This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Passkey security for particular services.

Hi,

I am Working on a BLE application in which I do not want to expose certain services until I am securely paired/bonded to a valid device. The problem is that during discovery, it seems that all primary services are exposed to the client in order for it to finalize the connection. Is there any way to hide some services until a later time?

I have gone through this link developer.mbed.org/.../HeartRateSecService.h and followed the way to find out the solution but still not succeeded.

Please help me.

Top Replies

Ulrich Myhre over 7 years ago in reply to Jørgen Holmefjord +1

To add to this, the Bluetooth spec mandates that all services, characteristics and descriptors should be discoverable. You are allowed to protect attributes from being read or written to, but not allowed…

Parents

0 Jørgen Holmefjord over 7 years ago

Hi,

Do you need the services to be completely hidden or is it sufficien that the values are non-readable? If you need the services to not show at all, you can add the services after bonding. Remember to indicate a service change to the connected device by calling sd_ble_gatts_service_changed(). Notice that you are not allowed to remove services from the GATT table. If the device is disconnected a reinitialization of the softdevice will be required to remove the services.

You can set attribute security parameters using BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM() to require pairing using passkey for accessing the attributes. Notice that the service and its characteristics will still be visible in the GATT table. They will however not be read or writable until after bonding.

Best regards,

Jørgen
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Jørgen Holmefjord over 7 years ago

Hi,

Do you need the services to be completely hidden or is it sufficien that the values are non-readable? If you need the services to not show at all, you can add the services after bonding. Remember to indicate a service change to the connected device by calling sd_ble_gatts_service_changed(). Notice that you are not allowed to remove services from the GATT table. If the device is disconnected a reinitialization of the softdevice will be required to remove the services.

You can set attribute security parameters using BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM() to require pairing using passkey for accessing the attributes. Notice that the service and its characteristics will still be visible in the GATT table. They will however not be read or writable until after bonding.

Best regards,

Jørgen
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Ulrich Myhre over 7 years ago in reply to Jørgen Holmefjord

To add to this, the Bluetooth spec mandates that all services, characteristics and descriptors should be discoverable. You are allowed to protect attributes from being read or written to, but not allowed to hide services. The idea is that a device should be able to connect with your device, perform a discovery, then decide if there is something interesting there. If not, it might disconnect before even attempting to pair or bond. To me, it sounds like you want to protect your service, using the macros written in the answer above. Having a "secret" service that pops out after certain criteria is met will lead to much work if you want to stay compliant to the Bluetooth specification. Namely by forcing any device that connects to rediscover your whole database every time, and again after encryption.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel