Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
31323334353637383940
BlackBerry Enterprise Solution Security
Authenticating a user 36
what they know (their smart card password).
The BlackBerry Smart Card Reader integrates smart card use with the BlackBerry Enterprise Solution, enabling a
user to authenticate with their smart card to login to certain Bluetooth-enabled BlackBerry devices.
The BlackBerry Smart Card Reader
creates a reliable two-factor authentication environment for granting users access to BlackBerry and PKI
applications
is designed to enable the wireless digital signing and encryption of wireless email messages using the
S/MIME Support Package
stores all encryption keys in RAM only and never writes the keys to flash memory
See the BlackBerry Smart Card Reader Security White Paper for more information.
Binding the smart card to the BlackBerry device
If a user has a smart card authenticator, smart card driver, and smart card reader driver installed on their
BlackBerry device, either you or that user can initiate two-factor authentication on the BlackBerry device to bind
the BlackBerry device to the installed smart card. After the BlackBerry device binds to the smart card, it requires
that smart card to authenticate the user.
You can set the Force Smart Card Two-Factor Authentication IT policy rule in the BlackBerry Manager to require
that a user authenticates with the BlackBerry device using a smart card. If you do not force the user to
authenticate with the BlackBerry device using a smart card, the user can turn two-factor authentication on and
off with their smart card by setting the User Authenticator field in the BlackBerry device Security Options.
When you or the user enables two-factor authentication, the following events occur:
1. The BlackBerry device locks.
2. When a user tries to unlock the BlackBerry device, the BlackBerry device prompts the user to type the
BlackBerry device password. If the user has not yet set a BlackBerry device password, the BlackBerry device
forces them to set one.
3. The BlackBerry device prompts the user to type the user authenticator (smart card) password to turn on
two-factor authentication with the installed smart card.
4. The BlackBerry device binds to the installed smart card automatically by storing the following smart card
binding information in a special BlackBerry device NV store location that is inaccessible to a user:
name of a Java class required by the BlackBerry Smart Card Reader
format of the binding information (currently, a version byte with a value of 0)
type of smart card (for the Common Access Card, this string is “GSA CAC”)
name of a Java class required by the smart card code
unique 64-bit identifier that the smart card provides
smart card label that the smart card provides (for example, “GRAHAM.JOHN.1234567890”)
5. The BlackBerry device pushes the current IT policy to the BlackBerry Smart Card Reader.
Confirming that the BlackBerry device is bound to the correct smart card
After a user turns on two-factor authentication, whenever the BlackBerry device prompts the user to insert the
smart card into the BlackBerry Smart Card Reader, the BlackBerry device prompt indicates the label and the card
type of the correct (bound) smart card. If the BlackBerry device is running BlackBerry Device Software version
3.6 or earlier with either the S/MIME Support Package version 1.5 installed or no S/MIME Support Package
installed, the information in the prompt is the only indication that a smart card is bound to the BlackBerry device.
www.blackberry.com