Blackberry PRD-09695-004 Technical Overview - Page 14

IT policy rule Maximum PC Long Term Timeout Maximum PC Bluetooth Traffic Inactivity Timeout Maximum Number of PC Transactions Maximum Number of PC Pairings Description This rule specifies the maximum time, in hours, after a computer and the BlackBerry Smart Card Reader open the secure pairing connection between them that the computer and the BlackBerry Smart Card Reader delete the secure pairing information. This rule specifies the maximum time, in minutes, of inactivity over the Bluetooth connection between the BlackBerry Smart Card Reader and a computer before the computer and the BlackBerry Smart Card Reader delete the secure pairing information. This rule specifies the maximum number of transactions (smart card- related operations) that a computer and the BlackBerry Smart Card Reader can send and receive between them before the computer and the BlackBerry Smart Card Reader delete the secure pairing information. A transaction is any request and response set of data packets other than a connection heartbeat. This rule specifies the maximum number of computers that can pair with the BlackBerry Smart Card Reader. The BlackBerry Smart Card Reader also uses the Disable Radio When Cradled IT policy rule, which controls whether the wireless adapter is turned off when the BlackBerry device is connected to USB peripherals. If you change this rule to Yes, the Bluetooth wireless adaptor of the BlackBerry Smart Card Reader is turned off whenever the BlackBerry Smart Card Reader is connected to a computer using a USB connection. For more information. see the BlackBerry Enterprise Server Policy Reference Guide. Opening an encrypted and authenticated connection to the BlackBerry Smart Card Reader Before the BlackBerry® Smart Card Reader and a BlackBerry device or computer can open an encrypted and authenticated connection between them, the BlackBerry Smart Card Reader and the BlackBerry device or computer must perform a Bluetooth® pairing process to open a Bluetooth connection. The BlackBerry Smart Card Reader and the BlackBerry device or computer can then perform a secure pairing process to open a connection between the smart card and the BlackBerry device or computer. The secure pairing process is designed to allow the BlackBerry Smart Card Reader and the BlackBerry device or computer to encrypt and authenticate the data that they send between them over the application layer. During the secure pairing process the following events occur: • the initial key establishment protocol creates a shared device transport key on the BlackBerry device or computer and the BlackBerry Smart Card Reader that the BlackBerry device or computer and the BlackBerry Smart Card Reader use to encrypt and decrypt the data that they send between them • the connection key establishment protocol creates a shared connection key on the BlackBerry device or computer and the BlackBerry Smart Card Reader that the BlackBerry device or computer and the BlackBerry Smart Card Reader use to send data between them The user must perform a Bluetooth pairing process once only but must perform a secure pairing each time that the BlackBerry device or computer deletes the secure pairing information. You can control when the BlackBerry device or computer deletes the secure pairing information using BlackBerry Enterprise Server IT policy rules for the BlackBerry Smart Card Reader. Secure pairing PIN The first time that the BlackBerry® Smart Card Reader connects to a BlackBerry device or computer, the BlackBerry Smart Card Reader pairs with the BlackBerry device or computer using Bluetooth® technology and generates a secure pairing PIN. The secure pairing PIN is designed to protect data as it travels between the BlackBerry Smart 14