Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
131132133134135136137138139140
d stores the encrypted content protection key and encrypted ECC private keys in the device memory
e generates a 256-bit pseudorandom number
f computes the SHA-256 hash of the pseudorandom number and uses it to encrypt the symmetric key for the smart
card authenticator, and stores the symmetric key for the smart card authenticator in the device memory
g encrypts the pseudorandom number using the public key in the authentication certificate that you configured for
use with two-factor content protection, and stores the encrypted pseudorandom number in the device memory
h discards the pseudorandom number, the SHA-256 hash of the pseudorandom number, the ephemeral key, and the
key for the smart card authenticator
2. When the device locks, the device discards the content protection key and ECC private keys.
3. When a user unlocks the device, the device retrieves the encrypted copy of the pseudorandom number from the device
memory and sends it to the smart card authenticator.
4. The smart card authenticator decrypts the encrypted copy of the pseudorandom number that was stored in the device
memory.
5. The device performs the following actions:
a retrieves the encrypted copy of the key for the smart card authenticator from the device memory and decrypts it
using the SHA-256 hash of the decrypted pseudorandom number
b uses the key for the smart card authenticator and the device password to generate a 256-bit ephemeral key
c uses the 256-bit ephemeral key to decrypt the ECC private keys and content protection key
d repeats steps 1e to 1h
The device generates a new pseudorandom number each time the user unlocks the device.
Unbinding a smart card from a device
When you or a BlackBerry device user deletes all device data or turns off two-factor authentication, the BlackBerry device
turns off two-factor authentication with the installed smart card and permanently deletes the binding information for the
smart card from the device.
The device permanently deletes the binding information for the smart card from the NV store in application storage so that
a user can authenticate with the device using a new smart card. You can permanently delete the binding information for
the smart card from the device by sending the Delete all device data and remove device IT administration command to the
device.
Security Technical Overview Configuring two-factor authentication and protecting Bluetooth connections
135