Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

BlackBerry Enterprise Solution Security

Protecting the BlackBerry Infrastructure connections 32

Step Action Description

4 The BlackBerry Enterprise Server and the

BlackBerry device establish and verify the

shared master encryption key.

The BlackBerry Enterprise Server and the BlackBerry

device use the initial key establishment protocol to

establish a master encryption key. The BlackBerry

Enterprise Server and the BlackBerry device verify the

master encryption key with each other. If the BlackBerry

Enterprise Server and the BlackBerry device mutually

confirm the correct master encryption key, the

activation proceeds, and the BlackBerry Enterprise

Server and the BlackBerry device use the master

encryption key to encrypt further communication

between them.

5 The BlackBerry Enterprise Server sends

service books to the BlackBerry device.

The BlackBerry Enterprise Server sends the appropriate

service books to the BlackBerry device. The user can

now send messages from and receive messages on the

BlackBerry device.

6 The BlackBerry Enterprise Server sends

data to the BlackBerry device.

If wireless PIM synchronization and wireless backup is

enabled for the user, the BlackBerry Enterprise Server

sends the following data to the user’s BlackBerry device:

• calendar entries

• contacts, tasks, and memos

• existing BlackBerry device options (if applicable)

that the BlackBerry device backed up using

automatic wireless backup.

See the BlackBerry Wireless Enterprise Activation Technical Overview for more information.

TCP/IP connection

The TCP/IP connection from the BlackBerry Enterprise Server to the BlackBerry Router is designed to be secure

in the following ways:

Security measure Description

The BlackBerry Enterprise

Server sends outbound traffic

to the BlackBerry device only

through the authenticated

connection to the BlackBerry

Infrastructure.

• You must configure your corporate firewall or proxy to permit the

BlackBerry Enterprise Server to initiate and maintain an outbound

connection to the BlackBerry Infrastructure on TCP port 3101.

The BlackBerry Enterprise

Server does not send inbound-

initiated traffic to the

messaging server.

• The BlackBerry Enterprise Server discards inbound traffic from any

source other than the BlackBerry device (through the BlackBerry

Infrastructure or BlackBerry Desktop Software) or the messaging

server.