I have a mobile app (Android/iOS) that acts as a BLE client and a BLE device as a server.
The device does not have any display or keyboard. I want to connect to this device from the mobile app, make this connection secure and prevent to be connected from other clients in future.
How can i make it without using Pair/Bond technique because i don't want user to use system windows from the mobile. The device once connected it should be connectable only by this and not the others. Is possible to use some sort of keys/token or other to make this work?
You can use Whitelist functionality for this purpose. Whitelist is a BLE feature that allows you to add certain devices to a list which you allow to scan and connect to. For your case, the whitelist would be implemented in the Nordic peripheral device after the first connection. Once the firt connection is established, the address of the connected device can be added to the whitelist.
If you want to make sure that the connection is secure (i.e. encrypted) then your only option is pairing/bonding. You should se the IO capabilities on the Nordic device to be NoInput/NoOutput. Given that your phone is the initiator, this technically shouldn't result in any pop up/pairing dialog.
You can find more information here:-