Good evening. I write a project on nrf51822 in which there are a number of services with a set of characteristics (write and read). I need to limit access to some characteristics with a password. Is it possible?
Good evening. I write a project on nrf51822 in which there are a number of services with a set of characteristics (write and read). I need to limit access to some characteristics with a password. Is it possible?
You can do whatever you want on APP layer so if you define protocol on top of that Characteristic and implement some password verification the it will work. On BLE level you have only Security Manager methods which restrict access to certain (G)ATT objects as per link (encrypted/unencrypted) status but that is global for the link and GATT Server, you cannot make it more granular and define some additional PINs or passwords for each object...
You can do whatever you want on APP layer so if you define protocol on top of that Characteristic and implement some password verification the it will work. On BLE level you have only Security Manager methods which restrict access to certain (G)ATT objects as per link (encrypted/unencrypted) status but that is global for the link and GATT Server, you cannot make it more granular and define some additional PINs or passwords for each object...
That is, it is necessary to implement the response function at the application level. I write password to the character , and it gives me the data if the password is correct?
Basically yes, just translate it to language of (G)ATT methods such as Read/Write/Notify...
I write password in the WRITE characteristic and it NOTIFIES me with data if password is correct? thanks.
And what about rd_auth/wr_auth?
You are right, there exist two levels on (G)ATT layer: Authorization to Read/Write and Authentication to Read/Write. It seems that authorization is what you are looking for (that depends on App proprietary state and explicit permission to execute while the other should just relate to Link state - if it uses encryption or not). See GATT Server message sequence charts here. I've totally forgotten about these and reason probably is that I've never seen this in use. Passwords are adding typically almost no security at all so if you are not able to utilize BLE security inside the stack (e.g. because it doesn't scale to fleet of many devices) then you should design proper secure channel protocol on APP layer.
