• State Verified Answer
  • Replies 7 replies
  • Subscribers 75 subscribers
  • Views 524 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 338952
Options

Implement access levels in BLE characteristics

Beldramma

Hi,

I have a BLE interface with services and characteristics and I want to have different level accesses for my characteristics with for example two levels:

  • level user: I can only read the characteristics
  • level technician: I can read and write the characteristics

Is there a way to do that ?

Thanks

  • 0

    Hi,

    There i no concept of users in Bluetooth LE. However, there is a conecpt of security levels (see dev academy), and you can requier a different security level fro reading and writing (for instance allow anyone to read, but only allow paired/bonded devicec above a certain threshold to write to a characteristic. Could that be used in your case?

  • 0

    Hello,

    If you look at the implementation of the Nordic UART Service (NUS), found in ncs\nrf\subsys\bluetooth\services\nus.c, you can look at how the service and characteristics are set up, starting with the line "BT_GATT_SERVICE_DEFINE(...)"

    This sample has a config to set up authentication (which will require encryption), so see how it sets e.g. either BT_GATT_PERM_WRITE or BT_GATT_PERM_WRITE_AUTHEN, depending on whether CONFIG_BT_NUS_AUTHEN is defined or not. 

    You can look up all the different levels of encryption in ncs\zephyr\include\bluetooth\gatt.h, in the bt_gatt_perm enum.

    So in your case, you would set BT_GATT_PERM_READ for all characteristics that the user should be able to access, and then you set e.g. BT_GATT_PERM_WRITE_ENCRYPT or BT_GATT_PERM_WRITE_AUTHEN on the characteristics that only the technician should be able to write to. (or any of the other WRITE values, depending on the level of security used in the pairing/bonding process. 

    BT_GATT_PERM_WRITE: Everyone can write

    BT_GATT_PERM_WRITE_ENCRYPT: You need to be encrypted using just works encryption or better (meaning the keys are just sent over the air)

    BT_GATT_PERM_WRITE_AUTHEN: You need to be encrypted using a key (e.g. a 6-digit numerical pin). 

    BT_GATT_PERM_WRITE_LESC: You need to use LE SECURE Connection to write to the characteristic. 

    Best regards,

    Edvin

  • 0

    Hi Einar, Edvin,

     thanks for the quick answers.

      I already know these security levels and I use them (Le secure connections). In my case, I don't want just anyone to be able to access the charactéristics so all characteristics are protected with pairing through a password, it is after this step that I want to have these differrent access levels.

     , in what you talk about, is it possible to have what I was talking to Einar ?

    To implement these access levels, I have began to look at Bluetooth-SIG Authorization Control Service (ACS), which seems to permit that.

    Do you know this service ?DO you have any information on it ? Someone at Nordic told me that this service is not implemented for the moment in NRF Connect SDK, can you confirm that ?

  • 0

    Hello,

    Looks like me and Einar replied at the same time.

    I don't think we have an implementation for this particular service. 

    So what is the flow when a technician connects and pairs/bonds with the device? How do you prevent a normal user from using LESC? Does the technician input some sort of passkey when pairing?

    BR,
    Edvin

  • 0

    Hi  

    These different access levels are not implemented on our side for the moment, our current product protects all characteristics through LE Secure Connection.

    What we want is that after this step, not all people can for example write the characteristics. The idea can be to enter another password in order to have the possibility to write a characteristic.

Related
Terms of service