Pushing SecurID Tokens to a BlackBerry

I had to resort to this after upgrading to the leaked beta of BlackBerry OS 4.5 on my Curve the email-import method did not work. It's a perfectly legitimate method of importing a SecurID token on your handheld, and now I actually prefer it because it is significantly less problematic than emailing the seed file to yourself. For more information see the RSA BlackBerry Soft Token page.

What you need

  • RSA SecurID Token for BlackBerry Utilities (bb300_utils.zip)
  • SecurID Soft Token for BlackBerry - the app itself, if not installed (bb300.zip)
  • Your soft token seed file (.SDTID file)
  • BES 4.1.3 or newer
  • BB OS 4.2.2 or newer
  • Java Runtime Environment 1.4 or newer

If your BES' MDS Connection Service port (default is 8080) is open you do not need to run this on the BES. Mine is not, so I pushed my soft token out from my BES.

Preparing your BlackBerry

Install the SecurID 3.0 software. Launch it, accept the EULA and open the Settings. Make sure that Listen for Token is set to Yes. When the security prompt appears choose Yes to allow the application to run as a server.

Pushing out the Soft Token with PushToken

  1. Download and unzip bb300_utils.zip
  2. Make sure your .SDTID is on the same disk
  3. Open a command prompt (Start > Run > cmd)
  4. From the command prompt:
    java -classpath <path_to_bb300utils>\PushToken.jar PushToken -e<email address or pin> -h<BES address> <path to .sdtid file>
    In my case I ran:
    java -classpath bb300_utils\PushToken.jar PushToken -ecorey@mydomain.com -hlocalhost x-rimdevice-xxxxxxxx.sdtid
  5. If the .sdtid file was valid and you gave the SecurID application permission to run as a server on your BB you should see a prompt on your handheld about receiving a token.
  6. You may be prompted for a password, if so enter the password you were given with the token.
  7. If you entered the correct password you will receive notification of the token being imported. You can rename the token by choosing Manage Tokens from the menu.
  8. That's it. When you open the application you'll be prompted for your passphrase and PIN, and then be shown the generated token. One nice change between versions 2.x and 3.x of the SecurID application is that the numbers are much larger and split into two groups. Think 14 point font instead of 10.

PushToken Command Line Options

java -classpath PushToken.jar PushToken [options] file
 
Options:
-e      E-mail or device ID of BlackBerry
-h                  Address of BES host (default: localhost)
-p
                  Port on which BES is listening (default: 8080)
Examples:
java -classpath PushToken.jar PushToken -h123.45.67.89 -p8765 -ejsmith@company.com token.sdtid

Tags: , , , ,
Posted in Blackberry, Software, Technology on July 11th, 2008 at 11:07am

Add Comment »  | 

CLEARly Disappointed

Since I had plenty of time (>1 hour) before my flight to Vegas this afternoon I decided to try out my new CLEAR card. There were probably 30 people in the normal security line, no one in the premier lane and two people in the CLEAR lane.

Here's how it went down:

  1. Wait while the CLEAR attendant deals with an angry customer in front of me who has a broken card.
    Time: 3 minutes
  2. Listen while the angry customer curses and whines about how she should have used her Northwest Platinum status. She loudly says "Northwest Platinum" 11 times during her rant in case anyone within 20 feet has any doubt that she's a really obnoxious bitch.
    Time: 2 minutes
  3. Present my ID, boarding pass and CLEAR card to the attendant, who looks at them and hands them back to me, and then tells me how she just watched 21 and it was great, and hey, am I going to gamble?
    Time: 2 minutes
  4. Insert my CLEAR pass into one of only two kiosks, scan my fingerprint.
    Time: 30 seconds
  5. The attendant asks for my boarding pass and ID back and hands them to a screener. The screener asks me if I'm going to Vegas to gamble.
    Time: 45 seconds
  6. The second CLEAR attendant (leaving only one attendant for two kiosks) walks me to a table to load my carry-on items into a bin. She picks them up and walks me over to the security lines.
    Time: 1 minute
  7. We both stand there awkwardly while she looks for someone who looks like they've had a lifetime of abuse and torment.
    Time: 2 minutes
  8. She steps in front of a doleful looking fellow and informs him that a Registered Traveler will be stepping in front of him.
    Time: 30 seconds
  9. I apologize to him, explain how this was just an experiment. We talk about CLEAR, it comes up I'm flying to Vegas, the passenger behind him asks me if I'm going to gamble.
    Time: 1 minute
  10. At this point it's the normal wait where I go through the metal detector and wait for my bags. Another TSA attendant starts talking to me, asks me where I'm flying to, asks if I've seen the movie 21 and suggests I gamble like the math geniuses and then give him a couple thousand dollars.

Total time: About 12 minutes, 45 seconds. Questioned three times about gambling, twice about seeing 21.

Verdict

Total waste as long as I have status. Typically it's less than 10 minutes from the moment I enter the airport until I arrive at my gate. And while the CLEAR attendant who chatted me up was friendly, I really didn't want to talk. While I'm traveling and between destinations I don't want pleasantries, I want pure cold efficiency. In other words, I'm happy to talk while I wait, but I don't want to wait while I talk.

Two kiosks is also not enough, nor is two attendants. Also if you're going to have a dedicated line it should include a dedicated metal detector so I don't have to apologize for cutting in front of someone - Steve was also uncomfortable with this as I suspect most everyone would be (except the charming lady with Northwest Platinum status).

And the next person to ask me if I'm going to Vegas to gamble is going to get kicked in the knee.

Tags: , , ,
Posted in Personal, Technology on April 13th, 2008 at 01:04pm

Comments (2)  |