Filter
Top Products
• if you use software tokens, contents of the .sdtid file seed that is stored in flash memory
• all data that is associated with third-party applications that a user installs on the device
• in the BlackBerry Browser, content that web sites or third-party applications push to the device, any web sites that the
user saves on the device, and the browser cache
• all text that replaces the text automatically that the user types on the device
You can change the Content Protection of Contact List IT policy rule to Required to prevent the user from turning off
content protection for the contact list on the device. If you change the Content Protection of Contact List IT policy rule to
Required, the device does not permit call display and does not share contacts over a Bluetooth connection when the
device is locked.
Encrypting the device transport key on a
locked device
If you turn on content protection for device transport keys, a BlackBerry device uses the principal encryption key to encrypt
the device transport keys that are stored in flash memory. The device encrypts the principal encryption key using the
content protection key. When a locked device receives data that is encrypted using the device transport key, it uses the
decrypted principal encryption key to decrypt the device transport key in flash memory and then uses the decrypted device
transport key to decrypt data.
When you, a user, or a password timeout locks the device, the wireless transceiver remains on and the device does not
delete the memory that is associated with the principal encryption key or device transport key. The device is designed to
prevent the decrypted principal encryption key and the decrypted device transport key from appearing in flash memory.
You can turn on content protection for device transport keys on the device when you configure the Force Content
Protection of Master Keys IT policy rule. When you turn on content protection of device transport keys, the device uses the
ECC key strength that you specified in the Content Protection Strength IT policy rule to encrypt the device transport keys.
Managing device access to the BlackBerry
Enterprise Server
You can use the Enterprise Service Policy to control which BlackBerry devices can connect to a BlackBerry Enterprise
Server. By default, after you turn on the Enterprise Service Policy, the BlackBerry Enterprise Server permits connections
from any device that you previously associated with the
BlackBerry Enterprise Server. The BlackBerry Enterprise Server
also prevents connections from any device that you associate with the BlackBerry Enterprise Server after you turn on the
Enterprise Service Policy.
Feature and Technical Overview BlackBerry Enterprise Solution security
52