Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
11121314151617181920
BlackBerry Enterprise Solution Security
BlackBerry wireless messaging security 15
2. The BlackBerry Infrastructure routes the encrypted message to the BlackBerry Enterprise Server on which
the user resides.
The connection from the BlackBerry Enterprise Server to the BlackBerry Infrastructure is a two-way TCP
connection on port 3101. The BlackBerry Infrastructure directs messages from the BlackBerry device to this
connection using the routing information in the message.
3. The BlackBerry Enterprise Server receives the message.
4. The BlackBerry Enterprise Server decrypts, decompresses, and sends the message to the messaging server.
The BlackBerry Enterprise Server does not store a copy of the message.
5. The messaging server delivers the message to Alice’s desktop computer.
Message attachment viewing security
The BlackBerry device supports attachment viewing through the BlackBerry Attachment Service (attachment
service). The attachment service enables a user to perform the following actions on their BlackBerry device:
view Microsoft PowerPoint® slide shows, including those in .pps file format
view .bmp, .jpg, .jpeg, .gif, .png, .tif, .tiff, and .wmf file formats
view .doc, .dot, .txt .html, .htm, .pdf, .xls, .wpd, and .ppt documents in a browser
open .zip files and then open any content files of supported formats
enlarge images in .tiff format (such as scanned documents or faxes)
access inline thumbnail images for attachments that are embedded in messages
The attachment service is designed to prevent malicious applications from accessing data on the BlackBerry
device by using binary format parsing to open the attachments and prepare them to be sent to the BlackBerry
device for rendering. The attachment service neither opens the attachments nor uses any third-party application
to render the attachments.
PIN messaging
A PIN uniquely identifies each BlackBerry device on the wireless network. If a user knows the PIN of another
BlackBerry device, they can send a PIN message to that BlackBerry device. Unlike an email message that the
user sends to an email address, a PIN message bypasses the BlackBerry Enterprise Server and the corporate
network.
PIN message scrambling
During the manufacturing process, Research In Motion® (RIM®) loads a common peer-to-peer encryption key
onto BlackBerry devices. Although the BlackBerry device uses the peer-to-peer encryption key with Triple DES to
encrypt PIN messages, every BlackBerry device can decrypt every PIN message that it receives because every
BlackBerry device stores the same peer-to-peer encryption key. PIN message encryption does not prevent a
BlackBerry device other than the intended recipient from decrypting the PIN message. Therefore, consider PIN
messages as scrambled—but not encrypted—messages.
You can limit the number of BlackBerry devices that can decrypt your organization’s PIN messages by generating
a new peer-to-peer encryption key known only to BlackBerry devices in your corporation. A BlackBerry device
with a corporate peer-to-peer encryption key can send and receive PIN messages with other BlackBerry devices
on your corporate network with the same peer-to-peer encryption key. These PIN messages use corporate
scrambling instead of the original global scrambling.
You should generate a new corporate peer-to-peer encryption key if you know the current key is compromised.
You can update and resend the peer-to-peer encryption key for users in the BlackBerry Manager.
www.blackberry.com