Table of Contents
Advertisement
BlackBerry Enterprise Solution
Protocol process
When the BlackBerry Enterprise Server administrator sends the Set a Password and Lock Handheld IT
administration command to a content-protected BlackBerry device, the following actions occur.
1.
The BlackBerry Enterprise Server administrator types the new BlackBerry device password in the BlackBerry
Manager.
2.
The BlackBerry Enterprise Server sends the Set a Password and Lock Handheld IT administration command
and the new BlackBerry device password to the BlackBerry device.
3. The BlackBerry device performs the following actions:
•
picks r randomly
•
stores r in RAM
•
calculates D' = rD = rdP
•
calculates h = SHA-1( B )
4. The BlackBerry device sends D' and h to the BlackBerry Enterprise Server.
5. The BlackBerry Enterprise Server receives D' and h, and performs the following actions:
•
uses h to determine which B the BlackBerry device used, and hence which b to use
•
verifies that D' is a valid public key
•
calculates K' = bD' = brdP = rdB = rK (The BlackBerry Enterprise Server knows only rK, and cannot
calculate K without r.)
•
calculates h = SHA-1( D' )
6. The BlackBerry Enterprise Server sends the new BlackBerry device password, K', and h to the BlackBerry
device.
7.
The BlackBerry device receives the new BlackBerry device password, K', and h, and performs the following
actions:
•
uses h to verify that K' is associated with D' and r
•
verifies K' is a valid public key
•
-1
calculates r
K' = r
•
permanently deletes r
•
uses K to decrypt the content protection key
•
permanently deletes K
8. The BlackBerry device performs the following actions:
•
picks d randomly
•
calculates D = dP
•
store D in flash memory
•
calculates K = dB.
9. The BlackBerry device uses K to encrypt the new BlackBerry device password.
10. The BlackBerry device uses the encrypted new password to encrypt the content protection key.
©
2009 Research In Motion Limited. All rights reserved.
-1
rK = K
www.blackberry.com
90
Advertisement
Table of Contents
