Table of Contents
Advertisement
BlackBerry Enterprise Solution
When the authentication process used by the BlackBerry Router protocol is successful, the BlackBerry device
sends data to the BlackBerry Router through the BlackBerry Device Manager or over port 4101 to an enterprise
Wi-Fi network, and the BlackBerry Router sends data to the BlackBerry device through the BlackBerry Device
Manager or over port 4101 to an enterprise Wi-Fi network. When the BlackBerry device user disconnects the
BlackBerry device from the computer or closes the BlackBerry Device Manager, or disconnects from the
enterprise Wi-Fi network, the wireless data flow over the SRP connection is restored. The BlackBerry Enterprise
Server and the BlackBerry Router use the BlackBerry Router protocol to close the authenticated connection to
the BlackBerry device.
Authentication process used by the BlackBerry Router protocol
Step
Action
1
A BlackBerry device user physically
connects a BlackBerry device to a
computer, or connects a BlackBerry device
to an enterprise Wi-Fi network.
2
The BlackBerry Router authenticates the
BlackBerry device.
For more information about the BlackBerry Router protocol and the authentication process, see "Masking
operation process that the AES implementation uses when content protection is turned on" on page 78.
Authentication during wireless enterprise activation
Wireless enterprise activation enables a BlackBerry device user to activate a supported BlackBerry device on the
BlackBerry Enterprise Server without a physical connection to a computer. The BlackBerry Enterprise Server
administrator can use wireless enterprise activation to implement a large number of BlackBerry devices
remotely.
Wireless enterprise activation produces a master encryption key that authenticates a BlackBerry device user and
secures the communication between the BlackBerry Enterprise Server and the BlackBerry device. The BlackBerry
Enterprise Server and the BlackBerry device use an initial key establishment protocol that uses SPEKE to
initialize a key generation process using an activation password to establish a shared master encryption key that
enables strong authentication between them. The BlackBerry Enterprise Server and the BlackBerry device do not
send the master encryption key over the wireless network at any time during the key establishment process,
subsequent key generation, or message exchanges.
After the BlackBerry device successfully activates on the BlackBerry Enterprise Server, the BlackBerry device no
longer requires the activation password. The BlackBerry device user (or another user) cannot reuse that
password to activate another BlackBerry device.
www.blackberry.com
Description
The user connects the BlackBerry device to a computer
that is running the BlackBerry Device Manager, or
connects the BlackBerry device to an enterprise Wi-Fi
network.
The BlackBerry Enterprise Server and the BlackBerry
device use the unique BlackBerry Router authentication
protocol to verify that the BlackBerry device has the
correct master encryption key. The value of the master
encryption key that the BlackBerry device and the
BlackBerry Enterprise Server share is not available to
the BlackBerry Router.
The BlackBerry Enterprise Server and the BlackBerry
device use the same authentication information to
validate each other that the SRP authentication
handshake sequence uses to determine whether or not
the BlackBerry Enterprise Server can connect to the
BlackBerry Infrastructure.
39
Advertisement
Table of Contents
