Specifications
Data flow: Authenticating the BlackBerry
Device Service with the BlackBerry
Infrastructure
1. The BlackBerry Device Service sends a data packet that contains its unique SRP identifier to the BlackBerry
Infrastructure to claim the SRP identifier.
2. The BlackBerry Infrastructure sends a random challenge string to the BlackBerry Device Service.
3. The BlackBerry Device Service sends a challenge string to the BlackBerry Infrastructure.
4. The BlackBerry Infrastructure hashes the challenge string it received from the BlackBerry Device Service with the SRP
authentication key using HMAC with the SHA-1 algorithm. The BlackBerry Infrastructure sends the resulting 20-byte
value to the BlackBerry Device Service as a challenge response.
5. The BlackBerry Device Service hashes the challenge string it received from the BlackBerry Infrastructure with the SRP
authentication key, and sends the result as a challenge response to the BlackBerry Infrastructure.
6. The BlackBerry Infrastructure performs one of the following actions:
• Accepts the challenge response and sends a confirmation to the BlackBerry Device Service to complete the
authentication process and configure an authenticated SRP connection
• Rejects the challenge response
If the BlackBerry Infrastructure rejects the challenge response, the authentication process is not successful. The
BlackBerry Infrastructure and BlackBerry Device Service close the SRP connection.
If the BlackBerry Device Service uses the same SRP authentication key and SRP identifier to connect to (and then
disconnect from) the BlackBerry Infrastructure five times in one minute, the BlackBerry Infrastructure deactivates the
SRP identifier to help prevent an attacker from using the SRP identifier to create conditions for a DoS attack.
Security Technical Overview How the BlackBerry Device Service and the BlackBerry Infrastructure authenticate with each other
13