manualshive.com logo in svg

Blackberry PRD-09695-004 - SMART Card Reader, Manual

Introducing the Blackberry PRD-09695-004 SMART Card Reader. Unlocking a world of convenience and security, this cutting-edge device allows seamless integration of smart cards. Need a user manual? Look no further! Download your free manual, exclusively at manualshive.com, and discover the endless possibilities of this exceptional product.

Share
Download
background image

BlackBerry Smart Card Reader 

13 

IT policy rule 

Recommended use 

Maximum PC Disconnected Timeout 

Specify the maximum time, in seconds, after the computer and the 
BlackBerry Smart Card Reader close the Bluetooth connection 
between them that the secure pairing information for that dropped 
connection is deleted from the computer and the BlackBerry Smart 
Card Reader. 

Maximum PC Long Term Timeout 

Specify the maximum time, in hours, after the computer and the 
BlackBerry Smart Card Reader establish the secure pairing 
information between them that the computer and the BlackBerry 
Smart Card Reader delete their secure pairing information. 

Maximum PC Bluetooth Traffic 
Inactivity Timeout 

Specify the maximum time, in minutes, of inactivity over the 
Bluetooth connection between the BlackBerry Smart Card Reader 
and the computer allowed before the computer and the BlackBerry 
Smart Card Reader delete their secure pairing information. 

Maximum Number of PC Transactions 

Specify the maximum number of transactions (smart card–related 
operations) that the computer and the BlackBerry Smart Card 
Reader can send and receive between them before the computer 
and the BlackBerry Smart Card Reader delete their secure pairing 
information. 

Note:

 A transaction is any request and response set of data packets 

other than a connection heartbeat. 

Maximum Number of PC Pairings 

Specify the maximum number of computers that can pair with the 
BlackBerry Smart Card Reader. 

Note

: The BlackBerry Smart Card Reader also recognizes the Disable Radio When Cradled IT policy rule, which 

controls whether the wireless transceiver is turned off when the BlackBerry device is connected to USB 
peripherals. If you set this IT policy rule to True, the Bluetooth wireless adaptor of the BlackBerry Smart Card 
Reader is turned off whenever the BlackBerry Smart Card Reader is connected to a computer using USB.

 

See the

 Policy Reference Guide

 for more information. 

Establishing an encrypted and authenticated connection to the BlackBerry 
Smart Card Reader 

Before the smart card and the BlackBerry device can establish an encrypted and authenticated connection 
between them, the BlackBerry Smart Card Reader and the BlackBerry device or computer must perform a 
Bluetooth pairing process to establish a Bluetooth connection between the BlackBerry device or computer and 
the BlackBerry Smart Card Reader. The BlackBerry device or computer and the BlackBerry Smart Card Reader 
can then perform a secure pairing process to establish a connection between the smart card and the BlackBerry 
device or computer. The secure pairing is designed to allow the BlackBerry Smart Card Reader and the 
BlackBerry device or computer to encrypt and authenticate the data that they send between them over the 
application layer.  

During the secure pairing process 

 

the initial key establishment protocol creates a shared master encryption key on the BlackBerry device or 
computer and the BlackBerry Smart Card Reader that the BlackBerry device or computer and the BlackBerry 
Smart Card Reader use to encrypt and decrypt the data that they send between them 

 

the connection key establishment protocol creates a shared connection key on the BlackBerry device or 
computer and the BlackBerry Smart Card Reader that the BlackBerry device or computer and the BlackBerry 
Smart Card Reader use to send data between them 

The user must perform a Bluetooth pairing process once only but must perform a secure pairing each time that 
the BlackBerry device or computer deletes the secure pairing information. You can control when the BlackBerry 

www.blackberry.com 

 

Summary of Contents for PRD-09695-004 - SMART Card Reader

Page 1: ...BlackBerry Smart Card Reader Version 1 5 Service Pack 1 Security Technical Overview 2007 Research In Motion Limited All rights reserved www blackberry com ...

Page 2: ...process and the secure pairing process on the computer 14 Reconnecting to the BlackBerry device or computer automatically 14 Initial key establishment protocol used in the secure pairing process 14 Connection key establishment protocol used in the secure pairing process 15 Encrypting and authenticating data on the application layer 17 Using two factor authentication 17 Turning on two factor authen...

Page 3: ...ionary attack 25 Online dictionary attack 25 Small subgroup attack 25 Appendix F Smart card binding information 26 Appendix G BlackBerry Smart Card Reader reset process 27 2007 Research In Motion Limited All rights reserved www blackberry com ...

Page 4: ...ws you to use two factor authentication using a smart card to require users to prove their identities to the BlackBerry devices or computers by two factors what they have the smart card what they know their smart card password Integrating a smart card with existing secure messaging technology In addition to standard BlackBerry encryption you can turn on secure messaging technology to offer an addi...

Page 5: ...ng software and BlackBerry devices BlackBerry Enterprise Server software Computer BlackBerry devices BlackBerry Enterprise Server Version 4 0 SP2 or later for Microsoft Exchange with the S MIME IT Policy template imported BlackBerry Enterprise Server Version 4 0 SP3 or later Microsoft Windows XP SP2 with support for Bluetooth technology turned on Microsoft Windows Vista with support for Bluetooth ...

Page 6: ...ter are designed to provide the following security measures by default on the Bluetooth wireless channel which is widely considered to be nonsecure The Bluetooth wireless transceiver on the BlackBerry device is turned off Users must request a connection between the Bluetooth enabled BlackBerry device with a Bluetooth device and type a password called a passkey which is a shared secret key to compl...

Page 7: ...Smart Card Reader and pair with it The BlackBerry Smart Card Reader is designed to enter into discoverable mode whenever it displays the reader ID and its LED is solid green Limited use of serial port profiles The BlackBerry Smart Card Reader uses the Bluetooth Serial Port Profile only allowing you to use application control to shut down all the other profiles and prevent third party applications ...

Page 8: ...ity method Description Secure connections The BlackBerry Smart Card Reader uses processes designed to pair the BlackBerry Smart Card Reader with the Bluetooth enabled BlackBerry device or computer using a Bluetooth encryption key to establish a Bluetooth connection between them pair the smart card with the Bluetooth enabled BlackBerry device or computer using a secure pairing key to establish an a...

Page 9: ... that run BlackBerry Device Software Version 4 1 or later and the computers store the current secure pairing key and the shared master encryption key in their respective RAM only BlackBerry devices that run BlackBerry Device Software versions earlier than Version 4 1 store the secure pairing key and the shared master encryption key in a key store database in the BlackBerry device flash memory Code...

Page 10: ...d the Bluetooth profiles to specific permitted third party applications Using the BlackBerry Enterprise Server Version 4 0 or later you can set BlackBerry Enterprise Server IT policy rules and application policy rules to control how third party applications use the BlackBerry Smart Card Reader to connect to Bluetooth enabled BlackBerry devices Use application control policy rules to permit or prev...

Page 11: ... Smart Card Two Factor Challenge Response Specify whether the user must choose a smart card certificate for use with smart card two factor authentication If smart card two factor authentication is turned on when the user unlocks the BlackBerry device the BlackBerry device sends a challenge to the smart card to verify that it is the same smart card that the BlackBerry device used to initialize the ...

Page 12: ...onnected Timeout IT policy rule to specify whether the BlackBerry device and computer delete their secure pairing keys for their current connections to the BlackBerry Smart Card Reader when the disconnection timeout period expires Maximum BlackBerry Long Term Timeout Specify the maximum time in hours after the BlackBerry device and the BlackBerry Smart Card Reader establish the secure pairing info...

Page 13: ...cy rule to True the Bluetooth wireless adaptor of the BlackBerry Smart Card Reader is turned off whenever the BlackBerry Smart Card Reader is connected to a computer using USB See the Policy Reference Guide for more information Establishing an encrypted and authenticated connection to the BlackBerry Smart Card Reader Before the smart card and the BlackBerry device can establish an encrypted and au...

Page 14: ...ey or secure pairing key You can set the Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule to prevent the BlackBerry device or computer from reconnecting to the BlackBerry Smart Card Reader automatically Turning off the automatic reconnection feature is designed to increase the battery life of the BlackBerry device Initial key establishment protocol used in the secure pairing p...

Page 15: ...s H H1 H2 MK SHA 256 H K 12 The initial key establishment protocol completes the BlackBerry device or computer and the BlackBerry Smart Card Reader share a master encryption key See Appendix D BlackBerry Smart Card Reader shared cryptosystem parameters on page 23 for more information about variables used in this process Connection key establishment protocol used in the secure pairing process After...

Page 16: ...ishment protocol 5 The BlackBerry Smart Card Reader sends Y to the BlackBerry device or computer 6 The BlackBerry device or computer performs the following calculation to select a short term key X selects random x 1 x r 1 calculates X xP calculates the connection key CK using the following information Parameter Value K xY xyP H1 SHA 512 sent data packets H2 SHA 512 received data packets H H1 H2 CK...

Page 17: ... smart card After the BlackBerry device or computer binds to the smart card it requires that smart card to authenticate the user Turning on two factor authentication on the BlackBerry device You can set the Force Smart Card Two Factor Authentication IT policy rule in the BlackBerry Manager to require that a user authenticates with the BlackBerry device using a smart card If you do not force the us...

Page 18: ... from the BlackBerry device When you or the user start the process that lets the BlackBerry device erase its stored user and application data the BlackBerry device deletes the smart card binding information from its NV store When the process completes a user can authenticate with the BlackBerry device using a new smart card You can delete the smart card binding information from the BlackBerry devi...

Page 19: ...MIME protected messaging turning on encryption options setting IT policy rules setting message classifications BlackBerry Smart Card Reader Getting Started Guide setting up the BlackBerry Smart Card Reader installing or upgrading the BlackBerry Smart Card Reader pairing the BlackBerry device or the computer with the BlackBerry Smart Card Reader troubleshooting Policy Reference Guide using BlackBer...

Page 20: ... 521 bit Random Curve EC521R1 283 bit Koblitz Curve EC283K1 256 bit Random Curve EC256R1 160 bit Random Curve EC160R1 encryption AES 256 AES 128 hash SHA 512 SHA 256 SHA 1 The initial key establishment protocol is designed to negotiate to use the algorithm indicated unless the BlackBerry device or the computer requires a different supported algorithm www blackberry com ...

Page 21: ... BlackBerry device the computer or the BlackBerry Smart Card Reader that party sends an error code to the other party negotiating the connection key The following errors might occur negative length bad packet incomplete crypto specification bad public key no algorithms in common are permitted not paired not connected connection error decryption error www blackberry com ...

Page 22: ...erates to encrypt the data that it sends to the other party over the application layer the other party must use KeyRecEnc to respond to KeySendEnc KeyRecEnc SHA 256 CK S2 the AES 256 key that the BlackBerry device the computer or the BlackBerry Smart Card Reader generates to decrypt the data that it receives from the other party over the application layer KeySendAuth SHA 256 CK S3 the HMAC authent...

Page 23: ...initial establishment key protocol does all math operations in the group E Fq Fq a finite field of prime order q P a point of E that generates a subgroup of E Fq of prime order r xR a representation of elliptic curve scalar multiplication where x is the scalar and R is a point on E Fq s the secure pairing key value that appears on the BlackBerry Smart Card Reader screen Note The secure pairing key...

Page 24: ...ate key on the BlackBerry device or computer Man in the middle attack A man in the middle attack occurs when the user with malicious intent intercepts and modifies messages in transit between the BlackBerry Smart Card Reader and the BlackBerry device or computer A successful man in the middle attack results in each party not knowing that the user with malicious intent is sitting between them monit...

Page 25: ...r with malicious intent must rely on the BlackBerry device the computer or the BlackBerry Smart Card Reader to determine if a key is the correct secure pairing key The BlackBerry Smart Card Reader supports only one try to guess the secure pairing key If the guess is incorrect the BlackBerry Smart Card Reader changes the secure pairing key before the next try occurs Small subgroup attack A small su...

Page 26: ... BlackBerry Smart Card Reader requires the binding information format Note If the BlackBerry device uses a challenge response certificate the format is a version byte with a value of 1 If the BlackBerry device does not use a challenge response certificate the format is a version byte with a value of 0 the smart card type Note For the Common Access Card this string is GSA CAC the name of a Java cla...

Page 27: ...the Bluetooth encryption key for the currently connected BlackBerry device if applicable deletes all Bluetooth pairing information deletes all secure pairing information deletes all user settings deletes the connection password unbinds the IT policy from the BlackBerry Smart Card Reader The BlackBerry Smart Card Reader unbinds the IT policy by deleting the IT policy public key from its NV store so...

Page 28: ... RIM NOR ITS RESPECTIVE DIRECTORS OFFICERS EMPLOYEES OR CONSULTANTS SHALL BE LIABLE TO YOU FOR ANY DAMAGES WHATSOEVER BE THEY DIRECT ECONOMIC COMMERCIAL SPECIAL CONSEQUENTIAL INCIDENTAL EXEMPLARY OR INDIRECT DAMAGES EVEN IF RIM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES INCLUDING WITHOUT LIMITATION LOSS OF BUSINESS REVENUE OR EARNINGS LOST DATA DAMAGES CAUSED BY DELAYS LOST PROFITS OR A F...

Reviews:

No comments

Related manuals for PRD-09695-004 - SMART Card Reader

Cherry SmartTerminal ST-1044 Quick Start Instructions preview
SmartTerminal ST-1044
Brand: Cherry Pages: 4
Symbol LS3478 Configuration Manual preview
LS3478
Brand: Symbol Pages: 6
Magtek D99875494-51 Reference Manual preview
D99875494-51
Brand: Magtek Pages: 18
Sencor SCT 5051BMR User Manual preview
SCT 5051BMR
Brand: Sencor Pages: 17
Franklin BOOKMAN ENC-2046 User Manual preview
BOOKMAN ENC-2046
Brand: Franklin Pages: 22
Franklin BOOKMAN III BDF-4045DL (French) Mode D'Emploi preview
BOOKMAN III BDF-4045DL
Brand: Franklin Pages: 28
Yaesu ATAS-120 Installation And Operation Manual preview
ATAS-120
Brand: Yaesu Pages: 1
Socket DuraScan 700 Series User Manual preview
DuraScan 700 Series
Brand: Socket Pages: 49
Vantager Palm Size Card Reader/Writer User Manual preview
Palm Size Card Reader/Writer
Brand: Vantager Pages: 8
DoorKing 1524-331 Quick Start Manual preview
1524-331
Brand: DoorKing Pages: 3
Stahl IDM160 Operating Instructions Manual preview
IDM160
Brand: Stahl Pages: 36
PSC Magellan 2200VS omega Reference Manual preview
Magellan 2200VS omega
Brand: PSC Pages: 382
Magnadyne M9800 Installation And Operation Manual preview
M9800
Brand: Magnadyne Pages: 12
Lynx Studio Technology LynxTWO Installation And User Manual preview
LynxTWO
Brand: Lynx Studio Technology Pages: 36
Kenwood KDC-4047U Instruction Manual preview
KDC-4047U
Brand: Kenwood Pages: 24
Pioneer AppRadio 4 Firmware Update Manual preview
AppRadio 4
Brand: Pioneer Pages: 7
Renkforce 809339 Operating Instructions preview
809339
Brand: Renkforce Pages: 4
Renkforce 1095090 Operating Instructions preview
1095090
Brand: Renkforce Pages: 4

Brands by name

Popular brands

Load more brands