Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
61626364656667686970
Data flow: Generating a work space key when the “Two-factor Encryption
Key Generation” IT policy rule is set to Yes
If you set the "Two-factor Encryption Key Generation" IT policy rule to Yes, BlackBerry PlayBook tablets base the
encryption key on both the protected secret and the password for the work space. For more information about IT policies,
see the BlackBerry Device Service Policy and Profile Reference Guide.
1. The user types the password for the work space to unlock the work space.
2. The tablet performs the following actions:
a Uses the password, a 128-bit random salt, and 20,000 iterations of the SHA-512 hash function to derive an
intermediate key.
b Uses SHA-512 to hash the intermediate key and the tablet system key to produce the work space key.
The tablet system key is created during the manufacturing process and is the SHA-512 hash of a hardware ID and a
512-bit random key.
c Overwrites and then frees the memory that stored the password, the intermediate key, and the work space key
when it is finished using them.
Data flow: Generating a work space key when the “Two-factor Encryption
Key Generation” IT policy rule is set to No
If you set the "Two-factor Encryption Key Generation" IT policy rule to No, BlackBerry PlayBook tablets base the encryption
key on the protected secret only. For more information about IT policies, see the BlackBerry Device Service Policy and
Profile Reference Guide.
To generate a work space key, tablets perform the following actions:
1. Retrieves the domain key from the NV store on the tablet.
2. Uses the domain key, a 128-bit random salt, and 20,000 iterations of the SHA-512 hash function to derive an
intermediate key.
3. Uses SHA-512 to hash the intermediate key and the tablet system key to produce the work space key.
The tablet system key is created during the manufacturing process and is the SHA-512 hash of a hardware ID and a
512-bit random key.
4. Overwrites and then frees the memory that stored the domain key, the intermediate key, and the work space key when
it is finished using them.
Security Technical
Overview
Using BlackBerry Balance to secure BlackBerry PlayBook tablets in your organization’s environment
for work use
65