Deploying Bluetooth Low Energy and NFC for secure connections and easy pairing

Deploying Bluetooth Low Energy and NFC for secure connections and easy pairing

Technology News |
By Rich Pell

Two areas that are of growing interest are secure, out of band (OoB) pairing and proximity applications based around the concept of BLE IoT systems. Here we look at both of these areas and consider how the latest semiconductor technologies and support tools can be used to simplify their implementation.

Bluetooth Low Energy and Near-Field Communication
Bluetooth low energy (BLE) is the power conserving, application-friendly, incarnation of Bluetooth that was developed for the Internet of Things (IoT). The Bluetooth SIG (special interest group) improved its low power technology launching BT version 4.2 in December 2014. It included additional features such as enhanced data cyphering, support of internet protocol and faster speed compared to v4.1. A further enhancement to the recently announced Bluetooth 5 is expected at end of 2016.

Classic Bluetooth offers advantages such as communication range, ubiquity and low implementation cost. BLE provides significantly lower power consumption. This makes it ideal for the coin cell powered mobile and wearable platforms that dominate the IoT.

Modern devices, such as smartphones, have Bluetooth low energy capability as standard. Increasingly, Near-Field Communication (NFC) is also being added. NFC enables applications such as payment or access control as well as security-related functionality where Bluetooth communications could be intercepted by a malicious third-party. This is the so-called ‘Man in the middle’ (MITM) scenario.

NFC offers wireless communication, but in a very different way from Bluetooth. Firstly, the distances involved for NFC are up to 100 mm. Secondly, the amount and type of data that can be transferred is limited and highly controlled, depending on the embedded NFC security scheme selections. By contrast, Bluetooth can transfer many kinds of data over distances of up to 100 m.

Out of Band (OoB) delivers secure pairing
Combining the security of NFC and the open communications of Bluetooth brings substantial benefits. Bluetooth incorporates AES-128 encryption, which provides robust resistance to eavesdropping and decryption of intercepted packets. However, both security and ease of use can be improved by taking advantage of Near-Field Communication (NFC) to enhance activities such as pairing.

As NFC requires devices to be in close proximity, it avoids the “man-in-the-middle” issue and prevents unwanted devices connecting without the user’s knowledge or permission. This can be done by transmitting security keys for pairing information, which is called Out-of-Band (OoB) pairing and works within the limited NFC range. NFC pairing is easy and straightforward, and is usually accomplished by bringing the two devices briefly into contact.

NFC tagging reduces IoT power consumption
Take, for example, applications such as smart meters that may be read manually at intervals of several weeks or months. The meter connectivity circuit can remain completely powered down until the operator brings an NFC reader or NFC-enabled mobile into close proximity (“tagging”).

The initial energy to wake the meter is supplied via the NFC antenna, meaning the BLE device can be in deep sleep mode all the time to ensure minimal power consumption as the BLE IoT node does not check for communication requests (“advertising”) when it is not needed for a long period of time. Once the credentials of the reading device have been established, a connection can be established using BLE.

Out of Band (OoB) pairing in practice
Although, at first, this may seem to be complex, in practice the pairing and communication is quite simple and intuitive. In effect, NFC and Bluetooth each ‘play to their strengths’.

Firstly, the mobile device is placed close to the NFC-enabled device – say a smartphone or tablet being touched against a payment terminal or maybe a printer in an office environment. In devices equipped with Toshiba’s TC35670 Bluetooth Low Energy + NFC Tag IC, energy from the NFC antenna in the mobile device will ‘wake’ the fixed device, which transmits its Bluetooth credentials securely via NFC.

As the mobile device detects that the fixed device is present, it initiates a pairing request via NFC. This removes the need for the user to check and enter a numeric string that confirms the correct devices are being paired. The secure transfer prevents the security keys being inadvertently, or maliciously, intercepted by the ‘Man in the Middle’.

The pairing is now complete and both devices are able to open a secure, AES-128 encrypted, Bluetooth communication to conduct data transfer. The mobile handset may initiate an application depending on the NFC data content.

Figure 1: Combined BLE and NFC design comprising the Toshiba’s TC35670 Bluetooth Low Energy + NFC Tag IC, Bluetooth and NFC antenna.

New application variations emerge: Beacons
With the ability to detect proximity using NFC and then transmit information securely via BLE, new application variations can be realised. One of these is a new implementation for beacons, which are extremely low power, low-sophistication devices that have the ability to present simple data to devices (and, therefore, users) in proximity. Beacons can be used for many indoor applications including promotion, navigation, building management and asset control. Once a beacon is positioned then app-users close by can benefit from micro location-based notifications while the application is open.

Figure 2: Beacons enable locality-based marketing and a number of other valuable business uses.

In general, beacons are extremely low power devices – typically powered by a small coin cell battery that needs to last weeks, months or even years. In retail, customers can be directed to particular items in the store by selecting them from an app. Alternatively, specific bargains could be highlighted to the customer. In a grocery store, beacons may direct people around the store in the most efficient way to get all of the items on a list. And in business environments, beacon-equipped assets could be tracked or located easily adding to security and efficient operation and maintenance

The applications for beacons are almost limitless. Marketing teams are dreaming up new ways to use this technology every day. In a stadium or large theatre, for example, beacons could guide you to your seat or any place within the facility. Potential applications can also support sales by offering relevant merchandising products and sales promotions as well as aiding the rebate process for goods purchased.

BLE and NFC offer the possibility of new use cases here. Beacons are usually uni-directional devices that simply broadcast information such as a URL or a location. However, another usage scenario could be to update the beacon software and content over-the-air via BLE, triggered and secured by an NFC pairing mechanism. Connecting to a beacon by NFC tagging is a much simpler procedure than pairing by Bluetooth; it is also potentially more secure due to the avoidance of security information interception, as described above.

Rapid development and implementation of beacon technology
In common with most emerging technologies, the race is on to deliver functioning hardware and software to the market quickly to capture market share in the early stages of user adoption. One of the biggest challenges here is the steep learning curve many engineering teams face in implementing the new technology.

To help design teams deliver fully functioning beacons to market quickly, Toshiba has designed a standalone reference design based on the ultra-low power BLE IC, TC35667 and the BLE + NFC combined Tag IC, TC35670. The reference design is presented as a small (17-mm x 20-mm) module. This includes the TC35667FTG as well as oscillators, EEPROM, inbuilt antenna and 1.27-mm pitch connections for testing. Connectivity to an external NFC antenna is made available too (with TC35670). When advertising, the peak power consumption is just 5.9 mA – in deep sleep mode, the module consumes a miserly 0.1 μA. The average power consumption depends on the selected advertising cycle. With 1 second cycle the typical average power consumption lies in the range of 30 μA.

Figure 3: The TC35667FTG-based development kit
measures just 17-mm x 20-mm.

Within the reference design suite are a variety of customer-oriented options. These include the ability to change the IC to support Bluetooth 4.1 (TC35676) or Bluetooth 4.2 (TC35678) with embedded flash memory (instead of external EEPROM) for the application program. Comprehensive support and documentation is available in the form of schematic diagrams, Bills-of-Materials, layout guidelines, Gerber files and antenna patterns. A module solution (made by Panasonic Europe (PAN1760/PAN1761) is available, too. A Toshiba starter kit enables program development and debugging with the help of commercially available C++ debugger software.

Toshiba also offers a Bluetooth Software Development Kit (SDK) – a complete solution that simplifies the use of Toshiba Bluetooth LSIs and significantly reduces time-to-market. The proven solution – which is available free-of-charge from Toshiba´s developer webpage – supports multiple chipsets and platforms including host-based and standalone BLE systems, SPPover BLE profile, and the BLE + NFC combined functionality. The software API supports BLE GATT server and client as well as the GAP central and peripheral function.

Figure 4: The SDK is a fully-featured tool based on established technology.

Minimum design effort is required to configure a beacon to work with any of these standards. The designer simply specifies the data format in a data array then makes a single function call to configure the beacon. A standard C++ debugging environment then compiles and runs the SDK code and the beacon is operational. The integration of any available Beacon standard iBeacon™ (Apple), AltBeacon (Radius Networks), EddystoneTM (Google) and more] is easily possible through the combination with Toshiba´s SDK.

About the author:
Heiner Tendyck is Principal Engineer, System LSI Marketing Department – Wireless Solutions, Toshiba Electronics Europe –  


Linked Articles