BLUETOOTH® wireless technology (BWT) is used to establish wireless connectivity between computing devices. (BLUETOOTH® is a registered trademark of BLUETOOTH® SIG, Inc., Kirkland, Wash.) BLUETOOTH® enables such devices to connect and communicate with one another efficiently.
BWT utilizes the free and globally available 2.4 GHz radio band. This band is also known as the industrial, scientific, and medical (ISM) radio band. Operation in the ISM band allows BWT to utilize low levels of power while allowing BLUETOOTH® enabled devices within an acceptable range to share data. Each BLUETOOTH® enabled device may simultaneously communicate with many other devices in a variety of topologies supported by the BLUETOOTH® protocol. BWT is used with a variety of products including mobile computing devices, stationary computing devices, computing peripheral devices, smart phones, wearable computing devices, medical computing devices, and vehicular computing devices.
In order for two BLUETOOTH® enabled devices to communicate with one another, the devices must be “paired” to one another. Such pairing is crucial to BLUETOOTH® communication because it helps to assure that BLUETOOTH® enabled devices only communicate with known or approved BLUETOOTH® enabled devices. During pairing, the two devices also “bond” by storing security keys which allows the devices to reconnect at a later point in time and securely exchange data without unnecessary further user intervention after an initial pairing.
BLUETOOTH® bonding involves causing a given pair of BLUETOOTH® enabled devices to become a trusted pair to one another. To achieve pairing, BLUETOOTH® enabled devices complete a specific device discovery and authentication process. Upon completing the pairing and bonding process, each device can automatically transmit and accept communication between them.
In the device discovery process, each BLUETOOTH® enabled device searches for and locates nearby BLUETOOTH® enabled devices to communicate with. Only BLUETOOTH® enabled devices that are in a “discoverable” mode may be located or “discovered.”
A BLUETOOTH® enabled device that is scanning for BLUETOOTH® enabled devices is said to be in the device discovery state. A BLUETOOTH® enabled device that is discoverable is said to be in discoverable mode. Upon discovery, the BLUETOOTH® enabled devices may reveal their advertised names and other relevant information before a connection is established between the devices.
Typically, the list of the discovered devices is presented to the user. The user would then be required to select the desired device to be paired with and confirm that the pairing should take place. Thus, the user may instruct the discovering device to pair and bond the devices. Upon such confirmation, the devices establish a relationship by creating a link key that constitutes a “shared secret”. The link key is subsequently used to govern communication between the paired devices unless and until the devices are unpaired. Either device may cause an unpairing by deleting its respective link key.
Once the devices are paired and bonded, they may communicate with one another. Even when the devices lose connectivity (e.g., by moving out of range from one another or losing BLUETOOTH® communications access), they may restore communication without re-pairing unless one or both devices lose their respective link information.
Pairing in BLUETOOTH® allows two devices to form a relationship which may be temporary (lasting only for the duration of the present connection), or long term (allowing for reconnections). When a pair of BLUETOOTH® devices are set to pairing mode, the device that requests connection and pairing (referred to as a central device) may display a list of “discovered” devices, which allows the user to select which device (e.g., a peripheral device) to continue the pairing process with.
In known pairing models, during pairing the peripheral device (or the device that does not initiate pairing) does not allow for confirmation of the identity of the central device at the peripheral device. Rather, the known pairing models of Bluetooth allow any device to connect to a peripheral device during pairing. In some examples, the peripheral device may display (at a peripheral screen or other display) information for confirmation or comparison by the user of the central device. For example, the peripheral may display a Passkey that can be re-entered on the central device. Alternatively, the peripheral may display a Numeric Value for comparison at the central device. In the case of Just Works pairing, the peripheral has no direct affirmation with a pairing central device.
As a result, there is vulnerability to peripheral devices during the BLUETOOTH® paring process since a peripheral device has no say in what devices attempt to pair with it while it is in pairing mode. This is both a security problem and a user satisfaction problem. During pairing, the remote device (i.e., the peripheral device) must accept any connection request that it receives from any central device. This ‘openness’ of the peripheral device to accept connections from unknown central devices allows for improved connectivity. Connectivity is enhanced because the model allows for expedient pairing between devices. However, this model also has a security risk in the event that a malicious central device connects to the peripheral. This model also can result in failed pairing attempts due to a possible mismatch between the central and peripheral device. Such failed pairing may frustrate BLUETOOTH® device users.