How to provide authorization of app before connection?

Hi Shailav,

1. You want to limit the phone to be the only phone that can authenticate the DFU action or also the only phone can connect and access the device ? If it's is the only phone that can access the device then you can think of using whitelist and bonding. Whitelist will limit the number of central that can connect to your device, in this case, the only user phone. Bonding and pairing require the central to have the key to encrypt the link. This key is exchanged using bonding process and stored on the phone.

So when the device has no bonded central it can advertise in open mode and when it's bonded it will use whitelist mode and only accept any operation when the link is encrypted, meaning the central has the key for bonding.

2. You can switch back to open mode when needed (by pressing a physical PAIR button on the device for example).

The private key that you randomly generate should not be exchange outside of your coperation, and should be kept secret. How could attacker get that key ? It's much easier to get the IMEI of the phone of the end user than the secret key that you keep in your company.

I'm no expert in security neither but a more complex mechanism better than a simple "password" could be:

A fixed universal key shared between the app and the firmware, the firmware can generate a random number to challenge and the app need to response with a number generated from that random number and the shared key. The device will validate the response number to check if the key is correct. You can use the serial number or a secret number unique to the device as part of the key. This has to be entered when the user first bond the device to the app. This is to avoid the attacker to get the app and run the app on his phone, he still won't be able to have the correct key. (It could be on the otherway around also, the app has its own unique key that it send to the device at the beginning)

There should be more complex and safer solutions, such as One Time Authorization, Public-Private Key scheme, but I would suggest you to do the research on your own as it's a little bit outside of what we can cover.

Hi, my code is for S110v8.0 and S130 v1.0 as I mentioned in the blog "The following code (for S110v8.0/S130v1.0)"

If you are using with S132 v3.0 you need to use sd_ble_gap_whitelist_set() to set the whitelist. Please have a look here. Please study the id_manager.c in the peer manager library.

You can't simply change the structure defined in the API header files. The structure is fixed, as it's hardcoded in the softdevice, you shouldn't change them.

Hi, my code is for S110v8.0 and S130 v1.0 as I mentioned in the blog "The following code (for S110v8.0/S130v1.0)"

If you are using with S132 v3.0 you need to use sd_ble_gap_whitelist_set() to set the whitelist. Please have a look here. Please study the id_manager.c in the peer manager library.

You can't simply change the structure defined in the API header files. The structure is fixed, as it's hardcoded in the softdevice, you shouldn't change them.