Details on How eBBM and BBM Protected Work to Secure BBM


We have been hearing quite a bit of superficial details on the upcoming launch (This month or next) of eBBM or BBM Protected as it is sometimes called. My buddy Bla1ze over at CrackBerry managed to get some of the real details on the service beyond the high level stuff we were hearing before. We know that regular BBM messages are scrambled and now encrypted but with eBBM this is all about to change. Companies just pay a license that adds a new IT Policy for BlackBerry 10 and BlackBerry legacy devices that ENCRYPTS the BBM chats.

The coolest part of this whole deal is that it works across enterprises. That means if you work at company A with eBBM and you message somebody else at company B who also has eBBM then the message will be encrypted automatically! It uses a PGP like public/private key model while still allowing companies to log the conversations if they are legally required to on their BES server. This works for 1 to 1 chats along with multi person chats and BBM Groups so its all around.

Here are the full details Bla1ze scored:

  • Secure mobile messaging with BBM Protected – BBM Protected allows employees to take advantage of the speed, reliability and privacy of BBM for faster communication, collaboration and decision making while providing security conscious organizations enhanced enterprise grade security over corporate data.

  • Protect your assets end to end – BBM Protected is the only secure mobile instant messaging app that uses a FIPS 140-2 validated cryptographic library. Whether you’re a regulated business, or a highly security conscious organization, BBM Protected offers an enhanced security model for BBM messages sent between BlackBerry smartphones. BBM Protected protects corporate data in transit by adding an additional layer of encryption to BBM and follows the BES model by having the encryption keys under the control of your organization.

  • Protecting data in transit – BBM Protected is designed to provide full end to end message encryption from the time that a BBM Protected user sends a message to when the recipient receives the message. BBM Protected introduces a new layer of encryption to the existing BBM security model. These 3 layers of security work together to offer advanced enterprise grade protection of BBM messages end to end in transit.

  • BBM Protected introduces a new layer of encryption where your organization holds the encryption keys. – Messages between BBM Protected users are encrypted using a PGP like model. The sender and recipient have unique public / private encryption and signing keys. These keys are generated on the device, by the FIPS 140-2 certified cryptographic library, and are controlled by the enterprise. BBM and BlackBerry are not involved in brokering the key exchanges so at no time are they stored within the BlackBerry infrastructure. Plus, each message uses a new random symmetric key for message encryption. Even if one message in a conversation were somehow compromised, the remaining messages would remain protected. Triple DES 168-bit BBM scrambling key encrypts messages on the sender’s smartphone, and is used to authenticate and decrypt messages on the recipient’s phone. TLS encryption between the smartphone and the BBM infrastructure helps protect BBM messages from eavesdropping or manipulation.

  • Protecting data on the device – BBM Protected builds upon the proven BlackBerry security model, trusted by security conscious organizations around the world. The secure root of trust starts in hardware and extends up through software and application layers helping to protect BBM messages at all times when they are at rest on the device.

  • Turbocharge employee productivity – Speed up communication, collaboration and sharing between employees with the speed, confidence and privacy loved by over 85 million BBM users worldwide.

  • Security made simple – All the added security offered by BBM Protected happens in the background. When a BBM Protected user sends a message, if the recipient is also a BBM Protected user then their conversation is automatically subject to the added level of encryption. BBM Protected works seamlessly with one-to-one BBM chats, multi person chats and even BBM Groups. There’s no compromise to what you can do over BBM with BBM Protected, so employees have access to all the great features that make it ideal for work and play.

  • A single app for all chats – inside and outside the company – BBM Protected enables employees to use the same app to securely message colleagues inside the company for work as they do to chat and share with family and friends outside the company. BBM Protected chats aren’t limited to users inside the company either; employees can chat securely with BBM Protected users at others companies too – they do not need to be on the same BES server and no federation between servers is required. All this happens seamlessly through a single contact list and single chat list making messaging with BBM Protected fast, easy and hassle free.

  • Designed for mobile. Built for speed. – BBM is the ideal business communication tool because it’s mobile and fast! Messages on BBM are read within seconds and unlike enterprise IM clients that originated on the desktop, BBM offers a better mobile experience – one that employees will embrace and enjoy on their smartphones. BBM is built for action allowing one to one chats, group discussions, file sharing, and BBM Voice calls to happen with speed and mobility you can’t get over email so that employees can be more responsive and more efficient.

  • Know they read your message – Communicate confidently with delivery and read notifications that let you know that the other person has received and actually saw your message. Because sometimes knowing it got there just isn’t enough.

  • Leverage your investment in BlackBerry – BBM Protected is designed to offer the security benefits of a behind the firewall on premise solution with the convenience benefits of a cloud solution.

  • Easy to deploy & manage – It’s easy to equip your users with BBM Protected. Unlike other IM solutions which often require your organization to purchase additional hardware, deploy additional servers, federate with other systems and learn new management consoles, BBM Protected is added as an IT policy through the BES console you are using today. There’s no new hardware to purchase, no new servers to install, and no BlackBerry smartphone operating system software updates required. And with IT policy amalgamation, you can quickly add BBM Protected to existing IT policies.

  • Secure intercompany messaging comes built-in – Messages between BBM Protected users are automatically encrypted using the advanced public / private key pair – even if those users work in different companies, and all without any complex, costly federation required.

  • Powerful management and control – BBM Protected works with the logging and auditing capabilities available through BES today allowing you to meet regulatory and compliance requirements.

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2022’ BerryReview LLC