BM70 Security Features

This page covers Bluetooth® Low Energy security features offered in the BM70 module. You should have a working knowledge of BLE security to gain a complete understanding of the way the BM7x operates and provides security.

Overview

The GAP Layer defines modes and procedures which relate to the security of a connection. The BM70 supports LE Security Mode 1 with four security levels as specified by the definitions in the GAP layer. In general, LE Security Mode 1 gains security by means of encryption and this will only be done after the connection has been established.

To keep it simple, when two connected devices who initially do not have security wish to do something which requires security, the devices must first pair. Pairing involves authenticating the identity of two devices, encrypting the link, and then distributing keys used for encryption (bonding). The diagram below tries to capture what pairing involves. The level of security gained from all this is determined from the pairing method used and this is selected based on the I/O capabilities of each device.

pairing-bonding.png

The Pairing Procedure is typically initiated by the Generic Attribute Profile (GATT) Client (GAP Central) after attempting to read a characteristic on the GATT Server (GAP Peripheral) that requires authenticated access.

Pairing Methods Supported

BM70 supports the following pairing methods:

The term "authenticated" here means the pairing method gives enough security to protect against “Man in the Middle” attacks. The term "unauthenticated" means the pairing method does not provide protection against “Man in the Middle” attacks, but pairing still occurs, keys are exchanged, and the link can still be encrypted.

Just Works and Passkey Display methods are considered LE Legacy pairing methods (available in BLE v4.0/v4.1). BLE v4.2 added the Numeric Comparison method, which meets the requirements of the Payment Card Industry (PCI) for Pin Transaction Security (PTS) Point of Interaction (POI) financial transactions, where BLE v4.2 must be used and the device must support Security Mode 1 level 3 or 4.

These methods are supported via the following I/O capability settings, which are available on BM70:

  • No Input No Output
  • Display Only
  • Display Yes/No
  • Keyboard Only
  • Keyboard Display


The following table determines the pairing method (and thus the security level achieved) based on the BM70 device I/O capabilities.

Note that in a typical security scenario, the smartphone plays the role of Initiator and since it has both a keyboard and a display, it has a fixed I/O capability (Keyboard Display), while a BM70-based Peripheral device would typically have the ability to Display (Send) a PIN key to the phone for verification (Display Yes/No I/O capability):

pairing-scenario-smartphone-bm70.png

Q. For cells containing two pairing methods (i.e. Passkey Display + Numeric Comparison, which one is used?

A. The method used depends on the capability of the peer device that is connecting to the BM70 (BM70 supports BLE 4.0/4.1/4.2).

BLE 4.2 peers will use Numeric Comparison, while BLE 4.0/4.1 peers will use Passkey Display.

Bonding Capability

BM70 is capable of bonding with up to 8 peers. A "link priority" setting is also associated with each key set, indicating how recently the peer was connected with (1 being newest and 8 being oldest).

When trying to bond/pair when the list is full, the module should return an error code in the command complete event. The error should indicate insufficient resources or memory. It is up to the host to delete a device to make room for the new one and retry the pairing sequence.

Applying a Security Level to a Connection

The first step is to establish the desired connection security level for the application.

Next, the characteristic attributes requiring authenticated access need to be configured as such.

Finally, the appropriate BM70 static/dynamic configuration parameters need to be configured in the module to enable a security level change to take place in a connection, and to be automatically applied to all subsequent re-connections.

Flow of Control

The diagram below shows the flow of control between a BM7x (acting as a GATT Server) and a peer device (smartphone, etc). The BM70 is connected to an MCU Host via UART interface (BM70-to-Host packets not shown):

pairing-bm70-flow-of-control.png

Host MCU Interaction with BM70

The status/control messages (packets) that occur between the host and BM7x during the pairing process are based on the type of pairing method selected. The diagram below shows an example of the interaction based on the Passkey Display method with the BM7x being an 'Initiator' or ‘Responder’:

bm70-initiator.png
bm70-responder.png

Please refer to the "Command Set v1.20.pdf BLEDK3 Command Set (v1.20)" user's guide for complete details on the Pairing and Security-related op-codes available.

© 2024 Microchip Technology, Inc.
Notice: ARM and Cortex are the registered trademarks of ARM Limited in the EU and other countries.
Information contained on this site regarding device applications and the like is provided only for your convenience and may be superseded by updates. It is your responsibility to ensure that your application meets with your specifications. MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHER EXPRESS OR IMPLIED, WRITTEN OR ORAL, STATUTORY OR OTHERWISE, RELATED TO THE INFORMATION, INCLUDING BUT NOT LIMITED TO ITS CONDITION, QUALITY, PERFORMANCE, MERCHANTABILITY OR FITNESS FOR PURPOSE. Microchip disclaims all liability arising from this information and its use. Use of Microchip devices in life support and/or safety applications is entirely at the buyer's risk, and the buyer agrees to defend, indemnify and hold harmless Microchip from any and all damages, claims, suits, or expenses resulting from such use. No licenses are conveyed, implicitly or otherwise, under any Microchip intellectual property rights.