Table of Contents
Advertisement
BlackBerry Enterprise Solution
Protecting the HTTP connection
If an application on the BlackBerry device accesses servers on the Internet, the BlackBerry Enterprise Server
administrator can set up an HTTP connection that uses TLS/SSL, an HTTPS protocol, to provide additional
authentication and security. The BlackBerry device supports HTTPS communication in the following modes:
HTTPS
BlackBerry MDS encryption method
protocol
proxy mode
Sun® JSSE™ 1.4.1 cipher suite
TLS/SSL
components
Handheld
TLS and WTLS key establishment
mode TLS/SSL
algorithms, symmetric ciphers and
hash algorithms that the RIM Crypto
API currently supports on the
BlackBerry device
Using two-factor authentication to protect connections to enterprise Wi-Fi networks
The RSA SecurID Library on supported BlackBerry devices allows those BlackBerry devices to periodically
generate software token tokencodes. The BlackBerry device combines the tokencode with a software token PIN
that the BlackBerry device user provides as a prefix string to the tokencode to create a passcode for use with a
two-factor authentication process on the BlackBerry device. When the BlackBerry device user tries to establish a
WLAN or VPN connection that requires two-factor authentication on the BlackBerry device, the BlackBerry
device prompts the BlackBerry device user to type the software token PIN and submit the current tokencode to
create the two-factor authentication passcode.
How the BlackBerry device generates the software token for use with two-factor authentication
The BlackBerry device imports and uses random data called a seed to initialize the RSA SecurID software token
algorithm. The algorithm generates the RSA SecurID software token tokencode on the BlackBerry device. When
the BlackBerry device imports the .sdtid file seed into the RSA SecurID Library, the RSA SecurID Library randomly
generates a password that the RSA SecurID Library uses to encrypt the .sdtid file seed
www.blackberry.com
Description
•
The Connection Service sets up the proxy
mode TLS/SSL connection on behalf of the
BlackBerry device.
•
The BlackBerry device does not use proxy
mode TLS/SSL to encrypt data traffic over the
wireless network; standard BlackBerry
encryption encrypts the data traffic between
the BlackBerry device and BlackBerry
Enterprise Server. Data traffic is therefore
encrypted over the wireless network unless it
is behind your organization's firewall.
•
The BlackBerry device experiences faster
response times using this protocol than with
handheld mode TLS/SSL.
•
The BlackBerry device uses handheld (direct)
mode TLS/SSL to encrypt data for the entire
connection between the BlackBerry device
and the content server.
•
Data traffic over the wireless network remains
encrypted and is not decrypted at the
Connection Service.
•
Use handheld mode TLS/SSL when only the
endpoints of the transaction are trusted (for
example, with banking services).
Note: BlackBerry devices with BlackBerry Device
Software Version 3.6.1 or later support BlackBerry
device handheld mode TLS/SSL connections.
44
Advertisement
Table of Contents
