Product Security

Question

I am hoping someone can point me in the correct direction as I have posted my question on the SIG forum and didn't receive any responses. 
 With a nRF51422 device is there a way to restrict a smart phone or tablet from connecting to a peripheral. 
 For example if a customer purchases a group of our products is their way to restrict them to be able to connect and interact with their group but no other products? The catch is the customer may have multiple people interacting the their devices each with their own central. 
 Can this use case be accomplished within the Bluetooth standard or does it need to be handled off line through a registration process? 
 Thanks.

endnode · Accepted Answer

Hi Darren, 
 If your questions is "Could I prevent device attempting connect to BLE peripheral?" then answer is "No". You can advertise that your device is not connectable and that your device is supporting certain Service UUID which should not be recognized by nothing else then your device, but if some central device (app) wants to override this and try to connect, you will obviously never prevent that. 
 However if your device accepts the connection that's different story. You can start from filtering of MAC address (which can be obviously cloned/spoofed easily) through security mechanisms offered by BLE (bonding + setting up shared key and securing the link) up to whatever strong security scheme on application layer. 
 Cheers Jan

Product Security

Top Replies