Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
919293949596979899100
The BlackBerry Messaging Agent deletes the Lotus Notes .id file and the plain-text password when the BlackBerry® Enterprise
Server cannot decrypt a message, when the BlackBerry Enterprise Server restarts, or when the password expires. (The default
timeout value is 24 hours.)
The BlackBerry Messaging Agent does not delete the encrypted password in the BlackBerry Messaging Agent memory cache.
You can change the duration that the BlackBerry Messaging Agent caches the password for. For information about changing
the duration that the BlackBerry Messaging Agent caches the password for, visit www.blackberry.com/support to read article
KB12420.
If the user types a password incorrectly more than 10 times consecutively within 1 hour, the BlackBerry Messaging Agent makes
secure messaging unavailable for 1 hour. This period increases each time that the user exceeds the maximum number of
unsuccessful password attempts. The period increases by 10-minute increments to a maximum of 24 hours. When the user types
the password correctly, the BlackBerry Messaging Agent restores the default value of 1 hour.
Process flow: Sending an email message using IBM Lotus Notes encryption
1. A user indicates, using the menu in the messages application, that the BlackBerry® device must encrypt the email message.
2. The BlackBerry device performs the following actions:
a. prompts the user for the password for the IBM® Lotus Notes® .id file
b. configures the email message for Lotus Notes encryption
c. encrypts the email message using BlackBerry transport layer encryption
d. sends the email message and password to the BlackBerry® Enterprise Server
3. The BlackBerry Enterprise Server decrypts the email message using BlackBerry transport layer encryption.
4. The BlackBerry Messaging Agent on the BlackBerry Enterprise Server decrypts the cached password for the Lotus Notes .id
file and validates the password that the BlackBerry device sent. If the BlackBerry Messaging Agent can verify the password,
the BlackBerry Messaging Agent uses the password to encrypt the message using Lotus Notes encryption.
5. The BlackBerry Enterprise Server sends the encrypted email message to the messaging server so that the messaging server
can deliver it to the recipient.
Security Technical Overview
Extending messaging security using IBM Lotus Notes encryption
93