It is exciting to see that in the release of Android Nougat, in addition to 72 new emojis, support for Bluetooth pairing with NFC using the out-of-band (OOB) method is included. By utilizing NFC pairing on Android Nougat, you can avoid the need to type in a passkey on your product, and still perform a secure pairing. And it is so simple that your grandma can do it :).
The nRF52832 have a built-in NFC radio (dynamic NFC Tag). So the additional cost to enable NFC pairing to your product is very low. In fact, all you need is 2 small passive components and an NFC antenna. The rest is implemented on the nRF52832. For the software needed, we have examples in our nRF5 SDK of how to do secure pairing (among other things) using NFC. In fact, we have had examples to do NFC pairing using the OOB method in our nRF5 SDK for quite a while and it worked with Android Nougat “out-of-the-box”.
So what is the difference between the NFC pairing perform by previous versions of Android and Android Nougat? Let me try to explain. Take a look at the figure below, there you can see the transactions during a pairing over NFC using the OOB method.
Previously, Android phones didn’t use the security key (“TK Value” – as per BT spec) which was sent over NFC, and paired using the “just works method”. The pairing process was simple, but not very secure, because for generating encryption keys, the “just works method” uses a key with all values set to zeros. This makes the pairing process susceptible to eavesdropping attacks.
Now, with Android Nougat, the 16-byte temporary key, sent over NFC is used to generate the encryption keys used later in the pairing process. Thus, now the pairing process protects against both man-in-the-middle attacks, due the short range of NFC, as well as passive eavesdropping attacks.
To get stated with this you need a nRF52DK and the newest SDK. The examples which show secure pairing using NFC are: “experimental_ble_app_hrs_pairing_nfc”, and “experimental_ble_app_hids_keyboard_pairing_nfc”
Hello, i wanted to ask if nus data can be saved onto an external sdcard interfaced.?
Thank you in advance.
Thank you very much for this interesting article! With the new iOS 11 and the announcement of opening the NFC interface, do you think Apple is likely to introduce "tap-to-pair" functionality too? This would be really neat!
Best regards, Marc
Great functionality. Will this be possible with NUS (Nordic UART Service) instead of HRS or HID?
As far as I know, both HRS and HID "bonds" with the central device and saves central's info (like IRK) using the device manager.
Whereas the NUS doesn't save those data.
I'm curious whether I can use OOB pairing when using the NUS.
-Best Regards, Mango