User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

BlackBerry Smart Card Reader Security 14

7. The BlackBerry device or computer processes the list to search for a match with one of its own supported

algorithms.

• If a match is not available, the BlackBerry device or computer sends an error to the BlackBerry Smart

Card Reader and stops processing the list.

• If a match exists, the BlackBerry device or computer begins the key establishment by sending a pairing

request using the selected algorithms and a 64-byte seed to the BlackBerry Smart Card Reader.

8. The BlackBerry Smart Card Reader verifies the selected algorithms.

9. The BlackBerry Smart Card Reader performs the following calculation to select a short-term key (Y):

• selects random y, 1 < y < r – 1

• calculates Y = yS

10. The BlackBerry Smart Card Reader sends Y to the BlackBerry device or computer.

11. The BlackBerry device or computer performs the following calculations to select a short-term key (X):

• selects random x, 1 < x < r – 1

calculates X = xS •

• calculates the mas ter encryption key (MK) using the following information:

Parameter Value

K xY = xyS

H1 SHA 512 (sent packets)

H2 SHA 512 (received packets)

•

• calculates MK = SHA 25

calculates H = H1 + H2

6( H || K )

12. Berry Smart Card Reader.

ormation:

13. The BlackBerry Smart Card Reader calculates MK using the following inf

The BlackBerry device sends X to the Black

Parameter Value

K yX = yxS

H1 ent packets) SHA 512 (s

H2 SHA 512 (received packets)

H H1 + H2

MK H || K ) SHA 256 (

14. The initial key establishment protocol completes; the BlackBerry device or computer and the BlackBerry

See “Appendix D: BlackBerry Smart Card Reader shared cryptosystem parameters” on page 22 for more

Connection key establishment protocol used in the secure pairing process

omputer and the

The connection key establishment protocol uses the ECDH (elliptic curve) algorithm that the initial key

e key

Smart Card Reader share a master encryption key.

information on variables used in this process.

After the initial key establishment protocol completes successfully, the BlackBerry device or c

BlackBerry Smart Card Reader share a master encryption key. They must then establish a connection key to use

to send data between them. The connection key establishment protocol uses SPEKE to bootstrap from the secure

pairing key s, enabling a BlackBerry device or computer to establish long-term public keys and a strong,

cryptographically protected connection with a BlackBerry Smart Card Reader.

establishment protocol negotiates. The ECDH algorithm provides perfect forward secrecy, which uses th

that protects data to prevent the protocol from deriving previous or subsequent encryption keys. Each run of th