1. Manuals
  2. Brands
  3. Blackberry Manuals
  4. Card Reader
  5. PRD-09695-004 - SMART Card Reader
  6. Manual

Appendix C: Application Layer Protocol Encryption And Authentication - Blackberry PRD-09695-004 - SMART Card Reader Manual

Blackberry smart card reader security technical overview
Hide thumbs Also See for PRD-09695-004 - SMART Card Reader:
Table of Contents

Advertisement

BlackBerry Smart Card Reader

Appendix C: Application layer protocol encryption and authentication

By default, each data packet that the BlackBerry device or computer and the BlackBerry Smart Card Reader send
between them is authenticated and encrypted using the following methods:
authenticated with HMAC using the negotiated SHA algorithm
encrypted with AES of the negotiated key size using CBC mode
Anatomy of data packet formatted for transmission over the application layer
The connection key protocol establishes a shared connection key CK from which the BlackBerry device or
computer and the BlackBerry Smart Card Reader derive the four session keys that they use on the application
layer to protect the data that they send between them.
Connection session key
KeySendEnc
KeyRecEnc
KeySendAuth
KeyRecAuth
Note: S1, S2, S3, and S4 are hard-coded strings that the BlackBerry device or computer and the BlackBerry Smart
Card Reader use in the key derivation to prevent calculating session keys that are the same as each other.
www.blackberry.com
Value
Description
SHA-256( CK || S1 )
SHA-256( CK || S2 )
the AES-256 key that the BlackBerry device, the
computer, or the BlackBerry Smart Card Reader
generates to decrypt the data that it receives from the
other party over the application layer
SHA-256( CK || S3 )
SHA-256( CK || S4 )
the HMAC authentication key that the BlackBerry device,
the computer, or the BlackBerry Smart Card Reader
generates to authenticate the data that it receives from
the other party over the application layer
the AES-256 key that the BlackBerry device, the
computer, or the BlackBerry Smart Card Reader
generates to encrypt the data that it sends to the
other party over the application layer
the other party must use KeyRecEnc to respond to
KeySendEnc
the HMAC authentication key that the BlackBerry
device, the computer, or the BlackBerry Smart Card
Reader generates to authenticate the data that it
sends to the other party over the application layer
the other party must use KeyRecAuth to respond to
KeySendAuth
22

Advertisement

Table of Contents
loading

Related Manuals for Blackberry PRD-09695-004 - SMART Card Reader

Related Content for Blackberry PRD-09695-004 - SMART Card Reader

This manual is also suitable for:

Smart card reader

Table of Contents