Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
11121314151617181920
BlackBerry Smart Card Reader Security 15
connection key establishment protocol uses a unique, random, ephemeral key pair to create the new connection
key. The BlackBerry Smart Card Reader discards the ephemeral key pair after establishing the connection key.
Even if the ephemeral private keys from a particular protocol run using the ECDH algorithm are compromised,
the connection keys from other runs of the same protocol remain uncompromised.
Connection key establishment protocol process
1. The BlackBerry device or computer sends an initial echo of the value 0xC1F34151520CC9C2 to the
BlackBerry Smart Card Reader to confirm that a Bluetooth connection to the BlackBerry Smart Card Reader
exists and to verify that both sides understand the protocol.
2. The BlackBerry Smart Card Reader receives the initial echo and replies with an echo transmission of the
same value.
3. The BlackBerry device or computer receives the echo.
4. The BlackBerry device or computer uses the algorithm that the initial key establishment protocol negotiated
to send the selected algorithms and a seed to the BlackBerry Smart Card Reader.
5. The BlackBerry Smart Card Reader performs the following calculation to select a short-term key (Y):
selects random y, 1 < y < r – 1
calculates Y = yP
where P is defined on the curve negotiated by the initial key establishment protocol
6. The BlackBerry Smart Card Reader sends Y to the BlackBerry device or computer.
7. The BlackBerry device or computer performs the following calculation to select a short-term key (X):
selects random x, 1 < x < r – 1
calculates X = xP
calculates the connection key (CK) using the following information:
Parameter Value
K xY = xyP
H1 SHA 512 (sent packets)
H2 SHA 512 (received packets)
H H1 + H2
CK SHA 256 ( MK || H || MK || K )
8. The BlackBerry device or computer sends X to the BlackBerry Smart Card Reader.
9. The BlackBerry device or computer performs a hashing function to calculate CK.
10. The BlackBerry Smart Card Reader calculates CK using the following information:
Parameter Value
K xY = xyP
H1 SHA 512(sent packets)
H2 SHA 512(received packets)
H H1 + H2
CK SHA 256( MK || H || MK || K )
11. The connection key establishment protocol completes; the BlackBerry device or computer and the
BlackBerry Smart Card Reader share a connection key.
See “Appendix D: BlackBerry Smart Card Reader shared cryptosystem parameters” on page 22 for more
information on variables used in this process.
www.blackberry.com