How the BlackBerry Enterprise Server and device protect IT policies
After the BlackBerry® Enterprise Server installation process creates the BlackBerry Configuration Database, the BlackBerry Enterprise Server generates an IT policy key pair that it can use to authenticate and protect the IT policy. When you assign a BlackBerry device to the user account and activate the device, the BlackBerry Enterprise Server sends the IT policy and the IT policy public key to the device.
The BlackBerry Enterprise Server stores the IT policy private key in the BlackBerry Configuration Database. The BlackBerry Enterprise Server uses the IT policy private key to digitally sign all data packets that include IT policy data when the BlackBerry Enterprise Server sends the IT policy to the device. The device uses the IT policy public key in the NV store to authenticate the digital signature on the IT policy.
A device stores the digitally signed IT policy and the IT policy public key in the NV store in flash memory. When the device stores the IT policy and IT policy public key, the device binds the IT policy to itself so that the device can use the IT policy to control its behavior.