Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
919293949596979899100
In BlackBerry Enterprise Server version 5.0 or later and BlackBerry® Device Software version 5.0 or later, a BlackBerry device
user can encrypt messages using Lotus Notes encryption. When the BlackBerry device user creates, forwards, or replies to a
message, the BlackBerry device user can indicate whether the BlackBerry Enterprise Server must encrypt the message before it
sends the message to the recipients.
To use Lotus Notes encryption on the BlackBerry device, the BlackBerry device user must import a copy of the Lotus Notes .id
file into the user's message database using the BlackBerry Desktop Software or Lotus® iNotes®. If your organization's environment
includes Lotus Domino version 8.5.1 or later and BlackBerry Enterprise Server version 4.1 or later, the BlackBerry Enterprise Server
can automatically synchronize the copy of the Lotus Notes .id file on the BlackBerry device with the latest copy that is in the
Lotus Notes ID vault. If your organization's environment includes Lotus Domino version 8.5 SP1 or later and BlackBerry Enterprise
Server version 5.0 SP1 or later, you can configure the BlackBerry Enterprise Server to import the Lotus Notes .id file automatically
into the BlackBerry device from the Lotus Notes ID vault.
To require the BlackBerry device user to use Lotus Notes encryption when forwarding or replying to messages, you can configure
the Require Notes Native Encryption For Outgoing Messages IT policy rule. To prevent a BlackBerry device user from forwarding
or replying to Lotus Notes protected messages, you can configure the Disable Notes Native Encryption Forward And Reply IT
policy rule.
Protecting the password for an IBM Lotus Notes .id file
How a BlackBerry device protects the password for an IBM Lotus Notes .id file
After a user imports an IBM® Lotus Notes® .id file and password for the Lotus Notes .id file to a BlackBerry® device, the BlackBerry
device encrypts the password in BlackBerry device memory using AES encryption and the device transport key. The BlackBerry
device decrypts the password before it calls the required security functions in the Lotus Notes API.
The BlackBerry device deletes the Lotus Notes .id file and plain-text password from the BlackBerry device memory when it receives
a notification from the BlackBerry® Enterprise Server that the BlackBerry Enterprise Server cannot decrypt a message, when the
BlackBerry device resets, or when the Lotus Notes password expires. (The default expiration period is 24 hours.) You can use the
Native Encryption Password Timeout IT policy rule to specify the maximum duration (in minutes) that the BlackBerry device stores
the plain-text password for the Lotus Notes .id file.
You can change the timeout value to 0 to require the user to type the password to decrypt each Lotus Notes encrypted email
message that the user receives on the BlackBerry device.
When Lotus Notes encryption is not available, the user can turn on Lotus Notes encryption manually by importing the Lotus
Notes .id file or by changing the password using the BlackBerry® Desktop Software or IBM® Lotus® Domino® Web Access client.
How the BlackBerry Messaging Agent protects the password for an IBM Lotus Notes .id file
After a user imports an IBM® Lotus Notes® .id file and the password for the Lotus Notes .id file to a BlackBerry® device, the
BlackBerry Messaging Agent encrypts the Lotus Notes .id file and password in the BlackBerry Messaging Agent memory cache
using AES encryption and the device transport key.
Security Technical Overview
Extending messaging security using IBM Lotus Notes encryption
92