User guide
f permanently deletes K
5. The device performs the following actions:
a selects d randomly
b calculates D = dP
c stores D in flash memory
d calculates K = dB
e uses K to encrypt the new BlackBerry device password
f uses the encrypted new password to encrypt the content protection key
Managing device access to the BlackBerry
Enterprise Server
You can use the Enterprise Service Policy to control which BlackBerry devices can connect to a BlackBerry Enterprise
Server. By default, after you turn on the Enterprise Service Policy, the BlackBerry Enterprise Server permits connections
from any device that you previously associated with the
BlackBerry Enterprise Server. The BlackBerry Enterprise Server
also prevents connections from any device that you associate with the BlackBerry Enterprise Server after you turn on the
Enterprise Service Policy.
You can configure an allowed list to determine which devices can access a BlackBerry Enterprise Server. A device that
meets the criteria that you specify in the allowed list can associate with the BlackBerry Enterprise Server when the device
activates over the wireless network.
You can define the following types of criteria:
• specific device PINs
• range of device PINs
• specific manufacturers
• specific device models
The BlackBerry Administration Service includes lists of permitted manufacturers and models of devices that you
associated with the
BlackBerry Enterprise Server previously.
You can permit a user to override the Enterprise Service Policy so that a device can connect to the BlackBerry Enterprise
Server
even if you configure the allowed list with criteria that exclude that device.
For more information, see the BlackBerry Enterprise Server Administration Guide.
Security Technical Overview Managing BlackBerry Enterprise Solution security
44