Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
81828384858687888990
During the update process, a BlackBerry device activates itself automatically over the wireless network so that the user can use
a computer that is outside your organization’s network to update the BlackBerry Device Software. When a user who does not use
the BlackBerry Desktop Manager visits the update web site, the user must download and install Microsoft® ActiveX® components
on the computer before the user can update the BlackBerry Device Software. The update process can take from 15 minutes to 2
hours, depending on the type of update, amount of BlackBerry device data, and number of applications that are installed on the
BlackBerry device. A user cannot use the BlackBerry device or make emergency calls during the update process.
BlackBerry Device Software versions 5.0 and later, BlackBerry Desktop Manager versions 5.0.1 and later, and BlackBerry
Application Web Loader versions 1.1.0 and later support BlackBerry Device Software updates from an update web site.
For more information about the IT policy rules that are included in the Wired Software Updates policy group, see the BlackBerry
Enterprise Server Policy Reference Guide. For more information about the BlackBerry Application Web Loader, see the BlackBerry
Application Web Loader Developer Guide.
Protecting cryptographic services data when updating the BlackBerry Device Software from
an update web site
When a user updates the BlackBerry® Device Software from an update web site, the BlackBerry® Enterprise Solution backs up
cryptographic services data (for example, cryptographic keys and service books) from a BlackBerry device to the user’s computer.
To protect the cryptographic services data, the BlackBerry device encrypts the cryptographic services data using a BlackBerry
services key.
The BlackBerry device stores the BlackBerry services key in the NV store in flash memory. Neither the user nor third-party
applications can access the location in the NV store where the BlackBerry device stores the BlackBerry services key. If you or a
user turns on content protection, the BlackBerry device also encrypts the BlackBerry services key using the content protection key.
After the BlackBerry device encrypts the cryptographic services data, the BlackBerry® Desktop Manager or BlackBerry Application
Web Loader backs up the encrypted cryptographic services data to a database and stores the database on the user’s computer
as an .ipd file.
When the update process completes, the BlackBerry Desktop Manager or BlackBerry Application Web Loader restores the
cryptographic services data to the BlackBerry device. Only the BlackBerry device that encrypted the cryptographic services data
can decrypt the cryptographic services data. The BlackBerry device can decrypt the cryptographic services data only once. The
BlackBerry device deletes the BlackBerry services key from the NV store after the BlackBerry device decrypts the cryptographic
services data.
The BlackBerry® Enterprise Solution does not back up or restore cryptographic services data except during the BlackBerry Device
Software update process from an update web site. When the user backs up or restores BlackBerry device data by selecting the
backup and restore options in the BlackBerry Desktop Manager, the back up and restore processes do not access cryptographic
services data.
Security Technical Overview
Updating the BlackBerry Device Software from an update web site
81