https://devzone.nordicsemi.com/f/nordic-q-a/22673/authenticate-using-buttonHi, we are building a device based on nrf52832. Everyone with the app installed should be able to connect to some characteristics on the device but we want other characteristics (that changes the device behavior) to be protected. The device have aen-USTelligent Community 13Tue, 13 Jun 2017 07:15:26 GMThttps://devzone.nordicsemi.com/thread/89138?ContentTypeID=1Tue, 13 Jun 2017 07:15:26 GMT137ad170-7792-4731-bb38-c0d22fbe4515:6bacfc9d-6e9d-4d5e-9abb-88260cdfcc8bolovh<p>Thanks for your ideas and responses! @hung bui: I was trying to explain that I was looking for a way to also deny pairing requests and not only deny bonding requests. After som sleep and fresh coffee It was easily fixed by supplying a NULL argument to pm_sec_params_set() and I believe it all works fine for us now.</p> <p>In other words - ok to close this ticket now.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/89137?ContentTypeID=1Mon, 12 Jun 2017 16:18:13 GMT137ad170-7792-4731-bb38-c0d22fbe4515:883fc231-8540-492b-9ceb-7ab2c44a1e05Hung Bui<p>@olov: Could you clarify that the issue you have now is central device can pair but cannot bond ? It&#39;s a little bit unclear on the issue you described: <em>&quot;Problem with current setup is that all peers with access to the static key, which is distributed in the app, can do MITM level encryption and access the restricted attributes. It is just that they cannot bond unless button is pressed (have physical access to the unit).&quot;</em></p> <p>isn&#39;t <code>It is just that they cannot bond unless button is pressed (have physical access to the unit).</code> what you want to achieve ?</p> <p>I don&#39;t see any problem of using a physical button to reject bonding /pairing. You simply have to reject pairing when BLE_GAP_EVT_SEC_PARAMS_REQUEST event is received with BLE_GAP_SEC_STATUS_PAIRING_NOT_SUPP, if the button is not pressed.</p> <p>Please have a look at our ble_app_uart example, where we always reject pairing.</p> <p>Another option you can do is to set your protected characteristic with authorization property. So that if the button is not pressed, all the read and write to it will be rejected by the application.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/89136?ContentTypeID=1Mon, 12 Jun 2017 14:52:46 GMT137ad170-7792-4731-bb38-c0d22fbe4515:fb2a72d0-5ce1-46fb-a903-88ef7edf802edav lion<p>My nrf51 product does something like this. We use an unprotected characteristic on the board (peripheral) that the Central writes when it wants to Pair. On receipt of this message, the peripheral shows an indicator to user (in our case a particular pattern of leds). If the user accepts by pressing a button, the Peripheral informs the Central (ios/android) via an hvx on the unprotected characteristic. Also, the peripheral sets a flag that allows connections to an encrypted characteristic, recording the address of the current Central. For the rest of the duration of the current connection, the Central may attempt to read from an encrypted characteristic (setup for JustWorks pairing). The peripheral gates whether pairing is allowed inside it&#39;s on_ble_event handler, when processing the BLE_GATTS_EVT_RW_AUTHORIZE_REQUEST. When the connection to the central closes, the peripheral stops allowing pairing.</p><div style="clear:both;"></div>