Security considerations
8
Data encryption and the BlackBerry Application
Data encryption in transport
If you use the BlackBerry® Enterprise Server as the network gateway for your application, the BlackBerry Enterprise Server encrypts
data using AES or TripleDES encryption at all points in the connection between the BlackBerry device and the BlackBerry Enterprise
Server behind the organization's firewall. If you require data to be encrypted further between the BlackBerry Enterprise Server
and the destination server, you can use the HTTPS protocol and use SSL/TLS encryption.
If your application uses the BlackBerry® Internet Service or the Internet gateway of the wireless service provider, data traffic is
not encrypted. If your BlackBerry device users prefer, you can use HTTPS to encrypt the data, or you can use the Java® APIs for
encryption to apply your own symmetric key or public key cryptography.
Data encryption on the BlackBerry device
Administrators can set an IT policy to make sure that all BlackBerry® device user data stored in the BlackBerry device applications
is encrypted locally in flash memory. You can create aBlackBerry Java® Application that uses APIs to register the data so that
the encryption service encrypts the data with the same security key before storing it in flash memory.
Access to memory
The BlackBerry® Java® Development Environment is designed to inhibit applications from causing problems accidentally or
maliciously in other applications or on the BlackBerry device. BlackBerry applications can write only to the BlackBerry device
memory that the BlackBerry® Java® Virtual Machine uses; they cannot access the virtual memory or the persistent storage of
other applications (unless they are specifically granted access to do so). A BlackBerry® Java Application can only access persistent
storage or user data, or communicate with other applications, through specific BlackBerry APIs. Research In Motion must digitally
sign a BlackBerry Java Application that uses these BlackBerry APIs, to provide an audit trail of applications that use sensitive
APIs.
Fundamentals Guide
Security considerations
35