Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
919293949596979899100
If the "Two-factor Encryption Key Generation" IT policy rule is set to Yes, the tablet uses the current password to
derive the current intermediate key.
If the "Two-factor Encryption Key Generation" IT policy rule is set to No, the tablet retrieves and uses the domain
key from the NV store to derive the current intermediate key.
Uses the current intermediate key to derive the current work space key and decrypts the domain security record
Derives a new intermediate key
If the "Two-factor Encryption Key Generation" IT policy rule is set to Yes, the tablet uses the new password, a 128-
bit random salt, and 20,000 iterations of the SHA-512 hash function to derive the new intermediate key.
If the "Two-factor Encryption Key Generation" IT policy rule is set to No, the tablet uses the domain key, a 128-bit
random salt, and 20,000 iterations of the SHA-512 hash function to derive the new intermediate key.
Uses the new intermediate key to derive a new work space key that it uses to encrypt the domain security record
Encrypts the new intermediate key using the public key that the Enterprise Management Web Service associates
with the tablet and stores the encrypted key on the tablet
Because only the Enterprise Management Web Service has the corresponding unique private key for each tablet that is
activated on the Enterprise Management Web Service, only the Enterprise Management Web Service can decrypt the
encrypted intermediate key. The intermediate key is not persistently stored on the tablet in unencrypted form.
The work space password is reset.
Security timeout
You can use the "Security Timeout" IT policy rule to require that a device lock the work space or the entire device after a
certain period of inactivity.
On BlackBerry Balance devices, including BlackBerry PlayBook tablets, that have different work space and device
passwords, the security timeout of the work space is controlled by the "Security Timeout" IT policy rule and the “Lock work
space after” option (in the BlackBerry Balance settings on the device). The security timeout of the entire device is
controlled by the “Lock Device After” option (in the Device Password settings on the device).
Work apps (including apps that display work data and personal data in a unified view) follow the security timeout for the
work space, and if there is no user activity in the work space within the time specified, the work space locks automatically
even if the user is using personal apps (not including apps that display work data and personal data in a unified view) at the
time.
On BlackBerry Balance devices that have a work space password that applies to the full device, the security timeout of the
entire device is controlled by the "Security Timeout" IT policy rule, along with the “Lock work space after” option (in the
BlackBerry Balance settings on the device). The “Lock Device After” option (in the Device Password settings on the device)
will be greyed out.
On work space only devices, because there is only a work space on these devices, the "Security Timeout" IT policy rule,
along with the “Lock Device After” option (in the Device Password settings on the device), apply to the entire device. If
there is no user activity on the device within the time specified, the entire device locks.
Security Technical Overview Protecting data
98