I am evaluating a requirement for a consumer blackberry application that places high premium on security of user's data. Seems like it is an insurance company. Here are my ideas on how I could go about it. I am sure this would be useful for others who are looking for similar stuff

• Force the user to use device password. (I am guessing that this would be possible - though not checked it yet). Application can request notifications when the device is about to be locked and just after it has been unlocked. Encryption of application specific data can be managed at those times.
• Application data would be encrypted with user's password.
• User's credentials would be encrypted with device password.
• Remote backup of the data could be done over HTTPS (any better ideas are appreciated)

Questions:

1. What if the user forgets his device password.
2. If the user forgets his application password, what is the best and secure way to reset the password?
3. If the user losses the phone, remote backup must be done and the application data must be cleaned up.

I have some ideas on how to achieve (3) and shall share them. There must be an off-line verification of the user's identity and the administrator must provide a channel using which the user must be able to send command to the device to perform the wiping of application data. The idea is that the user is ALWAYS in control of his data. Without the user's consent, even the admin must not be able to do activities such as cleaning up the data.

In the above scheme of things, it appears as if the user's password need not be sent over the air to server. Am I correct?

Thanks,

--Kiran Kumar