Authentication/Authorization using mobile phone

Okay, your note about non-standard is helpful. Is there a standard approach for only allowing bonding/pairing with a mobile phone which has the proper credentials to do so? This assumes there is no IO capabilities physical access to the device.

If not, then I expect I will need to use Just Works bonding and perform an authentication using a custom characteristic after establishing the bond.

Hi,

There is no standard approached that would work in this case, so you must use a method of your own, as you have outlined. My point about this being non-standard was that I cannot guarantee that it will be a good solution, as it is often easy to overlook potential security issues.