Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
41424344454647484950
Protecting data on a BlackBerry device
7
Encrypting user data on a locked BlackBerry device
If you or a BlackBerry® device user turns on content protection, you or the user can configure a locked BlackBerry device to
encrypt stored user data and data that the locked BlackBerry device receives. When you or a user turns on content protection, a
locked BlackBerry device is designed to use AES-256 encryption to encrypt stored data and an ECC public key to encrypt data
that the locked BlackBerry device receives.
For example, the locked BlackBerry device uses content protection to encrypt the following items:
subject, location, meeting organizer, attendees, and any notes in all appointments or meeting requests
all contact information in the contact list except for the contact title and category
subject, email addresses of intended recipients, message body, and attachments in all email messages
title and information that is included in the body of a note for all memos
subject and all information that is included in the body of tasks
if you use software tokens, contents of the .sdtid file seed that is stored in flash memory
all data that is associated with third-party applications that a user installs on the BlackBerry device
in the BlackBerry® Browser, content that web sites or third-party applications push to the BlackBerry device, any web sites
that the user saves on the BlackBerry device, and the browser cache
all text that replaces the text automatically that the user types on the BlackBerry device
You can change the Content Protection of Contact List IT policy rule to Required to prevent the user from turning off content
protection for the contact list on the BlackBerry device. If you change the Content Protection of Contact List IT policy rule to
Required, the BlackBerry device does not permit call display and does not share contacts over a Bluetooth® connection when
the BlackBerry device is locked.
Configuring the encryption of BlackBerry device data on a locked BlackBerry device
You can turn on content protection of BlackBerry® device data on a locked BlackBerry device using the Content Protection
Strength IT policy rule. You can choose a strength level that corresponds to the ECC key strength that your organization requires.
A user can turn on content protection on the BlackBerry device, in the BlackBerry device options, in the security options. The user
can change the content protection strength to the same level that you specify using the IT policy rule or to a higher level.
After you or a user configures content protection, a BlackBerry device uses the ECC private key to decrypt a message that it
received when it was locked. The longer the ECC private key, the more time the BlackBerry device requires to decrypt messages.
You must choose a strength level that optimizes the encryption strength or that optimizes the decryption process.
Security Technical Overview
Protecting data on a BlackBerry device
46