Blackberry PRD-09695-004 Technical Overview - Page 17

Connection key establishment protocol process

Get Blackberry PRD-09695-004 - SMART Card Reader PDF manuals and user guides
UPC - 097738554967
View all Blackberry PRD-09695-004 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

The connection key establishment protocol uses the ECDH algorithm that the initial key establishment protocol negotiates. The ECDH algorithm provides Perfect Forward Secrecy, which uses the key that protects data to prevent the protocol from deriving previous or subsequent encryption keys. Each run of the connection key establishment protocol uses a unique, random, ephemeral key pair to create the new connection key. The BlackBerry Smart Card Reader discards the ephemeral key pair after generating the connection key. Even if the ephemeral private keys from a particular protocol run using the ECDH algorithm are compromised, the connection keys from other runs of the same protocol remain uncompromised. Connection key establishment protocol process 1. The BlackBerry® device or computer sends an initial echo of the value 0xC1F34151520CC9C2 to the BlackBerry® Smart Card Reader to confirm that a Bluetooth® connection to the BlackBerry Smart Card Reader exists and to verify that both sides understand the protocol. 2. The BlackBerry Smart Card Reader receives the initial echo and replies with an echo transmission of the same value. 3. The BlackBerry device or computer receives the echo and uses the algorithm that the initial key establishment protocol negotiated to send the selected algorithms and a seed to the BlackBerry Smart Card Reader. 4. The BlackBerry Smart Card Reader performs the following calculation to select a short-term key (Y): • selects random y, 1 < y < r - 1 • calculates Y = yP • where P is defined on the curve negotiated by the initial key establishment protocol 5. The BlackBerry Smart Card Reader sends Y to the BlackBerry device or computer. 6. The BlackBerry device or computer performs the following calculation to select a short-term key (X): • selects random x, 1 < x < r - 1 • calculates X = xP • calculates the connection key (CK) using the following information: Parameter Value K xY = xyP H1 SHA-512 (sent data packets) H2 SHA-512 (received data packets) H H1 + H2 CK SHA-256 ( MK || H || MK || K ) 7. The BlackBerry device or computer sends X to the BlackBerry Smart Card Reader. 8. The BlackBerry device or computer performs a hashing function to calculate CK. 9. The BlackBerry Smart Card Reader calculates CK using the following information: Parameter K H1 H2 H CK Value yX = yxP SHA-512 (sent data packets) SHA-512 (received data packets) H1 + H2 SHA-256( MK || H || MK || K ) The BlackBerry device or computer and the BlackBerry Smart Card Reader share a connection key. 17

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
The connection key establishment protocol uses the ECDH algorithm that the initial key establishment protocol
negotiates. The ECDH algorithm provides Perfect Forward Secrecy, which uses the key that protects data to prevent
the protocol from deriving previous or subsequent encryption keys. Each run of the connection key establishment
protocol uses a unique, random, ephemeral key pair to create the new connection key. The BlackBerry Smart Card
Reader discards the ephemeral key pair after generating the connection key. Even if the ephemeral private keys from
a particular protocol run using the ECDH algorithm are compromised, the connection keys from other runs of the
same protocol remain uncompromised.
Connection key establishment protocol process
1.
The BlackBerry® device or computer sends an initial echo of the value 0xC1F34151520CC9C2 to the
BlackBerry® Smart Card Reader to confirm that a Bluetooth® connection to the BlackBerry Smart Card
Reader exists and to verify that both sides understand the protocol.
2.
The BlackBerry Smart Card Reader receives the initial echo and replies with an echo transmission of the
same value.
3.
The BlackBerry device or computer receives the echo and uses the algorithm that the initial key
establishment protocol negotiated to send the selected algorithms and a seed to the BlackBerry Smart Card
Reader.
4.
The BlackBerry Smart Card Reader performs the following calculation to select a short-term key (
Y
):
selects random
y
, 1 <
y
< r – 1
calculates
Y
=
yP
where
P
is defined on the curve negotiated by the initial key establishment protocol
5.
The BlackBerry Smart Card Reader sends
Y
to the BlackBerry device or computer.
6.
The BlackBerry device or computer performs the following calculation to select a short-term key (
X
):
selects random
x
, 1 <
x
< r – 1
calculates
X
=
xP
calculates the connection key (
CK
) using the following information:
Parameter
Value
K
xY = xyP
H1
SHA-512 (sent data packets)
H2
SHA-512 (received data packets)
H
H1 + H2
CK
SHA-256 (
MK
||
H
||
MK
||
K
)
7.
The BlackBerry device or computer sends X to the BlackBerry Smart Card Reader.
8.
The BlackBerry device or computer performs a hashing function to calculate CK.
9.
The BlackBerry Smart Card Reader calculates CK using the following information:
Parameter
Value
K
yX = yxP
H1
SHA-512 (sent data packets)
H2
SHA-512 (received data packets)
H
H1 + H2
CK
SHA-256(
MK
||
H
||
MK
||
K
)
The BlackBerry device or computer and the BlackBerry Smart Card Reader share a connection key.
17