User guide

If you configured a wireless access point to use the IEEE® 802.1X™ standard, the access point permits communication using EAP

authentication only. This process flow assumes that you configured a Wi-Fi® enabled BlackBerry® device to use an EAP

standard. The BlackBerry device sends its credentials (typically a user name and password) to the access point.

2. The access point sends the credentials to the authentication server.

a. authenticates the BlackBerry device on behalf of the access point

b. instructs the access point to permit access to the enterprise Wi-Fi network

c. sends Wi-Fi credentials to the BlackBerry device to permit it to authenticate with the access point

4. The access point and BlackBerry device use EAPoL-Key messages to generate encryption keys (for example, WEP, TKIP, or

AES-CCMP, depending on the EAP authentication method that the BlackBerry device uses).

that the EAP authentication method specifies. When the BlackBerry device sends EAPoL-Key messages, the BlackBerry

authentication method to authenticate a Wi-Fi® enabled BlackBerry® device with an enterprise Wi-Fi network, generate WEP

encryption keys that are unique to the BlackBerry device, and configure the enterprise Wi-Fi network to update the WEP encryption

keys automatically during a session with the BlackBerry device.

The BlackBerry device supports using LEAP authentication with a user name and password. The BlackBerry device uses a one-

way function to encrypt the password before it sends the password to the authentication server on the enterprise Wi-Fi network.

LEAP authentication does not provide mutual authentication between the BlackBerry device and enterprise Wi-Fi network. You

can configure password policies on an enterprise Wi-Fi network that require the BlackBerry device to use LEAP authentication

to connect to the enterprise Wi-Fi network.