I will work with the Manager of the AE/FAE team to come up with a path for support on this issue.
Have you tried working through the local SW resource at our distribution partner? He is actually very good and could help during the time we research and try to assign internal resources to address this issue.
Right now, we are working with Andrew. I will ask him to respond to this in private.
We are with Inventek Systems regarding module production for the 943341, although I am using the Broadcom eval board (BCM943341WCD1).
Yes, WICED supports multiple clients when using GATT server. I have verified this working with the WICED 43341 eval board with the ble_proximity_reporter, connecting with the LightBlue app on the iPhone and the WICED Smart Explorer on a Android device.
You will need to change the code in the ble_proximity_reporter as it is programmed to turn off advertisements once it has made a connection. This will be in ble_proximity_gatt_cback() in ble_proximity_reporter.c
1) 2) Changing the following should be all that is needed to enable multiple connections.
.server_max_links = 1,
3) (a) Yes this is handled by the BLE stack
(b) You can keep track of the connection handles by p_event_data->connection_status.conn_id. With this you should be able to maintain a whitelist/blacklist for fine-granularity permissions.
4) BLE addresses can be spoofed. If you use encryption this should take care of any security issues with existing connections.
The BLE peripheral that uses the BCM943341 and acts as a peripheral to any central, does not have an in-built display for OOB key or pairing. It has some LEDs and a speaker. We may use that for OOB.
As of now, our security settings for any connection is set to BTM_SEC_NONE.
However, we wish to have BLE addresses not be spoofed and we also want to have OOB key for secure pairing. Which security option should we choose?
BTM_SEC_IN_AUTHENTICATE = 0x0002, /**< Inbound call requires authentication */
BTM_SEC_OUT_AUTHENTICATE = 0x0010, /**< Outbound call requires authentication */
BTM_SEC_ENCRYPT = 0x0024, /**< Requires encryption (inbound and outbound) */
BTM_SEC_SECURE_CONNECTION = 0x0040 /**< Secure Connections Mode (P-256 based Secure Simple Pairing and Authentication) */
Security level would not expose any OOB usage, since OOB is just one of the pairing methods that could achieve security level. If the device is intended to use OOB pairing when OOB data is available, the application should process the BTM_PAIRING_IO_CAPABILITIES_BLE_REQUEST_EVT and respond oob_data availability in the callback data. If both sides could agree on OOB method, the application would expect security callback events depending on which SMP pairing version is undergoing; and feed the OOB data back through wiced API call.
The security level you mentioned would only apply on BR/EDR service. It would have no impact on the LE link unfortunately. But you could enforce authentication on LE link by passing BTM_BLE_SEC_ENCRYPT_MITM in wiced_bt_dev_set_encryption().
I hope this helped.