Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
1. Retrieves random data from multiple sources to generate the seed using a technique that the device derives from the
initialization function of the ARC4 encryption algorithm
2. Uses the random data to reorder the contents of a 256-byte state array (also known as a 2048-bit state array)
3. Adds the 256-byte state array into the ARC4 encryption algorithm to further randomize the 256-byte state array
4. Draws 521 bytes from the ARC4 state array
The device draws an additional 9 bytes for the 256-byte state array, for a total of 521 bytes (512 + 9 = 521) to make
sure that the pointers before and after the call are not in the same place, and in case the first few bytes of the ARC4
state array are not random
5. Uses SHA-512 to hash the 521-byte value to 64 bytes
6. Uses the 64-byte value to seed the DRBG function (if the device is not operating in FIPS mode, the device uses the DSA
PRNG function)
The device stores a copy of the seed in a file. When the device restarts, it reads the seed from the file and uses the XOR
function to compare the stored seed with the new seed.
7. Uses the DRBG function to generate 128 pseudorandom bits for use with Triple DES encryption and 256
pseudorandom bits for use with AES encryption (if the device is not operating in FIPS mode, the device uses the DSA
PRNG function)
8. Uses the pseudorandom bits to create the message key
For more information about the DRBG function, see NIST Special Publication 800-90. For more information about the DSA
PRNG function, see
Federal Information Processing Standard - FIPS PUB 186-2.
Content protection keys
When you or a user turns on content protection for a BlackBerry device, the BlackBerry device generates a content
protection key. The content protection key is designed to encrypt user data on the BlackBerry device when it is locked.
When the BlackBerry device is locked, an encryption process begins. The BlackBerry device frees the memory that it
associates with the content protection key and ECC private key that it stores in RAM. The BlackBerry device then uses the
ECC public key to encrypt new data that it receives.
When a user unlocks a BlackBerry device, the BlackBerry device decrypts the content protection key and ECC private key
in flash memory. When the user wants to view data, the BlackBerry device uses the content protection key or ECC private
key to decrypt the data before the BlackBerry device displays it. An unlocked BlackBerry device uses the content
protection key to encrypt new data that the user types or adds to the
BlackBerry device, or that the BlackBerry device
receives.
Security Technical Overview Keys on a device
26