User Guide

Security

2.Click Security Options.

3.Click Advanced Security Options.

4.Click Key Stores.

5.Change the Accept Unverified CRLs field to No.

6.Press the Menu key.

7.Click Save.

Your BlackBerry® device rejects certificate revocation lists from CRL servers that the BlackBerry® MDS Connection Service cannot verify.

Smart cards

About using a smart card with your device

Smart cards store certificates and private keys. You can use a smart card reader to import certificates from a smart card to the key store on your BlackBerry® device, but you cannot import private keys. As a result, private key operations such as signing and decryption use the smart card, and public key operations such as verification and encryption use the public certificates on your device.

If you use a smart card certificate to authenticate with your device, after you connect your smart card reader to your device, your device requests authentication from the smart card each time that you unlock your device.

You can install multiple smart card drivers on your device, including drivers for microSD smart cards, but you can only authenticate to one smart card at a time. If you are authenticating using a microSD smart card and you want to transfer media files between your microSD smart card and your computer in mass storage mode, you must temporarily turn off two-factor authentication or select a different authentication option.

If the S/MIME Support Package for BlackBerry® devices is installed on your device, you can use smart card certificates to send S/MIME- protected messages.

About two-factor authentication

Two-factor authentication is designed to provide additional security for your BlackBerry® device. Two-factor authentication requires an item that you have (for example, a smart card) and an item that you know (for example, a pass phrase). You can also use the connection to your smart card reader to authenticate, without requiring a smart card to be present.

You can use a smart card for two-factor authentication when you unlock your device, or you can use a software token for two-factor authentication when you use your device with RSA® software as a hardware token. If you have a Wi-Fi® enabled BlackBerry device, you can also use a software token for two-factor authentication when you log in to a VPN or connect to a Wi-Fi network.

Depending on your BlackBerry device model and the two-factor authentication settings that you choose, you might need to type your pass phrase when you perform one of the following actions:

unlock your BlackBerry device

change a general security option on your BlackBerry device

change a smart card option

use your BlackBerry device with RSA software

285

Page 287
Image 287
Blackberry PRD-12528-103 manual Smart cards, About using a smart card with your device, About two-factor authentication