Hong Kong 2018

Hong Kong 2018

Secure Storage and Protecting Data at RestEK Choi, Enterprise Solutions Manager

© 2017 BlackBerry. All Rights Reserved. 4

4

Secure Storage – Protecting Data at Rest

§ The BlackBerry Dynamics Runtime protects data at rest in a secure store:§ Simple Implementation of APIs

§ The APIs are either replacements for native APIs or provide a similar interface

§ The APIs behaves like the default file system including creating files and managing directory structures, etc.

§ Secure storage features:

§ All data within the secure storage system is stored in an encrypted form

§ The secure storage system remains locked until BlackBerry Dynamics authorization processing is complete

§ Data is deleted when the BlackBerry Dynamics application is deleted.

§ Data is encrypted on the device§ Encryption and decryption is transparent to the application code

§ Specifics of cryptography published in security white paper

§ Path & File names are encrypted as well as file content

§ Secure store is within the app sandbox

© 2017 BlackBerry. All Rights Reserved. 5

Secure Store Encryption and Decryption - WriteEncryption is transparent to the application

BlackBerry Dynamics Runtime

Device storage

It could be very fresh and clean. This about the things on the table.

Writes clear data

Application layer

Secure Storage API

§ The application code writes clear data to the BlackBerry Dynamics Secure Storage API

§ The Runtime encrypts the data and writes it to the local device storage

10028urjfjaieur3u8r49gJIJF93ifj935JRJF8VMF4JEJ390jifj935387h7re7owhfuoahufaofojpo444i8o

Writes encrypted data

© 2017 BlackBerry. All Rights Reserved. 6

Secure Store Encryption and Decryption - Read

BlackBerry Dynamics Runtime

Device storage

10028urjfjaieur3u8r49gJIJF93ifj935JRJF8VMF4JEJ390jifj935387h7re7owhfuoahufaofojpo444i8o

Application layer

Secure Storage API

§ Read functions decrypt stored data and return in clear

It could be very fresh and clean. This about the things on the table.

Decrypt stored data, return in clear

© 2017 BlackBerry. All Rights Reserved. 7

7

Secure Store Programming Interfaces§ Example APIs to access the Secure Store:

§ Android SDK§ com.good.gd.database package for the secure SQL database§ com.good.gd.file package for the secure file system

§ These have the same interfaces as equivalent native packages

§ GDAndroid.getGDSharedPreferences( ) – Secure Store protected Shared Preferences

§ iOS SDK§ GDFileManager, GDFileHandle and related classes for the secure file system

§ The secure SQL database API is the same as the SQLite C API§ GDPersistentStoreCoordinator class for secure Core Data

§ Cordova SDK for Android or iOS§ File system and SQL access is automatically overridden with the secure store equivalents§ HTML5 Local Storage is supported and transparent

§ Use the Cordova APIs without changes

© 2017 BlackBerry. All Rights Reserved. 8

8

Secure Store Programming Interfaces§ Also available for Xamarin Bindings, Windows SDK, and macOS SDK

§ In the Bindings for Xamarin§ C# bindings for BlackBerry Dynamics iOS and Android API’s

§ In the Windows SDK§ GDFile* classes§ GDSqlite* classes§ GDStorage* classes

§ In the macOS SDK (similar to the iOS SDK)§ GDFileManager§ SQLite library§ GDPersistentStoreCoordinator for CoreData§ GDCReadStream and GDCWriteStream

© 2017 BlackBerry. All Rights Reserved. 9

9

Workbook Samples§ Secure File System Secure SQL Database

© 2017 BlackBerry. All Rights Reserved. 10

10

Happy Coding!

You are now ready to complete the following section of the Developer Summit Workbook on the platform of your choice:

q Session: Secure Storage and Protecting Data at Rest

§Exercise One: Secure Store File

§Exercise Two: Secure Store Directory

§Exercise Three: Secure SQL Database

Completed projects are available to download in the Developer Summit Site

Readiness page: www.blackberrydevsummit.comAPI Reference: https://developers.blackberry.com/us/en/resources/api-reference.html

Please do not hesitate to ask for help from any of the developer support staffiPad and iPhone are trademarks of Apple, Inc., registered in the U.S. and other countries. Android is a trademark of Google Inc. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Windows is a registered trademark of Microsoft Corporation in the United States and other countries. BlackBerry is a trademark of Research In Motion Limited.

© 2017 BlackBerry. All rights reserved.

Thank You