• State Verified Answer
  • Replies 5 replies
  • Subscribers 73 subscribers
  • Views 3507 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 117087
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

how to generate passkey at BLE peripheral without LCD/Keyboard?

Anjali

Hello,

I have just started working with BLE, and I am trying out trial examples in NRF SDK 12, on pca 10031 board

I am working with ble_app_uart (BLE peripheral)example, I wanted to explore what security options I could use with my application.

1)I want to implement a challenge response kind of mechanism, through which I can find if the android app and peripheral device are from the same manufacturer. However, I want to start this procedure only after the devices have paired (not bonded) after exchanging a static passkey.

  1. If the device does not match the passkey, no other communication should take place, it should just disconnect.

I have read that exchanging a static passkey is possible since S110, but I am not sure if

  1. I enable it at the peripheral, how bonding would initiate, do I need to set static passkey at the central device?

  2. For the requirement in point (2), I don't have a good understanding of communication procedures at GAP level, so please suggest how to go about it? and most importantly is it necessary that this communication procedure should be handled at central device (my device is BLE peripheral)?

Parents
  • 0
    1. See this MSC for static passkey. Only the central device can send a pairing request, but the peripheral can send a security request, see this. With Android this will most likely trigger pairing, with iOS less likely. A pairing request can also be triggered when the central tries to access an attribute that requires authentication. The third option is to trigger the pairing from the app on the smart phone.

    You do not need to set a static passkey at the central, but you will get a pop-up where you have to type the static passkey in.

    1. This question may give some insight.

    A peripheral will allow any central to connect to it, as long as it is not using a whitelist. You connect before your pair, you pair to increase the security level of the link so that you can access characteristic values or descriptors that require a certain security level.

    You can set the security requirement of the characteristic values and descriptors by using the GAP attribute security requirement setters, see for example in glucose_feature_char_add() where you need security level 2 (BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.read_perm);) to read the characteristic value.

  • 0 in reply to Petter Myhre

    devzone.nordicsemi.com/.../ this link mentioned in one of suggested links is very helpful in getting insights on how to decide over which type of security can be used. However from reading these links, the security is provided for authenticating devices not users. Anyways, I will update if I get a clearer picture of testing MITM with my application. Thanks for useful insights

Reply Children
No Data
Related
Terms of service