How i can restrict nrf52832 connecttion with the custom mobile application only?

RE: How i can restrict nrf52832 connecttion with the custom mobile application only?

cbd — Thu, 11 Jul 2019 10:57:17 GMT

Agreed (with awneil).

In this case you can't prevent connection, but you can prevent access to data by using GATTs Read and Write Request with Authorization.

In a custom service you can pass an "authorization token" to your device - say a GUID that is pre-programmed into your device - in a custom characteristic. Any app connecting to your device should provide this token.

The rest of your custom characteristics and services should be set to require read and write authorization. On handling the request you compare the token in the "authorization" characteristic and allow or deny the action accordingly.

RE: How i can restrict nrf52832 connecttion with the custom mobile application only?

awneil — Thu, 11 Jul 2019 10:38:41 GMT

Not sure how well that's going to work - since the whole point of GATT is exactly that it's a standard protocol for discovering the Services of a Peripheral...

RE: How i can restrict nrf52832 connecttion with the custom mobile application only?

Heena — Thu, 11 Jul 2019 10:32:04 GMT

[quote userid="6462" url="~/f/nordic-q-a/49548/how-i-can-restrict-nrf52832-connecttion-with-the-custom-mobile-application-only/197725"]But, from your OP, it sounded like you wanted to restrict your nRF to connect to only one app - not to restrict is to a particular user?[/quote]

Yes, I dont want to restrict it to a particular user.

I just want my product to get connect with the application developed by us.if user tries to connect with any other app, then it should get connect but within 30 seconds it will disconnects.So that the BLE services developed by us won't be visible to others.

Mainly we want to restrict others to do reverse engineering.

RE: How i can restrict nrf52832 connecttion with the custom mobile application only?

awneil — Thu, 11 Jul 2019 07:50:19 GMT

It's your system - it's up to you to design it to do whatever it is that you require.

We don't know what you are actually trying to achieve - what is your goal here?

http://www.catb.org/esr/faqs/smart-questions.html#goal

But, from your OP, it sounded like you wanted to restrict your nRF to connect to only one app - not to restrict is to a particular user?

Think about how printers recognise whether you've inserted a manufacturer's genuine ink cartridge, or a 3rd-party sunstitute ...

Is that the kind of thing you're trying to do?

RE: How i can restrict nrf52832 connecttion with the custom mobile application only?

Heena — Thu, 11 Jul 2019 05:42:33 GMT

When we say authorization /authentication process, we can create custom service and expect user to respond back with particular password after connecting or something like this?

RE: How i can restrict nrf52832 connecttion with the custom mobile application only?

Heena — Thu, 11 Jul 2019 05:38:16 GMT

Thanks for the reply.....

RE: How i can restrict nrf52832 connecttion with the custom mobile application only?

awneil — Wed, 10 Jul 2019 15:37:22 GMT

[quote userid="81321" url="~/f/nordic-q-a/49548/how-i-can-restrict-nrf52832-connecttion-with-the-custom-mobile-application-only"]Is it possible[/quote]

Sure it is - just like a website that will only let you in if it "knows" you!

You would need to have some sort of secure authentication/authorisation process ...

RE: How i can restrict nrf52832 connecttion with the custom mobile application only?

awneil — Wed, 10 Jul 2019 15:36:10 GMT

[quote userid="73165" url="~/f/nordic-q-a/49548/how-i-can-restrict-nrf52832-connecttion-with-the-custom-mobile-application-only/197644"]use sd_ble_gap_addr_get() to get the peer address[/quote]

Assuming that the Central has a fixed address ?

If the Central is a phone, that is normally not the case.

RE: How i can restrict nrf52832 connecttion with the custom mobile application only?

Jared — Wed, 10 Jul 2019 13:48:37 GMT

Hi,

You could use sd_ble_gap_addr_get() to get the peer address of the connected device and compare it with the address that you want to connect to. If it doesn't match the specific address you could then proceed to disconnect. Another alternative would be to use whitelist, but this would prevent the device from connecting in the first place.

Jared