Blackberry PRD-09695-004 Security Guide - Page 13

BlackBerry Smart Card Reader 13 IT policy rule Maximum PC Disconnected Timeout Maximum PC Long Term Timeout Maximum PC Bluetooth Traffic Inactivity Timeout Maximum Number of PC Transactions Maximum Number of PC Pairings Recommended use Specify the maximum time, in seconds, after the computer and the BlackBerry Smart Card Reader close the Bluetooth connection between them that the secure pairing information for that dropped connection is deleted from the computer and the BlackBerry Smart Card Reader. Specify the maximum time, in hours, after the computer and the BlackBerry Smart Card Reader establish the secure pairing information between them that the computer and the BlackBerry Smart Card Reader delete their secure pairing information. Specify the maximum time, in minutes, of inactivity over the Bluetooth connection between the BlackBerry Smart Card Reader and the computer allowed before the computer and the BlackBerry Smart Card Reader delete their secure pairing information. Specify the maximum number of transactions (smart card-related operations) that the computer and the BlackBerry Smart Card Reader can send and receive between them before the computer and the BlackBerry Smart Card Reader delete their secure pairing information. Note: A transaction is any request and response set of data packets other than a connection heartbeat. Specify the maximum number of computers that can pair with the BlackBerry Smart Card Reader. Note: The BlackBerry Smart Card Reader also recognizes the Disable Radio When Cradled IT policy rule, which controls whether the wireless transceiver is turned off when the BlackBerry device is connected to USB peripherals. If you set this IT policy rule to True, the Bluetooth wireless adaptor of the BlackBerry Smart Card Reader is turned off whenever the BlackBerry Smart Card Reader is connected to a computer using USB. See the Policy Reference Guide for more information. Establishing an encrypted and authenticated connection to the BlackBerry Smart Card Reader Before the smart card and the BlackBerry device can establish an encrypted and authenticated connection between them, the BlackBerry Smart Card Reader and the BlackBerry device or computer must perform a Bluetooth pairing process to establish a Bluetooth connection between the BlackBerry device or computer and the BlackBerry Smart Card Reader. The BlackBerry device or computer and the BlackBerry Smart Card Reader can then perform a secure pairing process to establish a connection between the smart card and the BlackBerry device or computer. The secure pairing is designed to allow the BlackBerry Smart Card Reader and the BlackBerry device or computer to encrypt and authenticate the data that they send between them over the application layer. During the secure pairing process • the initial key establishment protocol creates a shared master encryption key on the BlackBerry device or computer and the BlackBerry Smart Card Reader that the BlackBerry device or computer and the BlackBerry Smart Card Reader use to encrypt and decrypt the data that they send between them • the connection key establishment protocol creates a shared connection key on the BlackBerry device or computer and the BlackBerry Smart Card Reader that the BlackBerry device or computer and the BlackBerry Smart Card Reader use to send data between them The user must perform a Bluetooth pairing process once only but must perform a secure pairing each time that the BlackBerry device or computer deletes the secure pairing information. You can control when the BlackBerry www.blackberry.com