Blackberry ENTERPRISE SOLUTION ENFORCING Handbuch - Seite 9

Blättern Sie online oder laden Sie pdf Handbuch für Software Blackberry ENTERPRISE SOLUTION ENFORCING herunter. Blackberry ENTERPRISE SOLUTION ENFORCING 11 Seiten. Enforcing encryption of internal and external file systems on blackberry devices

Enforcing encryption of internal and external file systems on BlackBerry devices
external file encryption by encrypting specific files on the external memory device using AES
Note: The external file system encryption does not apply to files that the BlackBerry device user manually
transfers to external memory (for example, from a USB mass storage device).
access control to objects on the external memory device using code signing with 1024-bit RSA
The external memory device stores encrypted copies of the file keys that the BlackBerry device is designed to use
to decrypt and encrypt files on the external memory device. The BlackBerry device is designed to use a randomly
generated device key stored in the NV store in BlackBerry device RAM, the BlackBerry device password, or both
to encrypt the external memory file keys.

Setting the external memory encryption level

The administrator can use the External File System Encryption Level IT policy rule to enforce a minimum level of
encryption for the external file system. If the IT policy rule is set, the BlackBerry device user can set the
encryption mode to any encryption level stronger than the minimum.
Encryption mode
Device
Security Password
Security Password & Device

Turning on external memory encryption

When the BlackBerry device user stores a file in external memory for the first time after the BlackBerry Enterprise
Server administrator turns on or the BlackBerry device user turns on mass storage mode, the BlackBerry
device decrypts the external memory file encryption key and uses it to automatically encrypt the stored file.

Transferring encrypted media files

The user can connect the BlackBerry device to the computer to transfer files between the device and the
computer, or use Bluetooth® technology to send media files to or receive media files from a Bluetooth enabled
device.
Turning on the mass storage mode option on the BlackBerry device allows the user to transfer files quickly over a
USB connection between the media card and the computer without using the media manager tool of the
BlackBerry Desktop Manager. When the user transfers files to the media card using mass storage mode, the
device does not encrypt the transferred files using mass storage mode even if the BlackBerry device is set to
encrypt files stored on the media card. If the user transfers encrypted files from the media card using mass
storage mode, the computer cannot decrypt the transferred files using mass storage mode.

Moving the media card to a different BlackBerry device

If the user removes the media card from the BlackBerry device and places it in a new BlackBerry device, the new
BlackBerry device cannot decrypt any files that the first BlackBerry device encrypted on the media card using a
randomly generated device key. If the first BlackBerry device encrypted the files on the media card using the
BlackBerry device password, when the user removes the media card from the BlackBerry device and places it in a
new BlackBerry device, the new BlackBerry device prompts the user for the password used on the first BlackBerry
device to access the files on the new device.
©
2008 Research In Motion Limited. All rights reserved.
Description
The BlackBerry device uses a randomly generated device key to encrypt the
external file system to encrypt the external file system.
The BlackBerry device uses the BlackBerry device password to encrypt the
external file system. Turning on this option turns on the password prompt on
the BlackBerry device automatically. The BlackBerry device then requires the
user to set a BlackBerry device password if one does not exist already.
The BlackBerry device uses the randomly generated device key and the
BlackBerry device password to encrypt the external file system. Turning on
this option requires the user to set a BlackBerry device password if one does
not exist already.
www.blackberry.com
5