• State Not Answered
  • Replies 26 replies
  • Subscribers 64 subscribers
  • Views 3183 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 295523
Options

BLE data transfer use AES/CCM encryption and unencryption

JohnCC

Hi,

      I development a elock device to use nordic 52832 chip. I want to transfer some information between phone app and my device. Like UUID / user account / user password.

for against BLE sniffer, we need use AES method to protect our information.

Can I follow  \examples\crypto\nrf_cc310\aes example to do it? Or any suggest for us? Our data transfer flow as below

 - phone app sent unlock command to our device

 - our device sent a random number to phone app

 - phone app response

- our device check response to unlock

Thank you.

John.

  • 0 in reply to JohnCC

    Hi John, 

    I'm not really sure what you are asking about. 


    If you are not real buyer you can't bond your phone to the lock. The lock will not allow any phone to bond to the device. Bonding is only allowed on the first time setting it up. 

  • 0 in reply to Hung Bui

    Hi Hung,

            Sorry for causing your doubts,but i see what you mean.

    Other question is

    If I have already bounded and set up encryption and whitelist with Phone A. What should I do if I change or lost my phone A? Can I store LTK in SERVER? When the user enters the account and password on my APP. I can download LTK from server to phone.

    Thank you.

    John.,

  • 0 in reply to JohnCC

    Hi John, 

    On most phones you wouldn't be able to download a LTK and the ask the phone to update the bond with the new LTK. 

    So in this case when the user loses their phone, it's a security procedure that you need to define on your own. It's the same with what happen when one loses their key. 
    Be very careful when defining those protocol to recover the key. We are not expert in this topic so you may want to do some study or get help from expert in security. 

    Usually if you have a secondary way of unlocking the device, then it's easier. For example keypad or NFC tag. You can use the second way to unlock the device, and then can clear the bond information, set the device to bonding mode to allow new bonding. 

    If you don't have any secondary way then you would need to allow advertise with no white list. Allowing any device to connect to . Then in this case you would need another level of security on top of Bluetooth pairing.  You then can apply the feature suggested by Daniel in his blog.  The new device need to pass this security level to unlock.  

    You can have a key inside the lock and the phone can access the cloud to get the same key of the same log (scan QR code or login to user account etc). 

  • 0 in reply to Hung Bui

    Hi Hung,

            I fully understand what you mean. After these questions I also know how I should design my system. Thank you very much. I need your help if I have any questions in the future.

    John.

  • 0 in reply to Hung Bui

    Hi Hung,

        After our deeper research, now there is a question

    If I already used passkey to connected between my phone and my bike。My transmission is encrypted。

    If I lend my bike to my friend,Is he able to establish other passkey secure connection? Because my bike device already has my Key,Can there be two sets of keys? or the first one will be cleared?

    Thank you.

    John.

Related