Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

BlackBerry Enterprise Solution Security

Protecting the BlackBerry Infrastructure connections 33

Security measure Description

The BlackBerry Enterprise

Solution encrypts data traffic

over TCP/IP.

• Data remains encrypted with standard BlackBerry encryption from the

BlackBerry Enterprise Server to the BlackBerry device or from the

BlackBerry device to the BlackBerry Enterprise Server. There is no

intermediate point at which the data is decrypted and encrypted

again.

• No data traffic of any kind can occur between the BlackBerry

Enterprise Server and the wireless network or the BlackBerry device

unless the BlackBerry Enterprise Server can decrypt the data using the

correct, valid master encryption key. Only the BlackBerry device and

BlackBerry Enterprise Server have the correct, valid master encryption

key.

The BlackBerry Enterprise

Server encrypts data traffic

between specific components

• The BlackBerry Enterprise Server encrypts data traffic between

specific components. The BlackBerry Collaboration Service, the

connection service, the BlackBerry Policy Service, and the BlackBerry

Synchronization Service share a secure communication password that

is known only to them. The BlackBerry Messaging Agent and the

BlackBerry Dispatcher share a different secure communication

password that is known only to them. When one of these components

initiates a connection to the BlackBerry Dispatcher, the BlackBerry

inter-process protocol uses SPEKE to bootstrap from the component's

secure communication password and establishes a 256-bit AES

encryption key (a session key). The BlackBerry Enterprise Server then

uses the session key to encrypt data traffic to any components that

store the same secure communication password.

The BlackBerry device initiates

inbound connections using the

BlackBerry Router to a WLAN

only.

• The BlackBerry Router sends the Internet or intranet content requests

from the BlackBerry device over port 4101 to the WLAN. The BlackBerry

Router verifies that the PIN belongs to a valid BlackBerry device that is

registered on the wireless network.

Messaging server to desktop email program connection

You can encrypt the BlackBerry device data in transit between the messaging server and the user’s desktop

email program.

Messaging server Data traffic encryption method

IBM Lotus Domino

• The BlackBerry Enterprise Server and the IBM Lotus Domino server

communicate using the same IBM Lotus Notes RPC to enable

seamless communication between the BlackBerry Enterprise Server,

BlackBerry-related IBM Lotus Domino databases, and the IBM Lotus

Domino server.

• A user that provisions their BlackBerry device using a physical

connection to their desktop computer can encrypt data traffic in

transit between the IBM Lotus Domino server and their IBM Lotus

Notes Inbox. See the IBM Lotus Domino help files for more

information.