1.1 Bluetooth in a Nutshell

Bluetooth wireless technology is a specification designed to enable wireless communication between small, mobile devices. The inspiration behind this technology was the concept to eliminate the need for proprietary cables, which are currently required to enable device connectivity. For instance, in order to transfer images from a digital camera to a laptop PC, a cable is needed in order to connect the camera to the laptop. Each camera manufacturer and model has a different cable requirement. In fact every hand held device manufactured which allows connectivity with a PC has a different cable configuration. Imagine a scenario in which both the laptop PC and the digital camera use Bluetooth wireless technology. In this case there is no need for cables to transfer data between devices. Expanding that idea to include all hand held mobile electronic devices is, in a nutshell, the Bluetooth wireless technology vision.

In addition to eliminating the need for cables and dongles to connect devices, Bluetooth enables devices to form small, ad hoc wireless networks called piconets. These wireless connections are established using a radio transceiver embedded within each Bluetooth device. The radio operates in the 2.4 GHz Industrial, Scientific, and Medical (ISM) band which is globally available[1]. The Bluetooth Radio is designed to operate in a noisy radio environment and to provide a fast, robust, and secure connection between devices. A full duplex data exchange rate of up to 1 Mb/s may be achieved in which a Time-Division Duplex (TDD) scheme is used. Stability is ensured by implementing a frequency hopping scheme which enables Bluetooth Radio modules to avoid interference from other signals after transmitting or receiving a data packet. Security within Bluetooth connections is implemented at the hardware layer, with the option of using one of three security levels.

1.2 The Bluetooth Family Tree

While Bluetooth wireless technology has many features unique to its own specification, it has borrowed heavily from several existing wireless standards, including Motorola's Piano, IrDA, IEEE 802.11, and Digital Enhanced Cordless Telecommunications (DECT). Motorola's Piano was developed with the concept of forming ad hoc "Personal Area Networks." This concept was adopted by the Bluetooth SIG to expand the capabilities of the original Bluetooth concept beyond simple cable replacement. The voice data transmission capabilities of Bluetooth are derived from the DECT specification. The object exchange capabilities (the ability to share business card, contact information, messages, etc.) are derived from the IrDA specifications. Bluetooth also inherits the use of the 2.4GHz ISM band, Frequency Hopping Spread Spectrum (FHSS), authentication, privacy, power management, and LAN capabilities provided by the IEEE 802.11 specification.

1.3 Bluetooth Wireless Solution Components

There are four major components in any Bluetooth wireless technology system: a radio unit, a baseband unit, a software stack, and application software. The radio unit is the actual radio transceiver which enables the wireless link between Bluetooth devices. The baseband unit is hardware, consisting of flash memory and a CPU, which interfaces with the radio unit and the host device electronics at the hardware level. The baseband hardware provides all required functionality to establish and maintain a Bluetooth wireless connection between devices. The software stack is essentially driver software or firmware which enables the application level software to interface with the baseband unit. The application software implements the user interface and overall functionality of the Bluetooth device.

2.0 Bluetooth Radio

The Bluetooth wireless interface is enabled via a radio transceiver which operates within the 2.4 GHz ISM band. The Bluetooth Radio specification complies with United States FCC as well as international regulations on power output within the ISM band. Bluetooth Radio supports spectrum spreading which allows operation at power levels up to 100mW worldwide. Spectrum spreading is accomplished by frequency hopping in 79 hops displaced by 1 MHz, starting at 2.402 GHz and stopping at 2.480 GHz. The maximum frequency hopping rate is 1600 hops/s. Due to regulations in France[1], and Spain the number of hops is reduced which limits the allowed frequency spectrum of operation within those countries. These special case situations are handled by an internal software switch which limits the number of frequency hops used by the radio unit. The nominal link range between Bluetooth wireless devices is 10 centimeters to 10 meters, but may be extended to more than 100 meters by increasing transmit power or by taking advantage of the supported Bluetooth Baseband network topology.

3.0 Bluetooth Baseband

A more proper term for this section would be 'Link Control Unit'. Within the Bluetooth Specification, the Link Controller (LC) is the actual hardware unit which enables the physical RF link between Bluetooth devices and implements baseband protocols and Link Manager (LM) routines. The LM routines enable setup and control of links between between devices; and provide the host terminal interface which is allows the host device to use a Bluetooth wireless connection.

3.1 Connection Establishment

All Bluetooth devices are in standby mode by default. In standby mode, unconnected devices periodically listen for messages. This procedure is called scanning. Scanning is divided into two types, page scan and inquiry scan. Page scan is defined as the connection substate in which a device listens for its own device access code (DAC) for duration of the scan window (11.25 ms) and is used to set up an actual connection between devices. Inquiry scan is very similar to page scan except that in this substate the receiving device scans for the inquiry access code (IAC). Inquiry scan is used to discover which units are in range and what their device addresses and clocks are. Following a successful scanning procedure one of four possible connection states is possible which include: active, hold, sniff, and park. If the scanning procedure was unsuccessful or a connection is not desired by one or both of the devices no connection is made.

3.1.1 Page Scan, Page, and Page Response

During the page scan procedure a device assumes either the role of the master or of the slave. The device that is the slave unit wakes up every 11.25ms (scan window) to listen for its DAC. The scanning done by the slave unit is done on one frequency hop sequence which is determined by the hardware within the unit. The potential master unit scans using a page train. The page train is a way for the unit to cover all 32 possible frequency hops[2] and to locate the slave unit which is listening on only one of those hops. Every 1.28 seconds a different frequency hop is scanned by the master unit. It should be noted that the page train scheme actually involves two page trains. Train A covers half the number of possible frequency hops while Train B covers the other half. Train A is used by default but if no devices are found during an exhaustive search of those frequency hops Train B will be scanned.

During the page substate, the master repeatedly transmits the slave's DAC in an attempt to form a connection between the devices. This transmission occurs during each of the page hops with the page train. If at any point a response is received from the slave unit, the master unit enters the master response substate.

For the purposes of a quick explanation, the master response substate and the slave response substates will be discussed under the umbrella term page response. Page response is the substate in which vital information is exchanged between the master and slave units which allow a lasting connection to be formed.

3.1.2 Inquiry Scan, Inquiry, and Inquiry Response

Inquiry procedures involve the same mechanics of the page procedures. The only difference is the information exchanged between the devices. While in the inquiry substates, the master unit is looking for potential slaves and does not have the required DAC needed to establish a connection. The inquiry procedure enables the master device to get the required DAC from potential slave units. Within the inquiry procedures, the only information exchange is the slave unit responding with its address information. Following a successful inquiry scan, the master unit will enter the page scan procedures in order to establish a connection.

3.1.3 Connection Modes

The first of the four possible connection modes is active mode. In active mode, the Bluetooth device actively participates on the channel. Traffic within the channel is scheduled based on the needs of each active device within the piconet. The master also supports regular transmissions to keep all the slaves synchronized to the channel. When a Bluetooth device participates actively on a channel, it is assigned an Active Member Address (AM_ADDR) which is a 3 bit field. Being only 3 bits, there may be only 7 active slaves within a piconet at any one time. The all zero address is reserved which allows for only 7 addresses to be assigned to active member devices.

The next possible connection mode is hold mode. Hold mode is one of the three reduced power modes available to a Bluetooth device. Hold mode enables a device to keep its AM_ADDR and to support synchronous packets but not to support asynchronous packets. This mode enables the unit to free time in order to accomplish other tasks involving page or inquiry scans.

The next reduced power mode is sniff mode, which basically reduces the duty cycle of the slave's listening activity. This mode enables the unit to support synchronous and asynchronous packets and keep its AM_ADDR. This mode is primarily used to reduce the amount of power used by a device or to allow a device to time share in participation between two piconets.

The last possible mode is park mode, which allows a unit to not actively participate in the channel but to remain synchronized to the channel and to listen for broadcast messages. In park mode a slave device gives up its AM_ADDR and is assigned an 8 bit Parked Member Address (PM_ADDR). Being 8 bits, there may be up to 255 parked slaves if the PM_ADDR alone is used to identify the device (the all zero address has a special meaning). However, if the Bluetooth Device Address (BD_ADDR) is used an unlimited number of slaves may be parked in a given piconet.

3.2 Link and Packet Types

Bluetooth Baseband provides two types of physical links: Synchronous Connection-Oriented (SCO) and Asynchronous Connectionless (ACL). SCO and ACL links may be used on the same channel or physical RF link. SCO links may be used for both audio and data transmissions. Slave devices may transmit SCO data packets without being polled because SCO links have reserved time slots for transmission. ACL links may be used for data transmission only and slaves must be polled before they can transmit data. ACL links also support both symmetric and asymmetric traffic and are used to transmit broadcast messages from the master unit.

Any Bluetooth device may support either one ACL channel, three simultaneous SCO channels, or a simultaneous ACL and SCO channel. Traffic within the piconet is controlled by the master unit which allots bandwidth to each slave based on its application needs and available bandwidth. Each link between a master and slave may be of a different type than other links in a piconet. Furthermore, the link type between a master and slave may change arbitrarily during a session if the needs of the slave's application change.

3.3 Bluetooth Wireless Network Topology

The Bluetooth wireless system supports point-to-point and point-to-multi-point connections. An ad hoc Bluetooth scatternet may be established by linking several piconets together. A piconet is defined as a group of devices consisting of at least one master and one slave unit which all share the same frequency hopping sequence. A scatternet is a collection of interlinked piconets with each piconet maintaining its unique frequency hopping sequence. A Bluetooth device may link two piconets by being a slave in two different piconets. Additionally it may be a slave in one piconet while being a master in another piconet. Currently, a device may not participate in more than two piconets at the same time. The current specification also limits the number of piconets within a scatternet to 10 piconets. Within a scatternet of 10 fully loaded piconets, a full-duplex data rate of more than 6 Mb/s is possible.

3.4 Bluetooth Wireless Voice Transmission

Voice channels within Bluetooth wireless technology use the Continuous Variable Slope Delta Modulation (CVSD) voice coding scheme. The CVSD scheme was chosen for its robustness in handling dropped or damaged voice samples. Voice channels are SCO links and transmit at a data rate of 64kb/s.

3.5 Error Correction

There are three error correction schemes defined for Bluetooth baseband controllers: 1/3 rate Forward Error Correction code (FEC), 2/3 rate FEC code, and Automatic repeat request (ARQ). The purpose of applying the FEC scheme is to reduce the number of retransmissions; however, this creates overhead that reduces throughput in a reasonably error-free environment. To allow flexibility in implementation, there is no requirement within the Bluetooth packet specifications to apply FEC to payload data. Packet headers are always protected by a 1/3 rate FEC because this field contains link information which needs to survive bit errors. An unnumbered ARQ scheme is applied when data is transmitted in one time slot and is directly acknowledged by the recipient in the next time slot. For these data transmissions to be acknowledged, both the header error check and the cyclic redundancy check (CRC) must pass.

4.0 Bluetooth Security

The Bluetooth specification defines three security modes: non-secure, service-level security, and link level security. In the non-secure mode, the device does not initiate any kind of security procedure. In the service-level security mode, more flexibility in application access policies is allowed. Service-level security mode is especially useful when running several applications in parallel with differing security requirements. In the link level security mode, the device sets up security procedures before the link set-up is completed. Link level security provides applications with knowledge of "who" is at the other end of the link and provide authentication, authorization, and encryption services.

Authentication is a key component in any Bluetooth system which allows the user to develop a domain of trust between Bluetooth devices. Authentication services allow two devices to decide if a connection will be formed based on available identification at the hardware level. Once a connection has been established, additional security may be applied to the data transmission using encryption. Encryption procedures are applied to an existing connection between devices while authentication procedures dictate whether or not a connection will ever be formed.

The built-in Bluetooth security mechanisms are secure enough for most applications. However, in the event that the built in mechanisms are not sufficient, stronger encryption schemes may build into Bluetooth products at the software application level.

5.0 Bluetooth Link Management

The Link Manager (LM) is the software entity within the baseband which implements among other protocols, link setup, link authentication, and link configuration. When the LM discovers other remote LMs it communicates with them via the Link Manager Protocol (LMP). In order to perform its service provider role, the LM uses the services of the Link Controller (LC) which is the hardware entity enabling the creation of physical links with other devices.

The services provided by the Link Manager are:

• Transmitting and receiving data
• Requesting a remote device name
• Inquiring for a remote device link address (inquiry scan procedure)
• Negotiating and setting up the connection and link mode (ACL and/or SCO links)
• Authentication
• Determining the frame type on a packet-by-packet basis
• Setting a device in one of the three low power modes (hold, sniff, and park)
• Ensuring the master only starts transmission in specified, regularly spaced time slots

6.0 Bluetooth Application Software

All devices using Bluetooth wireless technology are required to support baseline interoperability feature requirements. The feature requirements are defined within the Bluetooth Profile Specification. The requirements may vary widely depending on the nature of the device. For instance, a device which provides LAN access using Bluetooth wireless technology would have far more feature requirements than a Bluetooth wireless mobile phone headset. The primary goal of the Bluetooth Profile requirements is to ensure that any device displaying the Bluetooth logo will interoperate with other Bluetooth devices. All devices which use Bluetooth wireless technology must be able to recognize each other and to discover the higher level abilities each device supports.

Footnotes:

[1] At the time of this writing, the French military has conceded to open the full ISM band as of 1, January 2000.