Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

BlackBerry Enterprise Solution 30

Item Description

calendar

• subject

• location

• organizer

• attendees

• notes included in the appointment or meeting request

contacts (in the address book) all information except the contact title and category

Note: Set the Force Include Address Book In Content Protection IT policy

rule to True to prevent the BlackBerry device user from turning off the

Include Address Book option on the BlackBerry device. The BlackBerry

device permits the Caller ID and Bluetooth Address Book transfer features

to work when content protection is turned on and the BlackBerry device is

locked.

• subject

• email addresses

• message body

• attachments

memo list

• title

• information included in the body of the note

OMA DRM applications a key identifying the BlackBerry device and a key identifying the SIM card

(if available) that the BlackBerry device adds to DRM forward-locked

applications

RSA SecurID Library the contents of the .sdtid file seed stored in flash memory

tasks

• subject

• information included in the body of the task

Enabling protected storage of BlackBerry device data

The BlackBerry Enterprise Server administrator enables protected storage of data on the BlackBerry device by

setting the Content Protection Strength IT policy rule. Choose a strength level that corresponds to the desired

ECC key strength.

If a BlackBerry device user turns on content protection on the BlackBerry device, in the BlackBerry device

Security Options, the BlackBerry device user can set the content protection strength to the same levels that the

BlackBerry Enterprise Server administrator can set using the IT policy rule.

When the content-protected BlackBerry device decrypts a message that it received while locked, the BlackBerry

device uses the ECC private key in the decryption operation. The longer the ECC key, the more time the ECC

decryption operation adds to the BlackBerry device decryption process. Choose a content protection strength

level that optimizes either the ECC encryption strength or the decryption time.

If the BlackBerry Enterprise Server administrator sets the content protection strength to Stronger (to use a 283-

bit ECC key) or to Strongest (to use a 571-bit ECC key), consider setting the Minimum Password Length IT policy

rule to enforce a minimum BlackBerry device password length of 12 characters or 21 characters, respectively.

These password lengths maximize the encryption strength that the longer ECC keys are designed to provide. The

BlackBerry device uses the BlackBerry device password to generate the ephemeral 256-bit AES encryption key

that the BlackBerry device uses to encrypt the content protection key and the ECC private key. A weak password

produces a weak ephemeral key.

For more information, see “Process for generating content protection keys” on page 14.