User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

Contents

1 New in this release..........................................................................................................................10

2 Overview........................................................................................................................................ 11

BlackBerry Enterprise Solution security..............................................................................................................................11

Security features of the BlackBerry Enterprise Solution.......................................................................................................12

Architecture: BlackBerry Enterprise Solution......................................................................................................................13

3 Keys on a device.............................................................................................................................18

Enforcing the FIPS mode of operation on a device...............................................................................................................19

Device transport keys ........................................................................................................................................................20

States for device transport keys .................................................................................................................................. 20

Where the BlackBerry Enterprise Solution stores device transport keys ....................................................................... 21

Generating device transport keys.................................................................................................................................22

Data flow: Generating a device transport key using BlackBerry Desktop Software version 4.0 or later............................24

Message keys ....................................................................................................................................................................24

Data flow: Generating a message key on a BlackBerry Enterprise Server ......................................................................25

Data flow: Generating a message key on a device ........................................................................................................25

Content protection keys .....................................................................................................................................................26

Data flow: Turning on content protection using a BlackBerry Enterprise Server.............................................................27

Data flow: Generating a content protection key on a device.......................................................................................... 27

Data flow: Deriving an ephemeral key that protects a content protection key and ECC private key.................................28

Principal encryption keys .................................................................................................................................................. 29

Data flow: Generating a principal encryption key..........................................................................................................29

PIN encryption keys .......................................................................................................................................................... 29

Encrypting data that the BlackBerry Enterprise Server and a device send to each other ...................31

Algorithms that the BlackBerry Enterprise Solution uses to encrypt data............................................................................. 31

How the BlackBerry Enterprise Solution uses AES to encrypt data................................................................................32

How the BlackBerry Enterprise Solution uses Triple DES to encrypt data...................................................................... 33

Data flow: Sending an email message to a device using BlackBerry transport layer encryption.............................................34

Data flow: Sending an email message from a device using BlackBerry transport layer encryption.........................................35

Managing BlackBerry Enterprise Solution security...........................................................................36

Using an IT policy to manage BlackBerry Enterprise Solution security................................................................................. 36

Preconfigured IT policies.............................................................................................................................................36

Using IT policy rules to manage BlackBerry Enterprise Solution security.......................................................................38

Sending an IT policy over the wireless network.............................................................................................................38

Assigning IT policies and resolving IT policy conflicts....................................................................................................38

Best practice: Controlling which applications can use the GPS feature on a device ............................................................. 41