User guide
Encrypting the device transport key on a locked device.......................................................................................................66
What happens when a user resets a device after you turn on content protection for the device transport key ................ 66
Resetting a device password when content protection is turned on..................................................................................... 67
Data flow: Resetting a device password when content protection is turned on ..............................................................67
Protecting passwords that a device stores ..........................................................................................................................68
Protecting data that a device stores on a media card.......................................................................................................... 69
Data flow: Generating an encryption key for a media card............................................................................................ 69
How the BlackBerry Attachment Service protects data on a device..................................................................................... 70
Best practice: Protecting the BlackBerry Attachment Service...................................................................................... 70
How a device protects its operating system and the BlackBerry Device Software ................................................................ 71
How a device authenticates the boot ROM code and binds the device processor when the device turns on ......................... 71
9 Protecting the data that the BlackBerry Enterprise Server stores in your organization's
environment...................................................................................................................................72
Where the BlackBerry Enterprise Server stores messages and user data in the messaging environment ..............................72
Data that the BlackBerry Configuration Database stores .................................................................................................... 73
Best practice: Protecting the data that the BlackBerry Configuration Database stores.................................................. 73
How the BlackBerry Enterprise Server and device protect IT policies ..................................................................................75
10 Protecting communication with a device......................................................................................... 77
Opening a direct connection between a device and a BlackBerry Router.............................................................................77
Advantages of using the BlackBerry Router protocol.................................................................................................... 77
Data flow: Authenticating a device with the BlackBerry Enterprise Server using the BlackBerry Router protocol ........... 78
Closing a direct connection between a device and BlackBerry Router.......................................................................... 78
Impersonation attacks that the BlackBerry Router protocol is designed to prevent .......................................................78
How the BlackBerry Router protocol uses the Schnorr identification scheme to open an authenticated connection.......79
Data flow: Using the BlackBerry Router protocol to open an authenticated connection.................................................79
Data flow: Using the BlackBerry Router protocol to close an authenticated connection.................................................81
Cryptosystem parameters that the BlackBerry Router protocol uses ............................................................................82
Best practice: Protecting plain text messages that a device sends over the wireless network............................................... 83
How the BlackBerry Enterprise Server protects connections between a device and the Internet or intranet..........................84
Protecting HTTP connections from a device to content servers and application servers using HTTPS...................................85
Warning messages for invalid certificates ...........................................................................................................................85
Permitting TLS connections to websites that use invalid certificates ................................................................................... 86
When a website certificate changes.............................................................................................................................86
When IT policy rule changes affect TLS settings........................................................................................................... 86
How a device protects a connection to a WAP gateway....................................................................................................... 87
What happens to data that is not delivered to a device ....................................................................................................... 87
What happens to data that is not delivered because the connection between a BlackBerry Enterprise Server and
the BlackBerry Infrastructure closes............................................................................................................................87
What happens to data that is not delivered because a device is not available on the wireless network............................88
11
Protecting communications in your organization's environment.......................................................89