Research in Motion Ltd. (RIM), on Wednesday, announced new version of its security software for Blackberry messages that it says will ensure the “confidentiality, integrity and authenticity” of messages sent over the device.
The software offers support for Secure Multipurpose Internet Mail Extensions (S/MIME), an encryption feature Waterloo, Ont.-based RIM says is particularly important to government users in Canada and the United States.
Version 4.0 of BlackBerry Enterprise Server includes Entrust’s Entelligence Messaging Server (EMS) that sends fully encrypted messages to multiple recipients and/or remote users. (FIPS) is an independent third-party verification done to government standards to ensure when this solution claims it is (augmenting) security, it is in fact good security. Alan Panezic >Text Other additions to Version 4.0 include two types of Online Certificate Validation Protocol (OCVP) servers from Tumbleweed Communications and CoreStreet that ensure encryption keys are valid.
The release of this new security software comes on the heels of a controversy centring on the privacy (or lack thereof) of messages exchanged over corporate BlackBerry wireless devices.
The controversy was triggered by a lawsuit filed in Toronto in January by Canadian Imperial Bank of Commerce (CIBC). The bank submitted scores of BlackBerry e-mails and PIN messages as evidence that several former executives took confidential information from the company and tried to recruit others while they were still employees of the bank.
The lawsuit was filed against Genuity Capital Markets, a Toronto-based investment management firm established by six former CIBC employees.
Messages submitted as evidence included ones sent between BlackBerries using the devices’ personal identification numbers (PIN) instead of e-mail addresses. That form of BlackBerry communication has been considered by many users to be more private than sending messages between e-mail addresses, because PIN messages are sent directly from one device to another. Standard BlackBerry e-mail is routed via an enterprise server and can be logged and archived like other e-mail messages.
Will RIM’s new security solution allay concerns about the privacy of messages received and sent over the Blackberry?
That seems to be an outcome RIM is hoping for.
For instance, the company says this technology can be used to secure sensitive but unclassified information onto BlackBerry handhelds – a feature government-employed users of these devices will likely take advantage of, according to Alan Panezic, director of BlackBerry Solutions at RIM.
S/MIME uses public key cryptography, where users are given a public and a private encryption key. This allows for end-to-end encryption where confidentiality, integrity and authenticity of messages are required, Panzic said.
“Confidentiality is (when) I send something to you that would be encrypted so only you can read it (and no one is able to intercept it). Integrity means no one (is able) to inject some noise or electrical signal to change the meaning (of the message). Authenticity means you know it was sent from me and not (from) someone pretending to be me,” said Panezic.
RIM has also added Federal Information Processing Standards (FIPS) 140-2 security certification to its BlackBerry Enterprise Server v4.0 and BlackBerry Handheld software v.3.8 and 4.0. FIPS is a security standard issued by the National Institute of Standards and Technology (NIST) where FIPS is a pre-requisite on products that feature cryptology. The Canadian government’s Communication Security Establishment (CSE) has adopted this standard.
“(FIPS) is an independent third-party verification done to government standards to ensure when this solution claims it is (augmenting) security, it is in fact good security. For government bodies . . . it means they do not have to take on (the) burden of doing testing themselves,” Panezic said. He added with FIPS implemented into version 4 of BlackBerry Enterprise Server and its handheld software, a self-test occurs each time the device is turned on, to ensure appropriate encryption is being used.
These new security features are available now. Customers must purchase S/MIME licences, then download the software from a secure RIM Web site. The S/MIME software is automatically loaded onto a BlackBerry when the device is cradled.
With files from Jaikumar Vijayan (Computerworld U.S.)
Related Articles
Lawsuit reveals an open BlackBerry, January 17, 2005