Help Center

Local Navigation

Protecting BlackBerry Device Software updates over the wireless network

You can update the BlackBerry® Device Software on a BlackBerry device over the wireless network. You can use the BlackBerry Administration Service to search for updates that match the BlackBerry device and wireless service provider, and send the updates. You can also permit your organization's wireless service provider to send the BlackBerry Device Software updates.

The BlackBerry® Enterprise Solution protects the BlackBerry Device Software updates using encryption, IT policies, content protection, and battery power requirements.

For more information about BlackBerry Device Software updates, see the BlackBerry Device Software Update Guide.

How the BlackBerry Enterprise Solution protects BlackBerry Device Software updates over the wireless network using encryption

The BlackBerry® Enterprise Server, BlackBerry® Infrastructure, BlackBerry® Provisioning System administration web site, and BlackBerry device protect data for BlackBerry® Device Software updates over the wireless network. You can use the BlackBerry Provisioning System administration web site when you want to permit your organization’s wireless service provider to update the BlackBerry Device Software.

The BlackBerry Enterprise Server and BlackBerry device encrypt all data that they send between each other, including BlackBerry Device Software updates, using BlackBerry transport layer encryption.

The BlackBerry device validates the digital signatures of the following information to verify integrity:
  • control messages that the BlackBerry device receives from the BlackBerry Infrastructure or BlackBerry Provisioning System administration web site
  • BlackBerry Device Software update instructions that the BlackBerry device requests and receives from the BlackBerry Infrastructure or BlackBerry Provisioning System administration web site

How the BlackBerry Enterprise Solution protects BlackBerry Device Software updates over the wireless network using IT policies and content protection

The default values for the Default IT policy determine that only the BlackBerry® Enterprise Server can send available BlackBerry® Device Software updates and request a BlackBerry device to update the BlackBerry Device Software. A wireless service provider cannot send available BlackBerry Device Software updates to the BlackBerry device unless you change the value for the Allow Non Enterprise Upgrade IT policy rule to Yes.

When you or a user turns on the content protection feature on a BlackBerry device, the BlackBerry device protects user data in the following ways:
  • requires the user to type the BlackBerry device password before the BlackBerry Device Software update process can back up or restore user data
  • requires the BlackBerry device to encrypt stored user data during the BlackBerry Device Software update process

Battery power requirements for BlackBerry Device Software updates over the wireless network

The battery power level on a BlackBerry® device must be 50% or greater for the BlackBerry device to retrieve an update package over the wireless network. If the battery power level is below the minimum requirement, the update process suspends. The BlackBerry device prompts the user to recharge the battery and start the BlackBerry® Device Software update process again. If the battery power level returns to 50%, the BlackBerry device resumes retrieving the update package from the BlackBerry® Infrastructure.

The battery power requirement is designed to protect the BlackBerry device against attacks from a potentially malicious user who might try to take advantage of low battery power during a BlackBerry Device Software update.

Process flow: Preparing to send a BlackBerry Device Software update over the wireless network

Before the BlackBerry® Infrastructure sends a BlackBerry® Device Software update to a BlackBerry device, the BlackBerry Infrastructure performs the following actions:

  1. generates an ECDSA key periodically using ECC over a 521-bit curve
  2. signs the ECDSA key using a stored root certificate
  3. signs the BlackBerry Device Software update that it sends to the BlackBerry device using the digitally signed ECDSA key

How a BlackBerry device validates a BlackBerry Device Software update over the wireless network

When a BlackBerry® device receives a BlackBerry® Device Software update from the BlackBerry® Infrastructure, it verifies that the ECDSA key uses a public key that is shared by all BlackBerry devices that support BlackBerry Device Software updates over the wireless network. The BlackBerry device verifies the digital signature on the ECDSA key using a stored root certificate.


Was this information helpful? Send us your comments.