Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
111112113114115116117118119120
PEAP authentication
PEAP authentication permits a Wi-Fi® enabled BlackBerry® device to authenticate with an authentication server and access an
enterprise Wi-Fi network. PEAP authentication uses TLS to create an encrypted tunnel between the BlackBerry device and the
authentication server. It uses the TLS tunnel to send the authentication credentials of the BlackBerry device to the authentication
server.
The BlackBerry device supports PEAPv0 and PEAPv1 for PEAP authentication. The BlackBerry device also supports EAP-MS-
CHAPv2 and EAP-GTC as second-phase protocols during PEAP authentication so that the BlackBerry device can exchange
credentials with the enterprise Wi-Fi network.
To configure PEAP authentication, you must install a root certificate on the BlackBerry device that corresponds to the
authentication server certificate.
For more information, see the BlackBerry Enterprise Server Administration Guide.
EAP-TLS authentication
EAP-TLS authentication uses a PKI to permit a Wi-Fi® enabled BlackBerry® device to authenticate with an authentication server
and access an enterprise Wi-Fi network. EAP-TLS authentication uses TLS to create an encrypted tunnel between the BlackBerry
device and the authentication server. EAP-TLS authentication uses the TLS encrypted tunnel and a client certificate to send the
credentials of the BlackBerry device to the authentication server.
The BlackBerry device supports EAP-TLS authentication when your organization uses certificates that meet specific requirements
on the authentication server and the client for authentication. To configure EAP-TLS authentication, you must install a client
certificate and a root certificate on the BlackBerry device that corresponds to the certificate of the authentication server. For
more information, see the BlackBerry Enterprise Server Administration Guide.
For more information about EAP-TLS authentication, see RFC 2716.
EAP-TTLS authentication
EAP-TTLS authentication can extend EAP-TLS authentication to permit a Wi-Fi® enabled BlackBerry® device to authenticate
with the authentication server and access an enterprise Wi-Fi network. When the authentication server uses its certificate to
authenticate with the BlackBerry device and open a protected connection to the BlackBerry device, the authentication server
uses an authentication protocol over the protected connection to authenticate the BlackBerry device.
The BlackBerry device supports EAP-MS-CHAPv2 and MS-CHAPv2 as second-phase protocols during EAP-TTLS authentication
so that the BlackBerry device can exchange credentials with the enterprise Wi-Fi network.
To configure EAP-TTLS authentication, you must install the root certificate on the BlackBerry device that corresponds to the
certificate of the authentication server. For more information, see the BlackBerry Enterprise Server Administration Guide.
Security Technical Overview
EAP authentication methods that a Wi-Fi enabled BlackBerry device supports
114