1. Manuals
  2. Brands
  3. Blackberry Manuals
  4. Card Reader
  5. PRD-09695-004 - SMART Card Reader
  6. Overview

Application Layer Protocol Encryption And Authentication - Blackberry PRD-09695-004 - SMART Card Reader Overview

Security technical overview
Hide thumbs Also See for PRD-09695-004 - SMART Card Reader:
Table of Contents

Advertisement

Application layer protocol encryption and authentication

By default, each data packet that a BlackBerry® device or computer and the BlackBerry® Smart Card Reader send
between them is authenticated and encrypted using the following methods:
authenticated with HMAC using the negotiated SHA algorithm
encrypted with AES of the negotiated key size using CBC mode
The following diagram shows the anatomy of a data packet formatted for transmission over the application layer:
The connection key protocol opens a shared connection key CK from which the BlackBerry device or computer and
the BlackBerry Smart Card Reader derive the four session keys that they use on the application layer to protect the
data that they send between them.
Connection session key
KeySendEnc
KeyRecEnc
KeySendAuth
KeyRecAuth
Note: S1, S2, S3, and S4 are hard-coded strings that the BlackBerry device or computer and the BlackBerry Smart
Card Reader use in the key derivation to prevent calculating session keys that are the same as each other.
Value
Description
SHA-256( CK || S1 )
This key is the AES-256 key that the BlackBerry device, the
computer, or the BlackBerry Smart Card Reader generates
to encrypt the data that it sends to the other party over the
application layer.
The other party must use KeyRecEnc to respond to
KeySendEnc.
SHA-256( CK || S2 )
This key is the AES-256 key that the BlackBerry device, the
computer, or the BlackBerry Smart Card Reader generates
to decrypt the data that it receives from the other party
over the application layer.
SHA-256( CK || S3 )
This key is the HMAC authentication key that the
BlackBerry device, the computer, or the BlackBerry Smart
Card Reader generates to authenticate the data that it
sends to the other party over the application layer.
The other party must use KeyRecAuth to respond to
KeySendAuth.
SHA-256( CK || S4 )
This key is the HMAC authentication key that the
BlackBerry device, the computer, or the BlackBerry Smart
Card Reader generates to authenticate the data that it
receives from the other party over the application layer.
24

Advertisement

Table of Contents
loading

Related Manuals for Blackberry PRD-09695-004 - SMART Card Reader

Related Content for Blackberry PRD-09695-004 - SMART Card Reader

This manual is also suitable for:

Smart card reader v2.0

Table of Contents