Table of Contents
Advertisement
BlackBerry Enterprise Solution
•
turns off the wireless transceiver
•
turns off serial bypass
•
frees the memory associated with all data and encryption keys stored in RAM, including the decrypted
grand master key
•
locks
The wireless transceiver and serial bypass are designed to be turned off while the content protection key is not
available to decrypt the grand master key in flash memory. Until a user unlocks the BlackBerry device using the
correct BlackBerry device password the BlackBerry device cannot receive and decrypt data.
When the user unlocks the BlackBerry device after a reset, the BlackBerry device
•
uses the content protection key to decrypt the grand master key in flash memory
•
stores the decrypted grand master key in RAM again
•
re-establishes the wireless connection to the BlackBerry Infrastructure
•
resumes serial bypass
•
receives data from the BlackBerry Enterprise Server
Clearing the BlackBerry device memory
By default, the BlackBerry device continually runs a standard Java garbage collection process to reclaim
BlackBerry device memory that is no longer referenced.
If secure garbage collection is turned on, the BlackBerry device performs the following additional actions:
•
overwrites the memory reclaimed by the standard garbage collection process with zeroes
•
periodically runs the memory cleaner application, which tells BlackBerry device applications to empty any
caches and free memory associated with unused, sensitive application data
•
automatically overwrites the memory freed by the memory cleaner application when it runs
Any of the following conditions enable the BlackBerry device to perform secure garbage collection:
•
content protection is turned on
•
an application uses the RIM Cryptographic Application Programming Interface (Crypto API) to create a
private or symmetric key
•
a third-party application turns on secure garbage collection by registering with the memory cleaner
•
S/MIME Support Package for BlackBerry devices is installed
•
PGP Support Package for BlackBerry devices is installed
Setting memory clearing options
BlackBerry device users can set the memory cleaner application to run when their BlackBerry devices are
holstered or when their BlackBerry devices remain idle for a set period of time. BlackBerry device users can also
manually run the memory cleaner application on their BlackBerry devices, run specific registered memory
cleaners in the BlackBerry device Security Options, and turn the memory cleaner application on and off. If secure
garbage collection is turned on, when the memory cleaner application runs, it invokes the secure garbage
collection process.
The BlackBerry Enterprise Server administrator can set the memory cleaner application to run automatically
when the following actions occur:
•
BlackBerry device user synchronizes the BlackBerry device with the computer
•
BlackBerry device user locks the BlackBerry device
www.blackberry.com
32
Advertisement
Table of Contents
