https://devzone.nordicsemi.com/f/nordic-q-a/27202/is-nfc-static-passkey-bonding-possibleHi, i&#39;m currently working on a low power sensor device based on nrf52832. I want to transfer data only to bonded central devices. Priority is using static passkey, but my hardware can deal with NFC as well. I&#39;m a little confused with all pairing optionsen-USTelligent Community 13Tue, 21 Nov 2017 11:53:10 GMThttps://devzone.nordicsemi.com/thread/107248?ContentTypeID=1Tue, 21 Nov 2017 11:53:10 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8834c5c6-9575-404e-bd20-f9c1463da932Petter Myhre<p>You may end up with Just Works even though you have set OOB and MITM. If both peers have set OOB it will be used, if one of them have not, IO capabilities will be used to determine if passkey entry can be done, if it can&#39;t, Just Works will be used. If this isn&#39;t acceptable you can reject the peer during pairing, or you can disconnect the link after pairing is done. I think <a href="https://devzone.nordicsemi.com/question/178251/pairing-procedure-authentication-requirement/">this</a> might be of help to you.</p> <p>Even though pairing is complete, this doesn&#39;t necessarily mean that peer can access all your attributes, it depends on what security level you have set on them. Just works will result in security level 2, and if you have set security level 3 (Passkey entry or OOB) on your attributes the peer will still not be able to access them.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/107247?ContentTypeID=1Mon, 20 Nov 2017 17:29:50 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9b550c92-649b-4ed8-92e7-92ae0e2dfe7eFanis<p>I&#39;ve just expected OOB and MITM options Turned on will give me more security when i switch to bonding mode with NFC (my application initializes static passkey bonding, but on button press i run pm_sec_params_set() with oob features to switch to bonding over NFC setup). For some reason in this state bonding doesn&#39;t use OOB_AUTH_KEY transmitted through NFC. Yes pairing request pops up when attaching Android phone, but actually any one else can pair to the device using it&#39;s BLE and with no password (similar to Just Works).</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/107246?ContentTypeID=1Mon, 20 Nov 2017 16:20:46 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ba83dea1-a18f-4b47-91dd-764bd2554c51Petter Myhre<p>I&#39;m having difficulties understand what you meant by your last comment. Is there still a problem?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/107245?ContentTypeID=1Sun, 19 Nov 2017 18:53:28 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5069fb41-8e89-405c-af5f-801976311661Fanis<p>Thanks. It seems to work fine to readjust pm_sec_params_set() on the fly (while no connect) without reinitializing all the rest BLE stuff. But what i mentioned now is that actually when i switch for a short period to NFC connection mode with OOB=1, MITM=1 and BOND=1 parameters, it works more like Just works bonding. For example anyone can connect to the nrf peripheral and bond without password over BLE. Only use of NFC this way is only limited by quick popping up of pairing dialog without managing it manually.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/107244?ContentTypeID=1Wed, 08 Nov 2017 11:46:45 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9700dbb1-0ed0-4234-83b9-546e39f181c5Petter Myhre<p>I&#39;m assuming you are making a peripheral device.</p> <p>When the central sends a pairing request the Peer Manager must know if it is going to tell the central if OOB is supported or not. If OOB is supported by both sides, this is what shall be used, per spec. If OOB isn&#39;t supported by either side, IO capabilities will be checked to see if passkey entry can be performed.</p> <p>You can tell the Peer Manager if OOB is supported or not by using pm_sec_params_set(). This can be called several times to set/unset OOB support.</p><div style="clear:both;"></div>