white list creation

The purpose of the whitelist is to restrict connection and/or scanning from everyone everyone except pre-determined devices that you know the address or Identity Resolving Key (IRK) of. For practical purposes, this means only bonded devices that you have had contact with from before.

For your scenario, you could look at enforcing encryption at the start of the connection and make use of the static passkey functionality to set a secret PIN code. If the database is security-with-MITM-protected, it will deny anything but discovery operations until security is set up.

It is also possible to make a custom solution based on authorization. If your protected attributes require authorization, the app will be asked to authorize each read/write (as configured). You could then deny all operations until a particular blob of data is written to one of the characteristics, and make that "unlock" reading/writing for that particular link.

The purpose of the whitelist is to restrict connection and/or scanning from everyone everyone except pre-determined devices that you know the address or Identity Resolving Key (IRK) of. For practical purposes, this means only bonded devices that you have had contact with from before.

For your scenario, you could look at enforcing encryption at the start of the connection and make use of the static passkey functionality to set a secret PIN code. If the database is security-with-MITM-protected, it will deny anything but discovery operations until security is set up.

It is also possible to make a custom solution based on authorization. If your protected attributes require authorization, the app will be asked to authorize each read/write (as configured). You could then deny all operations until a particular blob of data is written to one of the characteristics, and make that "unlock" reading/writing for that particular link.