RF transmitters and receivers have become widely available and deployed for use in many applications including many commercial products for individuals such as cellular hand sets (“mobile stations”), garage door openers, automobile keyless entry devices, cordless handsets and family radios. RF transmitters and receivers are also widely deployed in more complex commercial, safety and military applications. Collectively, the possible existence of many different RF transmissions from many different types of equipment presents a broadband RF transmission environment.
In light of the increasing large deployment of many different types of RF transmitters and receivers, the particular RF signals and signal protocols that may be present in any particular local area potentially are quite complex. Cellular systems, in particular, are of high interest because of their widespread deployment.
At times in a particular local area, it is desirable that the RF local mobile stations be rendered temporarily inactive thus preventing such local RF mobile stations from initiating transmissions by any associated local RF mobile stations or otherwise from initiating any action.
RF jammers have long been employed for temporarily rendering local RF mobile stations inactive. However, the large deployment of many different types of RF transmitters and receivers has rendered conventional jammers ineffective in many RF environments.
Jamming is usually achieved by transmitting a strong jamming signal at the same frequency or in the same frequency band as that used by the targeted local receiver. The jamming signal may block a single frequency, identified as “spot jamming”, or may block a band of frequencies, identified as “barrage jamming”.
Although simple jammers have long existed, technological advances require the development of advanced jamming equipment. Early jammers were often simple transmitters keyed on a specific frequency thereby producing a carrier which interfered with the normal carriers at targeted local receivers. However, such single carrier jammers have become ineffective and easily avoided using, for example, frequency hopping, spread spectrum and other technologies.
Some jamming equipment has used wide-band RF spectrum transmitters and various audio tone transmissions to jam or to spoof local receivers. Other systems employ frequency tracking receivers and transmitters and utilize several large directional antenna arrays that permit directional jamming of targeted local receivers. Often in such arrays, deep nulls in selected directions are provided to minimize the effects of the jamming in those selected directions. The deep null directions are then used to allow wanted communications.
Some jammers feature several modes of operation and several modulation types. For example, such operational modes include hand keying, random keying, periodic keying, continuous keying and “look through”. In the “look through” mode, a special jammer or a separate receiver/transmitter is used to selectively control the keying of the transmit circuit. The “look through” mode can be configured to hard key the transmitter ON at full power output upon detection of a received signal and periodically hard switch the transmitter RF power to OFF. In unkey operations, while the receiver “looks through” to see if there is still a carrier present or, after the transmitter has hard keyed to full output power ON, the RF output of the transmitter is gradually slewed down to a lower level while the receiver “looks through” to detect any carrier activity on the targeted frequency.
In a continuous-wave operation, when a jammer is only transmitting a steady carrier, the jamming signal beats with other signals and produces a steady tone. In the case of single side band (SSB) or amplitude modulated (AM) signals, a howl sound is produced at the receiver. In the case of frequency modulated (FM) signals, the receiver is desensitized, meaning that the receiver's sensitivity (ability to receive signals) will be greatly reduced.
When various types of modulations are generated by a transmitter, the operation is referred to as “Modulated Jamming”. The modulation sources have been, for example, noise, laughter, singing, music, various tones and so forth. Some of the modulation types are White Noise, White Noise with Modulation, Tone, Bagpipes, Stepped Tones, Swept Tones, FSK Spoof and Crypto Spoof.
The jammers that are actually deployed have tended to be either barrage jammers broadcasting broadband noise or CW (continuous wave) signals targeted at specific known signals. Generally, barrage jammers tend to produce a low energy density in any given communications channel, for example a 25 kHz channel, when jamming a broad band of channels. By way of example, a 200 MHz barrage jammer transmitting 100 Watts generally will only have 12 mWatts in any communications channel and this low power level per channel is likely to be ineffective as a jammer. These jammers also tend to jam wanted communications.
A regenerative jammer is disclosed in an application entitled REGENERATIVE JAMMER WITH MULTIPLE JAMMING ALGORITHMS, with filed date of Mar. 24, 2006 and with Ser. No. 11/398,748. The regenerative jammer generates and transmits RF broadband jamming signals for jamming one or more local RF receivers. The jammer includes a broadband antenna unit for receiving broadband RF jammer received signals from local transmitters and for transmission of regenerated broadband RF jamming signals to the local receivers. The antenna unit includes one or more antennas for separately transmitting and receiving. The jamming signals use a plurality of jamming algorithms including a regeneration algorithm for jamming local receivers.
The jamming of cellular systems is of particular interest because of the high number of cellular mobile stations that are presently deployed and that are increasingly being deployed.
Cellular systems “reuse” frequencies within a group of cells to provide wireless two-way radio frequency (RF) communication to potentially large numbers of users at mobile stations (often called “cell mobile stations” and “hand sets”). Each cell covers a small geographic area (up to about 35 kilometers and typically much smaller in urban areas) and collectively a group of adjacent cells covers a larger geographic region. Each cell has a fraction of the total amount of RF spectrum available to support cellular users. Cells are of different sizes (for example, macro-cell or micro-cell) and are generally fixed in capacity. The actual shapes and sizes of cells are complex functions of the terrain, the man-made environment, the quality of communication and the mobile station capacity required. Cells are connected to each other via land lines, microwave links, switches or other means that are adapted for mobile communication. Switches provide for the hand-off of mobile stations from cell to cell and thus typically from frequency to frequency as mobile stations move between cells.
In conventional cellular systems, each cell has a base station (BTS) with RF transmitters and RF receivers co-sited for transmitting and receiving communications to and from mobile stations in the cell. The base station employs forward RF frequency bands (carriers) to transmit forward channel communications to mobile stations and employs reverse RF carriers to receive reverse channel communications from mobile stations in the cell.
The forward and reverse channel communications use separate frequency bands so that simultaneous transmissions in both directions are possible. This operation is referred to as frequency division duplex (FDD) operation. In time division duplex (TDD) operation, the forward and reverse channels take turns using the same frequency band.
The base station in addition to providing RF connectivity to users at mobile stations also provides connectivity to other base stations through a switch or other facility sometimes called an Office. In a typical cellular system, one or more such Offices will be used over the covered region to service a number of base stations and associated cells in the cellular system and to support switching operations for routing calls between other systems and the cellular system or for routing calls within the cellular system. An Office assigns RF carriers to support calls, coordinates the handoff of mobile stations among base stations, and monitors and reports on the status of base stations. The number of base stations controlled by a single Office depends upon the traffic at each base station, the cost of interconnection between the Office and the base stations, the topology of the service area and other similar factors.
A handoff between base stations occurs, for example, when a mobile station travels from a first cell to an adjacent second cell. Handoffs also occur to relieve the load on a base station that has exhausted its traffic-carrying capacity or where poor quality communication is occurring. The handoff is a communication transfer for a particular mobile station from the base station for the first cell to the base station for the second cell.
Conventional cellular implementations employ one of several techniques to reuse RF bandwidth from cell to cell over the cellular domain. The power received from a radio signal diminishes as the distance between transmitter and receiver increases. Conventional frequency reuse techniques rely upon power fading to implement reuse plans. In a frequency division multiple access (FDMA) system, a communications channel consists of an assigned particular frequency and bandwidth (carrier) for continuous transmission. If a carrier is in use in a given cell, it can only be reused in cells sufficiently separated from the given cell so that the reuse site signals do not significantly interfere with the carrier in the given cell. The determination of how far away reuse sites must be and of what constitutes significant interference are implementation-specific details for the communication system.
In TDMA conventional cellular architectures, time is divided into time slots of a specified duration. Time slots are grouped into frames, and the homologous time slots in each frame are assigned to the same channel. It is common practice to refer to the set of homologous time slots over all frames as a time slot. Each logical channel is assigned a time slot or slots on a common carrier band. The radio transmissions carrying the communications over each logical channel are thus discontinuous. The radio transmitter is off during the time slots not allocated to it.
Each separate radio transmission, which occupies a single time slot, is called a burst. Each TDMA implementation defines one or more burst structures. Typically, there are at least two burst structures, namely, a first one, an access burst, for the initial access and synchronization of a mobile station to the system, and a second one, a normal burst, for routine communications once a mobile station has been synchronized. Strict timing must be maintained in TDMA systems to prevent the bursts comprising one logical channel from interfering with the bursts comprising other logical channels in the adjacent time slots.
GSM signals are TDMA bursts with digital GMSK modulation format. The bit duration is about 3.7 μsec with about 156 bits forming a 0.577 msec burst in a TDMA time slot. A specific user is assigned one burst every 4.615 msec. The mobile stations transmit and receive at different RF frequencies. For example, in most of the world, including Europe, the mobile station transmits in the bands from 890 to 915 MHz and 1710 to 1785 MHz and receives in the bands from 935 to 960 and 1805 to 1880 MHz. The signals are allocated to channels within their transmit bands. The channel spacing is 0.2 MHz. The 1800 MHz mobile station transmit band has 75 MHz/0.2 MHz=375 channels available and similarly 375 channels for the receive band.
In some parts of the world, including the US and Canada, the GSM network uses the 800 and 1900 MHz bands. In the 800 MHz band, the mobile station transmits from 824 to 849 MHz and receives from 869 to 894 MHz. In the 1900 MHz band, the mobile station transmits from 1850 to 1910 MHz and receives from 1930 to 1990 MHz.
In operation of a GSM communication system, the system detects signal problems with a mobile station, such as high bit errors or loss of reception, and then commands the mobile station to change to a new RF channel. This new RF channel may be in the same band or may be in the other band. For example, if the mobile station is using 901.2 MHz and experiences difficulty, the system may command it to change to 893.4 MHz. Due to capacity and system loading, the mobile station may be commanded to use 1782.4 MHz in the upper band. These channel changes happen without detection by the user of the mobile station. GSM systems also have frequency hopping provisions where the channels are changed periodically to avoid interference.
Notwithstanding the advancements that have been made in jamming systems, GSM and other communication systems present a demanding need for more effective jammers. GSM jammers generally fall into three categories: continuous wave (CW), noise and modulated. The goal of these jammers is to have the mobile station receive enough jammer signals with sufficient power compared to the intended GSM signal from the base station, to prevent the intended signal from being demodulated properly. The mobile station does nothing when it does not recognize the received signal.
CW jammers generate a sinusoidal signal using a signal generator, for example, using a direct digital synthesis (DDS) chip. DDS chips can quickly tune to a commanded frequency and generate a sinusoidal signal. This sinusoidal signal is amplified with a power amplifier and transmitted via an RF antenna. The advantage of a DDS is that it is relatively inexpensive to generate the RF jammer signal. The disadvantages of a DDS are that a) the jammer system must know which channels to jam requiring an involved signal processing system and b) the jammer system requires a large number of DDS's to cover all the possible active mobile station receive channels.
Noise jammers produce broadband white noise filtered to the bands of interest, usually the mobile station receive channels. This band limited signal is amplified with a power amplifier and transmitted. An advantage of this noise jammer system is that the noise generator generates the signal at the RF frequency and covers a broad band. This noise jammer system only needs one signal generator to cover a wide band of frequencies. A disadvantage of the noise jammer system is that the noise density is low. For example, if a 10 Watt power amplifier is used to transmit the signal in the mobile station receive band, only about 20 mW of jamming signal power is actually transmitted in each channel. This low power produces a limited effective jammer range.
Modulated signal jammers use modified GSM mobile station circuitry and software to transmit a GSM type signal on active channels. This mobile station circuitry is inexpensive, but the number of mobile stations that can be jammed at one time is limited. Further, the mobile station circuitry has limited transmit power and therefore has a limited effective range.
Whenever a jammer starts operating, the GSM system will detect the interference and command the mobile station to change to a different channel frequency. This hand-off of a mobile station, if allowed to proceed, is made in milliseconds. Similarly, when frequency hopping is employed, the jammer must be able to respond to the new hopped to channel. Accordingly, any jammer must deal with the channel hand-off, frequency hopping and other dynamic operation of communication systems.
To be effective in jamming the dynamic operation of a communication system, a jammer must track changes to new channels and block the new channels, detect and jam all active channels or jam all possible channels. Furthermore, when the system detects a bad TDMA burst, it will retransmit the burst on the same or a different channel. Therefore, to be effective, the jammer must hit all TDMA bursts. Known systems do not satisfy these requirements.
In light of the foregoing background, there is a need for improved transmitters, receivers and jammers that are effective in local areas, and in particular are effective for GSM and other digital environments.