User manual BLACKBERRY ENTERPRISE SOLUTION SECURITY ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual BLACKBERRY ENTERPRISE SOLUTION SECURITY. We hope that this BLACKBERRY ENTERPRISE SOLUTION SECURITY user guide will be useful to you.
Lastmanuals help download the user guide BLACKBERRY ENTERPRISE SOLUTION SECURITY.
You may also download the following manuals related to this product:
BLACKBERRY ENTERPRISE SOLUTION SECURITY - ACRONYM GLOSSARY (115 ko)
BLACKBERRY ENTERPRISE SOLUTION SECURITY - POLICY REFERENCE GUIDE (1082 ko)
BLACKBERRY ENTERPRISE SOLUTION SECURITY ENTERPRISE SOLUTION - SECURITY TECHNICAL OVERVIEW (1326 ko)
BLACKBERRY ENTERPRISE SOLUTION SECURITY ERASING FILE SYSTEMS ON DEVICES - TECHNICAL OVERVIEW (221 ko)
BLACKBERRY ENTERPRISE SOLUTION SECURITY SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL OVERVIEW (147 ko)
Manual abstract: user guide BLACKBERRY ENTERPRISE SOLUTION SECURITYENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
Detailed instructions for use are in the User's Guide.
[. . . ] 4 Setting the external memory encryption level. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Turning on external memory encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Transferring encrypted media files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Moving the media card to a different BlackBerry device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [. . . ] Master encryption keys Set the Force Content Protection of Master IT policy rule to the minimum strength level required.
·
Set the Disable USB Mass Storage IT policy rule to True to prevent the user from turning on Mass Storage Mode on the BlackBerry device. The BlackBerry device does not encrypt external file on the media card when mass storage mode is turned on. Note: The Disable External Memory IT policy rule should be unchanged from the default value, or explicitly set to False. See the Policy Reference Guide for more information about using IT policy rules.
Data that the BlackBerry device can encrypt in internal memory
When you or BlackBerry device users turn on content protection on BlackBerry devices, the BlackBerry devices encrypt the following user data items: Item AutoText BlackBerry Browser Description all text that automatically replaces the text a BlackBerry device user types · · · calendar · · · · · contacts (in the address book) content that web sites or third-party applications push to the BlackBerry device web sites that the user saves on the BlackBerry device browser cache subject location organizer attendees notes included in the appointment or meeting request
all information except the contact title and category Note: Set the Force Include Address Book In Content Protection IT policy rule to True to prevent the BlackBerry device user from turning off the Include Address Book option on the BlackBerry device. The BlackBerry device permits the Caller ID and Bluetooth Address Book transfer features to work when content protection is turned on and the BlackBerry device is locked.
© 2008 Research In Motion Limited. All rights reserved.
www. blackberry. com
4
Enforcing encryption of internal and external file systems on BlackBerry devices
Item Email
Description · · · · subject email addresses message body attachments title information included in the body of the note
memo list OMA DRM applications
· ·
a key identifying the BlackBerry device and a key identifying the SIM card (if available) that the BlackBerry device adds to DRM forward-locked applications the contents of the . sdtid file seed stored in flash memory · · subject information included in the body of the task
RSA SecurID Library tasks
Protecting user data stored on a locked BlackBerry device
If content protection is turned on, on BlackBerry devices, user data that the BlackBerry devices store is always protected with the 256-bit AES encryption algorithm. Content protection of BlackBerry device user data is designed to perform the following actions:
· ·
use a 256-bit AES content protection key to encrypt stored data when the BlackBerry device is locked use an ECC public key to encrypt data that the BlackBerry device receives when it is locked
Turning on protected storage of BlackBerry device data in internal memory
You turn on protected storage of data on the BlackBerry device by setting the Content Protection Strength IT policy rule. You should choose a strength level that corresponds to the desired ECC key strength. If a BlackBerry device user turns on content protection on the BlackBerry device, in the BlackBerry device Security Options, the BlackBerry device user can set the content protection strength to the same levels that you can set using the Content Protection Strength IT policy rule.
Guidelines for setting the internal memory encryption level
When the content-protected BlackBerry device decrypts a message that it received while locked, the BlackBerry device uses the ECC private key in the decryption operation. The longer the ECC key, the more time the ECC decryption operation adds to the BlackBerry device decryption process. Choose a content protection strength level that optimizes either the ECC encryption strength or the decryption time. If you set the content protection strength to Stronger (to use a 283-bit ECC key) or to Strongest (to use a 571-bit ECC key), consider setting the Minimum Password Length IT policy rule to enforce a minimum BlackBerry device password length of 12 characters or 21 characters, respectively. These password lengths maximize the encryption strength that the longer ECC keys are designed to provide. The BlackBerry device uses the BlackBerry device password to generate the ephemeral 256-bit AES encryption key that the BlackBerry device uses to encrypt the content protection key and the ECC private key. A weak password produces a weak ephemeral key.
Protecting files stored in external memory on the BlackBerry device
The BlackBerry device is designed to prevent a third-party device from using the media card by encrypting multimedia data that it stores on an external memory device according to the External File System Encryption Level IT policy rule setting, or the corresponding BlackBerry device setting. The BlackBerry device is designed to support the following features:
© 2008 Research In Motion Limited. All rights reserved.
www. blackberry. com
Enforcing encryption of internal and external file systems on BlackBerry devices
·
5
external file encryption by encrypting specific files on the external memory device using AES Note: The external file system encryption does not apply to files that the BlackBerry device user manually transfers to external memory (for example, from a USB mass storage device).
·
access control to objects on the external memory device using code signing with 1024-bit RSA
The external memory device stores encrypted copies of the file keys that the BlackBerry device is designed to use to decrypt and encrypt files on the external memory device. When the user transfers files to the media card using mass storage mode, the device does not encrypt the transferred files using mass storage mode even if the BlackBerry device is set to encrypt files stored on the media card. If the user transfers encrypted files from the media card using mass storage mode, the computer cannot decrypt the transferred files using mass storage mode.
Moving the media card to a different BlackBerry device
If the user removes the media card from the BlackBerry device and places it in a new BlackBerry device, the new BlackBerry device cannot decrypt any files that the first BlackBerry device encrypted on the media card using a randomly generated device key. If the first BlackBerry device encrypted the files on the media card using the BlackBerry device password, when the user removes the media card from the BlackBerry device and places it in a new BlackBerry device, the new BlackBerry device prompts the user for the password used on the first BlackBerry device to access the files on the new device.
© 2008 Research In Motion Limited. All rights reserved.
www. blackberry. com
6
Enforcing encryption of internal and external file systems on BlackBerry devices
Controlling access to objects in external memory
The BlackBerry device is designed to permit code signing keys in the header information of each encrypted file on the external memory device. The BlackBerry device is designed to check the code signing keys when the BlackBerry device opens the input or output streams of the encrypted files. [. . . ] Installation and use of Third-Party Information with RIM's products and services may require one or more patent, trademark, or copyright licenses in order to avoid infringement of the intellectual property rights of others. Any dealings with Third-Party Information, including, without limitation, compliance with applicable licenses and terms and conditions, are solely between you and the third party. You are solely responsible for determining whether such third-party licenses are required and are responsible for acquiring any such licenses relating to Third-Party Information. To the extent that such intellectual property licenses may be required, RIM expressly recommends that you do not install or use Third-Party Information until all such applicable licenses have been acquired by you or on your behalf. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE BLACKBERRY ENTERPRISE SOLUTION SECURITY Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service. Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual BLACKBERRY ENTERPRISE SOLUTION SECURITY will begin.