Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
41424344454647484950
BlackBerry Enterprise Solution 44
message, the BlackBerry MDS Services security protocol encrypts and decrypts data that the BlackBerry device
and the BlackBerry MDS Services send between them.
Authentication process used by the BlackBerry MDS Services security protocol
1. The BlackBerry device generates the 128-bit AES session key.
2. The BlackBerry device uses 1024-bit RSA with PKCS #1 padding to encrypt the AES session key before
sending it to the BlackBerry MDS Services server and storing it in the BlackBerry device flash memory.
3. The BlackBerry MDS Services security protocol uses 128-bit AES in CBC mode with PKCS #5 padding to
encrypt a 128-bit AES session key using a 128-bit AES database access key.
4. The BlackBerry MDS Services server stores the encrypted 128-bit AES session key in the BlackBerry MDS
Services database and stores the 128-bit AES database access key in the database key store.
5. The BlackBerry MDS Services security protocol uses HMAC with a SHA-1 hash function, in combination with
the 128-bit shared secret key, to authenticate data that a BlackBerry device and the BlackBerry MDS
Services send between them.
6. The BlackBerry MDS Services security protocol uses 128-bit AES in CBC mode with PKCS #5 padding to
encrypt and decrypt data that a BlackBerry device and the BlackBerry MDS Services send between them.
Protecting the HTTP connection
If an application on the BlackBerry device accesses servers on the Internet, the BlackBerry Enterprise Server
administrator can set up an HTTP connection that uses TLS/SSL, an HTTPS protocol, to provide additional
authentication and security. The BlackBerry device supports HTTPS communication in the following modes:
HTTPS
protocol
BlackBerry MDS encryption method Description
proxy mode
TLS/SSL
Sun® JSSE™ 1.4.1 cipher suite
components
The Connection Service sets up the proxy
mode TLS/SSL connection on behalf of the
BlackBerry device.
The BlackBerry device does not use proxy
mode TLS/SSL to encrypt data traffic over the
wireless network; standard BlackBerry
encryption encrypts the data traffic between
the BlackBerry device and BlackBerry
Enterprise Server. Data traffic is therefore
encrypted over the wireless network unless it
is behind your organization’s firewall.
The BlackBerry device experiences faster
response times using this protocol than with
handheld mode TLS/SSL.
www.blackberry.com