Blackberry PRD-09695-004 Technical Overview - Page 9

Restricting Bluetooth technology on a Bluetooth enabled computer On a Bluetooth® enabled computer, when a Bluetooth wireless adaptor exists and is turned on, the computer also installs Bluetooth drivers (and a personal area networking device, optionally) for that wireless adaptor. To prevent a user who does not have administrator privileges and external Bluetooth devices other than the BlackBerry® Smart Card Reader from using the Bluetooth technology installed on the computer, you can restrict the availability of the Bluetooth technology on the computer. For more information about restricting Bluetooth technology on a computer in your organization, see Restricting Bluetooth technology on Bluetooth enabled computers BlackBerry Smart Card Reader Technical Overview. Bluetooth security measures on the BlackBerry Smart Card Reader The following security methods on the BlackBerry® Smart Card Reader enhance the existing protection of the Bluetooth® technology on a Bluetooth enabled BlackBerry device. Security method limited use of serial port profiles use of Bluetooth pairing process to help prevent passive attack control of the Bluetooth range protection of the Bluetooth encryption key Description The BlackBerry Smart Card Reader uses the Bluetooth Serial Port Profile only, allowing you to use application control to turn off all the other profiles and prevent third-party applications from using the BlackBerry Smart Card Reader. During the Bluetooth pairing process, the BlackBerry Smart Card Reader uses a random key (unlike the hard-coded keys that headsets and other Bluetooth enabled devices use). A user always starts the Bluetooth pairing process from the BlackBerry device or computer. If a message prompts the user to type a pairing password when the user did not start a pairing process, the user knows that another device, which the user might not want to connect to, started the pairing process. The Bluetooth pairing process is designed to help prevent a passive attack in which a user with malicious intent tries to search for the BlackBerry device PIN. You can use the Maximum Bluetooth Range IT policy rule to control the power level of the Bluetooth wireless adapter on the BlackBerry Smart Card Reader. When you configure the power level, you can control the range of proximity between the BlackBerry Smart Card Reader and the BlackBerry device at which the two parties close the Bluetooth connection between them. The range value does not translate to a specific distance because the Bluetooth range is partially determined by the power level. The range value is also heavily influenced by environmental factors, including obstructions and electromagnetic radiation. As a general rule, the Bluetooth range at power setting n+1 is longer than the range at power setting n. After the user resets the BlackBerry Smart Card Reader, a BlackBerry device can perform the Bluetooth pairing process and the secure paring process to reconnect to the BlackBerry Smart Card Reader. If that BlackBerry device was the last BlackBerry device to connect to the BlackBerry Smart Card Reader before the user reset the BlackBerry Smart Card Reader, the BlackBerry Smart Card Reader restores the backed-up Bluetooth encryption key for that Bluetooth connection and opens the Bluetooth connection to the BlackBerry device automatically. You can use the Maximum Bluetooth Encryption Key Regeneration Period IT policy rule to set the period after which the BlackBerry device generates a new Bluetooth encryption key. 9