BLE Simple Pairing with a Shared Secret Pin

Published on October 15, 2015

Archived Notice

This article has been archived and may contain broken links, photos and out-of-date information. If you have any questions, please Contact Us.

BLE Simple Pairing with a Shared Secret Pin

By Mahendra Tailor, Technology Leader and Jordan Manser, Technical Writer

There are use cases in Bluetooth pairing where one would want dedicated and pre-selected devices to be able to pair with each other and not with any others.

For Bluetooth devices compliant with v2.0 or older, what is now called ‘legacy’ pairing, a shared pin code was required. As long as both sides entered the same pin code a pairing was successful and the devices were able to create a shared 128 bit key. Then Simple Secure Pairing (SSP) was introduced in BTv2.1 and newer, and ‘legacy’ pairing was disallowed for devices that pair with each other. In this new pairing mechanism if a code is to be confirmed or entered, then it is a randomly generated number by the devices. This means it is not possible to preconfigure Bluetooth enabled devices so that only dedicated devices can bond with each other.

Although ‘legacy’ pairing is associated with Classic Bluetooth, when Bluetooth Low Energy (BLE) was introduced in BTv4.0 of the specification, a similar SSP scheme was adopted.

In use cases where a group of BLE devices need to bond with each other and be associated as a group, it would seem that supplying future replacements presents a problem in terms of how it can become part of the trusted group that was originally shipped.

During ‘legacy’ pairing days of old, this problem was neatly solved by ensuring that each device in a group had the same pin.

BL600 and BL620 BLE smartBASIC modules.

Investigations and testing by Laird has revealed that the BL600 and BL620 BLE smartBASIC based modules can be configured so that they pair in a ‘legacy’ manner and still be compliant with the BTv4.x specification. This ‘legacy emulation’ pairing can be achieved by setting the pairing i/o capability of both BL600 and the BL620 as Keyboard Only using the function BleSecMngrIoCap() with the ioCap input parameter set to 4 (Keyboard Only – Authenticated pairing). Subsequently, each time a pairing happens and it is with another BL6xx device, then it will only be successful if both sides enter the same 6 digit code.

More information on the BL6x0 Series can be found, here.

Stay in the wireless industry loop and subscribe to the Wireless Connectivity Blog!