Table of Contents
Advertisement
BlackBerry Enterprise Solution
device user is required to remember only the Password Keeper master password to retrieve all of their stored
passwords.
The first time that a BlackBerry device user opens the Password Keeper on the BlackBerry device, the user must
create the Password Keeper master password. The Password Keeper encrypts the information (for example,
application and web site passwords and data) that it stores using 256-bit AES, and uses the master password to
decrypt the information when a BlackBerry device user types the master password to gain access to the
Password Keeper tool. The BlackBerry device automatically deletes all of its data if a user types the Password
Keeper master password incorrectly ten times.
In the Password Keeper, a BlackBerry device user can
•
type a password and its identifying information (for example, which application the BlackBerry device user
can access using the password) and save the information
•
generate random passwords designed to improve password strength
•
copy passwords to the clipboard to be pasted into an application or web site password prompt
Protected storage of external memory on the BlackBerry device
The BlackBerry device is designed to encrypt multimedia data that it stores on an external memory device
according to the External File System Encryption Level IT policy rule or the corresponding BlackBerry device
setting.
The BlackBerry device is designed to support the following features:
•
external file encryption by encrypting specific files on the external memory device using AES
The external file system encryption does not apply to files that the BlackBerry device user manually
transfers to external memory (for example, from a USB mass storage device).
•
access control to objects on the external memory device using code signing with 1024-bit RSA
The external memory device stores encrypted copies of the file keys that the BlackBerry device is designed to use
to decrypt and encrypt files on the external memory device. The BlackBerry device is designed to use a device
key stored in the NV store in BlackBerry device RAM, a user-provided password, or both to encrypt the external
memory file keys.
The BlackBerry device is designed to permit code signing keys in the header information of the encrypted file on
the external memory device. The BlackBerry device is designed to check the code signing keys when the
BlackBerry device opens the input or output streams of the encrypted file.
The BlackBerry device, any computer platform, and other devices that use the external memory device can
modify encrypted files (for example, truncate files) on the external memory device. The BlackBerry device is not
designed to perform integrity checks on the encrypted file data.
Process for generating external memory file encryption keys
When the BlackBerry Enterprise Server administrator turns on or the BlackBerry device user turns on encryption
of external memory for the first time, the following process occurs:
1.
The BlackBerry device generates a 256-bit AES encryption key.
2.
The BlackBerry device stores the encryption key in the NV store in RAM on the BlackBerry device.
3. The BlackBerry device XORs the AES key with another 256-bit AES encryption key that is encrypted using a
password to generate the external memory file encryption key (a session key).
4. The BlackBerry device encrypts the external memory file encryption key using the AES encryption key.
5. The BlackBerry device stores the encrypted external memory file encryption key on the external memory
device.
www.blackberry.com
29
Advertisement
Table of Contents
