Blackberry PRD-09695-004 Security Guide - Page 4

BlackBerry Smart Card Reader 4 This document describes the security features that the BlackBerry® Smart Card Reader Version 1.5 SP1 supports unless otherwise stated. See the documentation for earlier software versions of the BlackBerry Smart Card Reader to determine if an earlier version supports a specific feature. See the BlackBerry Enterprise Solution Security Acronym Glossary for the full terms substituted by the acronyms in this document. BlackBerry Smart Card Reader The BlackBerry Smart Card Reader for BlackBerry devices is an accessory that, when used in proximity to certain Bluetooth® enabled BlackBerry devices and computers, integrates smart card use with the BlackBerry® Enterprise Solution, letting users authenticate with their smart cards to log in to Bluetooth enabled BlackBerry devices and computers. The BlackBerry Smart Card Reader is designed to perform the following actions: • communicate over the wireless network with Bluetooth wireless technology version 1.1 or later-enabled BlackBerry devices and computers using the AES 256 encryption method (by default) on the application layer • create a reliable two-factor authentication environment for granting users access to BlackBerry and PKI applications • enable the wireless digital signing and encryption of wireless email messages sent from the BlackBerry device using the S/MIME Support Package • store all encryption keys in RAM only and never write the keys to flash memory Authenticating a user using a smart card The BlackBerry Smart Card Reader allows you to use two-factor authentication, using a smart card, to require users to prove their identities to the BlackBerry devices or computers by two factors: • what they have (the smart card) • what they know (their smart card password) Integrating a smart card with existing secure messaging technology In addition to standard BlackBerry encryption, you can turn on secure messaging technology to offer an additional layer of security between the sender and the recipient of an email or PIN message. The S/MIME Support Package is designed to let BlackBerry device users who are already sending and receiving S/MIME messages using the email applications on their computers to send and receive S/MIME protected messages using their BlackBerry devices. Users can sign, encrypt, and send S/MIME messages from their BlackBerry devices. BlackBerry devices can decrypt received messages that are encrypted using S/MIME so that users can read them on their BlackBerry devices. Users might require a smart card authenticator module and must have a smart card driver and the BlackBerry Smart Card Reader driver installed on their Bluetooth enabled BlackBerry devices to perform a Bluetooth pairing followed by a secure pairing with their BlackBerry Smart Card Readers. The S/MIME Support Package supports smart card use and includes tools for obtaining certificates and transferring them to the BlackBerry device for use with the S/MIME Support Package. After the BlackBerry device and the BlackBerry Smart Card Reader establish a secure pairing, you can set the S/MIME Force Smartcard Use IT policy rule to require the use of the smart card to sign, encrypt, or sign and encrypt S/MIME-protected messages on the BlackBerry device. www.blackberry.com