Blackberry PRD-09695-004 - SMART Card Reader Скачать руководство пользователя страница 22 | Manualshive

Страница: 22 / 28

background image

BlackBerry Smart Card Reader

22

Appendix C: Application layer protocol encryption and authentication

By default, each data packet that the BlackBerry device or computer and the BlackBerry Smart Card Reader send
between them is authenticated and encrypted using the following methods:

•

authenticated with HMAC using the negotiated SHA algorithm

•

encrypted with AES of the negotiated key size using CBC mode

Anatomy of data packet formatted for transmission over the application layer

The connection key protocol establishes a shared connection key

CK

from which the BlackBerry device or

computer and the BlackBerry Smart Card Reader derive the four session keys that they use on the application
layer to protect the data that they send between them.

Connection session key

Value

Description

KeySendEnc SHA-256(

CK

||

S1

)

•

the AES-256 key that the BlackBerry device, the
computer, or the BlackBerry Smart Card Reader
generates to encrypt the data that it sends to the
other party over the application layer

•

the other party must use KeyRecEnc to respond to
KeySendEnc

KeyRecEnc SHA-256(

CK

||

S2

)

the AES-256 key that the BlackBerry device, the
computer, or the BlackBerry Smart Card Reader
generates to decrypt the data that it receives from the
other party over the application layer

KeySendAuth SHA-256(

CK

||

S3

)

•

the HMAC authentication key that the BlackBerry
device, the computer, or the BlackBerry Smart Card
Reader generates to authenticate the data that it
sends to the other party over the application layer

•

the other party must use KeyRecAuth to respond to
KeySendAuth

KeyRecAuth SHA-256(

CK

||

S4

)

the HMAC authentication key that the BlackBerry device,
the computer, or the BlackBerry Smart Card Reader
generates to authenticate the data that it receives from
the other party over the application layer

Note

:

S1

,

S2

,

S3

, and

S4

are hard-coded strings that the BlackBerry device or computer and the BlackBerry Smart

Card Reader use in the key derivation to prevent calculating session keys that are the same as each other.

www.blackberry.com

«
...
20
21
22
23
24
...
»

Содержание PRD-09695-004 - SMART Card Reader

Страница 1: ...BlackBerry Smart Card Reader Version 1 5 Service Pack 1 Security Technical Overview 2007 Research In Motion Limited All rights reserved www blackberry com ...

Страница 2: ...process and the secure pairing process on the computer 14 Reconnecting to the BlackBerry device or computer automatically 14 Initial key establishment protocol used in the secure pairing process 14 Connection key establishment protocol used in the secure pairing process 15 Encrypting and authenticating data on the application layer 17 Using two factor authentication 17 Turning on two factor authen...

Страница 3: ...ionary attack 25 Online dictionary attack 25 Small subgroup attack 25 Appendix F Smart card binding information 26 Appendix G BlackBerry Smart Card Reader reset process 27 2007 Research In Motion Limited All rights reserved www blackberry com ...

Страница 4: ...ws you to use two factor authentication using a smart card to require users to prove their identities to the BlackBerry devices or computers by two factors what they have the smart card what they know their smart card password Integrating a smart card with existing secure messaging technology In addition to standard BlackBerry encryption you can turn on secure messaging technology to offer an addi...

Страница 5: ...ng software and BlackBerry devices BlackBerry Enterprise Server software Computer BlackBerry devices BlackBerry Enterprise Server Version 4 0 SP2 or later for Microsoft Exchange with the S MIME IT Policy template imported BlackBerry Enterprise Server Version 4 0 SP3 or later Microsoft Windows XP SP2 with support for Bluetooth technology turned on Microsoft Windows Vista with support for Bluetooth ...

Страница 6: ...ter are designed to provide the following security measures by default on the Bluetooth wireless channel which is widely considered to be nonsecure The Bluetooth wireless transceiver on the BlackBerry device is turned off Users must request a connection between the Bluetooth enabled BlackBerry device with a Bluetooth device and type a password called a passkey which is a shared secret key to compl...

Страница 7: ...Smart Card Reader and pair with it The BlackBerry Smart Card Reader is designed to enter into discoverable mode whenever it displays the reader ID and its LED is solid green Limited use of serial port profiles The BlackBerry Smart Card Reader uses the Bluetooth Serial Port Profile only allowing you to use application control to shut down all the other profiles and prevent third party applications ...

Страница 8: ...ity method Description Secure connections The BlackBerry Smart Card Reader uses processes designed to pair the BlackBerry Smart Card Reader with the Bluetooth enabled BlackBerry device or computer using a Bluetooth encryption key to establish a Bluetooth connection between them pair the smart card with the Bluetooth enabled BlackBerry device or computer using a secure pairing key to establish an a...

Страница 9: ... that run BlackBerry Device Software Version 4 1 or later and the computers store the current secure pairing key and the shared master encryption key in their respective RAM only BlackBerry devices that run BlackBerry Device Software versions earlier than Version 4 1 store the secure pairing key and the shared master encryption key in a key store database in the BlackBerry device flash memory Code...

Страница 10: ...d the Bluetooth profiles to specific permitted third party applications Using the BlackBerry Enterprise Server Version 4 0 or later you can set BlackBerry Enterprise Server IT policy rules and application policy rules to control how third party applications use the BlackBerry Smart Card Reader to connect to Bluetooth enabled BlackBerry devices Use application control policy rules to permit or prev...

Страница 11: ... Smart Card Two Factor Challenge Response Specify whether the user must choose a smart card certificate for use with smart card two factor authentication If smart card two factor authentication is turned on when the user unlocks the BlackBerry device the BlackBerry device sends a challenge to the smart card to verify that it is the same smart card that the BlackBerry device used to initialize the ...

Страница 12: ...onnected Timeout IT policy rule to specify whether the BlackBerry device and computer delete their secure pairing keys for their current connections to the BlackBerry Smart Card Reader when the disconnection timeout period expires Maximum BlackBerry Long Term Timeout Specify the maximum time in hours after the BlackBerry device and the BlackBerry Smart Card Reader establish the secure pairing info...

Страница 13: ...cy rule to True the Bluetooth wireless adaptor of the BlackBerry Smart Card Reader is turned off whenever the BlackBerry Smart Card Reader is connected to a computer using USB See the Policy Reference Guide for more information Establishing an encrypted and authenticated connection to the BlackBerry Smart Card Reader Before the smart card and the BlackBerry device can establish an encrypted and au...

Страница 14: ...ey or secure pairing key You can set the Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule to prevent the BlackBerry device or computer from reconnecting to the BlackBerry Smart Card Reader automatically Turning off the automatic reconnection feature is designed to increase the battery life of the BlackBerry device Initial key establishment protocol used in the secure pairing p...

Страница 15: ...s H H1 H2 MK SHA 256 H K 12 The initial key establishment protocol completes the BlackBerry device or computer and the BlackBerry Smart Card Reader share a master encryption key See Appendix D BlackBerry Smart Card Reader shared cryptosystem parameters on page 23 for more information about variables used in this process Connection key establishment protocol used in the secure pairing process After...

Страница 16: ...ishment protocol 5 The BlackBerry Smart Card Reader sends Y to the BlackBerry device or computer 6 The BlackBerry device or computer performs the following calculation to select a short term key X selects random x 1 x r 1 calculates X xP calculates the connection key CK using the following information Parameter Value K xY xyP H1 SHA 512 sent data packets H2 SHA 512 received data packets H H1 H2 CK...

Страница 17: ... smart card After the BlackBerry device or computer binds to the smart card it requires that smart card to authenticate the user Turning on two factor authentication on the BlackBerry device You can set the Force Smart Card Two Factor Authentication IT policy rule in the BlackBerry Manager to require that a user authenticates with the BlackBerry device using a smart card If you do not force the us...

Страница 18: ... from the BlackBerry device When you or the user start the process that lets the BlackBerry device erase its stored user and application data the BlackBerry device deletes the smart card binding information from its NV store When the process completes a user can authenticate with the BlackBerry device using a new smart card You can delete the smart card binding information from the BlackBerry devi...

Страница 19: ...MIME protected messaging turning on encryption options setting IT policy rules setting message classifications BlackBerry Smart Card Reader Getting Started Guide setting up the BlackBerry Smart Card Reader installing or upgrading the BlackBerry Smart Card Reader pairing the BlackBerry device or the computer with the BlackBerry Smart Card Reader troubleshooting Policy Reference Guide using BlackBer...

Страница 20: ... 521 bit Random Curve EC521R1 283 bit Koblitz Curve EC283K1 256 bit Random Curve EC256R1 160 bit Random Curve EC160R1 encryption AES 256 AES 128 hash SHA 512 SHA 256 SHA 1 The initial key establishment protocol is designed to negotiate to use the algorithm indicated unless the BlackBerry device or the computer requires a different supported algorithm www blackberry com ...

Страница 21: ... BlackBerry device the computer or the BlackBerry Smart Card Reader that party sends an error code to the other party negotiating the connection key The following errors might occur negative length bad packet incomplete crypto specification bad public key no algorithms in common are permitted not paired not connected connection error decryption error www blackberry com ...

Страница 22: ...erates to encrypt the data that it sends to the other party over the application layer the other party must use KeyRecEnc to respond to KeySendEnc KeyRecEnc SHA 256 CK S2 the AES 256 key that the BlackBerry device the computer or the BlackBerry Smart Card Reader generates to decrypt the data that it receives from the other party over the application layer KeySendAuth SHA 256 CK S3 the HMAC authent...

Страница 23: ...initial establishment key protocol does all math operations in the group E Fq Fq a finite field of prime order q P a point of E that generates a subgroup of E Fq of prime order r xR a representation of elliptic curve scalar multiplication where x is the scalar and R is a point on E Fq s the secure pairing key value that appears on the BlackBerry Smart Card Reader screen Note The secure pairing key...

Страница 24: ...ate key on the BlackBerry device or computer Man in the middle attack A man in the middle attack occurs when the user with malicious intent intercepts and modifies messages in transit between the BlackBerry Smart Card Reader and the BlackBerry device or computer A successful man in the middle attack results in each party not knowing that the user with malicious intent is sitting between them monit...

Страница 25: ...r with malicious intent must rely on the BlackBerry device the computer or the BlackBerry Smart Card Reader to determine if a key is the correct secure pairing key The BlackBerry Smart Card Reader supports only one try to guess the secure pairing key If the guess is incorrect the BlackBerry Smart Card Reader changes the secure pairing key before the next try occurs Small subgroup attack A small su...

Страница 26: ... BlackBerry Smart Card Reader requires the binding information format Note If the BlackBerry device uses a challenge response certificate the format is a version byte with a value of 1 If the BlackBerry device does not use a challenge response certificate the format is a version byte with a value of 0 the smart card type Note For the Common Access Card this string is GSA CAC the name of a Java cla...

Страница 27: ...the Bluetooth encryption key for the currently connected BlackBerry device if applicable deletes all Bluetooth pairing information deletes all secure pairing information deletes all user settings deletes the connection password unbinds the IT policy from the BlackBerry Smart Card Reader The BlackBerry Smart Card Reader unbinds the IT policy by deleting the IT policy public key from its NV store so...

Страница 28: ... RIM NOR ITS RESPECTIVE DIRECTORS OFFICERS EMPLOYEES OR CONSULTANTS SHALL BE LIABLE TO YOU FOR ANY DAMAGES WHATSOEVER BE THEY DIRECT ECONOMIC COMMERCIAL SPECIAL CONSEQUENTIAL INCIDENTAL EXEMPLARY OR INDIRECT DAMAGES EVEN IF RIM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES INCLUDING WITHOUT LIMITATION LOSS OF BUSINESS REVENUE OR EARNINGS LOST DATA DAMAGES CAUSED BY DELAYS LOST PROFITS OR A F...

Отзывы:

Нет отзывов

Похожие инструкции для PRD-09695-004 - SMART Card Reader

Бренд: Magnat Audio Страницы: 64

Бренд: Raymarine Страницы: 46

Бренд: Teac Страницы: 59

Бренд: Teac Страницы: 32

Бренд: Teac Страницы: 17

Бренд: Wasp Страницы: 12

Бренд: Wasp Страницы: 44

Бренд: Teac Страницы: 56

Бренд: Majestic Страницы: 13

VM9412 - In-dash DVD Receiver

Бренд: Jensen Страницы: 38

Бренд: UniFlow Страницы: 22

Бренд: Renkforce Страницы: 4

Бренд: The Andersons Страницы: 11

Бренд: Jensen Страницы: 4

Бренд: SATO Страницы: 2

ACR1281U-C1 Dualboost 2

Бренд: ACS Страницы: 16

Бренд: JMM Страницы: 13

Бренд: Dahua Страницы: 24

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды