Private resolvable addresses and unbonded devices

Question

We are developinga product for a customer they want a secure connection and I'm trying to get my head around a certain aspect of the security: 
 If we choose to use a private resolvable address in the advertising this requires an smartphone to have the IRK(through bonding previously) in order to connect again.
So, if a smartphone has never bonded with the board how does it resolve the address without the IRK?
They want the board to be bondable to up to 8 devices so, even though the board is bonded to less than 8 devices and advertising on the private resolvable address there will still be devices that need to bond (for the first time). 
 My instincts tell me that this is not possible and we need to go with random static address type, but I would like your input first. 
 Thanks, 
 Lee.

Petter Myhre · Accepted Answer

The address type of the peripheral is irrelevant in regards to if a central can connect to a it or not. What matters is if the peripheral uses a whitelist or not. If it is using a whitelist only connection requests from centrals in it will be accepted. The whitelist can contain static addresses and/or IRKs. 
 The main point of using a resolvable private address is to achieve privacy. This means that friendly (bonded) device can identify the device, while unfriendly (not bonded) devices cannot.

Private resolvable addresses and unbonded devices

Top Replies