TiToken is an authentication token that is immune to key loggers and other types of sniffers. It achieves this immunity by holding several passowrds each as an answer to a specific challenge by the web site. When connecting to the site that supports TiToken, the user will be asked by the browser to choose a BLE device. Once selected, the site will wait till the user will approve authentication by clicking on the TiToken button. Then the site will read the user name, send the appropriate challenge and read the password. If the user name, challenge and password are correct it will accept the user. The user name, challenge and passwords are stored as part of the program and cannot be changed.
The CC2650 launchpad is programmed as a BLE (Bluetooth low energy) server with one custom service that is called Password Service. There are three characteristics for this service: UserName, PasswordID and Password. PasswordID is writeable and the other two are notifiable (and readble). When client wants to authenticate it needs to register to user name notifications. Once the user clicks on the button the user name is sent to the client which can then formulate the challenge. The challenge should be written to PasswordID characteristic. Once written the corresponding password will be written to Password characteristic (and the client will be notified).
The sekelaton of this project was generated using Bluetooth Developer Studio with texas instruments BLE plugin. This tool generates skeleton code that handles BLE communication. In ProjectZero_init we register to button click and initiates the state to NotApproved. The application has three states: NotApproved, PendingAproval and Approved. Once a client connects it changes the state to PendingApproval, this is done in function user_processGapStateChangeEvt. It also resets all characteristics so that new client won't be able to read them. Once the user clicks on a button the state is changed to Approved. And the user name is written to the UserName characteristic. Once PasswordID is written by the client, user_TipasswordService_ValueChangeHandler will be raised by the generated code. I use it to change the password to the correct password. When a button is clicked it starts a SWI which in trun enqueue a message (user_enqueueCharDataMsg) that the application message loop (ProjectZero_taskFxn) will read and act upon. In our case it's changes the value of the UserName characteristic.