• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] BB Sled for Workstation use
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] BB Sled for Workstation use

  • Subject: Re: [Fed-Talk] BB Sled for Workstation use
  • From: "Ridley J. DiSiena" <email@hidden>
  • Date: Mon, 8 Jun 2009 13:49:45 -0700

Couple additional points:

  • The RIM BT reader is not on the FIPS approved products list
  • Also keep in mind that if you are currently using a smartcard to authenticate in pre-boot for full-disk encryption (or plan to), many of those products do not have a Bluetooth stack for pre-boot, making a bluetooth reader useless for that application.

-Ridley

On Jun 8, 2009, at 1:34 PM, Timothy J. Miller wrote:

Cockayne, Bill (NIH/CIT) [C] wrote:
Has anyone out there ever used a smartcard in a Blackberry sled to
provide “hands off” authentication to Bluetooth enabled workstations?

Not with the sled, but we have with the external bluetooth readers.

You can't do it with the RIM BT reader because the extra cryptographic
binding layer uses a OTP-like scheme.  So you'd have to enter the OTP at
the workstation anyway.

The Apriva BT reader can work in this mode, but it can't be bound to
*both* the BB and the workstation at the same time.  That's a bluetooth
limit *and* a limit of the additional crypto binding layer.

However:

1) It's not reliable.

2) It's a really *really* REALLY *REALLY* bad idea (i.e., it works
through walls, floors, and ceilings).

3) PIV authentication certs use the PIN-every-time access rule, so you'd
*still* have to enter the PIN on the workstation to log in.

Just Say No to your leadership on this one.  (It's always senior leaders
who want this.  And doctors.  I suppose you have both.  :)

-- Tim


<smime.p7s><ATT00001.txt>

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • RE: [Fed-Talk] BB Sled for Workstation use
      • From: "Disiena, Ridley J. (GRC-VO00)[DB Consulting Group, Inc.]" <email@hidden>
References: 
 >[Fed-Talk] BB Sled for Workstation use (From: "Cockayne, Bill (NIH/CIT) [C]" <email@hidden>)
 >Re: [Fed-Talk] BB Sled for Workstation use (From: "Timothy J. Miller" <email@hidden>)

  • Prev by Date: [Fed-Talk] RE: BB Sled for Workstation use
  • Next by Date: RE: [Fed-Talk] BB Sled for Workstation use
  • Previous by thread: Re: [Fed-Talk] BB Sled for Workstation use
  • Next by thread: RE: [Fed-Talk] BB Sled for Workstation use
  • Index(es):
    • Date
    • Thread