Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
111112113114115116117118119120
Using a captive portal to connect to an enterprise Wi-Fi network or Wi-Fi
hotspot
A captive portal uses web-based authentication to permit a Wi-Fi® enabled BlackBerry® device to connect to an enterprise Wi-
Fi network or Wi-Fi hotspot. The BlackBerry device can use a captive portal to access an IP segment of the enterprise Wi-Fi
network or Wi-Fi hotspot. After the BlackBerry device connects to the enterprise Wi-Fi network or Wi-Fi hotspot, the user can
browse to an HTML login page for a web site that permits the enterprise Wi-Fi network or Wi-Fi hotspot to authenticate with the
BlackBerry device before the BlackBerry device can access the web site.
If your organization uses a captive portal, you can permit a user to access the captive portal using the WLAN Login browser on
the BlackBerry device. The user must authenticate with the WLAN Login browser using the login information that you provide.
When the BlackBerry device authenticates with the captive portal, the user can use the BlackBerry® Browser on the BlackBerry
device to access other web sites and data services that are available on the enterprise Wi-Fi network or Wi-Fi hotspot.
Protecting a connection between a Wi-Fi enabled BlackBerry device and an
enterprise Wi-Fi network using RSA authentication
You can use software tokens to provide layer 2 authentication or layer 3 authentication on a Wi-Fi® enabled BlackBerry® device.
When you configure a software token for a user, the BlackBerry device is designed to use the passcode to authenticate the user
to the Wi-Fi network using PEAP authentication, EAP-GTC authentication, EAP-FAST authentication, EAP-TTLS authentication,
or a VPN.
The RSA SecurID® Library on the BlackBerry device permits the BlackBerry device to periodically generate token codes for a
software token. The BlackBerry device imports a seed, which consists of random data, and uses the seed to initialize the software
token algorithm. The software token algorithm generates the token code on the BlackBerry device.
When the user opens a Wi-Fi connection or VPN connection that requires two-factor authentication on the BlackBerry device,
the BlackBerry device prompts the user to type the software token PIN. The RSA SecurID Library adds the software token PIN to
the beginning of the token code to create a passcode that the BlackBerry device can use with a two-factor authentication process.
BlackBerry transport layer encryption is designed to protect the seed when the BlackBerry® Enterprise Server sends it over the
transport layer. The BlackBerry device uses Research In Motion® proprietary protocols that are designed to be highly secure to
perform all communication necessary to retrieve the seed on behalf of the RSA SecurID Library.
Process flow: Generating a token code for a software token
1. An administrator of the RSA SecurID® uses the RSA® Authentication Manager to import a seed as a soft token file in .asc
format to a software token database and issue the software token file in .sdtid format. If necessary, the administrator can
perform one or more of the following actions:
Security Technical Overview
Using a captive portal to connect to an enterprise Wi-Fi network or Wi-Fi hotspot
109