Blackberry PRD-09695-004 Security Guide - Page 16

Connection key establishment protocol process, The BlackBerry Smart Card Reader calculates

Get Blackberry PRD-09695-004 - SMART Card Reader PDF manuals and user guides
UPC - 097738554967
View all Blackberry PRD-09695-004 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 16 highlights

BlackBerry Smart Card Reader 16 Even if the ephemeral private keys from a particular protocol run using the ECDH algorithm are compromised, the connection keys from other runs of the same protocol remain uncompromised. Connection key establishment protocol process 1. The BlackBerry device or computer sends an initial echo of the value 0xC1F34151520CC9C2 to the BlackBerry Smart Card Reader to confirm that a Bluetooth connection to the BlackBerry Smart Card Reader exists and to verify that both sides understand the protocol. 2. The BlackBerry Smart Card Reader receives the initial echo and replies with an echo transmission of the same value. 3. The BlackBerry device or computer receives the echo and uses the algorithm that the initial key establishment protocol negotiated to send the selected algorithms and a seed to the BlackBerry Smart Card Reader. 4. The BlackBerry Smart Card Reader performs the following calculation to select a short-term key (Y): selects random y, 1 < y < r - 1 calculates Y = yP where P is defined on the curve negotiated by the initial key establishment protocol 5. The BlackBerry Smart Card Reader sends Y to the BlackBerry device or computer. 6. The BlackBerry device or computer performs the following calculation to select a short-term key (X): selects random x, 1 < x < r - 1 calculates X = xP calculates the connection key (CK) using the following information: Parameter Value K xY = xyP H1 SHA-512 (sent data packets) H2 SHA-512 (received data packets) H H1 + H2 CK SHA-256 ( MK || H || MK || K ) 7. The BlackBerry device or computer sends X to the BlackBerry Smart Card Reader. 8. The BlackBerry device or computer performs a hashing function to calculate CK. 9. The BlackBerry Smart Card Reader calculates CK using the following information: Parameter K H1 H2 H CK Value yX = yxP SHA-512 (sent data packets) SHA-512 (received data packets) H1 + H2 SHA-256( MK || H || MK || K ) 10. The connection key establishment protocol completes; the BlackBerry device or computer and the BlackBerry Smart Card Reader share a connection key. See "Appendix D: BlackBerry Smart Card Reader shared cryptosystem parameters" on page 23 for more information about variables used in this process. The connection key establishment protocol can stop at any point if an error occurs. See "Appendix B: Connection key establishment protocol errors" on page 21 for more information. www.blackberry.com

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
BlackBerry Smart Card Reader
16
Even if the ephemeral private keys from a particular protocol run using the ECDH algorithm are compromised,
the connection keys from other runs of the same protocol remain uncompromised.
Connection key establishment protocol process
1.
The BlackBerry device or computer sends an initial echo of the value 0xC1F34151520CC9C2 to the
BlackBerry Smart Card Reader to confirm that a Bluetooth connection to the BlackBerry Smart Card Reader
exists and to verify that both sides understand the protocol.
2.
The BlackBerry Smart Card Reader receives the initial echo and replies with an echo transmission of the
same value.
3.
The BlackBerry device or computer receives the echo and uses the algorithm that the initial key
establishment protocol negotiated to send the selected algorithms and a seed to the BlackBerry Smart Card
Reader.
4.
The BlackBerry Smart Card Reader performs the following calculation to select a short-term key (
Y
):
selects random
y
, 1 <
y
< r – 1
calculates
Y
=
yP
where
P
is defined on the curve negotiated by the initial key establishment protocol
5.
The BlackBerry Smart Card Reader sends
Y
to the BlackBerry device or computer.
6.
The BlackBerry device or computer performs the following calculation to select a short-term key (
X
):
selects random
x
, 1 <
x
< r – 1
calculates
X
=
xP
calculates the connection key (
CK
) using the following information:
Parameter
Value
K
xY
=
xyP
H1
SHA-512 (sent data packets)
H2
SHA-512 (received data packets)
H
H1
+
H2
CK
SHA-256 (
MK
||
H
||
MK
||
K
)
7.
The BlackBerry device or computer sends
X
to the BlackBerry Smart Card Reader.
8.
The BlackBerry device or computer performs a hashing function to calculate
CK
.
9.
The BlackBerry Smart Card Reader calculates
CK
using the following information:
Parameter
Value
K
yX = yxP
H1
SHA-512 (sent data packets)
H2
SHA-512 (received data packets)
H
H1
+
H2
CK
SHA-256(
MK
||
H
||
MK
||
K
)
10.
The connection key establishment protocol completes; the BlackBerry device or computer and the
BlackBerry Smart Card Reader share a connection key.
See “Appendix D: BlackBerry Smart Card Reader shared cryptosystem parameters” on page 23 for more
information about variables used in this process.
The connection key establishment protocol can stop at any point if an error occurs. See “Appendix B: Connection
key establishment protocol errors” on page 21 for more information.
www.blackberry.com