The Bluetooth® system is specified in “Specification of the Bluetooth® System, Covered Core Package Version: 5.0, Publication Date: Dec. 6, 2016” (“Specification of the Bluetooth® System)”. Bluetooth® operates in the unlicensed Industrial, Scientific, and Medical (ISM) band from 2.400 to 2.4835 GHz. Classic Bluetooth Basic Rate (BR) and Bluetooth Low Energy (BLE) employ Gaussian Frequency-Shift Keying (GFSK) as the primary modulation scheme, while Classic Bluetooth Enhanced Data Rate (EDR) incorporates differential phase-shift keying (DPSK) for increased throughput. Classic Bluetooth (BR) may occupy any of 79 radio frequency (RF) channels, spaced by 1 MHz, whereas BLE is limited to 40 RF channels, spaced by 2 MHz. For both BR and BLE, the nominal channel symbol rate is 1 MHz, with a nominal channel symbol duration of 1 μs.
A more complete understanding of the present embodiments, and the attendant advantages and features thereof, will be more readily understood by first describing relevant Bluetooth® system details. Relevant details of the Bluetooth® system are therefore presented herein. A more complete description can be obtained by reference to the Specification of the Bluetooth® System.
Bluetooth® is a time division multiplex (TDM) system basically comprising a “Master” device, which initiates an exchange of data, and a “Slave” device which responds to the Master. The TDMA slot duration is 625 μs, and the maximum payload length is such that certain packet types may extend up to five slots in length. Each device will hop to an RF channel once per packet and Slave devices will utilize the timing of their Master to hop in synchronization.
FIG. 1 is a diagram that shows the format of the unique Bluetooth Device Address (BD_ADDR) 100. The BD_ADDR is split into three parts, lower address part (LAP) 110, upper address part (UAP) 120, and non-significant address part (NAP) 130.
FIG. 2 is a diagram that shows the general format 200 for the Classic Bluetooth BR packet type, which starts with a GFSK Access Code 210. If a packet header follows, the access code is 72 bits long, otherwise the access code is 68 bits long and is known as a shortened access code. For any packet not comprised solely of a shortened Access Code, the Access Code 210 is followed by a 54-bit GFSK Packet Header 220, which is generated by encoding an 18-bit information field using a rate 1/3 repetition code. The Header 220 is followed by the payload 230.
FIG. 3 is a diagram that shows the general format 300 for packets carrying an enhanced data rate (EDR) payload which start with a GFSK Access Code 210 of length 72 bits. The Access Code 210 is followed by a 54-bit GFSK Packet Header 220. The GFSK Packet Header 220 is followed by a guard interval 330 of nominal duration 5 μs, followed by an a priori 11-symbol EDR sync word 340, the DPSK payload 350, and then, finally, two trailer symbols 360.
FIG. 4 is a diagram showing the GFSK Access Code 210, which begins with a 4-bit preamble 410 (either 0101 or 1010), and, for non-shortened Access Codes, ends with a 4-bit trailer 430 (also either 0101 or 1010).
FIG. 5 is a diagram showing the construction of the 64-bit sync word 420. The detailed description for this construction is given in Clause 6.3.3.1 in the Specification of the Bluetooth® System. The sync word 420 generation begins at step 510 or 515 where a 6-bit Barker code is appended to the 24-bit Lower Address Part (LAP) field 110 to form an information sequence. If the most significant bit (MSB) of the LAP is a zero, then the Barker code 001101 is used to form an information sequence at step 510. If the MSB of the LAP is a one, then the Barker code 110010 is used to form an information sequence 515. Step 510 or 515 is followed by step 520 where the information sequence is pre-scrambled by carrying out an exclusive OR (XOR) function with the bits p34 . . . p63 of a PN sequence 550 which has a fixed value, generating the data to encode 530. A (64, 30) block codeword 545 is then appended to generate the codeword 540, and the complete PN sequence is XORed to the codeword 540. This step de-scrambles the information part of the codeword 540 and at the same time the parity bits of the codeword are scrambled. Consequently, the original LAP 110 and Barker sequence are ensured a role as part of the access code sync word, and the cyclic properties of the underlying code is removed.
FIG. 6 is a diagram showing the format of the Packet Header 220. The Header 220 includes six fields: LT_ADDR 610, Type 620, Flow 630, ARQN 640, SEQN 650, and HEC 660. The 3-bit LT_ADDR field 610 contains the logical transport address for the packet. The 4-bit Type code 620 specifies which packet type is used. The Flow bit 630 is used for the flow control of packets. The 1-bit acknowledgment indication ARQN 640 is used to inform the source of a successful transfer of payload data with cyclic redundancy check (CRC), and can be positive acknowledge ACK or negative acknowledge NAK. The sequence SEQN bit 650 provides a sequential numbering scheme to order the data packet stream. The header error check HEC 660 is an 8-bit word. Before generating the HEC, the HEC generator is initialized with an 8-bit value. For frequency hop synchronization (FHS) packets sent in master response substate, the upper address part (UAP) 120 of the slave device is used. For frequency hop synchronization (FHS) packets and extended inquiry response packets sent in inquiry response, the default check initialization (DCI), value 0x00, is used. In all other cases, the UAP 120 of the master device is used.
FIG. 7 is a block diagram showing the bit stream processing 700 for encoding the 54-bit Classic Bluetooth Packet Header. A 10-bit message, which includes the 4-bit Packet Header Type Field (PHTF), is first augmented with an 8-bit Header Error Check (HEC), block 710. For packets associated with a specific master or slave, the HEC is generated using the 8-bit Upper Address Part (UAP) 120 of the BD_ADDR 100 for either the master or slave device, otherwise, a Default Check Initialization (DCI) is used. The 18-bit information bit field is then whitened using an a priori 6-bit pseudorandom sequence in block 720, starting at one of 64 possible starting locations or “seeds”. The 18-bit, whitened information bit sequence is then encoded in block 730 using rate 1/3 repetition coding, resulting in the 54-bit Packet Header, which is modulated as GFSK. Note that the values provided in this paragraph are examples only. Thus, in other examples, a length of whitened information bit sequence may be other than 18 bits and may be encoded using a repetition rate other than 1/3.
FIG. 8 is a block diagram showing the bit stream processing 800 for a Classic Bluetooth® payload, for which some packet types support two different forms of encryption: CRC 810 and E0 Encryption 820, and AES encryption 830 with CRC 840. For packet types which include a cyclic redundancy check (CRC) 810 and E0 Encryption, the first Encryption Type E0 820 obscures the CRC 810 which cannot be used for the checking of valid packets. For packet types employing the encryption type AES 830, a 32-bit Message Integrity Check (MIC) field is first appended to the user payload, and then encryption is performed prior to encoding the CRC 840. In this case the CRC is unobscured, and, therefore, useful for checking for valid packets. The payload, which includes the message integrity check (MIC) and the CRC, is then whitened 850 using the same seed that was used for the packet header, but advanced by 18 positions. The whitened information payload is encoded using forward error correction (FEC) 860 of rate 1/3, 2/3, or 1, depending on the packet type, where the rate 1/3 code is the aforementioned repetition code, and the rate 2/3 code is a shortened (15,10) Hamming code.
The Bluetooth® transmitter specifications are specified in the Specification of the Bluetooth® System, a summary is herein provided. Both BR and BLE employ a GFSK waveform with normalized Gaussian filter 3-dB frequency bandwidth time, BT=0.5, utilizing a nominal symbol duration of T=1 μs, which may vary, at the transmitter, by as much as ±20 parts per million (ppm) for BR, the modulation index h can vary within the range 0.28≤h≤0.35, with an assumed nominal value of h=0.32. Furthermore, for any BR transmission, the initial center frequency must be within ±75 kHz of the nominal channel frequency, and is, then, allowed to drift by as much as ±25 kHz for a single-slot packet, and ±40 kHz for a multi-slot packet, with a maximum drift rate of 400 Hz per μs.
In the normal case, the BR receiver has a priori knowledge of the Access Code 210 and can therefore correlate to the sync word 420 establishing the packet time of arrival and instantaneous offset frequency. When employing a Bluetooth® monitoring receiver that is listening for Bluetooth® packets on a particular channel, or indeed on all the channels, the LAP 110 is not known and hence the detector cannot synchronize to a packet using known techniques. Furthermore, once synchronized to a packet, there is no a priori knowledge of the whitening sequence generator's initial state/seed, which can be one of 64 possibilities. Finally, encoding of, both the 8-bit Header Error Check (HEC) 710, transmitted during the GFSK Packet Header 220, and the 16-bit payload CRC 840, which appears at the end of certain packet types, both utilize the 8-bit Upper Address Part (UAP) 120 of the BD_ADDR 100, of which, again, the detector has no a priori knowledge.