Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
21222324252627282930
State Description
pending A pending device transport key is the device transport key that the BlackBerry
Enterprise Solution generates to replace the current device transport key. If the user
generates the device transport key using the BlackBerry® Desktop Software, the
BlackBerry Desktop Software sends the pending device transport key to the
BlackBerry device when the user connects the BlackBerry device to the computer.
The messaging environment and BlackBerry Configuration Database store the
pending device transport key.
current A current device transport key is the device transport key that the BlackBerry device
currently uses to encrypt and decrypt message keys.
previous A previous device transport key is the device transport key that the BlackBerry device
used before the BlackBerry Enterprise Solution generated the current device
transport key.
The BlackBerry device stores previous device transport keys in flash memory for 7
days. The BlackBerry device stores previous device transport keys so that a user can
decrypt messages even after the user generates a new device transport key while
messages are queued.
The messaging server and BlackBerry Configuration Database store the previous
device transport key that the BlackBerry Enterprise Server and BlackBerry device
used most recently.
A potentially malicious user cannot use the previous device transport key to learn
the currrent device transport key. The BlackBerry Enterprise Server and BlackBerry
device discard the key pair after they generate the device transport key. If a
potentially malicious user compromises both the static private key and ephemeral
private key for a device transport key, other device transport keys that the BlackBerry
Enterprise Server and BlackBerry device generate are not compromised.
Where the BlackBerry Enterprise Solution stores device transport keys
The BlackBerry® Enterprise Solution stores current, pending, and previous device transport keys in the BlackBerry Configuration
Database, in the messaging environment, and on each BlackBerry device.
Security Technical Overview
Device transport keys
19