Blackberry PRD-09695-004 - SMART Card Reader Manual
  1. Manuals
  2. Brands
  3. Blackberry Manuals
  4. Card Reader
  5. PRD-09695-004 - SMART Card Reader
  6. Manual
Blackberry PRD-09695-004 - SMART Card Reader Manual

Blackberry PRD-09695-004 - SMART Card Reader Manual

Blackberry smart card reader security technical overview
Hide thumbs Also See for PRD-09695-004 - SMART Card Reader:
Table of Contents

Advertisement

Quick Links

Download this manual
BlackBerry Smart Card Reader
Version 1.5 Service Pack 1
Security Technical Overview
©
2007 Research In Motion Limited. All rights reserved.
www.blackberry.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the PRD-09695-004 - SMART Card Reader and is the answer not in the manual?

Questions and answers

Related Manuals for Blackberry PRD-09695-004 - SMART Card Reader

Summary of Contents for Blackberry PRD-09695-004 - SMART Card Reader

  • Page 1 BlackBerry Smart Card Reader Version 1.5 Service Pack 1 Security Technical Overview © 2007 Research In Motion Limited. All rights reserved. www.blackberry.com...

  • Page 2: Table Of Contents

    Establishing an encrypted and authenticated connection to the BlackBerry Smart Card Reader ...13 Performing the Bluetooth pairing process and the secure pairing process on the BlackBerry device 14 Performing the Bluetooth pairing process and the secure pairing process on the computer....14 Reconnecting to the BlackBerry device or computer automatically ............14...
  • Page 3 BlackBerry Smart Card Reader Offline dictionary attack...........................25 Online dictionary attack ...........................25 Small subgroup attack............................25 Appendix F: Smart card binding information ....................26 Appendix G: BlackBerry Smart Card Reader reset process................27 © 2007 Research In Motion Limited. All rights reserved. www.blackberry.com...

  • Page 4: Blackberry Smart Card Reader

    BlackBerry Smart Card Reader The BlackBerry Smart Card Reader for BlackBerry devices is an accessory that, when used in proximity to certain Bluetooth® enabled BlackBerry devices and computers, integrates smart card use with the BlackBerry® Enterprise Solution, letting users authenticate with their smart cards to log in to Bluetooth enabled BlackBerry devices and computers.

  • Page 5: New In This Release

    The BlackBerry Smart Card Reader cannot communicate with the BlackBerry Enterprise Server directly. When the BlackBerry device pushes an IT policy to the BlackBerry Smart Card Reader, the BlackBerry Smart Card Reader preserves the BlackBerry Enterprise Server signature on the IT policy.

  • Page 6: Bluetooth Enabled Blackberry Devices

    BlackBerry device and the BlackBerry Enterprise Server send between them while the data is in transit. The BlackBerry Enterprise Solution uses either the Triple DES algorithm or the AES algorithm for this standard BlackBerry encryption, which is designed to verify that a message that a user sends from a Blackberry device remains protected in transit to the BlackBerry Enterprise Server while the message data is outside of your organization’s firewall.

  • Page 7: Restricting Bluetooth Technology On The Computer

    Bluetooth devices other than the BlackBerry Smart Card Reader from using the Bluetooth technology installed on the computer, you or BlackBerry Smart Card Reader users with administrator privileges can restrict the availability of the Bluetooth technology on the computer.

  • Page 8: Blackberry Smart Card Reader Security

    Period IT policy rule to set the period after which the BlackBerry device generates a new Bluetooth encryption key. BlackBerry Smart Card Reader security The BlackBerry Smart Card Reader is designed to provide strong authentication to prevent offline and online dictionary attacks using the following security methods by default. Security method...
  • Page 9 27 for more information. Protected key storage To help limit the risk of key disclosure, the BlackBerry Smart Card Reader is designed to store all keys in its RAM only and does not write keys to its flash memory. To take the BlackBerry Smart Card Reader apart, the user must remove the battery, thereby clearing all of the keys on the BlackBerry Smart Card Reader.

  • Page 10: Control Bluetooth Connections From Third-Party Applications

    You can set application control policy rules so that all Bluetooth profiles are unavailable for applications by default and then turn on the Bluetooth Serial Port Profile for the BlackBerry Smart Card Reader driver only. In this configuration, only the necessary applications are permitted to use the BlackBerry Smart Card Reader driver.
  • Page 11 Specify whether the connected BlackBerry device deletes its secure Disconnected Timeout pairing key and drops its connection to the BlackBerry Smart Card Reader. Specify whether the BlackBerry Smart Card Reader deletes all secure pairing keys and drops all connections to connected computers when the BlackBerry disconnection timeout period expires.
  • Page 12 BlackBerry Smart Card Reader close the Bluetooth connection between them that the disconnection timeout period expires. Note: You can use the Force Erase All Keys on BlackBerry Disconnected Timeout IT policy rule to specify whether the BlackBerry device and computer delete their secure pairing keys for their current connections to the BlackBerry Smart Card Reader when the disconnection timeout period expires.

  • Page 13: Establishing An Encrypted And Authenticated Connection To The Blackberry Smart Card Reader

    BlackBerry device is connected to USB peripherals. If you set this IT policy rule to True, the Bluetooth wireless adaptor of the BlackBerry Smart Card Reader is turned off whenever the BlackBerry Smart Card Reader is connected to a computer using USB.

  • Page 14: Performing The Bluetooth Pairing Process And The Secure Pairing Process On The Blackberry Device

    3. The BlackBerry device or computer receives the echo and replies to the BlackBerry Smart Card Reader with a request for a list of supported algorithms. 4. The BlackBerry Smart Card Reader creates a list of all of the algorithms that it supports and sends the supported algorithms list to the BlackBerry device or computer.

  • Page 15: Connection Key Establishment Protocol Used In The Secure Pairing Process

    BlackBerry Smart Card Reader If a match is not available, the BlackBerry device or computer sends an error to the BlackBerry Smart Card Reader and stops processing the list. If a match exists, the BlackBerry device or computer begins the key establishment process by sending a pairing request using the selected algorithms and a 64-byte seed to the BlackBerry Smart Card Reader.
  • Page 16 BlackBerry Smart Card Reader to confirm that a Bluetooth connection to the BlackBerry Smart Card Reader exists and to verify that both sides understand the protocol. The BlackBerry Smart Card Reader receives the initial echo and replies with an echo transmission of the same value.

  • Page 17: Encrypting And Authenticating Data On The Application Layer

    You can set the Force Smart Card Two-Factor Authentication IT policy rule in the BlackBerry Manager to require that a user authenticates with the BlackBerry device using a smart card. If you do not force the user to authenticate with the BlackBerry device using a smart card, the user can turn on or turn off two-factor authentication with the smart card by setting the User Authenticator field in the BlackBerry device Security Options.

  • Page 18: Setting Two-Factor Authentication On The Computer

    Unbinding the smart card from the BlackBerry device When you or the user start the process that lets the BlackBerry device erase its stored user and application data, the BlackBerry device deletes the smart card binding information from its NV store. When the process completes, a user can authenticate with the BlackBerry device using a new smart card.

  • Page 19: Related Resources

    Information • BlackBerry Enterprise Solution Security Technical preventing the decryption of information at an Overview intermediate point between the BlackBerry device and the BlackBerry Enterprise Server or organization LAN • managing security settings for all BlackBerry devices • protecting data in transit between the...

  • Page 20: Appendix A: Blackberry Smart Card Reader Supported Algorithms

    160-bit Random Curve (EC160R1) • encryption AES-256* • AES-128 • hash SHA-512* • SHA-256* • SHA-1 *The initial key establishment protocol is designed to negotiate to use the algorithm indicated unless the BlackBerry device or the computer requires a different, supported algorithm. www.blackberry.com...

  • Page 21: Appendix B: Connection Key Establishment Protocol Errors

    During the connection key establishment protocol process, if an error occurs on the BlackBerry device, the computer, or the BlackBerry Smart Card Reader, that party sends an error code to the other party negotiating the connection key. The following errors might occur: •...

  • Page 22: Appendix C: Application Layer Protocol Encryption And Authentication

    Note: S1, S2, S3, and S4 are hard-coded strings that the BlackBerry device or computer and the BlackBerry Smart Card Reader use in the key derivation to prevent calculating session keys that are the same as each other.

  • Page 23: Appendix D: Blackberry Smart Card Reader Shared Cryptosystem Parameters

    BlackBerry Smart Card Reader Appendix D: BlackBerry Smart Card Reader shared cryptosystem parameters The BlackBerry Smart Card Reader and the BlackBerry device or computer with the BlackBerry Smart Card Reader software and drivers installed are designed to share the following cryptosystem parameters.

  • Page 24: Appendix E: Examples Of Attacks That The Blackberry Smart Card Reader Security Protocols Are Designed To Prevent

    Offline attack An offline attack occurs when the user with malicious intent tries to send X = xP, instead of xS to the BlackBerry Smart Card Reader. A user with malicious intent might try this because the user with malicious intent does not know the secure pairing key.

  • Page 25: Offline Dictionary Attack

    X as the point at infinity, then K is the point at infinity regardless of what the BlackBerry Smart Card Reader chose for Y. By checking that X is not at the point of infinity, 1, or –1, the BlackBerry Smart Card Reader security protocols avert this threat.

  • Page 26: Appendix F: Smart Card Binding Information

    Appendix F: Smart card binding information When you or a user turns on two-factor authentication on the BlackBerry device, the BlackBerry device binds to the installed smart card automatically by storing the following smart card binding information in a special BlackBerry device NV store location that is inaccessible to a user.

  • Page 27: Appendix G: Blackberry Smart Card Reader Reset Process

    The BlackBerry Smart Card Reader unbinds the IT policy by deleting the IT policy public key from its NV store so that it can receive a new IT policy and a digitally signed IT policy public key from a BlackBerry Enterprise Server.
  • Page 28 Part number: 12450959 Version 1 ©2007 Research In Motion Limited. All Rights Reserved. The BlackBerry and RIM families of related marks, images, and symbols are the exclusive properties of Research In Motion Limited. RIM, Research In Motion, BlackBerry, "Always On, Always Connected"...

This manual is also suitable for:

Smart card reader

Table of Contents