Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
61626364656667686970
The first time that the user opens the password keeper on the device, the user must create the password keeper password.
The password keeper encrypts the information that it stores using AES-256 encryption, and uses the password keeper
password to decrypt the information when the user types the password keeper password. The device deletes all device
data if a user types the password keeper password incorrectly 10 times.
In the password keeper, a user can perform the following actions:
type a password and its identifying information (for example, which application the user can access using the
password), and save the information
generate random passwords that are designed to improve password strength
copy passwords and paste them into an application or password prompt for a web site
Protecting data that a device stores on a
media card
To protect the data that a BlackBerry device stores on a media card, you can configure the External File System Encryption
Level IT policy rule, or a user can configure the corresponding option on the device. You can use this rule or option to
configure whether the device encrypts the data using a password that a user provides, a device key that is randomly
generated and stored in the NV store, or both.
A media card can store a master key and the code-signing keys that are included in the header information of encrypted
files. The code-signing keys permit only applications that signed the files to access the files. A device is designed to use the
master key that is stored on the media card to decrypt and encrypt files on the media card. The master key and code-
signing keys use AES encryption. The device is designed to check the code-signing keys when the device opens the input
streams or output streams of an encrypted file and to use code-signing with RSA-1024 encryption to control access to
objects on the media card.
When a user stores a file on a media card for the first time after you or the user turns on encryption of media cards, the
device decrypts the encryption key for the media card file and uses it to encrypt the stored file. The device does not encrypt
files that a user transfers to the media card using a USB mass storage device.
The device, a computer, and other devices that use the media card can modify encrypted files (for example, truncate files)
on the media card. The device is not designed to perform integrity checks on data in encrypted files.
For more information, visit www.blackberry.com/go/serverdocs to read Enforcing encryption of internal and external file
systems on BlackBerry devices Technical Overview.
Data flow: Generating an encryption key for a media
card
When you or a user turns on encryption of media cards for the first time, a BlackBerry device generates an encryption key
(also known as a session key) for a media card.
Security Technical Overview Protecting data on a device
69