<?xml version="1.0" encoding="UTF-8" ?>
<?xml-stylesheet type="text/xsl" href="https://devzone.nordicsemi.com/cfs-file/__key/system/syndication/rss.xsl" media="screen"?><rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/f/nordic-q-a/90173/ncs-1-8-0-nfc-oob-nrf52833</link><description>Hi Team, 
 
 We are in process of developing pairing mechanism for our peripheral device. We are considering using NFC for OOB. Here is what we think we should be doing: 
 1. Use Mobile (NFC) to wake-up our peripheral device 
 2. Our peripheral device</description><dc:language>en-US</dc:language><generator>Telligent Community 13</generator><lastBuildDate>Fri, 26 Aug 2022 10:21:17 GMT</lastBuildDate><atom:link rel="self" type="application/rss+xml" href="https://devzone.nordicsemi.com/f/nordic-q-a/90173/ncs-1-8-0-nfc-oob-nrf52833" /><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/383436?ContentTypeID=1</link><pubDate>Fri, 26 Aug 2022 10:21:17 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:cfd2946f-7e94-43af-9225-0abafebe706f</guid><dc:creator>Hung Bui</dc:creator><description>&lt;p&gt;Hi again,&lt;/p&gt;
&lt;p&gt;Actually I found that we have a blog related to this topic. Please have a look at this:&amp;nbsp;&lt;br /&gt;&lt;a href="https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/simple-application-level-authentication"&gt;Simple Application-level Authentication&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;There is an example code provided at the end of the blog.&amp;nbsp;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/381720?ContentTypeID=1</link><pubDate>Tue, 16 Aug 2022 09:21:36 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:23178e72-76a3-4398-afbf-23373772fc4f</guid><dc:creator>Hung Bui</dc:creator><description>&lt;p&gt;Hi,&amp;nbsp;&lt;/p&gt;
&lt;p&gt;I&amp;#39;m back.&lt;/p&gt;
&lt;p&gt;There are 2 tasks that you need to achieve here.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;First task is to dynamically change the attribute table. I have made an example you can have a look here:&amp;nbsp;&amp;nbsp;&lt;a href="https://devzone.nordicsemi.com/f/nordic-q-a/88773/how-shall-i-define-multiple-services-in-gatt-server-database-so-that-only-1-service-is-seen-by-gatt-client-at-a-time/374578"&gt;RE: How shall i define multiple services in GATT Server database, so that only 1 service is seen by GATT Client at a time ?&lt;/a&gt;&amp;nbsp;&lt;/p&gt;
&lt;p&gt;The second task is to authenticate your app with the device. You have different option here, if you want to avoid any user interaction (then you don&amp;#39;t have MITM protection) you can think of encrypting all communication using your own encryption mechanism, maybe based on the serial number of the device. Meaning you have a database of all your device with the ID is the serial number. Each device will have a hard coded encrypt/decrypt key. By typing the serial number of the device into the app on the phone, the app can go to cloud and get the encrypt/decrypt key and then can encrypt the communication.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;br /&gt;You can also do challenge response authentication, but you should only use this if you are planning to do additional encryption later on. To do challenge response authentication, you can use any encryption method. Different method will give you different level of security. You can&amp;nbsp;use, for example RSA . The example is located in&amp;nbsp;\nrf\samples\crypto\rsa\ . What you can do is to&amp;nbsp;provide a plaintext message (randomly generated) and the peer device need to encrypt it with a key. The peer device send back the encrypted message and then on the NRF52 device you can decrypt it and check if it match with the original randomly generated plaintext.&amp;nbsp;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/381065?ContentTypeID=1</link><pubDate>Wed, 10 Aug 2022 20:58:27 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:a69db587-6338-4a35-be39-3472db559edb</guid><dc:creator>embeddedER</dc:creator><description>&lt;p&gt;Hi&amp;nbsp;&lt;span&gt;Torbj&amp;oslash;rn,&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;&lt;/span&gt;&lt;/p&gt;
[quote userid="2116" url="~/f/nordic-q-a/90173/ncs-1-8-0-nfc-oob-nrf52833/380077"]&lt;p&gt;There are a couple of ways to do this, yes. One way is to simply clear all the relevant attributes until the phone is authenticated,&amp;nbsp;at which point the peripheral can set the attributes as required.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;Another way is to only add the relevant service(s) after the phone is authenticated, so that the phone will not be able to access them before that. The service handling the challenge-response stage would obviously need to be there from the start, along with standard services such as the GAP and GATT services.&amp;nbsp;&lt;/p&gt;[/quote]
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;I am finding it hard to implement above stuff and not able to find the proper example. Could you please help&amp;nbsp;me pointing to some sample code related to this?&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;How can I achieve the challenge-response? There is no example in the ncs v1.8.0 that I could find for this.&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;Thanks!&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/380351?ContentTypeID=1</link><pubDate>Fri, 05 Aug 2022 11:27:49 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:ae5990d3-c2c6-43d2-a396-87368f778dd0</guid><dc:creator>ovrebekk</dc:creator><description>&lt;p&gt;No problem TIA, I am happy to help.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;If you have more questions just let me know &lt;span class="emoticon" data-url="https://devzone.nordicsemi.com/cfs-file/__key/system/emoji/1f642.svg" title="Slight smile"&gt;&amp;#x1f642;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;Best regards&lt;br /&gt;Torbjørn&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/380216?ContentTypeID=1</link><pubDate>Thu, 04 Aug 2022 19:08:11 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:0d23b2ba-2c05-4c59-b479-e53ba2d9f3ca</guid><dc:creator>embeddedER</dc:creator><description>&lt;p&gt;Hi&amp;nbsp;&lt;span&gt;Torbj&amp;oslash;rn,&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;I think I got what you are saying for challenge-response mechanism. I&amp;#39;ll need to explore and try this.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Thanks!&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/380077?ContentTypeID=1</link><pubDate>Thu, 04 Aug 2022 10:18:31 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:3ff8d77a-87cc-4abb-b0c1-58cde7f16dc2</guid><dc:creator>ovrebekk</dc:creator><description>&lt;p&gt;Hi TIA&lt;/p&gt;
[quote user="harshal034"]Could you please elaborate on this? Any example of such implementation? [/quote]
&lt;p&gt;I don&amp;#39;t think we have an example for this, no, but if the phone has a way to get a serial number from the cloud this should be pretty easy to implement.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;The peripheral sends a challenge, which could be as simple as sending its own 48-bit BLE address. Then the phone needs to request the serial number from the cloud (using the BLE address to identify the peripheral), and send this back to the peripheral as a response to the challenge.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;If you want to ensure that the challenge/response stage can not be intercepted by anyone nearby you need to either go through the normal Bluetooth pairing stage first,&amp;nbsp;before you send the challenge from the peripheral side, or you need to add some additional security to the challenge/response step in the application.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;One way to manually encrypt the challenge/response stage would be for the peripheral to generate a private/public keypair, and include the public key in the challenge. The phone would then have to encrypt the response with the public key, ensuring that only the peripheral would be able to read the response (using the private key to decrypt it).&amp;nbsp;&lt;/p&gt;
[quote user="harshal034"]Can we restrict User/Mobile from fetching data/attributes till this challenge-response is successful?[/quote]
&lt;p&gt;There are a couple of ways to do this, yes. One way is to simply clear all the relevant attributes until the phone is authenticated,&amp;nbsp;at which point the peripheral can set the attributes as required.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;Another way is to only add the relevant service(s) after the phone is authenticated, so that the phone will not be able to access them before that. The service handling the challenge-response stage would obviously need to be there from the start, along with standard services such as the GAP and GATT services.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;Best regards&lt;br /&gt;Torbjørn&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/379982?ContentTypeID=1</link><pubDate>Wed, 03 Aug 2022 17:38:13 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:df10d8be-9058-45d6-b723-37e450f5e058</guid><dc:creator>embeddedER</dc:creator><description>&lt;p&gt;Hi&amp;nbsp;&lt;span&gt;Torbj&amp;oslash;rn,&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Thanks for the reply.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
[quote userid="2116" url="~/f/nordic-q-a/90173/ncs-1-8-0-nfc-oob-nrf52833/379809"]You could run some kind of proprietary &amp;#39;challenge and response&amp;#39; step after you have connected, and have the peripheral disconnect if the mobile app doesn&amp;#39;t provide the right response.&amp;nbsp;[/quote]
&lt;p&gt;Could you please elaborate on this? Any example of such implementation? Can we restrict User/Mobile from fetching data/attributes till this challenge-response is successful?&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
[quote userid="2116" url="~/f/nordic-q-a/90173/ncs-1-8-0-nfc-oob-nrf52833/379809"]The question is how likely it is that the wrong phone tries to connect to your device?&lt;br /&gt;If you configure your advertise packet with a unique, proprietary 128-bit UUID, and don&amp;#39;t use a local name or any standard 16-bit UUID&amp;#39;s, then other phones would normally not attempt to connect to your device.&amp;nbsp;[/quote]
&lt;p&gt;Our Aim mainly is to ensure that even if someone wants to intentionally hack into our system, they shouldn&amp;#39;t be able to modify configurations in our system after pairing.&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;TIA!&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/379809?ContentTypeID=1</link><pubDate>Wed, 03 Aug 2022 07:49:03 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:f14f646f-53e1-4e74-a364-8df2e3fcd2ee</guid><dc:creator>ovrebekk</dc:creator><description>&lt;p&gt;Hi&amp;nbsp;&lt;/p&gt;
&lt;p&gt;You could run some kind of proprietary &amp;#39;challenge and response&amp;#39; step after you have connected, and have the peripheral disconnect if the mobile app doesn&amp;#39;t provide the right response.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;The mobile phone would still be allowed to start&amp;nbsp;the pairing procedure, if you are not able to finish the proprietary authentication step first, but you could always delete the bond on the peripheral side after the authentication fails.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;The question is how likely it is that the wrong phone tries to connect to your device?&lt;br /&gt;If you configure your advertise packet with a unique, proprietary 128-bit UUID, and don&amp;#39;t use a local name or any standard 16-bit UUID&amp;#39;s, then other phones would normally not attempt to connect to your device.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;Best regards&lt;br /&gt;Torbjørn&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/379761?ContentTypeID=1</link><pubDate>Tue, 02 Aug 2022 15:49:53 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:c6b9c81d-cad4-494d-9b0c-9137a3fbc260</guid><dc:creator>embeddedER</dc:creator><description>&lt;p&gt;Thanks&amp;nbsp;&lt;span&gt;Torbj&amp;oslash;rn for getting back on this.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Is there any other way we can restrict only our Mobile Application to pair with our peripheral then?&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/379683?ContentTypeID=1</link><pubDate>Tue, 02 Aug 2022 10:49:53 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:444907f9-7eff-44d0-9a29-cf127d20e00d</guid><dc:creator>ovrebekk</dc:creator><description>&lt;p&gt;Hi&amp;nbsp;&lt;/p&gt;
&lt;p&gt;Hung is currently on vacation, and I will help you out in the mean time.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;Unfortunately there is no way to skip the user confirmation on the mobile side. There is no API on the phone side to configure a static passkey directly from the app, this is handled by the OS directly meaning you will always get the extra confirmation step. This is the same both on iOS and Android.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;Normal NFC OOB pairing is supported in Android, but not in iOS.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;Best regards&lt;br /&gt;Torbjørn&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/378781?ContentTypeID=1</link><pubDate>Tue, 26 Jul 2022 17:14:49 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:3e1b8d35-810d-4c7f-88b8-1777063ab1c6</guid><dc:creator>embeddedER</dc:creator><description>&lt;p&gt;Hi Hung,&lt;/p&gt;
&lt;p&gt;I liked the idea of &amp;quot;challenge and response authentication&amp;quot;, however, one of our future extension is to have our own Central Device which may not have&amp;nbsp;OOB/NFC, but&amp;nbsp;will have a way to know the serial number of our peripheral via cloud.&lt;/p&gt;
&lt;p&gt;So, OOB&amp;nbsp;we are&amp;nbsp;considering just to send serial number from the peripheral to the mobile.&lt;/p&gt;
&lt;p&gt;Referring&lt;span&gt;&amp;nbsp;to your quote:&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;em&gt;&amp;quot;Yes you can do what you planed. So instead of showing a pass key on a display. You only provide the passkey with your own way of encryption into NFC. The phone then read NFC data and in your app you can decrypt the data to show the user the passkey. However the pairing process will be not very smooth as there will be a popup from the system to ask for inputting the passkey, and then you need to switch to the app to read NFC.&amp;quot;&lt;/em&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Is there a way we can&amp;nbsp;skip that &amp;quot;confirmation step&amp;quot; from the user? Basically idea is to use the static key so that there is no user interruption is required. We will anyway need to find a way to connect our central which won&amp;#39;t have keyboard/display to pair with our peripheral using serial number that it knows.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;So the question is,&amp;nbsp;can we really skip user confirmation (mobile and central device) if we use the static pass-key? (This static pass-key will be unique and known to peripheral and mobile in some way, either via NFC or cloud)&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;&amp;nbsp;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;TIA!&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/378657?ContentTypeID=1</link><pubDate>Tue, 26 Jul 2022 09:21:25 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:8fea6f0f-13e4-48cd-a8f9-a77f13665f71</guid><dc:creator>Hung Bui</dc:creator><description>&lt;p&gt;Hi,&lt;/p&gt;
&lt;p&gt;Yes you can do what you planed. So instead of showing a pass key on a display. You only provide the passkey with your own way of encryption into NFC. The phone then read NFC data and in your app you can decrypt the data to show the user the passkey. However the pairing process will be not very smooth as there will be a popup from the system to ask for inputting the passkey, and then you need to switch to the app to read NFC.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;I would propose the following instead:&amp;nbsp;&lt;/p&gt;
&lt;p&gt;You can define a procedure required before the NFC provides&amp;nbsp; the OOB data for pairing.&amp;nbsp;&lt;br /&gt;For example a &lt;a href="https://en.wikipedia.org/wiki/Challenge%E2%80%93response_authentication"&gt;challenge and response authentication&lt;/a&gt;. The app on the phone need to read the NFC data (challenge) and then write back the response to the NFC tag. The nRF52 will then check the response, if it&amp;#39;s correct then it will start the pairing process and provide the OOB data to NFC for the phone to pair as usual.&amp;nbsp;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/378578?ContentTypeID=1</link><pubDate>Mon, 25 Jul 2022 16:21:59 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:fd0db771-4477-484d-af5c-d4785713580c</guid><dc:creator>embeddedER</dc:creator><description>&lt;p&gt;Hi Hung,&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;Thanks for the reply. I&amp;#39;ll have look at Bluetooth SIG standard again. And we are planning to use LESEC pairing.&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;Do you have any suggestion on how do we restrict&amp;nbsp;pairing with only our Mobile application along with OOB?&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;One way that I can think of is to just use NFC to wake-up the&amp;nbsp;our peripheral&amp;nbsp;(not OOB process) and share the serial number to the Mobile Application over NFC. Mobile application then use this serial number + secret recipe to generate numeric pairing key and use the same for pairing (no user interaction required and only our Mobile app can generate this valid pairing key). Peripheral can also generate the same numeric pairing key using the same serial number + secret recipe.&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;TIA!&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/378533?ContentTypeID=1</link><pubDate>Mon, 25 Jul 2022 11:58:41 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:dfc7d7b1-c6cb-42cc-9766-3621d7dd46a7</guid><dc:creator>Hung Bui</dc:creator><description>&lt;p&gt;Hi,&lt;/p&gt;
&lt;p&gt;I&amp;#39;m not so sure you are following the Bluetooth SIG standard OOB pairing .&lt;/p&gt;
&lt;p&gt;Are you planning to do Legacy Pairing or LESC pairing ?&amp;nbsp;&lt;br /&gt;&lt;br /&gt;&lt;/p&gt;
&lt;p&gt;Please have a look at section 2.3.5.6.3 Vol 3 Part H in the Bluetooth spec v5.2 to have an overview on how OOB pairing works:&amp;nbsp;&lt;br /&gt;&lt;img style="max-height:240px;max-width:320px;" src="https://devzone.nordicsemi.com/resized-image/__size/640x480/__key/communityserver-discussions-components-files/4/pastedimage1658749770868v1.png" alt=" " /&gt;&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;In your list, I&amp;#39;m not so sure if you can do what you define in step 4. The phone won&amp;#39;t let you modify the bonding key to add the &amp;quot;&lt;span&gt;secret shared key&amp;quot;&amp;nbsp; to use in the BLE encryption.&amp;nbsp;&lt;br /&gt;&lt;br /&gt;What&amp;nbsp;oob_data_request() does is to request the application on the nRF52 to provide the OOB data (Ra and Ca) . The local data is generated in the application via the call&amp;nbsp;&lt;/span&gt;paring_key_generate()&amp;nbsp;&lt;/p&gt;
&lt;p&gt;The&amp;nbsp;&lt;span&gt;passkey_confirm() call back has nothing to with OOB. It on applicable for numeric comparison pairing.&amp;nbsp;&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/378387?ContentTypeID=1</link><pubDate>Fri, 22 Jul 2022 21:13:58 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:18241392-68ff-435d-bccc-ac82d4cd9c78</guid><dc:creator>embeddedER</dc:creator><description>&lt;p&gt;Hi Hung,&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;We are planning to use our Mobile App on the NFC reader side.&lt;/p&gt;
&lt;p&gt;Let me add some more details here to explain what we want to do:&lt;br /&gt;1. Our Peripheral device will be by default in the sleep mode and not advertising anything.&lt;br /&gt;2. We will have our own Mobile application which will be installed on Android/iPhone with NFC capability.&lt;br /&gt;3. When someone scans our Peripheral device with our Mobile App, our peripheral device sends OOB local data (confirm value and random value).&lt;br /&gt;4. To ensure that only our mobile app can pair with our peripheral, once OOB is confirmed, we are planning to pair with the key which will be generated based on the OOB data passed during NFC read plus &amp;quot;secret shared key&amp;quot;. e.g. simply XOR the data received during OOB with the fixed key which is known to our peripheral and our mobile app only.&lt;br /&gt;5. Since our mobile app can generate this paired key, it can utilize the same for BLE pairing (instead of displaying key or asking it to user).&lt;/p&gt;
&lt;p&gt;Any comments on above flow?&lt;/p&gt;
&lt;p&gt;As per my understanding, when OOB pairing is used, by default BLE stack verifies the OOB data sent to NFC reader (by callback function defined in oob_data_request).&lt;/p&gt;
&lt;p&gt;So, during pairing I was expecting it to work in a flow like:&lt;br /&gt;1. Call back provided in oob_data_request() gets called, which basically makes sure that this is the same device which read the NFC is going for pairing (stopping MITM)&lt;br /&gt;2. Then callback provided in passkey_confirm() is called, which basically confirms the passkey provided by Our Mobile App with the passkey our peripheral has.&lt;/p&gt;
&lt;p&gt;&lt;br /&gt;Is this understanding right?&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;TIA!&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/378231?ContentTypeID=1</link><pubDate>Fri, 22 Jul 2022 07:50:09 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:bed0e011-db82-4edd-be96-d3d7034b2351</guid><dc:creator>Hung Bui</dc:creator><description>&lt;p&gt;Hi,&lt;/p&gt;
&lt;p&gt;Please test the default example and make sure it works and you can send bond information via NFC before modifying it.&lt;/p&gt;
&lt;p&gt;Do you have control over both sides of the connection ? What do you use on the NFC reader side ?&amp;nbsp;&lt;/p&gt;
&lt;p&gt;&lt;br /&gt;Please note that if you plan to do something not defined in the Bluetooth SIG spec I don&amp;#39;t think a normal phone would support that.&amp;nbsp;&lt;br /&gt;I don&amp;#39;t understand what you meant by &amp;quot;secret key&amp;quot;.&amp;nbsp;&amp;nbsp;&lt;br /&gt;If you want nobody but only your app/mobile can pair to your device, you would need to implement your own proprietary mechanism to block pairing from other devices. As far as I know the OOB pairing protocol in BLE doesn&amp;#39;t support this.&amp;nbsp;&lt;br /&gt;What it does support is to stop pairing after it is paired to certain devices (whitelisting)&amp;nbsp;&amp;nbsp;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/378184?ContentTypeID=1</link><pubDate>Thu, 21 Jul 2022 22:04:17 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:03c5fc83-a935-45fe-ad36-832b00b4e112</guid><dc:creator>embeddedER</dc:creator><description>&lt;p&gt;Hi Hung,&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;Thanks for the response. I checked peripheral_nfc_pairing_example. However,&amp;nbsp;we&amp;nbsp;have a little different usecase here.&lt;/p&gt;
&lt;p&gt;We want to wake-up the device using NFC, transfer OOB data to reader, and then for pairing, we want to use Serial Number (passed in NDEF) to reader + secret key (pre-shared with device and mobile app) to generate &amp;quot;pairing key&amp;quot;.&lt;/p&gt;
&lt;p&gt;And then we want to&amp;nbsp;use this &amp;quot;pairing key&amp;quot; so that no body but only our Mobile application can pair with our peripheral device.&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;I am trying to implement the same. I&amp;#39;ve enabled&amp;nbsp;oob_data_request in auth_cb:&lt;/p&gt;
&lt;p&gt;&lt;pre class="ui-code" data-mode="text"&gt;static struct bt_conn_auth_cb conn_auth_callbacks = {
	.passkey_display = auth_passkey_display,
	.passkey_confirm = auth_passkey_confirm,
	.oob_data_request = auth_oob_data_request,
	.cancel = auth_cancel,
	.pairing_complete = pairing_complete,
	.pairing_failed = pairing_failed
	};&lt;/pre&gt;&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;However,&amp;nbsp;auth_oob_data_request is never called in my code.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;As per my understanding, auth_oob_data_request should be called first and then auth_passley_confirm. Am I missing anything here?&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;I am expecting is to use OOB to ensure only our device woke-up peripheral and then use new pairing key for pairing.&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;p&gt;TIA!&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: ncs 1.8.0 + NFC + OOB + nrf52833</title><link>https://devzone.nordicsemi.com/thread/377899?ContentTypeID=1</link><pubDate>Wed, 20 Jul 2022 13:52:18 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:c2518fe5-4217-480c-9518-edeceefdc088</guid><dc:creator>Hung Bui</dc:creator><description>&lt;p&gt;Hi,&amp;nbsp;&lt;br /&gt;1. Yes, I don&amp;#39;t see any problem with this.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;2. The pairing data should be passed to NFC tag and then the peer device (phone) can read the data via NFC. Please have a look at the&amp;nbsp;tnep_initial_msg_encode() function in the example in #3.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;3. Please have a look at &lt;a href="http://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.0.0/nrf/samples/bluetooth/peripheral_nfc_pairing/README.html"&gt;this example.&lt;/a&gt;&amp;nbsp;It&amp;#39;s located in&amp;nbsp;\nrf\samples\bluetooth\peripheral_nfc_pairing.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;4. Please study the example, it&amp;#39;s the most common implementation of NFC pairing.&amp;nbsp;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item></channel></rss>