Managing The Blackberry Smart Card Reader - Blackberry PRD-09695-004 - SMART Card Reader Overview

•
prevent third-party applications that have obtained a digital signature from the Research In Motion signing
authority system from using the BlackBerry device controlled APIs to do anything other than access
persistent storage of user data and communicate with other applications
You can configure application control policy rules so that all Bluetooth profiles are unavailable for applications by
default and then turn on the Bluetooth Serial Port Profile for the BlackBerry Smart Card Reader driver only. In this
configuration, only the necessary applications are allowed to use the BlackBerry Smart Card Reader driver.

Managing the BlackBerry Smart Card Reader

You can configure IT policy rules to manage the behavior of the BlackBerry® Smart Card Reader.
IT policy rule
Disable Auto Reconnect To BlackBerry
Smart Card Reader
Force Erase All Keys on BlackBerry
Disconnected Timeout
Force Erase Key On PC Standby
Force Smart Card Two Factor
Authentication
Force Smart Card Two Factor Challenge
Response
Lock on Smart Card Removal
Maximum Bluetooth Encryption Key
Regeneration Period
Description
This rule prevents automatic reconnections to the BlackBerry Smart
Card Reader from a previously connected BlackBerry device and
computer.
Turning off automatic reconnections from the BlackBerry device is
designed to increase the life of battery on the BlackBerry device.
This rule specifies whether a BlackBerry device deletes its secure
pairing PIN and closes its connection to the BlackBerry Smart Card
Reader when the connection timeout period expires.
This rule also specifies whether the BlackBerry Smart Card Reader
deletes all secure pairing PINs and closes all connections to a
connected computer when the connection timeout period expires.
This rule specifies whether a computer deletes its secure pairing PIN
and closes the connection to the BlackBerry Smart Card Reader when
the computer enters standby mode.
This rule specifies whether a user must type the BlackBerry device
password and the smart card password to use a BlackBerry device.
You can use Windows® Local Security Policy settings to specify
whether a user must connect to a supported smart card reader from
the Windows login screen to use a computer.
This rule specifies whether a user must choose a smart card certificate
for use with smart card two-factor authentication. If two-factor
authentication is turned on, when the user unlocks a BlackBerry
device, the BlackBerry device sends a challenge to the smart card to
verify that it is the same smart card that the BlackBerry device used to
initialize the smart card authenticator module.
This rule specifies whether a BlackBerry device locks when a user
removes the smart card from a smart card reader or disconnects a
smart card reader from the BlackBerry device. If you want to use this
rule, you must verify that the smart card reader driver that your
organization uses supports smart card removal detection.
You can use Windows Local Security Policy settings to specify whether
a computer locks when the user removes the smart card from a smart
card reader or disconnects a smart card reader from the computer.
This rule specifies a period, in hours, after which the BlackBerry Smart
Card Reader regenerates a Bluetooth® encryption key if a BlackBerry
device or computer is connected to the BlackBerry Smart Card Reader
when the period expires. If the BlackBerry device or computer is not
connected to the BlackBerry Smart Card Reader when the period
expires, the BlackBerry Smart Card Reader regenerates the Bluetooth
encryption key when the BlackBerry device or computer reconnects to
the BlackBerry Smart Card Reader.
12