Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

BlackBerry Enterprise Solution 51

Authentication method Description Wi-Fi enabled BlackBerry device

implementation

Using IEEE 802.11i with PSK

Small office and home environments

where it is not feasible to set up a

server-based authentication

infrastructure might use IEEE 802.1x

with the PSK method. The access

point and the wireless client use a

PSK (also known as a passphrase) to

mutually derive link layer encryption

keys. The PSK method uses TKIP or

AES-CCMP algorithms to secure

enterprise Wi-Fi network

communications, but it relies on a

single, shared passphrase of up to

256 bits in length for access control.

All access points and wireless clients

must know the passphrase.

The supported Wi-Fi enabled BlackBerry

device implementation of PSK is

compatible with the WPA-Personal and

WPA2-Personal specifications. The

BlackBerry Enterprise Server

administrator can set the passphrase

and distribute it to the supported Wi-Fi

enabled BlackBerry device using the

WLAN Preshared Key IT policy rule.

Using the IEEE 802.11i with

IEEE 802.1X authentication

An IEEE 802.1x framework can use

EAP methods to provide

authentication. LEAP, PEAP, EAP-TLS,

EAP-TTLS, EAP-SIM, and EAP-FAST

authentication methods are designed

to provide mutual authentication

between the supported Wi-Fi enabled

BlackBerry device and the enterprise

Wi-Fi network.

To act as a WLAN supplicant device, the

supported Wi-Fi enabled BlackBerry

device implements WLAN

authentication processes that use EAP

methods as specified in RFC 3748 and

meet the requirements of RFC 4017.

Supported Wi-Fi enabled BlackBerry

devices are designed to use EAP

methods (EAP-TLS, EAP-TTLS, EAP-

FAST, and PEAP) to mutually

authenticate to WLAN networks, as

specified in the WPA™-Enterprise and

WPA2™-Enterprise specification, which

use credentials to provide mutual

authentication:

When the supported Wi-Fi enabled

BlackBerry device sends EAPoL

messages, it uses the encryption and

message integrity protection specified

by the EAP method. When the

BlackBerry device transmits EAPoL-Key

messages it uses either RC4 or AES

algorithms to provide message integrity

and encryption.

Using certificate-based authentication to protect connections to enterprise Wi-Fi networks

If the BlackBerry Enterprise Server administrator uses PEAP, EAP-TLS, or EAP-TTLS methods to secure the access

points on your enterprise Wi-Fi network, supported Wi-Fi enabled BlackBerry devices must mutually authenticate

with an access point through an authentication server to connect to the enterprise Wi-Fi network. The BlackBerry

Enterprise Server administrator requires a certificate authority server to generate the certificates that the

supported Wi-Fi enabled BlackBerry devices and the RADIUS server will store.

Successful PEAP, EAP-TLS, or EAP-TTLS authentication requires that the supported Wi-Fi enabled BlackBerry

devices trust the certificate of the access authentication server. The certificate binds the authentication server

identity to a public and private key pair. Supported Wi-Fi enabled BlackBerry devices do not automatically trust