BlackBerry Curve 8530 8520 - Smart cards

background image

Smart cards

About using a smart card with your device

Smart cards store certificates and private keys. You can use a smart card reader to import certificates from a smart card to the key store on
your BlackBerry® device, but you cannot import private keys. As a result, private key operations such as signing and decryption use the smart
card, and public key operations such as verification and encryption use the public certificates on your device.

If you use a smart card certificate to authenticate with your device, after you connect your smart card reader to your device, your device requests
authentication from the smart card each time that you unlock your device.

You can install multiple smart card drivers on your device, including drivers for microSD smart cards, but you can only authenticate to one smart
card at a time. If you are authenticating using a microSD smart card and you want to transfer media files between your microSD smart card
and your computer in mass storage mode, you must temporarily turn off two-factor authentication or select a different authentication option.

If the S/MIME Support Package for BlackBerry® devices is installed on your device, you can use smart card certificates to send S/MIME-
protected messages.

About two-factor authentication

Two-factor authentication is designed to provide additional security for your BlackBerry® device. Two-factor authentication requires an item
that you have (for example, a smart card) and an item that you know (for example, a pass phrase). You can also use the connection to your
smart card reader to authenticate, without requiring a smart card to be present.

You can use a smart card for two-factor authentication when you unlock your device, or you can use a software token for two-factor authentication
when you use your device with RSA® software as a hardware token. If you have a Wi-Fi® enabled BlackBerry device, you can also use a software
token for two-factor authentication when you log in to a VPN or connect to a Wi-Fi network.

Depending on your BlackBerry device model and the two-factor authentication settings that you choose, you might need to type your pass
phrase when you perform one of the following actions:

unlock your BlackBerry device

change a general security option on your BlackBerry device

change a smart card option

use your BlackBerry device with RSA software

User Guide

Security

286

background image

log in to a VPN

connect to a Wi-Fi network

Turn on two-factor authentication

To perform this task, you must have set a password for your BlackBerry® device and have the smart card password that you received with your
smart card.

1.

On the Home screen or in a folder, click the Options icon.

2. Click Password.
3. Perform one of the following actions:

• To use a smart card and your device password to unlock your device, set the User Authenticator field to Smart Card.
• To use your connected smart card reader (even if the smart card is not inserted) and your device password to unlock your device, set

the User Authenticator field to Proximity. Set the Prompt for Device Password field to Yes.

4. Press the Menu key.
5. Click Save.

Import a certificate from a smart card

1.

On the Home screen or in a folder, click the Options icon.

2. Click Security Options.
3. Click Advanced Security Options.
4. Click Certificates.
5. Press the Menu key.
6. Click Import Smart Card Certs.
7. Type your smart card password.
8. Select the check box beside a certificate.
9. Click OK.
10. Type your key store password.
11. Click OK.

Lock your device when you remove your smart card from your smart card reader

1.

On the Home screen or in a folder, click the Options icon.

2. Click Password.
3. If necessary, change the User Authenticator field to Smart card.
4. Change the Lock On Card Removal field to Enabled.
5. Press the Menu key.
6. Click Save.

User Guide

Security

287

background image

About smart password entry

If you use advanced authentication and your BlackBerry® device password or smart card password is numeric, you might be able to use smart
password entry in some password fields. When smart password entry is turned on, your device is designed to remember the format of a password
that you type in a password field. When you type the password again, your device applies a smart password filter to the password field. If the
password is numeric, a 123 indicator appears beside the password field and you do not have to press the Alt key to type numbers. If the password
is alphanumeric, an ABC indicator appears beside the password field.

To use smart password entry, advanced authentication must be turned on and the correct smart card driver and smart card reader must be
installed on your device.

Turn off smart password entry

To perform this task, you must be using a smart card and a password to unlock your BlackBerry® device.

You can turn off smart password entry to reduce the chance that someone might guess your device password or smart card password based
on the smart password filter that your device applies to password fields.
1.

On the Home screen or in a folder, click the Options icon.

2. Click Password.
3. If necessary, change the User Authenticator field to Smart Card.
4. Set the Smart Password Entry field to Disabled.
5. Press the Menu key.
6. Click Save.

To turn on smart password entry again, set the Smart Password Entry field to Enabled.

Switch smart password filters

In a blank password field, press the Enter key.

The indicator for the new smart password filter appears beside the password field.

Prerequisites: Using authentication certificates

Your BlackBerry® device must have the correct smart card driver and smart card reader driver installed.

You must have imported a certificate from your smart card that you can use for signing and verification.

You must turn on advanced authentication.

You must have set a device password.

You must have the smart card password that you received with your smart card.

User Guide

Security

288

background image

Use a certificate to authenticate your smart card

To perform this task, you must be using a smart card and a password to unlock your BlackBerry® device.

If you use a certificate to authenticate your smart card, the certificate authenticates your smart card whenever you use your smart card to
unlock your device.
1.

On the Home screen or in a folder, click the Options icon.

2. Click Password.
3. If necessary, change the User Authenticator field to Smart card.
4. Set the Authentication Certificate field.
5. Press the Menu key.
6. Click Save.

To stop using a certificate to authenticate your smart card, set the Authentication Certificate field to None.

Check the status of your authentication certificate automatically

To perform this task, you must be using a smart card and a password to unlock your BlackBerry® device.

1.

On the Home screen or in a folder, click the Options icon.

2. Click Password.
3. If necessary, change the User Authenticator field to Smart Card.
4. Change the Certificate Status Check field.
5. Press the Menu key.
6. Click Save.

If your device checks the status of your authentication certificate and finds that it is revoked or expired, your device locks.

Use a certificate to encrypt the encryption keys on your device

To perform this task, your work email account must use a BlackBerry® Enterprise Server that supports this feature. For more information, contact
your administrator.

If you have encryption for data in the BlackBerry device memory turned on and your smart card reader supports this feature, you might be able
to use a certificate from the smart card to encrypt the encryption keys on your device.
1.

On the Home screen or in a folder, click the Options icon.

2. Click Security Options.
3. Click Encryption.
4. Change the Two-Factor Protection field to Enabled.
5. Press the Menu key.
6. Click Save.

User Guide

Security

289

background image

Store the pass phrase for your smart card in the application memory

1.

On the Home screen or in a folder, click the Options icon.

2. Click Security Options.
3. Click Smart Card.
4. Change the PIN Caching field to Enabled.
5. Press the Menu key.
6. Click Save.

Your BlackBerry® device stores the pass phrase for the same length of time as it stores your key store password.

Turn off notification for smart card connections

1.

On the Home screen or in a folder, click the Options icon.

2. Click Security Options.
3. Click Smart Card.
4. Change the LED Session Indicator field to Disabled.
5. Press the Menu key.
6. Click Save.

To turn on notification for smart card connections, change the LED Session Indicator field to Enabled.