Installation guide

BlackBerry Enterprise Solution 89

Protocol process

When the BlackBerry Enterprise Server administrator sends the Set a Password and Lock Handheld IT

administration command to a content-protected BlackBerry device, the following actions occur.

1. The BlackBerry Enterprise Server administrator types the new BlackBerry device password in the BlackBerry

Manager.

2. The BlackBerry Enterprise Server sends the Set a Password and Lock Handheld IT administration command

and the new BlackBerry device password to the BlackBerry device.

3. The BlackBerry device performs the following actions:

• picks r randomly

• stores r in RAM

• calculates D’ = rD = rdP

• calculates h = SHA-1( B )

4. The BlackBerry device sends D’ and h to the BlackBerry Enterprise Server.

5. The BlackBerry Enterprise Server receives D’ and h, and performs the following actions:

• uses h to determine which B the BlackBerry device used, and hence which b to use

• verifies that D’ is a valid public key

• calculates K’ = bD’ = brdP = rdB = rK (The BlackBerry Enterprise Server knows only rK, and cannot

calculate K without r.)

• calculates h = SHA-1( D’ )

6. The BlackBerry Enterprise Server sends the new BlackBerry device password, K’, and h to the BlackBerry

device.

7. The BlackBerry device receives the new BlackBerry device password, K’, and h, and performs the following

actions:

• uses h to verify that K’ is associated with D’ and r

• verifies K’ is a valid public key

• calculates r

-1

K’ = r

-1

rK = K

• permanently deletes r

• uses K to decrypt the content protection key

• permanently deletes K

8. The BlackBerry device performs the following actions:

• picks d randomly

• calculates D = dP

• store D in flash memory

• calculates K = dB.

9. The BlackBerry device uses K to encrypt the new BlackBerry device password.

10. The BlackBerry device uses the encrypted new password to encrypt the content protection key.

2008 Research In Motion Limited. All rights

reserved.