I am evaluating a requirement for a consumer blackberry application that places high premium on security of user's data. Seems like it is an insurance company. Here are my ideas on how I could go about it. I am sure this would be useful for others who are looking for similar stuff

• Force the user to use device password. (I am guessing that this would be possible - though not checked it yet). Application can request notifications when the device is about to be locked and just after it has been unlocked. Encryption of application specific data can be managed at those times.
• Application data would be encrypted with user's password.
• User's credentials would be encrypted with device password.
• Remote backup of the data could be done over HTTPS (any better ideas are appreciated)

Questions:

1. What if the user forgets his device password.
2. If the user forgets his application password, what is the best and secure way to reset the password?
3. If the user losses the phone, remote backup must be done and the application data must be cleaned up.

I have some ideas on how to achieve (3) and shall share them. There must be an off-line verification of the user's identity and the administrator must provide a channel using which the user must be able to send command to the device to perform the wiping of application data. The idea is that the user is ALWAYS in control of his data. Without the user's consent, even the admin must not be able to do activities such as cleaning up the data.

In the above scheme of things, it appears as if the user's password need not be sent over the air to server. Am I correct?

Thanks,

--Kiran Kumar

If by device password you are refering to the one set at Options -> Password, if it is lost the data on the device will no longer be recoverable (especially if data protection is enabled). A BES can force a device password, an application can't. The best you could do is not operate unless a password has been set, but as far as I know you can't determine if one has, or has not. The device could be locked with the simple keyboard lock.

Any scheme where the server has any knowledge of users' passwords is only as secure as the server. There are ways to authenticate users without exchanging a password.

I have to say though, as a BES administrator, some of the features you are planning would result in us blacklisting your software. No one wipes our Blackberries but us.

Regarding point #1 - not everyone uses a device password. It may be mandated by a BES policy but there are many consumer devices just on BIS that do not have a device password configured.