How A Tablet Protects Work Data - Blackberry PlayBook Security Technical Overview

Security Technical Overview

How a tablet protects work data

The BlackBerry PlayBook tablet is designed to prevent work data from persisting in flash memory in cleartext form.
When the tablet is connected to a BlackBerry smartphone, the tablet caches work data locally in the work file
system. The tablet encrypts the work data using XTS-AES-256 before it caches the work data.
The tablet uses a randomly generated 512-bit file encryption key to encrypt the contents of a file. The file
encryption process creates a security record for the encrypted file that consists of a 512-bit random salt, the file
encryption key, and several attributes of the file. The tablet encrypts the file security record using the domain key,
which is a 512-bit randomly generated key.
The tablet uses the domain key to encrypt all file security records in the work file system. The domain key is stored
in a security record that is similar to the file security record. The domain security record is encrypted using the
BlackBerry Bridge work key. The BlackBerry Bridge work key is stored in RAM and is never written to persistent
storage on the tablet. Only the smartphone stores the BlackBerry Bridge work key in persistent memory.
The tablet does not encrypt the BlackBerry PlayBook tablet user's personal data.
How a tablet distinguishes between work data and personal data
19