Blackberry PRD-09695-004 Technical Overview - Page 19

•

The BlackBerry device binds to the installed smart card automatically by storing the smart card binding

information in a BlackBerry device NV store location, which is designed to be inaccessible to the user.

For more information, see “Smart card binding information”.

Confirming that a BlackBerry device is bound to the correct smart card

After a user turns on two-factor authentication, whenever a BlackBerry® device prompts the user to insert the smart

card into the BlackBerry® Smart Card Reader, the BlackBerry device prompt indicates the label and the card type of

the correct (bound) smart card.

The user can also view smart card information in the Security options on the BlackBerry device.

Field

Description

Name

This field indicates the type of the installed smart card.

Initialized

This field indicates whether the BlackBerry device is authenticated with and bound to the

smart card

•

A value of Yes indicates that the BlackBerry device is bound to the smart card.

•

A value of No indicates that the BlackBerry device is not bound to the smart card.

Unbinding the smart card from a BlackBerry device

When you or a user start the process that permits a BlackBerry® device to permanently deletes its stored user and

application data, the BlackBerry device deletes the smart card binding information from its NV store. When the

process completes, a user can authenticate with the BlackBerry device using a new smart card.

You can delete the smart card binding information from the BlackBerry device manually in the following ways:

•

Send the Erase Data and Disable Device IT administration command to the BlackBerry device to delete the

binding between a user’s current smart card and the BlackBerry device.

•

When the user turns off two-factor authentication, the BlackBerry device turns off two-factor authentication

with the installed smart card and deletes the smart card binding information from the BlackBerry device.

Configuring two-factor authentication on a computer

For information about configuring a computer to require the user to connect to a supported smart card reader from

the Windows login screen to use the computer, see the Windows® documentation.

19

Section	Page
BlackBerry Smart Card Reader	4
Authenticating a user using a smart card	4
Integrating a smart card with existing secure messaging technology	4
New in this release	5
System requirements	6
System architecture	7
BlackBerry Enterprise Solution security	8
Protecting Bluetooth connections on a BlackBerry device	8
Managing a Bluetooth enabled BlackBerry device	8
Restricting Bluetooth technology on a Bluetooth enabled computer	9
Bluetooth security measures on the BlackBerry Smart Card Reader	9
BlackBerry Smart Card Reader security	10
Control Bluetooth connections from third-party applications	11
Managing the BlackBerry Smart Card Reader	12
Opening an encrypted and authenticated connection to the BlackBerry Smart Card Reader	14
Secure pairing PIN	14
Performing the Bluetooth pairing process and the secure pairing process on a BlackBerry device	15
Performing the Bluetooth pairing process and the secure pairing process on a computer	15
Reconnecting to a BlackBerry device or computer automatically	15
Initial key establishment protocol used in the secure pairing process	15
Initial key establishment protocol process	15
Connection key establishment protocol used in the secure pairing process	16
Connection key establishment protocol process	17
Encrypting and authenticating data on the application layer	18
Two-factor authentication	18
Turning on two-factor authentication on a BlackBerry device	18
Confirming that a BlackBerry device is bound to the correct smart card	19
Unbinding the smart card from a BlackBerry device	19
Configuring two-factor authentication on a computer	19
Proximity authentication	20
Locking a BlackBerry device when the BlackBerry Smart Card Reader moves out of Bluetooth technology range	20
Configuring a BlackBerry device to use a specific BlackBerry Smart Card Reader	20
Two-factor content protection	20
Process flow: Protecting the content encryption key using two-factor content protection	21
BlackBerry Smart Card Reader supported algorithms	22
Connection key establishment protocol errors	23
Application layer protocol encryption and authentication	24
BlackBerry Smart Card Reader shared cryptosystem parameters	25
Examples of attacks that the BlackBerry Smart Card Reader security protocols are designed to prevent	26
Eavesdropping	26
Impersonating a BlackBerry device or computer	26
Man-in-the-middle attack	26
Offline attack	26
Offline dictionary attack	27
Online dictionary attack	27
Small subgroup attack	27
Smart card binding information	28
BlackBerry Smart Card Reader reset process	29
Related resources	30
Glossary	31
Provide feedback	32

Blackberry PRD-09695-004 Technical Overview - Page 19

Confirming that a BlackBerry device is bound to the correct smart card

Page 19 highlights