Blackberry PRD-09695-004 Technical Overview - Page 16

Connection key establishment protocol used in the secure pairing process, Parameter, Value

Get Blackberry PRD-09695-004 - SMART Card Reader PDF manuals and user guides
UPC - 097738554967
View all Blackberry PRD-09695-004 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 16 highlights

4. The BlackBerry Smart Card Reader creates a list of all the algorithms that it supports and sends the supported algorithms list to the BlackBerry device or computer. 5. The BlackBerry device or computer searches the list for a match with one of its own supported algorithms. • If a match is not available, the BlackBerry device or computer sends an error to the BlackBerry Smart Card Reader and stops processing the list. • If a match exists, the BlackBerry device or computer begins the key establishment process by sending a pairing request using the selected algorithms and a 64-byte seed to the BlackBerry Smart Card Reader. 6. The BlackBerry Smart Card Reader verifies the selected algorithms. 7. The BlackBerry Smart Card Reader performs the following calculation to select a short-term key (Y): • selects random y, 1 < y < r - 1 • calculates Y = yS 8. The BlackBerry Smart Card Reader sends Y to the BlackBerry device or computer. 9. The BlackBerry device or computer performs the following calculations to select a short-term key (X): • selects random x, 1 < x < r - 1 • calculates X = xS • calculates the device transport key (MK) using the following information: Parameter Value K xY = xyS H1 SHA-512 (sent data packets) H2 SHA-512 (received data packets) • calculates H = H1 + H2 • calculates MK = SHA-256( H || K ) 10. The BlackBerry device sends X to the BlackBerry Smart Card Reader. 11. The BlackBerry Smart Card Reader calculates MK using the following information: Parameter K H1 H2 H MK Value yX = yxS SHA-512 (sent data packets) SHA-512 (received data packets) H1 + H2 SHA-256 ( H || K ) The BlackBerry device or computer and the BlackBerry Smart Card Reader share a device transport key. For more information about variables used in this process, see "BlackBerry Smart Card Reader shared cryptosystem parameters". Connection key establishment protocol used in the secure pairing process After the initial key establishment protocol process completes successfully, a BlackBerry® device or computer and the BlackBerry® Smart Card Reader share a device transport key. They must then generate a connection key to use to send data between them. The connection key establishment protocol starts from the secure pairing PIN s using SPEKE, letting the BlackBerry device or computer generate long-term public keys and a strong, cryptographically protected connection with the BlackBerry Smart Card Reader. 16

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
4.
The BlackBerry Smart Card Reader creates a list of all the algorithms that it supports and sends the
supported algorithms list to the BlackBerry device or computer.
5.
The BlackBerry device or computer searches the list for a match with one of its own supported algorithms.
If a match is not available, the BlackBerry device or computer sends an error to the BlackBerry Smart
Card Reader and stops processing the list.
If a match exists, the BlackBerry device or computer begins the key establishment process by sending
a pairing request using the selected algorithms and a 64-byte seed to the BlackBerry Smart Card
Reader.
6.
The BlackBerry Smart Card Reader verifies the selected algorithms.
7.
The BlackBerry Smart Card Reader performs the following calculation to select a short-term key (
Y
):
selects random
y
, 1 <
y
< r – 1
calculates
Y
=
yS
8.
The BlackBerry Smart Card Reader sends
Y
to the BlackBerry device or computer.
9.
The BlackBerry device or computer performs the following calculations to select a short-term key (
X
):
selects random
x
, 1 <
x
< r – 1
calculates
X
=
xS
calculates the device transport key (
MK
) using the following information:
Parameter
Value
K
xY = xyS
H1
SHA-512 (sent data packets)
H2
SHA-512 (received data packets)
calculates H = H1 + H2
calculates MK = SHA-256( H || K )
10.
The BlackBerry device sends
X
to the BlackBerry Smart Card Reader.
11.
The BlackBerry Smart Card Reader calculates
MK
using the following information:
Parameter
Value
K
yX = yxS
H1
SHA-512 (sent data packets)
H2
SHA-512 (received data packets)
H
H1 + H2
MK
SHA-256 (
H
||
K
)
The BlackBerry device or computer and the BlackBerry Smart Card Reader share a device transport key.
For more information about variables used in this process, see “BlackBerry Smart Card Reader shared cryptosystem
parameters”.
Connection key establishment protocol used in the secure pairing process
After the initial key establishment protocol process completes successfully, a BlackBerry® device or computer and
the BlackBerry® Smart Card Reader share a device transport key. They must then generate a connection key to use
to send data between them. The connection key establishment protocol starts from the secure pairing PIN
s
using
SPEKE, letting the BlackBerry device or computer generate long-term public keys and a strong, cryptographically
protected connection with the BlackBerry Smart Card Reader.
16