Restricting Bluetooth Technology On A Bluetooth Enabled Computer; Bluetooth Security Measures On The Blackberry Smart Card Reader - Blackberry PRD-09695-004 - SMART Card Reader Overview

Restricting Bluetooth technology on a Bluetooth enabled computer

On a Bluetooth® enabled computer, when a Bluetooth wireless adaptor exists and is turned on, the computer also
installs Bluetooth drivers (and a personal area networking device, optionally) for that wireless adaptor. To prevent a
user who does not have administrator privileges and external Bluetooth devices other than the BlackBerry® Smart
Card Reader from using the Bluetooth technology installed on the computer, you can restrict the availability of the
Bluetooth technology on the computer.
For more information about restricting Bluetooth technology on a computer in your organization, see Restricting
Bluetooth technology on Bluetooth enabled computers BlackBerry Smart Card Reader Technical Overview.
Bluetooth security measures on the BlackBerry Smart Card
Reader
The following security methods on the BlackBerry® Smart Card Reader enhance the existing protection of the
Bluetooth® technology on a Bluetooth enabled BlackBerry device.
Security method
limited use of serial port profiles
use of Bluetooth pairing process to
help prevent passive attack
control of the Bluetooth range
protection of the Bluetooth
encryption key
Description
The BlackBerry Smart Card Reader uses the Bluetooth Serial Port Profile
only, allowing you to use application control to turn off all the other
profiles and prevent third-party applications from using the BlackBerry
Smart Card Reader.
During the Bluetooth pairing process, the BlackBerry Smart Card Reader
uses a random key (unlike the hard-coded keys that headsets and other
Bluetooth enabled devices use).
A user always starts the Bluetooth pairing process from the BlackBerry
device or computer. If a message prompts the user to type a pairing
password when the user did not start a pairing process, the user knows
that another device, which the user might not want to connect to, started
the pairing process. The Bluetooth pairing process is designed to help
prevent a passive attack in which a user with malicious intent tries to
search for the BlackBerry device PIN.
You can use the Maximum Bluetooth Range IT policy rule to control the
power level of the Bluetooth wireless adapter on the BlackBerry Smart
Card Reader. When you configure the power level, you can control the
range of proximity between the BlackBerry Smart Card Reader and the
BlackBerry device at which the two parties close the Bluetooth connection
between them. The range value does not translate to a specific distance
because the Bluetooth range is partially determined by the power level.
The range value is also heavily influenced by environmental factors,
including obstructions and electromagnetic radiation. As a general rule,
the Bluetooth range at power setting n+1 is longer than the range at power
setting n.
After the user resets the BlackBerry Smart Card Reader, a BlackBerry
device can perform the Bluetooth pairing process and the secure paring
process to reconnect to the BlackBerry Smart Card Reader. If that
BlackBerry device was the last BlackBerry device to connect to the
BlackBerry Smart Card Reader before the user reset the BlackBerry Smart
Card Reader, the BlackBerry Smart Card Reader restores the backed-up
Bluetooth encryption key for that Bluetooth connection and opens the
Bluetooth connection to the BlackBerry device automatically. You can use
the Maximum Bluetooth Encryption Key Regeneration Period IT policy rule
to set the period after which the BlackBerry device generates a new
Bluetooth encryption key.
9