BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 11-15-2006, 01:05 AM   #1 (permalink)
New Member
 
Join Date: Nov 2006
Model: none
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default End-to-end encryption

Please Login to Remove!

Hello,

I'm working on a medical project where we need end-to-end encryption of messages sent to doctors.

I realize that all messages are encrypted from the tower to the Blackberry, but we need them encrypted as they travel across the Internet to the tower as well. We would prefer to avoid setting up a BES unless it is absolutely necessary; the people receiving the messages are not our employees, so don't generally host their mail with us, and may even have another BES from their hospital.

Here are the things I've thought of, though I'm open to any suggestions.
  • Blackberry's SMTP servers don't seem to support any kind of encryption, so that won't work. Anybody know if this is possible?
  • I can't tell whether a BES is required for S/MIME or PGP support in the client. Has anybody tried this? With the appropriate add-ins installed, is it possible to send a standard S/MIME or PGP message to a standard Blackberry customer (no BES) and have them read it?
  • Are there any third-party mail applications that support encryption and push email?
Thanks for any thoughts,

----ScottG.
Offline  
Old 11-15-2006, 01:29 AM   #2 (permalink)
Grumpy Moderator
 
NJBlackBerry's Avatar
 
Join Date: Aug 2004
Location: Somewhere in the swamps of Jersey
Model: iPh6
Carrier: AT&T
Posts: 27,813
Post Thanks: 33
Thanked 442 Times in 382 Posts
Default

I believe the only way to do this is using BES, and, as answered in another thread, you would need to have Exchange, Notes or Groupwise as your back end e-mail system.
Offline  
Old 11-15-2006, 11:27 AM   #3 (permalink)
BlackBerry Extraordinaire
 
Join Date: Jan 2005
Model: Many
Carrier: Sprint
Posts: 1,475
Post Thanks: 0
Thanked 6 Times in 5 Posts
Default

If the people receiving the messages aren't using a BB, or going to an Email box, it won't be encrypted at the end user point anyway. Encryption requires a device, or software, to encrypt and the other device, or software, to un-encrypt.
Data from wireless devices are, at minimum, 128 bit SSL, so the transport layer is always secure.

Quote:
Originally Posted by sgifford@suspectclass.com
Hello,

I'm working on a medical project where we need end-to-end encryption of messages sent to doctors.

I realize that all messages are encrypted from the tower to the Blackberry, but we need them encrypted as they travel across the Internet to the tower as well. We would prefer to avoid setting up a BES unless it is absolutely necessary; the people receiving the messages are not our employees, so don't generally host their mail with us, and may even have another BES from their hospital.

Here are the things I've thought of, though I'm open to any suggestions.
  • Blackberry's SMTP servers don't seem to support any kind of encryption, so that won't work. Anybody know if this is possible?
  • I can't tell whether a BES is required for S/MIME or PGP support in the client. Has anybody tried this? With the appropriate add-ins installed, is it possible to send a standard S/MIME or PGP message to a standard Blackberry customer (no BES) and have them read it?
  • Are there any third-party mail applications that support encryption and push email?
Thanks for any thoughts,

----ScottG.
Offline  
Old 11-15-2006, 12:14 PM   #4 (permalink)
CrackBerry Addict
 
Join Date: Aug 2004
Model: 950
Carrier: robbers
Posts: 909
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

You need to hire an IT professional who can help you in this regard. Building an architecture in this manner, to ensure all points in between are enrypted will require extensive knowledge of how all these protocols and systems work.

Or have a RIM or your carrier sales consultant talk to you..;
Offline  
Old 11-15-2006, 04:51 PM   #5 (permalink)
New Member
 
Join Date: Nov 2006
Model: none
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

southwestcomm -- we're only interested in sending to Blackberries; for this application, we don't care about the security of messages from the BB. And the transport layer, as far as I can tell, is only secure from the tower to the BB; from our machine to Blackberry.com's SMTP server is not.

headtailgrep -- I am the IT professional. Unfortunately I haven't worked much with Blackberries before. We've talked to our carrier, and their only idea was to use a BES and MS Exchange. For various reasons, we'd prefer to avoid Windows and Exchange if possible, which is why we're looking for other solutions.

Thanks for the responses so far! Please let me know if anybody has any other ideas or thoughts.

----Scott.
Offline  
Old 11-15-2006, 07:54 PM   #6 (permalink)
Thumbs Must Hurt
 
Join Date: Sep 2004
Model: 8700
Carrier: T-mo
Posts: 162
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

First, you should look at a BES deployment. With a BES, encryption happens between your mail or intranet server all the way to the Blackberry.

Is that enough? Do you trust yourself and your peers running these servers? If not, you need to look at S/MIME and PGP add-on solutions. (Call RIM and they have it).
Offline  
Old 11-15-2006, 07:58 PM   #7 (permalink)
Thumbs Must Hurt
 
Join Date: Sep 2004
Model: 8700
Carrier: T-mo
Posts: 162
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

BTW, if you want to avoid Windows and exchange, the BES fully supports Lotus Domino and Novell Groupwise.

Otherwise, you can also develop custom applications that uses HTTPS. Although these kind of applications are generally much slower and waste more battery.
Offline  
Old 11-15-2006, 11:21 PM   #8 (permalink)
New Member
 
Join Date: Nov 2006
Model: none
Posts: 7
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks patrickh,

I didn't realize that Domino and Groupwise run on platforms other than Windows, thanks! It looks like BES still only runs on Windows, though?

What I'd really like is to send an encrypted message to a blackberry exactly like other messages get to their blackberry, and have a PGP or S/MIME client to decrypt the messages when they get there. Very easy to implement, very reliable, very secure. But for some reason this seems to depend on having a BES, which for some reason depends on having a messaging platform, which is a lot of overhead and a lot of cost for something that should be very simple...
Offline  
Old 11-16-2006, 01:43 PM   #9 (permalink)
Thumbs Must Hurt
 
Join Date: Sep 2004
Model: 8700
Carrier: T-mo
Posts: 162
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes the BES only runs on Windows I think..

Without the BES, I suppose technically you can develop a custom app to decrypt PGP/SMIME messages, I just don't know how good the user experience will be, and that is a lot of cost.. time and effort and testing.

And compare to any medical equipment, the cost of the BES is nothing..
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.