没有合适的资源?快使用搜索试试~ 我知道了~
blackberry_enterprise_solution_security_version_4
需积分: 0 1 下载量 43 浏览量
2010-10-13
10:38:48
上传
评论
收藏 820KB PDF 举报
温馨提示
试读
54页
blackberry_enterprise_solution_security_version_4
资源详情
资源评论
资源推荐
BlackBerry Enterprise Solution Security
Version 4.1.0
Technical Overview
© 2006 Research In Motion Limited. All rights reserved.
www.blackberry.com
BlackBerry Enterprise Solution Security
Contents
Wireless security....................................................................................................................................................... 4
BlackBerry Enterprise Solution security............................................................................................................... 4
New security features..........................................................................................................................................6
BlackBerry encryption keys ....................................................................................................................................6
Master encryption key......................................................................................................................................... 6
Message key..........................................................................................................................................................9
Content protection key ......................................................................................................................................10
Grand master key.................................................................................................................................................11
BlackBerry symmetric key encryption algorithms .............................................................................................12
Standard BlackBerry message encryption......................................................................................................12
BlackBerry wireless messaging security..............................................................................................................14
Receiving an email message on the BlackBerry device................................................................................14
Sending an email message from the BlackBerry device ..............................................................................14
Message attachment viewing security............................................................................................................15
PIN messaging.....................................................................................................................................................15
SMS and MMS messaging ................................................................................................................................ 16
Controlling unsecured messaging .................................................................................................................. 16
Extending BlackBerry device messaging security ............................................................................................ 16
PGP Support Package ....................................................................................................................................... 16
PGP encryption....................................................................................................................................................17
S/MIME Support Package .................................................................................................................................18
S/MIME encryption............................................................................................................................................ 19
Decrypting and reading messages on the BlackBerry device using Lotus Notes API 7.0.....................20
Protecting stored data............................................................................................................................................21
Protecting stored messages on the messaging server .................................................................................21
IT policy signing and storage on the BlackBerry device.............................................................................. 22
Application password encryption and storage on the BlackBerry device................................................ 22
Protected storage of user data on a locked BlackBerry device.................................................................. 22
Protected storage of master encryption keys on a locked BlackBerry device.........................................23
Protected storage of master encryption keys on a BlackBerry device during a reset............................24
Cleaning the BlackBerry device memory .......................................................................................................24
BlackBerry architecture component security ....................................................................................................25
BlackBerry Infrastructure .................................................................................................................................26
BlackBerry Enterprise Server ...........................................................................................................................26
© 2006 Research In Motion Limited. All rights reserved.
www.blackberry.com
BlackBerry Enterprise Solution Security
Messaging server ...............................................................................................................................................26
BlackBerry configuration database.................................................................................................................26
BlackBerry MDS Services databases ..............................................................................................................28
Protecting the BlackBerry Infrastructure connections ....................................................................................28
SRP authentication ............................................................................................................................................29
BlackBerry Router protocol authentication...................................................................................................30
Wireless enterprise activation authentication ...............................................................................................31
TCP/IP connection.............................................................................................................................................32
Messaging server to desktop email program connection ........................................................................... 33
BlackBerry Mobile Data System connections ...............................................................................................34
WAP gateway connections ...............................................................................................................................35
Authenticating a user ............................................................................................................................................35
Authenticating a user to a BlackBerry device using a password...............................................................35
Authenticating a user using a smart card......................................................................................................35
Controlling BlackBerry devices............................................................................................................................ 37
Controlling BlackBerry device behaviour using IT policy rules.................................................................. 37
Enforcing device and desktop security...........................................................................................................38
Controlling BlackBerry device access to the BlackBerry Enterprise Server.............................................39
Protecting Bluetooth connections on BlackBerry devices ..........................................................................39
Protecting the BlackBerry device against malware .....................................................................................40
Protecting lost, stolen, or replaced BlackBerry devices...................................................................................42
Erasing data from BlackBerry device memory and making the BlackBerry device unavailable ..........43
Unbinding the smart card from the BlackBerry device...............................................................................43
Related resources...................................................................................................................................................44
Appendix A: RIM Cryptographic Application Programming Interface..........................................................46
Cryptographic functionality that the RIM Crypto API provides.................................................................46
Appendix B: TLS and WTLS standards that the RIM Crypto API supports....................................................48
Key establishment algorithm cipher suites that the RIM Crypto API supports ......................................48
Symmetric algorithms that the RIM Crypto API supports.......................................................................... 49
Hash algorithms that the RIM Crypto API supports ................................................................................... 49
Appendix C: Previous version of wired master encryption key generation..................................................50
Previous version of wired master encryption key generation process......................................................50
Appendix D: BlackBerry device wipe process.....................................................................................................51
Appendix E: Ephemeral AES encryption key derivation process....................................................................53
© 2006 Research In Motion Limited. All rights reserved.
www.blackberry.com
BlackBerry Enterprise Solution Security
Wireless security 4
This document describes the security features of the BlackBerry® Enterprise Solution and provides an overview
of the BlackBerry security architecture.
This document describes the security features that BlackBerry Enterprise Server version 4.1 or later, BlackBerry
Desktop Software version 4.1 or later, and BlackBerry Device Software version 4.1 or later support, unless
otherwise stated. See the documentation for earlier versions of the BlackBerry Enterprise Server, BlackBerry
Desktop Software, and BlackBerry Device Software to determine if a feature is supported in that earlier software
version.
See the BlackBerry Enterprise Solution Security Acronym Glossary for the full terms substituted by the acronyms
in this document.
Wireless security
Many companies are realizing significant return on investments and productivity gains by extending their
enterprise information to mobile employees. With an increased demand for mobile content and the threat of
information theft, companies have concerns about addressing security needs and requirements when evaluating
wireless solutions. Without an effective security model, your company might expose sensitive corporate data,
with financial and legal implications.
With the advent of powerful new personal devices such as mobile phones and personal digital assistants that can
access and store sensitive corporate data, controlling access to these devices is an important issue. Leaving
devices with remote access to sensitive data accessible to potentially malicious users could be dangerous.
The BlackBerry Enterprise Solution (consisting of a BlackBerry device, BlackBerry Device Software, BlackBerry
Desktop Software, and the BlackBerry Enterprise Server software) is designed to protect your corporation from
data loss or alteration in the event of
• malicious interception of data on the corporate network, while a user is sending and receiving messages and
accessing corporate data wirelessly using the BlackBerry device
• an attack intended to steal corporate data, using malicious application code (for example, a virus)
• theft of the BlackBerry device
• identity theft
BlackBerry Enterprise Solution security
The BlackBerry Enterprise Solution implementation of symmetric key cryptography is designed to provide
confidentiality, integrity, and authenticity implicitly.
Concept Description BlackBerry Enterprise Solution implementation
confidentiality permits only the intended
message recipient to view
the contents of a message
• Use encryption, which is data scrambling based on a
secret key, to make sure that only the intended
recipient can view the contents of the message.
integrity enables a message
recipient to detect if a
third-party altered the
message data in transit
between the message
sender and the message
recipient
• Protect each message that the BlackBerry device sends
with one or more message keys comprised of random
information, which is designed to prevent third-party
decryption or alteration of the message data.
• Enable only the BlackBerry Enterprise Server and the
BlackBerry device to know the value of the master
encryption key, recognize the format of the decrypted
and decompressed message, and automatically reject a
message either one receives that is encrypted with the
wrong master encryption key and therefore does not
produce the required message format upon decryption.
www.blackberry.com
BlackBerry Enterprise Solution Security
BlackBerry Enterprise Solution security 5
Concept Description BlackBerry Enterprise Solution implementation
authenticity enables the message
recipient to identify and
trust the identity of the
message sender
• Require that the BlackBerry device authenticate itself
to the BlackBerry Enterprise Server to prove that it
knows the master encryption key before the BlackBerry
Enterprise Server can exchange the unique master
encryption key with, and send data to the BlackBerry
device.
The BlackBerry Enterprise Solution is designed so that data remains encrypted (in other words, it is not
decrypted) at all points between the BlackBerry device and the BlackBerry Enterprise Server. Only the
BlackBerry Enterprise Server and the BlackBerry device have access to the data that they send between them.
Thus, third-parties, including service providers, cannot access potentially sensitive company information in a
decrypted format.
Message failure occurs automatically if the BlackBerry device cannot recognize the message format produced by
the BlackBerry Enterprise Server decryption process, or if the BlackBerry Enterprise Server receives a message
encrypted with the wrong master encryption key. If message failure occurs, the BlackBerry device prompts the
user to generate a new master encryption key (required).
BlackBerry Enterprise Solution feature Description
protect data
• Encrypt data traffic in transit between the BlackBerry
Enterprise Server and the BlackBerry device.
• Encrypt data traffic in transit between your messaging and
collaboration server and a user’s desktop email program.
• Use secure protocols to connect the BlackBerry Enterprise
Server to the BlackBerry Infrastructure.
• Encrypt data on the BlackBerry device.
• Encrypt data in the BlackBerry configuration database.
• Authenticate a user to the BlackBerry device using a smart
card with a password or passphrase.
protect encryption keys
• Encrypt encryption keys on the BlackBerry device.
control BlackBerry device connections
• Control which BlackBerry devices can connect to the
BlackBerry Enterprise Server.
• Control Bluetooth® connections to and from the BlackBerry
device.
• Control BlackBerry Smart Card Reader connections.
control BlackBerry device and BlackBerry
Desktop Software functionality
• Send wireless commands to turn on and turn off BlackBerry
device functionality, delete information from BlackBerry
devices, and lock BlackBerry devices.
• Send IT policies to customize security settings for a user or a
group on a BlackBerry Enterprise Server.
• Enforce BlackBerry device and BlackBerry Smart Card
Reader passwords.
www.blackberry.com
剩余53页未读,继续阅读
greatdcc
- 粉丝: 0
- 资源: 16
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0