While I don’t like to read press releases, let alone quote them, this one managed to catch my attention. It introduces a product called “Mobile PKI” for Blackberry’s, that promises to enhance the security of communications between Blackberry devices and your company’s servers:

blackberry-pgp

Amongst others Mobile PKI (BlackBerry) supports companies at:

  • Secure use of BlackBerry’s within the company
  • Protection of private keys with strong 2-factor authentication
  • Realization of a password policy for mobile devices
  • Use of existing user and certificates for BlackBerry’s
  • Cost-efficient realization of data protection on PDA
  • Creation, distribution and installation of certificates

Apart from the fact that they need to hire a better translator, the product sounds interesting. It encrypts all data that is sent between the blackberry enterprise server (BES) and the protected devices, by using certificates on the devices. This means any data passing through RIM’s servers is supposedly safe.

However, the press release and the company’s website are pretty light on details. Here are some questions I’d ask if I was interested in these kinds of solutions:

  • What encryption is used? Their website is full of buzzwords such as “PKI”, “X.509”, “2-factor authentication” et cetera, but there are no details on the actual implementation of the encryption.
  • What kind of performance overhead does this cause?
  • How are the certificates protected, and what happens if a private key is lost?
  • Is data on the Blackberry encrypted, or only the communications with the BES?
  • And, last but not least, how secure is their “2-factor authentication”? From their FAQ:
    “By binding of the key store to the device-ID and/or the SIM-card a 2-or multiple-factor authentication may be realized”.
    That’s very nice, but aren’t both the device-ID and the SIM card normally stored in the same device you are protecting? If so, how does this increase security?

Anyway, I’m sure we’ll hear more about this product soon, and I think there might be a big market for these types of solutions as more people start using PDA’s and smartphones.