Table of Contents
Advertisement
BlackBerry Enterprise Solution
Messaging server
IBM Lotus Domino
Microsoft Exchange
Novell GroupWise
Connections between the BlackBerry Desktop Manager and its components
The application loader tool and the media manager of the BlackBerry Desktop Manager share a secret password
with the BlackBerry Desktop Manager. When the application loader tool or the media manager tool initiates a
connection to the BlackBerry Desktop Software Version 4.2 or later, the BlackBerry Desktop Software uses
secure channel technology to create a communication channel that is designed to use the shared secret
password to secure communication between the BlackBerry Desktop Manager and either of those components.
Authentication process used by the secure channel technology communication channel
1.
The application loader tool or the media manager tool initiates a connection to the BlackBerry Desktop
Software Version 4.2 or later.
2.
The BlackBerry Desktop Software implementation of the secure channel technology uses the shared secret
password and the ECDH protocol with a 521-bit curve to create a master encryption key.
3. The secure channel technology uses the master encryption key to create two encryption keys and two
HMAC-SHA-256 keys.
4. The secure channel technology uses one of the encryption keys and one of the HMAC keys to encrypt and
authenticate data that the BlackBerry Desktop Software Version 4.2 sends over the communication channel
to the components that store the same password.
5. The secure channel technology uses one of the encryption keys and one of the HMAC keys to encrypt and
authenticate data that the BlackBerry Desktop Software Version 4.2 receives over the communication
channel from the component that initiated the connection.
www.blackberry.com
Data traffic encryption method
•
The BlackBerry Enterprise Server and the IBM Lotus Domino server
communicate using the same IBM Lotus Notes RPC to enable
seamless communication between the BlackBerry Enterprise Server,
BlackBerry-related IBM Lotus Domino databases, and the IBM Lotus
Domino server.
•
Users that activate their BlackBerry devices using physical
connections to their computers can encrypt data traffic in transit
between the IBM Lotus Domino server and their IBM Lotus Notes
Inboxes. For more information, see the IBM Lotus Domino help files.
•
The BlackBerry Enterprise Server and the Microsoft Exchange Server
communicate using the same Microsoft Exchange server RPC.
•
BlackBerry device users can use 128-bit encryption to encrypt RPC
communication over the MAPI connection between the Microsoft
Exchange Server and Microsoft Outlook. For more information on
enabling encryption in Microsoft Windows, see the Microsoft product
documentation.
The BlackBerry Enterprise Server for Novell GroupWise is designed to use
a trusted application key to open a connection to the GroupWise server. To
generate the trusted application key, the GroupWise administrator runs
the trusted application key generator, specifies the GroupWise primary
domain database location, and then specifies the application name that
the BlackBerry Enterprise Server should use to connect to the GroupWise
server. The trusted application key is a 64-byte ASCII string.
The BlackBerry Enterprise Server connects securely to a BlackBerry device
user's mailbox using the trusted application name and key. The GroupWise
server verifies the trusted application name and key and permits the
BlackBerry Enterprise Server to establish a connection to the BlackBerry
device user's GroupWise database.
42
Advertisement
Table of Contents
