Blackberry ENTERPRISE SOLUTION ENFORCING Podręcznik - Strona 8
Przeglądaj online lub pobierz pdf Podręcznik dla Oprogramowanie Blackberry ENTERPRISE SOLUTION ENFORCING. Blackberry ENTERPRISE SOLUTION ENFORCING 11 stron. Enforcing encryption of internal and external file systems on blackberry devices
4
Enforcing encryption of internal and external file systems on BlackBerry devices
Item
Email
memo list
OMA DRM applications
RSA SecurID Library
tasks
Protecting user data stored on a locked BlackBerry device
If content protection is turned on, on BlackBerry devices, user data that the BlackBerry devices store is always
protected with the 256-bit AES encryption algorithm. Content protection of BlackBerry device user data is
designed to perform the following actions:
•
use a 256-bit AES content protection key to encrypt stored data when the BlackBerry device is locked
•
use an ECC public key to encrypt data that the BlackBerry device receives when it is locked
Turning on protected storage of BlackBerry device data in internal memory
You turn on protected storage of data on the BlackBerry device by setting the Content Protection Strength IT
policy rule. You should choose a strength level that corresponds to the desired ECC key strength.
If a BlackBerry device user turns on content protection on the BlackBerry device, in the BlackBerry device
Security Options, the BlackBerry device user can set the content protection strength to the same levels that you
can set using the Content Protection Strength IT policy rule.
Guidelines for setting the internal memory encryption level
When the content-protected BlackBerry device decrypts a message that it received while locked, the BlackBerry
device uses the ECC private key in the decryption operation. The longer the ECC key, the more time the ECC
decryption operation adds to the BlackBerry device decryption process. Choose a content protection strength
level that optimizes either the ECC encryption strength or the decryption time.
If you set the content protection strength to Stronger (to use a 283-bit ECC key) or to Strongest (to use a 571-bit
ECC key), consider setting the Minimum Password Length IT policy rule to enforce a minimum BlackBerry device
password length of 12 characters or 21 characters, respectively. These password lengths maximize the encryption
strength that the longer ECC keys are designed to provide. The BlackBerry device uses the BlackBerry device
password to generate the ephemeral 256-bit AES encryption key that the BlackBerry device uses to encrypt the
content protection key and the ECC private key. A weak password produces a weak ephemeral key.
Protecting files stored in external memory on the BlackBerry device
The BlackBerry device is designed to prevent a third-party device from using the media card by encrypting
multimedia data that it stores on an external memory device according to the External File System Encryption
Level IT policy rule setting, or the corresponding BlackBerry device setting.
The BlackBerry device is designed to support the following features:
©
2008 Research In Motion Limited. All rights reserved.
Description
•
subject
•
email addresses
•
message body
•
attachments
•
title
•
information included in the body of the note
a key identifying the BlackBerry device and a key identifying the SIM card
(if available) that the BlackBerry device adds to DRM forward-locked
applications
the contents of the .sdtid file seed stored in flash memory
•
subject
•
information included in the body of the task
www.blackberry.com