https://devzone.nordicsemi.com/f/nordic-q-a/51957/methods-for-bluetooth-mesh-secure-provisioning-and-can-it-be-done-using-the-serial-interfaceHi, I have a question about Bluetooth mesh secure provisioning, as it is described in the spec section 5.4.3. The spec states that either 1) both OOB public key exchange and static OOB authentication 2) OOB input/output authentication is neededen-USTelligent Community 13Tue, 10 Sep 2019 13:37:19 GMThttps://devzone.nordicsemi.com/thread/208976?ContentTypeID=1Tue, 10 Sep 2019 13:37:19 GMT137ad170-7792-4731-bb38-c0d22fbe4515:5203c387-1f33-4cd4-824c-d7e2382420e6Hung Bui<p>Hi Pilli,&nbsp;</p> <p></p> <p>My understanding is that there must be at least one real (non static) OOB method of exchanging data is used. Either it&#39;s in the ECDH calculation (Public key exchange)&nbsp; or in the authorization phase where the Input/Output/static OOB is used.&nbsp;</p> <p>If you use static OOB, you must not transfer the public key openly (via Bluetooth). The static OOB data can be compromised if the attacker has access to device (read the flash). So if the OOB key is sent over Bluetooth, the attacker can act as Man in the middle (MITM)&nbsp;</p> <p>You can use serial to get the public keys. The protocol on how to send them is on your own. When you receive it you would need to wait for&nbsp;NRF_MESH_PROV_EVT_OOB_PUBKEY_REQUEST event, and then reply with&nbsp;nrf_mesh_prov_pubkey_provide()</p> <p>If you want to do output/input OOB, you would need to wait for&nbsp;NRF_MESH_PROV_EVT_OUTPUT_REQUEST then display it or&nbsp;<span>NRF_MESH_PROV_EVT_INPUT_REQUEST then reply with&nbsp;nrf_mesh_prov_auth_data_provide.</span></p> <p><span>You can find an example of doing output OOB in our demo <a href="https://github.com/NordicPlayground/thingy52-mesh-provisioning-demo">here</a>, check out the my_mesh_provisionee.c file .&nbsp;</span></p><div style="clear:both;"></div>