Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
41424344454647484950
BlackBerry Enterprise Solution 46
Authentication process for requests for wireless software upgrades
When the BlackBerry Infrastructure sends a wireless software upgrade communication, it performs the following
actions:
1. Generates an ECDSA key periodically, using ECC over a 521-bit curve.
2. Signs the ECDSA key, using a stored root certificate.
3. Signs the wireless software upgrade communication that it sends to the BlackBerry device, using the
digitally signed ECDSA key.
When the BlackBerry device receives the wireless software upgrade communication, it performs the following
actions:
1. Verifies the ECDSA key, using a public key common to all BlackBerry devices that support wireless software
upgrades.
2. Verifies the digital signature on the ECDSA key, using a stored root certificate.
WAP gateway connections
BlackBerry Device Software Version 3.2 SP1 or later supports WTLS, which is designed to provide an extra layer of
security when connecting to a WAP gateway. WTLS requires a WAP gateway to provide standard WAP access to
the Internet. To use a WAP gateway, your organization must work with the network operator or service provider.
Instant messaging server connections
The BlackBerry Collaboration Service is designed to provide a connection between the instant messaging server
and enterprise instant messaging applications on BlackBerry devices. If your instant messaging server is
Microsoft® Live Communications Server™, and if the enterprise messenger supported in your environment is
BlackBerry® Instant Messaging for Microsoft® Windows Messenger, BlackBerry® Instant Messaging for
Microsoft® Office Communicator, or both, the BlackBerry Enterprise Server administrator can change the
transport protocol that the BlackBerry Collaboration Service uses to connect to the instant messaging server.
To provide additional authentication and security, the BlackBerry Enterprise Server administrator can require
that the BlackBerry Collaboration Service uses TLS/SSL to connect to the instant messaging server. Using
TLS/SSL might require that an instant messaging component has a digital certificate that binds the identity of
that component to its public key. The instant messaging component can use its digital certificates to
authenticate to another instant messaging component to allow encrypted communication between them.
If your environment is using Microsoft Windows Messenger, the BlackBerry Enterprise Server administrator can
set the LCS Connector to use TLS to encrypt data that it sends to the Live Communications Server. The computer
running the Microsoft Live Communications Server Connector must trust the TLS certificate on the Microsoft Live
Communications Server. If the certificate that the Microsoft Live Communications Server uses is self-signed, the
BlackBerry Enterprise Server administrator needs to install the certificate on the BlackBerry Collaboration
Service computer.
If your environment is using Microsoft Office Communicator, the BlackBerry Enterprise Server administrator can
set the BlackBerry Collaboration Service to use HTTPS to encrypt data that it sends to the Microsoft CWA Server.
The Microsoft CWA Server and Microsoft Live Communications Server automatically encrypt data that they send
between them using TLS.
Using segmented network architecture to prevent the spread of malware on your
organization’s network
The system administrator can separate your organization’s network or LAN into multiple firewall-segmented
components to create segmented network architecture. Each segment of your organization’s network can
contain network traffic, which improves the security and performance of the network segment by filtering out
data that is not destined for that particular segment. If your organization’s security policies enforce the use of
www.blackberry.com