Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
Characteristics Description
long-term public keys exchanged The wireless activation process verifies that the BlackBerry Enterprise Server
and device can exchange the device transport key in a manner that is designed
to be highly secure when they generate a new device transport key.
Generating subsequent device transport keys for a device
By default, the BlackBerry Enterprise Server and BlackBerry device generate subsequent device transport keys every 30
days. If a pending device transport key exists and a user connects a device to a computer, the current device transport key
on the device becomes the previous device transport key and the pending device transport key becomes the current
device transport key. If no pending device transport key exists, you, the user, or the
BlackBerry Desktop Software can
generate a device transport key.
The BlackBerry Enterprise Server and device generate the device transport key using existing long-term public keys and
the ECMQV key exchange algorithm to negotiate a device transport key. This method is designed so that a potentially
malicious user is unable to calculate the device transport key. The
BlackBerry Enterprise Server and device discard the key
pair after they generate the device transport key.
For more information about the ECMQV key exchange algorithm, see NIST: Special Publication 800-56: Recommendation
on Key Establishment schemes, Draft 2.0 and the Guide to Elliptic Curve Cryptography.
Security characteristics for generating subsequent device transport keys
Characteristics Description
authentication Authentication means that only a BlackBerry device that a user authenticates
with or a BlackBerry Enterprise Server can generate subsequent device
transport keys. Authentication is designed so that a potentially malicious user
cannot use another device to impersonate an activated device and generate a
device transport key.
password independent Password independent means that the user does not require an activation
password and you do not have to perform any actions when you or a user
generates a subsequent device transport key.
flexible initiation Flexible initiation means that you or a user can generate a subsequent device
transport key at any time.
PFS PFS means that subsequent device transport keys are independent of previous
device transport keys. A device transport key does not help the potentially
malicious user decrypt data that another device transport key protects.
Generating a device transport key manually
To generate a device transport key on an activated BlackBerry device, a user can click Regenerate Encryption Key, in the
device options, in the security options. The device sends the request to generate a device transport key to the
BlackBerry
Enterprise Server over the wireless network.
Security Technical Overview Keys on a device
23