Password Managment

Ask the Community
Close
Ask the Community
nav search Icon
Forums gray-arrow gray-arrow
Resources gray-arrow gray-arrow
About gray-arrow gray-arrow
Groups gray-arrow gray-arrow
nav-user Account

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

Password Managment

Anonymous
Not applicable
‎Aug 01, 2017 01:51 PM
‎Aug 01, 2017 01:51 PM
Jump to solution

My BLE device design requires a password.  The password will be entered via a phone app.  There will be a hard coded default.  What is the best way to handle this?

   

Perhaps:

   

Create a custom characteristic, write only, called password.

   

Save new passwords to NV memory.

   

 

   

Thanks

   

Rich

Labels
0 Likes
Subscribe
1 Solution

Re: Password Managment

Anonymous
Not applicable
‎Aug 03, 2017 09:47 AM
‎Aug 03, 2017 09:47 AM
Jump to solution

Depending on how much security you want, there are multiple ways to do this:

   

If you want to prevent hardware compromise, you will want to store the password as a hashed value on the local side, rather than the "plaintext".

   

If you are only worried about the software/app interaction for security of the password, then as you listed above in the "Perhaps:" section will work well. Since you are working with sensitive data, where data corruption over-the-air might be a problem; you could try using the confirmed or "signed" writes to make sure the password doesn't get corrupted on transmission.

View solution in original post

0 Likes
3 Replies

Re: Password Managment

Anonymous
Not applicable
‎Aug 03, 2017 09:47 AM
‎Aug 03, 2017 09:47 AM
Jump to solution

Depending on how much security you want, there are multiple ways to do this:

   

If you want to prevent hardware compromise, you will want to store the password as a hashed value on the local side, rather than the "plaintext".

   

If you are only worried about the software/app interaction for security of the password, then as you listed above in the "Perhaps:" section will work well. Since you are working with sensitive data, where data corruption over-the-air might be a problem; you could try using the confirmed or "signed" writes to make sure the password doesn't get corrupted on transmission.

0 Likes

Re: Password Managment

Anonymous
Not applicable
In response to Anonymous
‎Aug 03, 2017 10:17 AM
‎Aug 03, 2017 10:17 AM
Jump to solution

Thanks for your help on this.  What do I need to know about "signed write" other than checking that box in the GUI?

   

 

   

Rich

0 Likes

Re: Password Managment

Anonymous
Not applicable
In response to Anonymous
‎Aug 04, 2017 09:42 AM
‎Aug 04, 2017 09:42 AM
Jump to solution

Alright, looking at the documentation for specifics: If you read through the API documentation for CyBle_GattcReliableWrites(connHandle, *writePrepReqParam, numOfRequests), that is the write characteristic function you will want to use. It validates the data to both sides before it writes it to the server.

   

This will generate: CYBLE_EVT_GATTS_EXEC_WRITE_REQ at the GATT server end, this is where you would check the value on the server side to be valid as a password argument

   

then CYBLE_EVT_GATTC_EXEC_WRITE_RSP at the GATT client end, this is where you validate that the data you sent to the server and the data it sent back are exactly the same.

   

Errors will be generated if a step fails. Documentation for the write function is on page 154 of the v3_30 BLE component PDF file.

   

The only difference between the reliable write and the regular characteristic write is that the client will receive the second event to "verify" the data being written is correct before the data is written. All of the hooks and switches should behave similar to the other BLE functions in the software for the Cypress chips.

0 Likes