Hey Eric- Thanks for the explanation. Since the local communication is not encrypted, it raises a question for me. To me there are two approaches:
We encrypt the communication between the BLE device and the cloud! And then we use HTTPS for the connection between cloud and the mobile application. But, in this way, Cloud can decrypt and see the data passing through it.
During the installation phase, the Application (iOS, Android, etc.) directly handshake with the BLE device and agree on a key (End-to-END). In this approach, even the cloud cannot decrypt the packages between BLE device and the mobile application.
Could you please let me know which approach is deployed?
May I also ask, what library is used for handshaking and encryption? Is it ECDH and AES? I understand that WolfSSL provides a library for that. But I am not sure how did you implement it in your code (Nordic BLE module, Cloud, and Mobile Application).
How many shared-key be stored in the BLE device? Is there any limitation?