How the BlackBerry Enterprise Solution protects IT policies
After the BlackBerry® Enterprise Server installation process creates the BlackBerry Configuration Database, the BlackBerry Enterprise Server generates an IT policy key pair that it can use to authenticate and protect the IT policy. When you assign a BlackBerry device to the user account and activate the BlackBerry device, the BlackBerry Enterprise Server sends the IT policy and the IT policy public key to the BlackBerry device.
The BlackBerry Enterprise Server stores the IT policy private key in the BlackBerry Configuration Database. The BlackBerry Enterprise Server uses the IT policy private key to digitally sign all data packets that include IT policy data when the BlackBerry Enterprise Server sends the IT policy to the BlackBerry device. The BlackBerry device uses the IT policy public key in the NV store to authenticate the digital signature on the IT policy.
A BlackBerry device stores the digitally signed IT policy and the IT policy public key in the NV store in flash memory. When the BlackBerry device stores the IT policy and IT policy public key, the BlackBerry device binds the IT policy to itself so that the BlackBerry device can use the IT policy to control its behavior.