Glossary

3GPP
Third Generation Partnership Project
Advanced Security SD card
An Advanced Security SD card is a media card that complies with the Advanced Security SD Extension Specification that the SD Association developed. BlackBerry devices support only microSD cards that use the MCEX security system.
AES
Advanced Encryption Standard
AES-CCMP
Advanced Encryption Standard Counter Mode CBCMAC Protocol
ANSI
American National Standards Institute
API
application programming interface
ARC4
Alleged Rivest's Cipher 4
ASCII
American Standard Code for Information Interchange
BlackBerry device key
The BlackBerry device key is a randomly generated key that a BlackBerry device uses to encrypt data on media cards.
BlackBerry device key store
The BlackBerry device key store stores certificates, key pairs, and PGP® keys that a BlackBerry device can use to help protect messages, access web sites, and connect to an enterprise Wi-Fi® network. To access the items in the key store, the user must type a key store password.
BlackBerry device memory
The BlackBerry device memory consists of the NV store, flash memory, RAM, on-board device memory, and BlackBerry device key store.
BlackBerry inter-process protocol
The BlackBerry inter-process protocol is a Research In Motion® proprietary protocol that generates the session key that BlackBerry® Enterprise Solution components such as the BlackBerry® Enterprise Server and BlackBerry® Mobile Voice System can use to communicate in a highly securely manner with each other. The BlackBerry inter-process protocol generates the session key based on the communication password.
BlackBerry inter-process protocol encryption
BlackBerry inter-process protocol encryption encrypts communication between BlackBerry® Enterprise Solution components to prevent other parties from viewing the data that the components send between each other.
BlackBerry MDS
BlackBerry® Mobile Data System
BlackBerry MDS security protocol
The BlackBerry MDS security protocol is a Research In Motion® proprietary protocol that helps protect the data that a BlackBerry device, the BlackBerry MDS Connection Service, and the BlackBerry MDS Integration Service send between each other.
BlackBerry MVS
BlackBerry® Mobile Voice System
BlackBerry transport layer encryption
BlackBerry transport layer encryption (formerly known as standard BlackBerry encryption) uses a symmetric key encryption algorithm to help protect data that is in transit between a BlackBerry device and the BlackBerry® Enterprise Server when the data is outside an organization's firewall.
CA
certification authority
CAC
Common Access Card
CAST
Carlisle Adams Stafford Tavares
CBC
cipher block chaining
CCKM
Cisco® Centralized Key Management
CFB
cipher feedback
CHAP
Challenge Handshake Authentication Protocol
CKIP
Cisco® Key Integrity Protocol
CLDC
Connected Limited Device Configuration
code-signing keys
Code-signing keys are the keys that are stored on media cards that sign files so that a user can install and run the files on a BlackBerry device.
communication password
The communication password is a password that BlackBerry® Enterprise Solution components use for the BlackBerry inter-process protocol. The communication password is designed to prevent a potentially malicious user from viewing the data that the components send to each other.
content protection
Content protection helps protect user data on a locked BlackBerry device by encrypting the user data using the content protection key and ECC private key.
content protection key
The content protection key encrypts user data on a BlackBerry device when the device is locked.
DEMA
Differential Electromagnetic Analysis
DES
Data Encryption Standard
device transport key
The device transport key (formerly known as the master encryption key) is unique to a BlackBerry device. The BlackBerry device and BlackBerry® Enterprise Server use the device transport key to encrypt the message keys.
DH
Diffie-Hellman
DHE
Diffie-Hellman Ephemeral
DoS
denial of service
DPA
Differential Power Analysis
DSA
Digital Signature Algorithm
DSML
Directory Service Markup Language
DSML-enabled server
A BlackBerry® device uses a DSML-enabled server to search for and download certificates.
DSS
Digital Signature Standard
EAP
Extensible Authentication Protocol
EAPoL
Extensible Authentication Protocol over LAN
EAP-FAST
Extensible Authentication Protocol Flexible Authentication via Secure Tunneling
EAP-GTC
Extensible Authentication Protocol Generic Token Card
EAP-MS-CHAP
Extensible Authentication Protocol Microsoft® Challenge Handshake Authentication Protocol
EAP-SIM
Extensible Authentication Protocol Subscriber Identity Module
EAP-TLS
Extensible Authentication Protocol Transport Layer Security
EAP-TTLS
Extensible Authentication Protocol Tunneled Transport Layer Security
ECB
electronic code book
ECC
Elliptic Curve Cryptography
ECC private key
The ECC private key decrypts the data that a BlackBerry device received when the BlackBerry device was locked.
ECC public key
The ECC public key encrypts the data that a BlackBerry device receives when the BlackBerry device is locked.
ECDH
Elliptic Curve Diffie-Hellman
ECDSA
Elliptic Curve Digital Signature Algorithm
ECIES
Elliptic Curve Integrated Encryption Standard
ECMQV
Elliptic Curve Menezes-Qu-Vanstone
ECNR
Elliptic Curve Nyberg Rueppel
EDE
Encryption-Decryption-Encryption
EDGE
Enhanced Data Rates for Global Evolution
Enterprise Service Policy
The Enterprise Service Policy controls which BlackBerry devices can connect to a BlackBerry® Enterprise Server.
ephemeral key
The ephemeral key encrypts the ECC public key, ECC private key, and content protection key.
FIPS
Federal Information Processing Standards
flash memory
The flash memory is an internal file system on a BlackBerry device that stores application data and user data.
GAN
generic access network
GANC
generic access network controller
global PIN encryption key
The global PIN encryption key is a key that is added to all BlackBerry devices during the manufacturing process. The global PIN encryption key permits devices to encrypt, decrypt, and authenticate PIN messages that are exchanged between devices.
gateway message envelope
The gateway message envelope protocol is a Research In Motion proprietary protocol that allows the transfer of compressed and encrypted data between the wireless network and BlackBerry devices. The protocol defines a routing layer that specifies the types of message contents allowed and the addressing information for the data. Gateways and routing components use this information to identify the type and source of the BlackBerry device data, and the appropriate destination service to route the data to.
GPS
Global Positioning System
GSA
General Services Administration
GSM
Global System for Mobile Communications®
HMAC
keyed-hash message authentication code
HTTP
Hypertext Transfer Protocol
HTTPS
Hypertext Transfer Protocol over Secure Sockets Layer
IEEE
Institute of Electrical and Electronics Engineers
IMSI
International Mobile Subscriber Identity
initial key establishment protocol
The initial key establishment protocol is a Research In Motion® proprietary protocol that the BlackBerry® Enterprise Solution uses to generate the first device transport key for a BlackBerry device.
IT administration command
An IT administration command is a command that you can send over the wireless network to protect sensitive information on a BlackBerry device or delete all BlackBerry device data.
IP
Internet Protocol
IPSec
Internet Protocol Security
IT policy
An IT policy consists of various IT policy rules that control the security features and behavior of BlackBerry devices, BlackBerry enabled devices, the BlackBerry® Desktop Software, and the BlackBerry® Web Desktop Manager.
IT policy private key
The IT policy private key is a key that the BlackBerry® Enterprise Server uses to sign an IT policy before the BlackBerry Enterprise Server sends the IT policy to a BlackBerry device.
IT policy public key
The IT policy public key is a key that a BlackBerry device uses to authenticate the IT policy that the BlackBerry® Enterprise Server sends.
IT policy rule
An IT policy rule permits you to customize and control the actions that BlackBerry devices, BlackBerry enabled devices, the BlackBerry® Desktop Software, and the BlackBerry® Web Desktop Manager can perform.
JSSE
Java® Secure Socket Extension
KEA
Key Exchange Algorithm
key rollover protocol
The key rollover protocol is a Research In Motion® proprietary protocol that the BlackBerry® Enterprise Solution uses to generate subsequent device transport keys for a BlackBerry device.
LAN
local area network
LDAP
Lightweight Directory Access Protocol
LDAPS
Lightweight Directory Access Protocol over SSL
LEAP
Lightweight Extensible Authentication Protocol
MAC
message authentication code
MAPI
Messaging Application Programming Interface
MCEX
Mobile Commerce Extension
MD5
Message-Digest Algorithm, version 5
message keys
The message keys encrypt the data that is sent to and from a BlackBerry device.
messaging server
A messaging server sends and processes messages and provides collaboration services, such as updating and communicating calendar and address book information.
MIDP
Mobile Information Device Profile
MMS
Multimedia Messaging Service
MS-CHAP
Microsoft Challenge Handshake Authentication Protocol
NAT
network address translation
NIST
National Institute of Standards and Technology
NTFS
New Technology File System
NTLM
NT LAN Manager
NV
nonvolatile
NV store
The NV store is a nonvolatile store that persists in application storage on a BlackBerry device. Only the operating system of the BlackBerry device can write to it. Third-party applications cannot write to the NV store.
OAEP
Optimal Asymmetric Encryption Padding
OCSP
Online Certificate Status Protocol
OFB
output feedback
PAC
proxy auto-configuration
PBX
Private Branch Exchange
PEAP
Protected Extensible Authentication Protocol
PFS
Perfect Forward Secrecy
persistent store in flash memory
The persistent store in flash memory stores data for a BlackBerry device. By default, third-party applications cannot access the persistent store. When it deletes all device data, the BlackBerry device deletes the data in the persistent store.
PGP/MIME
PGP® Multipurpose Internet Mail Extensions
PIN
personal identification number
PKCS
Public-Key Cryptography Standards
PKI
Public Key Infrastructure
PMK
pairwise master key
POA
Post Office Agent
principal encryption key
The principal encryption key encrypts the device transport key when a BlackBerry device is locked if content protection is turned on.
PRNG
pseudorandom number generator
PSK
pre-shared key
PSS
Probabilistic Signature Scheme
RC
Rivest's Cipher
remote password reset cryptographic protocol
The remote password reset cryptographic protocol is a Research In Motion® proprietary protocol that permits you to reset the BlackBerry device password when content protection is turned on.
RFC
Request for Comments
RIM signing authority system
The RIM® signing authority system is a collection of servers that sign the boot ROM code for a BlackBerry device during the manufacturing process.
RIPEMD
RACE Integrity Primitives Evaluation Message Digest
RPC
remote procedure call
S/MIME
Secure Multipurpose Internet Mail Extensions
SEMA
Simple Electromagnetic Analysis
SHA
Secure Hash Algorithm
SIM
Subscriber Identity Module
SMS
Short Message Service
SMTP
Simple Mail Transfer Protocol
SPA
Simple Power Analysis
SPEKE
Simple Password-authenticated Exponential Key Exchange
SRP
Server Routing Protocol
SRP authentication
SRP authentication is an authentication method that the BlackBerry® Enterprise Server and BlackBerry® Infrastructure use to authenticate with each other.
SRP authentication key
The SRP authentication key is a 20-byte shared encryption key that the BlackBerry® Enterprise Server and BlackBerry® Infrastructure use to authenticate with each other during SRP authentication.
SRP ID
The SRP ID is a unique identifier for the BlackBerry® Enterprise Server that the BlackBerry Enterprise Server uses to identify itself to the BlackBerry® Infrastructure during SRP authentication.
SSL
Secure Sockets Layer
TCP
Transmission Control Protocol
TCP/IP
Transmission Control Protocol
TKIP
Temporal Key Integrity Protocol
TLS
Transport Layer Security
Triple DES
Triple Data Encryption Standard
UID
unique identifier
UMA
Unlicensed Mobile Access
VPN
virtual private network
WAP
Wireless Application Protocol
WEP
Wired Equivalent Privacy
WLAN
wireless local area network
WPA
Wi-Fi Protected Access
WTLS
Wireless Transport Layer Security
Next topic: Provide feedback
Previous topic: Related resources

Was this information helpful? Send us your comments.