From ffc2d37d263a1df4cea73ee93e6f4608c1bb56c9 Mon Sep 17 00:00:00 2001
From: Milanka Ringwald <mila@ringwald.ch>
Date: Mon, 23 Nov 2020 10:04:26 +0100
Subject: [PATCH] docu: document LE security authentication models

---
 .../docs/picts/le_security_flow_control.txt   | 154 ++++++++++++++++++
 ..._flow_control_mandatory_authentication.svg |  31 ++++
 ..._flow_control_proactive_authentication.svg |  34 ++++
 ...y_flow_control_reactive_authentication.svg |  51 ++++++
 4 files changed, 270 insertions(+)
 create mode 100644 doc/manual/docs/picts/le_security_flow_control.txt
 create mode 100644 doc/manual/docs/picts/le_security_flow_control_mandatory_authentication.svg
 create mode 100644 doc/manual/docs/picts/le_security_flow_control_proactive_authentication.svg
 create mode 100644 doc/manual/docs/picts/le_security_flow_control_reactive_authentication.svg

diff --git a/doc/manual/docs/picts/le_security_flow_control.txt b/doc/manual/docs/picts/le_security_flow_control.txt
new file mode 100644
index 000000000..4e962d7c3
--- /dev/null
+++ b/doc/manual/docs/picts/le_security_flow_control.txt
@@ -0,0 +1,154 @@
+@startuml
+start
+: A connects to B;
+: App triggers GATT Client request on A;
+if (called gatt_client_set_required_security_level) then (yes)
+
+  if (LTK available) then (yes)
+     : start encryption;
+  else (no)
+     : start pairing;
+  endif
+  if (paired/re-encrypted) then (yes)
+     : GATT Client request sent;
+     #23DB2B : App receives GATT Response;
+     stop
+  else (no)
+     #FD5B41 : App receives a GATT Client error;
+     stop
+  endif
+endif
+
+if (ENABLE_LE_PROACTIVE_AUTHENTICATION and LTK available) then (yes)
+  : starts encryption;
+  if (re-encrypted) then (yes)
+     : GATT Client request sent;
+     #23DB2B : App receives GATT Response;
+     stop
+  else (no) 
+     #FD5B41 : App receives a GATT Client error;
+     stop
+     note left
+        App can delete bonding 
+        information and repeat 
+        the GATT Client request
+     end note
+  endif
+endif
+
+: GATT Client request is sent to GATT Server;
+if (GATT Server returns an 'insufficient x' error) then (yes)
+  if (ENABLE_GATT_CLIENT_PAIRING) then (yes)
+    if (LTK available) then (yes)
+      : start encryption;
+    else (no)
+      : start pairing;
+    endif
+    if (paired/re-encrypted) then (yes)
+      : GATT Client request sent;
+      #23DB2B : App receives GATT Response;
+      stop
+    else (no)
+      #FD5B41 : App receives a GATT Client error;
+      stop
+    endif
+  else (no)
+    #FD5B41 : App receives a GATT Client error;
+    stop
+  endif
+endif
+#23DB2B : App receives GATT Response;
+stop
+@enduml
+
+@startuml
+title Mandatory Authentication
+start
+: App calls gatt_client_set_required_security_level (level > 0);
+: A connects to B;
+: App triggers GATT Client request on A;
+
+if (LTK available) then (yes)
+   : start encryption;
+else (no)
+   : start pairing;
+endif
+if (paired/re-encrypted) then (yes)
+   : GATT Client request sent;
+   #23DB2B : App receives GATT Response;
+   stop
+else (no)
+   #FD5B41 : App receives a GATT Client error;
+   stop
+endif
+@enduml
+
+
+@startuml
+title Proactive Authentication with LTK
+start
+: A connects to B;
+: App triggers GATT Client request on A;
+if (role) then (Central)
+: start encryption;
+else (Peripheral)
+: send security request;
+endif
+if (re-encrypted) then (yes)
+   : GATT Client request sent;
+   #23DB2B : App receives GATT Response;
+   stop
+else (no) 
+   #FD5B41 : App receives a GATT Client error;
+   stop
+   note right
+      App can delete bonding 
+      information and repeat 
+      the GATT Client request
+   end note
+endif
+@enduml
+
+@startuml
+title Reactive Authentication
+start
+: A connects to B;
+: App triggers GATT Client request on A;
+: GATT Client request sent;
+
+if (GATT Server returns an 'insufficient x' error) then (yes)
+  if (ENABLE_GATT_CLIENT_PAIRING) then (yes)
+    if (LTK available) then (yes)
+      : start encryption;
+      if (re-encrypted) then (yes)
+        : GATT Client request sent;
+        #23DB2B : App receives GATT Response;
+        stop
+      else (no)
+        : delete bonding information;
+      endif
+      -> no;
+   endif
+    -> no;
+    : start pairing;
+      if (paired) then (yes)
+        : GATT Client request sent;
+        #23DB2B : App receives GATT Response;
+        stop
+      else (no)
+        #FD5B41 : App receives a GATT Client error;
+        stop
+      endif
+  else (no)
+    #FD5B41 : App receives a GATT Client error;
+    stop
+    note left
+      App can trigger pairing and 
+      repeat the GATT Client request
+    end note
+  endif
+else (no)
+  #23DB2B : App receives GATT Response;
+  stop
+endif
+@enduml
\ No newline at end of file
diff --git a/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication.svg b/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication.svg
new file mode 100644
index 000000000..92df2561a
--- /dev/null
+++ b/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentScriptType="application/ecmascript" contentStyleType="text/css" height="531px" preserveAspectRatio="none" style="width:475px;height:531px;" version="1.1" viewBox="0 0 475 531" width="475px" zoomAndPan="magnify"><defs><filter height="300%" id="fd61dpuvf2moq" width="300%" x="-1" y="-1"><feGaussianBlur result="blurOut" stdDeviation="2.0"/><feColorMatrix in="blurOut" result="blurOut2" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 .4 0"/><feOffset dx="4.0" dy="4.0" in="blurOut2" result="blurOut3"/><feBlend in="SourceGraphic" in2="blurOut3" mode="normal"/></filter></defs><g><text fill="#000000" font-family="sans-serif" font-size="18" lengthAdjust="spacingAndGlyphs" textLength="243" x="115" y="26.708">Mandatory Authentication</text><ellipse cx="229.75" cy="40.9531" fill="#000000" filter="url(#fd61dpuvf2moq)" rx="10" ry="10" style="stroke: none; stroke-width: 1.0;"/><rect fill="#FEFECE" filter="url(#fd61dpuvf2moq)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="385" x="37.25" y="70.9531"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="361" x="51.25" y="92.0918">App calls gatt_client_set_required_security_level (level &gt; 0)</text><rect fill="#FEFECE" filter="url(#fd61dpuvf2moq)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="119" x="170.25" y="124.9219"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="95" x="184.25" y="146.0605">A connects to B</text><rect fill="#FEFECE" filter="url(#fd61dpuvf2moq)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="254" x="102.75" y="178.8906"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="230" x="116.75" y="200.0293">App triggers GATT Client request on A</text><polygon fill="#FEFECE" filter="url(#fd61dpuvf2moq)" points="191.75,232.8594,267.75,232.8594,279.75,244.8594,267.75,256.8594,191.75,256.8594,179.75,244.8594,191.75,232.8594" style="stroke: #A80036; stroke-width: 1.5;"/><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="76" x="191.75" y="248.6675">LTK available</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="21" x="158.75" y="242.2651">yes</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="14" x="279.75" y="242.2651">no</text><rect fill="#FEFECE" filter="url(#fd61dpuvf2moq)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="119" x="106.5" y="266.8594"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="95" x="120.5" y="287.998">start encryption</text><rect fill="#FEFECE" filter="url(#fd61dpuvf2moq)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="96" x="245.5" y="266.8594"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="72" x="259.5" y="287.998">start pairing</text><polygon fill="#FEFECE" filter="url(#fd61dpuvf2moq)" points="229.75,306.8281,241.75,318.8281,229.75,330.8281,217.75,318.8281,229.75,306.8281" style="stroke: #A80036; stroke-width: 1.5;"/><polygon fill="#FEFECE" filter="url(#fd61dpuvf2moq)" points="172.75,350.8281,286.75,350.8281,298.75,362.8281,286.75,374.8281,172.75,374.8281,160.75,362.8281,172.75,350.8281" style="stroke: #A80036; stroke-width: 1.5;"/><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="114" x="172.75" y="366.6362">paired/re-encrypted</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="21" x="139.75" y="360.2339">yes</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="14" x="298.75" y="360.2339">no</text><rect fill="#FEFECE" filter="url(#fd61dpuvf2moq)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="173" x="26.5" y="384.8281"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="149" x="40.5" y="405.9668">GATT Client request sent</text><rect fill="#23DB2B" filter="url(#fd61dpuvf2moq)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="204" x="11" y="438.7969"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="180" x="25" y="459.9355">App receives GATT Response</text><ellipse cx="113" cy="503.7656" fill="#FFFFFF" filter="url(#fd61dpuvf2moq)" rx="11" ry="11" style="stroke: #000000; stroke-width: 1.0;"/><ellipse cx="113" cy="503.7656" fill="#000000" rx="6" ry="6" style="stroke: #7F7F7F; stroke-width: 1.0;"/><rect fill="#FD5B41" filter="url(#fd61dpuvf2moq)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="223" x="235" y="384.8281"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="199" x="249" y="405.9668">App receives a GATT Client error</text><ellipse cx="346.5" cy="449.7969" fill="#FFFFFF" filter="url(#fd61dpuvf2moq)" rx="11" ry="11" style="stroke: #000000; stroke-width: 1.0;"/><ellipse cx="346.5" cy="449.7969" fill="#000000" rx="6" ry="6" style="stroke: #7F7F7F; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="50.9531" y2="70.9531"/><polygon fill="#A80036" points="225.75,60.9531,229.75,70.9531,233.75,60.9531,229.75,64.9531" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="104.9219" y2="124.9219"/><polygon fill="#A80036" points="225.75,114.9219,229.75,124.9219,233.75,114.9219,229.75,118.9219" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="158.8906" y2="178.8906"/><polygon fill="#A80036" points="225.75,168.8906,229.75,178.8906,233.75,168.8906,229.75,172.8906" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="179.75" x2="166" y1="244.8594" y2="244.8594"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="166" x2="166" y1="244.8594" y2="266.8594"/><polygon fill="#A80036" points="162,256.8594,166,266.8594,170,256.8594,166,260.8594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="279.75" x2="293.5" y1="244.8594" y2="244.8594"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="293.5" x2="293.5" y1="244.8594" y2="266.8594"/><polygon fill="#A80036" points="289.5,256.8594,293.5,266.8594,297.5,256.8594,293.5,260.8594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="166" x2="166" y1="300.8281" y2="318.8281"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="166" x2="217.75" y1="318.8281" y2="318.8281"/><polygon fill="#A80036" points="207.75,314.8281,217.75,318.8281,207.75,322.8281,211.75,318.8281" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="293.5" x2="293.5" y1="300.8281" y2="318.8281"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="293.5" x2="241.75" y1="318.8281" y2="318.8281"/><polygon fill="#A80036" points="251.75,314.8281,241.75,318.8281,251.75,322.8281,247.75,318.8281" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="212.8594" y2="232.8594"/><polygon fill="#A80036" points="225.75,222.8594,229.75,232.8594,233.75,222.8594,229.75,226.8594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="113" x2="113" y1="418.7969" y2="438.7969"/><polygon fill="#A80036" points="109,428.7969,113,438.7969,117,428.7969,113,432.7969" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="113" x2="113" y1="472.7656" y2="492.7656"/><polygon fill="#A80036" points="109,482.7656,113,492.7656,117,482.7656,113,486.7656" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="346.5" x2="346.5" y1="418.7969" y2="438.7969"/><polygon fill="#A80036" points="342.5,428.7969,346.5,438.7969,350.5,428.7969,346.5,432.7969" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="160.75" x2="113" y1="362.8281" y2="362.8281"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="113" x2="113" y1="362.8281" y2="384.8281"/><polygon fill="#A80036" points="109,374.8281,113,384.8281,117,374.8281,113,378.8281" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="298.75" x2="346.5" y1="362.8281" y2="362.8281"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="346.5" x2="346.5" y1="362.8281" y2="384.8281"/><polygon fill="#A80036" points="342.5,374.8281,346.5,384.8281,350.5,374.8281,346.5,378.8281" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="330.8281" y2="350.8281"/><polygon fill="#A80036" points="225.75,340.8281,229.75,350.8281,233.75,340.8281,229.75,344.8281" style="stroke: #A80036; stroke-width: 1.0;"/><!--MD5=[d6a88a69f6170132d7249da8668bdf5d]
+@startuml
+title Mandatory Authentication
+start
+: App calls gatt_client_set_required_security_level (level > 0);
+: A connects to B;
+: App triggers GATT Client request on A;
+
+if (LTK available) then (yes)
+   : start encryption;
+else (no)
+   : start pairing;
+endif
+if (paired/re-encrypted) then (yes)
+   : GATT Client request sent;
+   #23DB2B : App receives GATT Response;
+   stop
+else (no)
+   #FD5B41 : App receives a GATT Client error;
+   stop
+endif
+@enduml
+
+PlantUML version 1.2020.20beta13(Unknown compile time)
+(GPL source distribution)
+Java Runtime: Java(TM) SE Runtime Environment
+JVM: Java HotSpot(TM) 64-Bit Server VM
+Default Encoding: UTF-8
+Language: en
+Country: US
+--></g></svg>
\ No newline at end of file
diff --git a/doc/manual/docs/picts/le_security_flow_control_proactive_authentication.svg b/doc/manual/docs/picts/le_security_flow_control_proactive_authentication.svg
new file mode 100644
index 000000000..288ce405c
--- /dev/null
+++ b/doc/manual/docs/picts/le_security_flow_control_proactive_authentication.svg
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentScriptType="application/ecmascript" contentStyleType="text/css" height="492px" preserveAspectRatio="none" style="width:565px;height:492px;" version="1.1" viewBox="0 0 565 492" width="565px" zoomAndPan="magnify"><defs><filter height="300%" id="fwalz9fe9wo82" width="300%" x="-1" y="-1"><feGaussianBlur result="blurOut" stdDeviation="2.0"/><feColorMatrix in="blurOut" result="blurOut2" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 .4 0"/><feOffset dx="4.0" dy="4.0" in="blurOut2" result="blurOut3"/><feBlend in="SourceGraphic" in2="blurOut3" mode="normal"/></filter></defs><g><text fill="#000000" font-family="sans-serif" font-size="18" lengthAdjust="spacingAndGlyphs" textLength="315" x="124.25" y="26.708">Proactive Authentication with LTK</text><ellipse cx="229.75" cy="40.9531" fill="#000000" filter="url(#fwalz9fe9wo82)" rx="10" ry="10" style="stroke: none; stroke-width: 1.0;"/><rect fill="#FEFECE" filter="url(#fwalz9fe9wo82)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="119" x="170.25" y="70.9531"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="95" x="184.25" y="92.0918">A connects to B</text><rect fill="#FEFECE" filter="url(#fwalz9fe9wo82)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="254" x="102.75" y="124.9219"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="230" x="116.75" y="146.0605">App triggers GATT Client request on A</text><polygon fill="#FEFECE" filter="url(#fwalz9fe9wo82)" points="217.75,178.8906,241.75,178.8906,253.75,190.8906,241.75,202.8906,217.75,202.8906,205.75,190.8906,217.75,178.8906" style="stroke: #A80036; stroke-width: 1.5;"/><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="22" x="218.75" y="194.6987">role</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="41" x="164.75" y="188.2964">Central</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="57" x="253.75" y="188.2964">Peripheral</text><rect fill="#FEFECE" filter="url(#fwalz9fe9wo82)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="119" x="91.25" y="212.8906"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="95" x="105.25" y="234.0293">start encryption</text><rect fill="#FEFECE" filter="url(#fwalz9fe9wo82)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="157" x="230.25" y="212.8906"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="133" x="244.25" y="234.0293">send security request</text><polygon fill="#FEFECE" filter="url(#fwalz9fe9wo82)" points="229.75,252.8594,241.75,264.8594,229.75,276.8594,217.75,264.8594,229.75,252.8594" style="stroke: #A80036; stroke-width: 1.5;"/><polygon fill="#FEFECE" filter="url(#fwalz9fe9wo82)" points="192.75,296.8594,266.75,296.8594,278.75,308.8594,266.75,320.8594,192.75,320.8594,180.75,308.8594,192.75,296.8594" style="stroke: #A80036; stroke-width: 1.5;"/><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="74" x="192.75" y="312.6675">re-encrypted</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="21" x="159.75" y="306.2651">yes</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="14" x="278.75" y="306.2651">no</text><rect fill="#FEFECE" filter="url(#fwalz9fe9wo82)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="173" x="26.5" y="330.8594"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="149" x="40.5" y="351.998">GATT Client request sent</text><rect fill="#23DB2B" filter="url(#fwalz9fe9wo82)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="204" x="11" y="384.8281"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="180" x="25" y="405.9668">App receives GATT Response</text><ellipse cx="113" cy="464.7969" fill="#FFFFFF" filter="url(#fwalz9fe9wo82)" rx="11" ry="11" style="stroke: #000000; stroke-width: 1.0;"/><ellipse cx="113" cy="464.7969" fill="#000000" rx="6" ry="6" style="stroke: #7F7F7F; stroke-width: 1.0;"/><rect fill="#FD5B41" filter="url(#fwalz9fe9wo82)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="223" x="235" y="330.8594"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="199" x="249" y="351.998">App receives a GATT Client error</text><path d="M377.5,384.8281 L377.5,408.5273 L357.5,412.5273 L377.5,416.5273 L377.5,440.2266 A0,0 0 0 0 377.5,440.2266 L553.5,440.2266 A0,0 0 0 0 553.5,440.2266 L553.5,394.8281 L543.5,384.8281 L377.5,384.8281 A0,0 0 0 0 377.5,384.8281 " fill="#FBFB77" filter="url(#fwalz9fe9wo82)" style="stroke: #A80036; stroke-width: 1.0;"/><path d="M543.5,384.8281 L543.5,394.8281 L553.5,394.8281 L543.5,384.8281 " fill="#FBFB77" style="stroke: #A80036; stroke-width: 1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="151" x="383.5" y="401.895">App can delete bonding</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="148" x="383.5" y="417.0278">information and repeat</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="153" x="383.5" y="432.1606">the GATT Client request</text><ellipse cx="346.5" cy="412.5273" fill="#FFFFFF" filter="url(#fwalz9fe9wo82)" rx="11" ry="11" style="stroke: #000000; stroke-width: 1.0;"/><ellipse cx="346.5" cy="412.5273" fill="#000000" rx="6" ry="6" style="stroke: #7F7F7F; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="50.9531" y2="70.9531"/><polygon fill="#A80036" points="225.75,60.9531,229.75,70.9531,233.75,60.9531,229.75,64.9531" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="104.9219" y2="124.9219"/><polygon fill="#A80036" points="225.75,114.9219,229.75,124.9219,233.75,114.9219,229.75,118.9219" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="205.75" x2="150.75" y1="190.8906" y2="190.8906"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="150.75" x2="150.75" y1="190.8906" y2="212.8906"/><polygon fill="#A80036" points="146.75,202.8906,150.75,212.8906,154.75,202.8906,150.75,206.8906" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="253.75" x2="308.75" y1="190.8906" y2="190.8906"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="308.75" x2="308.75" y1="190.8906" y2="212.8906"/><polygon fill="#A80036" points="304.75,202.8906,308.75,212.8906,312.75,202.8906,308.75,206.8906" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="150.75" x2="150.75" y1="246.8594" y2="264.8594"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="150.75" x2="217.75" y1="264.8594" y2="264.8594"/><polygon fill="#A80036" points="207.75,260.8594,217.75,264.8594,207.75,268.8594,211.75,264.8594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="308.75" x2="308.75" y1="246.8594" y2="264.8594"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="308.75" x2="241.75" y1="264.8594" y2="264.8594"/><polygon fill="#A80036" points="251.75,260.8594,241.75,264.8594,251.75,268.8594,247.75,264.8594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="158.8906" y2="178.8906"/><polygon fill="#A80036" points="225.75,168.8906,229.75,178.8906,233.75,168.8906,229.75,172.8906" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="113" x2="113" y1="364.8281" y2="384.8281"/><polygon fill="#A80036" points="109,374.8281,113,384.8281,117,374.8281,113,378.8281" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="113" x2="113" y1="418.7969" y2="453.7969"/><polygon fill="#A80036" points="109,443.7969,113,453.7969,117,443.7969,113,447.7969" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="346.5" x2="346.5" y1="364.8281" y2="401.5273"/><polygon fill="#A80036" points="342.5,391.5273,346.5,401.5273,350.5,391.5273,346.5,395.5273" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="180.75" x2="113" y1="308.8594" y2="308.8594"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="113" x2="113" y1="308.8594" y2="330.8594"/><polygon fill="#A80036" points="109,320.8594,113,330.8594,117,320.8594,113,324.8594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="278.75" x2="346.5" y1="308.8594" y2="308.8594"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="346.5" x2="346.5" y1="308.8594" y2="330.8594"/><polygon fill="#A80036" points="342.5,320.8594,346.5,330.8594,350.5,320.8594,346.5,324.8594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="276.8594" y2="296.8594"/><polygon fill="#A80036" points="225.75,286.8594,229.75,296.8594,233.75,286.8594,229.75,290.8594" style="stroke: #A80036; stroke-width: 1.0;"/><!--MD5=[5e7728d7acfdc65cbf711c0ade9731e4]
+@startuml
+title Proactive Authentication with LTK
+start
+: A connects to B;
+: App triggers GATT Client request on A;
+if (role) then (Central)
+: start encryption;
+else (Peripheral)
+: send security request;
+endif
+if (re-encrypted) then (yes)
+   : GATT Client request sent;
+   #23DB2B : App receives GATT Response;
+   stop
+else (no) 
+   #FD5B41 : App receives a GATT Client error;
+   stop
+   note right
+      App can delete bonding 
+      information and repeat 
+      the GATT Client request
+   end note
+endif
+@enduml
+
+PlantUML version 1.2020.20beta13(Unknown compile time)
+(GPL source distribution)
+Java Runtime: Java(TM) SE Runtime Environment
+JVM: Java HotSpot(TM) 64-Bit Server VM
+Default Encoding: UTF-8
+Language: en
+Country: US
+--></g></svg>
\ No newline at end of file
diff --git a/doc/manual/docs/picts/le_security_flow_control_reactive_authentication.svg b/doc/manual/docs/picts/le_security_flow_control_reactive_authentication.svg
new file mode 100644
index 000000000..573b479cc
--- /dev/null
+++ b/doc/manual/docs/picts/le_security_flow_control_reactive_authentication.svg
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentScriptType="application/ecmascript" contentStyleType="text/css" height="881px" preserveAspectRatio="none" style="width:1101px;height:881px;" version="1.1" viewBox="0 0 1101 881" width="1101px" zoomAndPan="magnify"><defs><filter height="300%" id="fma1tdqeiv4oo" width="300%" x="-1" y="-1"><feGaussianBlur result="blurOut" stdDeviation="2.0"/><feColorMatrix in="blurOut" result="blurOut2" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 .4 0"/><feOffset dx="4.0" dy="4.0" in="blurOut2" result="blurOut3"/><feBlend in="SourceGraphic" in2="blurOut3" mode="normal"/></filter></defs><g><text fill="#000000" font-family="sans-serif" font-size="18" lengthAdjust="spacingAndGlyphs" textLength="223" x="438.25" y="26.708">Reactive Authentication</text><ellipse cx="733.4375" cy="40.9531" fill="#000000" filter="url(#fma1tdqeiv4oo)" rx="10" ry="10" style="stroke: none; stroke-width: 1.0;"/><rect fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="119" x="673.9375" y="70.9531"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="95" x="687.9375" y="92.0918">A connects to B</text><rect fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="254" x="606.4375" y="124.9219"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="230" x="620.4375" y="146.0605">App triggers GATT Client request on A</text><rect fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="173" x="646.9375" y="178.8906"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="149" x="660.9375" y="200.0293">GATT Client request sent</text><polygon fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" points="608.4375,232.8594,858.4375,232.8594,870.4375,244.8594,858.4375,256.8594,608.4375,256.8594,596.4375,244.8594,608.4375,232.8594" style="stroke: #A80036; stroke-width: 1.5;"/><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="250" x="608.4375" y="248.6675">GATT Server returns an 'insufficient x' error</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="21" x="575.4375" y="242.2651">yes</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="14" x="870.4375" y="242.2651">no</text><polygon fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" points="396.375,266.8594,572.375,266.8594,584.375,278.8594,572.375,290.8594,396.375,290.8594,384.375,278.8594,396.375,266.8594" style="stroke: #A80036; stroke-width: 1.5;"/><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="176" x="396.375" y="282.6675">ENABLE_GATT_CLIENT_PAIRING</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="21" x="363.375" y="276.2651">yes</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="14" x="584.375" y="276.2651">no</text><rect fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="119" x="170.25" y="349.2617"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="95" x="184.25" y="370.4004">start encryption</text><polygon fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" points="192.75,418.2305,266.75,418.2305,278.75,430.2305,266.75,442.2305,192.75,442.2305,180.75,430.2305,192.75,418.2305" style="stroke: #A80036; stroke-width: 1.5;"/><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="74" x="192.75" y="434.0386">re-encrypted</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="21" x="159.75" y="427.6362">yes</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="14" x="278.75" y="427.6362">no</text><rect fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="173" x="35.5" y="452.2305"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="149" x="49.5" y="473.3691">GATT Client request sent</text><rect fill="#23DB2B" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="204" x="20" y="506.1992"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="180" x="34" y="527.3379">App receives GATT Response</text><ellipse cx="122" cy="571.168" fill="#FFFFFF" filter="url(#fma1tdqeiv4oo)" rx="11" ry="11" style="stroke: #000000; stroke-width: 1.0;"/><ellipse cx="122" cy="571.168" fill="#000000" rx="6" ry="6" style="stroke: #7F7F7F; stroke-width: 1.0;"/><rect fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="187" x="244" y="452.2305"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="163" x="258" y="473.3691">delete bonding information</text><polygon fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" points="191.75,300.8594,267.75,300.8594,279.75,312.8594,267.75,324.8594,191.75,324.8594,179.75,312.8594,191.75,300.8594" style="stroke: #A80036; stroke-width: 1.5;"/><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="21" x="233.75" y="335.0698">yes</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="76" x="191.75" y="316.6675">LTK available</text><polygon fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" points="229.75,602.168,241.75,614.168,229.75,626.168,217.75,614.168,229.75,602.168" style="stroke: #A80036; stroke-width: 1.5;"/><rect fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="96" x="181.75" y="646.168"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="72" x="195.75" y="667.3066">start pairing</text><polygon fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" points="211.75,700.1367,247.75,700.1367,259.75,712.1367,247.75,724.1367,211.75,724.1367,199.75,712.1367,211.75,700.1367" style="stroke: #A80036; stroke-width: 1.5;"/><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="36" x="211.75" y="715.9448">paired</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="21" x="178.75" y="709.5425">yes</text><text fill="#000000" font-family="sans-serif" font-size="11" lengthAdjust="spacingAndGlyphs" textLength="14" x="259.75" y="709.5425">no</text><rect fill="#FEFECE" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="173" x="26.5" y="734.1367"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="149" x="40.5" y="755.2754">GATT Client request sent</text><rect fill="#23DB2B" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="204" x="11" y="788.1055"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="180" x="25" y="809.2441">App receives GATT Response</text><ellipse cx="113" cy="853.0742" fill="#FFFFFF" filter="url(#fma1tdqeiv4oo)" rx="11" ry="11" style="stroke: #000000; stroke-width: 1.0;"/><ellipse cx="113" cy="853.0742" fill="#000000" rx="6" ry="6" style="stroke: #7F7F7F; stroke-width: 1.0;"/><rect fill="#FD5B41" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="223" x="235" y="734.1367"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="199" x="249" y="755.2754">App receives a GATT Client error</text><ellipse cx="346.5" cy="799.1055" fill="#FFFFFF" filter="url(#fma1tdqeiv4oo)" rx="11" ry="11" style="stroke: #000000; stroke-width: 1.0;"/><ellipse cx="346.5" cy="799.1055" fill="#000000" rx="6" ry="6" style="stroke: #7F7F7F; stroke-width: 1.0;"/><rect fill="#FD5B41" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="223" x="627.5" y="300.8594"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="199" x="641.5" y="321.998">App receives a GATT Client error</text><path d="M488,369.8281 L488,410.0938 A0,0 0 0 0 488,410.0938 L708,410.0938 A0,0 0 0 0 708,410.0938 L708,393.9609 L728,389.9609 L708,385.9609 L708,379.8281 L698,369.8281 L488,369.8281 A0,0 0 0 0 488,369.8281 " fill="#FBFB77" filter="url(#fma1tdqeiv4oo)" style="stroke: #A80036; stroke-width: 1.0;"/><path d="M698,369.8281 L698,379.8281 L708,379.8281 L698,369.8281 " fill="#FBFB77" style="stroke: #A80036; stroke-width: 1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="173" x="494" y="386.895">App can trigger pairing and</text><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacingAndGlyphs" textLength="199" x="494" y="402.0278">repeat the GATT Client request</text><ellipse cx="739" cy="389.9609" fill="#FFFFFF" filter="url(#fma1tdqeiv4oo)" rx="11" ry="11" style="stroke: #000000; stroke-width: 1.0;"/><ellipse cx="739" cy="389.9609" fill="#000000" rx="6" ry="6" style="stroke: #7F7F7F; stroke-width: 1.0;"/><rect fill="#23DB2B" filter="url(#fma1tdqeiv4oo)" height="33.9688" rx="12.5" ry="12.5" style="stroke: #A80036; stroke-width: 1.5;" width="204" x="880.5" y="266.8594"/><text fill="#000000" font-family="sans-serif" font-size="12" lengthAdjust="spacingAndGlyphs" textLength="180" x="894.5" y="287.998">App receives GATT Response</text><ellipse cx="982.5" cy="346.8281" fill="#FFFFFF" filter="url(#fma1tdqeiv4oo)" rx="11" ry="11" style="stroke: #000000; stroke-width: 1.0;"/><ellipse cx="982.5" cy="346.8281" fill="#000000" rx="6" ry="6" style="stroke: #7F7F7F; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="733.4375" x2="733.4375" y1="50.9531" y2="70.9531"/><polygon fill="#A80036" points="729.4375,60.9531,733.4375,70.9531,737.4375,60.9531,733.4375,64.9531" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="733.4375" x2="733.4375" y1="104.9219" y2="124.9219"/><polygon fill="#A80036" points="729.4375,114.9219,733.4375,124.9219,737.4375,114.9219,733.4375,118.9219" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="733.4375" x2="733.4375" y1="158.8906" y2="178.8906"/><polygon fill="#A80036" points="729.4375,168.8906,733.4375,178.8906,737.4375,168.8906,733.4375,172.8906" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="122" x2="122" y1="486.1992" y2="506.1992"/><polygon fill="#A80036" points="118,496.1992,122,506.1992,126,496.1992,122,500.1992" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="122" x2="122" y1="540.168" y2="560.168"/><polygon fill="#A80036" points="118,550.168,122,560.168,126,550.168,122,554.168" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="180.75" x2="122" y1="430.2305" y2="430.2305"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="122" x2="122" y1="430.2305" y2="452.2305"/><polygon fill="#A80036" points="118,442.2305,122,452.2305,126,442.2305,122,446.2305" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="278.75" x2="337.5" y1="430.2305" y2="430.2305"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="337.5" x2="337.5" y1="430.2305" y2="452.2305"/><polygon fill="#A80036" points="333.5,442.2305,337.5,452.2305,341.5,442.2305,337.5,446.2305" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="337.5" x2="337.5" y1="486.1992" y2="587.168"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="337.5" x2="229.75" y1="587.168" y2="587.168"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="587.168" y2="602.168"/><polygon fill="#A80036" points="225.75,592.168,229.75,602.168,233.75,592.168,229.75,596.168" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="383.2305" y2="418.2305"/><polygon fill="#A80036" points="225.75,408.2305,229.75,418.2305,233.75,408.2305,229.75,412.2305" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="324.8594" y2="349.2617"/><polygon fill="#A80036" points="225.75,339.2617,229.75,349.2617,233.75,339.2617,229.75,343.2617" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="279.75" x2="451" y1="312.8594" y2="312.8594"/><polygon fill="#A80036" points="447,473.7148,451,483.7148,455,473.7148,451,477.7148" style="stroke: #A80036; stroke-width: 1.5;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="451" x2="451" y1="312.8594" y2="614.168"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="451" x2="241.75" y1="614.168" y2="614.168"/><polygon fill="#A80036" points="251.75,610.168,241.75,614.168,251.75,618.168,247.75,614.168" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="626.168" y2="646.168"/><polygon fill="#A80036" points="225.75,636.168,229.75,646.168,233.75,636.168,229.75,640.168" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="113" x2="113" y1="768.1055" y2="788.1055"/><polygon fill="#A80036" points="109,778.1055,113,788.1055,117,778.1055,113,782.1055" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="113" x2="113" y1="822.0742" y2="842.0742"/><polygon fill="#A80036" points="109,832.0742,113,842.0742,117,832.0742,113,836.0742" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="346.5" x2="346.5" y1="768.1055" y2="788.1055"/><polygon fill="#A80036" points="342.5,778.1055,346.5,788.1055,350.5,778.1055,346.5,782.1055" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="199.75" x2="113" y1="712.1367" y2="712.1367"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="113" x2="113" y1="712.1367" y2="734.1367"/><polygon fill="#A80036" points="109,724.1367,113,734.1367,117,724.1367,113,728.1367" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="259.75" x2="346.5" y1="712.1367" y2="712.1367"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="346.5" x2="346.5" y1="712.1367" y2="734.1367"/><polygon fill="#A80036" points="342.5,724.1367,346.5,734.1367,350.5,724.1367,346.5,728.1367" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="680.1367" y2="700.1367"/><polygon fill="#A80036" points="225.75,690.1367,229.75,700.1367,233.75,690.1367,229.75,694.1367" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="739" x2="739" y1="334.8281" y2="378.9609"/><polygon fill="#A80036" points="735,368.9609,739,378.9609,743,368.9609,739,372.9609" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="384.375" x2="229.75" y1="278.8594" y2="278.8594"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="229.75" x2="229.75" y1="278.8594" y2="300.8594"/><polygon fill="#A80036" points="225.75,290.8594,229.75,300.8594,233.75,290.8594,229.75,294.8594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="584.375" x2="739" y1="278.8594" y2="278.8594"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="739" x2="739" y1="278.8594" y2="300.8594"/><polygon fill="#A80036" points="735,290.8594,739,300.8594,743,290.8594,739,294.8594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="982.5" x2="982.5" y1="300.8281" y2="335.8281"/><polygon fill="#A80036" points="978.5,325.8281,982.5,335.8281,986.5,325.8281,982.5,329.8281" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="596.4375" x2="484.375" y1="244.8594" y2="244.8594"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="484.375" x2="484.375" y1="244.8594" y2="266.8594"/><polygon fill="#A80036" points="480.375,256.8594,484.375,266.8594,488.375,256.8594,484.375,260.8594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="870.4375" x2="982.5" y1="244.8594" y2="244.8594"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="982.5" x2="982.5" y1="244.8594" y2="266.8594"/><polygon fill="#A80036" points="978.5,256.8594,982.5,266.8594,986.5,256.8594,982.5,260.8594" style="stroke: #A80036; stroke-width: 1.0;"/><line style="stroke: #A80036; stroke-width: 1.5;" x1="733.4375" x2="733.4375" y1="212.8594" y2="232.8594"/><polygon fill="#A80036" points="729.4375,222.8594,733.4375,232.8594,737.4375,222.8594,733.4375,226.8594" style="stroke: #A80036; stroke-width: 1.0;"/><!--MD5=[678f4d5ba6d3661631cd8d21e4a89bd4]
+@startuml
+title Reactive Authentication
+start
+: A connects to B;
+: App triggers GATT Client request on A;
+: GATT Client request sent;
+
+if (GATT Server returns an 'insufficient x' error) then (yes)
+  if (ENABLE_GATT_CLIENT_PAIRING) then (yes)
+    if (LTK available) then (yes)
+      : start encryption;
+      if (re-encrypted) then (yes)
+        : GATT Client request sent;
+        #23DB2B : App receives GATT Response;
+        stop
+      else (no)
+        : delete bonding information;
+      endif
+   endif
+    : start pairing;
+      if (paired) then (yes)
+        : GATT Client request sent;
+        #23DB2B : App receives GATT Response;
+        stop
+      else (no)
+        #FD5B41 : App receives a GATT Client error;
+        stop
+      endif
+  else (no)
+    #FD5B41 : App receives a GATT Client error;
+    stop
+    note left
+      App can trigger pairing and 
+      repeat the GATT Client request
+    end note
+  endif
+else (no)
+  #23DB2B : App receives GATT Response;
+  stop
+endif
+@enduml
+
+PlantUML version 1.2020.20beta13(Unknown compile time)
+(GPL source distribution)
+Java Runtime: Java(TM) SE Runtime Environment
+JVM: Java HotSpot(TM) 64-Bit Server VM
+Default Encoding: UTF-8
+Language: en
+Country: US
+--></g></svg>
\ No newline at end of file