Secure connection between nRF51822 and Android Smartphone?

Hi Chris,

If the device has no display or keyboard (and I assume no OOB mechanism), you can use "Just work" for pairing. This is the most simple pairing that require no external peripheral. The first pairing process should be perform in a "safe" environment that no sniffing or eavesdropping would interference.

To trigger a pairing process, you would need at least one characteristics with the permission requires security (using BLE_GAP_CONN_SEC_MODE_SET_ENC instead of BLE_GAP_CONN_SEC_MODE_SET_OPEN) On the phone side, you would need to read this characteristic which result in a "Insufficient Authentication" error, after that the phone will perform the pairing procedure.

Regarding permission and properties:

• Permission is transparent to the peer device and control the device access (readable/writable), authentication (require pairing or not) , and authorization permission.
• Properties is public and showing how the characteristic value can be used, accessed (read, write, notify, indicate etc)

You can find more the full description in the Bluetooth Core Spec v4.0 (or the latest v4.1), just search for "Characteristic Properties" and "attribute permission". "Just Work " is also described in the document.

I also suggest you to have a look at the "Bluetooth Low Energy: The Developer's Handbook", which is really useful for understanding BLE protocol.

Thank you for your helpful answer, Hung Bui.

Unfortunately I don't get a "Insufficient Authentication" error (Code 5) in the Android app, instead there occurs error code 137 (0x89: GATT_AUTH_FAIL?). Although the solution works anyway it would be interesting to know what's the reason for this!?

I have one more (off topic) question: Is there any way to abort the connection to an already paired device?

Chris: Could you let me know how do you initiate the bonding procedure ? We, actually, randomly had that error for no reason. It's pretty hard to find the root cause, more likely it's a Android stack's bug.

Regarding your question do you means to delete bonding or to disconnect a connection with a paired device. I don't see any issue to disconnect to a paired device. You can just call mBluetoothGatt.disconnect(); To remove a paired device, you would need to unpair it from Android Bluetooth setting panel

I tried it the way you described:

1. Android device tries to read a Characteristic which permissions (read/write) are set to BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM. That returns 137 (sometimes 133 with Connection loss). By the way, I recognized that MasterControlPanel gets the right error.
2. After that a Broadcast Receiver on the Android device is waiting for a BluetoothDevice.ACTION_BOND_STATE_CHANGED with state == BluetoothDevice.BOND_BONDED.
3. By this event the App tires to read the initial Characteristic again. If this returns GATT_SUCCESS, the app state is set to connected.

After the bonding process the user has to identify by a numeric code and if this fails i want to disonnect from the nRF51822 (peripheral). The disconnect has to be initiated by the nRF51822, is that possible?

Hi Chris,

It's not normal to have error 137 or 133 when bonding. We did have that with Nexus devices running Android 4.3, however the update to Android 4.4.2 fixed that. Which central device did you use ?

To request a passkey when bonding, you would need to declare the IO capability of the device (by SEC_PARAM_IO_CAPABILITIES) it could be keyboard, or LCD or both. You can have a look at the ble_app_gls example, that use the nRF6350 LCD module to display the passcode.

If the passcode entered from the phone is wrong, the nRF51822 will send SMP Pairing Failed packet and the connection will be terminated (from both side).