Bluetooth Secure Simple pairing (SSP) user scenario

The below is great explanation for SSP.

from http://stackoverflow.com/questions/5401445/android-bluetooth-pairing (Dennis Mathews)

When both devices are 2.1 and above the Secure Simple pairing (SSP) gets used instead of the legacy pairing (legacy pairing is the one where user was required to enter same PIN on both devices to connect and most of the cases PIN used to be well known common combinations of 0000 or 1234)

Secure simple pairing simplifies the process and gets rid of the need for PINs to be entered, instead it generates 6 digit passkeys automatically as part of the pairing process and user may only be required to verify/enter the passkey on one or more of the devices.

Secure Simple Pairing (SSP) further has few different association modes and the association model to be used is determined by the display and input capabilities on the devices that are trying to pair.

When there is no display or input to enter 6 digits on one of the devices, then "Just works" association model gets used , in this the user input is not required during pairing. In Android it is possible to force this model is SPP applications when using the createInsecureRfcommSocketToServiceRecord() API. This model gets used commonly when pairing with Headsets, other small devices without any display or input capability

Other association models are :

Numeric Comparison - Where a 6 digit number is shown on both devices and user is asked to confirm is they are the same. Used when both devices has display and capable of entering Yes/No.

Passkey entry - When one of the devices has only input capability and no output display capability and the other has an output / display capability, here the user will be asked to enter the 6 digits on the input only capable device as shown on the display capable device.

Out-of-Band - Where devices exchange pairing information over a different channel (other than Bluetooth) example NFC or some other secure mechanism.