Today, pairing of Bluetooth Low Energy (BLE) capable devices with user devices is neither secure nor trivial. Secure pairing and identification of BLE devices is described. A service (e.g., web service) provides a list of unique identifiers (UIDs) and an encrypted UID to a BLE device manufacturer without a decryption key. The manufacturer provisions each beacon of each BLE device with a UID generated by the service. The manufacturer also generates a quick response (QR) code to print on the BLE device. To pair with the BLE device, a user uses a camera or other scanner of the end-user device to simply scan the QR code. In response, the end-user device queries the service to resolve the UID, then scans for, identifies, and connects to the beacon. The end-user device also configures the beacon to broadcast an ephemeral identifier (EID), which changes over time, preventing third parties from identifying the paired beacon.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Rodriguez, Adam and Lazarov, David, "Secure Pairing and Identification of BLE Devices", Technical Disclosure Commons, (June 19, 2019)