BBM Protected is the first product in the eBBM Suite of products and services aimed at enterprise customers. BBM Protected uses advanced security features to allow BlackBerry 10, BlackBerry OS (version 6.0 to 7.1), iOS, and Android device users in your organization to communicate securely with each other using BBM.
BBM Protected uses public encryption standards to digitally sign and encrypt messages in order to establish secure communications between users. BBM Protected works seamlessly within BBM, to allow users to message their friends and family with default BBM encryption at the same time as they message their sensitive contacts with enhanced encryption. BBM Protected uses FIPS 140-2 certified cryptographic libraries to ensure that BBM Protected satisfies the security requirements for protecting unclassified information as defined by the Federal Information Processing Standards. BBM Protected meets or exceeds NIST Suite B Cryptography for signing, encrypting and hashing.
BBM can use BBM Protected to provide end-to-end encryption for BBM messages that are sent between BBM Protected users in your organization and other BBM Protected users, inside or outside of your organization. BBM Protected uses default BBM encryption when users in your organization send BBM messages to contacts who aren’t using BBM Protected. The encryption that BBM uses for BBM chats depends on whether BBM Protected is turned on or turned off.Ã‚Â On BlackBerry OS (version 6.0 to 7.1) and BlackBerry 10 devices, BBM Protected is turned on or turned off using the Ã¢â‚¬Å“Use BBM ProtectedÃ¢â‚¬Â IT policy rule, as follows:
|BES12 IT policy rule setting||BES10 or BES5 IT policy rule setting||Result|
|Selected||Ã¢â‚¬Å“YesÃ¢â‚¬Â||BBM uses BBM Protected to encrypt and decrypt messages exchanged withÃ‚Â contacts that have the Ã¢â‚¬Å“Use BBM ProtectedÃ¢â‚¬Â IT policy rule enabled, and it uses default BBM encryption forÃ‚Â messages exchanged with other contacts.|
|Not selected||Ã¢â‚¬Å“NoÃ¢â‚¬Â||BBM always uses default BBM encryption.|
Device Operating System requirements
- For BlackBerry OS devices, BBM Protected will work with BlackBerry OS version 6.0, 7.0, or 7.1
- For BlackBerry 10 devices, BBM Protected will work on BlackBerry 10 OSÃ‚Â version 10.2, 10.2.1, or 10.3
- For iPhone, BBM Protected will work on iOS 6.0 or later
- For Android devices, BBM Protected will work on Ice Cream Sandwich (4.0) or later
BBM Version requirements
- For BlackBerry OS devices, BBM Protected requires BBM version 8.5 or Later.
- For BlackBerry 10 devices, BBM Protected requires BBM version 10.3.30 or later.
- For iPhone, BBM Protected requires BBM version 2.7 or later.
- For Android devices, BBM Protected requires BBM version 2.7 or later.
How BBM Protected protects messages
BBM Protected uses established cryptographic methods to encrypt and digitally sign messages in order to establish secure communications between BBM Protected users. Users can seamlessly send messages to their friends and family with default BBM encryption at the same time that they send messages to their work contacts with BBM Protected encryption.
When BBM uses BBM Protected encryption
The encryption that BBM uses for a BBM chat depends on whether BBM Protected is on or off.
If BBM Protected is on, BBM uses:
- BBM Protected end-to-end encryption for messages that users exchange with BBM contacts that also have BBMÃ‚Â Protected turned on
- Default BBM encryption for messages that users exchange with BBM contacts that donÃ¢â‚¬â„¢t have BBM Protected turnedÃ‚Â on
- Default BBM encryption for messages that users exchange with BBM contacts that arenÃ¢â‚¬â„¢t activated on BES12, BES10, BES5, or iOS and Android devices that aren’t assigned to BBM Protected in the Enterprise IdentityÃ‚Â management console
If BBM Protected is off, BBM uses default BBM encryption for messages.
Default BBM encryption
When BBM Protected is off or not available on a device, BBM uses default BBM encryption, which relies on TLS. Default BBM encryption uses a combination of authentication and encryption to protect messages.
BBM Protected standards and algorithms
BBM Protected uses FIPS 140-2 validated cryptographic libraries to ensure that it satisfies the security requirements for protecting unclassified information as defined by the Federal Information Processing Standards.
BBM Protected uses ECC because it offers significant advantages over the most widely used alternative, RSA. BlackBerry uses the ECC implementation that is offered by Certicom, which is a wholly owned subsidiary of BlackBerry. Certicom has been developing standards-based cryptography for over 25 years. Certicom is the acknowledged worldwide leader in ECC, offering the most security per bit of any known public key scheme. For example, a 160-bit ECC key and a 1024-bit RSA key offer a similar level of security. A 512-bit ECC key provides the same level of security as a 15,360-bit RSA key.
To purchase BBM Protected User Licenses:
- Contact your BlackBerry Account Manager or licensed distributor to order your BBM Protected User Licenses or order them directly through the BlackBerry Enterprise Store.
- After ordering your licenses, you will receive a confirmation email. Click the link in the email to log in to the Account Center.
- Claim your licenses and accept the license agreements. After claiming the licenses, you will receive an email that confirms the purchase of the licenses. The email also includes a link where you can download files.
- Download the .bar and .cod files if you have not previously downloaded and installed BBM on your users’ devices.
- You will receive an invoice after claiming the licenses. Licenses expire after one year, as they are purchased as an annual subscription.
Unlike BlackBerry Enterprise Service 10 or BlackBerry Enterprise Service 12 device licenses, BBM Protected licenses do not need to be added to the server. Management of BBM Protected subscriptions is now done through the Enterprise Identity Administration Console. Keep a record of the license information in a safe location, as BlackBerry may perform periodic audits to ensure that the appropriate number of BBM Protected licenses have been purchased for the environment.
If a supported version of the BBM application is already installed, you do not need to download it again. The BBM Protected features can be enabled via the Enterprise Identity Administration Console for applicable users.
To push the BBM client to users that do not have it installed, find the appropriate application files in the BlackBerry Download Center.
Alternatively, downloaded directly from BlackBerry World:
- Download BBM for BlackBerry 10
- Download BBM for BlackBerry smartphones running BlackBerry 6 and later
- Download BBM for iOS devices
- Download BBM for Android
[signoff predefined=”Enjoy this?” icon=”users”][/signoff]