4 Replies Latest reply on Sep 18, 2019 6:10 AM by GaneshD_41

    Discover Security capability of Peripheral via API call on Central?

    CoreyW_81

      Once my Central (PSOC 4 BLE based) makes a connection to a peripheral, is there a way I can discover the peripheral's security settings (Mode and Level)?

        • 1. Re: Discover Security capability of Peripheral via API call on Central?
          CoreyW_81

          Specifically, I would like to see what the peripheral's IO Capabilities are set to.

          • 2. Re: Discover Security capability of Peripheral via API call on Central?
            GaneshD_41

            Hi Corey,

             

            It is not possible to get the IO capabilities of peripheral from Central side. You have to manually read from the characteristics.

             

            When peripheral sends authentication request, you will get the Security level as well of security mode information in the authentication parameters of the CYBLE_EVT_AUTH_REQ event.

             

            Thanks

            Ganesh

            • 3. Re: Discover Security capability of Peripheral via API call on Central?
              CoreyW_81

              Thank you Ganesh.  A followup question.

               

              The central design is the side we can control.  We are able to get Passkey Entry to work if "strict pairing" is UNCHECKED, so no issue with IO capability.  But when Strict Paring is ENABLED, there is a failure with Auth Fail Code 3, IO Capability.

               

               

              Q) Through trial and error with the various settings in PSOC Creator (Security Mode, Security Level, Strict Pairing, I/O Capabilities, Bonding requirement) that the central can be set to, is there a way to deduce what the IO Capability settings are configured to on the peripheral?

               

              1) Want to get the highest level of security possible based on what the peripheral is configured for...without actually knowing the peripheral's settings

              2) Want to understand how the peripheral is likely configured (IO Capabilities)

               

              Here are the results of some experiments run by the engineer:

               

              a) With strict pairing off, I get non-authenticated connection.

              b) I do get the appropriate behavior simple secure pairing with passkey entry when i select Display and Keyboard. But i cant get numeric comparison when i choose Display with Yes/No. I get auth code failure 3. I/O capability.

              c) My concern is the peripheral (responder) is returning Display Only. Its why when I set initiator (central) to display and keyboard that works

              d) What I suspect is our peripheral is not communicating Display with Yes/No button capability as it should. I believe this because..... if i set Display and Keyboard on the initiator, the central, I get the correct / expected behavior. SSP with PASSKEY ENTRY.

              Now when I set Display with Yes/No on the initiator. And Strict pairing, it fails. Auth failure code 3, IO Capabilites. If I turn off strict pairing in negotiates down to unauthorized pairing.

              • 4. Re: Discover Security capability of Peripheral via API call on Central?
                GaneshD_41

                Hi Corey,

                 

                Please note the following points:

                 

                1. If strict pairing is enabled, the device will not go to low security mode (Unauthenticated pairing) if the security parameters of the Central and peripheral are different. For example if Central has "Authenticated pairing with Encryption" request and peripheral has "Unauthenticated pairing with encryption" and strict pairing is enabled on both sides, the authentication will be failed. In case if strict pairing is not enabled, the result will be unauthenticated pairing with encryption.

                 

                From (a) and (d) we think strict pairing is off on Peripheral and it is set as Unauthenticated pairing with encryption.

                 

                The Display Yes/No (Numeric comparison) will work only for LE secure connections.  Authentication will be success success if both Central and peripheral setting has LE secure connections setting. In your case either your peripheral doesn't have proper I/O setting or it is not present in Le secure connections setting. So please check putting LE secure connections with Display and Keyboard setting, Numeric comparison in your central.

                 

                Also we recommend you to put strict pairing to OFF and set Authenticated pairing with Encryption and I/O capabilities as Keyboard and Display. This setting will make you to get largest security option possible with your peripheral.

                 

                Also please have a look at different results with I/O settings when strict pairing is OFF in page 611 of BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part H] attached with this email.

                 

                Thanks

                Ganesh