A Bluetooth® mesh network is like an exclusive club. If you’re a member of the club, you can enter the club and make use of those facilities and services which your membership type allows. If you’re not, you aren’t allowed through the front door, no matter what you say.

A Bluetooth mesh device is either a member of a particular Bluetooth mesh network, or it is not. If it is a member, it has the right to communicate, in at least a basic way, with other devices that are also members of that network. If it’s not a member, then anything and everything that device transmits will be ignored by other devices in the network.

A Bluetooth mesh device can be thought of as having a membership type as well, like having access to specific club amenities (gym, golf course, etc.), but not the entire club. It can only fully interact with certain devices in the network. The concept governing this is that of the application. For example, a Bluetooth mesh light switch can switch Bluetooth mesh lights on or off in the network as a consequence of each of those devices being part of the lighting application. The light switch cannot switch on the heating system because the heating system is not part of the lighting application.

For a device to become a member of a Bluetooth mesh network, it must be added to the network using a secure process called provisioning.


Security is central to Bluetooth® mesh networking and we’ll cover the subject in detail later in this series. Adding or removing a device to/from a Bluetooth mesh network are both processes which have security requirements at their very heart.

Bluetooth mesh networking uses a system of different security key types to secure the network as a whole, as well as to secure and separate individual applications within the network. Being a member of a network and having the right to participate in a particular application is, in both cases, a consequence of a device possessing the right security keys. All nodes in a network possess a key called the network key or NetKey. It is possession of this key which makes a device a member of that network, i.e. one of its nodes.


Earlier in the Bluetooth® Mesh Networking Series, we introduced the formal, technical terms device and node. You may recall that a device which is a member of a mesh network is called a node and one which is not is called a device. I’ll now use “Device” with an uppercase “D” to denote a device which is not yet part of a mesh network and continue to use “device” as I have been so far, to mean an electronic item in the more general, informal sense.

The Provisioner

Provisioning transforms a humble device into a node, a full-fledged member of a Bluetooth mesh network. The process is accomplished using an application, which is typically provided by product manufacturers for use on smartphones or tablets, but may take other forms, such as desktop or web applications.

The device running the provisioning application is called the provisioner. The provisioner must be physically secure, as it has a very special role to play.

The Provisioning Protocol

During provisioning, the provisioner and the Device to be provisioned communicate using a Bluetooth® mesh protocol called the provisioning protocol. The provisioner may use the provisioning protocol over either of the PB-ADV or PB-GATT bearers[i], ensuring that provisioner applications may be implemented on older smartphones, only requiring that they have support for Bluetooth Low Energy (LE) and GATT.

Adding a New Device to the Network

Adding a device to the network is largely concerned with providing it with the network key which all the other nodes of that network possess. And of course, that process must itself be secure so that malicious devices cannot eavesdrop on the communication which takes place whilst adding the new device and steal the NetKey.

When a new device is purchased and it needs to be added to an existing Bluetooth mesh network, users will employ the provisioner, together with instructions from the manufacturer of the new device, to add it to the Bluetooth mesh network.  This transforms the new device into a node and member of the Bluetooth mesh network.

The process involves several steps, depicted in the flow chart below.

The provisioning process

Step 1. Beaconing

The Bluetooth mesh network specification has introduced new GAP AD Types, including the <<Mesh Beacon>> AD Type[ii].

A device indicates its availability to be provisioned by using the <<Mesh Beacon>> AD type to advertise itself as an unprovisioned device. The user might need to start the new device advertising in this way by following a procedure described by the manufacturer, such as pressing a combination of buttons or holding down a button for a certain length of time.

The user will also start the “Add Device to Network” process within the provisioner, and this will cause it to receive the advertising packets from the beaconing device. Remember that the provisioner is likely to be a smartphone or tablet application, so in practical terms, this involves unlocking the smartphone, launching the application, perhaps logging into the app (for extra security) and employing its user interface to initiate looking for beaconing devices. In this way, the provisioner becomes aware of the new device and its readiness to go through the remainder of the provisioning process.

Step 2. Invitation

Next, the provisioner sends an invitation message to the device to be provisioned. The invitation takes the form of a provisioning Invite PDU, which is part of the provisioning protocol. The beaconing device responds with information about itself in a Provisioning Capabilities PDU.

The Provisioning Capabilities PDU provides information such as the number of elements it has and the provisioning-related algorithms it supports. It also indicates the types of input and output capabilities the device has, information which is used in the authentication step.

Step 3. Exchanging Public Keys

All Bluetooth® mesh devices, including the provisioner, support the FIPS P-256 Elliptic Curve Algorithm and therefore must have a public key. Asymmetric cryptography, based on this algorithm, is used to create a secure channel over which to perform the remainder of the provisioning process. To this end, the provisioner and device exchange their public keys. Note that the device may provide its public key via an out-of-band method, such as a QR code. We’ll focus on mesh security, including provisioning security, in a later article.

Step 4. Authentication

The provisioner makes use of its knowledge of the new device’s capabilities and sends a message to it, which instructs it to output either a single or multi-digit value in response to one of various supported user actions, such as pressing a button. The form that the value takes when output will vary, according to the device. One device might display a three-digit, numeric value on an LED panel while another might flash a red LED a number of times, the number of flashes being the output authentication value. The user of the provisioner will observe the value output by the device and enter it into the provisioner user interface.

The device and provisioner then exchange a cryptographic hash, derived from data which includes the random value which was output by the device, allowing them to complete the authentication of their peer.

Step 5. Distribution of the Provisioning Data

After authentication has successfully completed, a session key is derived by each of the two devices from their private keys and the exchanged, peer public keys. The session key is then used to secure the subsequent distribution of the data required to complete the provisioning process, including a NetKey and a unique address for the device, known as the Unicast Address.

After provisioning has completed, the provisioned device possesses the network’s NetKey, a Bluetooth® mesh security parameter known as the IV Index and it has a Unicast Address, allocated by the provisioner. The new device is now officially a node and a member of the Bluetooth mesh network.TU

Removing a Node from the Network

There will come a time when a node of a Bluetooth® mesh network needs to be removed. The device might have broken and needs replacing or it might need to be moved to another Bluetooth mesh network in another of the company’s offices in a different city. Equally, the device might have been sold with the expectation that the new owner will add the device to their own Bluetooth mesh network, using the provisioning process described above.

If a device malfunctions and cannot be repaired, you might be tempted to simply throw it in the trash. If you sell a device to someone, you could equally be tempted to simply take the money and forget about your old device. That would be unwise, however.

Nodes contain security keys which they were provided with through the provisioning process. Remember, that it is possession of the main NetKey which determines that a device is a member of a network and therefore has access to it. Leaving the keys relating to your Bluetooth mesh network inside a device when you throw it away or sell it could leave your network vulnerable to a trash can attack. Therefore, a secure procedure for removing nodes, which eliminates this concern, has been defined and will be described here.

Removing a node from a network involves two steps. First, the provisioner application is used to add the node to be removed to a reject list. Second, a process called the key refresh procedure is initiated.

The Reject List

Using the provisioner, the user must add the node to be removed to its reject list. The purpose of the reject list is simply to act as a list of those nodes which must not be issued with new security keys when the Key Refresh Procedure is initiated.

The Key Refresh Procedure

The key refresh procedure results in all nodes in the network, except for those which are members of the reject list, being issued with new network keys, application keys and all related, derived data. In other words, the entire set of security keys which form the basis for network and application security are replaced.

The user initiates key refresh using the provisioner and the provisioner creates and sends new keys to every node in the mesh network using configuration messages, except for those which are members of the reject list.

Low-power nodes will receive the new keys from their friend. As such, it may be some considerable time before they receive them and therefore, for the whole network to have its keys replaced.

Due to the fact that every Node will not receive its new keys at exactly the same time, the Key Refresh Procedure defines a transition period known as “Phase 2”, during which both the old keys and the new keys are used. Specifically, transmission uses the new keys, but nodes that support receiving messages use both the old and the new keys.

The provisioner informs all nodes that they should revoke the old keys when Phase 2 has completed and each node that is not reject listed has received its new keys.

At this point, the node which was removed from the network and which contains an old NetKey and an old set of AppKeys is no longer a member of the network and consequently, poses no threat.


Security is at the very core of the design of Bluetooth mesh networking technology. We’ve seen how this has manifested itself in those most fundamental of network management scenarios, adding new devices to the Bluetooth mesh network and removing them.

If that’s whetted your appetite for more information on Bluetooth® mesh network security, you’ll enjoy the next in our series of Bluetooth mesh articles where we give you a detailed tour of some of the most important Bluetooth mesh security features.


Bluetooth Mesh Models: A Technical Overview

In this detailed technical paper, Martin Woolley provides a guided tour of the Bluetooth mesh models, taking an in-depth look at building blocks critical to Bluetooth mesh interoperability.


2021 Bluetooth Market Update

Supported by updated forecasts from ABI Research and insights from several other analyst firms, the Bluetooth Market Update highlights the latest Bluetooth trends and forecasts.

Qualified Bluetooth Mesh - Unlocking the Value of the Building

Facilities managers are growing increasingly conscious that the buildings they manage need to be…

The Largest Bluetooth Mesh Lighting Control Installation in the World!

The project itself consisted of 3,685 Bluetooth mesh McWong TruBlu lighting controllers (installed in…

Is Remote IOP Testing Here To Stay?

Like many organizations around the world, the Bluetooth Special Interest Group (SIG) has made…

Bluetooth® Talks: Bluetooth Technology for Lighting

In this webinar UL and the Bluetooth Special Interest Group (SIG) explore: Market trends…

Bluetooth 5.2新機能のポイントを10分で解説!(日本語字幕)

この動画では2020年1月に発表されたBluetoothバージョン5.2新機能の概要を中心に話します。Enhanced Attributeプロトコル(EATT)、LE Power Control (LEPC)、Isochronous (アイソクロナス)チャネルなど、これらの各機能について詳しく説明します。最後に、アイソクロナスチャネルを利用した「LE Audio」と呼ばれる次世代のBluetoothオーディオについて日本語翻訳付きで解説します。

HubSense Effortlessly Turns An Existing Installation Into An Intelligent New Light Management System

When the antiquated lighting system in an office building in Kolding, Denmark, was no…

Intelligent Light solutions for the Albrecht Dürer Exhibition

Today, we are living in a world where smart is the new normal, and…

Bluetooth Mesh for Building Automation Demo

Discover how you can extend Bluetooth connectivity with TI Bluetooth Mesh in this demo. …

The Bluetooth Internet Gateway Study Guide

According to the ABI report Installed Base of IoT Devices by Connectivity Technology, published…

Designing and Developing Bluetooth® Internet Gateways

Design and implement your own Bluetooth® Internet Gateway (BIG) working prototype and see for yourself how BIGs allow applications to exchange data with Bluetooth devices from anywhere in the world.

Understanding Reliability in Bluetooth® Technology

Download this detailed discussion of the issues and factors that impact the reliability of…

Bluetooth Mesh Networking Highlights and Features

This white paper provides an overview of the Bluetooth Mesh Profile and highlights some…

Energy and Cost Savings at Pioneer Markets in Mariposa and Waterford, California

Pioneer market is a family owned grocery business operating in Mariposa, California and Waterford,…

Building a Sensor-Driven Lighting Control System Based on Bluetooth® Mesh

A technical examination of which Bluetooth mesh models to use in different types of…

What is Bluetooth Mesh? | Tech Chats - with Cypress Semiconductor

Chris Anderson chats with Michael Shen of Cypress Semiconductor about Bluetooth mesh, covering a…

Multi-vendor Bluetooth Mesh SSL projects benefit warehouse and factory settings

Yamaha warehouse and Crystal bottled water facility leverage Bluetooth Mesh to slash energy use…

Bluetooth mesh models: The building blocks for interoperable products

Bluetooth® technology is a wireless standard with agreed, formal specifications that support global interoperability…

How to Deploy BlueZ on a Raspberry Pi Board as a Bluetooth Mesh Provisioner

This step-by-step study guide will teach you: How to rebuild the kernel on a…

2020 Bluetooth Market Update

Supported by updated forecasts from ABI Research and insights from several other analyst firms, the Bluetooth Market Update highlights the latest Bluetooth trends and forecasts.

The Bluetooth LE Security Study Guide

Learn about fundamental security concepts, the security features of Bluetooth Low Energy, and gain some hands-on experience using those features in device code.

2019 Bluetooth Market Update

Supported by updated forecasts from ABI Research and insights from several other analyst firms, the Bluetooth Market Update highlights the latest Bluetooth trends and forecasts.

Lighting as a Platform

See how connected lighting systems are being used as a platform to enable advanced building services like wayfinding, asset tracking, and space utilization to improve the ROI of smart building investments.

Build a Smarter Building with Blue

See how Bluetooth increases reliability, reduces costs, and enhances your smart building ROI.

Overview – Bluetooth Mesh Networking

A quick overview outlining how Bluetooth mesh uniquely meets the reliability, scalability, and security requirements of commerical and industrial markets.