BlackBerry Enterprise Solution
21
with Triple DES to encrypt PIN messages, every BlackBerry device can decrypt every PIN message that it receives
because every BlackBerry device stores the same global peer-to-peer encryption key. This means that if a
BlackBerry device or BlackBerry enabled device user other than the intended PIN message recipient intercepts a
PIN message, that BlackBerry device or BlackBerry enabled device user can decrypt and read the PIN message
using the global peer-to-peer encryption key. Therefore, consider PIN messages as scrambled, not encrypted,
messages.
The BlackBerry Enterprise Server administrator can limit the number of BlackBerry devices that can receive and
decrypt your organization’s PIN messages by generating a new peer-to-peer encryption key known only to
BlackBerry devices in your organization. A BlackBerry device with an organization-specific peer-to-peer
encryption key can send and receive PIN messages with other BlackBerry devices on your organization’s network
with the same peer-to-peer encryption key only. These PIN messages use organization-specific scrambling
instead of the default global scrambling.
The BlackBerry Enterprise Server administrator can also set the Firewall Block Incoming Messages IT policy rule
to limit the number of BlackBerry devices in your organization that can receive either or both of PIN messages
that use organization-specific scrambling and PIN messages that use the default global scrambling.
The BlackBerry Enterprise Server administrator should generate a new organization-specific peer-to-peer
encryption key if the administrator knows the current key is compromised. The BlackBerry Enterprise Server
administrator can update and resend the peer-to-peer encryption key for BlackBerry device users in the
BlackBerry Manager.
Text messaging
Text messaging using SMS and MMS are available on some BlackBerry devices. Supported BlackBerry devices
can send SMS and MMS messages over the wireless TCP/IP connection between them. The BlackBerry device
does not encrypt text messages.
Controlling unsecured messaging
The BlackBerry Enterprise Server administrator can control unsecured messaging (PIN, SMS, and MMS
communication) in your organization using the following IT policy rules:
IT policy rule
Description
Allow External
Connections
This IT policy rule controls whether applications can initiate external connections
(for example, to WAP, SMS, MMS or other public gateways) on the BlackBerry
device.
Confirm on Send
This IT policy rule requires a BlackBerry device user to confirm that they wish to
send the message before sending an email message, PIN message, SMS message,
or MMS message.
Disable Forwarding
Between Services
This IT policy rule prevents a BlackBerry device user from forwarding or replying to
a message using a different BlackBerry Enterprise Server from the one that
delivered the original message. This IT policy rule also prevents using an email
account to forward or reply to a PIN message or reply to an email message with a
PIN message.
Disable Peer-to-Peer
Normal Send
This IT policy rule prevents a BlackBerry device user from sending plain text PIN
messages when using a secure messaging package, such as the S/MIME Support
Package for BlackBerry devices or the PGP Support Package for BlackBerry devices.
Firewall Block
Incoming Messages
This IT policy rule limits the number of BlackBerry devices in your organization that
can receive SMS messages, MMS messages, BlackBerry Internet Service messages,
PIN messages that use organization-specific scrambling, and PIN messages that
use the default global scrambling.
www.blackberry.com