Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FEATURE AND TECHNICAL Uživatelský manuál stáhnout pdf (Strana 49)

How the BlackBerry Enterprise Server uses a Triple DES encryption algorithm

The BlackBerry® Enterprise Solution uses a two-key Triple DES encryption algorithm to create message keys and master

encryption keys. In each of three iterations of the DES algorithm, the first of two 56-bit keys in outer CBC mode encrypts the

data, the second key decrypts the data, and then the first key encrypts the data again. For more information, see Federal

Information Processing Standard - FIPS PUB 81 [3].

The BlackBerry Enterprise Solution stores the message keys and master encryption keys as 128-bit long binary strings, with each

parity bit in the least significant bit of each of the 8 bytes of key data. The message keys and master encryption keys have overall

key lengths of 112 bits and include 16 bits of parity data.

How the BlackBerry Enterprise Solution uses an AES encryption algorithm

The BlackBerry® Enterprise Solution uses an AES algorithm in CBC mode to create message keys and master encryption keys

that contain 256 bits of key data.

The way that BlackBerry devices implement AES is designed to protect user data and encryption keys on BlackBerry devices from

traditional attacks and side-channel attacks. Side-channel attacks can occur in the form of power analysis readings or

electromagnetic radiation emissions.

BlackBerry devices implement AES in a way that uses countermeasures (for example, masking operations, table splitting, and

applications of random masks) to hide the true operations taking place on the BlackBerry device. These countermeasures are

designed to help protect the cryptographic keys and plain-text data against potential side-channel attacks at all points during

the AES encryption and decryption operations so that the attacks do not reveal data that can expose the encryption key.

Options for extending messaging security

When a user sends a message from the BlackBerry® device, by default, the BlackBerry® Enterprise Server does not encrypt the

message when it forwards the message to the message recipient. To extend the messaging security that standard BlackBerry

encryption provides, the user must install additional secure messaging technology on the BlackBerry device, and you must set

the BlackBerry device to use that secure messaging technology.

To offer an additional layer of messaging security between the sender and recipient of an email message or PIN message, you

can turn on S/MIME technology or PGP® technology for BlackBerry devices. When you use either one of these technologies, you

allow sender-to-recipient authentication and confidentiality. These technologies also help to maintain the integrity and privacy

of the data from the time that a BlackBerry device user sends a message from the BlackBerry device to when the message recipient

decrypts and opens the message.

Options for encrypting stored data

You can configure the BlackBerry® Enterprise Solution to encrypt the user data and encryption keys on locked BlackBerry devices.

Feature and Technical Overview

BlackBerry Enterprise Solution security

1 2 ... 44 45 46 47 48 49 50 51 52 53 54 ... 116 117

Žádné komentáře

Blackberry JAVA DEVELOPMENT ENVIRONMENT - - FEATURE AND TECHNICAL Uživatelský manuál Strana 49