More details emerge about eBBM and BBM Protected

By Bla1ze on 12 Jun 2014 10:23 pm EDT

BlackBerry has already announced their eBBM Suite and BBM Protected but aside from a few demos from Enterprise events and brief explanations of how it all works, there's hasn't been a ton of info relayed about it.

Luckily though, some more information has now come up offering us some better insight into the expectations BlackBerry has for it, how it'll work and how people are essentially expected to use it on their BlackBerry smartphones. You'll want to settle in, the bullet points are a fairly long read.

About BBM Protected

  • Secure mobile messaging with BBM Protected - BBM Protected allows employees to take advantage of the speed, reliability and privacy of BBM for faster communication, collaboration and decision making while providing security conscious organizations enhanced enterprise grade security over corporate data.

  • Protect your assets end to end - BBM Protected is the only secure mobile instant messaging app that uses a FIPS 140-2 validated cryptographic library. Whether you're a regulated business, or a highly security conscious organization, BBM Protected offers an enhanced security model for BBM messages sent between BlackBerry smartphones. BBM Protected protects corporate data in transit by adding an additional layer of encryption to BBM and follows the BES model by having the encryption keys under the control of your organization.

  • Protecting data in transit - BBM Protected is designed to provide full end to end message encryption from the time that a BBM Protected user sends a message to when the recipient receives the message. BBM Protected introduces a new layer of encryption to the existing BBM security model. These 3 layers of security work together to offer advanced enterprise grade protection of BBM messages end to end in transit.

  • BBM Protected introduces a new layer of encryption where your organization holds the encryption keys. - Messages between BBM Protected users are encrypted using a PGP like model. The sender and recipient have unique public / private encryption and signing keys. These keys are generated on the device, by the FIPS 140-2 certified cryptographic library, and are controlled by the enterprise. BBM and BlackBerry are not involved in brokering the key exchanges so at no time are they stored within the BlackBerry infrastructure. Plus, each message uses a new random symmetric key for message encryption. Even if one message in a conversation were somehow compromised, the remaining messages would remain protected. Triple DES 168-bit BBM scrambling key encrypts messages on the sender's smartphone, and is used to authenticate and decrypt messages on the recipient's phone. TLS encryption between the smartphone and the BBM infrastructure helps protect BBM messages from eavesdropping or manipulation.

  • Protecting data on the device - BBM Protected builds upon the proven BlackBerry security model, trusted by security conscious organizations around the world. The secure root of trust starts in hardware and extends up through software and application layers helping to protect BBM messages at all times when they are at rest on the device.

  • Turbocharge employee productivity - Speed up communication, collaboration and sharing between employees with the speed, confidence and privacy loved by over 85 million BBM users worldwide.

  • Security made simple - All the added security offered by BBM Protected happens in the background. When a BBM Protected user sends a message, if the recipient is also a BBM Protected user then their conversation is automatically subject to the added level of encryption. BBM Protected works seamlessly with one-to-one BBM chats, multi person chats and even BBM Groups. There's no compromise to what you can do over BBM with BBM Protected, so employees have access to all the great features that make it ideal for work and play.

  • A single app for all chats – inside and outside the company - BBM Protected enables employees to use the same app to securely message colleagues inside the company for work as they do to chat and share with family and friends outside the company. BBM Protected chats aren't limited to users inside the company either; employees can chat securely with BBM Protected users at others companies too – they do not need to be on the same BES server and no federation between servers is required. All this happens seamlessly through a single contact list and single chat list making messaging with BBM Protected fast, easy and hassle free.

  • Designed for mobile. Built for speed. - BBM is the ideal business communication tool because it's mobile and fast! Messages on BBM are read within seconds and unlike enterprise IM clients that originated on the desktop, BBM offers a better mobile experience – one that employees will embrace and enjoy on their smartphones. BBM is built for action allowing one to one chats, group discussions, file sharing, and BBM Voice calls to happen with speed and mobility you can't get over email so that employees can be more responsive and more efficient.

  • Know they read your message - Communicate confidently with delivery and read notifications that let you know that the other person has received and actually saw your message. Because sometimes knowing it got there just isn't enough.

  • Leverage your investment in BlackBerry - BBM Protected is designed to offer the security benefits of a behind the firewall on premise solution with the convenience benefits of a cloud solution.

  • Easy to deploy & manage - It's easy to equip your users with BBM Protected. Unlike other IM solutions which often require your organization to purchase additional hardware, deploy additional servers, federate with other systems and learn new management consoles, BBM Protected is added as an IT policy through the BES console you are using today. There's no new hardware to purchase, no new servers to install, and no BlackBerry smartphone operating system software updates required. And with IT policy amalgamation, you can quickly add BBM Protected to existing IT policies.

  • Secure intercompany messaging comes built-in - Messages between BBM Protected users are automatically encrypted using the advanced public / private key pair – even if those users work in different companies, and all without any complex, costly federation required.

  • Powerful management and control - BBM Protected works with the logging and auditing capabilities available through BES today allowing you to meet regulatory and compliance requirements.

Among some of the other stuff included for the security concerned folks out there, you can send 1:1 encrypted BBM messages between BlackBerry OS and BlackBerry 10 devices, have multi-party chats, BBM group chats and file transfers, though for now it appears the file transfers may only be limited to BlackBerry OS for the time being.

Needless to say, eBBM and BBM Protected is pretty much BBM on steroids when it comes to protection. Hopefully, we'll be hearing more about it on a more official level soon (BlackBerry has mentioned June) but for now, tell us what you all think about eBBM and BBM Protected.

Reader comments

More details emerge about eBBM and BBM Protected


So without the assistance of BlackBerry, the police could not hack into BBM Protected and / or eBBM !

Z30 : posted via CB10 app

Just like BES, BlackBerry does not originate, hold or or know what the encryption keys are. They are not actively involved in the process. So they can't help cracking the code. This version of BBM rises to that level. The RCMP were at to hack into the regular encryption on consumer BBM that is still more robust than any other messaging platform.

From my Neutrino Powered Z10

So BBM , BBM Protect and eBBM On the BB10 platform today is all hackable ?
I know this crime mafia bust concerning these PIN 2 PIN messages was on BIS and on old BBOS devices !

Either way the only way to hack the older BBM was via a focused and dedicated police force approach.
I wonder if it's more difficult to hack BBM, BBM Protect and eBBM on the BB10 platform ?

Z30 : posted via CB10 app

BBM is hackable - single key for all devices. More secure than SMS, but still not considered really secure.

The whole point of BBM Protect and eBBM is to allow organizations to use BBM as a secure means of communication, while meeting the requirements of retention. In other words the Police will have access by issuing a warrant to the company for the communication logs that BBM Protect will have. But outside interception and decryption will be limited to those with super computers.....

Bla1ze, don't forget the BES Cloud option... not avail now, but will, soon. then it'll be "cost of a coffee a month" then add the eBBM CAL. So, for a "prosumer" were probably talking about something under $10 per month. ( random estimation)

Posted via CB10

I'd pay that!!!! Especially if gives me BlackBerry Balance!!! I want that bad. BBM Protected would be a bonus :)

Posted via CB10

But you have to convince your bbm friends as well to pay for it. Otherwise bbm security is not better than today.

Posted via CB10

Mmmhhhhh....... just to be one of the few that enjoy this exclusivity....

Everyone else is on G-products, MicroStuff, iMetoo....

"No Q10?" -> "Buy from Chen... "

Talk to yourself much....

This is for organizations - not for talking between organizations or individuals.

If you get this for you and your family... fine. You can securely eBBM one another, but to BBM anyone else not one the same server with the same key... it would have to be via the regular BBM.

No, you can securely BBM with others on eBay if they too are on that system even if it's not the same organization (family). Re-read.

Posted via CB10

Whoa. Now, that's something that might have some legs for a niche consumer market.

Q10SQN100-1/ CB10'n

Or as I read into it. Perhaps a large unintended demographic will use this. By having the client control the keys, would this negate the restrictions that some of the middle eastern countries have put on BlackBerry? That is, could someone in one of those countries purchase servers and use BES10 and eBBM to get around their government interception?

If so, the potential client base grows with every organization that would need to keep their communication private, whether it be from their own government, foreign government, the military or perhaps the police. Could be an excellent source of revenue.

Posted via CB10

Privacy is a treasured good if you don't have it, but need it.

Not just for illegitimate purposes, but the Christian minorities in many Islamic countries are persecuted...

"No Q10?" -> "Buy from Chen... "

If you are a private company in a country where the police has a warrant to bend the company's integrity, then the police will access your protected data.

It won't be a hack, but simply the regalian police force in action.

Posted via CB10

I think they're trying to drive home a message.

Probably because it's not intended (as a root message) to individuals, but enterprises.

Apple's products are "I" (like in "myself")
BlackBerry's "e-" is for... enterpises.
How deep the symbol... ;)

Posted via CB10

So this new BBM protected and eBBM will have a new security key for every message so even if they manage to hack one message the ability to hack a whole series of messages is way more difficult vs the old BBOS BBM and the current BB10 BBM messenger

Well personally I agree with the point of secure and fast messaging for the work environment. Dealing with millions of dollars and info that needs to be secure just makes sense.

I like.

Z30 best ever

Perhaps I missed it but is there no BBM Videochat or screen share with this service? As I said, perhaps I missed it.

Posted via CB10

So eBBM and BBM protected is the same thing? Or different releases?

Signature - Google wants your info. What are you gonna do about it?

Blaze, can you do an article clarifying the recent news that the ramp can read BlackBerry pin to pin messages?

Posted via CB10

It's easy.

Security has 5 pillars.
A Authentication (you are who you say you are)
B Authenticity (the message received by the recipient is the same as the message sent by the sender)
C timestamp (you cannot fake the time you send a message)
D confidentiality (if your message is intended only for the recipient, nobody else will be able to read it)
E non-repudiability (if you have opened a message, you cannot pretend that you did not).

E is the check,delivered, read indicator.

The confidentiality is guaranteed with BBM Protect, but not with BBM or PIN 2 PIN, which are just encoded messages, as opposed to encrypted.

An encoded message can be easily decoded, as long as you know the algorithm to do it. Example. A music file encoded in MP3 can be read by any player that has the MP3 decoder.

An encrypted message can be intercepted, but the confidentiality is preserved because decrypting it requires several secret items (the keys). BBM Protect uses such an encryption method, and confidentiality is the result.

Posted via CB10

This looks cool and all, but I am just dying to know more about BlackBerry Blend. I can't wait to get Blend going on my dash mounted PlayBook.

It is not clear that the BBM messages from other devices managed on BES are also protected at the same level as BB10 or BBOS devices!

I am not sure of understanding your sentence.

It is as if you compare the security of your house with the security of a high-tech limousine. There is no relation.

Posted via CB10

Oops, my bad.
I was referring to other iOS and Android devices manged on BES 10 get the same level of protection (BBM protection) like BB phones on BES 10.

It becomes clear, in the world of MDM, IM is a critical feature. BBM has just gone from leading the pack. To what becomes an Untouchable lead.

Considering all BBM messages can be saved & sorted by each corporation that uses it. The future of email is in BlackBerry sights! The future communication needs of business is BBM!

C0007CCC8 PING BlackBerry info Channel

They should look at how Slack IM client works - I found it very intuitive to use and easy to sign up at the office. Might be a bit hard competing with slack.

Posted via CB10

Slack? Never heard of it, bit did search it. It doesn’t work on BlackBerry and I doubt it comes close to the security of BBM never mind eBBM. Besides, how difficult us it to sign up for something that already exists on your device? When I authenticated each of my BB10 devices, it was so easy, I was sure there were more steps. Full disclosure here... have you an interest in Slack?

Posted via CB10

Lol. That's very teasing. So I am supposed to take your honest word for this? Guess that I am. Now I am only more curious to your sources.. and to what you know!

Stuff like this is why I truly love BlackBerry and think they represent something unique in our increasingly scary, messed up NSA-world.

Posted via CB10

•SecFlag Contacts => Security Flagged Contacts. This would simply be a status you can set a contact to which will instruct BBM to initiate a key handover first prior to calling/chatting with a recipient in order to encrypt the chat/call using custom security keys. This could be a premium feature, allowing business men to set the flag on some of their contacts, indicating they want elevated encryption when initiating a chat/voice call with that contact.

Someone has been reading the forums :)

Way more important for me would be a option to finally store and archive a already received and locally stored chat history.
A backup or export function to conserve what was discussed and to make the whole thing reliable, not just a toy.

Posted via CB10

Current BBM is NOT encrypted other than with a GLOBAL encryption key. ALL BBM messages can be intercepted at this point. BBM Protected adds another layer of encryption, one owned by the BES owner (company, enterprise, agency) AND each message is separately encrypted. It would take a very dedicated attack to get a single message, let alone an entire conversation.

So far the only documented Hack news of BBM is with BBOS devices and BBOS PIN 2 PIN Messages.
Nothing on BBM on the BB10 platform. But let's say it is the same what prevents a Cop to leave the police force and sell the knowledge on how to hack BlackBerry BBM ?

Aka: Snowden...releasing all his secrets.

Z30 : posted via CB10 app

Nothing, anyone with the know how and resources could intercept the messages. Do NOT consider it secure. BBM Protected IS secure

Do you listen to mp3 music files? They are compressed files using an algorithm than encodes the original audio file.

And then when you want to listen to it, you need an MP3 player, but technically it is rather an app with a decoder, which will decode the encoded files. The set of both is... yes, exactly. the codec.

Pin-to-pin messages and BBM messages are encoded. Which means that provided you have the decoder, if you intercept the messages (which is easy as easy for BBM protect or email or SMS or BBM or iMessage or WhatsApp), then you are able to decode the message and read them.


That being said, BBM Protected adds on top of the codec stuff, some encryption. It is an evolved way of using locks and keys. So when you intercept an encrypted message, decrypting it is not just a matter of knowing how the encryption works. You need some secret info.

Those secret pieces of informations, are not stable. They change over time, in an unpredictable way. That changing method is the pillar that allows to say that BM Protect preserves the confidentiality of your messages.

Posted via CB10

Good work, good news for investors, start to monetise bbm and reinvest. 10 years from now they will be light years ahead of the competition.

I would pay for this as a prosumer, bring on BES in the cloud.

Posted via CB10

Slick Stuff

NOW GO OUT AND Market the living shit out of this...for Christs sake!!!

My biggest BITCH with this company is it's complete and total INABILITY to to sell itself on the world stage.

Via what's really, a BOLD X....on X.II.I

What I liked most is that bbm chats are encrypted independent of what BES you're both on. That's great for areas like health care where collaboration between entities is increasingly common. If they can make it work with iOS and Android, even better.

Posted via CB10

I wonder if BBM will visually indicate when you are in a chat using eBBM encryption vs in a chat using regular BBM encryption.. like a little icon up where the video chat button is..

The security around this is great, but enterprises already have Microsoft Lync, IBM Sametime, or Google for chat services. To compete, eBBM has to work on every device AND it has to allow secure chat to these other platforms, like Blackberry's Enterprise Instant Messenger (EIM) does. If it only connects mobile users, and I need another application to talk to users on PCs at their desks, it will never fly. Blackberry needs to replace EIM with eBBM, and have it talk to all these common platforms, and make it available on the 4 major mobile platforms. Maintain the security 100% where possible, but allow connections using the other chat protocols as required to allow me to chat with the people I need to reach, on their preferred device.

now, just add a desktop client, that includes the screen sharing and video and voice options and I might be able to convince my company to drop lync and mobileiron before they really get rolling here.

This looks like a great marketing move, especially given the refocus on enterpise, but it's nothing but frustrating for non-corporate users.

I'd be interested to hear what people think of this idea. One way for us to use BBM to deliver encrypted messages is use PGpgp to encrypt the message, save it to a file, and transfer the file using BBM. (Of course, this presumes that both parties have a little more knowledge than the average user.)

Why use BBM to transfer the pgp encrypted file at all when email encryption just works? As I see it, this might avoid the scrutiny that encrypted email attracts.


Posted with my Zed30

I currently sport two Q10's one for work and one for personal because I don't want to mix work and personal contacts on BBM. BBM is quite a personal experience to me and I don't want to bring my work life into it.

I really hope they offer two BBM accounts on one device. As in a BBM client in my personal space and a BBM client in my work space. Until they do this, all of the cool stuff with the work/personal spaces goes to waste because I won't BYOD (BMOD I guess).

And quite frankly in a Non-BYOD scenario like mine I find the personal/work concept quite annoying compared to having mixed content on my 9900. I don't use my work device for anything personal, yet I have to manually traverse into the work space for my default activities.

In order for the way BB10 works in enterprise to make sense I really need to bring my own device and have a clear partition between work and personal BBM contacts.

Here's some obvious examples of why.

1) apprehensive of posting a photo of say me and my friends enjoying a few too many beers
2) have to be extra PC and conscious about status updates. I'm not going around throwing up hate speech but do I really want to risk missing my next promotion because my boss doesn't appreciate my point of view on something?
3) accidentally sending the wrong thing to the wrong person. Honestly this happens sometimes. Some people have the same name and I only can tell by display pic. It's a lot easier to say ops to a friend.

Posted via CB10

I hope they fix the basic issues still remaining on the iPhone version. At a conference I was able to convince the group to use BBM, but the iPhone user had some messages get resent over and over, at least for a day or two after.

One was a message from me, while the other was a notification that I posted a photo.

Others on Q10, HTC and S3 Android didn't have those. I was on a Z10.

My wife no longer wants to use it on her iPhone because she's not alerted all the time, when I send her a message.

Posted via CB10

Ok. This sounds Great!!! But when is BlackBerry going to advertise this info to the general public. And advertise their BEST phone ever made, the Z30. My stock in BlackBerry is in neutral. Its a shame nobody knows about this, loyal fans of the company.

Posted via CB10