Incoming Access (Closed User Group Supplementary Service)

Description

Incoming Access (IA) is a specific attribute or capability within the Closed User Group (CUG) Supplementary Service defined in 3GPP specifications. A CUG is a service that creates a private network within the public mobile network, restricting communication to a defined group of subscribers. The IA feature specifically governs the permissions for receiving incoming calls. A subscriber's CUG subscription includes an 'Incoming Access' indicator which can be either 'allowed' or 'barred'. When IA is 'allowed,' the subscriber is permitted to receive incoming calls from subscribers who are not members of any of the subscriber's own CUGs (i.e., from outside the private group). When IA is 'barred,' the subscriber can only receive incoming calls from members who share at least one common CUG index.

The service logic for IA is implemented in the core network, typically within the Home Location Register (HLR) and the Visited Mobile Switching Centre (VMSC) or MSC Server. The HLR stores the subscriber's CUG data, including the list of CUG indices they belong to and the associated IA permission for each CUG or as a general subscription flag. When a mobile-terminated call is routed to the serving MSC, the MSC performs CUG interrogation. It checks the calling party's number (and their CUG membership, if available from the originating network) against the called party's CUG subscription data received from the HLR. The key check for IA involves determining if the calling and called parties share a common CUG. If they do, the call is allowed. If they do not share a common CUG, the call is only allowed to proceed if the called subscriber's IA feature is 'allowed'. If IA is 'barred' and no common CUG exists, the MSC rejects the call, often with a specific tone or announcement.

IA is one of several interrelated CUG features. It is often used in conjunction with 'Outgoing Access' (OA), which controls the ability to make calls outside the CUG. The combination of IA and OA settings allows for flexible private network configurations, such as a 'hybrid' CUG where members can call out to the public network (OA allowed) but cannot receive calls from it (IA barred). The service is invoked on a per-call basis for mobile-terminated calls. The interaction with other supplementary services like Call Barring is also specified, with CUG typically taking precedence. IA is a fundamental tool for enterprise and group services, enabling the creation of secure, controlled communication environments within a public cellular network.

Purpose & Motivation

The Incoming Access feature was created to provide granular control within the Closed User Group service, which itself was designed to emulate Private Branch Exchange (PBX) or Virtual Private Network (VPN) functionality on public mobile networks. Early business customers required the ability to define private groups where communication could be restricted, but with flexible policies regarding interaction with the outside world. A simple, fully closed group (no calls in or out) was often too restrictive. The IA feature solved the specific problem of inbound call control from non-members.

This addressed a key business need: defining groups where members could be reachable only by other group members (IA barred), creating a secure, members-only environment. Alternatively, a group could be configured to allow members to receive important calls from outside (e.g., from clients or headquarters) while still restricting their outgoing calls (if OA is barred). This flexibility was crucial for the adoption of CUG services by enterprises, government agencies, and other organizations. It allowed network operators to offer tailored communication packages that met specific security and operational policies, generating additional revenue and customer loyalty. The standardization of IA in 3GPP Release 4 and its persistence through later releases underscores its enduring role as a foundational supplementary service for managed group communications.