Showing results for 
Search instead for 
Did you mean: 

Resource Library

CYW20706 – BLE Secure Data Hub


CYW20706 – BLE Secure Data Hub


This example demonstrates the implementation of different security levels of pairing and the data transfer in a multi-connection environment.


This project instantiates a data hub that plays the roles of GAP Central, GAP Peripheral, GATT Client and GATT Server at the same time, and that is able to pair with up to 3 slaves at different security levels. In addition, the device will also be able to pair with a Master, to which it can send the data collected from the slaves or distribute the data from the master to the slaves.



Tool: WICED Studio 5.1 and above, Any BLE Central (Example: CySmart Mobile Application), Serial Terminal (Example: TeraTerm, CoolTerm)

Programming Language: C

Associated Parts: CYW20706

Related Hardware: CYW920706WCDEVAL Board (2 to 4 required)

  Block Diagram:

Figure 1: Block Diagram


As shown in the abobe block diagram, the Secure Hub can connect with upto 3 slave devices (programmed with hello_sensor project). It in turn serves as a slave for a master device. All the CYW920706 devices will be able to communicate with the PC via PUART interfaces that appear as serial terminal COM Ports in the PC.

Firmware Flow of secure_hub Device:

   Figure 2: Firmware Flow


APPLICATION_START is the program entry point. Here the peripheral UART is set for displaying Debug Messages. The BT Stack and the corresponding management callback are started using the wiced_bt_stack_init () API.

db_management_cback()  function in secure_hub.c handles the events generated for the BLE Stack. The BTM_ENABLED_EVT indicates that the Bluetooth stack is ready. Upon the reception of this event, we start the Non Connectable High Duty Cycle advertisement. The Timer and GPIO Interrupts are registered. The Timer and GPIO Button Press Interrupt callbacks increment the suffix in the Device Name by 1 and then continues the advertisement with the incremented name.

In the secure_hub and the hello_sensor projects, the user needs to enter the desired security level and IO Capabilities via console. The console accepts inputs via PUART. The 4 security levels supported in this project are

  1. Just Works
  2. MITM
  3. LE Secure Connection
  4. LE Secure Connection with MITM

The hello_sensor project starts advertising, once these details are entered. A Scan is initiated via GPIO Interrupt button press on the secure_hub device. The UUID of the service available in the hello_sensor node is verified in the callback, after which the connection is initiated by the secure_hub.

Once a connection is established with the slave, the secure_hub performs a GATT Discovery of the slave using the custom UUIDs of hello_service. The discovery happens in 3 stages:


(ii) Characteristic

(iii) Descriptor


The GATT DB of the hello_sensor device contains the hello service. The hello_service contains two characteristics (Refer hello_sensor/gatt_db.c and hello_sensor/gatt_db.h files)


This characteristic has the properties of Notification and Indication. The Bytes to be notified / indicated are typed in the serial terminal of the hello_sensor device and are transmitted as Notification or Indication to the secure_hub.


This characteristic has the properties of Read and Write. The secure nature of the application is demonstrated using this characteristic. In the gatt_db.c file of the hello_sensor, it can be noticed that the permissions of this characteristic includes these bitmasks: LEGATTDB_PERM_WRITE_REQ| LEGATTDB_PERM_AUTH_WRITABLE. This means that this characteristic can be written only when the link has been paired with MITM (Man in the middle protection).  Security Levels (either BTM_LE_AUTH_REQ_MITM or BTM_LE_AUTH_REQ_SC_MITM  The user has to manually take care of this in the application level. When other security levels are used, a write to this characteristic will result in an “Insufficient Authentication” error. Once this characteristic is  successfully written by a one byte value, the Red LED on the board blinks as many times as the written value.

By the end of the discovery, the secure_hub device stores the Attribute handles of the HANDLE_HSENS_SERVICE_CHAR_BLINK characteristic and the CCCD (Client Characteristic Configuration Descriptor) of the HANDLE_HSENS_SERVICE_CHAR_NOTIFY characteristic. With the attribute handles, the secure_hub device can write to these characteristics descriptors. The CCCD Handle is required, so that the notifications / indications can be enabled / disabled on the hello_sensor slaves. The handles are stored in a global structure g_secure_hub.

  • (iii) The GATT DB of the secure_hub device correspondingly has two characteristics HANDLE_SECURE_HUB_SERVICE_CHAR_NOTIFY and HANDLE_SECURE_HUB_SERVICE_CHAR_LED_WRITE. The former is used to transmit the Notifications / Indications received from the hello_sensor devices to the master (if present any). Such notifications are appended along with the Connection ID of the slave, so that the master can identify the slave that has sent the notification. The latter is used to receive writes from the master, which is in-turn written to the HANDLE_HSENS_SERVICE_CHAR_BLINK characteristic on the hello_sensor slaves.

At any instant a new slave may be connected to the secure_hub or a old one may detach itself by pressing the SW1 button the board. A maximum of 3 hello_sensor slaves can be connected to the secure_hub device at a time, in addition to a master.

The secure_hub keeps advertising, until a master has connected to it. It will again start advertising when the master has disconnected from it.

Programming and Testing:

  • Install the WICED Studio 5.0 (or above) in your PC. Plug in two BCM920706_EVAL Boards and let the drivers bind to the devices. Make sure the jumpers are in place. Open WICED Studio and set the platform as 20706-A2_Bluetooth. For more details, please refer WICED-20706-BT-Quick-Start-Guide present in Doc folder in the project explorer.
  • Copy the BLE_Seucre_Hub and the hello_sensor folders from the BCM920706_EVAL Board package. In the WICED Studio, right-click the Apps folder in the Project Explorer pane and click Paste. You can see these folders under the Apps folder.
  • Open two windows of Serial Terminal (Example: Teraterm or Coolterm), and bind each of those windows to the PUART COM Ports of each devices. Each device has two COM Ports with consecutive numbers. The COM Port with the bigger number corresponds to the PUART that displays Debug Messages. The one with the smaller number corresponds to the HCI UART. The BaudRate is set to 115200 in the firmware. Make sure the BaudRate in serial terminals is also set to 115200.
  • Create a Make Target for the project by selecting Project -> Make Target -> Create. Paste the following as the entry in the Target Name field:

Secure_hub-BCM920706_P49 UART=COMxx download

Make sure that the Same as the Target Name checkbox is checked. Click OK. Create another target, in addition to the previous one as:

Helo_sensor-BCM920706_P49 UART=COMyy download

(Note: In the above targets, “xx” and “yy” are the HCI COM Port numbers of each of the devices)

  • Double click the secure_hub Target you just created, shown in the Make Target Pane on the right. You can see the Secure_hub program being built and downloaded into one of the boards. (For more details or troubleshooting, please refer the WICED-20706-BT-Quick-Start-Guide)
  • Similarly program the hello_sensor firmware to another device.
  • In the Teraterm, the debug logs can be seen asking to select the security level among these 4 – No Security, MITM (Man in the middle), LE Secure Connection, LE Secure Connection with MITM. Select the appropriate security level on either devices, by entering the corresponding number. Following this, for the security levels that involve MITM, you will have to select the IO Capabilities. The user has to select the MITM.


  • The hello_sensor device will start to advertise. In the secure_hub device, press the SW6 button for more than 5 seconds for the scan to start. Once the secure_hub finds the hello_sensor device advertising, it will automatically initiate connection and pairing process. In case of the security levels with MITM, passkey entry might be required, where the user has to enter the passkey displayed by one device as input to another device.
  • The secure_hub device keeps advertising and it can be connected to another central (any BLE App on Smart Phone, say CySmart. )
  • Once the pairing is complete, the secure_hub automatically enables notifications on the hello_sensor device. The user will be able to send notifications by directly typing on the terminal of the hello_sensor byte by byte. The secure_hub displays the notifications received from the hello_sensor and in turn sends them to the Central if present, and if notifications / indications have been enabled by the Central.
  • At any time, another hello_sensor device can be connected the secure_hub by following steps 7,8,9 while preserving the existing connection. A maximum of 3 hello_sensor devices can be connected to the secure hub.
  • The Central can send write requests to the secure_hub which in turn performs write requests to the slave hello_sensor devices connected to it.

Note: When the secure_hub tries to write to a slave with which it has paired with security levels without MITM, it will receive “Insufficient Authentication Error”. Also, when the master tries to write to the secure_hub, when no slaves are connected to the secure_hub, it will result in an “insufficient authorization” error.

Related Documents

Table1 lists all relevant application notes, code examples, knowledge base articles, device datasheets, and Component / user module datasheets.

Table 1: Related Documents





AN218191  - WICED™ Quick Start Guide for BT CYW20706

The  Quick Start Guide can be accessed from Project Explorer -> 20706-A2_Bluetooth -> Doc


AN216535 - CYW92070xV3_EVAL Evaluation Board Hardware User Manual

The Hardware User Manual can be accessed from Project Explorer -> 20706-A2_Bluetooth -> Doc

Version history
Revision #:
1 of 1
Last update:
‎Sep 05, 2017 01:55 AM
Updated by: