BLE "insufficient authentication" issue

For TI CC254x, if BLE is not paired with encryption. Although attribute sets GATT_PERMIT_AUTHEN_READ_WRITE, the stack still responses ATT_ERR_INSUFFICIENT_ENCRYPT. In order to solve this problem, need to manual handle error code without stack. Simple way is:
1. set all  characteristics to GATT_PERMIT_READ_WRITE
2. in ReadAttrCB / WriteAttrCB to check link encryption status then manual feed back ATT_ERR_INSUFFICIENT_AUTHEN.
someReadAttrCB()
{
  bStatus_t status = SUCCESS;
<-- -->
  // Require security for all characteristics
  if ( linkDB_Encrypted( connHandle ) == FALSE )
  {
    return ATT_ERR_INSUFFICIENT_AUTHEN;
  }
<-- -->

The issue is about 
" from J.Sample
When the iOS device forgets the CC2540, then when it tries to write to a characteristic with permissions of GATT_PERMIT_AUTHEN_READ_WRITE theCC2540 returns an ATT_ERR_INSUFFICIENT_ENCRYPT since it still thinks it's paired with the iOS device - instead of an ATT_ERR_INSUFFICIENT_AUTHEN which it returns when it's not paired.
"
 or when do bluetooth certification, some cases need to show ATT_ERR_INSUFFICIENT_AUTHEN.


For my test, iOS still doesn't work.
may use ATT_ERR_INSUFFICIENT_AUTHOR instead. It works.
The suggested solution works for me but I have to return ATT_ERR_INSUFFICIENT_AUTHOR instead of ATT_ERR_INSUFFICIENT_AUTHEN.
3.9 Pairing The accessory should not request pairing until an ATT request is rejected using the Insufficient Authentication error code. See the Bluetooth 4.0 specification, Volume 3, Part F, Section 4 for details. If, for security reasons, the accessory requires a bonded relationship with the Central, the Peripheral should reject the ATT request using the Insufficient Authentication error code, as appropriate. As a result, the Apple product may proceed with the necessary security procedures. Similarly, if the iOS device acts as a Central and a GATT server, it may reject an ATT request using the Insufficient Authentication error code. The accessory should initiate the security procedure for pairing in response. Pairing may require user authorization depending on Apple product. Once an accessory is paired with an Apple product, it shall retain the distributed keys of both central and peripheral for future use. If the pairing is no longer required, the accessory shall delete both sets of keys.  (from Apple) https://developer.apple.com/hardwaredrivers/BluetoothDesignGuidelines.pdf

http://e2e.ti.com/support/wireless_connectivity/f/538/p/453316/1633279#1633279

Reference link:
https://e2e.ti.com/support/wireless_connectivity/f/538/p/259197/907091#907091&nbsp;
https://e2e.ti.com/support/wireless_connectivity/f/538/p/232666/1003797
https://e2e.ti.com/support/wireless_connectivity/f/538/p/245279/857934#857934
http://connectivity198.rssing.com/chan-4845084/all_p147.html