Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
919293949596979899100
The Enterprise Management Web Service stores a unique private key for each device that is activated on the Enterprise
Management Web Service.
4. The device performs the following actions:
Uses the intermediate key to rederive the work master key and decrypts the work domain key
Computes a SHA-512 hash of the new password and a random 64-bit salt and stores it on the device
Generates a new intermediate key
Uses the new intermediate key to generate a new work master key and uses it to encrypt the work domain key
Encrypts the new intermediate key using the public key that the Enterprise Management Web Service associates
with the device and stores the encrypted key on the device
Because only the Enterprise Management Web Service has the corresponding private key, only the Enterprise
Management Web Service can decrypt the encrypted intermediate key. The intermediate key is never persistently
stored on the device in unencrypted form.
The work space password is reset.
Data flow: When a user changes the work space password on a
BlackBerry Balance device running BlackBerry 10 OS
1. In the BlackBerry Balance settings on the device, the user types the current password and the new password.
2. The device authenticates the user by computing a SHA-512 hash of the current password and a stored 64-bit salt and
compares the result with the stored hash of the current password.
If the two hashes match, the work space unlocks and the password reset continues.
3. The device performs the following actions:
Computes a SHA-512 hash of the new password and a random 64-bit salt and stores it on the device
Derives the current intermediate key
Uses the current intermediate key to derive the current work master key and decrypts the work domain key
Derives a new intermediate key
Uses the new intermediate key to derive a new work master key that it uses to encrypt the work domain key
Encrypts the new intermediate key using the public key that the Enterprise Management Web Service associates
with the device and stores the encrypted key on the device
Because only the Enterprise Management Web Service has the corresponding unique private key for each device that is
activated on the Enterprise Management Web Service, only the Enterprise Management Web Service can decrypt the
encrypted intermediate key. The intermediate key is not persistently stored on the device in unencrypted form.
The work space password is reset.
Security Technical Overview Protecting data
96