Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
21222324252627282930
To generate the device transport key, the BlackBerry Desktop Software performs the following actions:
1. prompts the user to move the cursor
2. uses the srand function of the C programming language to examine the lowest 12 bits of the x and y co-ordinates of the
new cursor location
If the bits are different from the previous sample, the BlackBerry Desktop Software stores the bits, which generates 3 bytes
of randomness. If the bits are the same as the bits in the previous sample, the BlackBerry Desktop Software does not store
any bits.
3. uses the srand function to examine the next bits, after the srand function waited for a random interval between 50
milliseconds and 150 milliseconds
The srand function continues to wait for random intervals and examine bits until the BlackBerry Desktop Software stores
384 bytes of randomness.
4. retrieves 384 bytes of randomness from the Microsoft® Cryptographic API, for a total of 768 bytes
5. hashes the 384 bytes of randomness from the cursor co-ordinates and the 384 bytes of randomness from the Microsoft
Cryptographic API with SHA-512 to produce 512 bits of data
6. frees the computer memory that is associated with the unused bits
7. generates the device transport key using the first 256 bits of data if the BlackBerry Desktop Software supports AES
encryption, or the first 128 bits of data if the BlackBerry Desktop Software supports Triple DES encryption
8. deletes any bits of data that it does not use to generate the device transport key
Process flow: Generating a device transport key using a BlackBerry Desktop Software version
or BlackBerry Enterprise Server version that is earlier than version 4.0
In BlackBerry® Enterprise Server or BlackBerry® Desktop Software versions that are earlier than version 4.0, the process that
generates a device transport key uses the current time and the cursor movements as the seeds to generate random data.
1. The BlackBerry Desktop Software prompts the user to move the cursor.
2. The BlackBerry Enterprise Server or BlackBerry Desktop Software generates 2 bits or 4 bits when the user moves the cursor,
depending on whether the cursor movement changed one or both of the x and y axes. The BlackBerry Enterprise Server or
BlackBerry Desktop Software generates bit samples in this way until it accumulates at least 8 bits.
3. The srand function of the C programming language generates a random integer.
4. The BlackBerry Enterprise Server or BlackBerry Desktop Software performs the following actions:
a. examines the least significant bit of the integer.
If the bit is a 1, the BlackBerry Enterprise Server or BlackBerry Desktop Software stores the complement of 1 bit of the
accumulated 8 bits. Otherwise, the BlackBerry Enterprise Server or BlackBerry Desktop Software stores the unmodified
accumulated 8 bits. This process is designed to make sure that, even if a user can replicate a previous user's cursor
movements, the resulting value is still unique.
b. generates a sample of 256 random bits from the cursor movements of the user
Security Technical Overview
Device transport keys
23