- BlackBerry smartphones
System requirements for stored file encryption on BlackBerry smartphones
Java based BlackBerry smartphones that run BlackBerry Device Software 4.0 to 5.0
Java based BlackBerry smartphones that support external file storage using a media card (BlackBerry smartphones that run BlackBerry Device Software 4.2 to 5.0)
Encrypting stored files on BlackBerry smartphones
|Internal files||External files|
|Turn on the Content Protection option (Options > Security Options > General Settings)||
Data that the BlackBerry smartphone can encrypt in internal memory:
When content protection is enabled on BlackBerry smartphones, the BlackBerry smartphones encrypt the following user data items:
|AutoText||All text that automatically replaces the text that is typed|
|Contacts (in the contact list)||
All information except the contact title and category
Note: The administrator can set the Force Include Address Book In Content Protection IT policy rule to True to prevent the turning off of the Include Address Book option on the BlackBerry smartphone. The BlackBerry smartphone permits the Caller ID and Bluetooth Address Book transfer features to work when content protection is turned on and the BlackBerry smartphone is locked.
|OMA DRM applications||A key identifying the BlackBerry smartphone and a key identifying the Subscriber Identity Module (SIM) card (if available) that the BlackBerry smartphone adds to DRM forward-locked applications|
|RSA SecurID Library||The contents of the .sdtid file seed stored in flash memory|
Protecting user data stored on a locked BlackBerry smartphone
If content protection is turned on, on BlackBerry smartphones, user data that the BlackBerry smartphones store is always protected with the 256-bit Advanced Encryption Standard (AES) encryption algorithm. Content protection of user data is designed to perform the following actions:
- Use a 256-bit AES content protection key to encrypt stored data when the BlackBerry smartphone is locked
- Use an Elliptic Curve Cryptography (ECC) public key to encrypt data that the BlackBerry smartphone receives when it is locked
Turning on protected storage of BlackBerry smartphone data in internal memory
Administrators turn on protected storage of data on the BlackBerry smartphone by setting the Content Protection Strength IT policy rule. Administrators should choose a strength level that corresponds to the desired Elliptic Curve Cryptography (ECC) key strength. If content protection is turned on the BlackBerry smartphone, in the BlackBerry smartphone Security Options, the content protection strength can be set to the same levels that administrators can set using the Content Protection Strength IT policy rule.
Protecting files stored in external memory on the BlackBerry smartphone
The BlackBerry smartphone is designed to prevent a third-party device from using the media card by encrypting data that it stores on an external memory device.
Data that the BlackBerry smartphone can encrypt in external memory
If media card encryption is turned on, the BlackBerry smartphone encrypts its external file system, but the administrator or BlackBerry smartphone must specify whether to include stored media files in file encryption. The external file system encryption does not apply to files that are manually transfered to external memory (for example, from a USB mass storage device).
Setting the external memory encryption level
The administrator can use the External File System Encryption Level IT policy rule to enforce a minimum level of encryption for the external file system. The encryption mode to any encryption level can be set to stronger than the minimum, if this IT policy rule is set.
|Device||The BlackBerry smartphone uses a randomly generated device key to encrypt the external file system.|
|Security Password||The BlackBerry smartphone uses the BlackBerry smartphone password to encrypt the external file system. Turning on this option turns on the password prompt on the BlackBerry smartphone automatically. The BlackBerry smartphone then requires the user to set a BlackBerry smartphone password if one does not exist already.|
|Security Password & Device||The BlackBerry smartphone uses the randomly generated device key and the BlackBerry smartphone password to encrypt the external file system. Turning on this option requires the BlackBerry smartphone password to be set if one does not exist already.|
Transferring encrypted media files
The BlackBerry smartphone can be connected to the computer to transfer files between the BlackBerry smartphone and the computer, or use Bluetooth technology to send media files to or receive media files from a Bluetooth enabled device.
Turning on the mass storage mode option on the BlackBerry smartphone allows the transfer of files quickly over a USB connection between the media card and the computer without using the media programs in the BlackBerry Desktop Manager. When transferring files to the media card using mass storage mode, the BlackBerry smartphone does not encrypt the transferred files using mass storage mode even if the BlackBerry smartphone is set to encrypt files stored on the media card. If transferring encrypted files from the media card using mass storage mode, the computer cannot decrypt the transferred files using mass storage mode.
Moving the media card to a different BlackBerry smartphone
If the media card is removed from the BlackBerry smartphone and placed in a new BlackBerry smartphone, the new BlackBerry smartphone cannot decrypt any files that the first BlackBerry smartphone encrypted on the media card using a randomly generated device key. If the first BlackBerry smartphone encrypted the files on the media card using the BlackBerry smartphone password, when the media card is removed from the BlackBerry smartphone and placed in a new BlackBerry smartphone, the new BlackBerry smartphone prompts for the password used on the first BlackBerry smartphone to access the files on the new BlackBerry smartphone.
By downloading, accessing or otherwise using the Knowledge Base documents you agree:
(b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.
Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.