Professional Documents
Culture Documents
Page 1
Agenda
Comparison of LE to BR/EDR
Page 2
Agenda
Comparison of LE to BR/EDR
Page 3
Faster connections
I got it I got it I want more Here it is
Page 4
New Technology?
Yes
efficient discovery / connection procedures very short packets asymmetric design for peripherals client server architecture
No
reuse existing BR radio architecture reuse existing HCI logical and physical transports reuse existing L2CAP packets
Page 5
In the home Remote control Entertainment Assisted living Consumer medical & health In the workplace Factory automation In the car Sensors Displays On the go Sports and fitness Proximity
Page 6
Basic Concepts
Everything optimized for power consumption Button Cell will be the main power supply for peripherals
< 15ma peak current < 1a average current
Page 7
Basic Concepts
Client
Server
Page 8
Basic Concepts
Internet
Page 9
Agenda
Comparison of LE to BR/EDR
Page 10
State Description Does not transmit or receive packets Broadcasts advertisements in advertising channels Looks for advertisers
Scanning
Initiating
Connection
Master Communicates with device in the Slave Role role, defines timings of transmissions Slave Role Communicates with single device in Master Role
Connection
Page 11
Bluetooth low energy devices may have more than one instance
of the Link Layer state machine at any one time
However a Bluetooth low energy device cannot be master and slave at the same time
Multiple State Machine States and Roles Advertising Scanning Initiator Connection Master Slave Advertising No Yes Yes * Yes * Yes * Scanning Yes No Yes Yes Yes Initiating Yes* Yes No Yes No Connection Master Yes * Yes Yes Yes No Slave Yes * Yes No No No
* Only advertising packets that will not result in Link Layer entering a Slave Role
Page 12
Topology Example
Star topology
Master can have multiple link layer connections Slave can have only one link layer connection
Advertiser
Advertisement
Slave Slave Advertiser Advertiser
Page 13
Topology Example
Connection Request
Page 14
Topology Example
Connected
Slave Slave Slave / Advertiser Advertiser
Page 15
Agenda
Comparison of LE to BR/EDR
Page 16
Stack Architecture
Apps
Host
Link Layer
Physical Layer
Controller
Page 17
Physical Layer
Applications Generic Access Profile Generic Attribute Profile Attribute Protocol Security Manager
Apps
Host
Logical Link Control and Adaptation Protocol Host Controller Interface Link Layer Physical Layer Direct Test Mode
Controller
Page 18
Spectrum Usage
The 2.4GHz ISM band is a free for all for anyone who wants to
use it.
Direct Radio waves Current 100 kHz 300 GHz Extremely low frequency FM radio (ELF) 88-108 MHz Very low frequency Microwaves (VLF) 300 MHz 300 GHz
The 2.4GHz ISM Band is also used by: Microwave Ovens Digital Cordless Phones 802.11b/g
Frequency in hertz (Hz) kHz MHz GHz 0 102 104 106 108 1010
1012
1014
1016
1018
1020
1022
Bluetooth
Page 19
2480 2478 2476 2474 2472 2470 2468 2466 2464 2462 2460 2458 2456 2454 2452 2450 2448 2446 2444 2442 2440 2438 2436 2434 2432 2430 2428 2426 2424 2422 2420 2418 2416 2414 2412 2410 2408 2406 2404 2402 MHz
6 6 6 6 6 6 6 6 6 10 9 8 7 6 5 4 3 2 1 0 37 Advertising Data
39
36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11
11 11 11 11 11 11 11 11 11
38
1 1 1 1 1 1 1 1 1 WiFi
Page 20
Modulation Scheme
FSK uses two different frequencies to transmit a binary 1 or 0 For Bluetooth low energy the two frequencies are:
fc + fc - for 1 for 0
Page 22
Modulation Example
During one time slot the data can change value every 1s,
so the transmit frequency oscillates back and forth around the center channel frequency.
Page 23
Frequency, GHz
2.402
Page 24
Page 25
Overcoming Interference
Page 26
FHSS occurs while in a connection The frequency hops follow a hop-length that is pseudo-random
per connection
Communicated in the Connection Request Provides instant adaptive frequency hopping capability Can be updated using a channel update message
Guard Band Guard Band
2.4000 2.4020
2.4800
Page 27
Definitions:
Used channel used for the connection Unused channel not used for the connection
Page 28
Link Layer
Applications Generic Access Profile Generic Attribute Profile Attribute Protocol Security Manager
Apps
Host
Logical Link Control and Adaptation Protocol Host Controller Interface Link Layer Physical Layer Direct Test Mode
Controller
Page 29
Device addresses
Public 48-bit address obtained from IEEE Registration authority BD_ADDR in dual-mode devices
company_assigned [0:23] company_id [24:47]
Private Optional for Bluetooth low energy devices Changes frequently enables privacy
hash [0:23] random [24:47]
Access addresses
32-bit pseudo random access address Changes with each link layer connection
Page 30
Device Filtering
Scanner
Process advertising packets from devices in white list Process all advertising packets (default scanner filter policy)
Initiator
Process connectable advertising events from devices in white list Process connectable events only from single device specified by host
Page 31
White Lists
Page 32
Physical Channels
Advertising Channels
Frequencies
2402 (37), 2426 (38), 2480 (39)
Usage
Discovering devices Initiating a connection Broadcasting data
Data Channels
Frequencies
2404-2424 (0-10), 2428-2478 (11-36)
Usage
Communicating between connected devices
Page 33
Used for Advertising and Data Channel Packets Preamble (0x55, 0xAA)
Frequency synchronization, symbol timing estimation, AGC training Access Address Advertising packets always 0x8e89bed6 Data packets different for each link layer connection Packet Data Unit Defined based upon packet types Not Whitened Whitened
Preamble
Access Address
PDU
CRC
Protected by CRC
Page 34
CRC
Calculated over entire PDU Detects all 1, 2, 3, 5, and odd bit errors in PDU Shift register is preset Data channel - with value from CONNECT_REQ Advertising channel 0x555555
x0 x1 x3 x4 x6 x9 x10 x24
+
Position 0 LSB 1 2
+
3
+
4 5
+
6 7 8
+
9
+
10 11 12 13 14 15 16 17 18 19 20 21 22 23 MSB
+
Data in (LSB first)
Data Whitening
Random data can contain long strings of 1s or 0s. Long durations at one level can cause an unwanted DC bias to be present in received data which can upset some data slicers. To counter this the PDU and CRC is whitened Uses same LFSR as Bluetooth BR
Page 35
x0
x4
x7
Data out
+
Position 0 1 2 3 4 5 6
+
Data in (LSB first)
Advertising
Scanner
Advertiser
Event started ~0.5ms ~0.5ms
Response packet to advertising event SCAN_REQ Yes No No Yes CONNECT_REQ Yes Yes * No No
Event closed
Active Scanning
Scanner
Advertiser
Event started
T_IFS 150s
<1.5ms
Response packet to advertising event SCAN_REQ Yes No No Yes CONNECT_REQ Yes Yes * No No
~0.5ms
Event closed
Page 37
Connection
Scanner
Advertiser
Event started
T_IFS 150s
Event closed
ADV_DISCOVER_IND
Yes
No
Page 38
Connection
Scanner
Advertiser
Advertising Event started
WindowSize
1.25 msec
10 msec *
Master
1.25ms < t < WindowOffset+WindowSize T_IFS 150s connInterval
Slave
LL Data/Control packet Channel fn LL Data/Control packet Channel fn LL Data/Control packet Channel fn+1 LL Data/Control packet Channel fn+1
T_IFS 150s
Page 39
Parameter connInterval
Maximum 4 seconds
Scanner
Advertiser
Advertising Event started
WindowOffset WindowSize
0 1.25 msec
connInterval 10 msec *
ADV_IND (data) Adv_Idx= 37 CONNECT_REQ Adv_Idx=37
Master
1.25ms < t < WindowOffset+WindowSize
T_IFS 150s
Slave
Master MD=0 MD=0 Slave Master closes connection Master transmits Slave listens MD=1 Master transmits Slave listens Master transmits Slave listens
MD=1
LL Data/Control packet Channel fn (MD=1) LL Data/Control packet Channel fn (MD=0) LL Data/Control packet Channel fn (MD=0) LL Data/Control packet Channel fn (MD=0)
Page 40
Connection Termination
Page 41
Acknowledgements embedded in
header of every Data channel PDU
Single bit Sequence Number (SN) Single bit Next Expected Sequence Number (NESN) Master Slave
Page 42
Type (4 bits)
RFU TxAdd RxAdd Length (2 bits) (1 bit) (1 bit) (6 bits) Header (16 bits)
RFU (2 bits)
Page 43
Usage Connectable undirected advertising event Non-connectable undirected advertising event Discoverable undirected advertising event
AdvA (6 octets)
Preamble (1 octet)
Page 44
Type 0001
Packet ADV_DIRECT_IND
InitA (6 octets)
Preamble (1 octet)
Page 45
Usage Scan request for further information from advertiser Response to scan request from scanner
SCAN_REQ
SCAN_RSP
ScanA (6 octets)
AdvA (6 octets)
AdrA (6 octets)
Page 46
Usage Connect request by Initiator Interval (2 octets) Latency (2 octets) Timeout (2 octets) ChM (5 octets) Hop (5 bits) SCA (3 bits)
InitA initiators public/random address based on TxAdd AdvA advertisers public/random address based on RxAdd AA contains Link Layers connection address CRCInit initialization value for CRC calculation WinSize defines timing window for first data packet WinOffset offset of transmit window start Interval time between connection events Latency # times slave can ignore connection events Timeout max time between two correctly received packets before link is considered lost ChM Channel Map Hop Random number seeding hop sequence SCA Sleep Clock Accuracy range
InitA (6 octets)
Header (16 bits)
AdvA (6 octets)
Preamble (1 octet)
Page 47
AGC training (01010101) or (10101010) Synchronization word 32 bit link layer connection access address CRC computed over PDU MIC Message Integrity Code, for use with encrypted links
LLID (2 bits) NESN (1 bit) SN (1 bit) Header (2 octets) MD (1 bit) RFU (3 bits) Length (5 bits) RFU (3 bits)
NESN
SN MD
MIC (4 octets)
Preamble (1 octet)
CRC (3 octets)
Page 48
0x03
0x04 0x05 0x06 0x07 0x08 0x09 0x0a 0x0b 0x0c
LL_ENC_REQ
LL_ENC_RSP LL_START_ENC_REQ LL_START_ENC_RSP LL_UNKNOWN_RSP LL_FEATURE_REQ LL_FEATURE_RSP LL_PAUSE_ENC_REQ LL_PAUSE_ENC_RSP LL_VERSION_IND
CtrType (1 octet)
CtrData
LLID 1 1
NESN (1 bit)
MD (1 bit)
RFU (3 bits)
Length (5 bits)
RFU (3 bits)
0x0d
LL_REJECT_IND
Preamble (1 octet)
Page 49
Encryption
32-bit Message Integrity Code on every encrypted packet Based on Encryption Root key in slave
Generates a Long Term Key (LTK) LTK shared with master to allow faster reconnections
Page 50
Packet Timings
Tx
Rx
Tx
Rx
Tx
Rx
Tx
Rx
Page 51
Tx
Rx
Tx
Rx
Tx
Rx
Tx
Rx
Page 52
Apps
Host
Link Layer
Physical Layer
Controller
Page 53
Extension of HCI specified in the Bluetooth Core Specification The specification defines several interfaces:
UART USB SD 3-wire UART
Page 54
Device Setup
Reset
Physical Links
Set host channel classification
Device Discovery
Advertising Reports Scan Setup
Link Information
RSSI Channel maps
Testing
Places device into special test mode
Remote Information
Obtain remote device information
Generic events
Can occur at any time
Page 55
Controller Flow Control Read Buffer Size Number of Completed Packets LE Read Buffer Size Controller Information Read Local Version Information Read Local Supported Commands Read Local Supported Features Read BDADDR LE Read Local Supported Features LE Read Supported States Controller Configuration LE Set Advertise Enable LE Set Advertising Data LE Set Advertising Parameters LE Set Random Address LE Set Scan Response Data LE Set Random Address
Black existing commands Black italicized existing events Red new commands Red italicized new events
Page 56
Applications Generic Access Profile Generic Attribute Profile Attribute Protocol Security Manager
Apps
Host
Logical Link Control and Adaptation Protocol Host Controller Interface Link Layer Physical Layer Direct Test Mode
Controller
Page 57
Provides fixed channel data services to upper layer protocols Provides protocol multiplexing capability through concept of channels
Channel Identifier is local name representing a logical channel Channels are bi-directional
MD (1 bit)
RFU (3 bits)
Length (5 bits)
RFU (3 bits)
MIC (4 octets)
Preamble (1 octet)
CRC (3 octets)
Page 58
Signaling
Security Manager Protocol
0x0005 (fixed)
0x0006 (fixed)
0x0005 (fixed)
0x0006 (fixed)
Page 59
Description Reserved Command Reject Connection Parameter Update Request Connection Parameter Update Response Code (1 octet)
Usage Reserved Sent in response when unknown command code or inappropriate response Allows slave device to request new connection parameter targets Master response to slave Connection Parameter Update Request
Identifier (1 octet)
Length (2 octets)
Page 60
Page 61
Attribute Protocol
Applications Generic Access Profile Generic Attribute Profile Attribute Protocol Security Manager
Apps
Host
Logical Link Control and Adaptation Protocol Host Controller Interface Link Layer Physical Layer Direct Test Mode
Controller
Page 66
Page 67
Page 69
Protocol Methods
Sent by Description Client Server Client requests something from server always causes a response Server sends response to a request from a client
Command
Notification Indication
Client
Server Server
Confirmation Client
Client can only send one request at a time request completes after response received Server can send only one indication at a time indication completes after confirmation Commands and Notifications can be sent at any time
Page 70
Attribute Opcode
bit 6-0 : Method bit 7 : Authentication Signature Flag If 0, then unsigned data If 1 then signed data
Preamble (1 octet)
MD (1 bit)
RFU (3 bits)
Length (5 bits)
RFU (3 bits)
Page 71
Attribute Commands
Name Error Response Description Something was wrong with a request
Page 72
Applications Generic Access Profile Generic Attribute Profile Attribute Protocol Security Manager
Apps
Host
Logical Link Control and Adaptation Protocol Host Controller Interface Link Layer Physical Layer Direct Test Mode
Controller
Page 73
Example Application
Request
Client
Response
Server
Page 74
Client
Server
Requests
Responses
Service Char.
Service Char.
Service Char.
Page 75
GATT Definitions
Page 76
Page 77
Page 78
<<Characteristics>> Properties
Broadcast Read Write without response Write Notify Indicate Authenticated Signed Writes Extended Properties
Page 79
Page 80
Applications Generic Access Profile Generic Attribute Profile Attribute Protocol Security Manager
Apps
Host
Logical Link Control and Adaptation Protocol Host Controller Interface Link Layer Physical Layer Direct Test Mode
Controller
Page 81
Defines Advertising and Scan Response Data formats All profiles are built upon GAP
Page 82
Profile Roles
Broadcaster
Sends advertising events Can include characteristics and service data Doesnt need receiver Can be discoverable if it does have receiver
Scanning
Observer
Receives advertising events Listens for characteristics and service data Doesnt need transmitter Can discover devices if it does have transmitter
Scanning
Advertising
Standby
Initiating
Advertising
Standby
Initiating
Connection
Connection
Page 83
Profile Roles
Peripheral
Has transmitter and receiver Always slave Connectable advertising
Central
Has transmitter and receiver Always master Never advertises
Scanning
Scanning
Advertising
Standby
Initiating
Advertising
Standby
Initiating
Connection
Connection
Page 84
Advertising Data
Description Advertising data can be sent by broadcaster / discoverable peripheral Flags (LE limited/general Discoverable mode, BR/EDR support)
0x02
0x03 0x06 0x07 0x08 0x09 0x0A 0x12 0x14 0x15 0x16
0xFF
Page 85
BTle Applications
Client Use Case Use Case Responses Use Case Requests Service Char.
Service Char.
Page 86
There is not a one-to-one link between services and use cases Clients implement use cases, Servers implement services Use cases can use multiple services
Client
Device Selection Use Case
Server
Immediate Alert Service Char. Transmit Power Service Char.
Page 87
Applications
Applications Generic Access Profile Generic Attribute Profile Attribute Protocol Security Manager
Apps
Host
Logical Link Control and Adaptation Protocol Host Controller Interface Link Layer Physical Layer Direct Test Mode
Controller
Page 88
Applications
Page 89
User Scenarios
Leaving a phone behind Leaving keys behind Child straying too far Hospital patient from bed Automatic PC Locking & Unlocking Automatic PC Locking & Authenticated Unlocking
Roles
Proximity Monitor Proximity Reporter
Proximity Profile
Specifies services used Specifies GAP requirements for discoverability/connectability
Services
Link Loss Service Immediate Alert Service Tx Power Service
Page 90
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 91
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 92
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 93
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 94
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 95
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 96
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 97
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 98
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 99
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 100
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 101
Profiles Network Availability Proximity Find Me Soft Button Battery Glucose Meter Heart Rate Belt Weight Scale Device Power Light Switch HID Watchdog
Services Network Availability Immediate Alert Tx Power Link Loss Alert Generic Control Battery Glucose Meter Manufacturer Time Heart Rate Weight Scale HID Watchdog
Page 102
Agenda
Comparison of LE to BR/EDR
Page 103
Feature RF Channels
BR/EDR 79
LE 40
Modulation
Modulation Index Max Tx Power
GFSK
0.25 to 0.35 +20 dBm (class 1) +4 dBm (class 2)
GFSK
0.45 to 0.55 +10 dBm
Rx Sensitivity (typical)
Range (typical)
-85 dBm
30 meters
-85 dBm
50 meters
Page 104
Feature
BR/EDR
LE
Notes
Packet Format
Ack Packet Len 8 octet Packet
6 (BR / EDR)
126 s 214 s
2 (LE)
80 s 144 s
328 s = 27 octets
305 kb/s 13.9 s (LE)
LE very short
EDR much faster LE less efficient for large packets
CRC Strength
Encryption
16
Safer+
24
AES-128
LE stronger
LE stronger
Page 105
Feature Authentication Acknowledge Topology Discoverable Connectable Discoverable + Connectable LMP PDUs Feature Bits
BR/EDR once immediate flexible Inquiry Scanning 11.25 ms / 1.25 s Page Scanning 11.25 ms / 1.25 s Inquiry + Page Scan 22.5 ms / 1.25 s 75 59
LE every packet sliding window pure star Advertising 1.25 ms / 1.25 s Advertising 1.25 ms / 1.25 s Advertising 1.25 ms / 1.25 s 14 1
Notes more secure lower power LE simpler 10x lower power 10x lower power 20x lower power 5x simpler 59x simpler
Page 106
Feature Connection time LMP negotiation time L2CAP connection setup time
30 ms ~ 120 ms
1.25 ms
3 ms
instant instant
10x quicker
no penalty for coexistence no penalty for low power
Page 107
Feature
Protocols Supported by Host Min protocols for application 1 MB using BR 1 MB using EDR 1 MB using HS
BR/EDR
14 3 (SDP, L2CAP, App Protocol) 8.81 s 2.93 s < 1s
LE
3 2 (ATT, L2CAP) 13.93 s 13.93 s 13.93 s
Notes
Only ATT required for all plain text applications LE uses ATT for service discovery and apps BR 60% faster for data EDR ~5x faster LE very slow
L2CAP overhead
L2CAP configuration options L2CAP commands
4 to 12 octets
7 17
4 octets
0 1
Page 108
Agenda
Comparison of LE to BR/EDR
Page 109
Page 110