Passkey security for particular services.

RE: Passkey security for particular services.

Ulrich Myhre — Tue, 25 Oct 2016 22:26:08 GMT

To add to this, the Bluetooth spec mandates that all services, characteristics and descriptors should be discoverable. You are allowed to protect attributes from being read or written to, but not allowed to hide services. The idea is that a device should be able to connect with your device, perform a discovery, then decide if there is something interesting there. If not, it might disconnect before even attempting to pair or bond. To me, it sounds like you want to protect your service, using the macros written in the answer above. Having a "secret" service that pops out after certain criteria is met will lead to much work if you want to stay compliant to the Bluetooth specification. Namely by forcing any device that connects to rediscover your whole database every time, and again after encryption.

RE: Passkey security for particular services.

Jørgen Holmefjord — Tue, 25 Oct 2016 11:50:25 GMT

Hi,

Do you need the services to be completely hidden or is it sufficien that the values are non-readable? If you need the services to not show at all, you can add the services after bonding. Remember to indicate a service change to the connected device by calling sd_ble_gatts_service_changed(). Notice that you are not allowed to remove services from the GATT table. If the device is disconnected a reinitialization of the softdevice will be required to remove the services.

You can set attribute security parameters using BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM() to require pairing using passkey for accessing the attributes. Notice that the service and its characteristics will still be visible in the GATT table. They will however not be read or writable until after bonding.

Best regards,

Jørgen