Controller privacy
To enable or disable Controller Privacy, the following API may be used:
bleResult_t **Gap\_EnableControllerPrivacy**
(
bool_t enable,
const uint8_t * aOwnIrk,
uint8_t peerIdCount,
const gapIdentityInformation_t* aPeerIdentities
);
When enable is set to TRUE, aOwnIrkparameter shall not be NULL, peerIdCount shall not be zero or greater than gMaxResolvingListSize_c, and aPeerIdentities shall not be NULL.
The IRK defined by aOwnIrk is used by the Controller to periodically generate a new Resolvable Private Address (RPA). The lifetime of the RPA is a number of seconds contained by the gGapControllerPrivacyTimeoutexternal constant, which is defined in the ble_config.c source file. The default value for this is 900 (15 minutes).
The aPeerIdentities is an array of identity information for each bonded device. The identity information contains the device’s identity address (public or random static address) and the device’s IRK. This array can be obtained from the Host with the Gap_GetBondedDevicesIdentityInformationAPI.
Enabling Controller Privacy involves a quick sequence of commands to the Controller. When the sequence is complete, the gControllerPrivacyStateChanged_c generic event is triggered.
Privacy mode
In Bluetooth LE 5.0, the privacy mode has been introduced as an optional feature and is part of the GAP identity structure together with the address and address type. There are two modes: Network Privacy Mode (default) and Device Privacy Mode. These are valid only for Controller Privacy.
A device in network privacy mode only accepts packets from peers using private addresses.
A device in device privacy mode also accepts packets from peers using identity addresses, even if the peer had previously distributed the IRK. Private addresses are also accepted.
The privacy mode of a device is stored in NVM together with the IRK with a default value of Network. If the application wants to change this value it can extract the peer identities, modify the privacy mode from network to device and then enable Controller Privacy with the value.
To change the privacy mode of a device and make the change persistent, the user must call the following API:
bleResult_t **Gap\_SetPrivacyMode **
(
uint8_t nvmIndex,
blePrivacyMode_t privacyMode
);
Parent topic:Controller privacy
Scanning and initiating
When a Central device is scanning while Controller Privacy is enabled, the Controller actively tries to resolve any RPA contained in the Advertising Address field of advertising packets. If any match is found against the peer IRK list, then the advertisingAddressResolved parameter from the scanned device structure is set to TRUE.
In this case, the addressType and aAddress fields no longer contain the actual Advertising Address as seen over the air, but instead they contain the identity address of the device whose IRK was able to resolve the Advertising Address. In order to connect to this device, these fields shall be used to complete the peerAddressType and peerAddress fields of the connection request parameter structure, and the usePeerIdentityAddress field shall be set to TRUE.
If advertisingAddressResolved is equal to FALSE, then the advertiser is using a Public or Random Static Address, an NRPA, or a RPA that could not be resolved. Therefore, the connection to this device is initiated as if Controller Privacy was not enabled, by setting usePeerIdentityAddress to FALSE.
Parent topic:Controller privacy
Advertising
When a Peripheral starts advertising while Controller Privacy is enabled, the ownAddressType field of the advertising parameter structure is unused. Instead, the Controller always generates an RPA and advertises with it as Advertising Address.
If directed advertising is used, the Host only allows advertising to a device in the resolving list in order to be able to generate RPAs.
Parent topic:Controller privacy
Connected
When a device connects while Controller Privacy is enabled, the gConnEvtConnected_c connection event parameter structure contains more relevant fields than without Controller Privacy.
The peerRpaResolved field equals TRUE if the peer was using an RPA that was resolved using an IRK from the list. In that case, the peerAddressType and peerAddressfields contain the identity address of the resolved device, and the actual RPA used to create the connection (the RPA that a Central used when initiating the connection, or the RPA that the Peripheral advertised with) is contained by the peerRpa field.
The localRpaUsedfield equals TRUE if the local Controller was automatically generating an RPA when the connection was created, and the actual RPA is contained by the localRpa field.
Parent topic:Controller privacy
Parent topic:Privacy feature