Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
41424344454647484950
How devices protect personal data
BlackBerry Balance devices running BlackBerry 10 allow the encryption of personal files on devices.
You can use the "Personal Space Data Encryption" IT policy rule to turn on encryption for the personal space of devices. If
the "Personal Space Data Encryption" rule is set to Yes, files stored in the personal space of the device are encrypted. If
this rule is set to No, users can choose to encrypt files in the personal space using the Device Encryption option in the
Security and Privacy settings on the device.
If encryption is turned on for the personal space of the device, the device encrypts files stored in the personal file system
using XTS-AES-256. A device randomly generates an encryption key to encrypt the contents of a file. The file encryption
keys are protected by a hierarchical system of encryption keys, as follows:
The device encrypts the file encryption key with the personal domain key and stores the encrypted file encryption key
as a metadata attribute of the file
The personal domain key is a randomly generated key that is stored in the file system metadata and is encrypted using
the personal master key
The personal master key is also randomly generated. The personal master key is stored in NVRAM on the device and is
encrypted with the system master key
The system master key is stored in the replay protected memory block on the device
The replay protected memory block is encrypted with a key that is embedded in the processor when the processor is
manufactured
If you set the "Personal Space Data Encryption" IT policy rule to Yes, you should also set the "Apply Work Space Password
to Full Device" IT policy rule to Yes so that the work space password applies to the entire device. If you set the "Personal
Space Data Encryption" IT policy rule to No and the user chooses to turn on encryption for the personal space, the device
prompts the user to type a new password if the device does not already have a password.
Devices can also encrypt all files stored on media cards that are inserted in devices. Users can save only personal data to
media cards.
The file encryption keys, the personal domain key, the personal master key, and the system master key are generated
using the BlackBerry OS Cryptographic Kernel, which received FIPS 140-2 certification for the BlackBerry 10 OS.
Related information
Protecting data on media cards, 50
Protecting data on media cards
BlackBerry Balance devices running BlackBerry 10 allow users to store only personal data on media cards and that data is
stored in an unencrypted format.
Although users can't move or save work files to media cards, if your organization wants to ensure the security of files on
them, you can require that devices encrypt all files stored on them using the "Media Card Encryption" IT policy rule.
Related information
Media cards, 103
Security Technical
Overview
Using BlackBerry Balance to secure BlackBerry 10 devices in your organization’s environment for work
use and personal use
50