Home » Blackberry Manuals » Input Devices » Blackberry PRD-09695-004 » Manual Viewer

Blackberry PRD-09695-004 Security Guide

Blackberry PRD-09695-004 - SMART Card Reader Manual

UPC - 097738554967

View all Blackberry PRD-09695-004 manuals

Add to My Manuals
Save this manual to your list of manuals

Blackberry PRD-09695-004 manual content summary:

Blackberry PRD-09695-004 | Security Guide - Page 1
BlackBerry Smart Card Reader Version 1.5 Service Pack 1 Security Technical Overview © 2007 Research In Motion Limited. All rights reserved. www.blackberry.com
Blackberry PRD-09695-004 | Security Guide - Page 2
device 17 Setting two-factor authentication on the computer 18 Related resources...19 Appendix A: BlackBerry Smart Card Reader supported algorithms 20 Appendix B: Connection key establishment protocol errors 21 Appendix C: Application layer protocol encryption and authentication 22 Appendix
Blackberry PRD-09695-004 | Security Guide - Page 3
BlackBerry Smart Card Reader Offline dictionary attack...25 Online dictionary attack ...25 Small subgroup attack...25 Appendix F: Smart card binding information ...26 Appendix G: BlackBerry Smart Card Reader reset process 27 © 2007 Research In Motion Limited. All rights reserved. www.blackberry.
Blackberry PRD-09695-004 | Security Guide - Page 4
and must have a smart card driver and the BlackBerry Smart Card Reader driver installed on their Bluetooth enabled BlackBerry devices to perform a Bluetooth pairing followed by a secure pairing with their BlackBerry Smart Card Readers. The S/MIME Support Package supports smart card use and includes
Blackberry PRD-09695-004 | Security Guide - Page 5
(PIV) cards Description The BlackBerry Smart Card Reader Version 1.0 or later supports the PIV standard smart cards, as described in Federal Information Processing Standard (FIPS) 201, that applicable BlackBerry devices support. Support for Microsoft® Windows The BlackBerry Smart Card Reader is
Blackberry PRD-09695-004 | Security Guide - Page 6
BlackBerry Smart Card Reader 6 The BlackBerry Enterprise Solution is designed so that data remains encrypted (in other words, it is not decrypted) at all points between the BlackBerry device and the BlackBerry Enterprise Server. Only the BlackBerry Enterprise Server and the BlackBerry device can
Blackberry PRD-09695-004 | Security Guide - Page 7
BlackBerry Smart Card Reader 7 • prevent Bluetooth enabled BlackBerry devices from sending or receiving address book information over a Bluetooth connection • prevent Bluetooth enabled BlackBerry devices from making phone calls See the Policy Reference Guide for more information. Restricting
Blackberry PRD-09695-004 | Security Guide - Page 8
process to reconnect to the BlackBerry Smart Card Reader. If that BlackBerry device was the last BlackBerry device to connect to the BlackBerry Smart Card Reader before the user reset the BlackBerry Smart Card Reader, the BlackBerry Smart Card Reader restores the backed-up Bluetooth encryption
Blackberry PRD-09695-004 | Security Guide - Page 9
-party code onto the BlackBerry Smart Card Reader. When RIM manufactures the BlackBerry Smart Card Reader, it installs a public key into the secure boot ROM of the BlackBerry Smart Card Reader and uses the corresponding private key to sign the BlackBerry Smart Card Reader operating systems. When RIM
Blackberry PRD-09695-004 | Security Guide - Page 10
the connection key establishment protocol establishes the connection key that the BlackBerry device or computer and the BlackBerry Smart Card Reader use to send data between them, the BlackBerry device or computer and the BlackBerry Smart Card Reader use SHA-512 to hash all of the data packets that
Blackberry PRD-09695-004 | Security Guide - Page 11
when the user removes the smart card from a supported smart card reader or disconnects a supported smart card reader from the computer. Specify a period, in hours, after which the BlackBerry Smart Card Reader regenerates the Bluetooth encryption key if the BlackBerry device or computer is connected
Blackberry PRD-09695-004 | Security Guide - Page 12
smart card from the BlackBerry Smart Card Reader that the secure pairing information is deleted from the BlackBerry device and the BlackBerry Smart Card Reader. Specify the maximum number of transactions (smart card-related operations) that the BlackBerry device and the BlackBerry Smart Card Reader
Blackberry PRD-09695-004 | Security Guide - Page 13
of the BlackBerry Smart Card Reader is turned off whenever the BlackBerry Smart Card Reader is connected to a computer using USB. See the Policy Reference Guide for more information. Establishing an encrypted and authenticated connection to the BlackBerry Smart Card Reader Before the smart card and
Blackberry PRD-09695-004 | Security Guide - Page 14
process. See the BlackBerry Smart Card Reader Getting Started Guide for more information. Performing the Bluetooth pairing process and the secure pairing process on the computer The user must manually connect to the BlackBerry Smart Card Reader from the BlackBerry Smart Card Reader Options dialog on
Blackberry PRD-09695-004 | Security Guide - Page 15
a pairing request using the selected algorithms and a 64-byte seed to the BlackBerry Smart Card Reader. 6. The BlackBerry Smart Card Reader verifies the selected algorithms. 7. The BlackBerry Smart Card Reader performs the following calculation to select a short-term key (Y): selects random
Blackberry PRD-09695-004 | Security Guide - Page 16
initial echo of the value 0xC1F34151520CC9C2 to the BlackBerry Smart Card Reader to confirm that a Bluetooth connection to the BlackBerry Smart Card Reader exists and to verify that both sides understand the protocol. 2. The BlackBerry Smart Card Reader receives the initial echo and replies with an
Blackberry PRD-09695-004 | Security Guide - Page 17
the shared connection key. See "Appendix C: Application layer protocol encryption and authentication" on page 22 for more information. The BlackBerry device or computer and the BlackBerry Smart Card Reader use AES 256 in CBC mode to encrypt the data and keyed HMAC with SHA-512 to protect data by
Blackberry PRD-09695-004 | Security Guide - Page 18
installed smart card and deletes the smart card binding information from the BlackBerry device. Setting two-factor authentication on the computer See the Microsoft Windows documentation for information about configuring a computer to require the user to connect to a supported smart card reader from
Blackberry PRD-09695-004 | Security Guide - Page 19
up the BlackBerry Smart Card Reader • installing or upgrading the BlackBerry Smart Card Reader • pairing the BlackBerry device or the computer with the BlackBerry Smart Card Reader • troubleshooting • using BlackBerry Enterprise Server IT policies • installing the S/MIME Support Package • managing
Blackberry PRD-09695-004 | Security Guide - Page 20
BlackBerry Smart Card Reader 20 Appendix A: BlackBerry Smart Card Reader supported algorithms Algorithm type Algorithm elliptic curve (default) • 571-bit Koblitz Curve (EC571K1) • 521-bit Random Curve (EC521R1)* • 283-bit Koblitz Curve (EC283K1) • 256-bit Random
Blackberry PRD-09695-004 | Security Guide - Page 21
key establishment protocol errors During the connection key establishment protocol process, if an error occurs on the BlackBerry device, the computer, or the BlackBerry Smart Card Reader, that party sends an error code to the other party negotiating the connection key. The following errors
Blackberry PRD-09695-004 | Security Guide - Page 22
SHA-256( CK || S2 ) SHA-256( CK || S3 ) KeyRecAuth SHA-256( CK || S4 ) Description • the AES-256 key that the BlackBerry device, the computer, or the BlackBerry Smart Card Reader generates to encrypt the data that it sends to the other party over the application layer • the other party must use
Blackberry PRD-09695-004 | Security Guide - Page 23
BlackBerry Smart Card Reader 23 Appendix D: BlackBerry Smart Card Reader shared cryptosystem parameters The BlackBerry Smart Card Reader and the BlackBerry device or computer with the BlackBerry Smart Card Reader software and drivers installed are designed to share the following cryptosystem
Blackberry PRD-09695-004 | Security Guide - Page 24
the master encryption key by solving the ECDH problem. This calculation is equivalent to solving the DH problem, which is computationally infeasible. Impersonating a BlackBerry device or computer An impersonation of the BlackBerry Smart Card Reader occurs when the user with malicious intent sends
Blackberry PRD-09695-004 | Security Guide - Page 25
dictionary attack, but the user with malicious intent must rely on the BlackBerry device, the computer, or the BlackBerry Smart Card Reader to determine if a key is the correct secure pairing key. The BlackBerry Smart Card Reader supports only one try to guess the secure pairing key. If the guess
Blackberry PRD-09695-004 | Security Guide - Page 26
BlackBerry Smart Card Reader 26 Appendix F: Smart card binding information When you or a user turns on two-factor authentication on the BlackBerry device, the BlackBerry device binds to the installed smart card automatically by storing the following smart card binding information in a special
Blackberry PRD-09695-004 | Security Guide - Page 27
• deletes all secure pairing information • deletes all user settings • deletes the connection password • unbinds the IT policy from the BlackBerry Smart Card Reader The BlackBerry Smart Card Reader unbinds the IT policy by deleting the IT policy public key from its NV store so that it can receive
Blackberry PRD-09695-004 | Security Guide - Page 28
BlackBerry Smart Card Reader 28 Part number: 12450959 Version 1 ©2007 Research In Motion Limited. All Rights Reserved. The BlackBerry and RIM families of related marks, images, and symbols are the exclusive properties of Research In Motion Limited. RIM, Research In Motion, BlackBerry services is

Section	Page
BlackBerry Smart Card Reader	4
Authenticating a user using a smart card	4
Integrating a smart card with existing secure messaging tech	4
New in this release	5
System requirements	5
System architecture	5
BlackBerry Enterprise Solution security	5
Bluetooth enabled BlackBerry devices	6
Managing Bluetooth enabled BlackBerry devices	6
Restricting Bluetooth technology on the computer	7
Bluetooth security measures on the BlackBerry Smart Card Rea	7
BlackBerry Smart Card Reader security	8
Control Bluetooth connections from third-party applications	10
Managing BlackBerry Smart Card Reader technology	10
Establishing an encrypted and authenticated connection to th	13
Performing the Bluetooth pairing process and the secure pair	14
Performing the Bluetooth pairing process and the secure pair	14
Reconnecting to the BlackBerry device or computer automatica	14
Initial key establishment protocol used in the secure pairin	14
Initial key establishment protocol process	14
Connection key establishment protocol used in the secure pai	15
Connection key establishment protocol process	16
Encrypting and authenticating data on the application layer	17
Using two-factor authentication	17
Turning on two-factor authentication on the BlackBerry devic	17
Confirming that the BlackBerry device is bound to the correc	18
Unbinding the smart card from the BlackBerry device	18
Setting two-factor authentication on the computer	18
Related resources	19
Appendix A: BlackBerry Smart Card Reader supported algorithm	20
Appendix B: Connection key establishment protocol errors	21
Appendix C: Application layer protocol encryption and authen	22
Appendix D: BlackBerry Smart Card Reader shared cryptosystem	23
Appendix E: Examples of attacks that the BlackBerry Smart Ca	24
Eavesdropping	24
Impersonating a BlackBerry device or computer	24
Man-in-the-middle attack	24
Offline attack	24
Offline dictionary attack	25
Online dictionary attack	25
Small subgroup attack	25
Appendix F: Smart card binding information	26

Match case Limit results 1 per page

BlackBerry Smart Card Reader

Version 1.5 Service Pack 1

Security Technical Overview