Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
Data flow: Opening a TLS connection between the
BlackBerry Infrastructure and a device
1. A device sends a request to the BlackBerry Infrastructure to open a TLS connection.
2. The BlackBerry Infrastructure sends its TLS certificate to the device.
3. The device uses a root certificate that is preloaded on the device to verify the TLS certificate. If the user deleted the root
certificate, the device prompts the user to trust the TLS certificate.
4. The device opens the TLS connection.
Encrypting data that the BlackBerry Device
Service and devices send to each other over
the BlackBerry Infrastructure
To encrypt data that is in transit between the BlackBerry Device Service and devices in your organization, the BlackBerry
Device Service and devices use BlackBerry transport layer encryption. BlackBerry transport layer encryption is designed to
encrypt data in transit over the BlackBerry Infrastructure.
Before the BlackBerry Device Service and devices send data to each other, they compress the data, encrypt the data using
message keys, and encrypt the message keys using the device transport key. When the BlackBerry Device Service and
devices receive data from each other, they decrypt the message keys using the device transport key, decrypt the data, and
then decompress the data.
The BlackBerry Device Service and devices use AES-256 in CBC mode as the symmetric algorithm for BlackBerry transport
layer encryption.
Device transport keys
The device transport key encrypts the message keys that help protect the data that is sent between the BlackBerry Device
Service and devices. The BlackBerry Device Service and a device generate the device transport key when a user activates
the device.
Only the BlackBerry Device Service and the device know the value of the device transport key. The BlackBerry Device
Service and the device reject a data packet if they do not recognize the format of a data packet or do not recognize the
device transport key that protects the data packet.
Security Technical Overview How devices connect to the BlackBerry Device Service
22