• State Not Answered
  • Replies 11 replies
  • Subscribers 70 subscribers
  • Views 4970 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 287351
Options

How to initiate BLE pairing manually

ealtan
Hello,

I'm running nRF Connect SDK v1.9.0 on two nRF52840-DK devices, one Peripheral other Central.  
My application requires to initiate pairing, i.e. send pair request, programmatically.

For testing, I created a Peripheral device with a Service and two Characteristics.  
Via nRF Connect Desktop tool and nRF 52840 dongle, I can connect to that device, when connection establishes, it stays in "unencrypted link"  status.  
Then via Desktop tool, I click on "Pair" on the device settings configuration and it does pair with my Peripheral and gets into "encrypted link" mode. 
I want to accomplish same thing with my other nRF52840-DK device  which is in Central role.

Is there a way to initiate pair request manually ?   I couldn't see an API call for that.
All comments/hints are greatly appreciated.

E.
Parents
  • 0

    Hello,

    It is generally recommended to let the central initiate the pairing request, or at least, give it a chance to send it first. From the "Accessory Design
    Guidelines for Apple Devices" document:

    40.10 Pairing
    The accessory should not request pairing until an ATT request is rejected using the Insufficient
    Authentication error code. See the Bluetooth 4.0 specification, Volume 3, Part F, Section 4 for details.


    If, for security reasons, the accessory requires a bonded relationship with the Central, the Peripheral
    should reject the ATT request using the Insufficient Authentication error code, as appropriate. As a
    result, the device may proceed with the necessary security procedures.

    Similarly, if the device acts as a Central and a GATT server, it may reject an ATT request using the
    Insufficient Authentication error code. The accessory should initiate the security procedure for pairing
    in response.


    Pairing may require user authorization depending on device. Once an accessory is paired with a device,
    it shall retain the distributed keys of both central and peripheral for future use. If the pairing is no longer
    required, the accessory shall delete both sets of keys.

    The Insufficient Authentication error code is returned when the GATT client tries to read a characteristic that has the security level set to a level that requires authentication. The user will automatically get a pairing popup if they use iOS.

    Characteristic read and write permissions (i.e. security level) is configured when you initialize the service. Like here for the HIDS service: https://github.com/nrfconnect/sdk-nrf/blob/35f91d3151abfaddf60d826ed87c91cfa81773a5/subsys/bluetooth/services/hids.c#L751

    But to answer your question, it should be possible to issue a security request from the peripheral by calling the bt_conn_set_security() function, or by enabling the CONFIG_BT_GATT_AUTO_SEC_REQ option.

    Best regards,

    Vidar

Reply
  • 0

    Hello,

    It is generally recommended to let the central initiate the pairing request, or at least, give it a chance to send it first. From the "Accessory Design
    Guidelines for Apple Devices" document:

    40.10 Pairing
    The accessory should not request pairing until an ATT request is rejected using the Insufficient
    Authentication error code. See the Bluetooth 4.0 specification, Volume 3, Part F, Section 4 for details.


    If, for security reasons, the accessory requires a bonded relationship with the Central, the Peripheral
    should reject the ATT request using the Insufficient Authentication error code, as appropriate. As a
    result, the device may proceed with the necessary security procedures.

    Similarly, if the device acts as a Central and a GATT server, it may reject an ATT request using the
    Insufficient Authentication error code. The accessory should initiate the security procedure for pairing
    in response.


    Pairing may require user authorization depending on device. Once an accessory is paired with a device,
    it shall retain the distributed keys of both central and peripheral for future use. If the pairing is no longer
    required, the accessory shall delete both sets of keys.

    The Insufficient Authentication error code is returned when the GATT client tries to read a characteristic that has the security level set to a level that requires authentication. The user will automatically get a pairing popup if they use iOS.

    Characteristic read and write permissions (i.e. security level) is configured when you initialize the service. Like here for the HIDS service: https://github.com/nrfconnect/sdk-nrf/blob/35f91d3151abfaddf60d826ed87c91cfa81773a5/subsys/bluetooth/services/hids.c#L751

    But to answer your question, it should be possible to issue a security request from the peripheral by calling the bt_conn_set_security() function, or by enabling the CONFIG_BT_GATT_AUTO_SEC_REQ option.

    Best regards,

    Vidar

Children
Related
Terms of service