User guide
Data flow: Backing up cryptographic services data
using the BlackBerry Desktop Manager
1. A user connects a BlackBerry device to the BlackBerry Desktop Manager and selects the option to update the
BlackBerry Device Software.
2. The BlackBerry Desktop Manager determines that cryptographic services data require backup during the update
process. It sends the device a command to encrypt the cryptographic services data.
3. The device performs the following actions:
a generates a BlackBerry services key and stores the BlackBerry services key in the NV store
b encrypts the cryptographic services data using the BlackBerry services key
c encrypts the BlackBerry services key using the content protection key if you or the user turns on content protection
4. The BlackBerry Desktop Manager backs up the encrypted cryptographic services data in a database on the user’s
computer as an .ipd file.
Data flow: Restoring cryptographic services data using
the BlackBerry Desktop Manager or BlackBerry
Application Web Loader
1. After the update process completes, the BlackBerry Desktop Manager or BlackBerry Application Web Loader
determines that cryptographic services data must be restored to the BlackBerry device. The BlackBerry Desktop
Manager or BlackBerry Application Web Loader sends a device a command to restore the cryptographic services data.
2. The device performs the following actions:
a retrieves the BlackBerry services key and verifies that the BlackBerry services key was not used previously
b decrypts the BlackBerry services key if you or a user turn on content protection
3. The BlackBerry Desktop Manager restores the encrypted cryptographic services data to the device.
4. The device performs the following actions:
a decrypts the encrypted cryptographic services data using the BlackBerry services key
b restores the decrypted cryptographic data
c deletes the BlackBerry services key from the NV store
Security Technical Overview Protecting BlackBerry Device Software updates
115