baiMobile®™ Bluetooth Smart Card Reader

What is a Bluetooth smart card reader?

The baiMobile™ Bluetooth Smart Card reader permits the mobile user to perform the same smart card functions on a smartphone that are available on a desktop PC. Using his or her smart card, the mobile user can digitally sign and decrypt email, as well as log on to web sites (and other applications) that require smart card authentication. The reader also functions as a badge holder with the printed identification features of the card exposed for visual inspection.

Why would I need a Bluetooth smart card reader?

Certain organizations, such as the US Department of Defense and other branches of the government, have issued smart cards for logical and physical access. If your smart card is required to access your email account or to access network resources from a desktop or laptop, then your smart card will also be required to perform these same functions from a smartphone. The baiMobile™ reader creates a secure Bluetooth connection to your smartphone.

What makes the baiMobile™ Bluetooth smart card reader secure?

The baiMobile™ Bluetooth smart card reader includes baiMobile™ middleware and driver files installed on your smartphone that have the following security features:

• Pairing
  The device pairing process involves exchanging a randomly generated Bluetooth pairing key between the baiMobile™ reader and the smartphone. This process ensures that the maximum size and strength authentication and encryption mechanisms available to Bluetooth are employed. Pairing information (Bluetooth and AES related material) are securely exchanged between the smartphone and the baiMobile™ reader over the supplied mini-USB cable.
• Link level security (mode 3)
  Link level security (mode 3) is enforced on both the reader and the smartphone. Link level authentication plus encryption is the highest Bluetooth security setting.
• Discoverability
  Both the reader and the phone are set to the "non-discoverable" mode at all times - hidden from all other Bluetooth devices and rejecting all other pairing requests. The reader can not be discovered by other Bluetooth devices in range and it will reject all pairing requests from other Bluetooth devices.
• Encryption
  FIPS 140-2 approved AES-256 encryption overlay is used for all Bluetooth sessions between reader and the smartphone.
• Bluetooth lockdown
  All user interfaces to the smartphone's Bluetooth stack are eliminated, per NSA specifications. This prevents the user from inadvertently opening a "backdoor" on the phone that a hacker could exploit.
• Pairing with multiple devices
  This consumer convenience feature in some Bluetooth versions is disabled on the smartphone for obvious security reasons.
• Other Bluetooth profiles
  All other Bluetooth profiles (except the USB profile) are disabled on the smartphone.

Will the baiMobile™ Bluetooth smart card reader work with my phone?

The baiMobile™ Bluetooth smart card reader requires baiMobile™ middleware and drivers to be installed on your phone. Initially, this application is only available on certain Windows Mobile phones. Other operating systems may be supported in 2010. Before purchasing the baiMobile™ Bluetooth smart card reader please check our web site for the most current list of supported devices here.

Can I pair the baiMobile™ Bluetooth smart card reader with more than one phone?

No. The baiMobile™ Bluetooth smart card reader will only pair with one phone with the required middleware and drivers installed. Conversely, your smartphone with only pair with one (1) reader and/or the baiMobile™ Secure Bluetooth Headset.

How often should I charge my Reader?

The Reader should be charged whenever the battery low notification appears on your phone.

Can the smartphone be "unpaired" with the Reader?

The only way to "un-pair" the smartphone to the Reader is to do either 1) pair with another Reader, 2) removed the installed baiMobile™ programs (contact your system administrator for instructions) or 3) perform a "hard reset" which will return the device to the original factory default settings. Warning - this will delete all user-installed programs and all user data such as contacts and emails.

Can I use someone else's CAC in my Reader?

After the initial pairing, the certificates from your CAC are loaded into the "certificate store" on your device. If you attempt to use another CAC, the certificates on the new CAC will replace the certificates from the original CAC. This may prevent you from signing and/or decrypting emails and documents, even if you reinsert your CAC. You will need to reinsert your CAC and run the CAC Explorer program. This will place your original certificates back into your device's certificate store.

Can I still use other Bluetooth® devices such as a headset or "hands free" car kits?

The only Bluetooth headsets are currently prohibited approved for use within the US Department of Defense due to security issues. The soon to be released is the baiMobile™ Secure Bluetooth Headset will be submitted for approval in Q1, 2010. National Security Agency (NSA) specifications for secure Bluetooth communications for DoD and most Federal Government agencies require that once a Windows Mobile device has been "paired" with a Reader, all other Bluetooth® functionality is disabled. However, wired headsets will still function.

What are the components of the baiMobile™ solution?

The baiMobile™ solution includes the baiMobile™ Wireless Smart Card Reader and the following middleware, applications, drivers and firmware components: