Installation guide
BlackBerry Enterprise Solution 39
Scenario Result
The connection between the
BlackBerry Enterprise Server and the
BlackBerry Infrastructure terminates.
• The BlackBerry Infrastructure informs the source BlackBerry
device that the message could not be delivered and deletes
the message after trying for 10 minutes.
• When the connection is re-established, the BlackBerry
Enterprise Server resends the undelivered message to the
recipient BlackBerry device. If more than five messages are
pending, the BlackBerry Enterprise Server stores them in the
BlackBerry Configuration Database.
BlackBerry Router protocol authentication
The BlackBerry Router is designed to bypass the SRP authenticated connection to the BlackBerry Infrastructure
to route data to BlackBerry devices that are connected to the BlackBerry Device Manager through a physical
connection to a computer or BlackBerry devices that are connected over port 4101 to an enterprise Wi-Fi
network. Data that BlackBerry devices and the BlackBerry Router send between one another is compressed and
encrypted.
The system administrator can install the BlackBerry Router on a remote computer to route data traffic between
the BlackBerry Infrastructure and one or more BlackBerry Enterprise Servers. The BlackBerry device must
authenticate itself to the BlackBerry Enterprise Server to prove that it knows the master encryption key before
the BlackBerry Router sends data to the BlackBerry device. The BlackBerry Enterprise Server and the BlackBerry
device use the BlackBerry Router protocol to open a mutually authenticated connection between them.
When the authentication process used by the BlackBerry Router protocol is successful, the BlackBerry device
sends data to the BlackBerry Router through the BlackBerry Device Manager or over port 4101 to an enterprise
Wi-Fi network, and the BlackBerry Router sends data to the BlackBerry device through the BlackBerry Device
Manager or over port 4101 to an enterprise Wi-Fi network. When the BlackBerry device user disconnects the
BlackBerry device from the computer or closes the BlackBerry Device Manager, or disconnects from the
enterprise Wi-Fi network, the wireless data flow over the SRP connection is restored. The BlackBerry Enterprise
Server and the BlackBerry Router use the BlackBerry Router protocol to close the authenticated connection to
the BlackBerry device.
Authentication process used by the BlackBerry Router protocol
Step Action Description
1 A BlackBerry device user physically
connects a BlackBerry device to a
computer, or connects a BlackBerry device
to an enterprise Wi-Fi network.
The user connects the BlackBerry device to a computer
that is running the BlackBerry Device Manager, or
connects the BlackBerry device to an enterprise Wi-Fi
network.
2 The BlackBerry Router authenticates the
BlackBerry device.
The BlackBerry Enterprise Server and the BlackBerry
device use the unique BlackBerry Router authentication
protocol to verify that the BlackBerry device has the
correct master encryption key. The value of the master
encryption key that the BlackBerry device and the
BlackBerry Enterprise Server share is not available to
the BlackBerry Router.
The BlackBerry Enterprise Server and the BlackBerry
device use the same authentication information to
validate each other that the SRP authentication
handshake sequence uses to determine whether or not
the BlackBerry Enterprise Server can connect to the
BlackBerry Infrastructure.
www.blackberry.com