Blackberry PRD-09695-004 Security Guide - Page 9
Machine onto the BlackBerry Smart Card Reader, the boot ROM
UPC - 097738554967
View all Blackberry PRD-09695-004 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 9 highlights
BlackBerry Smart Card Reader 9 Security method BlackBerry Smart Card Reader password Protected key storage Code signing Description The first BlackBerry device or computer to connect to the BlackBerry Smart Card Reader after the BlackBerry Smart Card Reader resets, which deletes the Bluetooth pairing information, must set a connection password. This password protects the encryption keys on the BlackBerry Smart Card Reader in the same way that the BlackBerry device password protects the data on the BlackBerry device. Any debugging application that tries to connect to the BlackBerry Smart Card Reader over the USB connection cannot connect unless that application knows the password. After ten unsuccessful connection password tries, the BlackBerry Smart Card Reader erases all of its data, including the password. See "Appendix G: BlackBerry Smart Card Reader reset process" on page 27 for more information. To help limit the risk of key disclosure, the BlackBerry Smart Card Reader is designed to store all keys in its RAM only and does not write keys to its flash memory. To take the BlackBerry Smart Card Reader apart, the user must remove the battery, thereby clearing all of the keys on the BlackBerry Smart Card Reader. BlackBerry devices that run BlackBerry Device Software Version 4.1 or later and the computers store the current secure pairing key and the shared master encryption key in their respective RAM only. BlackBerry devices that run BlackBerry Device Software versions earlier than Version 4.1 store the secure pairing key and the shared master encryption key in a key store database in the BlackBerry device flash memory. Before you or a user can run a permitted third-party application that uses the controlled APIs on the BlackBerry device, the Research In Motion (RIM) signing authority system must use public key cryptography to authorize and authenticate the application code. The BlackBerry Smart Card Reader uses code signing to prevent users from loading third-party code onto the BlackBerry Smart Card Reader. When RIM manufactures the BlackBerry Smart Card Reader, it installs a public key into the secure boot ROM of the BlackBerry Smart Card Reader and uses the corresponding private key to sign the BlackBerry Smart Card Reader operating systems. When RIM loads an operating system and Java Virtual Machine onto the BlackBerry Smart Card Reader, the boot ROM verifies the signature on the loaded operating system. If the boot ROM determines that the signature is not valid, it rejects the operating system. See the BlackBerry Enterprise Solution Security Technical Overview for more information about code signing. www.blackberry.com