Authenticate CyBLE Central and Peripheral when Devices do not have IO Capabilities – KBA220286

Version: **

 

Question:

How do I authenticate Central and Peripheral when the devices do not have IO capabilities for CyBLE devices?

 

Answer:

Consider the following logic for application.

Requirements:

  • Use security: Authenticated pairing with encryption
  • You want to use a fixed passkey, but do not want to display, as the device does have display IO capability

Assumptions:

  1. Peripheral will use a passkey (say 123456) and have display capability.
  2. Central has keyboard capability

Implementation:
On the Peripheral side:
Use CyBle_GapFixAuthPassKey() API for setting the known passkey 123456. Call CyBle_GapAuthReq(connHandle.bdHandle, &cyBle_authInfo); to initiate authentication request or pairing. As the display capability is selected, the event CYBLE_EVT_GAP_KEYINFO_EXCHNGE_CMPLT will be triggered. As you do not want to display passkey in real, do not add any code for this even in the stack even handler. If authentication fails, the CYBLE_EVT_GAP_AUTH_FAILED event is will be triggered. So, include a disconnect API (send a disconnection request) in this event.

On the Central side:
Send the authentication request. As the keyboard capability is given, passkey entry request will be triggered. In the authentication reply, hard code the known passkey (123456) in the firmware. Thus, in effect the authentication is automatically taken care.
Now if any Central device tries to connect, a prompt to enter passkey is displayed. Central cannot enter the passkey as it is not displayed. So, the authentication fail event is called.