Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
11121314151617181920
Device transport keys
The device transport key encrypts the message keys that help protect the data sent between a BlackBerry Enterprise
Server
and BlackBerry device. The BlackBerry Enterprise Server and device generate the device transport key when a user
activates the BlackBerry device.
The BlackBerry Enterprise Server and device do not send the device transport key over the wireless network when they
generate the device transport key or when they exchange messages.
The BlackBerry Enterprise Solution is designed so that only the BlackBerry Enterprise Server and device know the value of
the device transport key. The BlackBerry Enterprise Server and device reject a data packet if they do not recognize the
format of a data packet or do not recognize the device transport key that protects the data packet.
States for device transport keys
The BlackBerry Enterprise Solution generates device transport keys on a regular basis so that a potentially malicious user
cannot access all data sent between a BlackBerry Enterprise Server and BlackBerry device if that user compromises a
device transport key. As the BlackBerry Enterprise Solution generates device transport keys, the device transport keys
change state from pending to current to previous.
State Description
pending A pending device transport key is the device transport key that the BlackBerry
Enterprise Solution generates to replace the current device transport key. If the
user generates the device transport key using the BlackBerry Desktop Software,
the BlackBerry Desktop Software sends the pending device transport key to the
device when the user connects the device to the computer.
The messaging environment and BlackBerry Configuration Database store the
pending device transport key.
current A current device transport key is the device transport key that the device
currently uses to encrypt and decrypt message keys.
previous A previous device transport key is the device transport key that the device used
before the BlackBerry Enterprise Solution generated the current device
transport key.
The device stores previous device transport keys in flash memory for 7 days. The
device stores previous device transport keys so that a user can decrypt
messages even after the user generates a new device transport key while
messages are queued.
Security Technical Overview Keys on a device
20