baiMobile™ Wireless CAC Reader

baiMobile™ Wireless CAC Reader
Model 3000MP Bluetooth Smart Card Reader
User Guide
for Apple iPhone 3Gs, 4, 4s and iPad 1, 2, 3, 4 and mini
Version 3.1 30000MP
Date: April 14, 2013
Support
For support relating to baiMobile™ Bluetooth Smart Card Readers:
Biometric Associates, Inc
Main Office (410) 252-7210
support@baimobile.com
Field support:
Michael Smith
(407) 823-8130 (cell)
msmith@baimobile.com
Contents
Before you get started ................................................................................................ 5
Proper Care of your baiMobile™ 3000MP Bluetooth Smart Card Reader .......................... 5
Welcome ................................................................................................................... 5
Hardware and Software Requirements .......................................................................... 5
Hardware Requirements ........................................................................................... 5
Software Requirements ............................................................................................ 6
baiMobile™ Middleware Libraries ............................................................................... 6
Supported Smart Cards ............................................................................................ 6
baiMobile™ Bluetooth Smart Card Reader Specifications ................................................. 7
Accessories ............................................................................................................... 8
Reader Basics ............................................................................................................ 8
Reader Features ...................................................................................................... 8
Power consumption ................................................................................................. 9
baiMobile Bluetooth adapter .................................................................................. 10
Apple Lightning adapter ........................................................................................ 11
Powering on the Reader ......................................................................................... 11
Accepting a Bluetooth connection ............................................................................ 12
Powering off the Reader ......................................................................................... 13
Charging the Reader .............................................................................................. 13
Upgrading the Reader Firmware ............................................................................. 14
LED Panel Icons .................................................................................................... 15
Home Screen ..................................................................................................... 15
Data Transfer Screen .......................................................................................... 15
Battery Status Icons .............................................................................................. 16
Inserting a CAC or PIV card .................................................................................... 16
Battery ................................................................................................................ 17
Reader Error Massages........................................................................................... 17
Pairing .................................................................................................................... 18
Troubleshooting - Pairing........................................................................................ 26
PAIRING FAQ ........................................................................................................ 27
Index...................................................................................................................... 29
iii
Before you get started
This User’s Guide is designed for the Apple iPhone™ 3Gs, 4, 4s and 5 smartphones and the
Apple iPad™, 2, 3, 4 and mini tablets with iOS version 4.0 and higher. If you are using
another device, the information herein may be different or may not apply. If you have
questions, contact your network administrator or email support@baimobile.com.
Proper Care of your baiMobile™ 3000MP Bluetooth Smart Card Reader
Your baiMobile™3000MP Bluetooth Smart Card Reader is an electronic product similar
to a cell phone or MP3 player that may be damaged by excessive moisture, sand, dirt and
impact. Taking proper care of your reader is essential for continued, trouble-free operation.
Welcome
The baiMobile™ solution for the Apple iPhone™ and iPad™ includes:
1. baiMobile™ 3000MP Reader
2. baiMobile™ Bluetooth adapter (connects to the 30-pin adapter at the bottom of
the iPhone/iPad)
3. Apple Lightning Adapter (required for the iPhone 5 and the iPad mini)
4. baiMobile™ libraries (middleware) – files that are provided to application developers
and are installed on your iPhone/iPad when the app is installed
This baiMobile 3000MP solution permits you to perform many of the same functions on a
mobile device that are available on a desktop PC including:

digitally sign and decrypt emails and documents

log on to web sites and network servers that require CAC or PIV authentication

other applications that require CAC or PIV authentication.
Hardware and Software Requirements
This section describes the minimum hardware and software requirements necessary to use
your Reader with an iPhone or iPad.
Hardware Requirements
Note 1:
Your iPhone must be provisioned – that is it must have certain middleware libraries and
APIs loaded in order for the baiMobile reader to function. These middleware libraries and
APIs are integrated into an app by the software developer and are installed when the app is
downloaded and installed. The files do not exist separately. Contact your administrator for
provisioning instructions.
5
Note 2:
Although iPhones and iPads have a built-in Bluetooth radio, it is not deemed secure by the
US Department of Defense. The baiMobile BTA001 Bluetooth adapter must be used for all
applications that require access to the baiMobile 3000MP Reader. The reader will not
pair with the iPhone unless 1) the baiMobile Bluetooth adapter is attached to the iPhone and
2) an app is installed that incorporates our middleware libraries and APIs.
Software Requirements
The following software components are required on your iPhone or iPad:
1. iOS version 4.0 or higher
2. an app containing the baiMobile middleware libraries (check
http://www.biometricassociates.com/products/smart-card-readers/ios-supportedapps/ for a complete list of supported applications)
baiMobile™ Middleware Libraries
The baiMobile middleware libraries consist of files stored on your iPhone™ that allow
iPhone applications and network servers to access the digital certificates and other
information stored on the Smart Card. The baiMobile middleware libraries are integrated
into various applications such as secure messaging, data at rest encryption and mobile VPN.
Supported Smart Cards
The baiMobile middleware libraries are designed to support the Common Access Card
(CAC) and the Personal Identity Verification (PIV) cards. Other additional middleware
libraries may be required to support other smart card types.
6
baiMobile™ Bluetooth Smart Card Reader Specifications
Specifications
Description
baiMobile 3000MP Bluetooth Smart Card Reader
Hardware Specifications
Dimensions
62 mm (2.44 in) wide x 110 mm (4.33 in) high x 20 mm (4.79 in) thick
Weight
70g (2.46 oz)
Status Indicator
LCD panel provides connection indication, signal strength, battery capacity, device
name, version info, aided pairing. Configurable LED indicators (use/don’t use) for
connection indication, user attention and LCD backlighting
Battery
Removable PolyFlex cell; rated capacity 580 mAh, normal voltage 3.7v; in low power
mode - 3.5mA, (~7 days batt life) On but BT connection; 14mA, (~2 days batt life) power
on with BT connection.
Power On / Off
Power on activated by card insertion and/or front OK button. Power off activated by
card removal or application/device security policy.
Charging Port
Mini-B USB (Charger included with Reader)
Wireless Communications
Communications Protocol
2.4 GHz frequency ISM band. IEEE 802.15.1 (Bluetooth) with full security enabled
RF Transmission range
10 meters
Supported Bluetooth versions
Devices with Bluetooth ver 2.1 and higher
Data Throughput
750 kb/s to 1 Mb/s
baiMobile Middleware Libraries / Security
Bluetooth & AES
Mode 4: service level security; FIPS 140-2 approved AES-256 encryption overlay
Authentication Method
S/MIME, SSL and PKI
Mobile Device Security
Custom Reader firmware; FIPS 140-2 certified version of the OpenSSL library on reader
and device/BTA100 (NIST certification number 1051); Optional integration with mobile
security software vendors providing secure messaging, data at rest encryption and
mobile VPN
Mobile Operating Systems
Supported Operating Systems
iPhone OS version 4.0 and higher, Android version 2.2 and higher. (Always confirm
device compatibility before purchasing).
7
Accessories
Included with your Reader is a charging cable, comprised of a plug and a mini-USB cable.
Reader Basics
Reader Features
Please familiarize yourself with the features of the baiMobile 3000MP Reader.
8

Blue LED indicator The blue LED indicator is located on the front portion of the
reader, facing the Smart Card. It will flash when the reader’s Bluetooth radio is on
and is transmitting or receiving data.

OK Button with White LED indicator The OK button is located on the front portion
of the reader. Certain functions, such as pairing and reconnecting to the iPhone,
require an acknowledgment by the user. A white LED indicator will flash whenever an
action or acknowledgment must be performed by the user.

Removable Battery/Battery Cover The reader battery is the only component that
will need to be replaced periodically, depending on usage. The battery is rated for
600 charge-discharge cycles, or about two years of normal use. Should the battery
need replacing, remove the battery cover and replace the old battery with a new
(baiMobile approved) battery. Note: This reader uses a battery custom built for the
reader. Inserting a battery other than a baiMobile approved battery will cause
serious damage to the reader and will void its warranty.

LED Display The LED display is located on the rear of the reader and will display
various messages and reader status icons when the reader is powered on.

MiniUSB Charging Port The reader’s battery is charged using a charging cable and
power supply. The power cable is inserted into the miniUSB port located at the
bottom of the reader. Note that the miniUSB port is for charging only and will not
support the transfer of data.
Power consumption
The baiMobile 3000MP smart card reader includes a low-power mode. The operation of the
low power modes is complex and based on idle timeouts.

Reader firmware version 2.2.0 and higher
o Full power consumption (50-60mA)
 During pairing
 During each reader or card command execution duration
 Each lasts a few seconds, max
o Idle Power Mode (25mA)
 Lasts 8 seconds after the last command execution is completed
o Low Power Mode – connected (3.5mA)
 Starts 8 seconds after the last command execution is completed
o Low Power Mode – not connected (3.5mA)
 Starts immediately after booting is complete (and LCD back light is off)
 Starts immediately following a disconnection from Bluetooth.
o For any duration that the LCD back light is on, add another 30mA, but the
back light only stays on for short durations (6 seconds, or during pairing, or
while holding down the button to see version number, etc.)
To calculate the length of time the reader could continue in any one of these modes, use
this equation:
Time in hours = 600 / (mA consumption)
For instance, while connected but in Low Power Mode (3.5mA)
600 / 3.5 = 171 hours (or over 7 days)
9
baiMobile Bluetooth adapter
Although the iPhone and iPad have a built-in Bluetooth radio, NSA security
recommendations require that all unused Bluetooth profiles be disabled. Since this level of
system control is not available in the iPhone OS, an external Bluetooth adapter must be
used for all applications that require access to the baiMobile 3000MP Reader. NOTE: The
baiMobile 3000MP Reader will not pair with the native (built-in) Bluetooth radio on the
iPhone/iPad
The baiMobile Bluetooth adapter must be attached to the iPhone in order to:

Pair with the reader;

Use any iPhone application that requires access to the Smart Card (CAC or PIV) for
authentication or to perform cryptographic functions such as signing an email;

Use any network application or server (including secure web sites) that requires
access to the Smart Card (CAC or PIV) for authentication or to perform cryptographic
functions such as signing an email;
Insert the baiMobile Bluetooth adapter with the logo side up into the 30-pin connector at
the bottom of the iPhone as illustrated below:
10
Apple Lightning adapter
With the release of the iPhone 5, iPod Touch 5 and the iPad 4 and mini, Apple changed the
30 pin accessory interface to a new 9 pin Lightning interface. In order to use the baiMobile
Bluetooth adapter with one of these Apple models, the baiMobile Bluetooth adapter must be
inserted into the Apple Lightning adapter. BALP plans to introduce a Bluetooth adapter with
a Lightning connector later in 2013.
Powering on the Reader
The baiMobile 3000MP Reader does not have an On/Off switch or button. Your reader is
powered on by inserting your CAC into your reader. If your CAC is already inserted in your
reader, slide it out and then reinsert the card. You will notice the reader’s Home Screen
displayed on the LED panel on the back of the reader.
Power On Screen 1 – displayed for about 1.7 seconds when reader is first powered on
Power On Screen 2 – displayed for about 1.7 seconds
11
Power On Screen 3 – Reader will accept a Bluetooth connection request from an
application on your iPhone™ without requiring the user to press the OK button for 5 minutes
Power On Screen 4 –Reader is now powered on and is “listening” for a Bluetooth
connection request from an application on your iPhone™. User must first press the OK
button to accept a connection request. The reader will stay in this state for approximately 7
days (firmware version 2.02.00 and higher) or until the Smart Card is removed from the
Reader, whichever occurs first. If the reader receives a connection request from the iPhone,
you may be prompted to authorize the request by pressing and releasing the OK button on
the front of the reader.
Accepting a Bluetooth connection
NSA security requirements state that the user must accept (acknowledge) all Bluetooth
connection requests from his or her mobile device.
Examples:

When a client application on the mobile device needs to establish a Bluetooth
connection to the reader to access information (certificates) residing on the Smart
Card

When a client application on the mobile device requires that the user acknowledge an
action (digital signing) involving the Smart Card
In such cases, the reader will display a message prompt such as “Auth?” and the white LED
beneath the OK button will flash repeatedly until the OK button is pressed.
12
Powering off the Reader
Your reader will automatically power off if any of the following occur:


Your smart card is removed from your reader
The reader’s battery runs out

The reader times out (a configurable setting)
When the reader is powered off, nothing will be displayed in the LED panel.
Charging the Reader
Your charging cable separates into a plug end and a mini-USB cable. You may charge your
reader using the charging cable plugged into an electrical wall outlet or use just the miniUSB portion of the charging cable to connect between your reader and a USB port on a
computer.
It is recommended that the reader be charged whenever the battery status icon on the
reader indicates that the reader battery level is less than 20%. The reader should be
charged from an AC power source using the supplied charger and cable. A red LED on the
bottom of the reader will illuminate indicating that the reader is charging. Once the red LED
is no longer illuminated, the battery is fully charged and the charging source should then be
removed from the reader.
13
During charging, a red LED on the bottom of your reader will indicate that the battery is
being charged. When the red LED turns off, your reader battery is fully charged.
NOTE: Most smartphone charging cables with a mini-USB-a connector will also charge your
reader.
Upgrading the Reader Firmware
The baiMobile 3000MP Bluetooth Smart Card reader contains upgradeable firmware. The
feature extends the functionality of your Reader in the following areas:

Security Policies: Changes in security policies may require a firmware update.

OS Releases: New versions of the iPhone/iPad operating system may require a
firmware update.

Smart Card Types: Support for new smart card types may require a firmware
update.

Power Modes: Improvements in the reader’s power consumption may require a
firmware update.

Device Support: New devices may require a firmware update.

Bluetooth Stack Support: Support for additional Bluetooth stacks may require a
firmware update.

Additional OS Support: Support for additional operating systems (such as Windows
7) may require a firmware update.

Application Support: Certain applications may require a firmware update.
BAL will have a firmware upgrade app available in the iTunes App Store in Q2, 2013.
14
LED Panel Icons
Home Screen
The Home Screen is displayed on the reader’s LED panel when the reader is first powered
on. The display indicates the following:



Reader’s Bluetooth transmission status: (On / Transmitting)
Reader’s Authentication Timeout status
Reader’s battery power status: (see Battery Status Icons)
Data Transfer Screen
The Data Transfer Screen is displayed on the reader’s LED panel when there is data being
transferred between the iPhone and the reader over a secure Bluetooth connection.
15
Battery Status Icons
The reader’s Battery Status Icon will display the remaining charge remaining in the reader’s
battery, as shown below:
When the battery reaches 5% charge, the Low Battery warning will be displayed. You should
charge your reader when the battery reaches about 20% - 40%, depending on your
anticipated activities what will require connectivity to your reader, such as accessing email
or another application that requires smart card authentication.
Inserting a CAC or PIV card
As noted above, the reader does not have a power on or off button. Insert your CAC or PIV
smart card into your reader, with the front of the card facing you, will power on the reader.
Removing the CAC or PIV card will power off the reader.
NOTE: When used in the Bluetooth mode, the reader’s radio functions are only enabled
when your CAC or PIV is firmly inserted into the reader as shown below.
16
Battery
Your reader contains a removable, rechargeable battery. This battery is a custom battery,
built specifically for the baiMobile 3000MPReader. In the event that your reader’s battery
no longer holds a charge, please contact support@baimobile.com for a replacement battery.
Reader Error Massages
"NO CARD!"
This is displayed when the reader is powered-on without any card inserted. This can happen
if the user uses the 'OK' button to cause power-on without a card inserted or if they plug-in
the charger to the reader without the card inserted. This indication is displayed for a few
seconds before the reader will turn itself off.
"BAD CARD"
It is displayed while the reader is powering-on with a card inserted but the reader was
unable to get the card to return an ATR (Answer To Reset) after causing card Reset.
This indication is displayed for a few seconds before the reader will turn itself off.
"LOW BATT"
It is displayed during power-on if the battery is detected as having very little power
remaining. Once the reader is finished powering-on (booting), this indication is replaced
with normal LCD indicators. This indication can only be displayed as a result of the booting
self checks. We don't quantify this threshold value in any way since it may be adjusted in
the future
17
Pairing
Pairing Basics
Before you can use your baiMobile 3000MP Reader, it must be securely paired with your
iPhone or iPad. The Bluetooth pairing process involves exchanging a randomly generated
number used by both your iPhone™ and your reader for secure Bluetooth communications.
This and other security measures insure that Bluetooth communications between your
reader and your phone cannot be intercepted by a third party.
The baiMobile 3000MP Reader utilizes the Secure Simple Pairing Numerical Comparison
model, which is standard in most devices that have Bluetooth version 2.1 and higher.
During pairing, a six digit number will be displayed on your iPhone screen and on the
reader’s LED display. You must compare both numbers and confirm that they match.
Before You Begin
A few things to remember before pairing:

The pairing is between the reader and the baiMobile Bluetooth adapter – not between the
reader and the iPhone or iPad.

The reader may only be paired with one Bluetooth adapter at any one time.

The Bluetooth adapter may only be paired with one reader at any one time.

Neither the reader nor the Bluetooth adapter will support multiple or simultaneous pairings.

Be sure that you have fully charged the iPhone and reader before starting pairing

Have both your CAC/PIV card and Bluetooth adapter handy.
NOTE: You must have an application installed first on your iPhone or iPad that supports the
baiMobile 3000MP Reader (such as Good Mobile Messaging). The reader will not pair with an
iPhone or iPad otherwise. Please check our web site for a list of supported applications
http://www.biometricassociates.com/products/smart-card-readers/ios-supported-apps/
18
Your iPhone
Your Reader
1. You will be prompted to insert the baiMobile
Bluetooth adapter as shown (below)
2. As soon as the Bluetooth adapter has been inserted,
the next screen will appear on your iPhone.
Do not press Continue at this point.
19
Your iPhone
Your Reader
3 Insert your Smart Card into the reader
as shown.
4. The reader’s LED panel displays
Booting for about 1.7 seconds, then
displays AuthTime for about 1.7 seconds.
5. Next, reader’s LED panel displays the
reader Home Screen.
20
Your iPhone
Your Reader
6. On your reader, press and hold the
OK Button as shown (below). The LED
display now shows the reader firmware
version for about five (5) seconds, then
displays Lift Btn. Now release the OK
Button.
7. The reader’s LED panel will now
display New Pair? for about six (6)
seconds.
8. Now press and release the OK Button
while the NewPair? prompt is displayed
on the LED panel.
21
Your iPhone
Your Reader
9. The reader is now discoverable by the
iPhone and will remain in this state for
about ninety (90) seconds. The LED panel
now displays the last four numbers of the
reader’s unique Bluetooth address.
10. On your iPhone, press Continue.
22
Your iPhone
Your Reader
11. Your iPhone will now attempt to discover the
reader. Both your reader and iPhone should be in
close proximity to each other. Pairing should be done
in a secure environment and not in a public area.
12. Your iPhone will now display a list of compatible
Bluetooth devices that it has discovered. Compare
the Bluetooth device ID# displayed on your iPhone
with the device ID# displayed on your reader. If the ID
numbers match, select the Bluetooth Device highlighted.
23
Your iPhone
Your Reader
13. Next, the iPhone will display the randomly generated
pairing code. Look at the code now displayed on the
reader’s LED display.
14. Compare the first number of the
pairing code displayed on the phone.
Compare that number (in this example
“7”) with the number displayed on the
reader’s LED panel. If they match, press
the OK button.
24
Your iPhone
Your Reader
15. Compare the first number of the
pairing code displayed on the phone.
Compare that number (in this example
“2”) with the number displayed on the
reader’s LED panel. If they match, press
the OK button.
16. Repeat these steps until you have
accepted all six numbers on the Reader.
17. Now, press Yes, the code matches on the iPhone.
25
Your iPhone
Your Reader
18. You will now see the confirmation messages below on your iPhone and your reader.
Troubleshooting - Pairing
First, make sure that both your iPhone and reader are fully charged. Both the iPhone and
the reader have defined periods of discoverability. These “windows” of discoverability are
as follows:

Reader: Time the reader stays discoverable (waiting for pairing to start): 1 minute
and 30 seconds.

Reader: Once the reader is selected from the list on the phone, the 6 digits are
displayed on the phone and the 1 st digit is displayed on the reader. the user must
confirm each digit within 10 seconds (by pressing the OK button).

iPhone: about 10 seconds
If either of the discovery windows time out before the devices discover each other, pairing
will fail and the process must be restarted.
If you receive the following message on your
iPhone, “the iPhone did not successfully pair with
the reader”, you will need to repeat steps 1-18.
26
Troubleshooting - Other
On rare occasions, the reader will remain on even when the smart card is removed. The
reader’s LED screen will display as shown below. To reset the reader, remove the battery
and then reinsert the battery. If the condition is not remedied, please contact BALP Support
at support@baimobile.com
PAIRING FAQ
Why do I need the Bluetooth adapter when the iPhone and iPad have built-in
Bluetooth?
There are two primary reasons:


The 3000MP Reader uses the Bluetooth serial port profile to connect to other
devices. The iPhone and iPad do not support Bluetooth serial port profile connections.
NSA and DISA require that all extraneous (unused) Bluetooth profiles be disabled as
a security precaution. Since this level of granularity is not available in iOS 4.x for
the iPhone's native Bluetooth radio, an external Bluetooth adapter is required for
communications with the Smart Card reader.
27
Can I still use my iPhone’s internal Bluetooth radio for connections to other
devices, such as a headset?
Check with your network administrator or security officer. The US Department of Defense
recommends that the native Bluetooth radio be turned off at all times as a security
precaution.
Can I pair my reader to an iPhone or iPad if while the reader is charging?
No.
28
Index
B
Bluetooth®
pairing, 18
P
Pairing
Reader, 18
R
Reader
accessories, 8
battery, 17
charging battery, 13, 14
software requirements, 5, 6
specifications, 7
29
baiMobile™ Bluetooth Smart Card Reader
Second Edition
Copyright © 2007, 2008 Biometric Associates L.P. All rights reserved.
The software described in this document is furnished under a license agreement and may be used only
in accordance with the terms of the agreement.
This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or
reduced into an electronic medium or machine-readable form without the prior written consent from
Biometric Associates, LP All examples with names, company names, or companies that appear in this
manual are imaginary and do not refer to, or portray, in name or substance, any actual names,
companies, entities, or institutions. Any resemblances to any real person, company, entity, or
institution are purely coincidental.
Every effort has been made to ensure the accuracy of this manual. However, Biometric Associates, LP
makes no warranties with respect to this documentation and disclaims any implied warranties of
merchantability and fitness for a particular purpose. Biometric Associates, LP shall not be liable for any
errors or for incidental or consequential damages with the furnishing, performance, or use of this
manual or the examples herein. The information in this document is subject to change without notice.
Windows Mobile® and Microsoft Exchange ActiveSync® are registered trademarks of Microsoft®.
Other brand and product names mentioned in this manual may be trademarks or registered
trademarks of their respective manufacturers. The information contained herein is subject to change
without notice. Revisions may be issued to advise of such changes and/or additions.
Trademarks
BAL and baiMobile are registered trademarks of Biometric Associates, L.P.
Biometric Associates, LP
Washington Area Office
9475 Deereco Road, Suite 304
Timonium, MD 21093
Maine Office
21 Main Street – Suite 102
Bangor, ME 04401
The BAL Technical Support team understands the importance of prompt responses to customers. That
is why Biometric Associates, LP is committed to delivering top quality, high-level support to all of its
customers in a timely and effective manner. Current BAL Technical Support is available at:
support@baimobile.com .
31
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising