Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
A user can also generate a device transport key using the BlackBerry Desktop Manager. By default, the BlackBerry
Enterprise Server sends a request to the BlackBerry Desktop Manager every 30 days to prompt the user to generate a new
device transport key on the device, even if the user chooses to generate the device transport key manually using the
BlackBerry Desktop Manager.
You can use the BlackBerry Administration Service to start the process to generate a new device transport key.
Data flow: Generating a device transport key using
BlackBerry Desktop Software version 4.0 or later
In BlackBerry Desktop Software version 4.0 or later, the process to generate a device transport key uses the current time
and cursor movements as the seeds to generate random data.
To generate the device transport key, the BlackBerry Desktop Software performs the following actions:
1. prompts the user to move the cursor
2. uses the srand function of the C programming language to examine the lowest 12 bits of the x and y co-ordinates of the
new cursor location
If the bits are different from the previous sample, the BlackBerry Desktop Software stores the bits, which generates 3
bytes of randomness. If the bits are the same as the bits in the previous sample, the BlackBerry Desktop Software does
not store any bits.
3. uses the srand function to examine the next bits, after the srand function waited for a random interval between 50
milliseconds and 150 milliseconds
The srand function continues to wait for random intervals and examine bits until the BlackBerry Desktop Software
stores 384 bytes of randomness.
4. retrieves 384 bytes of randomness from the Microsoft Cryptographic API, for a total of 768 bytes
5. hashes the 384 bytes of randomness from the cursor co-ordinates and the 384 bytes of randomness from the Microsoft
Cryptographic API with SHA-512 to produce 512 bits of data
6. frees the computer memory that is associated with the unused bits
7. generates the device transport key using the first 256 bits of data if the BlackBerry Desktop Software supports AES
encryption, or the first 128 bits of data if the BlackBerry Desktop Software supports Triple DES encryption
8. deletes any bits of data that it does not use to generate the device transport key
Message keys
A BlackBerry Enterprise Server and BlackBerry device generate one or more message keys that are designed to protect the
integrity of the data (for example, short keys or large messages) that the BlackBerry Enterprise Server and device send
between each other. If a message exceeds 2 KB and consists of several data packets, the BlackBerry Enterprise Server and
device generate a unique message key for each data packet.
Security Technical Overview Keys on a device
24