Essentially, RIM is blending security elements from its BlackBerry heritage with the security architecture of the new OS, which is based on the , acquired when RIM bought QNX Software Systems in 2010. While RIM has not revealed BlackBerry 10 security in detail, Scott Totzke, RIM's senior vice president, BlackBerry security, talked about the topic generally during a briefing at last week's BlackBerry World conference.

BACKGROUND:

"Security is becoming more complex for consumers than for the enterprise," Totzke says. The enterprise typically has a security infrastructure in place, often with dedicated security staff. The BlackBerry Enterprise lets administrators set hundreds of device and data policies for the BlackBerry phones, and forges an encrypted link for the devices through RIM's Network Operations Center. "The industry has been promising mobile commerce [to consumers] for years: the idea of using your phone as your wallet. But if that happens, it better be secure," he says. "If the user can't trust the [mobile] platform, it's a tough sell."

BB10 security will have multiple integrated layers, with the tight, cooperating relationship between hardware and software that's been a BlackBerry hallmark. For mobile users, there will be a permissions-based security model for apps, in plain, understandable English, coupled with a various OS-level security and safety features borrowed from QNX's experience in the embedded systems market.

At the OS level, QNX has offered a hardened variant of its OS called for several years. The secure kernel has been certified under the Common Criteria ISO/IEC 15408 Evaluation Assurance Level (EAL) 4+. The Common Criteria is intended to show that a computer security product has been specified, implemented and evaluated in a standard and thorough way. QNX says Neutrino was the first full-featured RTOS certified under this standard.