Blackberry Smart Card Reader Security - Blackberry PRD-09695-004 - SMART Card Reader Overview
Security technical overview
Hide thumbs
Also See for PRD-09695-004 - SMART Card Reader:
- Product manual (50 pages) ,
- Getting started manual (44 pages) ,
- Manual (28 pages)
Table of Contents
Advertisement
BlackBerry Smart Card Reader security
The BlackBerry® Smart Card Reader is designed to prevent offline and online dictionary attacks using the following
security methods.
Security method
authentication of
connections
deletion of connection
information
shared device transport
key
BlackBerry Smart Card
Reader password
protected key storage
Description
The BlackBerry Smart Card Reader uses processes designed to perform the following
actions:
•
pair the BlackBerry Smart Card Reader with a Bluetooth® enabled BlackBerry
device or Bluetooth enabled computer using a Bluetooth encryption key to open
a Bluetooth connection between them
•
pair the smart card with the BlackBerry device or computer using a secure
pairing PIN, which is created the first time that the BlackBerry Smart Card
Reader pairs with the BlackBerry device or computer, to open an authenticated
connection between them
•
generate session keys to help protect data that the BlackBerry device or
computer and the BlackBerry Smart Card Reader send between them on the
application layer over the Bluetooth connection
A BlackBerry device that is connected to the BlackBerry Smart Card Reader can
delete the secure pairing PIN when the BlackBerry device disconnects from the
BlackBerry Smart Card Reader and the disconnection timeout period expires.
A computer that is connected to the BlackBerry Smart Card Reader can delete the
secure pairing PIN when the computer enters standby mode.
The BlackBerry Smart Card Reader creates a shared private key and then creates a
shared device transport key from the secure pairing PIN and a secret private key.
The first BlackBerry device or computer to connect to the BlackBerry Smart Card
Reader after the BlackBerry Smart Card Reader resets must create the BlackBerry
Smart Card Reader password. This password helps protects the encryption keys on
the BlackBerry Smart Card Reader in the same way that the BlackBerry device
password protects the data on the BlackBerry device.
Any debugging application that tries to connect to the BlackBerry Smart Card
Reader over the USB connection cannot connect unless that application knows the
password.
After ten unsuccessful password tries, the BlackBerry Smart Card Reader deletes all
its data, including the password.
To help limit the risk of key disclosure, the BlackBerry Smart Card Reader is designed
to store all keys in its RAM only and does not write keys to its flash memory. To take
the BlackBerry Smart Card Reader apart, the user must remove the battery. When
the user removes the battery, the BlackBerry Smart Card Reader deletes all the keys.
A BlackBerry device that runs BlackBerry® Device Software version 4.1 and later and
a computer store the current secure pairing PIN and the shared device transport key
in their respective RAM only. A BlackBerry device that runs BlackBerry Device
Software versions earlier than version 4.1 stores the secure pairing PIN and the
shared device transport key in a key store database in the flash memory.
10
Advertisement
Table of Contents
