pairing can be initiated by central or peripheral.
Once pairing is initiated by central, peripheral can reject the pairing by sending error error response.,
When server receives the pairing request, CYBLE_EVT_GAP_AUTH_REQ event will be triggered. The response to this handled in the generated code. BLE_eventhandler.c file.
You have to edit the code in the generated code to send the error response.
And server can initiate the pairing process on button press. Once button is presses send the suecrity request from server by using GapAuthReq().
Once you send this request,client will start the pairing process again. So you can selective send the error response when this event is triggered CYBLE_EVT_GAP_AUTH_REQ. i.e if it is triggered even before user starts the pairing process then you can send error response or respond with CyBle_GappAuthReqReply().
BTW what is the use case? Why you don;t want to pair if central starts pairing process? If you want to connect to the specific device(which dooesn;t start pairing process), then you can disconnect the connection after receiving CYBLE_EVT_GAP_AUTH_REQ ( if it is not initiated by user).
Due to the security reason, when a no-input/no-output peripheral device is powered on, it will automatically enter adverting and can be paired without any restriction , any central device can requests an authentication if they finding its existence, so every time when user powers on the peripheral device, it may have a fail connection because of the surrounding central device finds it and do the pairing process, this scenario may make a bad experience to user.
According to your suggestion, I have to edit the "BLE_eventhandler.c" again once I did the Generate Application.
I had did a trick, I set the "cyBle_authInfo.authErr" to "CYBLE_GAP_AUTH_ERROR_PAIRING_NOT_SUPPORTED" in normal situation, and set to "CYBLE_GAP_AUTH_ERROR_NONE" if pairing button is pressed, this method is much like your suggestion about sending a error response.
Thanks for your suggestion and please let me know if this 'trick' is not a good way to implement the paring refusing process.
I have same question like you. Peripheral/Server always advertising and I want only some Gap central (smartphone) be able to get paired.
Could you show me any code example how did you resolve it ?
Thanks in advance !!
Do the following procedure after getting the CYBLE_EVT_GAP_DEVICE_CONNECTED event in AppCallBack()
cyBle_authInfo.authErr = CYBLE_GAP_AUTH_ERROR_NONE;
cyBle_authInfo.authErr = CYBLE_GAP_AUTH_ERROR_PAIRING_NOT_SUPPORTED;
it will respond to the followed authentication process and making the authentication be SUCCESS or FAILURE.
Another way (the better way I thought):
You can move some information(e.g. Device Name, Service UUID, ....) from Advertisement packet to Scan response packet and set the Filter Policy to "Scan request: White List", it can hid the peripheral device if it doesn't enable pairing, then only make it being "Scan request: Any" while enable pairing.
You can also do a similar approach for the whole advertising/scanning in the first place, with implementing the whitelist filtering when starting advertisement. (You can update the advertisement data dynamically as well to have the whitelist/non-connectable being toggled in software).
I'm currently doing this in my software, where once "pairing" is initiated, it then changes the advertisement packets to allow anyone to connect, but once it has paired to a device, then it uses a whitelist filter for accepting connect requests.
Is there a way to share the code mentioned above?
I would appreciate very much,
Unfortunately I can't give you the code, but I can offer advice/tips on getting it working yourself
The only trick is to have the radio idle/off when changing from whitelist filtering to no filtering and vice versa.
This is one of doing it. Another way you could implement this:
- Initially, set the security level to 'No Security'. Then the peer device cannot pair with your device.
- When pairing has to be enabled, change the security level to 'Unauthenticated/Authenticated pairing;. This has to be done in firmware similar to what you have done but you will be changing cyBle_authInfo.security.