Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

BlackBerry Enterprise Solution Security

Protecting the BlackBerry Infrastructure connections 29

A BlackBerry device can bypass SRP connectivity and authentication by using the BlackBerry Router to connect

directly to the BlackBerry Enterprise Server. The BlackBerry Enterprise Server can communicate with the

BlackBerry Router using a combination of the SRP and BlackBerry Router authentication protocols.

SRP authentication

SRP is designed to perform the following actions when the BlackBerry Enterprise Server and BlackBerry

Infrastructure establish an authenticated connection and subsequently transfer data between them.

SRP action Description

authenticate the BlackBerry

Infrastructure to the

BlackBerry Enterprise Server

and the BlackBerry Enterprise

Server to the BlackBerry

Infrastructure

The BlackBerry Infrastructure and the BlackBerry Enterprise Server

authenticate with each other before they can transfer data. The

authentication handshake sequence depends on a shared secret encryption

key (the SRP authentication key) on both the BlackBerry Enterprise Server

and the BlackBerry Infrastructure. If at any point in the authentication

handshake sequence the authentication fails, SRP terminates the

connection.

exchange configuration

information between the

BlackBerry Enterprise Server

and the BlackBerry

Infrastructure

The BlackBerry Enterprise Server is designed to send a basic information

packet to the BlackBerry Infrastructure immediately following the initial

SRP authentication process. The packet format is designed to be

recognizable to both the BlackBerry Enterprise Server and the BlackBerry

Infrastructure, enabling both sides to configure the parameters of the SRP

implementation dynamically.

To support backward compatibility with older versions of the BlackBerry

Enterprise Server software, which terminate the SRP connection if they

receive unrecognized packets, the BlackBerry Infrastructure does not send

basic information packets to the BlackBerry Enterprise Server until the

BlackBerry Enterprise Server has sent a packet of the same format to the

BlackBerry Infrastructure.

send and receive transactions

between the BlackBerry

Enterprise Server and the

BlackBerry Infrastructure

If the connection between the BlackBerry Enterprise Server and the

BlackBerry Infrastructure terminates, the wireless network can queue up to

five undelivered messages for up to seven days. If there are more than five

pending messages, the BlackBerry Enterprise Server stores them in the

BlackBerry configuration database. The BlackBerry Infrastructure does not

store data to send to BlackBerry devices.

If the BlackBerry Infrastructure is not operational, the wireless network

discards the pending messages—the BlackBerry device does not receive the

message and the BlackBerry Enterprise Server does not receive an

acknowledgement packet from the recipient BlackBerry device. When the

BlackBerry Infrastructure is operational again, the BlackBerry Enterprise

Server resends messages for which it did not receive an acknowledgement

packet from a recipient.

SRP authentication process

Step Action Description

1 The BlackBerry Enterprise

Server sends its SRP ID, or UID,

to the BlackBerry

Infrastructure.

The BlackBerry Enterprise Server sends a packet to the BlackBerry

Infrastructure to claim its own UID.

2 The BlackBerry Infrastructure

sends a challenge string to the

BlackBerry Enterprise Server.

The BlackBerry Infrastructure sends a random challenge string to

the BlackBerry Enterprise Server.