Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

101

102

103

104

105

106

107

108

109

110

Device Spaces users can backup/restore Software to use

BlackBerry Balance device (excluding

BlackBerry PlayBook tablet)

• Work space

• Personal space

• BlackBerry Link

Work space only device

• Work space • BlackBerry Link

BlackBerry PlayBook tablet

• Personal space • BlackBerry Link

• BlackBerry Desktop Software

Backup protection

When a user backs up data and apps, the device encrypts the data and apps and then authenticates the backup file and

header information before it sends the file to BlackBerry Link. BlackBerry Link then stores the file on the user's computer.

The device uses AES in CTR mode with a 256-bit key to encrypt and decrypt backup files and HMAC-SHA-256 to verify the

integrity and authenticity of the backup files. Personal and work spaces are encrypted with different encryption keys.

To encrypt backup files for the personal space, the device uses a secret associated with the user's BlackBerry ID account

to generate the encryption key and HMAC key. The secret is not accessible to the user and is never stored as part of the

device backup file. The encryption key is stored on the device in an encrypted format.

To encrypt backup files for the work space, the devices uses a secret associated with the user's account associated with

the BlackBerry Device Service to generate the encryption key and HMAC key. The secret is not accessible to the user and

is never stored as part of the device backup file. The encryption key is stored in the device keystore in the work file system,

which is encrypted.

The device uses the secret and a random salt to generate a 256-bit symmetric encryption key and a 256-bit authentication

key. The device uses the encryption key to encrypt and decrypt the backup file and the authentication key to verify the

integrity and authenticity of the backup file.

BlackBerry PlayBook tablet users can use BlackBerry Desktop Software to back up data instead of BlackBerry Link. If a

tablet is running BlackBerry PlayBook OS 2.0.1 or later and a user selects Encrypt backup file in the File Options in the

BlackBerry Desktop Software, the BlackBerry Desktop Software applies an additional layer of encryption to the backup file.

Restore protection

When a user restores backed up data and apps to a device, the device verifies the authenticity and integrity of the backup

file before it decrypts and restores it.

To restore an encrypted backup file to the personal space on a new device during a device switch, the new device must use

the same BlackBerry ID as the old device.

To restore an encrypted backup file to the work space on a new device during a device switch, the work space on the new

device must be activated using the same user from your organization's user directory.

Security Technical Overview Protecting data

102