VP and Head of U.S. Public Sector Q&A

Jeffrey Ait shares why he joined BlackBerry

BlackBerry Apps

BBM Protected demo caught on video

Editorial

Thoughts on BlackBerry opening BB10 to non-BES MDM

Enterprise

BlackBerry's President of Enterprise talks about why they're opening up on MDM

News & Rumors

EZ Pass migration tool now available for BES10

BlackBerry Media

Check out the #TechCIT chat on Twitter this Thursday

Enterprise

How BlackBerry is defending its enterprise stronghold

Enterprise

BlackBerry CEO says Good is not good enough when it comes to security

Editorial

Maybe now BBM will really become an enterprise service

Editorial

It’s clear to me that BlackBerry needs to become a premium device in the enterprise

BlackBerry Media

Rocky Mountain Human Services deploys BES10 and BlackBerry 10

Enterprise

BlackBerry hosting #EMMRealities Twitter chat tonight at 6pm ET

News & Rumors

BlackBerry warns of TIFF-based BES vulnerability

News & Rumors

BlackBerry users grin smugly as iOS update wreaks Exchange server havoc; opens passcode vulnerability

News & Rumors

More BlackBerry 10 webcasts, guides and ebooks now available to help get your enterprise on

News & Rumors

RIM introduces BlackBerry 10 Ready Program for Enterprise customers

News & Rumors

Gregg Ostrowski talks a bit about the BlackBerry 10 Jam World Tour Enterprise Edition [video]

News & Rumors

BlackBerry Mobile Fusion 6 Service Pack 2 Now Available

News & Rumors

BlackBerry Enterprise Server 5 update now available for Novell GroupWise

News & Rumors

RIM launches BlackBerry Partners for Enterprise portal

< >

BlackBerry Smart Card reader receives FIPS approval

By IsaacKendall on 21 Jul 2011 10:28 am EDT
5
loading...
4
loading...
48
loading...
Smart Card Reader (front)

OK time to get your enterprise propeller hat on, the BlackBerry Smart Card reader has now been given FIPS 140-2 approval.  If you know what that means, you're excited at this good news and can now scroll down and click on the link to the NIST Computer Security Resource Center for more enterprise pr0n.  If you have no idea what a FIPS certification on a Smart Card reader is, I'll give you a quick snapshot without putting you to sleep.

We got a real world glimpse of the Smart Card reader in action just last week when Kevin posted the video inside the next generation police car powered by a BlackBerry PlayBook.  Essentially the Smart Card reader provides two-factor authentication to use your BlackBerry.  First factor presumably would be the device password and the second is your smart card inserted in the card reader and is witinh the 30-foot Bluetooth range of your BlackBerry smartphone.

That's really all it is.  This is a product that would be used by the extremely sensitive crowd who can't risk the content stored on a BlackBerry be compromised. Some may ask "Isn't the BlackBerry password good enough?  After 10 tries it wipes the device back to factory out-of-the-box doesn't it?"

Well yes it does, but if I put my device down it could be anywhere from 5 to 30 minutes before the lock enables itself.  If a police officer leaves this next generation police car in pursuit of a suspect and leaves the BlackBerry in the vehicle with the smart card reader in his pocket, the BlackBerry will lock up when the two pieces leave Bluetooth range. Keep reading for more.

OK so what is a FIPS 140.2 certification?  FIPS - Federal Information Processing Standard - this is the cryptographic gold standard for the US government and is the required standard for many government agencies on their computers and handheld devices.  The FIPS 140-2 certification is issued by the National Institute of Standards and Technology.  A FIPS 140-2  certificate applies to an exact module name, hardware, software, firmware and/or applet version.  Translation: if RIM needs to 'tweek' something on this device it will need to be re-certified by NIST to maintain the 140-2.

There you go, now we're all smart card and FIPS 140-2 experts! Well, not really, but in the wake of all the news lately that RIM's customers are jumping ship, they still hold one very strong position in the very secure corporate and government needs.  For the other smartphone competitors, there is no app for that.

More information on the BlackBerry Smart Card Reader
Not for the faint of heard - NIST FIPS Certifications

Reader comments

BlackBerry Smart Card reader receives FIPS approval

13 Comments
Sort by Rating

while I dont need FIPS level security, the ability to pair a phone with ANY bluetooth device and as long as it's within range, the device stays unlocked, and then locks automatically when it goes out of range, would be pretty convenient for us regular folks.

Some of the Air Force recruiting teams have these for their BlackBerrys. I've actually seen one in action and they are pretty cool. I can see how this would bring peace of mind to those who have highly sensitive data on their devices.

My IT department is very excited about this.. They have been notifying everyone that they will be implimenty the BB Smart Card in the up coming months.. I think its a great idea!

Slightly unrelated, but this reminds me of the Motorola Titanium stories we all read last week -- Motorola's ruggedized Blackberry knock-off that meets MilSpec 810G. Would love to see RIM transition the Curve into a ruggedized model that, in addition to FIPS 140-2, can meet MilSpec 810G.

"strong position in the very secure corporate and government needs.  For the other smartphone competitors, there is no app for that."

Couldn't have said it better myself. Very funny btw.

"Essentially the Smart Card reader provides two-factor authentication to use your BlackBerry. First factor presumably would be the device password and the second is your smart card inserted in the card reader"...

You do get 2-factor auth, but this isn't exactly how it works. The password is actually the decryption key to the small memory on the smart card. That decryption key unlocks the smart card which allows a your private key PKI digital certificate to be transferred to the BlackBerry from the card. The certificate itself is what decrypts data on the device, unlocks the device, etc..

But, But, But. How can this be. Research in Motion ONLY makes smartphones, says the Haters.

Yup RIM knows how to deverisfy.

This should help defend RIM even more. So no people can scan there cards to enter their security room that houses the QNX power Nuclear Power Plant computer.

Amazing. Now how about a personal version? :D My inbox gets some confidential law enforcement mumbo jumbo but I'm pretty certain we won't be getting smart cards just yet.

Also, some good news for BlackBerry fans, I have yet to see any iPhone or Android device in the hands of front line law enforcement. It's all BlackBerry, and they get used (and abused) A LOT. This is one userbase where the competitors don't seem to have even made a dent.