Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
BlackBerry Enterprise Solution Security
Protecting stored data 22
IT policy signing and storage on the BlackBerry device
An IT policy is a collection of one or more IT policy rules. An IT Admin command is a function that you can send
wirelessly to immediately control access to or change ownership information on the BlackBerry device.
After the BlackBerry Enterprise Server installation process creates the BlackBerry configuration database, the
BlackBerry Enterprise Server generates a unique private and public key pair to authenticate the IT policy and the
IT Admin commands, and digitally signs the Default IT policy before automatically sending it and the IT policy
public key to the BlackBerry device.
The BlackBerry device stores the digitally signed IT policy and the IT policy public key in the NV store in flash
memory, binding the IT policy to that particular BlackBerry device. The NV store persists in flash memory and can
only be overwritten by the BlackBerry device operating system. Third-party application code cannot write to the
NV store.
The BlackBerry Enterprise Server stores the IT policy private key in the BlackBerry configuration database. The
BlackBerry Enterprise Server uses the IT policy private key to sign all IT policy packets that it sends to the
BlackBerry device. The BlackBerry device uses the IT policy public key in the NV store to authenticate the digital
signature on the IT policy.
Application password encryption and storage on the BlackBerry device
A user can use the Password Keeper tool to create and store all of the passwords that they might use to gain
access to applications and web sites on the BlackBerry device. This means that a user is required to remember
only the Password Keeper master password to retrieve all of their stored passwords.
The first time that a user opens the Password Keeper on the BlackBerry device, they must create the Password
Keeper master password. The Password Keeper encrypts the information (for example, application and web site
passwords and data) that it stores using 256-bit AES, and uses the master password to decrypt the information
when a user types the master password to gain access to the Password Keeper tool. The BlackBerry device
automatically deletes all of its data if a user types the Password Keeper master password incorrectly ten times.
In the Password Keeper, a user can
type a password and its identifying information (for example, which application the user can access using
the password) and save the information
generate random passwords designed to improve password strength
copy passwords to the clipboard to be pasted into an application or web site password prompt
Protected storage of user data on a locked BlackBerry device
Content protection of user data is designed to
use 256-bit AES to encrypt stored data when the BlackBerry device is locked
use an ECC public key to encrypt data that the BlackBerry device receives when it is locked
When you or a user turns on content protection on the BlackBerry device, the BlackBerry device uses content
protection to encrypt the following user data items:
BlackBerry device application User data
email
subject
email addresses
message body
attachments
www.blackberry.com