Why CBAP?
Fast and Secure Connection Between Thousands of Devices
Eliminates manual intervention which not only speeds up the authentication process but also improves security by mitigating human error.
Ensures the Device is From a Trusted Manufacturer
Enables one-way (phone-to-device) or two-way (device-to-device) authenticated connections only with a trusted manufacturer.
Proof of Identity
and Eligibility
Matches identity of the device and checks eligibility through stored authentication certificate.
Pairing with CBAP ensures authenticated communication, minimizing man-in-the-middle threats.
Parameter | Just Works | Numerical Comparison / Passkey | OOB | CBAP |
Manual Intervention | None | Visual comparison of numbers | Physical proximity between devices | None |
Security Level | Low | High | High | Very High |
Man-in-the-Middle Protection | None | Yes | Yes | Yes |
Counterfeit Protection | None | None | None | Present |
Automation | Possible | Not Possible | Not Possible | Possible |
Back Channel for Authentication | Not Possible | Not Possible | Required | Not Required |
Cost of Large-scale Operation | Low | High | High | Low |
Silicon Labs CBAP Solutions
Silicon Labs is an industry leader in Bluetooth LE solutions, and we can help you implement Certificate Based Authentication and Pairing to ensure top-tier security for your devices without requiring any user interaction. Currently, certificate-based authentication and pairing is supported on Secure Vault-High and Secure Vault-Mid devices.
Secure Vault-High
Secure Vault-Mid Devices through TrustZone
How is CBAP Implemented?
1. The authenticator device verfies that the target device comes from a trusted manufacturer by authenticating its device certificate using the CA certificate.
2. The devices begin OOB pairing with data sent from the target device signed by private key and authenticated using the public key in the device certificate.
3. Pairing completes successfully with authenticated, encrypted communication between devices.
CBAP with CPMS
CBAP enabled devices can utilize certificates injected by CPMS during manufacturing.
Learn how Silicon Labs can help customize your wireless hardware and MCUs with advanced security and unique certificates using Custom Part Manufacturing Service (CPMS).
Application Note
Certificate-Based Bluetooth Authentication and Pairing
This application note describes the theoretical background of certificate-based authentication and pairing, and demonstrates the usage of the related sample applications that can be found in Silicon Labs’ Bluetooth SDK.