Table of Contents
Advertisement
BlackBerry Enterprise Solution
The RSA SecurID Library can decrypt the .sdtid file seed using an optional password if the administrator uses the
RSA Authentication Manager Version 6.1 or later to set the password to issue an encrypted .sdtid file seed to the
BlackBerry device user. The RSA SecurID Library uses code signing to prevent third party applications from
altering or reading the information that it stores on the BlackBerry device.
For more information on how the BlackBerry device generates software token tokencodes, see "Appendix J: RSA
SecurID software token tokencode generation process" on page 88.
How the BlackBerry Enterprise Solution authenticates requests for wireless software
upgrades
The BlackBerry Enterprise Server and the BlackBerry device encrypt all communication between them, including
wireless software upgrade communication, using standard BlackBerry encryption.
The BlackBerry device uses digital signature validation to authenticate the following types of wireless software
upgrade communication:
•
control messages that the BlackBerry device receives from the BlackBerry Infrastructure or the BlackBerry
Provisioning System administration site that requests the wireless software upgrade
•
upgrade instructions that the BlackBerry device requests and receives from the BlackBerry Infrastructure or
the BlackBerry Provisioning System administration site sending the wireless BlackBerry Device Software
upgrade
Authentication process for requests for wireless software upgrades
When the BlackBerry Infrastructure sends a wireless software upgrade communication, it performs the following
actions:
1.
Generates an ECDSA key periodically, using ECC over a 521-bit curve.
2.
Signs the ECDSA key, using a stored root certificate.
3. Signs the wireless software upgrade communication that it sends to the BlackBerry device, using the
digitally signed ECDSA key.
When the BlackBerry device receives the wireless software upgrade communication, it performs the following
actions:
1.
Verifies the ECDSA key, using a public key common to all BlackBerry devices that support wireless software
upgrades.
2.
Verifies the digital signature on the ECDSA key, using a stored root certificate.
WAP gateway connections
BlackBerry Device Software Version 3.2 SP1 or later supports WTLS, which is designed to provide an extra layer of
security when connecting to a WAP gateway. WTLS requires a WAP gateway to provide standard WAP access to
the Internet. To use a WAP gateway, your organization must work with the network operator or service provider.
Instant messaging server connections
The BlackBerry Collaboration Service is designed to provide a connection between the instant messaging server
and enterprise instant messaging applications on BlackBerry devices. If your instant messaging server is
Microsoft® Live Communications Server™, and if the enterprise messenger supported in your environment is
BlackBerry® Instant Messaging for Microsoft® Windows Messenger, BlackBerry® Instant Messaging for
Microsoft® Office Communicator, or both, the BlackBerry Enterprise Server administrator can change the
transport protocol that the BlackBerry Collaboration Service uses to connect to the instant messaging server.
To provide additional authentication and security, the BlackBerry Enterprise Server administrator can require
that the BlackBerry Collaboration Service uses TLS/SSL to connect to the instant messaging server. Using
TLS/SSL might require that an instant messaging component has a digital certificate that binds the identity of
www.blackberry.com
45
Advertisement
Table of Contents
