Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
919293949596979899100
Data flow: When you change the work space password on a BlackBerry
PlayBook tablet
1. You send the "Specify new device password and lock device" IT administration command to the BlackBerry PlayBook
tablet.
2. The tablet sends the encrypted intermediate key to the Enterprise Management Web Service.
3. The Enterprise Management Web Service uses the private key that is associated with the tablet to decrypt the
intermediate key and sends the intermediate key back to the tablet.
The Enterprise Management Web Service stores a unique private key for each tablet that is activated on the Enterprise
Management Web Service.
4. The tablet performs the following actions:
Uses the intermediate key to rederive the work space key and decrypts the domain security record
Computes a SHA-512 hash of the new password and a random 64-bit salt and stores it on the tablet
Generates a new intermediate key
If the "Two-factor Encryption Key Generation" IT policy rule is set to Yes, the tablet uses the new password to
generate the new intermediate key.
If the "Two-factor Encryption Key Generation" IT policy rule is set to No, the tablet uses the domain key to generate
the new intermediate key.
Uses the new intermediate key to generate a new work space key and uses it to encrypt the domain security record
Encrypts the new intermediate key using the public key that the Enterprise Management Web Service associates
with the tablet and stores the encrypted key on the tablet
Because only the Enterprise Management Web Service has the corresponding private key, only the Enterprise
Management Web Service can decrypt the encrypted intermediate key. The intermediate key is never persistently
stored on the tablet in unencrypted form.
The work space password is reset.
Data flow: When a user changes the work space password on the
BlackBerry PlayBook tablet
1. In the BlackBerry Balance settings on the BlackBerry PlayBook tablet, the user types the current password and the
new password.
2. The tablet authenticates the user by computing a SHA-512 hash of the current password and a stored 64-bit salt and
comparing the result with the stored hash of the current password.
If the two hashes match, the work space unlocks and the password reset continues.
3. The tablet performs the following actions:
Computes a SHA-512 hash of the new password and a random 64-bit salt and stores it on the tablet
Derives the current intermediate key
Security Technical Overview Protecting data
97