1

I have a mobile app (Android/iOS) that acts as a BLE client and a BLE device as a server.

The device does not have any display or keyboard. I want to connect to this device from the mobile app, make this connection secure and prevent to be connected from other clients in future.

How can i make it without using Pair/Bond technique because i don't want user to use system windows from the mobile. The device once connected it should be connectable only by this and not the others. Is possible to use some sort of keys/token or other to make this work?

Improve this question
2
  • 1
    This sounds like you need your own security mechanism. With BLE devices you sometimes see devices that do not accept data and close the connection if a certain message was not send after X seconds of connecting. This would prevent users from accessing your device without your mobile app. Commented Jan 23, 2024 at 6:36
  • 1
    I've been working on exact same feature recently, @MichaelKotzjan thanks. Essentially, when a user connects to the device through the mobile app, they have a 5-second window to transmit a 20-byte password. If the password is incorrect or the time limit is exceeded, the connection will be automatically terminated. Commented Jan 27, 2024 at 0:02

1 Answer 1

Reset to default
1

You can use Whitelist functionality for this purpose. Whitelist is a BLE feature that allows you to add certain devices to a list which you allow to scan and connect to. For your case, the whitelist would be implemented in the Nordic peripheral device after the first connection. Once the firt connection is established, the address of the connected device can be added to the whitelist.

If you want to make sure that the connection is secure (i.e. encrypted) then your only option is pairing/bonding. You should se the IO capabilities on the Nordic device to be NoInput/NoOutput. Given that your phone is the initiator, this technically shouldn't result in any pop up/pairing dialog.

You can find more information here:-

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for the suggestion; employing a whitelist and implementing bonding does indeed offer a more resilient connection. However, the challenge arises when dealing with a large number of BLE devices, as the process of bonding/pairing becomes impractical and unscalable. This is because it necessitates storing extensive bonding information for each device within the application.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.