ncs 1.8.0 + NFC + OOB + nrf52833

Hi Hung,

Thanks for the reply. I'll have look at Bluetooth SIG standard again. And we are planning to use LESEC pairing.

Do you have any suggestion on how do we restrict pairing with only our Mobile application along with OOB?

One way that I can think of is to just use NFC to wake-up the our peripheral (not OOB process) and share the serial number to the Mobile Application over NFC. Mobile application then use this serial number + secret recipe to generate numeric pairing key and use the same for pairing (no user interaction required and only our Mobile app can generate this valid pairing key). Peripheral can also generate the same numeric pairing key using the same serial number + secret recipe.

TIA!

Hi,

Yes you can do what you planed. So instead of showing a pass key on a display. You only provide the passkey with your own way of encryption into NFC. The phone then read NFC data and in your app you can decrypt the data to show the user the passkey. However the pairing process will be not very smooth as there will be a popup from the system to ask for inputting the passkey, and then you need to switch to the app to read NFC. 

I would propose the following instead: 

You can define a procedure required before the NFC provides  the OOB data for pairing. 
For example a challenge and response authentication. The app on the phone need to read the NFC data (challenge) and then write back the response to the NFC tag. The nRF52 will then check the response, if it's correct then it will start the pairing process and provide the OOB data to NFC for the phone to pair as usual. 

Hi Hung,

I liked the idea of "challenge and response authentication", however, one of our future extension is to have our own Central Device which may not have OOB/NFC, but will have a way to know the serial number of our peripheral via cloud.

So, OOB we are considering just to send serial number from the peripheral to the mobile.

Referring to your quote:

"Yes you can do what you planed. So instead of showing a pass key on a display. You only provide the passkey with your own way of encryption into NFC. The phone then read NFC data and in your app you can decrypt the data to show the user the passkey. However the pairing process will be not very smooth as there will be a popup from the system to ask for inputting the passkey, and then you need to switch to the app to read NFC."

Is there a way we can skip that "confirmation step" from the user? Basically idea is to use the static key so that there is no user interruption is required. We will anyway need to find a way to connect our central which won't have keyboard/display to pair with our peripheral using serial number that it knows.

So the question is, can we really skip user confirmation (mobile and central device) if we use the static pass-key? (This static pass-key will be unique and known to peripheral and mobile in some way, either via NFC or cloud)

TIA!

Hi 

Hung is currently on vacation, and I will help you out in the mean time. 

Unfortunately there is no way to skip the user confirmation on the mobile side. There is no API on the phone side to configure a static passkey directly from the app, this is handled by the OS directly meaning you will always get the extra confirmation step. This is the same both on iOS and Android. 

Normal NFC OOB pairing is supported in Android, but not in iOS. 

Best regards
Torbjørn

Thanks Torbjørn for getting back on this.

Is there any other way we can restrict only our Mobile Application to pair with our peripheral then?