Blackberry blackberry enterprise server for microsoft exchange manual

Page 51

Feature and Technical Overview

BlackBerry Enterprise Solution security

How the BlackBerry Enterprise Solution uses Triple DES to encrypt data

The BlackBerry Enterprise Solution uses a two-key Triple DES encryption algorithm to generate message keys and device transport keys. In the three iterations of the DES algorithm, the first 56-bit key in outer CBC mode encrypts the data, the second 56-bit key decrypts the data, and the first key encrypts the data again.

The BlackBerry Enterprise Solution stores the message keys and device transport keys as 128-bit binary strings with each parity bit in the least significant bit of each of the 8 bytes of key data. The message keys and device transport keys have overall key lengths of 112 bits and include 16 bits of parity data.

All versions of the BlackBerry Enterprise Server, BlackBerry Device Software, and BlackBerry Desktop Software support Triple DES.

For more information about Triple DES, see Federal Information Processing Standard - FIPS PUB 81 [3].

Extending messaging security to a BlackBerry device

If your organization's messaging environment supports secure messaging technology such as PGP encryption or S/MIME encryption, you can configure the BlackBerry Enterprise Solution to encrypt a message using PGP encryption or S/MIME encryption so that the message remains encrypted when the BlackBerry Enterprise Server forwards the message to the email applications of recipients. To extend messaging security, the sender and recipient must install highly secure messaging technology on the computers that host the email applications and on their BlackBerry devices, and you must configure the BlackBerry devices to use the highly secure messaging technology.

Encrypting user data on a locked device

If you or a BlackBerry device user turns on content protection, you or the user can configure a locked device to encrypt stored user data and data that the locked device receives. When you or a user turns on content protection, a locked device is designed to use AES-256 encryption to encrypt stored data and an ECC public key to encrypt data that the locked device receives.

For example, the locked device uses content protection to encrypt the following items:

subject, location, meeting organizer, attendees, and any notes in all appointments or meeting requests

all contact information in the contact list except for the contact title and category

subject, email addresses of intended recipients, message body, and attachments in all email messages

title and information that is included in the body of a note for all memos (also known as posted messages)

subject and all information that is included in the body of tasks (also known as posted all day appointments)

51

Page 50 Page 52
Image 51
Page 50 Page 52
Contents Feature and Technical Overview Published 2013-11-07 SWD-20131107160132924 Contents BlackBerry Enterprise Solution security 103 Date Description Document revision historyWhats New in BlackBerry Enterprise Server 5.0 SP4 Feature DescriptionProcess Enhancements to security featuresEnhancements to access control Increased efficiency of reconciliationOverview BlackBerry Enterprise Server Architecture BlackBerry Enterprise Server BlackBerry Enterprise Server ArchitectureFeature and Technical Overview Component Description BlackBerry Web Desktop Manager BlackBerry Synchronization ServiceDatabase and the message store databases DevicesComponentDescription Architecture Remote BlackBerry Collaboration ServiceBlackBerry Administration Service BlackBerry Collaboration ServiceMessaging data that BlackBerry devices send Architecture Remote BlackBerry MDS Connection Service Architecture Remote BlackBerry Router Component Description Architecture Remote BlackBerry Administration Service Enterprise Server, user accounts, and BlackBerry devices Architecture Remote BlackBerry Attachment ServiceBlackBerry device for viewing Details and user information Architecture BlackBerry Web Desktop ManagerComponent Description BlackBerry Administration Service BlackBerry Enterprise Server Components and featuresOptions for viewing the BlackBerry BlackBerry Configuration PanelBlackBerry Mail Store Service Domain Using the server view or component viewTable name Description Page BlackBerry Messaging Agent BlackBerry messaging and collaboration servicesAppear with the same status on their BlackBerry devices You can turn off wireless email reconciliationContact list updates Email reconciliationBlackBerry devices If an attachment exceeds 64 KB, the BlackBerry device sendsAttachment in multiple data packets Application on their BlackBerry devicesBlackBerry Collaboration Service Using the BlackBerry Administration ServiceCan synchronize to their BlackBerry devices Contacts on their BlackBerry devices Session managementSessions automatically and permits new sessions to start Conversations with multiple contactsUser is linked to an existing contact list entry Formats on their BlackBerry devicesContact list on BlackBerry devices Messages to contacts directly from their contact listsBlackBerry Synchronization Service Format Extension BlackBerry Attachment ServiceRtf BlackBerry MDS Connection ServiceAudio Amr, .mp3, .wav, .wma Corel WordPerfect Wpd Htm, .htmlAccess control Authentication methodsService requests user information and caches cookies Proxy auto-configuration .pac fileType Description BlackBerry ApplicationsBlackBerry Browser Applications BlackBerry Java ApplicationsFeature and Technical Overview BlackBerry Policy Service BlackBerry device managementControlling third-party applications on BlackBerry devices Configurations on the BlackBerry device automatically User account to the Default IT policy automaticallyBlackBerry Router Computer that can access the intranet BlackBerry Web Desktop ManagerApplication management Over the wireless network Suite installed, to BlackBerry devicesSimplified administration Service statisticsNotifies the users when a newer Users cannot override email Devices are connectedUsers cannot generate encryption KeysUsers can synchronize the following Wireless activation Principles Description BlackBerry Enterprise Solution 6 securitySecurity features of the BlackBerry Enterprise Solution Data protectionConnect to the BlackBerry Enterprise Server Feature and Technical Overview Encrypting user data on a locked device Extending messaging security to a BlackBerry deviceEncrypting the device transport key on a locked device Managing device access to the BlackBerry Enterprise ServerFeature and Technical Overview IT administration command Description Protection, you cannot use this commandDelete only the organization data Application data BlackBerry Enterprise Server High availability Feature and Technical Overview How a primary BlackBerry Enterprise Server self-demotes Feature and Technical Overview BlackBerry Configuration Database high availability BlackBerry Configuration Database mirroring Feature and Technical Overview Component High availability type Description High availability in a distributed environmentUsing information that is stored in the BlackBerry Collaboration Service instanceConfiguration Database Connection Service instanceHome Wi-Fi networks Wi-Fi enabled devicesTypes of Wi-Fi networks Support the authentication type that your organization usesWireless access points Component Description Across multiple radio technologies Internet contentFeature and Technical Overview GSM/EDGE Feature and Technical OverviewWi-Fi enabled devices Characteristic Description Characteristic Description Security features of a Wi-Fi enabled device Multiple Wi-Fi and VPN profiles Direct access to the BlackBerryInfrastructure over a Wi-Fi connection Expanded groups of Wi-Fi and VPNBlackBerry Enterprise Server Process flows Messaging process flowsProcess flow Sending a message to a BlackBerry device Process flow Sending a message from a BlackBerry device Feature and Technical Overview Feature and Technical Overview Instant messaging process flows Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Process flow Viewing a message attachment Message attachment process flowsProcess flow Viewing an attachment using a link Feature and Technical Overview Organizer data process flows Feature and Technical Overview Process flow Adding a contact picture on a BlackBerry device Mobile data process flows Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview Feature and Technical Overview 100 BlackBerry device management process flows Feature and Technical Overview Glossary10 Destination service to route the data to Enterprise ServiceGeneric access network Generic access network controllerMessaging server Service booksKerberos protocol Message keysVirtual private network Universal Content StreamUnlicensed Mobile Access Universal Serial Bus107 Provide feedback108 Legal notice109 Feature and Technical Overview
Top Page Image Contents