Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

BlackBerry Enterprise Solution Security

Authenticating a user 35

HTTPS

protocol

BlackBerry MDS encryption method Description

handheld mode

TLS/SSL

TLS and WTLS key establishment

algorithms, symmetric ciphers and

hash algorithms that the RIM Crypto

API currently supports on the

BlackBerry device

• The BlackBerry device uses handheld (direct)

mode TLS/SSL to encrypt data for the entire

connection between the BlackBerry device

and the content server.

• Data traffic over the wireless network remains

encrypted and is not decrypted at the

connection service.

• Use handheld mode TLS/SSL when only the

endpoints of the transaction are trusted (for

example, with banking services).

Note: BlackBerry devices with BlackBerry Device

Software version 3.6.1 or later support BlackBerry

device handheld mode TLS/SSL connections.

WAP gateway connections

BlackBerry Device Software version 3.2.1 or later supports WTLS, which is designed to provide an extra layer of

security when connecting to a WAP gateway. WTLS requires a WAP gateway to provide standard WAP access to

the Internet. To use a WAP gateway, your company must work with the network operator or service provider.

Authenticating a user

When a user receives a new BlackBerry device, the BlackBerry Enterprise Solution uses either a desktop-based or

wireless master encryption key generation method to authenticate the user and their BlackBerry device to the

BlackBerry Enterprise Server. The user must have a valid email address for their BlackBerry device to activate

successfully and register with the wireless network.

Authenticating a user to a BlackBerry device using a password

When you add a BlackBerry device to a BlackBerry Enterprise Server, you can require a user to authenticate to

the BlackBerry device using a security password. You can use IT policy rules to configure features such as

password duration, length, and strength, to require password patterns, and to forbid specific passwords. See the

Policy Reference Guide for more information.

If the user intends to activate their BlackBerry device wirelessly, they must contact you for a temporary

activation password that the BlackBerry device uses to establish the master encryption key. You can set the

BlackBerry device activation password and communicate it to the user.

The activation password

• applies to that user’s email account only

• is not valid after five unsuccessful activation attempts

• expires if a user does not activate the BlackBerry device within the default period of 48 hours, or a period of

up to 720 hours that you configure after you create their activation password

• is removed from the BlackBerry Enterprise Server when the BlackBerry device activates successfully

Authenticating a user using a smart card

Use two-factor authentication, using a smart card, to require users to prove their identity to the BlackBerry

device by two factors:

• what they have (the smart card)