register with a starting address of the array, and the rest of the data can be accessed by incrementing the FSR register.


Fig 3.9 Indirect addressing format

Such examples include sending a set of data via serial communication, working with buffers and indicators (which will be discussed further in a chapter with examples), or erasing a part of RAM memory (16 locations) as in the following instance.

Reading data from INDF register when the contents of FSR register is equal to zero returns the value of zero, and writing to it results in NOP operation (no operation).


 Interrupts are a mechanism of a microcontroller which enables it to respond to some events at the moment they occur, regardless of what microcontroller is doing at the time. This is a very important part, because it provides connection between a microcontroller and environment which surrounds it. Generally, each interrupt changes the program flow, interrupts it and after executing an interrupt subprogram (interrupt routine) it continues from that same point on.

         Control register of an interrupt is called INTCON and can be accessed regardless of the bank selected. Its role is to allow or disallowed interrupts, and in case they are not allowed, it registers single interrupt requests through its own bits.

INTCON Register

Fig 3.10 INTCON register Format

Bit 7 GIE (Global Interrupt Enable bit) Bit which enables or disables all interrupts.
1 = all interrupts are enabled
0 = all interrupts are disabled

Bit 6 EEIE (EEPROM Write Complete Interrupt Enable bit) Bit which enables an interrupt at the end of a writing routine to EEPROM
1 = interrupt enabled
0 = interrupt disabled
If EEIE and EEIF (which is in EECON1 register) are set simultaneously , an interrupt will occur.

bit 5 T0IE (TMR0 Overflow Interrupt Enable bit) Bit which enables interrupts during counter TMR0 overflow.
1 = interrupt enabled
0 = interrupt disabled
If T0IE and T0IF are set simultaneously, interrupt will occur.

bit 4 INTE (INT External Interrupt Enable bit) Bit which enables external interrupt from pin RB0/INT.
1 = external interrupt enabled
0 = external interrupt disabled
If INTE and INTF are set simultaneously, an interrupt will occur.

bit 3 RBIE (RB port change Interrupt Enable bit) Enables interrupts to occur at the change of status of pins 4, 5, 6, and 7 of port B. 
1 = enables interrupts at the change of status
0 =interrupts disabled at the change of status
If RBIE and RBIF are simultaneously set, an interrupt will occur.

bit 2 T0IF (TMR0 Overflow Interrupt Flag bit) Overflow of counter TMR0.
1 = counter changed its status from FFh to 00h
0 = overflow did not occur
Bit must be cleared in program in order for an interrupt to be detected.

bit 1 INTF (INT External Interrupt Flag bit) External interrupt occurred.
1 = interrupt occurred
0 = interrupt did not occur
If a rising or falling edge was detected on pin RB0/INT, (which is defined with bit INTEDG in OPTION register), bit INTF is set.

bit 0 RBIF (RB Port Change Interrupt Flag bit) Bit which informs about changes on pins 4, 5, 6 and 7 of port B.
1 = at least one pin has changed its status
0 = no change occurred on any of the pins
Bit has to be cleared in an interrupt subroutine to be able to detect further interrupts.

PIC16F877A has four interrupt sources:
1. Termination of writing data to EEPROM
2. TMR0 interrupt caused by timer overflow.
3. Interrupt during alteration on RB4, RB5, RB6 and RB7 pins of port B.
4. External interrupt from RB0/INT pin of microcontroller

Generally speaking, each interrupt source has two bits joined to it. One enables interrupts, and the other detects when interrupts occur. There is one common bit called GIE which can be used to disallow or enable all interrupts simultaneously. This bit is very useful when writing a program because it allows for all interrupts to be disabled for a period of time, so that execution of some important part of a program would not be interrupted. When instruction which resets GIE bit was executed (GIE=0, all interrupts disallowed), any interrupt that remained unsolved should be ignored.

Interrupts which remained unsolved and were ignored, are processed when GIE bit (GIE=1, all interrupts allowed) would be cleared. When interrupt was answered, GIE bit was cleared so that any additional interrupts would be disabled, return address was pushed onto stack and address 0004h was written in program counter - only after this does replying to an interrupt begin! After interrupt is processed, bit whose setting caused an interrupt must be cleared, or interrupt routine would  automatically be processed over again during a return to the main program.

Keeping the contents of important registers

Only return value of program counter is stored on a stack during an interrupt (by return value of program counter we mean the address of the instruction which was to be executed, but wasn't because interrupt occurred). Keeping only the value of program counter is often not enough. Some registers which are already in use in the main program can also be in use in interrupt routine. If they were not retained, main program would during a return from an interrupt routine get completely different values in those registers, which would cause an error in the program. One example for such a case is contents of the work register W. If we suppose that main program was using work register W for some of its operations, and if it had stored in it some value that's important for the following instruction, then an interrupt which occurs before that instruction would change the value of work register W which would directly be influenced the main program.

         Procedure of recording important registers before going to an interrupt routine is called PUSH, while the procedure which brings recorded values back, is called POP. PUSH and POP are instructions with some other microcontrollers (Intel), but are so widely accepted that a whole operation is named after them. PIC16F877A does not have instructions like PUSH and POP, and they have to be programmed.

Fig 3.11 Common error: saving the value wasn't done before entering the interrupt routine

Due to simplicity and frequent usage, these parts of the program can be made as macros. The concept of a Macro is explained in "Program assembly language". In the following example, contents of W and STATUS registers are stored in W_TEMP and STATUS_TEMP variables prior to interrupt routine. At the beginning of PUSH routine we need to check presently selected bank because W_TEMP and STATUS_TEMP are found in bank 0. For exchange of data between these registers, SWAPF instruction is used instead of MOVF because it does not affect the STATUS register bits.

Example is an assembler program for following steps:

1. Testing the current bank
2. Storing register regardless of the current bank
3. Storing STATUS register in bank 0.
4. Executing interrupt routine for interrupt processing (ISR)
5. Restores STATUS register
6. Restores W register

         If there are some more variables or registers that need to be stored, then they need to be kept after storing STATUS register (step 3), and brought back before STATUS register is restored (step 5). The same example can be carried out using macros, thus getting a more legible program. Macros that are already defined can be used for writing new macros. Macros BANK1 and BANK0 which are explained in "Memory organization" chapter are used with macros 'push' and 'pop'.


Free-run timer TMR0

Timers are usually the most complicated parts of a microcontroller, so it is necessary to set aside more time for understanding them thoroughly. Through their application it is possible to establish relations between a real dimension such as "time" and a variable which represents status of a timer within a microcontroller. Physically, timer is a register whose value is continually increasing to 255, and then it starts all over again: 0, 1, 2, 3, 4...255....0,1, 2, 3......etc.

      This incrementing is done in the background of everything a microcontroller does. It is up to programmer to think up a way how he will take advantage of this characteristic for his needs. One of the ways is increasing some variable on each timer overflow. If we know how much time a timer needs to make one complete round, then multiplying the value of a variable by that time will yield the total amount of elapsed time. 

EEPROM Data memory

PIC16F877A has 256 bytes of EEPROM memory locations on addresses from 00h to 63h that can be written to or read from. The most important characteristic of this memory is that it does not lose its contents with the loss of power supply. Data can be retained in EEPROM without power supply for up to 40 years (as manufacturer of PIC16F877A microcontroller states), and up to 1 million cycles of writing can be executed. 

         In practice, EEPROM memory is used for storing important data or process parameters. One such parameter is a given temperature, assigned when setting up a temperature regulator to some process. If that data wasn't retained, it would be necessary to adjust a given temperature after each loss of supply. Since this is very impractical (and even dangerous), manufacturers of microcontrollers have began installing one smaller type of EEPROM memory.


3.3 G.S.M Modem/Moblile

3.3.1 GSM History

During the early 1980s, analog cellular telephone systems were experiencing rapid growth in Europe, particularly in Scandinavia and the United Kingdom, but also in France and Germany. Each country developed its own system, which was incompatible with everyone else's in equipment and operation. This was an undesirable situation, because not only was the mobile equipment limited to operation within national boundaries, which in a unified Europe were increasingly unimportant, but there was also a very limited market for each type of equipment, so economies of scale and the subsequent savings could not be realized.

         The Europeans realized this early on, and in 1982 the Conference of European Posts and Telegraphs (CEPT) formed a study group called the Groupe Special Mobile (GSM) to study and develop a pan-European public land mobile system. The proposed system had to meet certain criteria:

·         Good subjective speech quality

·         Low terminal and service cost

·         Low terminal and service cost

·         Ability to support handheld terminals

·         Support for range of new services and facilities

·         Spectral efficiency

·         ISDN compatibility

Pan-European means European-wide. ISDN throughput at 64Kbs was never envisioned, indeed, the highest rate a normal GSM network can achieve is 9.6kbs.

         Europe saw cellular service introduced in 1981, when the Nordic Mobile Telephone System or NMT450 began operating in Denmark, Sweden, Finland, and Norway in the 450 MHz range. It was the first multinational cellular system. In 1985 Great Britain started using the Total Access Communications System or TACS at 900 MHz. Later, the West German C-Netz, the French Radio COM 2000, and the Italian RTMI/RTMS helped make up Europe's nine analog incompatible radio telephone systems. Plans were afoot during the early 1980s, however, to create a single European wide digital mobile service with advanced features and easy roaming. While North American groups concentrated on

building out their robust but increasingly fraud plagued and featureless analog network, Europe planned for a digital future.

         In 1989, GSM responsibility was transferred to the European Telecommunication Standards Institute (ETSI), and phase I of the GSM specifications were published in 1990. Commercial service was started in mid-1991, and by 1993 there were 36 GSM networks in 22 countries. Although standardized in Europe, GSM is not only a European standard. Over 200 GSM networks (including DCS1800 and PCS1900) are operational in 110 countries around the world. In the beginning of 1994, there were 1.3 million subscribers worldwide, which had grown to more than 55 million by October 1997. With North America making a delayed entry into the GSM field with a derivative of GSM called PCS1900, GSM systems exist on every continent, and the acronym GSM now aptly stands for Global System for Mobile communications.

         The developers of GSM chose an unproven (at the time) digital system, as opposed to the then-standard analog cellular systems like AMPS in the United States and TACS in the United Kingdom. They had faith that advancements in compression algorithms and digital signal processors would allow the fulfillment of the original criteria and the continual improvement of the system in terms of quality and cost. The over 8000 pages of GSM recommendations try to allow flexibility and competitive innovation among suppliers, but provide enough standardization to guarantee proper networking between the components of the system. This is done by providing functional and interface descriptions for each of the functional entities defined in the system.


3.3.2 Services provided by GSM

From the beginning, the planners of GSM wanted ISDN compatibility in terms of the services offered and the control signaling used. However, radio transmission limitations, in terms of bandwidth and cost, do not allow the standard ISDN B-channel bit rate of 64 kbps to be practically achieved.

         Telecommunication services can be divided into bearer services, teleservices, and supplementary services. The most basic tele service supported by GSM is telephony. As with all other communications, speech is digitally encoded and transmitted through the GSM network as a digital stream. There is also an emergency service, where the nearest emergency-service provider is notified by dialing three digits.

Bearer services: Typically data transmission instead of voice. Fax and SMS are examples.
Teleservices: Voice oriented traffic.
Supplementary services: Call forwarding, caller ID, call waiting and the like.

         A variety of data services is offered. GSM users can send and receive data, at rates up to 9600 bps, to users on POTS (Plain Old Telephone Service), ISDN, Packet Switched Public Data Networks, and Circuit Switched Public Data Networks using a variety of access methods and protocols, such as X.25 or X.32. Since GSM is a digital network, a modem is not required between the user and GSM network, although an audio modem is required inside the GSM network to interwork with POTS.

         Other data services include Group 3 facsimile, as described in ITU-T recommendation T.30, which is supported by use of an appropriate fax adaptor. A unique feature of GSM, not found in older analog systems, is the Short Message Service (SMS). SMS is a bidirectional service for short alphanumeric (up to 160 bytes) messages. Messages are transported in a store-and-forward fashion. For point-to-point SMS, a message can be sent to another subscriber to the service, and an acknowledgement of receipt is provided to the sender. SMS can also be used in a cell-broadcast mode, for sending messages such as traffic updates or news updates. Messages can also be stored in the SIM card for later retrieval.

         Supplementary services are provided on top of tele services or bearer services. In the current (Phase I) specifications, they include several forms of call forward (such as call forwarding when the mobile subscriber is unreachable by the network), and call barring of outgoing or incoming calls, for example when roaming in another country. Many additional supplementary services will be provided in the Phase 2 specifications, such as caller identification, call waiting, multi-party conversations.


3.3.3 Mobile Station

The mobile station (MS) consists of the mobile equipment (the terminal) and a smart card called the Subscriber Identity Module (SIM). The SIM provides personal mobility, so that the user can have access to subscribed services irrespective of a specific terminal. By inserting the SIM card into another GSM terminal, the user is able to receive calls at that terminal, make calls from that terminal, and receive other subscribed services.

         The mobile equipment is uniquely identified by the International Mobile Equipment Identity (IMEI). The SIM card contains the International Mobile Subscriber Identity (IMSI) used to identify the subscriber to the system, a secret key for authentication, and other information. The IMEI and the IMSI are independent, thereby allowing personal mobility. The SIM card may be protected against unauthorized use by a password or personal identity number.

         GSM phones use SIM cards, or Subscriber information or identity modules. They're the biggest difference a user sees between a GSM phone or handset and a conventional cellular telephone. With the SIM card and its memory the GSM handset is a smart phone, doing many things a conventional cellular telephone cannot. Like keeping a built in phone book or allowing different ring tones to be downloaded and then stored. Conventional cellular telephones either lack the features GSM phones have built in, or they must rely on resources from the cellular system itself to provide them. Let me make another, important point.

         With a SIM card your account can be shared from mobile to mobile, at least in theory. Want to try out your neighbor's brand new mobile? You should be able to put your SIM card into that GSM handset and have it work. The GSM network cares only that a valid account exists, not that you are using a different device. You get billed, not the neighbor who loaned you the phone.

         This flexibility is completely different than AMPS technology, which enables one device per account. No switching around. Conventional cellular telephones have their electronic serial number burned into a chipset which is permanently attached to the phone. No way to change out that chipset or trade with another phone. SIM card technology, by comparison, is meant to make sharing phones and other GSM devices quick and easy.

Fig.3.12 Mobile station SIM port

On the left above: Front of a Pacific Bell GSM phone. In the middle above: Same phone, showing the back. The SIM card is the white plastic square. It fits into the grey colored holder next to it. On the right above. A new and different idea, a holder for two SIM cards, allowing one phone to access either of two wireless carriers. Provided you have an account with both. :-) The Sim card is to the left of the body.


3.3.4 Base Station Subsystem

The Base Station Subsystem is composed of two parts, the Base Transceiver Station (BTS) and the Base Station Controller (BSC). These communicate across the standardized Abis interface, allowing (as in the rest of the system) operation between components made by different suppliers.

         The Base Transceiver Station houses the radio transceivers that define a cell and handles the radio-link protocols with the Mobile Station. In a large urban area, there will potentially be a large number of BTSs deployed, thus the requirements for a BTS are ruggedness, reliability, portability, and minimum cost.

Fig 3.13 Baste Station Subsystem.

         The BTS or Base Transceiver Station is also called an RBS or Remote Base station. Whatever the name, this is the radio gear that passes all calls coming in and going out of a cell site. The base station is under direction of a base station controller so traffic gets sent there first. The base station controller, described below, gathers the calls from many base stations and passes them on to a mobile telephone switch. From that switch come and go the calls from the regular telephone network. Some base stations are quite small, the one pictured here is a large outdoor unit. The large number of base stations and their attendant controllers, are a big difference between GSM and IS-136.

The Base Station Controller

The Base Station Controller manages the radio resources for one or more BTSs. It handles radio-channel setup, frequency hopping, and handovers, as described below. The BSC is the connection between the mobile station and the Mobile service Switching Center (MSC).

         Another difference between conventional cellular and GSM is the base station controller. It's an intermediate step between the base station transceiver and the mobile switch. GSM designers thought this a better approach for high density cellular networks. As one anonymous writer penned, "If every base station talked directly to the MSC, traffic would become too congested. To ensure quality communications via traffic management, the wireless infrastructure network uses Base Station Controllers as a way to segment the network and control congestion. The result is that MSCs route their circuits to BSCs which in turn are responsible for connectivity and routing of calls for 50 to 100 wireless base stations."

                                                            Fig 3.14 Siemens BSC


Many GSM descriptions picture equipment called a TRAU, which stands for Transcoding Rate and Adaptation Unit. Of course also known as a TransCoding Unit or TCU, the TRAU is a compressor and converter. It first compresses traffic coming from the mobiles through the base station controllers. That's quite an achievement because voice and data have already been compressed by the voice coders in the handset. Anyway, it crunches that data down even further. It then puts the traffic into a format the Mobile Switch can understand. This is the TransCoding part of its name, where code in one format is converted to another. The TRAU is not required but apparently it saves quite a bit of money to install one. Here's how Nortel Networks sells their unit:

         "Reduce transmission resources and realize up to 75% transmission cost savings with the TCU."

         "The TransCoding Unit (TCU), inserted between the BSC and MSC, enables speech compression and data rate adaptation within the radio cellular network. The TCU is designed to reduce transmission costs by minimizing transmission resources between the BSC and MSC. This is achieved by reducing the number of PCM links going to the BSC, since four traffic channels (data or speech) can be handled by one PCM time slot. Additionally, the modular architecture of the TCU supports all three GSM vocoders (Full Rate, Enhanced Full Rate, and Half Rate) in the same cabinet, providing you with a complete range of deployment options."


Fig 3.15 Siemens’ TRAU

         Voice coders or vocoders are built into the handsets a cellular carrier distributes. They're the circuitry that turns speech into digital. The carrier specifies which rate they want traffic compressed, either a great deal or just a little. The cellular system is designed this way, with handset vocoders working in league with the equipment of the base station subsystem.


 3.3.5 Architecture of the GSM network

A GSM network is composed of several functional entities, whose functions and interfaces are specified. Figure 1 shows the layout of a generic GSM network. The GSM network can be divided into three broad parts. The Mobile Station is carried by the subscriber. The Base Station Subsystem controls the radio link with the Mobile Station. The Network Subsystem, the main part of which is the Mobile services Switching Center (MSC), performs the switching of calls between the mobile users, and between mobile and fixed network users. The MSC also handles the mobility management operations. Not shown is the Operations and Maintenance Center, which oversees the proper operation and setup of the network. The Mobile Station and the Base Station Subsystem communicate across the Um interface, also known as the air interface or radio link. The Base Station Subsystem communicates with the Mobile services Switching Center across the A interface.

         As John states, he presents a generic GSM architecture. Lucent, Ericsson, Nokia, and others feature their own vision in their own diagrams.



Lucent GSM architecture/ Ericsson GSM architecture / Nokia GSM architecture / Siemens’s GSM architecture

Fig 3.15 General architecture of a GSM network




3.3.6 Radio link aspects

The International Telecommunication Union (ITU), which manages the international allocation of radio spectrum (among many other functions), allocated the bands 890-915 MHz for the uplink (mobile station to base station) and 935-960 MHz for the downlink (base station to mobile station) for mobile networks in Europe. Since this range was already being used in the early 1980s by the analog systems of the day, the CEPT had the foresight to reserve the top 10 MHz of each band for the GSM network that was still being developed. Eventually, GSM will be allocated the entire 2x25 MHz bandwidth.

Cellular Radio frequencies around the world


American Cellular




824-849 MHz

869-894 MHz

Mobile to base

Base to mobile

American PCS/GSM




901-941 MHz




1930-1990 MHz

Mobile to base

Base to mobile





872-905 MHz

917-950 MHz

Mobile to base

Base to mobile




GSM has three main frequency bands around the world: 900 MHz, 1800 MHz, and 1900 MHz. It all depends on the country. Other bands may be used in the future or may be in trial right now.






1900 MHz.








810-826 MHz

940-956 MHz

1429-1441 MHz

1477-1489 MHz

Mobile to base

Base to mobile

Base to mobile

Mobile to base



3.3.7 Multiple access and channel structure

Since radio spectrum is a limited resource shared by all users, a method must be devised to divide up the bandwidth among as many users as possible. The method chosen by GSM is a combination of Time- and Frequency-Division Multiple Access (TDMA/FDMA). The FDMA part involves the division by frequency of the (maximum) 25 MHz bandwidth into 124 carrier frequencies spaced 200 kHz apart. One or more carrier frequencies are assigned to each base station. Each of these carrier frequencies is then divided in time, using a TDMA scheme. The fundamental unit of time in this TDMA scheme is called a burst period and it lasts 15/26 ms (or approx. 0.577 ms). Eight burst periods are grouped into a TDMA frame (120/26 ms, or approx. 4.615 ms), which forms the basic unit for the definition of logical channels. One physical channel is one burst period per TDMA frame.


Traffic channels

A traffic channel (TCH) is used to carry speech and data traffic. Traffic channels are defined using a 26-frame multiframe, or group of 26 TDMA frames. The length of a 26-frame multiframe is 120 ms, which is how the length of a burst period is defined (120 ms divided by 26 frames divided by 8 burst periods per frame). Out of the 26 frames, 24 are used for traffic, 1 is used for the Slow Associated Control Channel (SACCH) and 1 is currently unused (see Figure 2). TCHs for the uplink and downlink are separated in time by 3 burst periods, so that the mobile station does not have to transmit and receive simultaneously, thus simplifying the electronics.

Control channels

Common channels can be accessed both by idle mode and dedicated mode mobiles. The common channels are used by idle mode mobiles to exchange the signaling information required to change to dedicated mode. Mobiles already in dedicated mode monitor the urrounding base stations for handover and other informatio.Dedicated mode means a mobile is in use.

 Dedicated to service. Control and common channels seem to be synonymous terms. Speaking of terms, don't try to memorize these channel names and functions.

 Control Channels

Channel Types


Broadcast Control Channel (BCCH)

Broadcast downlink

(Base station to mobile)

Continually broadcasts, on the downlink, information including base station identity, frequency allocations, and frequency-hopping sequences.

Frequency Correction Channel (FCCH)

Broadcast downlink

Used to synchronize the mobile to the time slot structure of a cell by defining the boundaries of burst periods, and the time slot numbering. Every cell in a GSM network broadcasts exactly one FCCH and one SCH, which are by definition on time slot number 0 (within a TDMA frame).

Synchronization Channel (SCH)

Broadcast downlink

Random Access Channel (RACH)

Common uplink 

(Mobile to base station)

Slotted Aloha channel used by the mobile to request access to the network. 

(p.s. I love that term "Aloha"; appropriate and to the point)

Paging Channel (PCH)

Common downlink 

(Base station to mobile)

Used to alert the mobile station of an incoming call. 

Access Grant Channel (AGCH)

Broadcast downlink

Used to allocate an SDCCH to a mobile for signaling (in order to obtain a dedicated channel), following a request on the RACH.

Slow Associated Control Channel (SACCH)

Uplink and downlink

In every traffic channel. Used for low rate, non critical signaling.

Fast Associated Control Channel (FACCH)

Uplink and downlink

"A high rate signaling channel, used during call establishment, subscriber authentication, and for handover commands." Macaroon




3.3.8 Frequency hopping

The mobile station already has to be frequency agile, meaning it can move between a transmit, receive, and monitor time slot within one TDMA frame, which normally are on different frequencies. GSM makes use of this inherent frequency agility to implement slow frequency hopping, where the mobile and BTS transmit each TDMA frame on a different carrier frequency. The frequency hopping algorithm is broadcast on the Broadcast Control Channel. Since multipath fading is dependent on carrier frequency, slow frequency hopping helps alleviate the problem. In addition, co-channel interference is in effect randomized.

         Here's a huge difference between conventional cellular (IS-136) and GSM: frequency hopping. When enabled, slots within frames can leapfrog from one frequency to another. In IS-136, by comparison, once assigned a channel your call stays on that pair of radio frequencies until the call is over or you have moved to another cell.

3.3.9 Discontinuous reception

Another method used to conserve power at the mobile station is discontinuous reception. The paging channel, used by the base station to signal an incoming call, is structured into sub-channels. Each mobile station needs to listen only to its own sub-channel. In the time between successive paging sub-channels, the mobile can go into sleep mode, when almost no power is used.


3.3.10 Power control

There are five classes of mobile stations defined, according to their peak transmitter power, rated at 20, 8, 5, 2, and 0.8 watts. To minimize co-channel interference and to conserve power, both the mobiles and the Base Transceiver Stations operate at the lowest power level that will maintain an acceptable signal quality. Power levels can be stepped up or down in steps of 2 dB from the peak power for the class down to a minimum of 13 dBm (20 milliwatts).

         We need only enough power to make a connection. Any more is superfluous. If you can't make a connection using one watt then two watts won't help at these near microwave frequencies. Using less power means less interference or congestion among all the mobiles in a cell.

         The mobile station measures the signal strength or signal quality (based on the Bit Error Ratio), and passes the information to the Base Station Controller, which ultimately decides if and when the power level should be changed. Power control should be handled carefully, since there is the possibility of instability. This arises from having mobiles in co-channel cells alternating increase their power in response to increased co-channel interference caused by the other mobile increasing its power. This in unlikely to occur in practice but it is (or was as of 1991) under study.

         Two points. The first is that the base station can reach out to the mobile and turn down the transmitting power the handset is using. Very cool. The second point is that a digital signal will drop a call much more quickly than an analog signal. With an analog radio you can hear through static and fading. But with a digital radio the connection will be dropped, just like your landline modem, when too many 0s and 1s go missing. You need more base stations, consequently, to provide the same coverage as analog


3.3.11 Network aspects

Ensuring the transmission of voice or data of a given quality over the radio link is only part of the function of a cellular mobile network. A GSM mobile can seamlessly roam nationally and internationally, which requires that registration, authentication, call routing and location updating functions exist and are standardized in GSM networks. In addition, the fact that the geographical area covered by the network is divided into cells necessitates the implementation of a handover mechanism. These functions are performed by the Network Subsystem, mainly using the Mobile Application Part (MAP) built on top of the Signaling System No. 7 protocol.


        The signaling protocol in GSM is structured into three general layers [1], [19], depending on the interface, as shown in Figure 3. Layer 1 is the physical layer, which uses the channel structures discussed above over the air interface. Layer 2 is the data link layer. Across the Um interface, the data link layer is a modified version of the LAPD protocol used in ISDN (external link), called LAPDm. Across the A interface, the Message Transfer Part layer 2 of Signaling System Number 7 is used. Layer 3 of the GSM signaling protocol is itself divided into 3 sub layers.

  • Radio Resources Management
  •  Controls the setup, maintenance, and termination of radio and fixed channels,
  • Including handovers.
  •  Mobility Management
  • Manages the location updating and registration procedures, as well as security and authentication.
  • Connection Management
  • Handles general call control, similar to CCITT Recommendation Q.931, and manages Supplementary Services and the Short Message Service.

Figure 3.16 Signaling protocol structure in GSM

3.3.12 Radio resources management

The radio resources management (RR) layer oversees the establishment of a link, both radio and fixed, between the mobile station and the MSC. The main functional components involved are the mobile station, and the Base Station Subsystem, as well as the MSC. The RR layer is concerned with the management of an RR-session [16], which is the time that a mobile is in dedicated mode, as well as the configuration of radio channels including the allocation of dedicated channels.

         An RR-session is always initiated by a mobile station through the access procedure, either for an outgoing call, or in response to a paging message. The details of the access and paging procedures, such as when a dedicated channel is actually assigned to the mobile, and the paging sub-channel structure, are handled in the RR layer. In addition, it handles the management of radio features such as power control, discontinuous transmission and reception, and timing advance.


3.3.13 Handover

In a cellular network, the radio and fixed links required are not permanently allocated for the duration of a call. Handover, or handoff as it is called in North America, is the switching of an on-going call to a different channel or cell. The execution and measurements required for handover form one of basic functions of the RR layer.

      There are four different types of handover in the GSM system, which involve transferring a call between:

·         Channels (time slots) in the same cell

·         Cells (Base Transceiver Stations) under the control of the same Base Station Controller (BSC),

·          Cells under the control of different BSCs, but belonging to the same Mobile services Switching Center (MSC), and

·          Cells under the control of different MSCs.

         The first two types of handover, called internal handovers, involve only one Base Station Controller (BSC). To save signaling bandwidth, they are managed by the BSC without involving the Mobile services Switching Center (MSC), except to notify it at the completion of the handover. The last two types of handover, called external handovers, are handled by the MSCs involved. An important aspect of GSM is that the original MSC, the anchor MSC, remains responsible for most call-related functions, with the exception of subsequent inter-BSC handovers under the control of the new MSC, called the relay MSC.

         Handovers can be initiated by either the mobile or the MSC (as a means of traffic load balancing). During its idle time slots, the mobile scans the Broadcast Control Channel of up to 16 neighboring cells, and forms a list of the six best candidates for possible handover, based on the received signal strength. This information is passed to the BSC and MSC, at least once per second, and is used by the handover algorithm.

         The algorithm for when a hand over decision should be taken is not specified in the GSM recommendations. There are two basic algorithms used, both closely tied in with power control. This is because the BSC usually does not know whether the poor signal quality is due to multipath fading or to the mobile having moved to another cell. This is especially true in small urban cells.

         The 'minimum acceptable performance' algorithm [3] gives precedence to power control over handover, so that when the signal degrades beyond a certain point, the power level of the mobile is increased. If further power increases do not improve the signal, then a handover is considered. This is the simpler and more common method, but it creates 'smeared' cell boundaries when a mobile transmitting at peak power goes some distance beyond its original cell boundaries into another cell.

         The 'power budget' method [3] uses handover to try to maintain or improve a certain level of signal quality at the same or lower power level. It thus gives precedence to handover over power control. It avoids the 'smeared' cell boundary problem and reduces co-channel interference, but it is quite complicated.

3.3.14 Mobility management

The Mobility Management layer (MM) is built on top of the RR layer (radio resources), and handles the functions that arise from the mobility of the subscriber, as well as the authentication and security aspects. Location management is concerned with the procedures that enable the system to know the current location of a powered-on mobile station so that incoming call routing can be completed.

3.3.15 Location updating

A powered-on mobile is informed of an incoming call by a paging message sent over the PAGCH channel of a cell. One extreme would be to page every cell in the network for each call, which is obviously a waste of radio bandwidth. The other extreme would be for the mobile to notify the system, via location updating messages, of its current location at the individual cell level. This would require paging messages to be sent to exactly one cell, but would be very wasteful due to the large number of location updating messages. A compromise solution used in GSM is to group cells into location areas. Updating messages are required when moving between location areas, and mobile stations are paged in the cells of their current location area.

In conventional cellular location messages are sent to the exact cell a mobile is in.

To review, the VLR Data Base, or Visited or Visitor Location Register, contains all the data needed to communicate with the mobile switch. Levine says this data includes:

  • Equipment identity and authentication-related data
  •  Last known Location Area (LA)
  • Power Class and other physical attributes of the mobile or handset
  • List of special services available to this subscriber
  • More data entered while engaged in a Call
  • Current cell
  •  Encryption keys

The location updating procedures, and subsequent call routing, use the MSC and two location registers: the Home Location Register (HLR) and the Visitor Location Register (VLR). When a mobile station is switched on in a new location area, or it moves to a new location area or different operator's PLMN, it must register with the network to indicate its current location. In the normal case, a location update message is sent to the new MSC/VLR, which records the location area information, and then sends the location information to the subscriber's HLR. The information sent to the HLR is normally the SS7 address of the new VLR, although it may be a routing number. The reason a routing number is not normally assigned, even though it would reduce signaling, is that there is only a limited number of routing numbers available in the new MSC/VLR and they are allocated on demand for incoming calls. If the subscriber is entitled to service, the HLR sends a subset of the subscriber information, needed for call control, to the new MSC/VLR, and sends a message to the old MSC/VLR to cancel the old registration.

         A procedure related to location updating is the IMSI (International Mobile Subscriber Identity) attach and detach. A detach lets the network know that the mobile station is unreachable, and avoids having to needlessly allocate channels and send paging messages. An attach is similar to a location update, and informs the system that the mobile is reachable again. The activation of IMSI attach/detach is up to the operator on an individual cell basis.

3.3.16 Authentication and security

Since the radio medium can be accessed by anyone, authentication of users to prove that they are who they claim to be, is a very important element of a mobile network. Authentication involves two functional entities, the SIM card in the mobile, and the Authentication Center (AUC). Each subscriber is given a secret key, one copy of which is stored in the SIM card and the other in the AUC. During authentication, the AUC generates a random number that it sends to the mobile. Both the mobile and the AUC then use the random number, in conjunction with the subscriber's secret key and a ciphering algorithm called A3, to generate a signed response (SRES) that is sent back to the AUC. If the number sent by the mobile is the same as the one calculated by the AUC, the subscriber is authenticated.

         The same initial random number and subscriber key are also used to compute the ciphering key using an algorithm called A8. This ciphering key, together with the TDMA frame number, use the A5 algorithm to create a 114 bit sequence that is XORed with the 114 bits of a burst (the two 57 bit blocks). Enciphering is an option for the fairly paranoid, since the signal is already coded, interleaved, and transmitted in a TDMA manner, thus providing protection from all but the most persistent and dedicated eavesdroppers.

         Another level of security is performed on the mobile equipment itself, as opposed to the mobile subscriber. As mentioned earlier, each GSM terminal is identified by a unique International Mobile Equipment Identity (IMEI) number. A list of IMEIs in the network is stored in the Equipment Identity Register (EIR). The status returned in response to an IMEI query to the EIR is one of the following:

White-listed: The terminal is allowed to connect to the network.
Grey-listed: The terminal is under observation from the network for possible problems.
Black-listed: The terminal has either been reported stolen, or is not type approved (the correct type of terminal for a GSM network). The terminal is not allowed to connect to the network.

3.3.17 Communication management

The Communication Management layer (CM) is responsible for Call Control (CC), supplementary service management, and short message service management. Each of these may be considered as a separate sub layer within the CM layer. Call control attempts to follow the ISDN procedures specified in Q.931, although routing to a roaming mobile subscriber is obviously unique to GSM. Other functions of the CC sub layer include call establishment, selection of the type of service (including alternating between services during a call), and call release.



Fig 3.17 Call routing for a mobile terminating call


3.3.18 Call routing


         Unlike routing in the fixed network, where a terminal is semi-permanently wired to a central office, a GSM user can roam nationally and even internationally. (With, if needed, a properly enabled handset.) The directory number dialed to reach a mobile subscriber is called the Mobile Subscriber ISDN (MSISDN), which is defined by the E.164 numbering plan. This number includes a country code and a National Destination Code which identifies the subscriber's operator. The first few digits of the remaining subscriber number may identify the subscriber's HLR within the home PLMN.

         An incoming mobile terminating call is directed to the Gateway MSC (GMSC) function. The GMSC is basically a switch which is able to interrogate the subscriber's HLR to obtain routing information, and thus contains a table linking MSISDNs to their corresponding HLR. A simplification is to have a GSMC handle one specific PLMN. It should be noted that the GMSC function is distinct from the MSC function, but is usually implemented in an MSC.

PLMN: Public land mobile network. In this context a cellular telephone network. PLMN is chiefly a European usage.

         The routing information that is returned to the GMSC is the Mobile Station Roaming Number (MSRN), which is also defined by the E.164 numbering plan. MSRNs are related to the geographical numbering plan, and not assigned to subscribers, nor are they visible to subscribers.

         The most general routing procedure begins with the GMSC querying the called subscriber's HLR for an MSRN. The HLR typically stores only the SS7 address of the subscriber's current VLR, and does not have the MSRN (see the location updating section). The HLR must therefore query the subscriber's current VLR, which will temporarily allocate an MSRN from its pool for the call. This MSRN is returned to the HLR and back to the GMSC, which can then route the call to the new MSC. At the new MSC, the IMSI corresponding to the MSRN is looked up, and the mobile is paged in its current location area.






3.4.1 History

 The Global Positioning System (GPS) is a Global Navigation Satellite System (GNSS) developed by the United States Department of Defense. It is the only fully functional GNSS in the world. It uses a constellation of between 24 and 32 Medium Earth Orbit satellites that transmit precise microwave signals, which enable GPS receivers to determine their current location, the time, and their velocity. Its official name is NAVSTAR GPS. Although NAVSTAR is not an acronym, a few backronyms have been created for it. The GPS satellite constellation is managed by the United States Air Force 50th Space Wing. GPS is often used by civilians as a navigation system.

         After Korean Air Lines Flight 007 was shot down in 1983 after straying into the USSR's prohibited airspace, President Ronald Reagan issued a directive making GPS freely available for civilian use as a common good. As suggested by physicist D. Fanelli


a few years before. Since then, GPS has become a widely used aid to navigation worldwide, and a useful tool for map-making, land surveying, commerce, scientific uses, and hobbies such as geocaching. Also, the precise time reference is used in many applications including the scientific study of earthquakes. GPS is also a required key synchronization resource of cellular networks, such as the Qualcomm CDMA air interface used by many wireless carriers in a multitude of countries.

         The first satellite navigation system, Transit, used by the United States Navy, was first successfully tested in 1960. Using a constellation of five satellites, it could provide a navigational fix approximately once per hour. In 1967, the U.S. Navy developed the Imation satellite which proved the ability to place accurate clocks in space, a technology that GPS relies upon. In the 1970s, the ground-based Omega Navigation System, based on signal phase comparison, became the first worldwide radio navigation system.

         The design of GPS is based partly on similar ground-based radio navigation systems, such as LORAN and the Decca Navigator developed in the early 1940s, and used during World War II. Additional inspiration for the GPS came when the Soviet Union launched the first Sputnik in 1957. A team of U.S. scientists led by Dr. Richard B. Kershner were monitoring Sputnik's radio transmissions. They discovered that, because of the Doppler Effect, the frequency of the signal being transmitted by Sputnik was higher as the satellite approached, and lower as it continued away from them. They realized that since they knew their exact location on the globe, they could pinpoint where the satellite was along its orbit by measuring the Doppler distortion.


3.4.2 Working and Operation

When people talk about "a GPS," they usually mean a GPS receiver. The Global Positioning System (GPS) is actually a constellation of 27 Earth-orbiting satellites (24 in operation and three extras in case one fails). The U.S. military developed and implemented this satellite network as a military navigation system, but soon opened it up to everybody else.

         Each of these 3,000- to 4,000-pound solar-powered satellites circles the globe at about 12,000 miles (19,300 km), making two complete rotations every day. The orbits are arranged so that at any time, anywhere on Earth, there are at least four satellites "visible" in the sky.

A GPS receiver's job is to locate four or more of these satellites, figure out the distance to each, and use this information to deduce its own location. This operation is based on a simple mathematical principle called trilateration.GPS receiver calculates its position on earth based on the information it receives from four located satellites. This system works pretty well, but inaccuracies do pop up. For one thing, this method assumes the radio signals will make their way through the atmosphere at a consistent speed (the speed of light). In fact, the Earth's atmosphere slows the electromagnetic energy down somewhat, particularly as it goes through the ionosphere and troposphere. The delay varies depending on where you are on Earth, which means it's difficult to accurately factor this into the distance calculations. Problems can also occur when radio signals bounce off large objects, such as skyscrapers, giving a receiver the impression that a satellite is farther away than it actually is. On top of all that, satellites sometimes just send out bad almanac data, misreporting their own position.


Differential GPS (DGPS) helps correct these errors. The basic idea is to gauge GPS inaccuracy at a stationary receiver station with a known location. Since the DGPS hardware at the station already knows its own position, it can easily calculate its receiver's inaccuracy. The station then broadcasts a radio signal to all DGPS-equipped receivers in the area, providing signal correction information for that area. In general, access to this correction information makes DGPS receivers much more accurate than ordinary receivers.




3.18 G.P.S receiver communicating with the satellite and sending information through the wireless mobile phone

3.4.5 G.P.S data decoding

G.P.S receiver continuously sends data and the microcontroller receives the data when ever it requires. The data sent by the G.P.S is a string of characters which should be decoded to the standard format. This is done by the program which we implement in the controller.


3.5. Accident sensor

Accident sensor is a simple switch which uses the air bag mechanism which was readily available in the car. The air bag was built such that when ever an accident occurs it senses it and comes out. Our switch is attached to the air bag circuit and made to switch on when ever the air bag turns on allowing the controller to know the information regarding the occurrence of accident and the controller immediately sends the accident information and location where it occurred to the concerned persons.





Fig 3.19 Snap of the project.





4.1. AT commands


AT commands are instructions used to control a modem. AT is the abbreviation of Attention. Every command line starts with "AT" or "at". That's why modem commands are called AT commands. Many of the commands that are used to control wired dial-up modems. These are also supported by GSM/GPRS modems and mobile phones. Besides this common AT command set, GSM/GPRS modems and mobile phones support an AT command set that is specific to the GSM technology, which includes SMS-related commands.


4.1.1 Basic Commands and Extended Commands

There are two types of AT commands: basic commands and extended commands.

Basic commands are AT commands that do not start with "+". For example, D (Dial), A (Answer), H (Hook control) and O (Return to online data state) are basic commands.

Extended commands are AT commands that start with "+". All GSM AT commands are extended commands. For example, +CMGS (Send SMS message), +CMSS (Send SMS message from storage), +CMGL (List SMS messages) and +CMGR (Read SMS messages) are extended commands.

Here are some of the tasks that can be done using AT commands with a GSM/GPRS modem or mobile phone:





4.1.2 List of commands

AT Command



Name of the manufacture


Model number


International mobile subscriber identity


Software version


International mobile subscriber identity


Radio signal strength


Charging status


Send message


Read message


Write message


Delete message


Notifications of received messages


Read phone book


Write to phone book


Search phone book


Checking whether a facility is locked


Change password


Return to online data state


Hook control


Answer call


Dial call
















5.1.1 CCS COMPILER            

The compiler used in the “ADVANCED VEHICLE SECUIRTY SYSTEM USING GPS AND GSM “is Microchip PIC Micro C Compiler. CCS provides a complete, integrated tool suite for developing and debugging embedded applications running on Microchip PIC® MCUs. The heart of this development tool suite is the CCS intelligent code optimizing C compiler, which frees developers to concentrate on design functionality instead of having to become an MCU architecture expert.

·         Maximize code reuse by easily porting from one MCU to another.

·         Minimize lines of new code with CCS provided peripheral drivers, built-in functions and standard C operators.

·         Built in libraries are specific to PIC® MCU registers, allowing access to hardware features directly from C.


                         We use PIC KIT 2 to dump the code in to the microcontroller. The hex file generated by the CCS compiler after debugging and compilation is used by the PIC KIT 2.

Importing a Hex file:

To import a hex file to be programmed in to the target device, select

File>Import Hex


Loading hex file to controller

After a device family has been selected and a hex file has been imported, the target device can be programmed by clicking write. The device will be erased and programmed with the hex code previously imported.

The status of Write operation is displayed in the status bar located under the Device configuration window. Of the write is successful, the status bar turns green and displays "Programming Successful", as shown in fig below.





#include <16F877A.h>

#include <gsm.c>

#include <gps.c>


#use        delay  (clock=20M) //Crystal Oscillator speed 20MHz

#use        rs232  (baud = 9600, xmit=PIN_B0,rcv=PIN_B1,stream=GSM) //For GSM Modem

#use        rs232  (baud = 4800, xmit=PIN_A1,rcv=PIN_A0,stream=GPS) //For GPS Receiver

byte ch = 0;

int count = 0;

byte data[150]; //For SMS storage

byte wru[] = { "wru" };

byte about[] = {"about"};

byte help[] = {"help"};

byte lock[] = {"lock"};

byte unlock[] = {"unlock"};

byte num[12];   //for storing phone number

char lat[12];   //for storing latitude

char lngtd[12]; //for storing lngtd

char speed[12]; //for storing speed

char tdata[12]; //for temprary data

void main()


   int i = 0;

   int j = 0;

   int flag = 0;











     output_toggle(PIN_D1);  //GSM Indicator LED


     count = 0;   //reset data buffer    

     data[count] = 0;


                        if(!input(PIN_C4)) //Accident Sensor switch.


            //Crash Message Handling

            output_high(PIN_D0); //LED Indicator

            get_GPS_data(lat,lngtd);  //Read GPS data for lat and lngtd

            fprintf(GSM,"AT+CMGS=\"%s\"\r\n",mynum); //Send SMS message to pre-defined number

            fprintf(GSM,"ALERT: Vehicle No.9999 Crashed at Latitude: %s Longitude: %s \r\n",lat,lngtd); //Send SMS data

            fputc(0x1A,GSM);  //^Z to send sms

            output_low(PIN_D0);  //LED Indicator




     fgets(data,GSM); //Read sms data into data buffer


     if(strlen(data) < 14)  //No message in string. returns OK or ERROR. Depends on Modem type




     //Delete the message

     fprintf(GSM,"AT+CMGD=1\r\n");  //delete message from SIM card



     //Read the available message content

      //extract the phone number from SMS Message


      get_phone_number(data,num);  //extract phone number into num variable

     if(strstr(data,wru)) //If the message contains "wru"







         fprintf(GSM,"Hello, I am located at ");

         fprintf(GSM,"Latitude: %s  Longitude: %s ",lat,lngtd);

         fprintf(GSM,"Speed: %s kmph. ",speed);

         fprintf(GSM,"Please use Google Earth to see my location.\r\n");        



     else if(strstr(data,about)) //If the message contains "about"




         fprintf(GSM,"B.Tech Final Year(2009-2010) Project \r\n");

         fprintf(GSM,"GPS & GSM Based Vehicle Theft Control System. \r\n");

         fprintf(GSM,"Engineering Final Year Project.\r\n");         



     else if(strstr(data,unlock))





         fprintf(GSM,"Vehicle got unlocked");



     else if(strstr(data,lock))






         fprintf(GSM,"Vehicle got locked out at location  ");

         fprintf(GSM,"Latitude: %s  Longitude: %s ",lat,lngtd);

         fprintf(GSM,"Please use Google Earth to see my location.\r\n");

         fputc(0x1A,GSM); //^Z


     else if(strstr(data,help))




         fprintf(GSM,"Send \"wru\" to get my location \r\n");

         fprintf(GSM,"Send \"about\" to know about me\r\n");

         fprintf(GSM,"Send \"lock\" to Lock the Vehicle Ignition.\r\n");

         fprintf(GSM,"Send \"unlock\" to Unlock.\r\n");








































—  VIP vehicle tracking.

—  Child and animal tracking.

—  Accident Notification of Vehicle.

—  Ambulance tracking.

  • Vehicle Theft Control









For the location of the vehicle, the GPS provides the information in the form of latitude and longitude which further requires software such as Google Map to know the name of the area and the nearest landmark. However by attaching an external Memory card to the project consisting of respective information can make the limitation to overcome
























         The project has been successfully designed and implemented for the “ADVANCED VEHICLE SECURITY SYSTEM WITH THEFT CONTROL AND ACCIDENT NOTIFICATION”.

          It has been developed by integrating features of all the hardware components used. Presence of every module has been reasoned out and placed carefully thus contributing to the best working of the unit.

          Secondly, using highly advanced IC’s and with the help of growing technology the project has been successfully implemented and tested.

         Finally we conclude that GPS and GSM based Security System add a huge for the rapid growth of Technology.
















Ø  The PIC microcontroller: your personal introductory course

                                                                                        - John Morton


Ø  Introduction to GPS: the Global Positioning System

                                                                                         -Ahmed El-Rabbany


Ø  Fundamentals Of Micro processors and Micro computers




Ø  Programming and Customizing the PIC Microcontroller

                                                                                       - Myke Predko


Ø  GSM: evolution towards 3rd generation systems

                                                                                      - Zoran Zvonar

                                                                                        Peter Jung

                                                                                        Karl Kammerlander


Ø  References on the Web:



You are not authorized to access this content.
You are not authorized to access this content.
You are not authorized to access this content.
You are not authorized to access this content.
You are not authorized to access this content.