Suggested Reading
The following articles may also be of interest
Keywords
Articles
Click on a title link below to expand or collapse a section. Double click a title link to follow it. Access the Blog.
Popular Articles
Today's:
- Welcome
- Use the HTC Desire as a portable WiFi hotspot
- Configuring the Huawei E5832 / E5830 (iMo)
- Sharing media via DLNA from the HTC Desire Z and Desire HD to Windows Media Player
- Using Internet Passthrough mode on the HTC Desire Z and Desire HD
- Huawei E5 (E5830 / E5832 / iMo) firmware update available
All time:
Popular Downloads
BlackBerry Bridge Security Overview
The BlackBerry Bridge software is a free application available in the BlackBerry App World that needs to be installed onto compatible BlackBerry Smartphones (running device software version 5.0 or 6.0) in order to enable them to pair via Bluetooth with the new BlackBerry PlayBook tablet so that email, contacts and calendar information stored on the Smartphone can then be managed from the PlayBook.
The BlackBerry Bridge software is preinstalled on devices running version 6.1 of the software or later.
The Bridge software also allows you to access files stored on the Smartphone's media card and also browse the Internet via the Smartphone's cellular data connection.
The Bridge feature is available to Smartphones that have been activated against a BlackBerry Enterprise Server (BES) and also for devices using the BlackBerry Internet Service (BIS).
In this article I will outline the security measures utilised by the solution for those administrators who may need to know more about the application before being able to allow users to deploy PlayBooks in their BlackBerry infrastructure.
Pairing
The link between the BlackBerry PlayBook and the Smartphone is established via Bluetooth. A barcode is generated by the Bridge software on the PlayBook that can be scanned using the camera on the Smartphone which establishes the Bluetooth connection. A connection can also be created manually by typing in a Bluetooth PIN on the Smartphone generated by the PlayBook.
Once paired via Bluetooth, the Bridge software uses the ECDH algorithm to further encrypt the data connection over and above the level of security provided by the Bluetooth protocol, incidentally the same level of encryption as used by the government-approved BlackBerry Smartcard Reader accessory.
When reconnecting to a Smartphone that requires a password, the password must be typed on the PlayBook.
Architecture
The file system on the PlayBook is divided into "work" and "personal" areas, each being isolated from the other. The tablet operating system identifies which applications fall into which category and only those applications can access their respective storage areas: only work applications can access the work storage; and only personal applications can access the personal storage.
Work data consists of all email messages, calendar entries and attachments that are exchanged between the Smartphone and a BES, as well as any data that is associated with a work application, such as Documents To Go.
When the Bridge connection is established, the tablet creates an encrypted file system using 256-bit AES encryption and the key generated by the Bridge software on the Smartphone.
No work data is stored permanently on the PlayBook, rather the tablet uses the Smartphone's device memory to store data, and any data stored temporarily on the PlayBook is erased when the Bridge connection is closed along with the encryption key.
NOTE - Data stored on a Smartphone that is activated with a BlackBerry Internet Service (BIS) account is considered personal data.
Personal data is not encrypted.
BlackBerry Enterprise Server
The default option on the BlackBerry Enterprise Server is to allow use of the Bridge software. Should you wish to disable use of the Bridge software from the BES, or restrict its use to specific users via IT Policy, additional IT Policy rules must first be imported into the BES server. These policy definitions are free to download from the BlackBerry web site - http://blog.brightpointuk.co.uk/rim-releases-two-it-policies-blackberry-...
Applications
By default all applications on the PlayBook run in personal mode. Some applications may be capable of running in work mode, personal mode, or both.
An application such as Documents To Go can work in both work and personal mode. When the Bridge connection is closed, it will run in personal mode. When being used to view an attachment to a work email over the Bridge connection, then it is running in work mode.
Work applications are grouped together on the Tablet under the Bridge Control Panel.
Applications running in work mode cannot exchange information with applications running in personal mode and vice versa.
Work applications CAN view but cannot change files stored in personal storage in some situations: for example a picture taken by the user could be attached to a work email.
Applications can only run in work mode when the Bridge connection is active.
Work applications can access the Smartphone's cellular connection and its connection via the BES to the corporate internal network, therefore the Bridge Browser could be used to navigate a company intranet, for example.
(It is not possible to access a WiFi connection when the browser is running in work mode).
It is not possible for users to designate applications installed by themselves as work applications.
The following applications can only run in personal mode:
- YouTube
- Maps
- Any application installed by the user
Miscellaneous
The Bridge connection can be configured to close automatically in the event that that user does not interact with the tablet for a pre-defined period of time.
Detailed information on the security mechanisms and encryption algorithms are available in the BlackBerry PlayBook Technical Security Overview, available on the FTP site here
Printer-friendly version- 4198 reads
- Stumble
PDF version
Twitter Feed
| BlackBerry 7 approved for use by UK government - http://t.co/p3DmORtP | 1 hour 55 min ago |
| Update your Windows Phone device to 7.5 if you haven't done already to continue to access the MarketPlace - http://t.co/SleqQWIR | 1 day 2 hours ago |
| Google Chrome Blog: Keeping tabs on your tabs - http://t.co/NYqLd81Q | 3 days 14 hours ago |
| HTC Desire C announced. Pre-order today - http://t.co/IWFNnc5n | 4 days 2 hours ago |
| LinkedIn for Windows Phone available - http://t.co/W0N0sIA8 | 5 days 8 hours ago |
| The Next Web - Mobile data roaming set to become cheaper in Europe as EU price cap rolls out - http://t.co/Akajz7U4 | 1 week 2 days ago |
| BrightPoint GB - The HTC Algarve Incentive is now closed, log in to see who the winners are! - http://t.co/qtDK4RvI | 1 week 2 days ago |
| Nokia Mail for Exchange available for Symbian Series 40 devices in Nokia Beta Labs - http://t.co/2Km2grnx | 1 week 2 days ago |
| BlackBerry Curve 9320 User Guide uploaded to the File Library - http://t.co/iDKiysiC Direct Link - https://t.co/ErUCIJ42 | 1 week 2 days ago |
| Google Mobile Blog: Shop and travel smarter with Google Maps 6.7 for Android - now with Google Offers (US only) - http://t.co/e4HUN1Oy | 1 week 2 days ago |
- 1 of 6
- ››
