Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
131132133134135136137138139140
If the device is running BlackBerry Device Software version 3.6, the smart card information that the device displays when it
prompts the user to insert the smart card into the BlackBerry Smart Card Reader is the only indication that a smart card is
bound to the device.
If the device is running BlackBerry Device Software version 4.0 or later, the device displays the smart card information
when it prompts the user to insert the smart card. The user can view the smart card information in the device options, in
the security options. The Initialized field specifies whether the device authenticated with and is bound to the smart card.
Data flow: Turning on two-factor authentication using a
smart card
When you or a user turns on two-factor authentication with the BlackBerry Smart Card Reader, the BlackBerry device
performs the following actions:
1. locks
2. prompts the user to type the BlackBerry device password when the user tries to unlock the BlackBerry device
3. requires the user to specify a BlackBerry device password, if the user has not yet specified one
4. prompts the user to type the smart card password to turn on two-factor authentication using the smart card
5. binds to the smart card by storing the following binding information in the NV store in the BlackBerry device memory
that the user cannot access:
name of a class that the BlackBerry Smart Card Reader requires
binding information format for the smart card type (for example, the type for CAC is GSA CAC)
name of a Java class that the smart card code requires
unique 64-bit identifier that the smart card provides
smart card label that the smart card provides (for example, HISLOP.GREG.1234567890)
6. pushes the current IT policy to the BlackBerry Smart Card Reader
Creating two-factor authentication methods
The BlackBerry Java Development Environment version 5.0 includes the User Authenticator API that a developer can use
to create two-factor authentication methods. A user can use the two-factor authentication methods with the BlackBerry
device password to unlock a BlackBerry device. After the developer creates an authentication method using the User
Authenticator API, you can install the authentication method on the
BlackBerry device using a software configuration.
To configure the BlackBerry device so that the user must provide the BlackBerry device password and authenticate using a
two-factor authentication method before the
BlackBerry device unlocks, you change the Allowed Authentication
Mechanisms IT policy rule to Other and configure the Is Access to the User Authenticator API Allowed application control
policy rule.
Security Technical Overview Configuring two-factor authentication and protecting Bluetooth connections
133