Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
919293949596979899100
Process flow: Turning on two-factor authentication using a smart card
When you or a user turns on two-factor authentication with the BlackBerry® Smart Card Reader, the BlackBerry device performs
the following actions:
1. locks
2. prompts the user to type the BlackBerry device password when the user tries to unlock the BlackBerry device
3. requires the user to specify a BlackBerry device password, if the user has not yet specified one
4. prompts the user to type the smart card password to turn on two-factor authentication using the smart card
5. binds to the smart card by storing the following binding information in the NV store in the BlackBerry device memory that
the user cannot access:
name of a Java® class that the BlackBerry Smart Card Reader requires
binding information format for the smart card type (for example, the type for CAC is GSA CAC)
name of a Java class that the smart card code requires
unique 64-bit identifier that the smart card provides
smart card label that the smart card provides (for example, HISLOP.GREG.1234567890)
6. pushes the current IT policy to the BlackBerry Smart Card Reader
Creating two-factor authentication methods
The BlackBerry® Java® Development Environment version 5.0 includes the User Authenticator API that a developer can use to
create two-factor authentication methods. A user can use the two-factor authentication methods with the BlackBerry device
password to unlock a BlackBerry device. After the developer creates an authentication method using the User Authenticator API,
you can install the authentication method on the BlackBerry device using a software configuration.
To configure the BlackBerry device so that the user must provide the BlackBerry device password and authenticate using a two-
factor authentication method before the BlackBerry device unlocks, you change the Allowed Authentication Mechanisms IT policy
rule to Other and configure the Is Access to the User Authenticator API Allowed application control policy rule.
The User Authenticator API permits a developer to add a field to the password dialog box on the BlackBerry device for the
authentication method. You can create as many two-factor authentication methods as the security policies of your organization
require.
BlackBerry® Device Software versions 5.0 and later support the User Authenticator API.
For more information about the User Authenticator API, see the BlackBerry Java Development Environment Fundamentals Guide.
Security Technical Overview
Two-factor authentication
98