Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
51525354555657585960
BlackBerry Enterprise Solution 54
For more information, see the BlackBerry Smart Card Reader Security Technical Overview.
Binding the smart card to the BlackBerry device
If a user has a smart card authenticator, smart card driver, and smart card reader driver installed on their
BlackBerry device, either the BlackBerry Enterprise Server administrator or that user can initiate two-factor
authentication on the BlackBerry device to bind the BlackBerry device to the installed smart card. After the
BlackBerry device binds to the smart card, it requires that smart card to authenticate the user.
The BlackBerry Enterprise Server administrator can set the Force Smart Card Two-Factor Authentication IT policy
rule in the BlackBerry Manager to require that a user authenticates with the BlackBerry device using a smart
card. If the BlackBerry Enterprise Server administrator does not force the user to authenticate with the
BlackBerry device using a smart card, the user can turn two-factor authentication on and off with their smart
card by setting the User Authenticator field in the BlackBerry device Security Options.
When the BlackBerry Enterprise Server administrator or the user enables two-factor authentication, the following
events occur:
1. The BlackBerry device locks.
2. When a user tries to unlock the BlackBerry device, the BlackBerry device prompts the user to type the
BlackBerry device password. If the user has not yet set a BlackBerry device password, the BlackBerry device
forces them to set one.
3. The BlackBerry device prompts the user to type the user authenticator (smart card) password to turn on
two-factor authentication with the installed smart card.
4. The BlackBerry device binds to the installed smart card automatically by storing the following smart card
binding information in a special BlackBerry device NV store location that is inaccessible to a user:
the name of a Java class that the BlackBerry Smart Card Reader requires
the binding information format
the smart card type
Note: For the Common Access Card, this string is “GSA CAC”.
the name of a Java class that the smart card code requires
a unique 64-bit identifier that the smart card provides
a smart card label that the smart card provides (for example, “GRAHAM.JOHN.1234567890”)
5. The BlackBerry device pushes the current IT policy to the BlackBerry Smart Card Reader.
Confirming that the BlackBerry device is bound to the correct smart card
After a user turns on two-factor authentication, whenever the BlackBerry device prompts the user to insert the
smart card into the BlackBerry Smart Card Reader, the BlackBerry device prompt indicates the label and the card
type of the correct (bound) smart card. If the BlackBerry device is running BlackBerry Device Software Version
3.6 with either the S/MIME Support Package Version 1.5 for BlackBerry devices installed or no S/MIME Support
Package for BlackBerry devices installed, the information in the prompt is the only indication that a smart card is
bound to the BlackBerry device.
If the BlackBerry device is running BlackBerry Device Software Version 4.0 or later (S/MIME Support Package for
BlackBerry devices optional), the user can also view smart card information in the BlackBerry device Security
Options.
Field Description
Name indicates the type of the installed smart card
www.blackberry.com