Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
Data flow: Generating a message key on a device
A device uses the DRBG function to generate a message key.
To generate a message key, the device performs the following actions:
1. Retrieves random data from multiple sources to generate the seed using a technique that the device derives from the
initialization function of the ARC4 encryption algorithm
2. Uses the random data to reorder the contents of a 256-byte state array
3. Adds the 256-byte state array into the ARC4 encryption algorithm to further randomize the 256-byte state array
4. Draws 521 bytes from the ARC4 state array
The device draws an additional 9 bytes for the 256-byte state array, for a total of 521 bytes (512 + 9 = 521) to make
sure that the pointers before and after the call are not in the same place, and in case the first few bytes of the ARC4
state array are not random.
5. Uses SHA-512 to hash the 521-byte value to 64 bytes
6. Uses the 64-byte value to seed the DRBG function
The device stores a copy of the seed in a file. When the device restarts, it reads the seed from the file and uses the XOR
function to compare the stored seed with the new seed.
7. Uses the DRBG function to generate 256 pseudorandom bits for use with AES encryption
8. Uses the pseudorandom bits to create the message key
For more information about the DRBG function, see NIST Special Publication 800-90.
Data flow: Generating a message key on the BlackBerry Device Service
A BlackBerry Device Service uses the DSA PRNG function to generate a message key.
To generate a message key, the BlackBerry Device Service performs the following actions:
1. Retrieves random data from multiple sources for the seed, using a technique that the BlackBerry Device Service
derives from the initialization function of the ARC4 encryption algorithm
2. Uses the random data to reorder the contents of a 256-byte state array
The BlackBerry Device Service requests 512 bits of randomness from the Microsoft Cryptographic API to increase the
randomness of the data.
3. Adds the 256-byte state array into the ARC4 algorithm to further randomize the 256-byte state array
4. Draws 521 bytes from the 256-byte state array
The BlackBerry Device Service draws an additional 9 bytes for the 256-byte state array, for a total of 521 bytes (512 + 9
= 521) to make sure that the pointers before and after the generation process are not in the same place, and in case
the first few bytes of the 256-byte state array are not random.
5. Uses SHA-512 to hash the 521-byte value to 64 bytes
6. Uses the 64-byte value to seed the DSA PRNG function
Security Technical Overview How devices connect to the BlackBerry Device Service
24