Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

BlackBerry Enterprise Solution Security

Protecting the BlackBerry Infrastructure connections 30

Step Action Description

3 The BlackBerry Enterprise

Server sends a challenge string

to the BlackBerry

Infrastructure.

When the BlackBerry Enterprise Server receives the BlackBerry

Infrastructure challenge string, it sends a challenge string to the

BlackBerry Infrastructure.

4 The BlackBerry Infrastructure

sends a challenge response to

the BlackBerry Enterprise

Server.

The BlackBerry Infrastructure hashes the BlackBerry Enterprise

Server challenge string with the SRP authentication key, a 20-byte

shared secret encryption key, using the keyed HMAC with SHA1.

The BlackBerry Infrastructure sends the resulting 20-byte value

back to the BlackBerry Enterprise Server.

5 The BlackBerry Enterprise

Server sends a challenge

response to the BlackBerry

Infrastructure.

The BlackBerry Enterprise Server responds to the BlackBerry

Infrastructure challenge string by hashing the challenge with the

shared SRP authentication key.

6 The BlackBerry Infrastructure

sends an acceptance to the

BlackBerry Enterprise Server.

When the BlackBerry Infrastructure accepts the challenge

response, it sends a final confirmation to the BlackBerry Enterprise

Server to complete the authentication process and set up an

authenticated SRP connection between the BlackBerry

Infrastructure and the BlackBerry Enterprise Server. If the

BlackBerry Infrastructure rejects the response, the connection fails

and SRP ends the authentication session.

BlackBerry Router protocol authentication

The BlackBerry Router is designed to bypass the SRP authenticated connection to the BlackBerry Infrastructure

to route data to BlackBerry devices that are connected to the BlackBerry Device Manager through a physical

connection to a desktop computer. Data between the BlackBerry devices and the BlackBerry Router is

compressed and encrypted.

You can install the BlackBerry Router on a remote computer to route data traffic between the BlackBerry

Infrastructure and one or more BlackBerry Enterprise Servers. The BlackBerry device must authenticate itself to

the BlackBerry Enterprise Server to prove that it knows the master encryption key before the BlackBerry Router

sends data to the BlackBerry device.

When the BlackBerry Router protocol authentication is successful, the BlackBerry device sends data to the

BlackBerry Router through the BlackBerry Device Manager, and the BlackBerry Router sends data to the

BlackBerry device through the BlackBerry Device Manager. When the user disconnects the BlackBerry device

from the desktop computer or closes the BlackBerry Device Manager, the wireless data flow over the SRP

connection is restored.

BlackBerry Router protocol authentication process

Step Action Description

1 A user physically connects a BlackBerry

device to a desktop computer.

The user connects the BlackBerry device to a desktop

computer that is running the BlackBerry Device

Manager.