Bluetooth Security Modes

Security Mode 1

If a BT>/= 2.1 device is pairing with a BT</= 2.0 device, it falls back to BT 2.0 compatibility mode and behaves the same as BT 2.0. If both devices are BT >/= 2.1, Secure Simple Pairing must be used according to the BT spec.

Security Mode 2

If a BT >/= 2.1 device is pairing with a BT </= 2.0 device, it falls back to BT 2.0 compatibility mode and behaves the same as BT 2.0. If both devices are BT >/= 2.1, Secure Simple Pairing must be used according to the BT spec.

Security Mode 3

If a BT >/= 2.1 device is pairing with a BT </= 2.0 device, it falls back to BT 2.0 compatibility mode and behaves the same as BT 2.0. If both devices are BT >/= 2.1, Secure Simple Pairing must be used according to the BT spec.

Security Pairing 4: Simple Secure Pairing

Simple Secure Pairing: a new security architecture introduced supported in BT >= 2.1. Service-level enforced, similar to mode 2. Mandatory when both devices are BT >= 2.1. There are four association models currently supported by mode 4. Security requirements for services must be classified as one of the following: authenticated link key required, unauthenticated link key required, or no security required. SSP improves security through the addition of ECDH public key cryptography for protection against passive eavesdropping and man-in-the-middle (MITM) attacks during pairing.

Numeric Comparison	Just Works
Designed for situation where both devices are capable of displaying a six-digit number and allowing user to enter “yes” or “no” response. During pairing, user enters “yes” if number displayed on both devices matches to complete pairing. Differs from the use of PINs in legacy (BT<=2.0) pairing because the number displayed for comparison is not used for subsequent link key generation, so even if it is viewed or captured by an attacker, it could not be used to determine the resulting link or encryption key.	Designed for situation where one (or both) of the pairing devices has neither a display nor keyboard for entering digits (for example, Bluetooth headset). It performs authentication step 1 in the same manner as as numeric comparison, but you cannot verify that both values match, so MITM (man-in-the-middle) protection is not provided. This is the only model in SSP that does not provide authenticated link keys.

Numeric Comparison

Just Works

Designed for situation where both devices are capable of displaying a six-digit number and allowing user to enter “yes” or “no” response. During pairing, user enters “yes” if number displayed on both devices matches to complete pairing. Differs from the use of PINs in legacy (BT<=2.0) pairing because the number displayed for comparison is not used for subsequent link key generation, so even if it is viewed or captured by an attacker, it could not be used to determine the resulting link or encryption key.

Designed for situation where one (or both) of the pairing devices has neither a display nor keyboard for entering digits (for example, Bluetooth headset). It performs authentication step 1 in the same manner as as numeric comparison, but you cannot verify that both values match, so MITM (man-in-the-middle) protection is not provided. This is the only model in SSP that does not provide authenticated link keys.

Each mode, except for Just Works, has Man-In-The-Middle (MITM) protection, meaning no third device can view the data being passed between the two devices involved. The SSP mode is usually negotiated automatically based on the capabilities of both the controller and follower. Lower security modes can be disabled via the

bluetooth.minimum_security_mode

. The

bluetooth.minimum_security_mode

SGD sets the lowest security level at which the printer establishes a Bluetooth connection. The printer always connects at a higher security level if requested by the controller device. To change the security mode and security settings in the ZQ630 Plus printer, use Zebra Setup Utilities.