How Bluetooth Smart / Bluetooth Low Energy (BLE) replaces Keys, Credit Cards and adds Indoor GPS

With Bluetooth Smart (or Bluetooth Low Energy / Bluetooth LE / BLE / Bluetooth 4.0), there suddenly appear all kinds of possibilities. Like opening a lock only by coming close to it with your mobile phone in your pocket; attaching BLE Tag/Tracker/Sticker/Beacon to things and pets and locating them with your phone or letting the sticker ring; indoor GPS navigation with iBeacon Tags; tracking customer behavior, or hands-free payment with PayPal Beacon.
This article will explain how these innovations are now possible with Bluetooth 4.0 Low Energy (BLE).


Why is Bluetooth Smart (BLE) an Innovation Driver?

The first reason for BLE to drive innovative ideas is, that it is already in your hands. Unlike NFC, it is available on most mobile phones, tablets and PCs that were released in 2011 or later. Second, its energy consumption is so efficient, that a single coin cell can power a Tag/Tracker/Sticker/Beacon for a whole year. Third, there is a mode that does not need pairing but that allows to send out short (2x31 byte) broadcasts/advertisement packets to anyone walking by and listening.

Key Features of Bluetooth Smart

There are a number of features that make BLE stand out. Many of them are not found in competing wireless technologies for home automation like Zigbee and Z-Wave.

  • BLE uses the same frequency as Wifi, 2.4 GHz. The frequency has worldwide regulatory acceptance and it allows for faster data rates than the 915 MHz or 868 MHz frequencies (about 260 Kbps throughput). Unlike Zigbee, there are no modules for other frequencies.
  • Most newer mobile phones can directly receive Bluetooth Smart data without needing another intermediate device.
  • There are many manufacturers for BLE ICs and modules. Therefore the modules are easily available at a price, of currently $6 for a single module that even includes a SoC. High quantities might cost less than half this amount.
  • Bluetooth uses adaptive frequency hopping to choose a channel with the best signal. It will, for example, detect on which channel your WiFi is sending and choose a different one.
  • Bluetooth has radio power control, which allows devices to adjust the transmission power based on the measured signal strength. This will reduce interference if there are many devices.
  • Connecting a paired BLE device is faster than a blink of an eye, in less than 3 ms.
  • BLE data can be encrypted with 128 Bit AES in the controller. This allows your device to be securely authenticated so that a BLE device can be used as key.
  • BLE can send small advertisement packets even to devices that are not paired. The interval at which those packets are sent can be configured from 100 ms to 10.24 sec. The advertisement packet can only contain 31 bytes of data and another scan response packet can contain an additional 31 bytes. For some use cases it is sufficient to periodically send advertising packets without using other Bluetooth Smart features. In that case, a very cheap advertisement-only device could be used that might cost less than $1.

Can others find out my Mobile Phone Bluetooth Device Address and track me?

The short answer is yes, if Bluetooth it is enabled.
But first about advertisement packets. Your mobile phone will not send out advertisement packets unless you ask for it. Only devices that act as peripheral device, as Beacons periodically send out advertisement messages. These messages are not only intended to publish information, but also so that you know when they are awake and can connect to them. On Ubuntu, you can listen for advertisement messages with sudo hcitool lescan.
We know, that if in pairing mode, your device is visible to others. Pairing mode is started on Windows Phone 8 by opening the Bluetooth settings.

While my phone was in pairing mode, I could see its address by typing sudo hcitool scan in Ubuntu.

So far, nothing surprising. But then I came across the article Danish city installs Bluetooth and WiFi sensors to track shopper behaviour. They use 7 sensors to track the location of the Mac address of 'walking' WiFi and Bluetooth devices. The article says "BlipTrack is also being used internationally in railway stations, for road traffic and in airports including Amsterdam Schiphol, Toronto Pearson, Dubai International and Manchester Airport.".
That was surprising to me because I thought my Bluetooth device is only sending out packets to known devices or during pairing. However, this is apparently not true. Rather, your phone will respond to some bluetooth packets from anyone if the packets are addressed to your phone! So all you have to do is to guess the address or try all addresses ranges that are in circulation. If a phone responds at a given address, then you know the address of an invisible phone. Further, with the address, you can query periodically if the phone is in range and the signal strength tells you how far it is away. You can also send the captured address to another stations. With three or more stations, you can get a very detailed position of the device.
The only difficulty in finding invisible devices is, that you do not know their address. I took a mobile phone which has never been paired with my PC. Then I ran sudo hcitool scan on Ubuntu to be sure the phone was not accidentally in pairing mode. Then I ran sudo hcitool info DC:3E:F8:28:03:8B and, to my surprise, information about my phones Bluetooth features were returned. There is also no information on my phone that tells me that somebody asked or is asking it for information.

How does a Beacon / Tag / Sticker Work?

A beacon is a small Bluetooth Smart device. It is about as large as a wireless car key. Since it is Bluetooth Low Energy, it can be battery powered from a coin cell for a few month or up to a year. The beacon can trigger an alert on the Phone, when the token comes within a defined distance and when it leaves the distance. The reach is shorter than that of a WiFi network. A typical operating range is about 2-5 meters / 7-16 feet, though 30 meters / 100 inch are possible in line-of-sight. For example you could attach a Beacon to your Keys and be notified when you are too far away from them. But, because the indoor range of Bluetooth is usually shorter than the size of your apartment, you will get notified a lot if you do not carry the keys with you.
However there are also other, more useful features. First, you can locate a Beacon with your mobile phone. This means, you can use an app to make it ring to find it easily. Or you can use the app to check how far it is away from you. Some Beacons are said to make a sound that is not loud enough, so I would recommend those which can alert at medium and at loud level.
Beacons can also be used to find your Phone. If supported, then you just press a button on the Beacon and your Phone will ring.
Another feature that an App for a Beacon might support is to record the last GPS location where a Beacon became out of distance. This feature might really help to find lost things.
Some apps, like the one in this StickNFind video, also let you mark the Beacon as lost and then other users of the app can help you locate the Beacon. However, the other person would have to be very close to the Beacon to receive its signal.
Beacons can also be used as context sensitive Tags in your house. So when you sit on the couch, for example, a television remote control app could automatically open.
More advanced Beacons will also include a sensor, so that the beacon can provide additional information as to sensor small movements when attached to a door, to measure temperature, humidity or touch. (See TI SensorTag for wireless sensor application in the sources)
Technically, a Beacon is a device, that implements several Bluetooth Profiles as the Proximity Profile, iBeacon Profile and Find Me Profile.
Beacons are rather cheap. Gimbal for example offers a beacon for $ 5 plus taxes and shipping. Philips calles its Beacon Inrange Bluetooth Smart Leash and Microsoft/Nokia calls it Treasure Tag.

How Bluetooth Smart replaces Keys

A Bluetooth Security Device (also called token or proximity device) can lock and unlock your PC, your car, your house and other things.
It is like a key, in the sense that if you have it in your possession, then you can open doors. However you do not have to take any action. It is sufficient that you are close to the object that you want to unlock. If you go away it is locked automatically again, if you want. How close you need to be, to trigger the lock/unlock, can be specified.
The device or token that unlocks your thing must support a profile/service that enables proximity monitoring. So the car, for example will be alerted when the token comes within a defined region and when it leaves the region. The Bluetooth standard defines the Proximity Profile to do just this. The profile was adopted a bit later than other Bluetooth 4 Profiles, in July 2011 (see Press Release). The Proximity Profile requires encryption after each connection to verify the status of the paired device. Smart Key developers may also create their own profile to match their security and other requirements.
Bluetooth locks are already available. For example Kevo offers a Bluetooth Smart lock. It comes with an app in which you can authorize others to open your door from everywhere by sending an eKey to them. If you loose your phone, you can just disable it from another phone.

How PayPal replaces Credit Cards with Bluetooth Smart


When PayPal thought about how it could benefit from the BLE technology, it developed a PayPal Beacon and a PayPal App. It really is an innovation to payment made possible by combining location information, payment and a shopping app that combines stores.
The idea is that you walk into a store and your phone shows a notification saying, that you just checked in with PayPal. According to PayPal, the store can decide how the app should interact with the customer between check-in and payment. So, while you walk through the store, the app could track your location and provide you with information about products that you are near to.
To pay for your items, there are three different scenarios. The first is Pay By Phone. You go to a traditional checkout counter, but instead of showing your credit card you just say, I pay with PayPal. For this to work you must be checked in with the PayPal app. The person at the checkout counter will see the PayPal names of the people standing at the counter and a photo of them. The photo must be taken when you start using the PayPal app. S/he then selects the photo on her screen and the payment is done. You will then get a notification on your phone that you just paid $x.y at store z. You can see all your PayPal transactions in the app. According to PayPal, the payment should work without internet connection.
To prevent the concern that you might pay for somebody else's order, you can specify that you want to approve every purchase. To prevent privacy concerns, you can choose to be automatically checked-in into a store every time you enter it, or to be asked every time you enter the store, or to never check in.
The second scenario is Order Ahead. The app shows you the stores that are near you. You select a a store and then confirm that you want to check-in. Then you can browse through the products that the store offers, select the ones you want and select confirm. You just paid your purchase while you were away from the store. When you come to the store, you just need to pick the items up. I would hope that some stores also send you a notification when your order is ready.
The third scenario is Pay at Table. You go to a restaurant and order as usual. When you want to pay, you open the PayPal app, select the restaurant from the list of stores near you, then you select see bill and you enter your table number. Your bill is displayed and you can pay it with a tip of your choice. The restaurant is immediately informed about your payment. You do not need to call the waiter.
Interestingly, no internet connection is needed to pay for your order.
The PayPal app is a big advantage for stores, because the user will have the app already installed, in which the store can provide its information. It is also much faster than other payment methods. It also offers the same advantage as loyalty cards, since the store can send you promotional offers when you are checked in. PayPal will probably also provide the store with (anonymous) consumer behavior information and (anonymous) demographic information about its customers.
It is also a big advantage for consumers, because you do not have to take out your credit/debit card and enter a key code. Further, you need not worry about loosing your credit/debit card or money. For many younger people it could be just cool to pay hands-free.
So in conclusion, Bluetooth Smart is facilitating mobile payment methods and has a valuable contribution in making cash unnecessary.

How Indoor GPS with iBeacon Works

iBeacon is a specification designed by Apple to extend its Location Services. Implementing the specification is free, but you must agree to an agreement specified by Apple.
iBeacon actually is just a Bluetooth profile to send a specific advertisement message. However, it enables cheap and improved location information. Cheap location information because a minimal Bluetooth Smart device can send advertisement-only packets. The device must not even be able to receive data. Improved location information, because the advertisement packet includes a value that improves the accuracy when determining the distance. So what does the packet contain?
The first important information of the advertisement packet is an UUID. Companies or individuals that posess an iBeacon can choose a unique ID and save it in that field. All iBeacons of a company should have the same UUID.
Further, the packet contains a major and minor. These fields can be set by the company or individual to differentiate their iBeacons. For example all stores in New York could get the same major but within a specific store, the minor of each device would be different.
Then, the packet contains the RSSI at 1 meter. RSSI stands for Received Signal Strength Indicator. It means the strength of the Beacon's signal at a distance of 1 meter. This value is measured for each iBeacon with a calibration app and then used as a constant. As you might be able to imagine, that value gives more information about the signal strength than the transmission power. Your position is determined by using the known location of the iBeacon and the distance that you are away from it. The distance is estimated by using the value of RSSI at 1 meter that was sent by the iBeacon and by the the Received Signal Strength Indicator (RSSI). RSSI is a measurement of the power of the received radio signal. It is calculated by your phone's Bluetooth device for each packet received.
So how can the indoor location be determined with this information? Let's assume you visit a museum that supports the LabWerk Museum app and you already have it installed. When you come in range of the first iBeacon of the museum, then you will get a notification on the lock screen. You just swipe the message to open the museum app. Your phone knows which app to open because the app has told the phone during installation that it wants to be opened if you come in range of a beacon with a specific UUID.
The app then says that it wants to get notified about iBeacons in range and about how strong the signals of these iBeacons are. If there are at least three iBeacons in range, then a process called Trilateration can be used to determine your indoor position with 1-2 meters / 3-6 feet accuracy.
In the USA, iBeacons were installed in 20 ballparks so that better navigation services can be offered to visitors (see here).

What if I cannot connect my Bluetooth device?

If you have difficulties connecting two Bluetooth devices, then it usually helps to turn off and back on Bluetooth on one or both devices.
One I had a problem connecting my Bluetooth headset to my computer. With my mobile phone it was displayed in the Bluetooth devices list but my computer could not find it. That day I did not figure out a solution. But the next day,it appeared to me that some long time ago I had paired the headset with the mobile phone and that I needed to set it in pairing mode again before the computer would find it.

Sources and Further Readings

Site of the Bluetooth Special Interest Group
https://www.bluetooth.org/

Bluetooth Low Energy Presentation from CSR
https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=227336

Advertisement Packet Format
http://processors.wiki.ti.com/index.php/BLEsnifferguide#Advertisementpackets
http://www.eetimes.com/document.asp?doc
id=1280724&page_number=3

Bluetooth Explained
https://learn.adafruit.com/introduction-to-bluetooth-low-energy?view=all

YouTube: PayPal Announces Beacon Hardware | Disrupt SF 2013
https://www.youtube.com/watch?v=znia0jLRo74

Introduction to Bluetooth Low Energy
https://www.safaribooksonline.com/library/view/getting-started-with/9781491900550/ch01.html

E-Book Bluetooth for Programmers
http://people.csail.mit.edu/rudolph/Teaching/Articles/BTBook-march.pdf

Bluetooth Smart Security and Privacy Features
https://developer.bluetooth.org/TechnologyOverview/Pages/LE-Security.aspx

Guide to Bluetooth Security
http://csrc.nist.gov/publications/nistpubs/800-121-rev1/sp800-121_rev1.pdf

Bluetooth Proximity Profile
https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=239392

Bluetooth Profiles (GATT based, BR/EDR Profiles, BR/EDR Protocols)
https://developer.bluetooth.org/TechnologyOverview/Pages/Profiles.aspx

Apple on iBeacon
http://support.apple.com/en-us/HT202880

Kickstarter: GateKeeper: Android/iOS Bluetooth Tracker/Proximity Lock Key
https://www.kickstarter.com/projects/502842298/gatekeeper-protect-your-computer-and-your-privacy

TI SensorTag for wireless sensor application - uses TI CC2541 Chip with 8051 Mikrocontroller
http://www.ti.com/ww/en/wireless_connectivity/sensortag/index.shtml?INTC=SensorTag&HQS=sensortag