Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
111112113114115116117118119120
PSK protocol
The IEEE® 802.1X™ standard specifies the PSK protocol as an access control method for enterprise Wi-Fi® networks. You can
also use the PSK protocol in small-office environments and home environments where it is not feasible to configure server-based
authentication.
To configure the PSK protocol, you must send a passphrase that matches the key or passphrase for the wireless access points to
a Wi-Fi enabled BlackBerry® device. The access points and BlackBerry device use a passphrase to generate layer 2 encryption
keys. The passphrase can be up to 256 bits. All access points and each BlackBerry device in your organization must share the
same passphrase.
The PSK protocol is designed to use TKIP keys or AES-CCMP keys to protect communications over the enterprise Wi-Fi network.
The PSK protocol relies on the passphrase to control whether a Wi-Fi enabled device (such as a computer or BlackBerry device)
can access the enterprise Wi-Fi network.
The BlackBerry device is compatible with the WPA™-Personal and WPA2™-Personal specifications.
For more information about configuring the BlackBerry device to support the PSK protocol, see the BlackBerry Enterprise Server
Administration Guide.
IEEE 802.1X standard
The IEEE® 802.1X™ standard defines a generic authentication framework that a Wi-Fi® enabled BlackBerry® device and an
enterprise Wi-Fi network can use to authenticate with each other.
The IEEE 802.1X standard uses EAP authentication methods to provide mutual authentication between the BlackBerry device
and enterprise Wi-Fi network. To act as a Wi-Fi supplicant, the BlackBerry device uses EAP authentication methods that are
specified in RFC 3748 and that meet the requirements of RFC 4017. The BlackBerry device uses an EAP authentication method
(for example, EAP-TLS, EAP-TTLS, EAP-FAST, or PEAP) and credentials to provide mutual authentication with the enterprise Wi-
Fi network, as defined in the WPA™-Enterprise and WPA2™-Enterprise specifications.
Caching a PMK when using the IEEE 802.1X standard
When a Wi-Fi® enabled device (such as a computer or BlackBerry® device) uses the IEEE® 802.11i™ standard with the IEEE®
802.1X™ standard, the key exchange that occurs during EAP authentication generates keying material. A Wi-Fi enabled device
and a wireless access point use the keying material when they create the PMK.
A Wi-Fi enabled BlackBerry device and an access point can cache the PMK. The PMK caching process reuses previously generated
keying material to skip EAP authentication during subsequent connections and permits the BlackBerry device and an access
point to generate session keys. PMK caching helps reduce the roaming latency for the BlackBerry device between access points
in an enterprise Wi-Fi network.
Security Technical Overview
PSK protocol
112