BBM Protected: An Overview

263

BBM Protected is the first product in the eBBM Suite of products and services aimed at enterprise customers. BBM Protected uses advanced security features to allow BlackBerry 10, BlackBerry OS (version 6.0 to 7.1), iOS, and Android device users in your organization to communicate securely with each other using BBM.

BBM Protected uses public encryption standards to digitally sign and encrypt messages in order to establish secure communications between users. BBM Protected works seamlessly within BBM, to allow users to message their friends and family with default BBM encryption at the same time as they message their sensitive contacts with enhanced encryption. BBM Protected uses FIPS 140-2 certified cryptographic libraries to ensure that BBM Protected satisfies the security requirements for protecting unclassified information as defined by the Federal Information Processing Standards. BBM Protected meets or exceeds NIST Suite B Cryptography for signing, encrypting and hashing.

BBM can use BBM Protected to provide end-to-end encryption for BBM messages that are sent between BBM Protected users in your organization and other BBM Protected users, inside or outside of your organization. BBM Protected uses default BBM encryption when users in your organization send BBM messages to contacts who aren’t using BBM Protected. The encryption that BBM uses for BBM chats depends on whether BBM Protected is turned on or turned off. On BlackBerry OS (version 6.0 to 7.1) and BlackBerry 10 devices, BBM Protected is turned on or turned off using the “Use BBM Protected” IT policy rule, as follows:
[table style=”table-striped”]

BES12 IT policy rule settingBES10 or BES5 IT policy rule settingResult
Selected“Yes”BBM uses BBM Protected to encrypt and decrypt messages exchanged with contacts that have the “Use BBM Protected” IT policy rule enabled, and it uses default BBM encryption for messages exchanged with other contacts.
Not selected“No”BBM always uses default BBM encryption.

[/table]
Device Operating System requirements

  • For BlackBerry OS devices, BBM Protected will work with BlackBerry OS version 6.0, 7.0, or 7.1
  • For BlackBerry 10 devices, BBM Protected will work on BlackBerry 10 OS version 10.2, 10.2.1, or 10.3
  • For iPhone, BBM Protected will work on iOS 6.0 or later
  • For Android devices, BBM Protected will work on Ice Cream Sandwich (4.0) or later

BBM Version requirements

  • For BlackBerry OS devices, BBM Protected requires BBM version 8.5 or Later.
  • For BlackBerry 10 devices, BBM Protected requires BBM version 10.3.30 or later.
  • For iPhone, BBM Protected requires BBM version 2.7 or later.
  • For Android devices, BBM Protected requires BBM version 2.7 or later.

How BBM Protected protects messages

BBM Protected uses established cryptographic methods to encrypt and digitally sign messages in order to establish secure communications between BBM Protected users. Users can seamlessly send messages to their friends and family with default BBM encryption at the same time that they send messages to their work contacts with BBM Protected encryption.

When BBM uses BBM Protected encryption

The encryption that BBM uses for a BBM chat depends on whether BBM Protected is on or off.
If BBM Protected is on, BBM uses:

  • BBM Protected end-to-end encryption for messages that users exchange with BBM contacts that also have BBM Protected turned on
  • Default BBM encryption for messages that users exchange with BBM contacts that don’t have BBM Protected turned on
  • Default BBM encryption for messages that users exchange with BBM contacts that aren’t activated on BES12, BES10, BES5, or iOS and Android devices that aren’t assigned to BBM Protected in the Enterprise Identity management console

If BBM Protected is off, BBM uses default BBM encryption for messages.

Default BBM encryption

When BBM Protected is off or not available on a device, BBM uses default BBM encryption, which relies on TLS. Default BBM encryption uses a combination of authentication and encryption to protect messages.

BBM Protected standards and algorithms

BBM Protected uses FIPS 140-2 validated cryptographic libraries to ensure that it satisfies the security requirements for protecting unclassified information as defined by the Federal Information Processing Standards.

BBM Protected uses ECC because it offers significant advantages over the most widely used alternative, RSA. BlackBerry uses the ECC implementation that is offered by Certicom, which is a wholly owned subsidiary of BlackBerry. Certicom has been developing standards-based cryptography for over 25 years. Certicom is the acknowledged worldwide leader in ECC, offering the most security per bit of any known public key scheme. For example, a 160-bit ECC key and a 1024-bit RSA key offer a similar level of security. A 512-bit ECC key provides the same level of security as a 15,360-bit RSA key.

Purchasing Licenses

To purchase BBM Protected User Licenses:

  1. Contact your BlackBerry Account Manager or licensed distributor to order your BBM Protected User Licenses or order them directly through the BlackBerry Enterprise Store.
  2. After ordering your licenses, you will receive a confirmation email. Click the link in the email to log in to the Account Center.
  3. Claim your licenses and accept the license agreements. After claiming the licenses, you will receive an email that confirms the purchase of the licenses. The email also includes a link where you can download files.
  4. Download the .bar and .cod files if you have not previously downloaded and installed BBM on your users’ devices.
  5. You will receive an invoice after claiming the licenses. Licenses expire after one year, as they are purchased as an annual subscription.

Unlike BlackBerry Enterprise Service 10 or BlackBerry Enterprise Service 12 device licenses, BBM Protected licenses do not need to be added to the server. Management of BBM Protected subscriptions is now done through the Enterprise Identity Administration Console. Keep a record of the license information in a safe location, as BlackBerry may perform periodic audits to ensure that the appropriate number of BBM Protected licenses have been purchased for the environment.

Downloads

If a supported version of the BBM application is already installed, you do not need to download it again. The BBM Protected features can be enabled via the Enterprise Identity Administration Console for applicable users.

BlackBerry smartphones

To push the BBM client to users that do not have it installed, find the appropriate application files in the BlackBerry Download Center.

Alternatively, downloaded directly from BlackBerry World:

[signoff predefined=”Enjoy this?” icon=”users”][/signoff]

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking Agree, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies are necessary for the website to function and enable essential services and functonality, including identify verification, service continuity and site security. Opt out is not availabe.

Essential Session management cookies for logged in users
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

For perfomance reasons we use Cloudflare as a CDN network. This saves a cookie "__cfduid" to apply security settings on a per-client basis. This cookie is strictly necessary for Cloudflare's security features and cannot be turned off.
  • __cfduid

Used by Spamshield to stop spam signups
  • _wpss_h_
  • _wpss_p_

NewsWire Service
  • BIGipServerwidget2_www_http

Decline all Services
Accept all Services