Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
51525354555657585960
Uppercase parameters represent elliptic curve points. Lowercase parameters represent scalars. The elliptic curve group operations
are additive.
Parameter Description
E(Fq) This parameter represents the NIST approved 521-bit random elliptic curve over Fq, which
has a cofactor of 1.
Fq This parameter represents a finite field of prime order q.
P This parameter represents a point of E that generates a prime subgroup of E(Fq) of order
p.
B = bP This parameter represents the long-term IT policy public key and IT policy private key pair
that the BlackBerry Enterprise Server generates for the BlackBerry device. The BlackBerry
Enterprise Server stores b in the BlackBerry Configuration Database and sends B to the
BlackBerry device in the IT policy.
D = dP This parameter represents the key pair that the BlackBerry device creates when it receives
B. The BlackBerry device stores D, but it deletes d to prevent a hardware-based attack
from recovering d and B and then calculating K = dB.
K = dB This parameter represents the encryption key that the BlackBerry device uses to encrypt
the content protection key.
r This parameter represents a short-term random number that the BlackBerry device stores
in RAM.
D' = rD This parameter represents a blinded version of D.
K' = bD' = brD = rK This parameter represents a blinded version of K.
Protecting passwords that a BlackBerry device stores
A user can use the password keeper to store all passwords that the user uses to access applications and web sites from a
BlackBerry® device. The password keeper is designed to protect the passwords with a password keeper password. The user is
required to remember only the password keeper password.
The first time that the user opens the password keeper on the BlackBerry device, the user must create the password keeper
password. The password keeper encrypts the information that it stores using AES-256 encryption, and uses the password keeper
password to decrypt the information when the user types the password keeper password. The BlackBerry device deletes all device
data if a user types the password keeper password incorrectly 10 times.
In the password keeper, a user can perform the following actions:
type a password and its identifying information (for example, which application the user can access using the password),
and save the information
Security Technical Overview
Protecting passwords that a BlackBerry device stores
50