Support : Industrial : AIRcable AIRmotes Programming Handbook : PART 5

PART 5: Security

• Pass Key or Pin Code
• Pairing
• Access Restriction
• Discoverable
• Unlock

PASS KEY or PIN CODE

The AIRmote system always requires to provide a pass code or PIN for the first time a connection is attablished. PIN codes are required for all incomming and outgoing connections. Authenticaton cannot be disabled.

There are 3 levels of response on PIN code requests depending on the configuration.

• unconfigured
  When the AIRmote is unconfigured, e.g. after a firmware upgrade and no config.txt and no AIRcable.bas program has been loaded the PIN code required to access the AIRmote is fixed at "1234".
• configured
  After config.txt is uploaded, the PIN code is the PIN code configured in config.txt. If the PIN code length in the config.txt file is zero, it will default to "1234" as well.
• programmed
  The BASIC program can also respond to PIN code requests. The application knows who is asking for the pass code and can respond accordingly. If a BASIC program responds to a PIN code request, the PIN code used is the result of the PIN_REQ interrupt routine of the BASIC program.

PAIRING

A correct PIN code response leads to a successful pairing. The pairing mechanism creates an access permission.

A successful pairing stores a unique link key on both partners. The link key is stored automatically as the pairing information for the two partners. Matching keys then allow the access to all wireless channels. This pairing data consists of the Bluetooth address of the partner and its calculated link key. Both have to match before access is granted. If for some reason the partner's link key is removed the pairing information does not match anymore and a new pairing must be established.

For added security the new pairing information will not be updated automatically. Thus, instead of asking for a PIN code again, the connection attempt will fail.

To reestablish pairing, the AIRmote pairing information can be deleted. There are two ways to delete pairing information: delete all stored pairing information or delete individual pairing information. A line containing the keyword @UNPAIR in the BASIC program will erase all pairing information. (just like @ERASE deletes the BASIC program).

The first device paired with is the default device. The pairing information of the default device can only be removed by deleting all pairing infirmation. The AIRmote can store pairing information of 8 other Bluetooth devices. If more pairing is added the oldest pairing information is deleted. Paired devices can be removed in the BASIC program via the build in function 'unpair bt_addr'. All pairing information is removed with 'unpair 0'. After removing the pairing information a connetion attempt will ask for a PIN code again.

ACCESS RESTRICTION

Access to the configuration files AIRcable.bas and config.txt in the file system can be restricted. If bit zero of the first entry in place @0006 is set to one, the two files are invisible. It is not longer possible to down or upload new configuration files.

Access to the file system service (Obex FTP) can be blocked completely. If bit 2 in the first entry is set to 1, the FTP service will not longer be avaliable. No files, and no configuration can be up or downloaded. The Obex FTP service is not longer available.

The service to exchange objects such as business cards, vNotes, messages etc. (Obex Object Push) can be disabled too. The AIRmote can not longer receive messages from other AIRmotes. Set bit 3 to 1.

See chapter UNLOCK for information about unlocking the AIRmote.

DISCOVERABLE

The AIRmote normally is discoverable. This means that other Bluetooth devices will be able to find the AIRmote. The AIRmote provides its name and the available services to anyone who can find it.

Using the function slave the BASIC program can control the discoverablility of the device. All profiles are affected by the mode even though only the slave function controls it.

By setting the number of seconds parameter to a negative number, the AIRmote will become undiscoverable for that amount of time. After that time the @IDLE function is called again where the slave function can decide to make the AIRcable discoverable again or not.

As long as an external device knows the Bluetooth address a connection can still be made. Whether or not the AIRmote is discoverable or not, it will still require a successful authentication to grand access.

UNLOCK

It may be necessary for several reasons to unlock the AIRmote once some of the security measures are implemented or to disable the execution of the BASIC program. Once you lost access to the configuration there is no way wirelessly to enable configuration again. Certainly a special BASIC program can reenable access again but that program must be installed already.

The only way to gain access again is to open the housing of the AIRcable Industrial. Inside the AIRcable is a security unlock pin. When this jumper is installed the effect is:

• The AIRmote is discoverable
• Obex FTP and Obex is enabled
• Access to both config files is enabled
• The BASIC interpreter is switched off
• Security PIN code is set to default "1234"

This way the configuration and the BASIC program can be updated. Once uploaded the AIRmote has to be switched off, the unlock jumper taken out and then switched on again. If the jumper stays in during reboot, the configuration and the BASIC program will be erased.