According to the Guideline (see Appendix
A for detail), the Peripheral should reject the ATT request using the
Insufficient Authentication error code. By this way, the Apple product can pair
and bond with accessory.
But the BLP(see Appendix
B for detail) asks the Peripheral to use the SM Slave Security Request
procedure, if the peripheral uses bonding.
So the conflict is the method of triggering
pairing and bonding.
I do like this:
When the
peripheral received an ATT read request of characteristic, the peripheral judges
whether the link is encrypted or not, if the link isn’t encrypted, the
peripheral will send a SM Slave Security Request and reject the ATT request with
“Insufficient Encryption” error code. It works well, and the Apple product does
pair and bond with the accessory successfully. But this method is not mentioned
explicitly in the “BluetoothDesignGuidelines R6.pdf”, and will it be OK to use
this method in the future? Will Apple still allow do this in the
future?
Appendix A:
In
the
“BluetoothDesignGuidelines R6.pdf”, we found
that:
Pairing
The
Bluetooth accessory should not request pairing. If, for security reasons, the
accessory requires a bonded relationship with the Central, the Peripheral should
reject the ATT request using the Insufficient Authentication error code, as
appropriate. See specification, Volume 3, Part F, Section 4 for details.
As a result,
the Apple product may proceed with the necessary security procedures.
Appendix B:
In the
“Blood
Pressure Profile”, we found that:
6.1
Blood Pressure Sensor Security Considerations
All
supported characteristics specified by the Blood Pressure Service shall be set
to
Security
Mode 1 and either Security Level 2 or 3.
The Blood
Pressure Sensor should bond with the Collector.
The Blood
Pressure Sensor should use the SM Slave Security Request procedure to
inform the
Collector of its security requirements. If the Blood
Pressure Sensor uses
bonding, it
shall use the SM Slave Security Request procedure.
All
characteristics specified by the Device Information Service that are relevant to
this
profile
should be set to the same security mode and level as the characteristics in the
Blood
Pressure Service.
Second
question:
The Blood Pressure monitor is a slave and the
Apple product is a master. We test on iOS 6.1.3.
If we use the pairing
method comply with “BluetoothDesignGuidelines R6.pdf”, it really
works well after pairing and bonding. But after I selected “Forget this device”,
the iOS cannot pair and bond with my BLE device anymore. In addition, the slave
also could not know the iOS has forgot it.
When I debug the slave’s pairing and bonding
procedure, I find that even the iOS has forgot this device, the slave can still
use the old IRK resolving the new random device address into the Apple product’s
public device address, so, the slave considers itself is still in the bonding
status. And because the iOS had forgot this device, the iOS did not encrypted
the link. In this case, when the slave received an ATT read request of
characteristic, the slave shall reject this ATT read request with the
“Insufficient Encryption” error code, because the slave still ask a encrypted
link. However, the iOS does nothing to process this error
code.
We also test on iOS 7 beta(11A4414e), there is no
problem anymore. Does there any way to resolve on 6.1.3, and will 7.0 or later
could keep the status in beta
version?