CAC Integration with the RIM 957greenspun.com : LUSENET : Wireless Security : One Thread |
Several months ago, The Department of the Navy CIO's office met with Research In Motion engineers to discuss the possibly of using a Common Access Card to provide an additional layer of security for BlackBerry devices. Our concerns with the existing BlackBerry 957 were related to the device itself, not the backend infrastructure which actually moved the data throughout the system. If the device were lost or stolen, there would be a period of time where the finder or theif could impersonate the owner. In addition, this finder or thief would have access to all of the information locally stored on the device. We at the DON CIO found this risk to be unacceptable. RIM was very responsive and decided to work towards producing a CAC enabled BlackBerry. This integration would be against the "Tachyon" platform because of the faster CPU.Rick Therrien, Rebecca Nielsen and myself met with RIM engineers to discuss how the CAC enabled BlackBerry should function. Below is a summary of our thinking ...
- Without a CAC, the BlackBerry has NO functionality! Period!
- Power on the BlackBerry with the CAC in the reader, the user must submit the correct PIN to unlock. Three unsuccessful PIN attempts and the CAC is disabled. No CAC, no functionailty!
- Pull out the CAC and the device locks. Submit PIN to unlock.
- Inactivity on the device and the device locks. Inactivity time should be set using software variable. Submit PIN to unlock.
- Send signed email using the digital certificates stored on the CAC.
Questions remain on how to check a received signed email's certificate. Anyone have thoughts on this ?
-- Anonymous, November 07, 2001