Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
111112113114115116117118119120
permit the user to specify the software token PIN
configure the RSA SecurID to automatically generate and send a software token PIN to a Wi-Fi® enabled BlackBerry®
device
require the user to specify the software token PIN the first time that the user tries to complete RSA authentication on
the BlackBerry device
bind the seed to a specific BlackBerry device PIN
specify a password to encrypt the .sdtid file seed
2. You assign the .sdtid file seed for the BlackBerry device to the user account in the BlackBerry Administration Service. If
required, you can type the password to decrypt the seed to use it on the BlackBerry device.
3. The BlackBerry® Enterprise Server performs the following actions:
a. The BlackBerry Enterprise Server stores the .sdtid file seed in the BlackBerry Configuration Database.
b. The BlackBerry Enterprise Server pushes the .sdtid file seed (and the password, if the administrator of the RSA SecurID
specified one) to the BlackBerry device during the BlackBerry device activation process and each time the administrator
of the RSA SecurID changes the .sdtid file seed for the BlackBerry device.
4. The BlackBerry device performs the following actions:
a. The BlackBerry device imports the .sdtid file seed. If the administrator of the RSA SecurID specified a password in the
RSA Authentication Manager to encrypt the .sdtid file seed, the BlackBerry device uses the password to decrypt
the .sdtid file seed. If the administrator of the RSA SecurID specified that the .sdtid file seed must bind to a specific
BlackBerry device PIN, only the BlackBerry device with the specific PIN can import the seed.
b. The BlackBerry device stores the .sdtid file seed in flash memory.
c. The BlackBerry device imports a copy of the .sdtid file seed into the RSA SecurID on the BlackBerry device. When the
BlackBerry device imports the .sdtid file seed into the RSA SecurID, the RSA SecurID randomly generates a password
to encrypt the .sdtid file seed.
5. The RSA SecurID library on the BlackBerry device authenticates with the RSA® Authentication Agent and initializes the
software token algorithm one time each minute.
6. Each time the user tries to open a Wi-Fi connection or VPN connection that requires RSA authentication, the BlackBerry
device uses the initialized algorithm to combine the .sdtid file seed with random data that is based on the BlackBerry device
time and generate a new token code for the software token.
The administrator of the RSA SecurID can use RSA Authentication Manager version 6.1 or later to configure an optional
password to issue an encrypted .sdtid file seed to the user. The RSA SecurID library on the BlackBerry device can decrypt
the .sdtid file seed using an optional password. The RSA SecurID library uses code signing to help prevent third-party
applications from changing or reading the information that the RSA SecurID library stores on the BlackBerry device.
Security Technical Overview
Protecting a connection between a Wi-Fi enabled BlackBerry device and an enterprise Wi-Fi network using RSA
authentication
110