Blackberry PRD-09695-004 Security Guide - Page 10

BlackBerry Smart Card Reader 10 Security method Random number generation Description In the BlackBerry Smart Card Reader, the following sources of entropy seed the random number generator: • RIM manufactures each BlackBerry Smart Card Reader with a random 64-byte value (a seed). This provides the BlackBerry Smart Card Reader with entropy before the wireless transceiver is turned on. • When the initial key establishment protocol establishes the master encryption key and the connection key establishment protocol establishes the connection key that the BlackBerry device or computer and the BlackBerry Smart Card Reader use to send data between them, the BlackBerry device or computer and the BlackBerry Smart Card Reader use SHA-512 to hash all of the data packets that they send and receive between them and add the hashed data packets to the entropy pool. • Each time the BlackBerry device or computer and the BlackBerry Smart Card Reader negotiate keys during the initial key establishment protocol and the connection key establishment protocol, the BlackBerry device or computer sends a 64-byte seed to the BlackBerry Smart Card Reader. The BlackBerry Smart Card Reader adds this value to its random source. See the BlackBerry Enterprise Solution Security Technical Overview for more information about the BlackBerry device random number generation process. Control Bluetooth connections from third-party applications Application control is designed to limit the use of Bluetooth wireless technology (and the Bluetooth profiles) to specific, permitted third-party applications. Using the BlackBerry Enterprise Server Version 4.0 or later, you can set BlackBerry Enterprise Server IT policy rules and application policy rules to control how third-party applications use the BlackBerry Smart Card Reader to connect to Bluetooth enabled BlackBerry devices. Use application control policy rules to • permit or prevent third-party applications from being downloaded onto BlackBerry devices • define the features (for example, the email application, the phone application, and the BlackBerry device key store) that third-party applications can access on the BlackBerry device • define the types of connections that a third-party application can establish (for example, opening network connections inside the firewall) on the BlackBerry device • send third-party applications to BlackBerry devices over the wireless network • prevent third-party applications that have obtained a digital signature from the RIM signing authority system from using the BlackBerry device controlled APIs to do anything other than access persistent storage of user data and communicate with other applications You can set application control policy rules so that all Bluetooth profiles are unavailable for applications by default and then turn on the Bluetooth Serial Port Profile for the BlackBerry Smart Card Reader driver only. In this configuration, only the necessary applications are permitted to use the BlackBerry Smart Card Reader driver. Managing BlackBerry Smart Card Reader technology You can set BlackBerry Enterprise Server IT policy rules that are designed to control the behavior of the BlackBerry Smart Card Reader. www.blackberry.com