Specifications
• Trying an action on the device that requires the smart card (for example, importing certificates, signing or decrypting a
message, or turning on two-factor authentication)
The reader reconnects automatically to a device that it has previously connected.
The device and reader open a secure connection by using the following pairings:
Pairing Description
Bluetooth
This pairing creates a Bluetooth encryption key and opens a
Bluetooth connection between the device and the reader.
For more information about the Bluetooth connection, see
the BlackBerry Smart Card Reader Security Technical
Overview.
Secure pairing
This pairing creates a secure pairing PIN and opens a
connection between the smart card and the device. The
reader and the device use the secure pairing PIN to encrypt
and authenticate the data that they send between them
over the application layer. By default, the secure pairing
PIN is 8 characters long and is case-sensitive. You can
change the format of the secure pairing PIN using the “PIN
Entry Mode” IT policy rule.
During the secure pairing process the following events
occur:
• The initial key establishment protocol creates a shared
device transport key on the device and the reader that
they use to encrypt and decrypt the data that they send
between them
• The connection key establishment protocol creates a
shared connection key on the device and the reader
that they use to send data between them
For more information about the initial key establishment
protocol and the connection key establishment protocol,
see the BlackBerry Smart Card Reader Security Technical
Overview.
The secure pairing is only deleted if the user removes the
reader from the list of Bluetooth paired devices, or the
device or reader is wiped.
Unbinding the current smart card from a device
There are two ways to delete the binding between a user’s current smart card and a BlackBerry 10 device:
Security Technical Overview Protecting data
105