• State
  • Locked Locked
  • Replies 9 replies
  • Subscribers 53 subscribers
  • Views 6751 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Pairing/bonding before connction

nikhil wadke
Prodigy 145 points

Other Parts Discussed in Thread: CC2541

Hi,

I want my CC2541 slave device to be connected to the Smartphone only if it is paired/bonded with that particular Smartphone like classic Bluetooth. If not paird/bonded, slave device should not connect to the Smartphone. But according to the BLE standards,

1] Anyone can connect to BLE devices without pairing/bonding(less security in BLE).

2] Only Master can initiate Pairing/Bonding only after connecting with the slave.

Are my above assumptions are correct?

What are the ways in TI BLE stack to achieve Pairing/bonding before connecting to the slave device?

Thanks in advance.

- Nikhil.

  • 0
    Genius 4470 points

    1) You can configure the different blue characteristics to have authenticated permission. So that the connected central device can read/write only when it is paired. Or it would ask for passkey if it is not already paired.

    2) No. That is depends upon how you have configured.

    Hope this helps!!

  • 0
    TI__Expert 6505 points

    Hi,

    This can be achieved by using Man In the Middle mode and with if IO support is there with slave device by using a dynamic pass key(Static but undisclosed pass key for devices without IO capability). 

    For initial bonding, the BLE device would require the smartphone to enter a pass code or a sequence of numbers to bond with this device. After that whenever the slave device powers up and if the paired/bonded device is near by, then the connection would be established automatically. 

    For other BLE scanning devices near by, they would need to know the 'pass key' to be entered which is a confidential information.

    You can set these parameters in the Bond manager from the application.

    Regards,

    Arun

  • 0 in reply to Arun Menon
    Prodigy 145 points

    Hi Arun,

    Thanks for the reply.  As you suggested, to initiate pairing from slave device, I set parameter GAPBOND_PAIRING_MODE = GAPBOND_PAIRING_MODE_INITIATE.

    However, when tested in iPhone using Lightblue app:

    https://itunes.apple.com/in/app/lightblue-bluetooth-low-energy/id557428110?mt=8

    app is able connect to the CC2541 slave bypassing pairing.

    Can you precisely tell me which parameters in the TI ble stack I should set to achieve this?

    Moreover, do I need to write code on the app side to store STK & LTK of cc2541 slave for automatic reconnection ?

  • 0 in reply to nikhil wadke
    Genius 4470 points

    Hi Nikhil,

    The parameter 'GAPBOND_PAIRING_MODE_INITIATE', set the slave device to initiate the pairing whenever connection request received from the Central Device. But make sure that your salve device has this capability.

    Instead you can try with the 'GAPBOND_PAIRING_MODE_WAIT_FOR_REQ', which set the slave device to wait for the pairing request from the master/central device. i.e. iPhone in your case. Also, make the 'GAPBOND_MITM_PROTECTION' to TRUE.

    You can also set the permission of your characteristics to 'GATT_PERMIT_AUTHEN_WRITE/GATT_PERMIT_AUTHEN_READ'. This requires the master/slave device to authenticate itself before perform write/read operation with the salve device.

    Hope this helps!!

    Thanks,

    Dhaval

  • 0 in reply to Dhaval V
    Prodigy 145 points

    Hi Dhaval,

    Thanks for the reply. Your solution(GATT_PERMIT_AUTHEN_WRITE/GATT_PERMIT_AUTHEN_READ)will help me to authenticate link at GATT level not at GAP level.

    Moreover, I can pair/bond to the slave device only after connection and my requirement is to do  pairing/bonding before connection which seems to be impossible due to statement in TI BLE SWDG: "Once a connection is formed, two devices can go through a process called pairing."

    Is there any way to achieve pairing/bonding before connection ? 

  • 0 in reply to nikhil wadke
    Genius 4470 points

    Hi Nikhil,

    I don't think it is possible to do pairing/bonding before connection.

    Can you please let me know, what do you want to achieve by enabling the pairing/bonding?

    Thanks,

    Dhaval

  • 0 in reply to Dhaval V
    Prodigy 145 points

    The reason behind pairing/bonding before connection like classic Bluetooth is I wanted to ensure that any non-paired Smartphone should not connect to my CC2541 slave device and ruin my entire  system.

    So, my question is 

    Is BLE protocol doesn't permits pairing/bonding before connection ? or TI BLE stack doesn't support this feature?

    Can TI employee clarify this query?

    Regards,

    Nikhil.

  • 0 in reply to nikhil wadke
    Genius 4470 points

    I don't know whether TI BLE Stack it not supporting this or it is not allowed from the BLE specification itself. But I think by making the necessary BLE characteristics the Authenticated for READ/WRITE operations, you can achieve what you want.

  • 0 in reply to Dhaval V
    Expert 1160 points

    It all depends on what you want to achieve by pairing and bonding. Also I am not sure how a device can ruin your entire system by establishing a connection.

    From my knowledge about BLE stack, you cannot pair a device before connection. However, by making BLE characteristics authenticated, you can prevent unauthorised access to data in your cc2541 which is what most of the applications require. If the authentication fails, then you can terminate connection. If authentication does not happen within lets say, 10 seconds you can terminate connection. These options are under your control.

    Not sure whether this helps you, but I will add it here anyway.

    GAP provides an advertisement filter policy GAPROLE_ADV_FILTER_POLICY which can be set to following values. 

    GAP_FILTER_POLICY_ALL //!< Allow Scan Request from Any, Allow Connect Request from Any (default).
    GAP_FILTER_POLICY_WHITE_SCAN //!< Allow Scan Request from White List Only, Allow Connect from Any
    GAP_FILTER_POLICY_WHITE_CON //!< Allow Scan Request from Any, Connect from White List Only
    GAP_FILTER_POLICY_WHITE //!< Allow Scan Request and Connect from White List Only

    White list here refers to already bonded devices. You can toggle this by using GAPRole_SetParameter function.