|
31 | 31 | * and/or exchanging keys used for the current connection. Bonding means saving this information so that |
32 | 32 | * it can later be used after reconnecting without having to pair again. This saves time and power. |
33 | 33 | * |
34 | | - * There are many ways to provide these at different levels of security depending on your requirements |
| 34 | + * @par Paring |
| 35 | + * |
| 36 | + * There are several ways to provide different levels of security during pairing depending on your requirements |
35 | 37 | * and the facilities provided by the application. The process starts with initialising the SecurityManager |
36 | 38 | * with default options for new connections. Some settings can later be changed per link or globally. |
37 | 39 | * |
|
43 | 45 | * You can change the IO capabilities after initialisation with setIoCapability(). This will take effect |
44 | 46 | * for all subsequent pairings. |
45 | 47 | * |
| 48 | + * @par Out of Band data used in pairing |
| 49 | + * |
46 | 50 | * Sharing this information through IO capabilities means user interaction which limits the degree of |
47 | 51 | * protection due to the limit of the amount of data that we can expect the user to transfer. Another |
48 | 52 | * solution is using OOB (out of band) communication to transfer this data instead which can send much |
|
57 | 61 | * it. If either side doesn't support it Legacy Pairing will be used. This is an older standard of pairing. |
58 | 62 | * If higher security is required legacy pairing can be disabled by calling allowLegacyPairing(false); |
59 | 63 | * |
60 | | - * \par How to use |
| 64 | + * @par Signing |
| 65 | + * |
| 66 | + * Applications may require a level of security providing confidence that data transfers are coming |
| 67 | + * from a trusted source. This can be achieved by encrypting the link which also provides added confidentiality. |
| 68 | + * Encryption is a good choice when a device stays connected but introduces latency due to the need of encrypting the |
| 69 | + * link if the device only connects periodically to transfer data. If confidentiality is not required data GATT |
| 70 | + * server may allow writes to happen over an unencrypted link but authenticated by a signature present in each packet. |
| 71 | + * This signature relies on having sent a signing key to the peer during pairing prior to sending any signed packets. |
| 72 | + * |
| 73 | + * @par Persistence of Security information |
| 74 | + * |
| 75 | + * Security Manager stores all the data required for its operation on active links. Depending on resources |
| 76 | + * available on the device it will also attempt to store data for disconnected devices which have bonded to be |
| 77 | + * reused when reconnected. |
| 78 | + * |
| 79 | + * If the application has initialised a filesystem and the Security Manager has been provided with a |
| 80 | + * filepath during the init() call it may also provide data persistence across resets. This must be enabled by |
| 81 | + * calling preserveBondingStateOnReset(). Persistence is not guaranteed and may fail if abnormally terminated. |
| 82 | + * The Security Manager may also fall back to a non-persistent implementation if the resources are too limited. |
| 83 | + * |
| 84 | + * @par How to use |
61 | 85 | * |
62 | 86 | * First thing you need to do is to initialise the manager by calling init() with your chosen settings. |
63 | 87 | * |
|
87 | 111 | * accetPairing() or cancelPairing(). The result will be communicated on both peers through an event calling |
88 | 112 | * pairingResult() in the EventHandler. |
89 | 113 | * |
90 | | - * \par Sequence diagrams |
| 114 | + * @par Sequence diagrams |
91 | 115 | * |
92 | 116 | * Sequence diagram "Just Works" pairing |
93 | 117 | * |
|
103 | 127 | * | | |<---[pairing complete]----->| | | |
104 | 128 | * |<- pairingResult() <---------------| |----------------> pairingResult() -->| |
105 | 129 | * | | | | | | |
106 | | - * \endverbatim |
| 130 | + * @endverbatim |
107 | 131 | * |
108 | 132 | * @note the requestPairing() call isn't required to trigger pairing. Pairing will also be triggered |
109 | 133 | * if you request encryption and authentication and no bonding information is available. The sequence will |
|
121 | 145 | * | | |<-[encryption established]->| | | |
122 | 146 | * |<- linkEncryptionResult() <--------| |---------> linkEncryptionResult() -->| |
123 | 147 | * | | | | | | |
124 | | - * \endverbatim |
| 148 | + * @endverbatim |
125 | 149 | * |
126 | 150 | * @note if bonding information is not available, pairing will be triggered |
127 | 151 | * |
|
149 | 173 | * | | |<---[pairing complete]----->| | | |
150 | 174 | * |<- pairingResult() <---------------| |----------------> pairingResult() -->| |
151 | 175 | * | | | | | | |
152 | | - * \endverbatim |
| 176 | + * @endverbatim |
153 | 177 | * |
154 | 178 | */ |
155 | 179 |
|
|
0 commit comments