Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
BlackBerry Enterprise Solution Security
Protecting stored data 24
Enabling protected storage of master encryption keys on a locked BlackBerry device
You enable protected storage of master encryption keys on the BlackBerry device by setting the Force Content
Protection of Master Keys IT policy rule. When you turn on content protection of master encryption keys, the
BlackBerry device uses the same ECC key strength that it uses to encrypt user and application data when
encrypting the master encryption keys.
See “Enabling protected storage of BlackBerry device data” on page 23 for more information.
Protected storage of master encryption keys on a BlackBerry device during a reset
If you turn on content protection of master encryption keys, during a BlackBerry device reset the BlackBerry
device
turns off the wireless radio
turns off serial bypass
frees the memory associated with all data and encryption keys stored in RAM, including the decrypted
grand master key
locks
The wireless radio and serial bypass are designed to be turned off while the content protection key is not
available to decrypt the grand master key in flash memory. Until a user unlocks the BlackBerry device using the
correct BlackBerry device password the BlackBerry device cannot receive and decrypt data.
When the user unlocks the BlackBerry device after a reset, the BlackBerry device
uses the content protection key to decrypt the grand master key in flash memory
stores the decrypted grand master key in RAM again
re-establishes the wireless connection to the BlackBerry Infrastructure
resumes serial bypass
receives data from the BlackBerry Enterprise Server
Cleaning the BlackBerry device memory
By default, the BlackBerry device continually runs a standard Java garbage collection process to reclaim
BlackBerry device memory that is no longer referenced.
If secure garbage collection is turned on, the BlackBerry device performs the following additional actions:
overwrites the memory reclaimed by the standard garbage collection process with zeroes
periodically runs the memory cleaner program, which tells BlackBerry device applications to empty any
caches and free memory associated with unused, sensitive application data
automatically overwrites the memory freed by the memory cleaner program when it runs
Any of the following conditions enable the BlackBerry device to perform secure garbage collection:
content protection is turned on
a program uses the RIM Cryptographic Application Programming Interface (Crypto API) to create a private
or symmetric key
a third-party application turns on secure garbage collection by registering with the memory cleaner
S/MIME Support Package is installed
PGP Support Package is installed
www.blackberry.com