Installation guide

BlackBerry Enterprise Solution 62

Remotely resetting the password of a content protected BlackBerry device

The remote password reset cryptographic protocol is designed to allow the BlackBerry Enterprise Server

administrator to set the BlackBerry device password remotely, even if content protection is enabled on the

BlackBerry device. The BlackBerry device does not prompt the user for the old BlackBerry device password.

The cryptographic protocol for resetting the password on a content-protected device remotely is designed to

provide the following features:

• allows the BlackBerry device to re-encrypt the content protection key with the new password, without

knowing the old password

• prevents a hardware-based attack on the BlackBerry device from recovering the content protection key

successfully without knowing either the BlackBerry device password or the IT policy private key of the IT

policy public and private key pair that the BlackBerry Enterprise Server generates for the BlackBerry device

• prevents a small subgroup containment attack through the use of elliptic curve cryptography

• prevents the BlackBerry Enterprise Server from learning anything that an attacker could use to recover the

content protection key

The BlackBerry Enterprise Server administrator should send the Set a Password and Lock Handheld IT

administration command to a content-protected BlackBerry device that is in the possession of the BlackBerry

device user only. Sending this command to a BlackBerry device in the possession of an attacker allows an

attacker that uses a hardware-based attack to recover the key pair that the BlackBerry device creates when it

receives the IT policy from flash memory, and thereby decrypt all the data on the BlackBerry device.

For more information about the protocol, see “Appendix L: Protocol for resetting the password on a content-

protected BlackBerry device remotely” on page 88.

Remotely erasing data from BlackBerry device memory and making the BlackBerry device

unavailable

A BlackBerry device that is not physically connected to a computer is designed to permanently delete its user

and application data when any of the following events occur:

• The user clicks Wipe Device (in the Security Options) on the BlackBerry device.

• The user types the password incorrectly more times than the Set Maximum Password Attempts IT policy rule

allows on the BlackBerry device. (The default is ten attempts.)

• The BlackBerry Enterprise Server administrator sends the Erase Data and Disable Handheld IT

administration command to the BlackBerry device from the BlackBerry Manager.

• The BlackBerry Enterprise Server administrator sends the Erase Data and Disable Handheld IT

administration command with a delay (in hours, up to 168 hours) to the BlackBerry device from the

BlackBerry Manager.

The BlackBerry Enterprise Server administrator can also set the following IT policy rules to require that the

remote BlackBerry device automatically delete its user and application data.

IT policy rule Description

Secure Wipe Delay After IT

Policy Received

Set this IT policy rule to a period of time, in hours, after which, if the

BlackBerry device has not successfully received IT policy updates or IT

administration commands, the BlackBerry device permanently deletes its

user and application data.

Secure Wipe Delay After Lock

Set this IT policy rule to a period of time, in hours, after which, if the user has

not unlocked the BlackBerry device, the BlackBerry device permanently

deletes its user and application data.