Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
111112113114115116117118119120
User Authenticator API, which permits the registration of drivers so that a user can unlock the BlackBerry device using two-
factor authentication
You can also use application control policy rules to specify the types of connections that the application that is running on the
BlackBerry device can open (for example, local, internal, and external connections).
For example, you can create an application control policy rule that prevents an application from opening connections to internal
servers. When you assign an application control policy to a software configuration and assign the software configuration to a
user account or group, the user might not be able to use all of the features of a third-party application that is included in the
software configuration. When you assign the application control policy rule to a software configuration and assign the software
configuration to a group, the BlackBerry® Enterprise Server limits permitted application behavior to a subset of user accounts
that it trusts.
The BlackBerry device revokes the application control policy and resets itself if the permissions for an application that the
application control policy is applied to become more restrictive. A BlackBerry device that is running BlackBerry® Device Software
version 4.1 or later permits the user to make permissions more restrictive, but never less restrictive than, the permissions that
you specify.
Managing BlackBerry Java Applications on a BlackBerry device using code signing
Before a BlackBerry® Java® Application can use BlackBerry device APIs that include sensitive packages, classes, or methods,
Research In Motion requires that the RIM® signing authority system digitally sign the application. Sensitive packages, classes,
or methods are APIs that impact device data or permit an application to communicate with another application.
The RIM signing authority system uses public key cryptography to authorize and authenticate the application code. The developer
must visit www.blackberry.com/developers/downloads/jde/api.shtml to register the application with the RIM signing authority
system so that the application can access the controlled APIs and use the BlackBerry® Signing Authority Tool. The BlackBerry
Signing Authority Tool is a component of the BlackBerry® Java® Development Environment that permits an application to request,
receive, and verify a digital signature from RIM.
If a developer creates a third-party API that controls access to resources and applications on the BlackBerry device, the developer
can act as a signing authority for the third-party API. The developer can download and install the BlackBerry Signing Authority
Tool and permit other developers to register with the BlackBerry Signing Authority Tool so that the applications that other
developers create can access the third-party API. Developers who register with the RIM signing authority system can use the
BlackBerry Signing Authority Tool to request, receive, and verify digital signatures for applications.
MIDlets (also known as applications that use standard MIDP APIs and CLDC APIs only) cannot write to the BlackBerry device
memory, access the memory of other applications, or access the persistent data of other MIDlets unless the RIM signing authority
system digitally signed them.
For more information about code signing and third-party applications, see the BlackBerry Signing Authority Tool Administration
Guide.
Security Technical Overview
Specifying the resources third-party applications can access on a BlackBerry device
118