Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
31323334353637383940
Data flow: Running a masking operation during subsequent AES calculations when
content protection is turned on
A BlackBerry device performs the following actions:
1. performs the masking operation by periodically and randomly permuting all table entries in every calculation
2. runs the input through both M and S'
3. combines the output from M and S'
4. deletes the mask and produces the AES output
Data flow: Running a masking operation when a device does not use content
protection
If you or a user did not turn on content protection, a BlackBerry device performs the following actions during an AES
calculation:
1. masks the output from the round key
2. masks the AES S-Box input
3. masks the AES S-Box output
How the AES algorithm creates S-Box tables and uses round keys and
masks
A BlackBerry device permutes each AES S-Box entry at random and masks each entry with a random value.
The BlackBerry device masks the round keys with random values and any S-Box masks that the AES algorithm requires to
work. Round keys are subkeys that the key schedule calculates for each round of encryption.
The BlackBerry device changes the random masks periodically and uses extra S-Box data to make identification of the S-
Box table difficult, whether the BlackBerry device uses the S-Box table in the encryption process, decryption process, or
key schedule process.
How the BlackBerry Enterprise Solution uses Triple
DES to encrypt data
The BlackBerry Enterprise Solution uses a two-key Triple DES encryption algorithm to generate message keys and device
transport keys. In the three iterations of the DES algorithm, the first 56-bit key in outer CBC mode encrypts the data, the
second 56-bit key decrypts the data, and the first key encrypts the data again.
The BlackBerry Enterprise Solution stores the message keys and device transport keys as 128-bit binary strings with each
parity bit in the least significant bit of each of the 8 bytes of key data. The message keys and device transport keys have
overall key lengths of 112 bits and include 16 bits of parity data.
Security Technical Overview Encrypting data that the BlackBerry Enterprise Server and a device send to each other
33