RIM (Research In Motion) uses powerful codes to scramble, or encrypt, email messages as they travel between a BlackBerry device and a computer known as a BlackBerry Enterprise Server (BES) that is designed to secure those emails. Governments in India and elsewhere say criminals use BlackBerrys to conduct their business because they know the government cannot monitor their chatter. The encrypted messages can only be unlocked with software “keys” that are located either on the BlackBerry device itself, or at a particular customer’s BlackBerry Enterprise Server. RIM says it does not have a master key that controls every system in its network.
But corporate customers can choose to install their own key that allows them to restrict access to users within their enterprise. A. Some analysts speculate that may be the case. But breaking encrypted code is no easy task – it is a slow process that requires tremendous skill and powerful computers. RIM’s enterprise system offers two transport encryption options, Advanced Encryption Standard (AES) and Triple Data Encryption Standard (Triple DES). A BlackBerry device will by default choose the 256-bit encryption of AES for transport layer encryption. Triple DES is a two-key algorithm that generates message and device transport keys.
HTTPS Secure Data Access
BlackBerry MDS Services act as a secure gateway between the wireless network and corporate intranets and the Internet. They leverage the BlackBerry AES or Triple DES* encryption transport and also enable HTTPS connections to application servers.
BlackBerry smartphones support HTTPS communication in one of two modes, depending on corporate security requirements:
- Proxy Mode: An SSL/TLS connection is created between BlackBerry Enterprise Server and the application server on behalf of BlackBerry smartphones. Data from the application server is then AES or Triple DES* encrypted and sent over the wireless network to BlackBerry smartphones.
- End-to-End Mode: Data is encrypted over SSL/TLS for the entire connection between BlackBerry smartphones and the application server, making End-to-End Mode connections most appropriate for applications where only the transaction end-points are trusted.