This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Whitelist - Don't Quite understand how they are supposed to work

Hello,

We would like our app to only be seen by:

  1. Devices that have previously connected
  2. Devices that we allow to be added to the whitelist via the temporary disabling

I have been using the ble_app_proximity SDK 8.0.0 as a guide to obtain this behavior but cannot get it to work. No matter what advertising mode I am in, all devices can see the advertisements. Is there an explicit way you get added to the whitelist? I thought it was just the act of connecting that added the device to the list.

Any clarification would be appreciated. Apparently the code below performs the magic but I'm not sure if this is enough. Do I need to augment it with more logic?

    ble_gap_addr_t       * p_whitelist_addr[BLE_GAP_WHITELIST_ADDR_MAX_COUNT];
    ble_gap_irk_t        * p_whitelist_irk[BLE_GAP_WHITELIST_IRK_MAX_COUNT];

    whitelist.addr_count = BLE_GAP_WHITELIST_ADDR_MAX_COUNT;
    whitelist.irk_count  = BLE_GAP_WHITELIST_IRK_MAX_COUNT;
    whitelist.pp_addrs   = p_whitelist_addr;
    whitelist.pp_irks    = p_whitelist_irk;

    err_code = dm_whitelist_create(&m_app_handle, &whitelist);
    APP_ERROR_CHECK(err_code);

    if ((whitelist.addr_count != 0) || (whitelist.irk_count != 0))
    {
        adv_params.fp          = BLE_GAP_ADV_FP_FILTER_CONNREQ;
        adv_params.p_whitelist = &whitelist;

        advertising_init();
        m_advertising_mode = BLE_FAST_ADV;
    }
    else
    {
        m_advertising_mode = BLE_SLOW_ADV;
    }

    adv_params.interval = APP_ADV_INTERVAL_FAST;
    adv_params.timeout  = APP_FAST_ADV_TIMEOUT;

    err_code    = bsp_indication_set(BSP_INDICATE_ADVERTISING_WHITELIST);
    APP_ERROR_CHECK(err_code);
    break;

Thanks!

  • Advertising is an active part that you are doing, and this is visible for every devices that is scanning, and it is up to them to show or hide the device or try to connect to it.

    The whitelist part is that your device with the setting adv_params.fp = BLE_GAP_ADV_FP_FILTER_CONNREQ; only allow devices in the whitelist to connect to you, and will ignore all other connect request. This way the device will continue to advertise until one device that you already know tries to connect, or that the advertising times out.

    It is not possible to hide the advertising from the other devices. What you can do is to start using a random resolvable address, and stop using identifiable advertising data. That way only devices that have your local device IRK can resolve your address, and know that this is your device that they previously bonded to.

  • Ahh, this is very helpful. Thanks for the clarification. Is it a valid use case to use Whitelisting WITHOUT Bonding? Are there examples of this in SDK 8.0.0? We would like to reduce complexity and really only prevent unauthorized users from connecting.

    Thanks!

  • Bonding is used to keep track of what devices that are authenticated. If you have some kind of proprietary authentication you can still use a whitelist with addresses to devices that you are not bonded with. You will have a problem with devices that use Private Resolvable addresses, but I will not go into that here. If this is something you want to try I suggest you add a new question where you explain what you want to do.

Related