Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
41424344454647484950
BlackBerry Enterprise Solution 43
2. The BlackBerry Desktop Software implementation of the secure channel technology uses the shared secret
password and the ECDH protocol with a 521-bit curve to create a master encryption key.
3. The secure channel technology uses the master encryption key to create two encryption keys and two
HMAC-SHA-256 keys.
4. The secure channel technology uses one of the encryption keys and one of the HMAC keys to encrypt and
authenticate data that the BlackBerry Desktop Software Version 4.2 sends over the communication channel
to the components that store the same password.
5. The secure channel technology uses one of the encryption keys and one of the HMAC keys to encrypt and
authenticate data that the BlackBerry Desktop Software Version 4.2 receives over the communication
channel from the component that initiated the connection.
BlackBerry MDS connections
A BlackBerry device user can use the BlackBerry Browser and third-party Java applications on the BlackBerry
device to access the Internet and your organization’s intranet and to accept and respond to push requests from
BlackBerry Enterprise Server push applications. The BlackBerry MDS uses standard Internet protocols such as
HTTP and TCP/IP to access data on the Internet or your organization’s intranet, and a RIM proprietary
BlackBerry MDS Services security protocol to protect messages that the BlackBerry device sends using the
BlackBerry MDS Services. The BlackBerry device uses standard BlackBerry encryption to protect your
organization’s applications and online and Internet data that a user receives on the BlackBerry device.
Requiring secure HTTP connections to the BlackBerry device
The BlackBerry MDS Services self-signed certificate permits server authentication between the BlackBerry MDS
Services and the BlackBerry Manager, and client authentication between the BlackBerry MDS Services and
external web services hosts. The BlackBerry MDS Services stores the self-signed certificate in its key store.
The system administrator can install the certificate on the BlackBerry MDS Services computer to establish server
authenticated communication between the BlackBerry MDS Services and the BlackBerry Manager. If your
BlackBerry Enterprise Solution uses SSL to communicate with external web servers, the system administrator
must export the BlackBerry MDS Services certificate to those servers to establish authenticated communication
with web services. If the BlackBerry Enterprise Server administrator uses the Weak Digest Algorithms IT policy
rule to specify algorithms that BlackBerry devices consider weak, when BlackBerry devices use SSL to connect to
external web servers, the BlackBerry Enterprise Server uses the list of weak digest algorithms when verifying that
the certificate chains for the certificates that BlackBerry devices use with the SSL protocol are strong enough.
Using a secure connection to push BlackBerry MDS Studio Applications to BlackBerry devices
After the system administrator configures authentication between the BlackBerry MDS Services and web
services, the BlackBerry Enterprise Server administrator can permit BlackBerry devices to install the BlackBerry®
MDS Studio Applications that use SSL web services only.
Requiring secure HTTP connections using two-factor authentication
The BlackBerry MDS Services also support using RSA SecurID authentication with hardware tokens to require
two-factor authentication when accessing the Internet or your organization’s intranet on the BlackBerry device.
When the user tries to access a web server, the BlackBerry MDS Connection Service checks whether it has
cached credentials for the user. If it does, it sends the credentials to the web server. If it does not have cached
credentials, or if the web server does not accept the cached credentials, the BlackBerry MDS Connection Service
sends a message to the device that credentials are required, and the device prompts the user to type the
credentials.
BlackBerry MDS Services security protocol
To authenticate the source and protect the integrity of each BlackBerry MDS message, the BlackBerry MDS
Services security protocol generates a MAC for each BlackBerry MDS message that the BlackBerry device and
the BlackBerry MDS Services send between them. To protect the confidentiality of each BlackBerry MDS
www.blackberry.com