Blackberry Smart Card Reader; Authenticating A User Using A Smart Card; Integrating A Smart Card With Existing Secure Messaging Technology - Blackberry PRD-09695-004 - SMART Card Reader Manual

BlackBerry Smart Card Reader

This document describes the security features that the BlackBerry® Smart Card Reader Version 1.5 SP1 supports
unless otherwise stated. See the documentation for earlier software versions of the BlackBerry Smart Card
Reader to determine if an earlier version supports a specific feature.
See the BlackBerry Enterprise Solution Security Acronym Glossary for the full terms substituted by the acronyms
in this document.
BlackBerry Smart Card Reader
The BlackBerry Smart Card Reader for BlackBerry devices is an accessory that, when used in proximity to certain
Bluetooth® enabled BlackBerry devices and computers, integrates smart card use with the BlackBerry®
Enterprise Solution, letting users authenticate with their smart cards to log in to Bluetooth enabled BlackBerry
devices and computers.
The BlackBerry Smart Card Reader is designed to perform the following actions:
•
communicate over the wireless network with Bluetooth wireless technology version 1.1 or later–enabled
BlackBerry devices and computers using the AES 256 encryption method (by default) on the application
layer
•
create a reliable two-factor authentication environment for granting users access to BlackBerry and PKI
applications
•
enable the wireless digital signing and encryption of wireless email messages sent from the BlackBerry
device using the S/MIME Support Package
•
store all encryption keys in RAM only and never write the keys to flash memory

Authenticating a user using a smart card

The BlackBerry Smart Card Reader allows you to use two-factor authentication, using a smart card, to require
users to prove their identities to the BlackBerry devices or computers by two factors:
•
what they have (the smart card)
•
what they know (their smart card password)

Integrating a smart card with existing secure messaging technology

In addition to standard BlackBerry encryption, you can turn on secure messaging technology to offer an
additional layer of security between the sender and the recipient of an email or PIN message. The S/MIME
Support Package is designed to let BlackBerry device users who are already sending and receiving S/MIME
messages using the email applications on their computers to send and receive S/MIME protected messages
using their BlackBerry devices. Users can sign, encrypt, and send S/MIME messages from their BlackBerry
devices. BlackBerry devices can decrypt received messages that are encrypted using S/MIME so that users can
read them on their BlackBerry devices.
Users might require a smart card authenticator module and must have a smart card driver and the BlackBerry
Smart Card Reader driver installed on their Bluetooth enabled BlackBerry devices to perform a Bluetooth pairing
followed by a secure pairing with their BlackBerry Smart Card Readers. The S/MIME Support Package supports
smart card use and includes tools for obtaining certificates and transferring them to the BlackBerry device for
use with the S/MIME Support Package.
After the BlackBerry device and the BlackBerry Smart Card Reader establish a secure pairing, you can set the
S/MIME Force Smartcard Use IT policy rule to require the use of the smart card to sign, encrypt, or sign and
encrypt S/MIME-protected messages on the BlackBerry device.
www.blackberry.com
4