Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
61626364656667686970
d. sends y
B
to the BlackBerry device
9. One of the following actions occurs:
The BlackBerry Enterprise Server and BlackBerry device open an authenticated connection to each other if the
BlackBerry device accepts y
B
.
The BlackBerry device does not accept the connection request, and the BlackBerry Enterprise Server and BlackBerry
device do not open an authenticated connection to each other, if the BlackBerry device calculates the following:
y
B
P
+
e
B
R
B
hP
The BlackBerry Router does not accept the connection request if the BlackBerry Router calculates the following:
y
B
P
+
e
B
R
B
y
D
P
+
e
D
R
D
The BlackBerry Enterprise Server does not accept the connection request if the BlackBerry Enterprise Server calculates
the following:
y
D
P
+
e
D
R
D
hP
The BlackBerry Router stores R
D
, R
B
, y
D
P + e
D
R
D
, e
D
, and e
B
if the BlackBerry device accepts y
B
.
10. The BlackBerry Enterprise Server stores R
D
, R
B
, e
D
, e
B
, and h.
11. The BlackBerry Router overwrites y
B
and y
D
in memory with zeroes.
12. The BlackBerry Enterprise Server overwrites y
B
, y
D
, and r
B
in memory with zeroes.
13. The BlackBerry device overwrites y
B
, y
D
, and r
D
in memory with zeroes.
Cryptosystem parameters that the BlackBerry Router protocol uses
The BlackBerry® Router, BlackBerry® Enterprise Server, and BlackBerry device are designed to share the following cryptosystem
parameters when they use the BlackBerry Router protocol.
Parameter Description
E(Fq) This parameter represents the NIST approved 521-bit random elliptic curve over Fq, which has a
cofactor of 1. The BlackBerry Router protocol does all math operations in the groups E(Fq) and Z
p
.
Fq This parameter represents a finite field of prime order q.
P This parameter represents a point of E that generates a prime subgroup of E(Fq) of order p.
xR This parameter represents the elliptic curve scalar multiplication, where x is the scalar and R is a
point on E(Fq).
s This parameter represents the value of the device transport key.
h This parameter represents the SHA-512 hash of s.
Security Technical Overview
62