Benutzeranleitung / Produktwartung PRD-09695-004 des Produzenten BlackBerry
Zur Seite of 34
BlackBerry Smart Card Reader Ve r s i o n 2.0 Securi ty T echnical Ov erview.
Con ten ts BlackBerry Smart Card Reader ................................................................................................... ............................. 4 Authenticating a user using a smart card ......................................
BlackBerry Smart Card Reader sh ared cryptosystem parameters .................................................................... .2 5 Examples of attacks that the BlackBerry S mart Card Re ader security protocols are designed to prevent .. 26 Eavesdropping .
BlackBerry Smart Car d R eader The BlackBerry® Smart Card Reader is an accessory that, when used in proximity to certain Bluetooth® enabled BlackBerry devices and computers, permits users to authen ticate with their smart cards and log in to Bluetooth enabled BlackBerry devices and computers.
New in this r elease Feature Description proximity authentication Proximity authentication is an authentication method that permits a user to unlock a BlackBerry® device using a BlackBerry device pas.
System r equir emen ts The BlackBerry® Smart Card Reader supports th e following software and BlackBerry devices: BlackBerry Enterprise Server software Computer BlackBerry devices • BlackBerry® Enterprise Server version 4.
System ar chi tectur e The BlackBerry® Smart Card Reader is designed to conne ct to a Bluetooth® enabled BlackBerry device and a Bluetooth enabled computer. The BlackBerry Smart Card R eader supports using certificates tha t a PKI generates with a BlackBerry device.
BlackBerry En terprise Solution securi ty The BlackBerry® Enterprise Solution is designed to encrypt da ta that is in transit at a ll points between a BlackBerry device and the BlackBerry® Enterprise Server to help protec t your organization from data loss or alteration.
Restricting Bluetooth technology on a Bluetooth enabled computer On a Bluetooth® enabled computer, when a Bluetooth wirele ss adaptor exists and is turned on, the computer also installs Bluetooth drivers (and a personal area networking device, optionally) for that wireless adaptor.
BlackBerry Smart Car d R eader securi ty The BlackBerry® Smart Card Reader is designed to prevent offline and online dictionary attacks using the following security methods.
11 Security method Description code signing Before a user can run a permitted th ird-party application th at uses the controlled APIs on the BlackBerry device, the Res earch In Motion signing authority system must use public key cryptography to au thorize and authenticate the application code.
• prevent third-party applications that have obtained a digital signature from the Research In Motion signing authority system from using the BlackBerry device controlled APIs to do anything other t.
13 IT policy rule Description Maximum Connection Heartbeat Period This rule specifies the maximum h eartbeat period, in seconds. During each heartbeat period, the paired Blac kBerry device or computer sends a heartbeat, which the BlackBerry Smart Card Reader acknowledges.
14 IT policy rule Description Maximum PC Long Term Timeout This rule specifies the maximum time, in hours, after a computer and the BlackBerry Smart Card Reader open the secure pairing connection between them that th e computer and the BlackBerry Smart Card Reader delete the secure pairing information.
Card Reader and the BlackBerry device or computer. By default, the secure pairing PIN is 8 characters long and is case-sensitive. If your organization uses BlackBerry Smart Card Reader version 2.
4. The BlackBerry Smart Card Reader creates a list of all the algorithms that it supports and sends the supported algorithms list to the BlackBerry device or computer. 5. The BlackBerry device or computer searches the list for a match with one of its own supported algorithms.
The connection key establishment protoc ol uses the ECDH algorithm that th e initial key establishment protocol negotiates. The ECDH algorithm provides Perfect Forward Secrecy, which uses the key that protects data to prevent the protocol from deriving previous or subsequent encryp tion keys.
For more information about variables used in this process, see “ BlackBerry Smart Card Reader shared cryptosystem parameters ”. The connection key establishment protocol can stop at any point if an error occurs. For more information, see “ Connection key establishment protocol errors ”.
• The BlackBerry device binds to the installed smart ca rd automatically by storing the smart card binding information in a BlackBerry device NV store location, which is designed to be inaccessible to the user. For more information, see “Smart card binding information ”.
P r oximi ty authen tica tion Proximity authentication is an authen tication method that permits a user to unlock a BlackBerry ® device using the BlackBerry device password and the BlackBerry® Smart Card Reader within Bluetooth® technology range of the BlackBerry device.
factor content protection mandatory or optional, or to prev ent a user from configuring it, you can use the Two-factor Content Protection Usage IT policy rule.
BlackBerry Smart Car d R eader supported algori thms Algorithm type Algorithm elliptic curve (default) • 571-bit Koblitz Curve (EC571K1) • 521-bit Random Curve (EC521 R1) • 283-bit Koblitz Curve.
Connection k ey establishmen t pr otocol err ors During the connection key establishment protocol process, if an error occurs on the BlackBerry® device, the computer, or the BlackBerry® Smart Card Reader, that party sends an error c ode to the other party negotiating the connection key.
Applica tion la y er pr otocol encryption and authen tica tion By default, each data packet that a BlackBerry® device or computer and the BlackBerry® Smart Card Reader send between them is authentic.
BlackBerry Smart Car d Reader shar ed cryptosystem parame ters The BlackBerry® Smart Card Reader and a BlackBerry device or computer with the BlackBerry Smart Card Reader software and drivers installed are designed to share the following cryptosystem parameters.
Examples of a ttacks tha t the BlackBerry Smart Car d R eader securi ty pr otocols are designed to pr ev en t Eavesdropping An eavesdropping event occurs when a user with malici ous intent listens to the communication between the BlackBerry® Smart Card Reader and a BlackBerry device or co mputer.
yxS = yxzP , for some z such that S = zP . To calculate yxP from yzxP without knowledge of z corresponds to solving the discrete logarithm problem, which is computationally infeasible, for S .
Smart car d binding informa tion When you or a user turns on two-factor authentication on a BlackBerry® device, the BlackBerry device binds to the installed smart card automatically by storing the fo.
BlackBerry Smart Car d Reader r ese t process When a user resets the BlackBerry® Smart Card Reader, the BlackBerry Smart Card Reader performs the following actions: • backs up the Bluetooth® encry.
R ela ted r esour ces Resource Information BlackBerry Enterprise Solution Security Technical Overview • preventing the decryption of information at an intermediate point between the BlackBerry® dev.
Glossary AES Advanced Encryption Standard API application programming interface CBC cipher block chaining ECDH Elliptic Curve Diffie-Hellman HMAC keyed-hash message authentication code LAN local area .
P r ovide feedback To provide feedback on this deliverable, visit www.blackberry.com/docsfeedback . 32.
Legal notice Document ID: 25979072 version 3 ©2009 Research In Motion Limited. All righ ts reserved. BlackBerry®, RIM® , Research In Motion®, Sure Type®, SurePress™ and relate d trademar ks, names, and logos are the property of Research In Motion Limited and are registered and/or used in the U.
should not install or use Third Party Produc ts and Services until all necess ary licenses have been acqui red. Any Third Party Pr oducts and Services that are provided with RIM's products and se.
Ein wichtiger Punkt beim Kauf des Geräts BlackBerry PRD-09695-004 (oder sogar vor seinem Kauf) ist das durchlesen seiner Bedienungsanleitung. Dies sollten wir wegen ein paar einfacher Gründe machen:
Wenn Sie BlackBerry PRD-09695-004 noch nicht gekauft haben, ist jetzt ein guter Moment, um sich mit den grundliegenden Daten des Produkts bekannt zu machen. Schauen Sie zuerst die ersten Seiten der Anleitung durch, die Sie oben finden. Dort finden Sie die wichtigsten technischen Daten für BlackBerry PRD-09695-004 - auf diese Weise prüfen Sie, ob das Gerät Ihren Wünschen entspricht. Wenn Sie tiefer in die Benutzeranleitung von BlackBerry PRD-09695-004 reinschauen, lernen Sie alle zugänglichen Produktfunktionen kennen, sowie erhalten Informationen über die Nutzung. Die Informationen, die Sie über BlackBerry PRD-09695-004 erhalten, werden Ihnen bestimmt bei der Kaufentscheidung helfen.
Wenn Sie aber schon BlackBerry PRD-09695-004 besitzen, und noch keine Gelegenheit dazu hatten, die Bedienungsanleitung zu lesen, sollten Sie es aufgrund der oben beschriebenen Gründe machen. Sie erfahren dann, ob Sie die zugänglichen Funktionen richtig genutzt haben, aber auch, ob Sie keine Fehler begangen haben, die den Nutzungszeitraum von BlackBerry PRD-09695-004 verkürzen könnten.
Jedoch ist die eine der wichtigsten Rollen, die eine Bedienungsanleitung für den Nutzer spielt, die Hilfe bei der Lösung von Problemen mit BlackBerry PRD-09695-004. Sie finden dort fast immer Troubleshooting, also die am häufigsten auftauchenden Störungen und Mängel bei BlackBerry PRD-09695-004 gemeinsam mit Hinweisen bezüglich der Arten ihrer Lösung. Sogar wenn es Ihnen nicht gelingen sollte das Problem alleine zu bewältigen, die Anleitung zeigt Ihnen die weitere Vorgehensweise – den Kontakt zur Kundenberatung oder dem naheliegenden Service.