Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
21222324252627282930
For more information about the ECMQV key exchange algorithm, see NIST: Special Publication 800-56: Recommendation on
Key Establishment schemes, Draft 2.0 and the Guide to Elliptic Curve Cryptography.
Security characteristics for generating subsequent device transport keys
Characteristics Description
authentication Authentication means that only a BlackBerry® device that a user authenticates with
or a BlackBerry® Enterprise Server can generate subsequent device transport keys.
Authentication is designed so that a potentially malicious user cannot use another
device to impersonate an activated BlackBerry device and generate a device
transport key.
password independent Password independent means that the user does not require an activation password
and you do not have to perform any actions when you or a user generates a
subsequent device transport key.
flexible initiation Flexible initiation means that you or a user can generate a subsequent device
transport key at any time.
PFS PFS means that subsequent device transport keys are independent of previous
device transport keys. A device transport key does not help the potentially malicious
user decrypt data that another device transport key protects.
Generating a device transport key manually
To generate a device transport key on an activated BlackBerry® device, a user can click Regenerate Encryption Key, in the
BlackBerry device options, in the security options. The BlackBerry device sends the request to generate a device transport key to
the BlackBerry® Enterprise Server over the wireless network.
A user can also generate a device transport key using the BlackBerry® Desktop Manager. By default, the BlackBerry Enterprise
Server sends a request to the BlackBerry Desktop Manager every 30 days to prompt the user to generate a new device transport
key on the BlackBerry device, even if the user chooses to generate the device transport key manually using the BlackBerry Desktop
Manager.
You can use the BlackBerry Administration Service to start the process to generate a new device transport key.
Process flow: Generating a device transport key using BlackBerry Desktop Software version
4.0 or later
In BlackBerry® Desktop Software version 4.0 or later, the process to generate a device transport key uses the current time and
cursor movements as the seeds to generate random data.
Security Technical Overview
Device transport keys
22