Blackberry PRD-09695-004 Technical Overview - Page 12

• prevent third-party applications that have obtained a digital signature from the Research In Motion signing authority system from using the BlackBerry device controlled APIs to do anything other than access persistent storage of user data and communicate with other applications You can configure application control policy rules so that all Bluetooth profiles are unavailable for applications by default and then turn on the Bluetooth Serial Port Profile for the BlackBerry Smart Card Reader driver only. In this configuration, only the necessary applications are allowed to use the BlackBerry Smart Card Reader driver. Managing the BlackBerry Smart Card Reader You can configure IT policy rules to manage the behavior of the BlackBerry® Smart Card Reader. IT policy rule Disable Auto Reconnect To BlackBerry Smart Card Reader Force Erase All Keys on BlackBerry Disconnected Timeout Force Erase Key On PC Standby Force Smart Card Two Factor Authentication Force Smart Card Two Factor Challenge Response Lock on Smart Card Removal Maximum Bluetooth Encryption Key Regeneration Period Description This rule prevents automatic reconnections to the BlackBerry Smart Card Reader from a previously connected BlackBerry device and computer. Turning off automatic reconnections from the BlackBerry device is designed to increase the life of battery on the BlackBerry device. This rule specifies whether a BlackBerry device deletes its secure pairing PIN and closes its connection to the BlackBerry Smart Card Reader when the connection timeout period expires. This rule also specifies whether the BlackBerry Smart Card Reader deletes all secure pairing PINs and closes all connections to a connected computer when the connection timeout period expires. This rule specifies whether a computer deletes its secure pairing PIN and closes the connection to the BlackBerry Smart Card Reader when the computer enters standby mode. This rule specifies whether a user must type the BlackBerry device password and the smart card password to use a BlackBerry device. You can use Windows® Local Security Policy settings to specify whether a user must connect to a supported smart card reader from the Windows login screen to use a computer. This rule specifies whether a user must choose a smart card certificate for use with smart card two-factor authentication. If two-factor authentication is turned on, when the user unlocks a BlackBerry device, the BlackBerry device sends a challenge to the smart card to verify that it is the same smart card that the BlackBerry device used to initialize the smart card authenticator module. This rule specifies whether a BlackBerry device locks when a user removes the smart card from a smart card reader or disconnects a smart card reader from the BlackBerry device. If you want to use this rule, you must verify that the smart card reader driver that your organization uses supports smart card removal detection. You can use Windows Local Security Policy settings to specify whether a computer locks when the user removes the smart card from a smart card reader or disconnects a smart card reader from the computer. This rule specifies a period, in hours, after which the BlackBerry Smart Card Reader regenerates a Bluetooth® encryption key if a BlackBerry device or computer is connected to the BlackBerry Smart Card Reader when the period expires. If the BlackBerry device or computer is not connected to the BlackBerry Smart Card Reader when the period expires, the BlackBerry Smart Card Reader regenerates the Bluetooth encryption key when the BlackBerry device or computer reconnects to the BlackBerry Smart Card Reader. 12