blukiiSK Framework Reference

About blukiiSK Framework

blukiiSK stands for blukii(S)mart(K)ey Framework. You can add user-friendly and secure authentication for the usage of secret areas in your application with blukii SmartKey’s.

What is a blukii “SmartKey”?

To start, a SmartKey is based on the blukii hardware platform. It is developed by Schneider Schreibgeräte GmbH in Germany. Schneider Schreibgeräte GmbH also created the blukii SmartKey concept. Using the blukii SmartKey it is particularly comfortable and reliable to implement a high security two factor authentication. A person who wants authentification to use a tablet computer is a prime example. The user carries a blukii SmartKey and wants to use a tablet (an Apple iPad in this case) as shown in the following drawing.

Picture of a two factor authentication

The first step of the two factor authentication is initiated by the user entering either a PIN or the user name and password into the app. Now the app establishes a Bluetooth Low Energy connection with the blukii SmartKey and verifies the authenticity of the user input. Access to the sensitive app contents is granted only if the authentication challenge (which is initiated by the application) is successful. Additionally a proximity check can be used. In case the user carrying the blukii SmartKey has moved too far away the app automatically locks the sensitive contents.

Security level

You can choose from three different security levels for your SmartKey.

Level 1 - Convenience (Low security)

This security level gives kind of a proximity switch functions to the SmartKey. The authentication depends on the ID of the SmartKey (Bluetooth-Address) which is sent in the advertising data. The connection mode in this security level is generally non connectable. To change the advertising or connection parameter you will have to put the SmartKey in the service mode which means that the connection mode will be set to connectable for the first 30 seconds after power up.

You can use your SmartKey easily with several master devices in this security level.

Level 2 - Pairing (Medium security)

Assuming that the configuration will be done in a tap-proof environment, this security level offers a higher security than the convenience level.

The SmartKey and the master device will be paired via the Bluetooth Pairing/Bonding. According to the pairing you have to choose a 6 digit pairing key which must be set during the configuration. The user of the SmartKey has to type this pairing key once during the first authentication process. The connection mode is always connectable with this security level.

You can use your SmartKey with this security level on several master devices when you share the choosen pairing key to the users of the master devices.

Level 3 - Secure (High security)

Assumed that the configuration will be done in a tap-proof environment, this security level offers a much higher security than the pairing level.

Like in security level pairing the SmartKey and the master device will be paired via Bluetooth Pairing/Bonding. The difference between the pairing level and the secure level is the additionally encrypted (AES128) communication between the SmartKey and the master device. The authentication process in this security level is based on a multiple step challenge/response authentication protocol. The connection mode is always connectable with this security level.

You can use your SmartKey only on one master device with this level. If needed it’s possible to build your custom framework with an admin/user infrastructure to share encryption keys. If you need to do something like that feel free to contact us to get the SmartKey’s firmware documentation.

How to use the framework

The following steps will help you with the first usage of the blukiiSK Framework. There is also a swift sample application in the download section below.

Initialize

First step is to get the shared SKManager object with the following method:

+(id)sharedManager;

If you got the shared object you have to set the delegate:

@property id SKManagerDelegate delegate;

At this point the SKManager is ready for further communication with SmartKeys.

Searching close SmartKeys

You have to start a request with the following method to get the SmartKeys nearby:

-(BOOL)requestSmartKeysWithTimeout:(int)ms repeated:(bool)repeat;

As result the SKManager will invoke the related delegate method depending on the timeout period you chose with the parameter ms.

-(void)SKManagerDidReceiveSmartKeys:(NSArray*)keys;

All SmartKeys which were found in the given timeout period will be included in the array keys as instances of the class SmartKey. You have to pick the desired SmartKey out of the array to handle the next steps.

Preparation

In order to connect and communicate with the SmartKey you picked from the array with the found SmartKeys you will have to link it to the SKManager.

-(SKManagerStatusCodes)linkSmartKey:(SmartKey*)sk;

Once your SmartKey is linked to the SKManager your SmartKey will not longer appear in the array of found SmartKeys after the call of the request method. Instead you will get a invocation of the delegate method:

-(void)SKManagerDidFindLinkedSmartKey:(SmartKey*)linkedKey;

Each time you start a search request and your linked SmartKey is around.

Configuration

At first you have to choose the desired security level for your application.

After you chose the security level of the SmartKey for your application the next step is to start the configuration and establish a connection. In order to do that call the connect method. Before calling it you should keep in mind that it’s necessary to put the SmartKey in the service mode before the configuration. (service mode means the first 30 seconds after power up):

-(SKManagerStatusCodes)connectToSmartKey:(BOOL)powerSaving;

As result, when the SmartKey is ready for further communication, the SKManager will invoke the delegate method:

-(void)SKManagerLinkedSmartKeyReady;

In that case you are able to call one of the following configuration methods.

To configurate the SmartKey in the convenience mode:

-(SKManagerStatusCodes)configurateConvenienceMode;

To configurate the SmartKey in the pairing mode:

-(SKManagerStatusCodes)configuratePairingModeWithPairingKey:(SKPairingKey*)key;

To configurate the SmartKey in the secure mode:

-(SKManagerStatusCodes)configurateSecureModeWithPairingKey:(SKPairingKey*)key;

The SKManager will invoke the following delegate method as result of the configuration request.

-(void)SKManagerDidFinishConfiguration:(BOOL)successful;

Authentication

If you have successfully done the configuration steps with the SmartKey you are ready to do the authentication steps in your application.

For a SmartKey with the security level convenience you have to start a search request:

-(BOOL)requestSmartKeysWithTimeout:(int)ms repeated:(bool)repeat;

Call the following method if the SmartKey has security level pairing or secure:

-(SKManagerStatusCodes)initiateAuthenticationChallenge;

The SKManager will invoke the following delegate method as result of the authentication process in the case of pairing and securing SmartKeys or if the linked SmartKey could be found during the search period in case of convenience.

-(void)SKManagerDidUpdateAuthenticationState:(SKManagerAuthenticationStates)state;

Reset

Once you have configured the SmartKey it’s recommended to reset the configuration before you want to change the security level. To do that you have to set the SmartKey in the service mode. First (take the battery out, wait 10 seconds, put back the battery). Now you can call the following reset method:

-(SKManagerStatusCodes)resetConfig;

As result the following delegate method will be invoked from the SKManager.

-(void)SKManagerDidResetSmartKeyConfig:(BOOL)successful;

Downloads

Release Notes

  • 1.0
    • Initial Release.