Blackberry PRD-09695-004 Security Guide - Page 9

Machine onto the BlackBerry Smart Card Reader, the boot ROM

Get Blackberry PRD-09695-004 - SMART Card Reader PDF manuals and user guides
UPC - 097738554967
View all Blackberry PRD-09695-004 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 9 highlights

BlackBerry Smart Card Reader 9 Security method BlackBerry Smart Card Reader password Protected key storage Code signing Description The first BlackBerry device or computer to connect to the BlackBerry Smart Card Reader after the BlackBerry Smart Card Reader resets, which deletes the Bluetooth pairing information, must set a connection password. This password protects the encryption keys on the BlackBerry Smart Card Reader in the same way that the BlackBerry device password protects the data on the BlackBerry device. Any debugging application that tries to connect to the BlackBerry Smart Card Reader over the USB connection cannot connect unless that application knows the password. After ten unsuccessful connection password tries, the BlackBerry Smart Card Reader erases all of its data, including the password. See "Appendix G: BlackBerry Smart Card Reader reset process" on page 27 for more information. To help limit the risk of key disclosure, the BlackBerry Smart Card Reader is designed to store all keys in its RAM only and does not write keys to its flash memory. To take the BlackBerry Smart Card Reader apart, the user must remove the battery, thereby clearing all of the keys on the BlackBerry Smart Card Reader. BlackBerry devices that run BlackBerry Device Software Version 4.1 or later and the computers store the current secure pairing key and the shared master encryption key in their respective RAM only. BlackBerry devices that run BlackBerry Device Software versions earlier than Version 4.1 store the secure pairing key and the shared master encryption key in a key store database in the BlackBerry device flash memory. Before you or a user can run a permitted third-party application that uses the controlled APIs on the BlackBerry device, the Research In Motion (RIM) signing authority system must use public key cryptography to authorize and authenticate the application code. The BlackBerry Smart Card Reader uses code signing to prevent users from loading third-party code onto the BlackBerry Smart Card Reader. When RIM manufactures the BlackBerry Smart Card Reader, it installs a public key into the secure boot ROM of the BlackBerry Smart Card Reader and uses the corresponding private key to sign the BlackBerry Smart Card Reader operating systems. When RIM loads an operating system and Java Virtual Machine onto the BlackBerry Smart Card Reader, the boot ROM verifies the signature on the loaded operating system. If the boot ROM determines that the signature is not valid, it rejects the operating system. See the BlackBerry Enterprise Solution Security Technical Overview for more information about code signing. www.blackberry.com

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
BlackBerry Smart Card Reader
9
Security method
Description
BlackBerry Smart Card Reader password
The first BlackBerry device or computer to connect to the
BlackBerry Smart Card Reader after the BlackBerry Smart Card
Reader resets, which deletes the Bluetooth pairing information,
must set a connection password. This password protects the
encryption keys on the BlackBerry Smart Card Reader in the
same way that the BlackBerry device password protects the data
on the BlackBerry device.
Any debugging application that tries to connect to the
BlackBerry Smart Card Reader over the USB connection cannot
connect unless that application knows the password.
After ten unsuccessful connection password tries, the BlackBerry
Smart Card Reader erases all of its data, including the password.
See “Appendix G: BlackBerry Smart Card Reader reset process”
on page 27 for more information.
Protected key storage
To help limit the risk of key disclosure, the BlackBerry Smart Card
Reader is designed to store all keys in its RAM only and does not
write keys to its flash memory. To take the BlackBerry Smart
Card Reader apart, the user must remove the battery, thereby
clearing all of the keys on the BlackBerry Smart Card Reader.
BlackBerry devices that run BlackBerry Device Software Version
4.1 or later and the computers store the current secure pairing
key and the shared master encryption key in their respective
RAM only. BlackBerry devices that run BlackBerry Device
Software versions earlier than Version 4.1 store the secure
pairing key and the shared master encryption key in a key store
database in the BlackBerry device flash memory.
Code signing
Before you or a user can run a permitted third-party application
that uses the controlled APIs on the BlackBerry device, the
Research In Motion (RIM) signing authority system must use
public key cryptography to authorize and authenticate the
application code.
The BlackBerry Smart Card Reader uses code signing to prevent
users from loading third-party code onto the BlackBerry Smart
Card Reader. When RIM manufactures the BlackBerry Smart
Card Reader, it installs a public key into the secure boot ROM of
the BlackBerry Smart Card Reader and uses the corresponding
private key to sign the BlackBerry Smart Card Reader operating
systems. When RIM loads an operating system and Java Virtual
Machine onto the BlackBerry Smart Card Reader, the boot ROM
verifies the signature on the loaded operating system. If the boot
ROM determines that the signature is not valid, it rejects the
operating system.
See the
BlackBerry Enterprise Solution Security Technical
Overview
for more information about code signing.
www.blackberry.com