Blackberry blackberry enterprise server for microsoft exchange Feature and Technical Overview

Page 50

Feature and Technical Overview

BlackBerry Enterprise Solution security

Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other

To encrypt data that is in transit between the BlackBerry Enterprise Server and a BlackBerry device in your organization, the BlackBerry Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is designed to encrypt data from the time that a BlackBerry device user sends a message from the BlackBerry device to when the BlackBerry Enterprise Server receives the message, and from the time that the BlackBerry Enterprise Server sends a message to when the BlackBerry device receives the message.

Before the BlackBerry device sends a message, it compresses and encrypts the message using the device transport key. When the BlackBerry Enterprise Server receives a message from the BlackBerry device, the BlackBerry Dispatcher decrypts the message using the device transport key, and then decompresses the message.

Algorithms that the BlackBerry Enterprise Solution uses to encrypt data

The BlackBerry Enterprise Solution uses AES or Triple DES as the symmetric key cryptographic algorithm for encrypting data. By default, the BlackBerry Enterprise Server uses the strongest algorithm that both the BlackBerry Enterprise Server and the BlackBerry device support for BlackBerry transport layer encryption.

If you configure the BlackBerry Enterprise Server to support AES and Triple DES, by default, the BlackBerry Enterprise Solution generates device transport keys using AES encryption. If a BlackBerry device uses BlackBerry Device Software version 3.7 or earlier or BlackBerry Desktop Software version 3.7 or earlier, the BlackBerry Enterprise Solution generates the device transport keys of the BlackBerry device using Triple DES.

How the BlackBerry Enterprise Solution uses AES to encrypt data

By default, when a BlackBerry device supports AES, the BlackBerry Enterprise Solution uses AES for BlackBerry transport layer encryption. The BlackBerry Enterprise Solution uses AES in CBC mode to generate the message keys and device transport keys. The keys consist of 256 bits of data.

BlackBerry Enterprise Server version 4.0 or later, BlackBerry Device Software version 4.0 or later, and BlackBerry Desktop Software version 4.0 or later support AES.

For more information about how the BlackBerry Enterprise Server uses AES for BlackBerry transport layer encryption to communicate with BlackBerry devices, visit www.blackberry.com/support to read article KB05429.

50

Page 49 Page 51
Image 50
Page 49 Page 51
Contents Feature and Technical Overview Published 2013-11-07 SWD-20131107160132924 Contents BlackBerry Enterprise Solution security 103 Document revision history Date DescriptionFeature Description Whats New in BlackBerry Enterprise Server 5.0 SP4Increased efficiency of reconciliation Enhancements to security featuresEnhancements to access control ProcessOverview BlackBerry Enterprise Server BlackBerry Enterprise Server Architecture Architecture BlackBerry Enterprise ServerFeature and Technical Overview Component Description Devices BlackBerry Synchronization ServiceDatabase and the message store databases BlackBerry Web Desktop ManagerArchitecture Remote BlackBerry Collaboration Service ComponentDescriptionMessaging data that BlackBerry devices send BlackBerry Administration ServiceBlackBerry Collaboration Service Architecture Remote BlackBerry MDS Connection Service Architecture Remote BlackBerry Router Component Description Architecture Remote BlackBerry Administration Service Architecture Remote BlackBerry Attachment Service Enterprise Server, user accounts, and BlackBerry devicesBlackBerry device for viewing Architecture BlackBerry Web Desktop Manager Details and user informationComponent Description BlackBerry Enterprise Server Components and features BlackBerry Administration ServiceDomain Using the server view or component view BlackBerry Configuration PanelBlackBerry Mail Store Service Options for viewing the BlackBerryTable name Description Page BlackBerry messaging and collaboration services BlackBerry Messaging AgentEmail reconciliation You can turn off wireless email reconciliationContact list updates Appear with the same status on their BlackBerry devicesApplication on their BlackBerry devices If an attachment exceeds 64 KB, the BlackBerry device sendsAttachment in multiple data packets BlackBerry devicesCan synchronize to their BlackBerry devices BlackBerry Collaboration ServiceUsing the BlackBerry Administration Service Conversations with multiple contacts Session managementSessions automatically and permits new sessions to start Contacts on their BlackBerry devicesMessages to contacts directly from their contact lists Formats on their BlackBerry devicesContact list on BlackBerry devices User is linked to an existing contact list entryBlackBerry Synchronization Service BlackBerry Attachment Service Format ExtensionHtm, .html BlackBerry MDS Connection ServiceAudio Amr, .mp3, .wav, .wma Corel WordPerfect Wpd RtfProxy auto-configuration .pac file Authentication methodsService requests user information and caches cookies Access controlBlackBerry Java Applications BlackBerry ApplicationsBlackBerry Browser Applications Type DescriptionFeature and Technical Overview Controlling third-party applications on BlackBerry devices BlackBerry Policy ServiceBlackBerry device management BlackBerry Router Configurations on the BlackBerry device automaticallyUser account to the Default IT policy automatically Application management Computer that can access the intranetBlackBerry Web Desktop Manager Service statistics Suite installed, to BlackBerry devicesSimplified administration Over the wireless networkNotifies the users when a newer Keys Devices are connectedUsers cannot generate encryption Users cannot override emailUsers can synchronize the following Wireless activation BlackBerry Enterprise Solution 6 security Principles DescriptionConnect to the BlackBerry Enterprise Server Security features of the BlackBerry Enterprise SolutionData protection Feature and Technical Overview Extending messaging security to a BlackBerry device Encrypting user data on a locked deviceManaging device access to the BlackBerry Enterprise Server Encrypting the device transport key on a locked deviceFeature and Technical Overview Delete only the organization data IT administration command DescriptionProtection, you cannot use this command Application data BlackBerry Enterprise Server High availability Feature and Technical Overview How a primary BlackBerry Enterprise Server self-demotes Feature and Technical Overview BlackBerry Configuration Database high availability BlackBerry Configuration Database mirroring Feature and Technical Overview High availability in a distributed environment Component High availability type DescriptionConnection Service instance Collaboration Service instanceConfiguration Database Using information that is stored in the BlackBerrySupport the authentication type that your organization uses Wi-Fi enabled devicesTypes of Wi-Fi networks Home Wi-Fi networksWireless access points Component Description Internet content Across multiple radio technologiesFeature and Technical Overview GSM/EDGE Feature and Technical OverviewWi-Fi enabled devices Characteristic Description Characteristic Description Security features of a Wi-Fi enabled device Expanded groups of Wi-Fi and VPN Direct access to the BlackBerryInfrastructure over a Wi-Fi connection Multiple Wi-Fi and VPN profilesProcess flow Sending a message to a BlackBerry device BlackBerry Enterprise Server Process flowsMessaging process flows Process flow Sending a message from a BlackBerry device Feature and Technical Overview Feature and Technical Overview Instant messaging process flows Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Message attachment process flows Process flow Viewing a message attachmentProcess flow Viewing an attachment using a link Feature and Technical Overview Organizer data process flows Feature and Technical Overview Process flow Adding a contact picture on a BlackBerry device Mobile data process flows Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview 100 BlackBerry device management process flows Feature and Technical Overview Glossary10 Generic access network controller Enterprise ServiceGeneric access network Destination service to route the data toMessage keys Service booksKerberos protocol Messaging serverUniversal Serial Bus Universal Content StreamUnlicensed Mobile Access Virtual private networkProvide feedback 107Legal notice 108109 Feature and Technical Overview
Top Page Image Contents