Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
device transport keys in binary form with tags that indicate whether the status of the device transport keys is pending
(0x6002 tag), current (0x6003 tag), or previous (0x6004 tag)
Where the BlackBerry Enterprise Server stores device transport keys in an
IBM Domino environment
In an IBM Domino environment, the BlackBerry Enterprise Server stores the device transport keys in a Domino database
that is named BlackBerryProfiles.nsf. The BlackBerry profiles database contains configuration information for every user
account that exists in the Data directory. The
BlackBerry profiles database stores an account record that contains the
RIMCurrentEncryptionKeyText field, RIMPendingEncryptionKeyText field, and RIMPreviousEncryptionKeyText field. The
fields stores the device transport keys for every user account in a hexadecimal string using alphanumeric characters.
Generating device transport keys
Generating the first device transport key for a device during the activation
process
If a user connects a BlackBerry device to a computer for the first time and activates the device, the BlackBerry Desktop
Software
generates the device transport key and sends it to the device and messaging server.
If a user activates the device over the wireless network, the BlackBerry Enterprise Server and device negotiate to select the
strongest algorithm that they both support (either AES or Triple DES) and use that algorithm to generate a device transport
key. To generate public keys for key rollover on the device and create a strong, cryptographically protected connection
between the
BlackBerry Enterprise Server and device, the BlackBerry Enterprise Solution uses the SPEKE authentication
method and the activation password for the device.
For more information about the SPEKE authentication method, visit http://standards.ieee.org/ to read Password-Based
Public Key Cryptography (P1363.2).
Security characteristics for generating the first device transport key
Characteristics Description
authentication and integrity The wireless activation process verifies that only a user with the correct
activation password can activate a BlackBerry device that you associate with a
BlackBerry Enterprise Server.
prevention of offline dictionary attacks The wireless activation process is designed so that a potentially malicious user
cannot determine a user's password by viewing the protocol packets that the
BlackBerry Enterprise Server and device send between each other.
prevention of online dictionary attacks The wireless activation process is designed so that the BlackBerry Enterprise
Server prevents a potentially malicious user from activating a device if that user
types an incorrect activation password more than five times.
Security Technical Overview Keys on a device
22