使用挑战 - 响应方案进行身份验证

嗨razp，

You have to be more specific to your requirements, the security provided by the BLE specification is standard and all the schemes that the BLE offers are supported by the SDK, i am not able to tell what do you mean exactly by challenge-response authentication scheme and what your requirements are.

Summing up a few things regarding the security overview in order to give you some guidance. If you activate the BLE security that means that your devices in order to exchange data they will have to go through the pairing procedure. So that means that in order to initiate the pairing either your peripheral will send a security request to the central upon connection or the devices will connect and if the master of the connection attempts to read or write at a secured characteristic the access will be denied so will have to go through the pairing method (exchange the required keys for subsequent connections) or he will have to go through encryption (in case the devices were previously paired, check if the keys that are present on the devices match).

BLE规范定义了3个安全级别，没有安全性，安全级别1和2.在安全级别1（我认为最适合您想要做的内容），您有两个选项，与加密和经过认证的配对进行加密，安全性1对BLE规范的加密认证配对意味着您必须为您的设备设置PIN或OOB数据代码，以便访问它并通过配对过程，因此BLE规范的身份验证是知道谁是谁在配对过程中另一侧的设备。一般而言，即使您使用Just Works方法（没有密钥条目），您只需与随机设备配对，您将能够实现挑战 - 响应身份验证方案，因为在每个后续连接上您将能够丢弃每个设备这不介绍在加密请求尝试中存储在外围设备中的EDIV和RAND键，以便重新恢复您存储的绑定数据。

在SDK和示例中，在某些示例中，您描述的方案在某些示例中没有完全实现，当您定义CFG_APP_Security时，包括安全处理程序（User_callback_config.h文件.app_pairing_request，.app_on_tk_exch_nomitm等）和函数在user_config.h文件中设置.security_request_scenario成员在user_config.h文件中，安全请求将发送到中央，设备通过配对过程，但您需要额外的实现来拒绝访问将请求连接的其他中心您必须设置安全设置。完整的安全示例是上面指示的例子。

由于MT_dialog