Performing The Bluetooth Pairing Process And The Secure Pairing Process On The Blackberry Device; Performing The Bluetooth Pairing Process And The Secure Pairing Process On The Computer; Reconnecting To The Blackberry Device Or Computer Automatically; Initial Key Establishment Protocol Used In The Secure Pairing Process - Blackberry PRD-09695-004 - SMART Card Reader Manual

BlackBerry Smart Card Reader
device or computer deletes the secure pairing information using BlackBerry Enterprise Server IT policy rules for
the BlackBerry Smart Card Reader.
Performing the Bluetooth pairing process and the secure pairing process on the BlackBerry
device
The user can start the Bluetooth pairing process and the secure pairing process automatically by clicking
Connect on the BlackBerry Smart Card Reader options screen on the BlackBerry device. If the user is running
BlackBerry Device Software Version 4.0 or later on the BlackBerry device, the user can start the secure pairing
process by trying an action on the BlackBerry device that requires the smart card (for example, importing
certificates, signing or decrypting a message, or turning on two-factor authentication). If the user is running
BlackBerry Device Software Version 4.0.2 or later on the BlackBerry device, trying an action on the BlackBerry
device that requires the smart card can also start the Bluetooth pairing process.
See the BlackBerry Smart Card Reader Getting Started Guide for more information.

Performing the Bluetooth pairing process and the secure pairing process on the computer

The user must manually connect to the BlackBerry Smart Card Reader from the BlackBerry Smart Card Reader
Options dialog on the computer to start the Bluetooth pairing process. When the Bluetooth pairing is
established, the computer automatically prompts the user to perform the secure pairing process.
See the BlackBerry Smart Card Reader Getting Started Guide for more information.

Reconnecting to the BlackBerry device or computer automatically

The BlackBerry Smart Card Reader is designed to reconnect automatically to a BlackBerry device or computer
with which it has previously connected and for which it has not deleted the Bluetooth encryption key or secure
pairing key. You can set the Disable Auto Reconnect To BlackBerry Smart Card Reader IT policy rule to prevent
the BlackBerry device or computer from reconnecting to the BlackBerry Smart Card Reader automatically.
Turning off the automatic reconnection feature is designed to increase the battery life of the BlackBerry device.

Initial key establishment protocol used in the secure pairing process

The initial key establishment protocol uses the ECDH algorithm to negotiate numerous algorithms for use in
subsequent secure pairing key and connection key exchanges, including the following algorithms:
•
the elliptic curve used by future ECDH exchanges (The initial key establishment protocol is designed to
negotiate to use 521-bit Random Curve.)
•
the encryption algorithm and hash algorithms used by the encryption and authentication processes on the
application layer (The initial key establishment protocol is designed to negotiate to use AES-256 and SHA-
256 for application layer encryption and authentication, and SHA-512 for IT policy authentication.)
See "Appendix A: BlackBerry Smart Card Reader supported algorithms" on page 20 for more information.
Initial key establishment protocol process
1. The BlackBerry device or computer sends an initial echo of the value 0xC1F34151520CC9C2 to the
BlackBerry Smart Card Reader to confirm that a Bluetooth connection to the BlackBerry Smart Card Reader
exists and to verify that both sides understand the protocol.
2. The BlackBerry Smart Card Reader receives the initial echo and replies with an echo transmission of the
same value.
3. The BlackBerry device or computer receives the echo and replies to the BlackBerry Smart Card Reader with
a request for a list of supported algorithms.
4. The BlackBerry Smart Card Reader creates a list of all of the algorithms that it supports and sends the
supported algorithms list to the BlackBerry device or computer.
5. The BlackBerry device or computer searches the list for a match with one of its own supported algorithms.
www.blackberry.com
14