Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Contents at a Glance
Part ONE
Part TWO
Part THREE
Bluetooth Basics
xi
CHAPTER 1
What is Bluetooth?
CHAPTER 2
Technical Overview
10
CHAPTER 1
Bluetooth Protocol
11
CHAPTER 2
Radio Interface
13
CHAPTER 3
18
CHAPTER 4
38
CHAPTER 5
54
CHAPTER 6
80
CHAPTER 7
RFCOMM
96
CHAPTER 8
105
CHAPTER 9
112
CHAPTER 10
128
Bluetooth Profiles
136
CHAPTER 1
137
Profiles
i
Amplify Mindware
Table of Contents
Part ONE
Bluetooth Basics
CH. 1
Xi
What is Bluetooth?
1.1
Introduction
1.1.1
Open specification
1.1.2
Short-range wireless
1.1.3
1.1.4
1.2
1.3
1.2.1
1.2.2
SIG Progression
Summary
CH. 2
Technical Overview
2.1
2.2
Features
2.3
Bluetooth Components
2.4
Summary
Part TWO
10
CH. 1
Bluetooth Protocol
11
1.1
Protocol Architecture
11
1.2
Layer Functions
12
CH. 2
Radio Interface
13
2.1
Transmitter Characteristics
13
2.1.1
13
Frequency Hopping
2.1.2
Modulation
14
2.1.3
Spurious Emissions
15
ii
Amplify Mindware
2.1.4
15
Frequency Tolerance
2.2
15
Receiver Characteristics
2.2.1
15
Sensitivity Level
2.2.2
Interference Performance
15
2.2.3
Out-of-Band Blocking
16
2.2.4
16
2.2.5
16
2.2.6
Interference Signal
16
Summary
17
CH. 3
18
3.1
Introduction
18
3.2
Physical Channel
19
3.2.1
19
3.3
3.4
3.5
Time Slots
Physical Links
20
3.3.1
SCO Link
20
3.3.2
ACL Link
21
Packets
22
3.4.1
Access Code
22
3.4.2
Packet Header
23
3.4.3
Payload
24
3.4.4
Packet Types
25
Error Correction
27
3.5.1
28
3.5.2
28
3.5.3
ARQ scheme
28
3.6
29
3.7
Logical Channels
29
3.7.1
LC Control Channel
29
3.7.2
LM Control Channel
29
3.7.3
UA/UI Channel
29
iii
Amplify Mindware
3.7.4
3.8
3.9
3.10
US Channel
30
Channel Control
30
3.8.1
Bluetooth Clock
30
3.8.2
Clock Types
31
3.8.3
States
31
3.8.4
Access Procedures
32
3.8.5
Inquiry Procedures
33
3.8.6
Connection Modes
33
3.8.7
Scatternet
34
Audio
34
3.9.1
35
3.9.2
CVSD Codec
35
Bluetooth Addressing
35
Summary
37
CH. 4
38
4.1
Introduction
38
4.2
Format of LMP
38
4.3
39
4.3.1
40
4.3.2
Authentication
40
4.3.3
Pairing
41
4.3.4
41
4.3.5
41
4.3.6
Encryption
42
4.3.7
42
4.3.8
42
4.3.9
43
4.3.10
LMP Version
43
4.3.11
Supported Features
44
4.3.12
45
4.3.13
Name Request
45
iv
Amplify Mindware
4.4
4.3.14
Detach
46
4.3.15
Hold Mode
46
4.3.16
Sniff Mode
46
4.3.17
Park Mode
47
4.3.18
48
4.3.19
49
4.3.20
QOS
49
4.3.21
SCO Links
50
4.3.22
Multi-Slot Packets
50
4.3.23
Paging
51
Connection Establishment
51
Summary
53
CH. 5
54
5.1
Introduction
54
5.2
56
5.3
58
5.3.1
Command Packets
59
5.3.2
Event Packets
59
5.3.3
Data Packets
60
5.4
60
5.4.1
60
5.4.2
63
5.4.3
64
5.4.4
Informational parameters
69
5.4.5
Status Parameters
70
5.4.6
Testing Commands
71
5.5
Events
71
5.6
Flow Control
74
5.7
76
5.7.1
76
5.7.2
77
v
Amplify Mindware
5.7.3
77
5.7.4
78
Summary
79
CH.6
80
6.1
Introduction
80
6.1.1
81
6.2
6.3
6.4
General Operations
82
6.2.1
82
6.2.2
82
6.2.3
SAR
84
84
6.3.1
Events
86
6.3.2
Actions
88
Data Packet
90
6.4.1
Connection-Oriented Channel
90
6.4.2
Connectionless Channel
90
6.5
Signaling
91
6.6
Service Primitives
92
6.6.1
92
Summary
95
CH.7
RFCOMM
96
7.1
Introduction
96
7.1.1
96
7.2
Device Types
Service Overview
97
7.2.1
97
7.2.2
97
7.2.3
98
7.2.4
98
7.3
99
7.4
99
7.5
TS 07.10 Adaptations
100
vi
Amplify Mindware
7.6
7.5.1
100
7.5.2
101
7.5.3
Multiplexer commands
102
Flow Control
102
7.6.1
102
7.6.2
102
7.6.3
102
7.6.4
102
Summary
104
Ch.8
105
8.1
Introduction
105
8.1.1
105
8.2
8.3
SDP Services
106
8.2.1
Service Record
106
8.2.2
Service Attribute
107
8.2.3
Service Class
107
8.2.4
Data Elements
107
8.2.5
Service Search
108
8.2.6
108
Protocol Description
109
8.3.1
109
8.3.2
Error Handling
109
8.3.3
110
8.3.4
110
8.3.5
110
Summary
111
CH.9
112
9.1
Introduction
112
9.1.1
112
9.1.2
114
9.2
Call Control
115
vii
Amplify Mindware
9.3
Part THREE
9.2.1
Call Establishment
115
9.2.2
Call Clearing
118
Group management
120
9.3.1
120
9.3.2
120
9.3.3
Configuration Distribution
121
9.3.4
122
9.4
Connectionless TCS
124
9.5
Supplementary Services
124
9.5.1
124
9.5.2
125
9.5.3
Register Recall
126
Summary
127
CH.10
128
10.1
128
10.2
WAP in Bluetooth
128
10.2.1
129
10.2.2
129
10.2.3
129
10.3
130
10.4
Interpretability Requirements
130
10.4.1
130
10.4.2
131
10.5
131
10.6
132
10.6.1
133
Session Protocol
10.7
134
10.8
134
Summary
135
Bluetooth Profiles
136
CH. 1
137
Profiles
viii
Amplify Mindware
1.1
Introduction
137
1.2
138
1.2.1
138
Operation Modes
1.3
139
1.4
140
1.5
FAX Profile
140
1.6
Headset Profile
141
1.7
141
1.8
142
1.9
142
1.10
142
1.11
Synchronization Profile
142
1.12
Intercom Profile
143
1.13
143
Summary
144
References
145
146
ix
Amplify Mindware
Preface
The Bluetooth specification was originally developed by Ericsson in 1994 as a
short-range wireless technology for cable replacement. Since then, the specification
was adopted by several companies, which formed a trade association that is now known
as the Bluetooth Special Interest Group (SIG). In recent years, Bluetooth has grown
from a wireless cable replacement solution to incorporating virtually all types of wireless
applications including voice, data and multimedia.
Topics covered will be the design of the components that comprise the Bluetooth
Module protocol stack including the RF/Baseband layers, the Link Controller and
Manager Layers and the Host Controller Interface Layer. The Bluetooth Host stack will
also be covered including the Logical Link Control and Adaptation Protocol layer, the
RFCOMM layer, the Service Discovery layer and the Bluetooth Profiles. The protocol
stack also has provisions for QOS, security and power control that will also be
discussed. Bluetooth compared with other wireless technologies are also discussed.
x
Amplify Mindware
P A R T O NE
I N T RO D U C TI ON
T O T HE T EC H N O LO G Y
xi
Amplify Mindware
Bluetooth
Chapter One
What is Bluetooth?
What is Bluetooth?
1.1 INTRODUCTION
The term Bluetooth refers to an open specification for a technology to enable
short-range wireless voice and data communications anywhere in the world. This simple
and straightforward description of the Bluetooth technology includes several points that
are important to its understanding:
1.1.1 OPEN SPECIFICATION
The Bluetooth Special Interest Group (SIG) has produced a specification for
Bluetooth wireless communication that is publicly available and royalty free. To help
foster widespread acceptance of the technology, a truly open specification has been a
fundamental objective of the SIG since its formation.
1.1.2 SHORT-RANGE W IRELESS
There are many instances of short-range digital communication among
computing and communications devices; today much of that communication takes place
through cables. These cables connect to a mass of devices using a wide variety of
connectors with many combinations of shapes, sizes and number of pins; this can
become quite burdensome to users.
With Bluetooth technology, these devices can communicate without wires over a
single air-interface, using radio waves to transmit and receive data. Bluetooth wireless
technology is specifically designed for short-range nominally 10 meters communications;
one result of this design is very low power consumption, making the technology well
suited for use with small, portable personal devices that typically are powered by
batteries.
1
Amplify Mindware
Bluetooth
What is Bluetooth?
2
Amplify Mindware
Bluetooth
What is Bluetooth?
3
Amplify Mindware
Bluetooth
What is Bluetooth?
exchanges, the SIG produced a thorough specification in about one and one-half years
(version 1.0 of the specification, including profiles, was published in July 1999).
The SIG organized itself into several working groups, each with a focus on a
specific part of the technology or on some supporting service. These working groups
included:
The air interface working group, which focused on the radio and baseband
layers;
The software working group, which developed the specification for the protocol
stack;
The interoperability working group, which focused on profiles;
The compliance working group, which defined the testing, compliance and
certification process;
The legal working group, which managed the legal affairs of the SIG such as
membership and intellectual property agreements; and
The marketing working group, which promoted the technology and helped to
generate the marketing requirements that the specification was to address.
Some of the larger working groups, such as the software working group, were
further divided into task forces focusing on a particular layer of the Bluetooth protocol
stack. Coordinating all of these working groups and governing the overall SIG was a
program management committee composed of voting representatives from each of the
promoter companies.
In December 1999, four new promoter companies like 3Com Corporation, Lucent
Technologies Inc., Microsoft Corporation and Motorola, Inc., some of whom had made
contributions to the original specification as adopter companies joined the SIG. The
group remains very active today in maintaining the existing documentation and in
creating enhancements to the specification, along with new profiles. It easily can be
seen that it took an enormous effort to develop over 1,500 pages of complex and
detailed information in just over a years time. For many in the SIG this became their fulltime job or at least a primary responsibility. Issues, both technical and non-technical,
inevitably arose and were handled through discussion and voting when necessary, but in
general the development and refinement of specifications and profiles progressed in an
exemplary manner.
4
Amplify Mindware
Bluetooth
What is Bluetooth?
AND
HISTORY
5
Amplify Mindware
Bluetooth
What is Bluetooth?
Summary
Bluetooth refers to an open specification for a technology to enable shortrange wireless voice and data communications anywhere in the world.
The Bluetooth SIG has produced a specification for Bluetooth wireless
communication that is publicly available and royalty free.
The founding SIG members are Ericsson, Intel, IBM, Nokia, & Toshiba
6
Amplify Mindware
Bluetooth
Technical Overview
Chapter Two
OF
Technical Overview
BLUETOOTH
The aim has been set quite height. It is to arrive at a specification for a
technology that optimizes the usage model of all mobile computing and communications
devices, and providing
Global usage
Voice and data handling
The ability to establish ad-hoc connections
The ability to withstand interference from other sources in open band
Very small size, in order to accommodate integration into variety of devices
Negligible power consumption in comparison to other devices for similar use
An open interface standard
Competitively low cost of all units, as compared to their non-Bluetooth
correspondents
2.2 FEATURES
Bluetooth is a wireless technology that enables any electrical device to wirelessly
communicate in the 2.5 GHz ISM frequency band. It allows devices such as mobile
phones, headsets, PDA's and portable computers to communicate and send data to
each other without the need for wires or cables to link to devices together. It has been
specifically designed as a low cost, low power, radio technology, which is particularly
suited to the short range Personal Area Network (PAN) application.
The Main Features of Bluetooth:
Operates in the 2.4GHz frequency band without a license for wireless
communication.
Real-time data transfer usually possible between 10-100m.
Close proximity not required as with infrared data (IrDA) communication devices
as Bluetooth doesn't suffer from interference from obstacles such as walls.
7
Amplify Mindware
Bluetooth
Technical Overview
2.4 BLUETOOTH
8
Amplify Mindware
Bluetooth
Technical Overview
Summary
The main aim of bluetooth was to have global usage, Voice and data handling,
ability to establish ad-hoc connections, to withstand interference from other
sources in open band, less power consumption, open interface standard, etc.
Bluetooth Operates in the 2.4GHz (ISM) frequency band
Maximum data throughout is 1Mbps.
9
Amplify Mindware
Bluetooth
Technical Overview
PART TWO
BLUETOOTH
PROTOCOL AND NETWORK ASPECTS
10
Amplify Mindware
Bluetooth
Technical Overview
Chapter Three
Bluetooth Protocol
11
Amplify Mindware
Bluetooth
Technical Overview
12
Amplify Mindware
Bluetooth
Radio Interface
Chapter Four
Radio Interface
The Bluetooth system operates in the 2.4 GHz ISM (Industrial Scientific
Medicine) band. The range of this frequency band in Europe and USA is 2400 2483.5 MHz. This band may vary from one country to another due to frequency
limitations. For Spain and France the frequency band is 2445 2475 MHz and
2446.5 2483.5 MHz respectively. Channel spacing is 1 MHz. In order to comply
with out-of-band regulations a guard band is used at the lower and upper band edge.
Note 1: Pmin < -30 dBm is suggested, but not compulsory and may be application dependent.
13
Amplify Mindware
Bluetooth
Radio Interface
4.1.2 MODULATION
The operating band of 83.5 MHz is divided into 1MHz channel. To utilize
maximum available channel bandwidth, GFSK (Gaussian Frequency Shift Keying)
modulation scheme with a BT=0.5 is used producing the data rate of 1Mbps.
The Modulation index is between 0.28 and 0.35. The Bandwidth Product (BT)
is a product of adjacent signal frequency separation i.e. 0.5 MHz and symbol duration
i.e. 1 s. Modulation index can be represented as 2fdT, where T is symbol duration.
Thus,
2fdT
2fdT
fd
0.28 / (2 * 1 s)
fd
140 KHz
Modulation index
0.28
Therefore,
175 KHz
So the frequency deviation range is 140 KHz to 175 KHz. In addition, the minimum
deviation shall never be smaller than 115 kHz.
A binary one represents positive frequency deviation, and a binary zero
represents negative frequency deviation. The symbol timing shall be better than
20ppm. That means the clock managing the logic processing functionality for the
symbol must be accurate to 20ppm. The zero crossing error is the time difference
between the ideal symbol period and the measured crossing time. This shall be less
than 1/8 of a symbol period i.e. 0.12 s.
14
Amplify Mindware
Bluetooth
Radio Interface
15
Amplify Mindware
Bluetooth
Radio Interface
16
Amplify Mindware
Bluetooth
Radio Interface
Summary
Operates in 2.4 GHz ISM band.
Channel spacing is 1 MHz and Guard bands are use to avoid interference
Frequency Hopping algorithm is employed to calculate the frequency hop
sequence, which ensures maximum distance between adjacent hop channels
GFSK (Gaussian Frequency Shift Keying) modulation scheme with a BT=0.5 is
used producing the data rate of 1Mbps is used with index is between 0.28 and
0.35.
Spurious emission - The synthesizer must change frequency between receive
slot and transmit slot, but always returns to the same transmit frequency.
Receiver
Characteristics
include
Look
back
process,
Sensitivity
level,
Interference performance, out of band blocking, maximum usage level and RSSI.
17
Amplify Mindware
Bluetooth
Chapter Five
5.1 INTRODUCTION
Baseband is responsible for controlling the radio. This layer provides frequency
hopping. It also takes care of lower level encryption for secure links. It is a physical layer
of Bluetooth system. Baseband lies above the Bluetooth radio in the protocol stack and
acts as a link controlling the link with the link manager for carrying out link routines like
link connection and power control. A slotted channel with nominal slot length of 625 s is
used. For full duplex transmission, Time-Division Duplex (TDD) scheme is applied. On
the channel, information is exchanged through packets such that each packet is
transmitted on a different hop frequency covering a single slot, but can be extended to
cover up to five slots.
The Bluetooth protocol combines circuit as well as packet switching. Bluetooth
can support an asynchronous data channel, up to three simultaneous synchronous voice
channels, or a channel, which simultaneously supports asynchronous data and
synchronous voice. Each voice channel supports a 64 kb/s synchronous (voice) channel
in each direction and asynchronous channel can support maximal 723.2 kb/s
asymmetric, or 433.9 kb/s symmetric.
The Bluetooth system provides a point-to-point connection as well as point-tomultipoint connection. In the point-to-multipoint connection, the channel is shared among
several Bluetooth units forming a piconet. Maximum of eight units can participate in a
piconet with one unit acting as the master of the piconet and the other remaining units
acting as slaves in an active mode. In addition, many more slaves can remain locked to
the master in a parked state, which remain synchronized to the master. The master
controls both for active and parked slaves. Multiple piconets with overlapping coverage
areas form a scatternet. Only one master is present in each piconet. However, slaves
can participate in different piconets on a time-division multiplex basis. In addition, a
master in one piconet can become a slave in another piconet. Each piconet has its own
hopping channel. This is described in the diagram below,
18
Amplify Mindware
Bluetooth
19
Amplify Mindware
Bluetooth
20
Amplify Mindware
Bluetooth
slot at regular intervals for sending SCO packets using, the so-called SCO interval TSCO.
The SCO slave is always allowed to respond with an SCO response packet in the
following slave-to-master slot unless it finds that the decoded packet header is
inappropriate and is not addressed as expected. If the SCO slave fails to decode the
slave address in the packet header, it is still allowed to return an SCO response packet
in the reserved SCO response slot. Master uses LM protocol to establish the SCO link
by sending the SCO setup message. This message contains timing parameters such as
the SCO interval TSCO and the offset DSCO to specify the reserved slots.
In order to prevent clock wrap-around problems, an initialization flag in the LMP
setup message indicates whether initialization procedure 1 or 2 is to be used by slave.
The master uses initialization 1 when the MSB of the current master clock (CLK27) is 0;
it uses initialization 2 when the MSB of the current master clock (CLK27) is 1. The
master-to-slave SCO slots reserved by the master and the slave shall be initialized on
the slots for which the clock satisfies the following equation:
CLK27-1 mod TSCO = DSCO for initialization 1
(CLK27, CLK26-1) mod TSCO = DSCO for initialization 2
The slave-to-master SCO slots shall directly follow the reserved master-to-slave
SCO slots. After initialization, the clock value CLK (k+1) for the next master- to-slave
SCO slot is found by adding the fixed interval TSCO to the clock value of the current
master-to-slave SCO slot:
CLK (k+1) = CLK (k) + TSCO
21
Amplify Mindware
Bluetooth
address in the packet header, it is not allowed to transmit. ACL packets not addressed to
a specific slave are considered as broadcast packets and are read by every slave.
5.4 PACKETS
The data on the piconet channel is conveyed in packets. The general packet
format is shown below
The Packet consists of 3 entities: the access code, the header, and the payload.
The access code is 72 bits and header is 54 bits in length. The payload can range from
zero to a maximum of 2745 bits.
5.4.1 ACCESS CODE
The access code is used for synchronization, DC offset compensation and
identification. The access code identifies all packets exchanged on the channel of the
piconet such that they are preceded by the same channel access code. The access
code is also used in paging and inquiry procedures. In this case, the access code itself is
used as a signaling message and neither a header nor a payload is present.
There are three different types of access codes defined:
Channel Access Code (CAC) identifies the piconet and is included in all
packets exchange over piconet.
Device Access Code (DAC) used for paging and its response.
Inquiry Access Code (IAC) is further divided into General IAC (GIAC) used to
discover other Bluetooth devices and Dedicated IAC (DIAC) used to discover
other Bluetooth devices with same characteristics.
CAC consists of preamble, sync word and trailer with 72 bits length whereas
DAC and IAC does not have trailer and is 68 bits long.
22
Amplify Mindware
Bluetooth
Preamble is 4-bit pattern of alternating ones and zeros and is either 1010 or 0101
depending upon the LSB of sync word whether it is 1 or 0 respectively. It is used
for DC offset compensation.
Sync word is 64 bit word derived from 24-bit LAP of Bluetooth device address.
For the CAC the masters LAP is used; for the GIAC and the DIAC, reserved,
dedicated LAPs are used; for the DAC, the slave unit LAP is used.
Trailer is 4-bit code with zero-one bit pattern. It can be either 1010 or 0101
depending whether the MSB of sync word is 0 or 1 respectively. It is used for DC
offset compensation.
5.4.2 PACKET HEADER
Header length is 18 bits and is encoded with the rate of 1/3 FEC resulting in 54bit header.
23
Amplify Mindware
Bluetooth
24
Amplify Mindware
Bluetooth
The payload body has actual user information or data and length field in payload
header determines its length. CRC code is used for data integrity.
ID packet: This carries DAC or IAC. It takes one slot space for
transmission having 68-bit fixed length and is used for paging, inquiry.
NULL packet: This has no payload consisting of CAC and packet header.
It is 126-bit long and is never acknowledged. It is used for getting link
information and flow control.
POLL
packet:
It
is
similar
to
NULL
packet,
but
it
requires
DM1 packet: It is recognized on SCO link as well on ACL link and may
carry user data, although it is a control packet.
HV1 packet: It carries 10 user information bytes. Typically used for voice
transmission (stands for HIGH VOICE) with 1/3 FEC encoded. Payload
length is 240 bits with no payload header.
25
Amplify Mindware
Bluetooth
o
HV3 packet: It carries 30 user information bytes. Typically used for voice
transmission (stands for HIGH VOICE) without any FEC encoded.
Payload length is 240 bits with no payload header.
DV packet: It carries combined data and voice. Voice is not FEC encoded
whereas data is 2/3 FEC encoded. No CRC coding used for voice. But
data field is 16-bit CRC coded. The payload is divided into 80-bit voice
and 150-bit data.
DM1 packet: It carries 18 information bytes with data only having 16-bit
CRC code. DM is Data Medium rate. It is 2/3 FEC encoded.
DH1 packet: This is similar to DM1 packet; the only major difference is it
is not FEC encoded. It carries 28 information bytes with data only having
16-bit CRC code. DM is Data High rate.
DM3 packet: This is similar to DM1 packet with larger payload extending
for 3 time slots. It carries 123 information bytes with data only having 16bit CRC code. It is 2/3 FEC encoded.
DH3 packet: This is similar to DM1 packet; the only major difference is it
is not FEC encoded. It carries 185 information bytes with data only having
16-bit CRC code.
DM5 packet: It carries 226 information bytes with data only having 16-bit
CRC code. DM is Data Medium rate. It is 2/3 FEC encoded. It occupies
5 time slots.
26
Amplify Mindware
Bluetooth
o
AUX1 packet: This can carry 30 information bytes. It resembles DH1 but
no CRC code. It occupies only one slot.
Table 5.4 summarizes the packets defined so far for the SCO and ACL link
types.
27
Amplify Mindware
Bluetooth
28
Amplify Mindware
Bluetooth
29
Amplify Mindware
Bluetooth
The UA channel carries L2CAP transparent asynchronous user data. This data
may be transmitted in one or more packets. Timing start packets properly at higher
levels supports UI channel
5.7.4 US CHANNEL (USER SYNCHRONOUS DATA)
The US channel carries transparent synchronous user data. This channel is
carried over the SCO link.
30
Amplify Mindware
Bluetooth
other clock appearances. CLKE and CLK are derived from the reference CLKN by
adding an offset. CLKE is a clock estimate a paging unit makes of the native clock of the
recipient.
31
Amplify Mindware
Bluetooth
The Standby state is the default state in the Bluetooth unit. In this state, the
Bluetooth unit is in a low-power mode. Only the native clock is running. The controller
may leave the Standby state to scan for page or inquiry messages, or to page or inquiry
itself. When responding to a page message, the unit will not return to the STANDBY
state but enter the Connection state as a slave. When carrying out a successful page
attempt, the unit will enter the Connection state as a master.
5.8.4 ACCESS PROCEDURES
In order to establish new connections the procedures inquiry and paging are
used. The inquiry procedure enables a unit to discover which units are in range, and
what their device addresses and clocks are. With the paging procedure, an actual
connection can be established. Only the Bluetooth device address is required to set up a
connection. Knowledge about the clock will accelerate the setup procedure. A unit that
establishes a connection will carry out a page procedure and will automatically be the
master of the connection. In the paging and inquiry procedures, the device access code
32
Amplify Mindware
Bluetooth
(DAC) and the inquiry access code (IAC) are used, respectively. A unit in the page scan
or inquiry scans substate correlates against these respective access codes with a
matching correlator. For the paging process, several paging schemes can be applied.
There is one mandatory paging scheme which has to be supported by each Bluetooth
device. This mandatory scheme is used when units meet for the first time, and in case
the paging process directly follows the inquiry process.
5.8.5 INQUIRY PROCEDURES
In the Bluetooth system, an inquiry procedure is defined which is used in
applications where the destinations device address is unknown to the source. One can
think of public facilities like printers or facsimile machines, or access points to a LAN.
Alternatively, the inquiry procedure can be used to discover which other Bluetooth units
are within range. During an inquiry substate, the discovering unit collects the Bluetooth
device addresses and clocks of all units that respond to the inquiry message. It can then,
if desired, make a connection to any one of them by means of the previously described
page procedure. The inquiry message broadcasted by the source does not contain any
information about the source. However, it may indicate which class of devices should
respond.
There is one general inquiry access code (GIAC) to inquire for any Bluetooth
device, and a number of dedicated inquiry access codes (DIAC) that only inquire for a
certain type of devices. The inquiry access codes are derived from reserved Bluetooth
device addresses. A unit that wants to discover other Bluetooth units enters an inquiry
substate. In this substate, it continuously transmits the inquiry message at different hop
frequencies. The inquiry hop sequence is always derived from the LAP of the GIAC.
Thus, even when DIACs are used, the applied hopping sequence is generated from the
GIAC LAP. A unit that allows it to be discovered regularly enters the inquiry scan
substate to respond to inquiry messages. The following sections describe the message
exchange and contention resolution during inquiry response. The inquiry response is
optional: a unit is not forced to respond to an inquiry message.
5.8.6 CONNECTION MODES
Bluetooth in its Connection state can be in any of the four modes,
33
Amplify Mindware
Bluetooth
Active: In this mode both the master and the slave participate actively on the
channel by listening, transmitting or receiving the packets. Both the devices are
kept synchronized to each other.
Sniff: In this mode, the slave rather then listening on every slot for masters
message for that slave sniffs on specified time slots for its message. Hence the
slave can go to sleep in free slot to save power.
Hold: In this mode, a device can temporarily not support ACL packets and go to
low power sleep mode to make the channel available for things like paging etc.
Park: When a slave does not wants to participate in the piconet channel, but still
wants to be synchronize to the channel, it goes into a park mode.
5.8.7 SCATTERNET
Multiple piconets may cover the same area. Since each piconet has a different
master, the piconets hop independently, each with their own channel hopping sequence
and phase as determined by the respective master. In addition, the packets carried on
the channels are preceded by different channel access codes as determined by the
master device addresses. As more piconets are added, the probability of collisions
increases; a graceful degradation of performance results as is common in frequencyhopping spread spectrum systems. If multiple piconets cover the same area, a unit can
participate in two or more overlaying piconets by applying time multiplexing. To
participate on the proper channel, it should use the associated master device address
and proper clock offset to obtain the correct phase. A Bluetooth unit can act as a slave in
several piconets, but only as a master in a single piconet: since two piconets with the
same master are synchronized and use the same hopping sequence, they are one and
the same piconet. A group of piconets in which connections consists between different
piconets is called a scatternet.
A master or slave can become a slave in another piconet by being paged by the
master of this other piconet. On the other hand, a unit participating in one piconet can
page the master or slave of another piconet. Since the paging unit always starts out as
master, a master-slave role exchange is required if a slave role is desired.
5.9 AUDIO
A Bluetooth unit is capable of supporting up to three real time audio connections
at a rate of 64 kb/s. There are two types of audio codecs that are supported by the
34
Amplify Mindware
Bluetooth
Bluetooth Baseband module and can be used to code and decode the real time audio
data. The determination of which codec to use is up to the application to decide. The
codecs are,
5.9.1 LOG PCM CODEC (PULSE CODE MODULATION)
Since the voice channels on the air-interface can support a 64 kb/s information
stream, a 64 kb/s log PCM traffic can be used for transmission.
5.9.2 CVSD CODEC (CONTINUOUS VOICE SLOPE DELTA MODULATION)
A more robust format for voice over the air interface is a delta modulation. This
modulation scheme follows the waveform where the output bits indicate whether the
prediction value is smaller or larger then the input waveform. The system is clocked at
64 kHz.
LAP: The LAP is used often in the generation of the channel access code value.
LAP is used most often because the lower bits of the address are the most
unique portion of the address. By using LAP, Bluetooth is able to keep a large
base of unique identifiers as well as reduce the amount of data that must be
passed around on Bluetooth links and within the Bluetooth module itself.
35
Amplify Mindware
Bluetooth
UAP: The UAP is used primarily in the calculation of the Bluetooth units
frequency hopping sequence.
NAP: NAP is not used for much of anything in Bluetooth. Name itself tells that
those bits are not very much in use. They may be use as seeding bits in
implementation purposes.
Other Bluetooth addressing schemes are briefed below:
36
Amplify Mindware
Bluetooth
Summary
The channel is represented by a pseudo-random hopping sequence hopping
through the 79 or 23 RF channels.
The channel is divided into time slots where each slot corresponds to an RF hop
frequency; the hop rate is 1600 hops/s.
The SCO link is a symmetric, point-to-point link wherein the master reserves
slots for SCO link which takes place during a circuit switched connection
between master and a single slave
In the slots not reserved for SCO links, the master can exchange packets with
any slave on a per-slot basis using ACL link which is a Packet-switched
connection.
There are three types of packet types namely the common packets, ACL packets
and SCO packets
There are five logical channels in bluetooth. They are LC, LMUA, UI,and US
Four types of clock in Bluetooth namely the bluetooth clock, Native clock,
Estimated clock and the master clock.
Active; Sniff; Hold; Park are the four connection modes.
37
Amplify Mindware
Bluetooth
Chapter Six
6.1 INTRODUCTION
There are two issues that are to be dealt with network management protocols
and applications. One deals with the set of services provided by the protocol and second
deals with the set of mechanisms used by the protocol to deliver those services. The link
manager controls paging, changing slave modes and handling necessary changes in
master/slave transactions. Its also manages the link and control of multislot packets.
Security, QOS and authentication are some of the added capabilities of LM. The link
managers communicate with each other by means of LMP Link Manager Protocol,
which uses underlying Baseband services. LMP is a command / response packet
oriented protocol. The Bluetooth LMP is used to control logical link establishment,
manage security, and provide general control services. It operates on top of the logical
link protocol for data exchange.
The LMP packets that are sent in the ACL payload are differentiated from L2CAP
packets by a bit in ACL header. They are always sent in single slot packets and have a
higher priority over L2CAP packets. The packets are transported through the Bluetooth
Baseband link protocol. LMP packets are limited by size to make them fit into the single
time slot.
6.2 FORMAT
OF
LMP
LM PDUs are always sent as single-slot packets with the payload header being
one byte. Logical channel is depicted in the two least significant bits in the payload
header. For LM PDUs these bits are set to 11. FLOW bit is always one.
38
Amplify Mindware
Bluetooth
Each PDU is assigned a 7-bit opcode. This identifies different types of PDUs.
The opcode and a one-bit transaction ID are positioned in the first byte of the payload
body. The transaction ID is positioned in the LSB as shown above. The transaction id is
0 if the PDU belongs to a transaction initiated by the master and 1 if the PDU belongs to
a transaction initiated by the slave. Extra parameters these are placed in the payload
starting at the second byte of the payload body. The number of bytes used is parameter
length dependent. The source/destination of the PDUs is determined by the AM_ADDR
in the packet header. Each PDU is either mandatory or optional denoted by M/O field.
The LM does not need to be able to transmit a PDU that is optional. The LM must
recognize all optional PDUs that it receives and, if a response is required, send a valid
response according to the procedure rules. If the optional PDU that is received does not
require a response, no response is sent.
AND
PDUS
39
Amplify Mindware
Bluetooth
6.3.2 AUTHENTICATION
The verifier sends an LMP_au_rand PDU having a random number to the
claimant. The claimant calculates a response, using the challenge sent by verifier; the
claimants BD_ADDR and a secret key and sends back the calculated response to the
verifier. The verifier checks if the response was correct or not. A secret key has to be
shared by two devices for this process. Both the master and the slave can be verifiers.
The authentication procedure is thus based on a challenge-response scheme. The
following PDUs are used in the authentication procedure:
If the claimant has a link key associated with the verifier, it calculates the
response and sends it to the verifier with LMP_sres. The verifier checks the response. If
the response is not correct, the verifier can end the connection by sending LMP_detach
with the reason code authentication failure.
If the claimant does not have a link key associated with the verifier it sends
LMP_not_accepted with the reason code key missing after receiving LMP_au_rand.
40
Amplify Mindware
Bluetooth
6.3.3 PAIRING
In this scheme, authentication response is based on initialization key instead of
the link key. When two devices do not have a common link key an initialization key is
created based on a PIN and a random number using which authentication is done. The
PDUs used in the pairing procedure are:
41
Amplify Mindware
Bluetooth
6.3.6 ENCRYPTION
If at least one authentication has been performed encryption may be used. If the
master wants all slaves in the piconet to use the same encryption parameters it must
issue a temporary key and make this key the current link key for all slaves in the piconet
before encryption is started. This is necessary if broadcast packets should be encrypted.
42
Amplify Mindware
Bluetooth
the device that becomes master in the switch procedure. If the master initiates the switch
procedure, the slave sends LMP_slot_offset before sending LMP_accepted. If the slave
initiates the switch procedure, the slave sends LMP_slot_offset before sending
LMP_switch_req. The PDU can also be useful in inter-piconet communications.
43
Amplify Mindware
Bluetooth
specifies the version of the Bluetooth LMP specification that the device supports.
CompId is used to track possible problems with the lower Bluetooth layers. All
companies that create a unique implementation of the Link Manager shall have their own
CompId. The same company is also responsible for the administration and maintenance
of the Sub-VersNr. It is recommended that each company has a unique Sub-VersNr for
each RF/BB/LM implementation. For a given VersNr and CompId, the values of the SubVersNr must increase each time a new implementation is released. For both CompId
and Sub-VersNr the value 0xFFFF means that no valid number applies. There is no
ability to negotiate the version of the LMP. The sequence below is only used to
exchange the parameters.
44
Amplify Mindware
Bluetooth
If
the
switch
is
rejected,
the
other
device
responds
with
45
Amplify Mindware
Bluetooth
6.3.14 DETACH
The connection between two Bluetooth devices can be closed anytime by the
master or the slave. A reason parameter is included in the message to inform the other
party of why the connection is closed.
46
Amplify Mindware
Bluetooth
the slave must listen, beginning at the sniff slot, even if it does not receive a packet with
its own AM address. The sniff timeout parameter determines for how many additional
slots the slave must listen if it continues to receive only packets with its own AM
address.
47
Amplify Mindware
Bluetooth
48
Amplify Mindware
Bluetooth
6.3.20 QOS
The Link Manager provides Quality of Service capabilities. QOS is determine by
the poll interval, which is defined as the maximum time between subsequent
transmissions from the master to a particular slave.
49
Amplify Mindware
Bluetooth
50
Amplify Mindware
Bluetooth
6.3.23 PAGING
LMP provides a means to negotiate the paging scheme, which is to be used the
next time a unit is paged.
51
Amplify Mindware
Bluetooth
52
Amplify Mindware
Bluetooth
Summary
LMP is a command / response packet oriented protocol.
LMP packets are limited by size to make them fit into the single time slot.
LMP procedures include authentication, Pairing, Change Link key, change the
current link key, Encryption, Clock offset request, Time Accuracy Information
Request, LMP Version, Supported Features, Switch of Master-Slave Role, Name
Request, Detach, Hold Mode, Sniff Mode, Park Mode, Power Control, Channel
Quality-Driven Change Between DM And DH, QOS, SCO Links, Multi-Slot
Packets, Paging and Connection Establishment
53
Amplify Mindware
Bluetooth
Chapter Seven
The Link Management Protocol, Baseband and the Radio are implemented in the
Bluetooth hardware modules. These modules can be interfaced with the host in many
ways.
7.1 INTRODUCTION
The HCI provides a uniform interface method between the Bluetooth hardware
capabilities and the Bluetooth Host. The HCI exists across three sections, The Bluetooth
Host, Physical Bus (Transport Layer) and Bluetooth Hardware (Host Controller).
54
Amplify Mindware
Bluetooth
As shown above, the HCI firmware implements the HCI Commands by accessing
baseband commands, link manager commands, hardware status registers, control
registers, and event registers. Several layers may exist between the HCI driver on the
host system and the HCI firmware in the Bluetooth hardware. The intermediate layers
between the HCI driver on the host system and the HCI firmware provide the ability to
transfer data without intimate knowledge about the type of data. The figure below
illustrates the path of a data transfer from one device to other.
The HCI driver on the Host exchanges data and commands and thus
communicates with the corresponding HCI firmware on the Bluetooth hardware. The
Host Control Transport Layer (i.e. physical bus) driver provides both HCI layers with the
ability to exchange information with each other. The Host will receive asynchronous
notifications of HCI events over Host Controller Transport Layer.
55
Amplify Mindware
Bluetooth
Bluetooth hardware consists of the Bluetooth radio and the Host Controller. The
Host Controller has a hardware digital signal processing part the Link Controller (LC), a
CPU core, and it interfaces to the host environment.
The Link Controller (LC) consists of hardware and software parts that perform
Bluetooth baseband processing, and physical layer protocols such as ARQ protocol and
FEC coding.
The CPU core will allow the Bluetooth module to handle Inquiries and filter Page
requests without involving the host device. The Link Manager (LM) software runs on the
CPU Core. The LM discovers other remote LMs and communicates with them via the
Link Manager Protocol (LMP) to perform its service provider role using the services of
the underlying Link Controller (LC).
Various physical bus interfaces could be used to connect to the Bluetooth
hardware. The Bluetooth Host Controller initially supports two physical bus architectures,
USB, and PC Card.
USB supports a single physical channel (via Endpoints) over which several
logical channels can exist thus avoiding additional physical interfaces for control, data,
and voice channels. However USB does not have direct access to registers/memory on
the Bluetooth module. Instead, this is done by using the appropriate HCI Commands and
by using the Host Controller Transport Layer interface.
Besides the USB interface, Compact Flash/PC Card interfaces are an option for
an integrated PC solution. Unlike USB, all traffic between the Host and the Bluetooth
module will go across the PC Card bus interface. PC cards have direct access to
registers/memory on the Bluetooth module.
56
Amplify Mindware
Bluetooth
The responsibility of enumerating devices that are in range of the Bluetooth bus
rests with an RF Bus Driver RFBD. The RFBD is the core of Bluetooth software stack. It
co-exists with an HCI Driver in same binary. The HCI driver is responsible for all
interactions with the Bluetooth Host Controller present on the Bluetooth module
interfacing to the PC. It also serves to abstract the Bluetooth hardware interface in terms
of a private interface exposed by it.
An HCI transport driver is typically layered under the HCI driver. It has the
responsibility of handling the interface used to connect the Bluetooth device hardware
module to PC. Two such HCI transport drivers for the purposes of exposition: USB driver
stack and PC card driver. It is important to note that the only one HCI transport driver is
to be active at any given time.
In case of USB transport, the Bluetooth module interface with the PC using USB.
The HCI commands are transported using the USB control pipe, HCI events are
transported on to the USB interrupt pipe, asynchronous data are transported as USB
bulk data, and synchronous data are transported over USB isochronous pipes as
specified in the HCI USB specification. The Bluetooth USB minidriver on the OS, USB
stack is responsible for abstracting the HCI transport specifics and presenting the data,
events and commands to the HCI driver in a transport-independent manner. An IRPbased6 interface is defined under the HCI driver for this purpose, and all HCI transport
57
Amplify Mindware
Bluetooth
drivers use this interface to talk to the HCI driver. Having such common interface
enables support for different HCI transport drivers.
The Bluetooth drivers loaded by the RFBD (client driver) talk to the RFBD using a
kernel-mode interface called the RF Bus Driver Interface RFBDI. Client drivers typically
implement minidriver or port driver functionality for some class driver in OS. This is
important to ensure seamless integration into OS. The class drivers expose interface to
these drivers as domain specific APIs in user mode.
There is one key module in user mode and it is called Bluetooth Executive
BTEXEC. Among other tasks, the BTEXEC is responsible for exposing a user mode
interface that all user-mode applications can use to access Bluetooth functionality. The
interface is called Bluetooth API BTAPI.
The inquiry process is initiated by a user command and it results in a command
to the Bluetooth host controller on the module through the HCI. This results in the LMP
and baseband firmware executing the inquiry sequence. The PC discovers the other
Bluetooth device, and this is communicated back to the host driver stack through some
HCI events carried across USB. Thus the HCI driver communicates virtually with the HCI
firmware on host Bluetooth module to learn about the new device. To do this, the USB
minidriver interfaces with the USB firmware on the module and USB stack, native OS,
interfaces with the USB controller and interfaces with the USB hardware on the host
module.
Once the HCI driver knows about the new device through events, the RFBD
propagates this information to the user. The user drives further actions on the device,
particularly those relating the service discovery.
58
Amplify Mindware
Bluetooth
59
Amplify Mindware
Bluetooth
The Connection Handle specifies the ACL connection for data. Packet Boundary
identifies whether the start of L2CAP packet or continuing fragment of L2CAP packet.
The Broadcast Flag identifies the broadcasting data. The Data Length is total data
length. The diagram below shows the HCI SCO Data Packet.
60
Amplify Mindware
Bluetooth
61
Amplify Mindware
Bluetooth
62
Amplify Mindware
Bluetooth
63
Amplify Mindware
Bluetooth
64
Amplify Mindware
Bluetooth
65
Amplify Mindware
Bluetooth
66
Amplify Mindware
Bluetooth
67
Amplify Mindware
Bluetooth
68
Amplify Mindware
Bluetooth
69
Amplify Mindware
Bluetooth
70
Amplify Mindware
Bluetooth
7.5 EVENTS
Events are returned back by the Bluetooth Module (Hardware) to the Bluetooth
Host in response to the commands given by the Bluetooth Host.
71
Amplify Mindware
Bluetooth
72
Amplify Mindware
Bluetooth
73
Amplify Mindware
Bluetooth
74
Amplify Mindware
Bluetooth
since the connection was established, if the event has not been returned before for a
particular connection handle). Based on the information returned in this event, and the
return parameters of the Read_Buffer_Size command that specify the total number of
HCI ACL and SCO Data Packets that can be stored in the Host Controller, the Host can
decide for which Connection Handles the following HCI Data Packets should be sent.
After every time it has transferred an HCI Data Packet, the Host must assume that the
free buffer space for the corresponding link type (ACL or SCO) in the Host Controller has
decreased by one HCI Data Packet. When the Host receives a new Number Of
Completed Packets event, the Host gets information about how much the buffer usage
has decreased since the previous time the event was returned. It can then calculate the
actual current buffer usage. While the Host Controller has HCI data packets in its buffer,
it must keep sending the Number of Completed Packets event to the Host at least
periodically; until it finally reports that all the pending ACL Data Packets have been
transmitted or flushed. The rate with which this event is sent is manufacturer specific.
For each individual Connection Handle, the data must be sent to the Host
Controller in HCI Data Packets in the order in which it was created in the Host. The Host
Controller must also transmit data on the air that is received from the Host for a given
Connection Handle in the same order as it is received from the Host. Furthermore, data
that is received on the air from another device must, for the corresponding Connection
Handle, be sent in HCI Data Packets to the Host in the same order as it is received. This
means that the scheduling is made on a Connection Handle basis. For each individual
Connection Handle, the order of the data must not be changed from the order in which
the data has been created.
The flow control from Host Controller to the Host may sometimes become
necessary. There is therefore a command Set_Host_Controller_To_Host_Flow_Control
to turn flow control on or off in that direction. If turned on, it works in exactly the same
way as described above. On initialization, the Host uses the Host_Buffer_Size command
to notify the Host Controller about the maximum size of HCI ACL and SCO Data Packets
sent from the Host Controller to the Host. The command also contains two additional
command parameters to notify the Host Controller about the total number of ACL and
SCO Data Packets that can be stored in the data buffers of the Host. The Host then
uses the Host_Number_Of_Completed_Packets command in exactly the same way as
the Host Controller uses the Number Of Completed Packets event (as was previously
described in this section). The Host_Number_Of_Completed_Packets command is a
75
Amplify Mindware
Bluetooth
special command for which no command flow control is used, and which can be sent
anytime there is a connection or when in local loop back mode. This makes it possible
for the flow control to work in exactly the same way in both directions, and the flow of
normal commands will not be disturbed.
When the Host receives a Disconnection Complete event, the Host can assume
that all HCI Data Packets that have been sent to the Host Controller for the returned
Connection_Handle have been flushed, and that the corresponding data buffers have
been freed. The Host Controller does not have to notify the Host about this in a Number
of Completed Packets event. If flow control is also enabled in the direction from the Host
Controller
to
the
Host,
the
Host
Controller
can
after
it
has
sent
Disconnection_Complete event assume that the Host will flush its data buffers for the
sent Connection_Handle when it receives the Disconnection_Complete event. The Host
does
not
have
to
notify
the
Host
Controller
about
this
in
Host_Number_Of_Completed_Packets command.
76
Amplify Mindware
Bluetooth
However no error correction is used in this endpoint and SCO data may get corrupted.
Event Packets are transferred using USB interrupt endpoint.
A class code will be used that is specific to all USB Bluetooth devices to allow
proper driver stack to load, regardless of which vendor builds the device. It also allows
the HCCI commands to be differentiated from USB commands across the control
endpoint. The codes are,
bbDeviceClass = 0xE0 for wireless controller
bbDeviceSubClass = 0x01 for RF controller
bbDeviceProtocol = 0x01 for Bluetooth Programming
77
Amplify Mindware
Bluetooth
This layer objective is to make it possible to use the Bluetooth HCI over one
physical RS232 interface between the Bluetooth host and the Bluetooth host controller.
There is error free link over RS232 interface.
The RS232 HCI packet frame is shown below.
78
Amplify Mindware
Bluetooth
Summary
The Link Management Protocol, Baseband and the Radio are implemented in the
Bluetooth hardware modules that are interfaced with host using HCI.
Bluetooth specification for HCI defines following packets: Command Packets,
Event Packets and Data Packets
The HCI Driver and Firmware communicates via the Host Controller Transport
Layer.
Different types of transport layers are used. They are USB transport layer,
RS232 transport layer, Serial transport layer, and UART.
79
Amplify Mindware
Bluetooth
Chapter Eight
8.1 INTRODUCTION
Logical Link Control and Adaptation Protocol also referred, as L2CAP is
responsible for multiplexing, SAR and group abstraction and QOS as shown below. It
provides connection-oriented and connectionless data services to layers above it with
maximum of 64-kbytes L2CAP data packets transmission and reception.
The L2CAP Specification is defined for only ACL links and no support for SCO
links is planned. However for ACL links AUX1 packet should not be used, as it does not
support data integrity through CRC check. The ACL payload header for single slot and
multi slot packet is shown below. The FLOW bit is set to 1 for L2CAP packet
transmission, else set to 0 indicating no further transmission.
80
Amplify Mindware
Bluetooth
functional
requirements
for
L2CAP
include
protocol
multiplexing,
segmentation and reassembly (SAR), and group management. Figure below shows how
L2CAP fits into the Bluetooth Protocol Stack.
As shown above L2CAP lies above the Baseband. It interfaces with other
communication protocols such as the Bluetooth Service Discovery Protocol, RFCOMM,
Telephony Control (TCS) and Audio.
Baseband SCO links are used for Voice-quality channels for audio and telephony
applications and packetized audio data, such as IP Telephony, may be sent using
communication protocols running over L2CAP.
Essential protocol requirements for L2CAP include simplicity and low overhead
with less consumption of power. Memory requirements for protocol implementation
should also be kept to a minimum. Furthermore, the protocol should be designed to
achieve reasonably high bandwidth efficiency.
81
Amplify Mindware
Bluetooth
82
Amplify Mindware
Bluetooth
The connectionless channels restrict data flow to a single direction whereas the
data flow is in both directions in connection-oriented channel. These channels are used
to support a channel group where the CID on the source represents one or more
remote devices. The signaling channel is a reserved channel for which CID is reserved.
CID allocation is shown in the table below.
83
Amplify Mindware
Bluetooth
8.2.3 SAR
Segmentation and reassembly (SAR) operations facilitates for having maximum
transmission unit (MTU) size larger than the largest Baseband packet. However the size
of packet sent from above layer of L2CAP to L2CAP must be below the MTU limit. The
protocol data units (PDUs) will be made by L2CAP by segmenting the higher layer
packet sent to L2CAP. If L2CAP runs directly over the Baseband Protocol, an
implementation may segment the packet into Baseband packets for transmission over
the air. If L2CAP runs above the host controller interface, an implementation may send
block-sized chunks to the host controller where they will be converted into Baseband
packets. As the Baseband controller receives ACL packets, it either signals the L2CAP
layer on he arrival of each Baseband packets, or accumulates a number of packets
before the receive buffer fills up or a timer expires before signaling the L2CAP layer. If
channel reliability is not needed, packets with improper lengths may be silently
discarded. For reliable channels, L2CAP implementations must indicate to the upper
layer that the channel has become unreliable.
84
Amplify Mindware
Bluetooth
Client is initiator of request and Server simply represents the responder of the
request. The vertical interface between two layers uses the prefix of the lower layer
offering the service to the higher layer, e.g., L2CA. The horizontal interface between two
entities of the same layer uses the prefix of the protocol (adding a P to the layer
identification), e.g., L2CAP. Events coming from above at initiator end are called
Requests (Req) which goes above on the peer of responder in form of Indications (Ind)
and corresponding replies in responder are called Responses (Rsp) which comes back
on the peer in initiator as Confirms (Cfm). Responses requiring further processing are
called Pending (Pnd). The notation for Confirms and Responses assumes positive
replies. Negative replies are denoted by a Neg suffix such as L2CAP_ConnectCfmNeg.
While Requests for an action always result in a corresponding Confirmation (for the
successful or unsuccessful satisfaction of the action), Indications do not always result
into corresponding Responses.
Message Sequence Chart (MSC) to illustrate the normal sequence of events.
The two outer vertical lines represent the L2CA interface on the initiator (the device
issuing a request) and the acceptor (the device responding to the initiators request).
Request commands at the L2CA interface result in Requests defined by the protocol.
When the protocol communicates the request to the acceptor, the remote L2CA entity
presents the upper protocol with an Indication. When the acceptors upper protocol
responds, the response is packaged by the protocol and communicated back the to
85
Amplify Mindware
Bluetooth
initiator. The result is passed back to the initiators upper protocol using a Confirm
message.
8.3.1 EVENTS
Events are partitioned into five categories: Indications and Confirms from lower
layers, Requests and Responses from higher layers, data from peers, signal Requests
and Responses from peers, and events caused by timer expirations. Thus events are all
incoming messages to the L2CA layer along with timeouts.
Lower-Layer to L2CAP events
The Bluetooth specification describes the following messages exchanged
between the lower layer protocol (Baseband) and L2CAP during connection process.
LP_ConnectCfm: Confirms the request to establish a lower layer connection.
LP_ConnectCfmNeg: Confirms the failure of request for connection from lower
layer.
LP_ConnectInd: Indicates lower layer for successful connection establishment.
LP_DisconnectInd: Indicates lower layer for shut down of connection.
LP_QoSCfm: Confirms request for a given QOS.
LP_QoSCfmNeg: Confirms the failure for request of QOS.
LP_QoSViolationInd: Indication to lower layer that a violation for QOS has
detected.
86
Amplify Mindware
Bluetooth
87
Amplify Mindware
Bluetooth
Request
from
upper
layer
for
the
immediate
disconnection of a channel.
L2CA_DisconnectRsp: Response from upper layer to the indication of a
disconnection request
L2CA_DataRead: Request from upper layer for the transfer of received data from
L2CAP entity to upper layer.
L2CA_DataWrite: Request from upper layer for the transfer of data from the
upper layer to L2CAP entity for transmission over an open channel.
RTX
The Response Timeout eXpired (RTX) timer is used to terminate the channel
when the remote endpoint is unresponsive to signaling requests.
ERTX
The Extended Response Timeout eXpired (ERTX) timer is used in place of the
RTX timer when it is suspected the remote endpoint is performing additional processing
of a request signal.
8.3.2 ACTIONS
Actions are partitioned into five categories: Confirms and Indications to higher
layers, Request and Responses to lower layers, Requests and Responses to peers,
data transmission to peers, and setting timers.
88
Amplify Mindware
Bluetooth
89
Amplify Mindware
Bluetooth
90
Amplify Mindware
Bluetooth
8.5 SIGNALING
Signaling commands passed between two L2CAP entities on remote devices for
event and action management with the CIS being 0x0001. The L2CAP packet containing
signal command and command format is shown below.
91
Amplify Mindware
Bluetooth
The code indicates the signaling command. Identifier is used to correlate the
request with response. Length indicates the data length.
The code and command mapping is shown below.
92
Amplify Mindware
Bluetooth
Connect: This primitive request for the initiation of the channel creation.
Connect Response: In response to connect service primitive, Connect Response
primitive is issued.
Configure: The use of this primitive requests the initial configuration (or
reconfiguration) of channel to a new set of channel parameters.
Configuration Response: In response to Configure service primitive this service
primitive is issued.
Disconnect: To disconnect the channel Disconnect primitive is used.
Write: this primitive request for the data transfer over the channel.
Read: These primitive requests for the data reception over the channel.
Group Create: The use of this primitive requests the creation of a CID to
represent a logical connection to multiple devices.
Group Close: Closes down the group.
Group Add Member: this primitive request for the addition of new member in the
group.
Group Remove Member: this primitive request for the deletion of a member from
the group.
Get Group Membership: Use of this primitive return the members of the group.
Ping: This primitive asks for the echo response from the peer L2CAP device.
Getinfo: This primitive asks for the configuration information response from the
peer L2CAP device.
Disable Connectionless Traffic: This primitive is used to disable reception of
connectionless data.
93
Amplify Mindware
Bluetooth
connectionless data.
94
Amplify Mindware
Bluetooth
Summary
L2CAP is responsible for multiplexing, SAR and group abstraction and QOS
It provides connection-oriented and connectionless data services to layers above
it with maximum of 64-Kbytes L2CAP data packets transmission and reception.
Segmentation and reassembly (SAR) operations facilitates for having maximum
transmission unit (MTU) size larger than the largest Baseband packet.
Events are partitioned into five categories: Indications and Confirms from lower
layers, Requests and Responses from higher layers, data from peers, signal
Requests and Responses from peers, and events caused by timer expirations.
Actions are partitioned into five categories: Confirms and Indications to higher
layers, Request and Responses to lower layers, Requests and Responses to
peers, data transmission to peers, and setting timers.
95
Amplify Mindware
Bluetooth
RFCOMM
Chapter Nine
RFCOMM
9.1 INTRODUCTION
RFCOMM is a cable replacement protocol, based on ETSI European
Telecommunication Standard Institute 07.10 specification. RFCOMM is a simple
transport protocol with framing multiplexing support, which can emulate 9 circuits of
RS232 serial ports over L2CAP layer supporting maximum of 60 connections
between two Bluetooth devices.
RFCOMM provides a communication path between two communicating
Bluetooth devices with a communication segment existing between them.
Type 2 devices are those that are part of the communication segment; e.g.
modems.
96
Amplify Mindware
Bluetooth
RFCOMM
The information transferred between two RFCOMM entities has been defined
to support both type 1 and type 2 devices. Type 2 devices only need some
information while other information is intended to be used by both. In the protocol, no
distinction is made between type 1 and type 2.
97
Amplify Mindware
Bluetooth
RFCOMM
9 . 2 . 3 MU L T I P L E E MU L A T E D S E RI A L P O R TS B E TW EE N TW O DE V I C E S
As two Bluetooth devices using RFCOMM in their communication may open
multiple emulated serial ports (60max), the number to be used is specific to
implementation. The active connection between two BT devices using RFCOMM is
identified using Data Link Connection Identifier (DLCI) which is unique to a single
RFCOMM session. It is 6 bits in length.
98
Amplify Mindware
Bluetooth
RFCOMM
BY
RFCOMM
AND ITS
99
Amplify Mindware
Bluetooth
RFCOMM
features and commands. The TS 07.10 frames become the payload of L2CAP
packets. The frame types and commands for this are shown below
100
Amplify Mindware
Bluetooth
RFCOMM
The opening flag and the closing flags in the 07.10 basic option frame are not
used in RFCOMM, instead it is only the fields contained between the flags that are
exchanged between the L2CAP layer and RFCOMM layer.
The address field identifies the multiplexed channel to which the frame belongs. The
control field specify the frame type, the length field indicates the data length the
default being 32 bytes; the maximum is 32767. Frequency Check Sequence (FCS) is
used for framing.
9.5.2 TS 07. 10 MULTIP LEXER STARTUP & CLOSEDOW N PROCEDU RE
At any time, there must be at most one RFCOMM session between any pair
of devices. When establishing a new DLC, the initiating entity must check if there
already exists an RFCOMM session with the remote device, and if so, establish the
new DLC on that. The Bluetooth BD_ADDR of the two endpoints identifies a session.
Step 1: Startup Procedure
The device opening up the first emulated serial port connection between two
devices is responsible for first establishing the multiplexer control channel.
This involves the following steps:
o
The device closing the last connection (DLC) is responsible for closing
the multiplexer by closing the corresponding L2CAP channel.
101
Amplify Mindware
Bluetooth
RFCOMM
102
Amplify Mindware
Bluetooth
RFCOMM
On Type 1 devices some port drivers will need to provide flow control services
as specified by the API they are emulating. An application may request a particular
flow control mechanism like XON/XOFF or RTS/CTS and expect the port driver to
handle the flow control. On type 2 devices the port driver may need to perform flow
control on the non-RFCOMM part of the communication path; i.e. the physical RS232 port.
103
Amplify Mindware
Bluetooth
RFCOMM
Summary
RFCOMM is a simple transport protocol with framing multiplexing support, which
can emulate 9 circuits of RS232 serial ports over L2CAP layer
Supports maximum of 60 connections between two Bluetooth devices.
RFCOMM is symmetric protocol, which sends TS 07.10 frames over L2CAP
using TS 07.10 frame features and commands.
There are different multiplex commands namely Remote Port Negotiation
Command (RPN), Remote Line Status Command (RLS), and DLC parameter
negotiation (PN)
104
Amplify Mindware
Bluetooth
Chapter Ten
10.1 INTRODUCTION
The service discovery protocol (SDP) provides a means to discover everchanging services of those devices in motion, which are in RF proximity of the client
device. It provides ability for the clients to search for the services using specific service
attributes. These services are categorized into classes for efficient service discovery
procedures. Those new services of the devices already in RF proximity of the client can
also be discover along with the services of the new devices entering the RF proximity.
Similarly SDP helps to determine those services that can become unavailable as the
device may leave the RF proximity of the client. No third device is involved in service
discovery procedures of two devices. SDP is independent of transport layer.
SDP client communicates with the SDP server to utilize the services offered by
the SDP server. The server maintains a list of service records that contains information
about services and their characteristics associated with the server. A client issues a SDP
request to the SDP server to retrieve particular service information with the SDP server
responding to the client request. If the client, or an application associated with the client,
decides to use a service, it must open a separate connection to the service provider in
order to utilize the service. A single Bluetooth device may function both as an SDP
server and as an SDP client. If multiple applications on a device provide services, an
105
Amplify Mindware
Bluetooth
SDP server may act on behalf of those service providers to handle requests for
information about the services that they provide. Similarly, multiple client applications
may utilize an SDP client to query servers on behalf of the client applications. The set of
SDP servers available to an SDP client, changes dynamically based on the RF proximity
of the servers to the client. In such cases on server availability, a potential client must be
notified by a means other than SDP. Later the client can use SDP request to query
services from the server. Similarly, there is no explicit notification via SDP given to the
client when the server leaves the RF proximity. In such case the client polls the server
and when it does not receive any response from server, it assumes that the server has
left the RF proximity of client.
106
Amplify Mindware
Bluetooth
107
Amplify Mindware
Bluetooth
this data element. It consists of header field and data field. The header consists of 5-bit
type descriptor and 3-bit size descriptor. The data is sequence of bytes such that the
size descriptor determines its length and its data type is determined by type descriptor.
10.2.5 SERVICE SEARCH
The Service Search Transaction allows a client to retrieve the service record
handles for particular service records based on the attribute values in those service
records. The capability is provided to search only for attributes whose values are
Universally Unique Identifiers (UUIDs). Important attributes of services that can be used
to search for a service are represented as 128-bit value UUIDs. A service search pattern
is a list of UUIDs used to locate matching service records. A service search pattern is
said to match a service record if each and every UUID in the service search pattern is
contained within any of the service records attribute values. The only time a service
search pattern does not match a service record is if the service search pattern contains
at least one UUID that is not contained within the service records attribute values.
10.2.6 BROW SING FOR SERVICES
In SDP, the mechanism for browsing for services is based on an attribute shared
by all service classes. This attribute is called the BrowseGroupList attribute. The value of
this attribute contains a list of UUIDs. Each UUID represents a browse group with which
a service may be associated for the purpose of browsing. When a client desires to
browse an SDP servers services, it creates a service search pattern containing the
UUID that represents the root browse group. All services that may be browsed at the top
level are made members of the root browse group by having the root browse groups
UUID as a value within the BrowseGroupList attribute. The services offered by an SDP
server may be organized in a browse group hierarchy, by defining additional browse
groups below the root browse group.
A service record with a service class of BrowseGroupDescriptor describes each
of these additional browse groups. A browse group descriptor service record defines a
new browse group by means of its Group ID attribute. In order for a service contained in
one of these newly defined browse groups to be browseable, the browse group
descriptor service record that defines the new browse group must in turn be browseable.
The hierarchy of browseable services that is provided by the use of browse group
descriptor service records allows the services contained in an SDP server to be
108
Amplify Mindware
Bluetooth
incrementally browsed and is particularly useful when the SDP server contains many
service records.
109
Amplify Mindware
Bluetooth
supplied
as
parameters.
The
SDP
server
generates
an
110
Amplify Mindware
Bluetooth
Summary
The service discovery protocol (SDP) provides a means to discover everchanging services of those devices in motion, which are in RF proximity of the
client device.
It provides ability for the clients to search for the services Supports maximum of
60 connections between two Bluetooth devices.
SDP is independent of transport layer.
111
Amplify Mindware
Bluetooth
Chapter Eleven
11.1 INTRODUCTION
TCS defines how telephone calls should be sent across a Bluetooth link. The
TCS provides:
Call Control (CC) used for signaling of speech or data call establishment and
release between Bluetooth devices.
Group Management used for group management signaling thus handling
groups of Bluetooth devices
ConnectionLess TCS (CL) used for signaling information exchange
112
Amplify Mindware
Bluetooth
signaling channel. In step B the same signaling channel is used to establish the speech
or data channel for data transfer as shown below.
113
Amplify Mindware
Bluetooth
114
Amplify Mindware
Bluetooth
of service to be used for the connection will be indicated, in particular the usage
of low power modes (L2CAP will inform LMP about this interface F).
D - The Call Control entity controls the LMP directly, for the purpose of
establishing and releasing SCO links.
E & G - The Group Management entity controls the LMP and LC/Baseband
directly during initialization procedures to control the inquiry, paging and pairing.
115
Amplify Mindware
Bluetooth
116
Amplify Mindware
Bluetooth
Side, shall send a CONNECT ACKNOWLEDGE message, and shall enter the
Active state.
Upon receipt of the CONNECT ACKNOWLEDGE message, the Incoming Side
shall connect to the bearer channel, stop timer T313 and enter the Active state.
While in the Active state, both sides may exchange any information related to the
ongoing call using INFORMATION messages.
117
Amplify Mindware
Bluetooth
118
Amplify Mindware
Bluetooth
Call States
The states are named as follows. States in bold are mandatory states, part of
Lean TCS:
General States
o
Null (0)
Active (10)
119
Amplify Mindware
Bluetooth
o
11.3 GROUP
MANAGEMENT
120
Amplify Mindware
Bluetooth
The device that needs access sends ACCESS RIGHTS REQUEST message
and starts T401 timer.
On receipt of the above message, the receiving device accepts the request by
sending ACCESS RIGHTS ACCEPT message.
The requesting device stops the timer T401 on receipt of ACCESS RIGHTS
ACCEPT message and the access rights procedure is completed successfully.
If the receiving device finds that is not in the position to accept the ACCESS
RIGHTS REQUEST message is responds with ACCESS RIGHTS Reject
message, upon receipt of this message the requesting devices stops timer T401
and considers that the request is been denied.
If the requesting device does not receive any response before T401 timer
expires, it assumes that the ACCESS RIGHTS REQUEST message is denied.
121
Amplify Mindware
Bluetooth
122
Amplify Mindware
Bluetooth
The WUG master on receipt of LISTEN REQUEST message, checks for the
validity of the terminating WUG member, if valid starts the T405 timer and sends
LISTEN SUGGEST message to the terminating WUG member.
On receipt of LISTEN SUGGEST message, the terminating WUG member
returns with a LISTEN ACCEPT message to the WUG master. The message
contains the WUG members clock offset and goes into PAGE-SCAN state for
T406 timer period.
The WUG master stops the T405 timer on receipt of the LISTEN ACCEPT
message and informs the originating WUG member about the status by sending
LISTEN ACCEPT message with a terminating WUG members clock offset.
Upon receipt of the LISTEN ACCEPT message, the originating WUG member
stops timer T404, and starts paging the terminating WUG member.
If no response to the LISTEN SUGGEST message is received by the WUG
master before the first expiry of timer T405, then the WUG master shall terminate
the Fast inter-member access procedure by sending a LISTEN REJECT
message to both originating and terminating WUG member.
The originating WUG member is send by WUG master indicating the rejection of
Fast inter-member access procedure, if the WUG master can not satisfy the
request and the originating WUG member on receipt of this message stops timer
T404.
If the terminating WUG member rejects the suggested action received in the
LISTEN SUGGEST message, it sends a LISTEN REJECT message to the WUG
master and on receipt of this message the WUG master stops T405 timer.
123
Amplify Mindware
Bluetooth
124
Amplify Mindware
Bluetooth
125
Amplify Mindware
Bluetooth
Stop DTMF response: Upon receiving the STOP DTMF message, the receiving
side will stop sending the DTMF tone (if still being sent) and return a STOP
DTMF ACKNOWLEDGE message to the initiating side.
126
Amplify Mindware
Bluetooth
Summary
TCS defines how telephone calls should be sent across a Bluetooth link.
The TCS provides: Call Control (CC) used for signaling of speech or data call
establishment and release between Bluetooth devices, Group Management
used for group management signaling thus handling groups of Bluetooth devices,
ConnectionLess TCS (CL) used for signaling information exchange
It uses both point to point and point to multipoint signaling.
127
Amplify Mindware
Bluetooth
Chapter Twelve
Bluetooth provides the physical medium and link control for technologies like
WAP, OBEX. The characteristics of the Bluetooth and its environment can be used to
provide value added services using WAP or OBEX protocols.
12.2 WAP
IN
BLUETOOTH
Bluetooth can be used to provide a bearer for transporting data between the
WAP Client and its adjacent WAP Server. Bluetooth medium provides a physical
bearer over which the data can be transferred.
128
Amplify Mindware
Bluetooth
129
Amplify Mindware
Bluetooth
server device discovers a client that indicates that it has WAP Client capability, the
server may optionally connect and push data to the client, although the client can
reject the pushed data.
Through the Bluetooth Service Discovery Protocol, the server can determine
the following information about the client:
Client Name this is a friendly format name that describes the client device.
Client capabilities this information allows the server to determine basic
information regarding the clients Bluetooth-specific capabilities.
FOR
W AP
The following specifies a protocol stack, which may be used below the WAP
components. Support for other protocol stack configurations is optional, and must be
indicated through the Bluetooth Service Discovery Protocol.
PP/RFCOMM
130
Amplify Mindware
Bluetooth
12.5 OBEX
AND
IRDA
131
Amplify Mindware
Bluetooth
In the Bluetooth system, the purpose of the OBEX protocol is to enable the
exchange of data objects. The protocols can also communicate with the service
discovery DB. The figure above illustrates Bluetooth and OBEX.
Bluetooth Specification includes five separate specifications related to OBEX and
applications using it:
Bluetooth IrDA Interoperability Specification
Defines how the applications can function over both Bluetooth and IrDA
Does not define the requirements for the Baseband, LMP, L2CAP, or
RFCOMM
Does not define the requirements for the Baseband, LMP, L2CAP, or
RFCOMM
Does not define the requirements for the Baseband, LMP, L2CAP, or
RFCOMM
AND
PROTOCOL
The OBEX object model describes how OBEX objects are presented. The
OBEX protocol can transfer an object by using the Put- and Get-operations. One
object can be exchanged in one or more Put-requests or Get-responses.
132
Amplify Mindware
Bluetooth
133
Amplify Mindware
Bluetooth
12.7 OBEX
OVER
RFCOMM
12.8 OBEX
OVER
TCP/IP
134
Amplify Mindware
Bluetooth
Summary
Bluetooth medium provides a physical bearer over which the data can be
transferred.
The OBEX object model describes how OBEX objects are presented.
OBEX can run over RFCOMM and TCP/IP
135
Amplify Mindware
Bluetooth
P A R T T H REE
BLUETOOTH PROFILES
136
Amplify Mindware
Bluetooth
References
Chapter Thirteen
Profiles
13.1 INTRODUCTION
The entire Bluetooth specification must be used in order to implement the enduser applications and this is the main objective of profile. To provide interpretability the
end product developed by various vendors must follow a common standard defined in
the profile. The profile provides procedures and messages (termed as capabilities) that
needs to be implemented in order to provide robust Bluetooth applications in a
standardized ways.
Bluetooth defines various profiles to provide interpretability between various
Bluetooth products. The diagram below shows how various profiles are utilized. Each of
this profile is build over another profile, such that the higher layer profile uses features
from its lower layer profile.
137
Amplify Mindware
Bluetooth
References
application, it should be possible for user to find this out using basic Bluetooth
capabilities.
Connectability: This mode defines the basic paging procedures for connecting
Bluetooth devices within the RF proximity. This mode is further divided into two
basic types:
138
Amplify Mindware
Bluetooth
References
Pairability: This mode provides basic pairing procedures for link establishment for
security and encryption purposes. Pairing is the process in which two devices
pair with each other to exchange the link keys used for security. But before
pairing the device much establish a relationship-based link between them called
as bonding. Thus pairing becomes mandatory if bonding is supported. This
provides two modes pairing and non-pairing mode.
Security: This mode controls security i.e. authentication and encryption after
pairing is done. Three security modes are supported:
o
139
Amplify Mindware
Bluetooth
References
is then performed across the L2CAP channel. Thus a virtual link is created over which
RFCOMM frames can be transferred.
13.4 DIAL
U P N E TW O R K I N G P R O F I LE
140
Amplify Mindware
Bluetooth
References
141
Amplify Mindware
Bluetooth
References
142
Amplify Mindware
Bluetooth
References
of laptops to the user, who selects the required laptop for synchronization to proceed.
However, before the synchronization could occur, PIN is exchange for security. The
devices are bonded using the authentication process. After the link is secured the
synchronization is completed.
143
Amplify Mindware
Bluetooth
References
Summary
The profile provides procedures and messages (termed as capabilities) that
needs to be implemented to provide Bluetooth applications in a standardized
ways.
The main purpose of GAP profile is to provide its facilities to the lower layer
profiles.
GAP operates in different modes like Discoverability, Connectability, Pairability,
and Security.
The Serial Port Profile defines the protocols and procedures that shall be used by
devices using Bluetooth for RS232 (or similar) serial cable emulation.
Dial up networking profile is used to establish a dial up connection to allow the
computing device to access the PSTN.
FAX profile is used to exchange FAX messages without the use of cables.
Headset profile defines the facilities require to make and receive hands-free
voice calls from headset to cellular phone.
LAN Access profile enables a Bluetooth device to gain access to the fixed
network using LAN Access Point LAP.
GOEP defines the protocols and procedures that shall be used by the
applications providing the usage models
Object push profile provides facilities to transfer business cards between client
and server.
Synchronization profile provides capabilities to synchronize two Bluetooth
devices for reliable data transfer.
Intercomm profile provided point to point connection to be established between
Bluetooth devices or Bluetooth headset for voice transfer
Cordless telephony profile helps the Bluetooth device to connect to any base
station of the wireless network
144
Amplify Mindware
Bluetooth
References
References
Brent A.Miller, Chatschik Bisdikian, Bluetooth Revealed Pearson Education, Inc, 2001.
Bluetooth: The Basics BPB Publications, 2001.
145
Amplify Mindware
Bluetooth
www.bluetooth.org
www.bluetoothnews.com
www.infotooth.com
www.palowireless.com
146
Amplify Mindware