Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
51525354555657585960
Protecting communication with a BlackBerry device
9
Opening a direct connection between a BlackBerry device and a BlackBerry
Router
A BlackBerry® Router and a BlackBerry device can use the BlackBerry Router protocol to bypass the SRP authenticated connection
to the BlackBerry® Infrastructure and open a direct connection to each other. The BlackBerry Router can open a direct connection
to a BlackBerry device that a user connects to a computer that hosts the BlackBerry® Device Manager. The BlackBerry Router
can also open a direct connection to a BlackBerry device over an enterprise Wi-Fi® network using port 4101.
Before the BlackBerry® Enterprise Server or BlackBerry device send any data to each other, the BlackBerry device must
authenticate with the BlackBerry Enterprise Server by verifying the device transport key. The BlackBerry Router opens an
authenticated connection after the BlackBerry device authenticates with the BlackBerry Enterprise Server. The BlackBerry Router
does not know the value of the device transport key that the BlackBerry Enterprise Server and BlackBerry device share.
If the BlackBerry device connects to the BlackBerry Router over the enterprise Wi-Fi network, after the BlackBerry Router opens
an authenticated connection, the BlackBerry Router sends the Internet content requests or intranet content requests from the
BlackBerry device to the enterprise Wi-Fi network over port 4101. The BlackBerry Router verifies that the PIN belongs to a
BlackBerry device that is registered with the wireless network.
If you want the BlackBerry Router and BlackBerry device to use the BlackBerry Router protocol, you can consider installing the
BlackBerry Router on a computer that is separate from the computer that hosts the BlackBerry Enterprise Server to prevent direct
access to the computer that hosts the BlackBerry Enterprise Server.
Process flow: Authenticating a BlackBerry device with the BlackBerry Enterprise Server using
the BlackBerry Router protocol
1. A user connects a BlackBerry® device to a computer that hosts the BlackBerry® Device Manager or connects a BlackBerry
device to an enterprise Wi-Fi® network.
2. The BlackBerry® Enterprise Server and BlackBerry device use the BlackBerry Router protocol to verify that the BlackBerry
device knows the device transport key.
The BlackBerry Router protocol uses two runs of the elliptic curve version of the Schnorr identification scheme to provide
mutual authentication between the BlackBerry Enterprise Server and BlackBerry device.
3. The BlackBerry Enterprise Server and BlackBerry device authenticate with each other using the same SRP authentication
information that the BlackBerry Enterprise Server uses to authenticate with the BlackBerry® Infrastructure.
4. The BlackBerry Router opens an authenticated connection.
Security Technical Overview
Protecting communication with a BlackBerry device
58