Instruction/ maintenance manual of the product PRD-09695-004 BlackBerry
Go to page of 34
BlackBerry Smart Card Reader Ve r s i o n 2.0 Securi ty T echnical Ov erview.
Con ten ts BlackBerry Smart Card Reader ................................................................................................... ............................. 4 Authenticating a user using a smart card ......................................
BlackBerry Smart Card Reader sh ared cryptosystem parameters .................................................................... .2 5 Examples of attacks that the BlackBerry S mart Card Re ader security protocols are designed to prevent .. 26 Eavesdropping .
BlackBerry Smart Car d R eader The BlackBerry® Smart Card Reader is an accessory that, when used in proximity to certain Bluetooth® enabled BlackBerry devices and computers, permits users to authen ticate with their smart cards and log in to Bluetooth enabled BlackBerry devices and computers.
New in this r elease Feature Description proximity authentication Proximity authentication is an authentication method that permits a user to unlock a BlackBerry® device using a BlackBerry device pas.
System r equir emen ts The BlackBerry® Smart Card Reader supports th e following software and BlackBerry devices: BlackBerry Enterprise Server software Computer BlackBerry devices • BlackBerry® Enterprise Server version 4.
System ar chi tectur e The BlackBerry® Smart Card Reader is designed to conne ct to a Bluetooth® enabled BlackBerry device and a Bluetooth enabled computer. The BlackBerry Smart Card R eader supports using certificates tha t a PKI generates with a BlackBerry device.
BlackBerry En terprise Solution securi ty The BlackBerry® Enterprise Solution is designed to encrypt da ta that is in transit at a ll points between a BlackBerry device and the BlackBerry® Enterprise Server to help protec t your organization from data loss or alteration.
Restricting Bluetooth technology on a Bluetooth enabled computer On a Bluetooth® enabled computer, when a Bluetooth wirele ss adaptor exists and is turned on, the computer also installs Bluetooth drivers (and a personal area networking device, optionally) for that wireless adaptor.
BlackBerry Smart Car d R eader securi ty The BlackBerry® Smart Card Reader is designed to prevent offline and online dictionary attacks using the following security methods.
11 Security method Description code signing Before a user can run a permitted th ird-party application th at uses the controlled APIs on the BlackBerry device, the Res earch In Motion signing authority system must use public key cryptography to au thorize and authenticate the application code.
• prevent third-party applications that have obtained a digital signature from the Research In Motion signing authority system from using the BlackBerry device controlled APIs to do anything other t.
13 IT policy rule Description Maximum Connection Heartbeat Period This rule specifies the maximum h eartbeat period, in seconds. During each heartbeat period, the paired Blac kBerry device or computer sends a heartbeat, which the BlackBerry Smart Card Reader acknowledges.
14 IT policy rule Description Maximum PC Long Term Timeout This rule specifies the maximum time, in hours, after a computer and the BlackBerry Smart Card Reader open the secure pairing connection between them that th e computer and the BlackBerry Smart Card Reader delete the secure pairing information.
Card Reader and the BlackBerry device or computer. By default, the secure pairing PIN is 8 characters long and is case-sensitive. If your organization uses BlackBerry Smart Card Reader version 2.
4. The BlackBerry Smart Card Reader creates a list of all the algorithms that it supports and sends the supported algorithms list to the BlackBerry device or computer. 5. The BlackBerry device or computer searches the list for a match with one of its own supported algorithms.
The connection key establishment protoc ol uses the ECDH algorithm that th e initial key establishment protocol negotiates. The ECDH algorithm provides Perfect Forward Secrecy, which uses the key that protects data to prevent the protocol from deriving previous or subsequent encryp tion keys.
For more information about variables used in this process, see “ BlackBerry Smart Card Reader shared cryptosystem parameters ”. The connection key establishment protocol can stop at any point if an error occurs. For more information, see “ Connection key establishment protocol errors ”.
• The BlackBerry device binds to the installed smart ca rd automatically by storing the smart card binding information in a BlackBerry device NV store location, which is designed to be inaccessible to the user. For more information, see “Smart card binding information ”.
P r oximi ty authen tica tion Proximity authentication is an authen tication method that permits a user to unlock a BlackBerry ® device using the BlackBerry device password and the BlackBerry® Smart Card Reader within Bluetooth® technology range of the BlackBerry device.
factor content protection mandatory or optional, or to prev ent a user from configuring it, you can use the Two-factor Content Protection Usage IT policy rule.
BlackBerry Smart Car d R eader supported algori thms Algorithm type Algorithm elliptic curve (default) • 571-bit Koblitz Curve (EC571K1) • 521-bit Random Curve (EC521 R1) • 283-bit Koblitz Curve.
Connection k ey establishmen t pr otocol err ors During the connection key establishment protocol process, if an error occurs on the BlackBerry® device, the computer, or the BlackBerry® Smart Card Reader, that party sends an error c ode to the other party negotiating the connection key.
Applica tion la y er pr otocol encryption and authen tica tion By default, each data packet that a BlackBerry® device or computer and the BlackBerry® Smart Card Reader send between them is authentic.
BlackBerry Smart Car d Reader shar ed cryptosystem parame ters The BlackBerry® Smart Card Reader and a BlackBerry device or computer with the BlackBerry Smart Card Reader software and drivers installed are designed to share the following cryptosystem parameters.
Examples of a ttacks tha t the BlackBerry Smart Car d R eader securi ty pr otocols are designed to pr ev en t Eavesdropping An eavesdropping event occurs when a user with malici ous intent listens to the communication between the BlackBerry® Smart Card Reader and a BlackBerry device or co mputer.
yxS = yxzP , for some z such that S = zP . To calculate yxP from yzxP without knowledge of z corresponds to solving the discrete logarithm problem, which is computationally infeasible, for S .
Smart car d binding informa tion When you or a user turns on two-factor authentication on a BlackBerry® device, the BlackBerry device binds to the installed smart card automatically by storing the fo.
BlackBerry Smart Car d Reader r ese t process When a user resets the BlackBerry® Smart Card Reader, the BlackBerry Smart Card Reader performs the following actions: • backs up the Bluetooth® encry.
R ela ted r esour ces Resource Information BlackBerry Enterprise Solution Security Technical Overview • preventing the decryption of information at an intermediate point between the BlackBerry® dev.
Glossary AES Advanced Encryption Standard API application programming interface CBC cipher block chaining ECDH Elliptic Curve Diffie-Hellman HMAC keyed-hash message authentication code LAN local area .
P r ovide feedback To provide feedback on this deliverable, visit www.blackberry.com/docsfeedback . 32.
Legal notice Document ID: 25979072 version 3 ©2009 Research In Motion Limited. All righ ts reserved. BlackBerry®, RIM® , Research In Motion®, Sure Type®, SurePress™ and relate d trademar ks, names, and logos are the property of Research In Motion Limited and are registered and/or used in the U.
should not install or use Third Party Produc ts and Services until all necess ary licenses have been acqui red. Any Third Party Pr oducts and Services that are provided with RIM's products and se.
An important point after buying a device BlackBerry PRD-09695-004 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought BlackBerry PRD-09695-004 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data BlackBerry PRD-09695-004 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, BlackBerry PRD-09695-004 you will learn all the available features of the product, as well as information on its operation. The information that you get BlackBerry PRD-09695-004 will certainly help you make a decision on the purchase.
If you already are a holder of BlackBerry PRD-09695-004, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime BlackBerry PRD-09695-004.
However, one of the most important roles played by the user manual is to help in solving problems with BlackBerry PRD-09695-004. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device BlackBerry PRD-09695-004 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
