Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
61626364656667686970
device locks. If the device does not complete the re-encryption process before the user unlocks the device, the device
resumes re-encryption when it locks again.
Encrypting the device transport key on a
locked device
If you turn on content protection for device transport keys, a BlackBerry device uses the principal encryption key to encrypt
the device transport keys that are stored in flash memory. The device encrypts the principal encryption key using the
content protection key. When a locked device receives data that is encrypted using the device transport key, it uses the
decrypted principal encryption key to decrypt the device transport key in flash memory and then uses the decrypted device
transport key to decrypt data.
When you, a user, or a password timeout locks the device, the wireless transceiver remains on and the device does not
delete the memory that is associated with the principal encryption key or device transport key. The device is designed to
prevent the decrypted principal encryption key and the decrypted device transport key from appearing in flash memory.
You can turn on content protection for device transport keys on the device when you configure the Force Content
Protection of Master Keys IT policy rule. When you turn on content protection of device transport keys, the device uses the
ECC key strength that you specified in the Content Protection Strength IT policy rule to encrypt the device transport keys.
What happens when a user resets a device after you
turn on content protection for the device transport key
If you turn on content protection of device transport keys, a BlackBerry device performs the following actions when a user
resets the device by removing and reinserting the battery:
turns off the data connection over the wireless network
suspends serial bypass connections if your organization's environment includes an enterprise Wi-Fi network and the
device can connect directly to a BlackBerry Router
frees the memory that is associated with all data and keys, including the decrypted principal encryption key
locks itself
The device is designed to turn off the data connection and serial bypass connection while the content protection key is
unavailable to decrypt the principal encryption key in flash memory. Until a user unlocks the device, the device cannot
receive and decrypt data. The device does not turn off the wireless transceiver and can still receive phone calls, SMS text
messages, and MMS messages.
When the user unlocks the device after resetting it, the device performs the following actions:
uses the content protection key to decrypt the principal encryption key in flash memory
stores the decrypted principal encryption key in flash memory
Security Technical Overview Protecting data on a device
66