Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
919293949596979899100
To control how a BlackBerry device can use an Advanced Security SD card, you can use the Force Smart Card Two-Factor
Authentication IT policy rule, Force Smart Card Two Factor Challenge Response IT policy rule, or Disable Certificate or Key Import
From External Memory IT policy rule.
To permit third-party applications on the BlackBerry device to access the Advanced Security SD card, a developer can use the
SmartCard API in the BlackBerry® Java® Development Environment.
BlackBerry® Device Software versions 5.0 and later support Advanced Security SD cards.
For more information about configuring the BlackBerry device to support an Advanced Security SD card, see the user guide for
the BlackBerry device. For more information about using IT policy rules, see the BlackBerry Enterprise Server Policy Reference
Guide.
Related topics
Managing BlackBerry Java Applications on a BlackBerry device using code signing, 118
Two-factor authentication
You can use the BlackBerry® Smart Card Reader or an Advanced Security SD card to require a user to use a smart card and the
smart card password to prove the user’s identity before the BlackBerry device unlocks. If a user installs a smart card authenticator,
smart card driver, and smart card reader driver on the BlackBerry device, you or the user can configure two-factor authentication
on the BlackBerry device to bind the BlackBerry device to the installed smart card. After the BlackBerry device binds to the smart
card, the BlackBerry device requires the user to use the smart card to authenticate before the BlackBerry device unlocks.
To require that a user authenticate with the BlackBerry device using the smart card, you can configure the Force Smart Card
Two-Factor Authentication IT policy rule in the BlackBerry Administration Service. If you do not require the user to authenticate
with the BlackBerry device using a smart card, the user can turn on or turn off two-factor authentication in the BlackBerry device
options, in the security options, in the User Authenticator field.
Verifying that a BlackBerry device is bound to a smart card
After a user turns on two-factor authentication, the BlackBerry® device prompts the user to insert the smart card into the
BlackBerry® Smart Card Reader. The BlackBerry device displays the label and card type of the bound smart card.
If the BlackBerry device is running BlackBerry® Device Software version 3.6, the smart card information that the BlackBerry
device displays when it prompts the user to insert the smart card into the BlackBerry Smart Card Reader is the only indication
that a smart card is bound to the BlackBerry device.
If the BlackBerry device is running BlackBerry Device Software version 4.0 or later, the BlackBerry device displays the smart card
information when it prompts the user to insert the smart card. The user can view the smart card information in the BlackBerry
device options, in the security options. The Initialized field specifies whether the BlackBerry device authenticated with and is
bound to the smart card.
Security Technical Overview
Two-factor authentication
97