Smart cards
About using a smart card with your device
Smart cards store certificates and private keys. You can use a smart card reader to import certificates from a smart card to the
key store on your BlackBerry® device, but you cannot import private keys. As a result, private key operations such as signing
and decryption use the smart card, and public key operations such as verification and encryption use the public certificates on
your device.
If you use a smart card certificate to authenticate with your device, after you connect your smart card reader to your device,
your device requests authentication from the smart card each time that you unlock your device.
You can install multiple smart card drivers on your device, including drivers for microSD smart cards, but you can only
authenticate to one smart card at a time. If you are authenticating using a microSD smart card and you want to transfer media
files between your microSD smart card and your computer in mass storage mode, you must temporarily turn off two-factor
authentication or select a different authentication option.
If the S/MIME Support Package for BlackBerry® devices is installed on your device, you can use smart card certificates to send
S/MIME-protected messages.
Turn on two-factor authentication
To perform this task, you must have set a password for your BlackBerry® device and have the smart card password that you
received with your smart card.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Password.
• To use a smart card and your device password to unlock your device, set the Authentication Type field to Smart Card.
• To use your connected smart card reader (even if the smart card is not inserted) and your device password to unlock
your device, set the Authentication Type field to Proximity. Select the Prompt for Device Password check box.
3. Press the
key > Save.
Import a certificate from a smart card
1. On the Home screen or in a folder, click the Options icon.
User Guide
Security
292
2. Click Security > Advanced Security Settings > Certificates.
3. Press the
key > Import Smart Card Certs.
4. Type your smart card password.
5. Select the check box beside a certificate.
6. Click OK.
7. Type your key store password.
8. Click OK.
Lock your device when you remove your smart card from your smart card
reader
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Password.
3. If necessary, change the User Authenticator field to Smart card.
4. Change the Lock On Card Removal field to Enabled.
5. Press the
key > Save.
About smart password entry
If you use advanced authentication and your BlackBerry® device password or smart card password is numeric, you might be
able to use smart password entry in some password fields. When smart password entry is turned on, your device is designed to
remember the format of a password that you type in a password field. When you type the password again, your device applies
a smart password filter to the password field. If the password is numeric, a 123 indicator appears beside the password field and
you do not have to press the Alt key to type numbers. If the password is alphanumeric, an ABC indicator appears beside the
password field.
To use smart password entry, advanced authentication must be turned on and the correct smart card driver and smart card
reader must be installed on your device.
Turn off smart password entry
To perform this task, you must be using a smart card and a password to unlock your BlackBerry® device.
You can turn off smart password entry to reduce the chance that someone might guess your device password or smart card
password based on the smart password filter that your device applies to password fields.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Password.
3. If necessary, change the User Authenticator field to Smart Card.
4. Set the Smart Password Entry field to Disabled.
5. Press the
key > Save.
To turn on smart password entry again, set the Smart Password Entry field to Enabled.
User Guide
Security
293
Switch smart password filters
In a blank password field, press the Enter key.
The indicator for the new smart password filter appears beside the password field.
Prerequisites: Using authentication certificates
• Your BlackBerry® device must have the correct smart card driver and smart card reader driver installed.
• You must have imported a certificate from your smart card that you can use for signing and verification.
• You must turn on advanced authentication.
• You must have set a device password.
• You must have the smart card password that you received with your smart card.
Use a certificate to authenticate your smart card
To perform this task, you must be using a smart card and a password to unlock your BlackBerry® device.
If you use a certificate to authenticate your smart card, the certificate authenticates your smart card whenever you use your
smart card to unlock your device.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Password.
3. If necessary, change the User Authenticator field to Smart card.
4. Change the Authentication Certificate field.
5. Press the
key > Save.
To stop using a certificate to authenticate your smart card, set the Authentication Certificate field to None.
Check the status of your authentication certificate automatically
To perform this task, you must be using a smart card and a password to unlock your BlackBerry® device.
1. On the Home screen or in a folder, click the Options icon.
2. Click Password.
3. If necessary, change the User Authenticator field to Smart Card.
4. Change the Certificate Status Check field.
5. Press the
key > Save.
If your device checks the status of your authentication certificate and finds that it is revoked or expired, your device locks.
User Guide
Security
294
Store the passphrase for your smart card on your device
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Smart Card.
3. Select the PIN Caching check box.
4. Press the
key > Save.
Your BlackBerry® device stores the passphrase for the same length of time as it stores your key store password.
Turn off notification for smart card connections
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Smart Card.
3. Clear the LED Session Indicator check box.
4. Press the
key > Save.
To turn on notification for smart card connections, select the LED Session Indicator check box.