https://devzone.nordicsemi.com/f/nordic-q-a/2327/implement-the-authentication-procedure-at-application-levelHi all, I have a devicewith display and only want a specific smartphone with my APP to connect to it. I implement the authentication procedure at application level by adding a custom Service/Charateristics and checking for a changeable passworden-USTelligent Community 13Fri, 25 Apr 2014 01:56:22 GMThttps://devzone.nordicsemi.com/thread/9600?ContentTypeID=1Fri, 25 Apr 2014 01:56:22 GMT137ad170-7792-4731-bb38-c0d22fbe4515:905e2d49-c9c7-42c3-bfaa-174082bbd5adJuliane<p>I want to achieve authorization with my APP rather than the phone,and other APP can&#39;t get my data of device .</p> <p>I define my own service and characteristics to achieve this ,app send request and I generate the one-time password on display.But i dont&#39;t konw how can i generate the one-time password,can you help me ?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/9599?ContentTypeID=1Thu, 24 Apr 2014 14:21:09 GMT137ad170-7792-4731-bb38-c0d22fbe4515:6ac9342c-a89c-438c-942f-299802baea6bUlrich Myhre<p>There are many ways to do this, depending on</p> <ol> <li>Which side is doing the authentication</li> <li>The control you have of each device</li> </ol> <p>I would probably design a feature using GATT authorization. The initiating side could send a read request to an authorized characteristic value on the peer side, letting the peer application retrieve the return value from RAM/flash or even user input before sending it back. The value could then be used as a challenge, and challenge-response could be written back to complete the handshake.</p> <p>I&#39;m interested in why you do not want to use the BLE authentication procedures though. Is it because of security implications, or does this have to fit into an already existing application? OOB authentication is often overlooked, and is more secure than just using a 6-digit MITM PIN.</p><div style="clear:both;"></div>