• State Not Answered
  • Replies 18 replies
  • Subscribers 64 subscribers
  • Views 2558 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 292582
Options

ncs 1.8.0 + NFC + OOB + nrf52833

embeddedER

Hi Team,

We are in process of developing pairing mechanism for our peripheral device. We are considering using NFC for OOB. Here is what we think we should be doing:

1. Use Mobile (NFC) to wake-up our peripheral device

2. Our peripheral device sends Key (unique per device) over NFC to our Mobile App

3. Our mobile app uses this "key + encryption" to pair with our device

Idea here is to restrict any other app to connect to our device.

We've few questions here:

1. Is this a viable option?

2. In above steps at Step-2, how do we send data from peripheral device to mobile app? 

3. Is there any example/blog around this?

4. Any other suggestions t this approach?

TIA!

  • 0

    Hi Torbjørn,

    ovrebekk said:

    There are a couple of ways to do this, yes. One way is to simply clear all the relevant attributes until the phone is authenticated, at which point the peripheral can set the attributes as required. 

    Another way is to only add the relevant service(s) after the phone is authenticated, so that the phone will not be able to access them before that. The service handling the challenge-response stage would obviously need to be there from the start, along with standard services such as the GAP and GATT services. 

    I am finding it hard to implement above stuff and not able to find the proper example. Could you please help me pointing to some sample code related to this?

    How can I achieve the challenge-response? There is no example in the ncs v1.8.0 that I could find for this.

    Thanks!

  • 0 in reply to embeddedER

    Hi, 

    I'm back.

    There are 2 tasks that you need to achieve here. 

    First task is to dynamically change the attribute table. I have made an example you can have a look here:  RE: How shall i define multiple services in GATT Server database, so that only 1 service is seen by GATT Client at a time ? 

    The second task is to authenticate your app with the device. You have different option here, if you want to avoid any user interaction (then you don't have MITM protection) you can think of encrypting all communication using your own encryption mechanism, maybe based on the serial number of the device. Meaning you have a database of all your device with the ID is the serial number. Each device will have a hard coded encrypt/decrypt key. By typing the serial number of the device into the app on the phone, the app can go to cloud and get the encrypt/decrypt key and then can encrypt the communication. 


    You can also do challenge response authentication, but you should only use this if you are planning to do additional encryption later on. To do challenge response authentication, you can use any encryption method. Different method will give you different level of security. You can use, for example RSA . The example is located in \nrf\samples\crypto\rsa\ . What you can do is to provide a plaintext message (randomly generated) and the peer device need to encrypt it with a key. The peer device send back the encrypted message and then on the NRF52 device you can decrypt it and check if it match with the original randomly generated plaintext. 

  • 0 in reply to Hung Bui

    Hi again,

    Actually I found that we have a blog related to this topic. Please have a look at this: 
    Simple Application-level Authentication

    There is an example code provided at the end of the blog. 

Related