Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
61626364656667686970
Protecting BlackBerry Enterprise Solution
communications in your organization's environment
10
How a BlackBerry Enterprise Server and the BlackBerry Infrastructure
authenticate with each other
The BlackBerry® Infrastructure and BlackBerry® Enterprise Server must authenticate with each other before they can transfer
data. The BlackBerry Enterprise Server uses SRP to authenticate with and connect to the BlackBerry Infrastructure.
SRP is a point-to-point protocol that runs over TCP/IP. The BlackBerry Enterprise Server uses SRP to contact the BlackBerry
Infrastructure and open a connection. When the BlackBerry Enterprise Server and BlackBerry Infrastructure open a connection,
they perform the following actions:
authenticate with each other
exchange configuration information
send and receive data
The BlackBerry Enterprise Server and BlackBerry Infrastructure use the SRP authentication key when they authenticate with each
other. The SRP authentication key is a 20-byte encryption key that the BlackBerry Enterprise Server and BlackBerry Infrastructure
share.
The BlackBerry Enterprise Server sends only outgoing traffic to a BlackBerry device using an authenticated connection to the
BlackBerry Infrastructure.
What happens when a BlackBerry Enterprise Server and the BlackBerry Infrastructure open
an initial connection
After a BlackBerry® Enterprise Server and the BlackBerry® Infrastructure open an initial connection over the Internet, the
BlackBerry Enterprise Server is designed to send a basic information packet to the BlackBerry Infrastructure immediately. A basic
information packet includes version information, SRP identifiers, and other information that is required to open an SRP connection.
Both the BlackBerry Enterprise Server and BlackBerry Infrastructure can recognize the basic information packet. The BlackBerry
Enterprise Server and BlackBerry Infrastructure can use the basic information packet to configure the parameters of the SRP
implementation.
The BlackBerry Infrastructure does not send basic information packets to the BlackBerry Enterprise Server until after the
BlackBerry Enterprise Server sends a packet to the BlackBerry Infrastructure. This process permits the BlackBerry Infrastructure
to be backward compatible with previous BlackBerry Enterprise Server versions, which close the SRP connection if they receive
unrecognized basic information packets.
Security Technical Overview
Protecting BlackBerry Enterprise Solution communications in your organization's environment
68