15 Dec

BlackBerry’s Little Gem

Has BlackBerry hit rock bottom? Look at the following chart for BlackBerry’s stock price and value.


BlackBerry’s stock right now is around $6.06, which is up from $5.89 (all time low?).

It is crazy. BlackBerry has millions of users, with a strong history in the global Enterprise/IT market, with secure software and infrastructure, and communication-and other kinds of apps for Mobile. For years, BlackBerry have had a little gem that not many people talk about. If you have been in Mobile for a while, you will remember a company called Certicom and their IP around Elliptic Curve Cryptography (ECC), which was acquired by BlackBerry around 2009 or so, and that (for better or worst) even the NSA uses and recommends.

ECC is a very strong encryption algorithm with great characteristics, especially when it comes to Mobile, which is even more important after the rumors around RSA-encryption and NSA backdoors. Some of ECC’s advantages include: (1) Shorter keys are as strong as long key for RSA, (2) Lower on CPU consumption, and (3) Lower memory usage, when compared to other algorithms.

BlackBerry should be maximizing/monetizing ECC in major ways. The following is from The Case for Elliptic Curve Cryptography (NSA):

Despite the many advantages of elliptic curves and despite the adoption of elliptic curves by many users, many vendors and academics view the intellectual property environment surrounding elliptic curves as a major roadblock to their implementation and use. Various aspects of elliptic curve cryptography have been patented by a variety of people and companies around the world. Notably the Canadian company, Certicom Inc. holds over 130 patents related to elliptic curves and public key cryptography in general.

BlackBerry should turn the above into an opportunity.

I think having Mr. Chen run the BlackBerry is a good thing — I’ve the feeling he will do better than any of the previous CEOs; there is hope for BlackBerry. He should focus on their core assets and skills: from Enterprise to mobile, mobile device management (MDM), and security (ECC). One thought is to exit the hardware space and focus on Software — as Mr. Andreessen well said: “software is easting the world”.


Related to this:

* BlackBerry: Not dead yet! Seriously

* BlackBerry’s Potential Biggest Patent Asset: Elliptic Curve Cryptography

05 Aug

The BlackBerry Ban Debacle and General Implications

And the world has suddenly gone paranoid and/or Big-Brother with RIM:

  1. In the UAE where “The issue … against BlackBerry’s super-secure encrypted services” (Reuters);
  2. In India where “Indian officials say they need to be able to intercept BlackBerry messages” (Information Week);
  3. In Indonesia where “We don’t know whether data being sent through BlackBerrys can be intercepted or read by third parties outside the country,” (USA Today).

Their arguments are around the inability by the respective governments to monitor messages due to BlackBerry’s 1) strong encryption products and RIM not willing to share the device’s master-key to break into the messages, and 2) RIM’s central Infrastructure with data-centers in Canada and the UK.

From Reuters article:

“We are very clear that any BlackBerry service that cannot be fully intercepted by our agencies must be discontinued. Offering access to data is part of the telecom licensing guidelines and has to be adhered to,” the newspaper quoted an unnamed security official as saying.

Background Info
There are two solutions for BlackBerry: 1) BlackBerry Internet Service and 2) BlackBerry Enterprise solution.

The BlackBerry Internet Service is not necessarily that secure:

Email messages and instant messages that are sent between the BlackBerry® Internet Service and your BlackBerry device use the security features of the wireless network. Messages that are sent between your messaging server and the BlackBerry Internet Service are automatically encrypted if the server supports SSL encryption.

Other encryption mechanisms include PGP and S/MIME.

On the other hand, the security in the BlackBerry Enterprise solution is super strong.

The BlackBerry Enterprise Solution offers end-to-end encryption between the BlackBerry device and the BlackBerry Enterprise Server (that resides at the enterprise’s premises) by using Advanced Encryption Standard (AES) or Triple Data Encryption Standard (Triple DES).

The BlackBerry is not PKI-based but uses symmetric cryptography, meaning that there is a master-key. In BlackBerry there is a unique master-key for each device and a per-message-key that are dynamically generated. Messages are encrypted using the per-message key, and the per-message key is in turn encrypted using the master-key. The master-key resides on the device itself as well as inside the BlackBerry Enterprise Server (BES), that again resides at the enterprise’s premises and not at the operator nor Canada or the UK RIM data-centers.

The RIM folks made a public statement as follows:

“The BlackBerry security architecture for enterprise customers is based on a symmetric key system whereby the customer creates their own key and only the customer ever possesses a copy of their encryption key. RIM does not possess a “master key”, nor does any “back door” exist in the system that would allow RIM or any third party to gain unauthorized access to the key or corporate data.”

But what is that article from India Times?

India Times wrote an article BlackBerry to open code for security check that reads:

The company has offered to share with security agencies its technical codes for corporate email services, open up access to all consumer emails within 15 days and also develop tools in 6 to 8 months to allow monitoring of chats, telecom department documents (dated August 2) available with ET show.

So what is it? Is RIM opening or not? What does “technical codes for corporate email services” really means? Master-keys?

Based on BlackBerry’s architecture I don’t see how RIM can accommodate the above request for enterprise users unless RIM show the governments how to break and retrieve the master-keys from the Enterprises servers themselves. But for BlackBerry Internet Service (consumers) yes they can easily do it by just handing over the intercepted messages themselves, unless the messages are encrypted with SSL or PGP or S/MIME in which case it is not RIM’s problem.

What are the implications?

First, what all of the above means is that the issue against RIM is really against BlackBerry enterprise users (i.e. businesses) and that the argument against the central network architecture of the BlackBerry Infrastructure is really inconsequential since regardless of where the central servers reside, across the globe or local to the country, they won’t be able to easily break the symmetric encryption (remember, the master-keys don’t reside at the central data-centers anyway).

(If you think about it, regional servers would actually help RIM alleviate the management of BlackBerry handset-traffic by managing it regionally; assuming there is something to alleviate.)

So what this means is that the issue should not really be about the location of the servers themselves, but the real issue here is obviously the requests by the respective governments to monitor the messages themselves.

The next logical question is: “Must all services that cannot be intercepted must be discontinued in those countries?”

RIM is in over 175 countries and even Obama uses RIM. And the world relies daily on Public-Key cryptography and infrastructure for online transactions and secure messages. If governments were to force a change that would break PKI or BlackBerry for that matter, that will be the end of secure online transactions; you won’t be able to trust online purchases or share information in a secure fashion. If governments can break into it, so will hackers.

Shutting down the BlackBerry services seems unlikely to me. Will RIM be forced to change their architecture/infrastructure to satisfy these governments? Perhaps RIM should do a Google (as when it pulled out of China).

And how is the market responding/treating RIM because of this debacle? “RIM’s Nasdaq-listed shares [RIMM 53.39 -2.14 (-3.85%)] ended down 2.5 percent at $55.53 while its Toronto-listed shares fell 4 percent to C$56.77. (CNBC.com) — and the ironic thing is that I bet you that those same traders are BlackBerry users themselves who wouldn’t think about using their devices without strong encryption…

Related to this:


18 Jan

Which BlackBerry are you?

My good friend Michael Yuan (Ringful Health) put together a quick survey on BlackBerry to better understand popular BlackBerry versions and help them prioritize their product road-map. The survey results are public so everyone can benefit from this survey:

So, while we are working on BlackBerry versions of our apps, we are really interested in finding out where the “common denominator” is. Is it sufficient for us to target BlackBerry OS 4.6 and above? Or, do we really need to go all the way to OS 4.2 or even OS 4.0? Do we need to release a seperate app for touch screen BlackBerry devices? Can we rely on the BlackBerry AppWorld to distribute our app?

Read more about the BlackBerry survey and participate….


24 Nov

Will RIM go the Android Way?

RIM Android

Will RIM adopt Android? A very interesting thought indeed. But why or not would RIM do such a thing? Some thoughts below:

Why this would be unlikely?

  • “Not built here” mentality — this is probably the biggest hurdle for them. There will be internal people resistant to the change, resistant to drastic changes and “throwing away” all legacy work, but sometimes, this must be done;
  • “Why promote a competitor” mentality — this would be a weak argument, due to the “pros” – see below.

Why this would be likely?

  • Deliver more value while reducing overall investments/expenses;
  • Overall reduced Build of Materials (BOM) costs — reduced R&D related to OS; reduce OS team size that instead can focus on value for end-users (apps) and developers. No need to re-invent App Stores. Leverage Google infrastructure (such as Maps which will be an expected feature by end-users) while adding own differentiators on top;
  • Android OS is advanced and customizable, and open — OSes are complicated and expensive handset elements. Android is based on Linux which is stable, which is open, and which is proven. The Android APIs are robust. The whole environment is open. And is community-based. Able to add own differentiators on top;
  • Java-based satisfies current developer base — no new programming languages to learn or adapt to. Tons of tools that already exists, from UI to IDEs;
  • Provides migration path — RIM can decide to continue exposing existing BB Java-based APIs and application life-cycles as needed on top of Android as a migration path;
  • IDE tools already in place — Eclipse is a very good IDE. There is NetBeans too. Both are open and community based and very complete. There would be no need for their own BlackBerry-specific Java-IDE and that t team can instead focus on BlackBerry-specific extensions to Eclipse, NetBeans and/or other – in other words, a much cheaper route to developer tools than developing or maintaining developer tools from the ground up;
  • Business models provided by Google — such as search, Maps, other and provide additional revenue streams for RIM.

As you can see, there are a number of positives for going the Android path; let’s see what will happen.

BTW, the above also applies to Nokia, but let’s see if they end up buying Palm instead…


25 Nov

Mapping BlackBerry Software Version to Device Model

When writing software for the BlackBerry platform, one of the common questions that come up is “what BB software version (and related JDE) should I be using?” The following helps answer this question:

(Source: Introduction to BlackBerry® Java® Development)

Not shown above are the following BB software versions to platforms mapping:

  • 4.6 is targeted at Bold-family of devices
  • 4.7 is target at Storm-family of devices

To help you visualize the model numbers listed on the diagram above, the following image shows a compilation of all current BlackBerry handsets as of November 2008:

BB Models Nov 2008
(Click to enlarge)