• State Verified Answer
  • Replies 7 replies
  • Subscribers 75 subscribers
  • Views 534 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 338952
Options

Implement access levels in BLE characteristics

Beldramma

Hi,

I have a BLE interface with services and characteristics and I want to have different level accesses for my characteristics with for example two levels:

  • level user: I can only read the characteristics
  • level technician: I can read and write the characteristics

Is there a way to do that ?

Thanks

Parents
  • 0

    Hello,

    If you look at the implementation of the Nordic UART Service (NUS), found in ncs\nrf\subsys\bluetooth\services\nus.c, you can look at how the service and characteristics are set up, starting with the line "BT_GATT_SERVICE_DEFINE(...)"

    This sample has a config to set up authentication (which will require encryption), so see how it sets e.g. either BT_GATT_PERM_WRITE or BT_GATT_PERM_WRITE_AUTHEN, depending on whether CONFIG_BT_NUS_AUTHEN is defined or not. 

    You can look up all the different levels of encryption in ncs\zephyr\include\bluetooth\gatt.h, in the bt_gatt_perm enum.

    So in your case, you would set BT_GATT_PERM_READ for all characteristics that the user should be able to access, and then you set e.g. BT_GATT_PERM_WRITE_ENCRYPT or BT_GATT_PERM_WRITE_AUTHEN on the characteristics that only the technician should be able to write to. (or any of the other WRITE values, depending on the level of security used in the pairing/bonding process. 

    BT_GATT_PERM_WRITE: Everyone can write

    BT_GATT_PERM_WRITE_ENCRYPT: You need to be encrypted using just works encryption or better (meaning the keys are just sent over the air)

    BT_GATT_PERM_WRITE_AUTHEN: You need to be encrypted using a key (e.g. a 6-digit numerical pin). 

    BT_GATT_PERM_WRITE_LESC: You need to use LE SECURE Connection to write to the characteristic. 

    Best regards,

    Edvin

Reply
  • 0

    Hello,

    If you look at the implementation of the Nordic UART Service (NUS), found in ncs\nrf\subsys\bluetooth\services\nus.c, you can look at how the service and characteristics are set up, starting with the line "BT_GATT_SERVICE_DEFINE(...)"

    This sample has a config to set up authentication (which will require encryption), so see how it sets e.g. either BT_GATT_PERM_WRITE or BT_GATT_PERM_WRITE_AUTHEN, depending on whether CONFIG_BT_NUS_AUTHEN is defined or not. 

    You can look up all the different levels of encryption in ncs\zephyr\include\bluetooth\gatt.h, in the bt_gatt_perm enum.

    So in your case, you would set BT_GATT_PERM_READ for all characteristics that the user should be able to access, and then you set e.g. BT_GATT_PERM_WRITE_ENCRYPT or BT_GATT_PERM_WRITE_AUTHEN on the characteristics that only the technician should be able to write to. (or any of the other WRITE values, depending on the level of security used in the pairing/bonding process. 

    BT_GATT_PERM_WRITE: Everyone can write

    BT_GATT_PERM_WRITE_ENCRYPT: You need to be encrypted using just works encryption or better (meaning the keys are just sent over the air)

    BT_GATT_PERM_WRITE_AUTHEN: You need to be encrypted using a key (e.g. a 6-digit numerical pin). 

    BT_GATT_PERM_WRITE_LESC: You need to use LE SECURE Connection to write to the characteristic. 

    Best regards,

    Edvin

Children
No Data
Related
Terms of service