White-list with "Just works" simple pairing

Hi, 

Please allow me to explain more.

I understand that I might use white-list feature with address only, but this requires that remote device exposes its public address. If remote device uses private resolvable address, the white-list would not work correctly after remote device refreshes its address. In this situation, as I know, the IRK created by pairing/bonding process might be the solution, and this results in the question I mentioned in my original post. Is this correct ?

Any advice and suggestions will be appreciated.

Hello, whitelist can be used with both address and IRK. If you have included ble_advertising.c in your project, then there will be a BLE_ADV_EVT_WHITELIST_REQUEST event to allow the application to provide the address and IRK to be used during advertisment with whitelist. If you want to bond with a new central you can disable whitelist by calling ble_advertising_restart_without_whitelist().

Hi, Kenneth

Thanks for your reply. However, I want to know if it is possible that I could get IRK information from remote device which use private resolvable address, by using non-MITM "Just works" simple pairing.

Thank you.

The peer manager included in nRF5 SDK will automatically handle this for you, and store address or IRK as required by the address type. The application can get address and IRK by calling pm_whitelist_get().

The peer manager included in nRF5 SDK will automatically handle this for you, and store address or IRK as required by the address type. The application can get address and IRK by calling pm_whitelist_get().

Hi, Kenneth

Thanks for your kindly reply. So, you mean that even if we use non-MITM pairing/bonding procedure, which is "Just works" simple pairing, we still could have white-list feature working correctly, but we need to use peer manager instead of ble device manager. Is this correct ?

Because the example projects in SDK use MITM pairing/bonding procedure, we are not sure if we could replace it with non-MITM pairing/bonding procedure. The MITM pairing/bonding procedure would result in the unfriendly user experience when we need to do un-pairing in iOS application.

Thank you.

This will also work with device manager. I do not understand why you say the HID mouse example is using MITM, the define is:

#define SEC_PARAM_MITM                  0                                           /**< Man In The Middle protection not required. */

Maybe what you mean is that you only want to pair, but not bond? Then that is controlled by:

#define SEC_PARAM_BOND                  1                                           /**< Perform bonding. */

Hi, Kenneth

I apologize for mixing the MITM, pairing, and bonding. Maybe, as you said, I should ask if I could use white-list with pairing only and WITHOUT encryption and bonding.

Thank you

I don't expect you will be able to do that. Pairing is mainly used for a temporary connection with encryption, while bonding is intended for long time persistent connection with identity and key exchange. You would not need to have any identity exchange for a temporary connection.