Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
61626364656667686970
Protecting data on a device
Encrypting user data on a locked device
If you or a BlackBerry device user turns on content protection, you or the user can configure a locked device to encrypt
stored user data and data that the locked device receives. When you or a user turns on content protection, a locked device
is designed to use AES-256 encryption to encrypt stored data and an ECC public key to encrypt data that the locked device
receives.
For example, the locked device uses content protection to encrypt the following items:
subject, location, meeting organizer, attendees, and any notes in all appointments or meeting requests
all contact information in the contact list except for the contact title and category
subject, email addresses of intended recipients, message body, and attachments in all email messages
title and information that is included in the body of a note for all memos (also known as posted messages)
subject and all information that is included in the body of tasks (also known as posted all day appointments)
if you use software tokens, contents of the .sdtid file seed that is stored in flash memory
all data that is associated with third-party applications that a user installs on the device
in the BlackBerry Browser, content that web sites or third-party applications push to the device, any web sites that the
user saves on the device, and the browser cache
all text that replaces the text automatically that the user types on the device
You can change the Content Protection of Contact List IT policy rule to Required to prevent the user from turning off
content protection for the contact list on the device. If you change the Content Protection of Contact List IT policy rule to
Required, the device does not permit call display and does not share contacts over a Bluetooth connection when the
device is locked.
Configuring the encryption of device data on a locked
device
You can turn on content protection of BlackBerry device data on a locked device using the Content Protection Strength IT
policy rule. You can choose a strength level that corresponds to the ECC key strength that your organization requires.
A user can turn on content protection in the security options, in the encryption options on the device. The user can change
the content protection strength to the same level that you specify using the IT policy rule or to a higher level.
8
Security Technical Overview Protecting data on a device
64