Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
31323334353637383940
IT administration command Description
require the BlackBerry device to return to its factory default settings when it
receives this command
specify whether to permit the BlackBerry device user to stop permanently
deleting data from the BlackBerry device and making the BlackBerry device
unavailable during the delay period
You can send this command to a BlackBerry device that you want to distribute to
another BlackBerry device user in your organization, or to a BlackBerry device that
is lost and that the BlackBerry device user might recover.
Process flow: Sending the Specify new device password and lock device IT administration
command when content protection is turned on
1. The BlackBerry® Enterprise Server sends the Specify new device password and lock device IT administration command and
the new BlackBerry device password to the BlackBerry device.
2. The BlackBerry device performs the following actions:
a. selects r randomly
b. stores r in RAM
c. calculates D' = rD = rdP
d. calculates h = SHA-1( B )
e. sends D' and h to the BlackBerry Enterprise Server
3. The BlackBerry Enterprise Server performs the following actions:
a. uses h to determine which B the BlackBerry device used and which b to use
b. verifies that D' is a valid public key
c. calculates K' = bD' = brdP = rdB = rK (the BlackBerry Enterprise Server knows only rK and cannot calculate K without
r)
d. calculates h = SHA-1( D' )
e. sends the new BlackBerry device password, K', and h to the BlackBerry device
4. The BlackBerry device performs the following actions:
a. uses h to verify that K' is associated with D' and r
b. verifies that K' is a valid public key
c.
calculates r
-1
K' = r
-1
rK = K
d. permanently deletes r
Security Technical Overview
Using IT administration commands to protect a lost or stolen BlackBerry device
35