Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
How a device and the BlackBerry Device Service
protect sensitive Wi-Fi information
To permit a device to access a Wi-Fi network, you must send sensitive Wi-Fi information such as encryption keys and
passwords to the device using Wi-Fi profiles and VPN profiles. After the device receives the sensitive Wi-Fi information, the
device encrypts the encryption keys and passwords and stores them in flash memory.
The BlackBerry Device Service encrypts the sensitive Wi-Fi information that it sends to the device and stores the sensitive
Wi-Fi information in the BlackBerry Configuration Database. You can help protect the sensitive Wi-Fi information in the
BlackBerry Configuration Database using access controls and configuration settings.
Layer 2 security methods that a device supports
You can configure a device to use security methods for layer 2 (also known as the IEEE 802.11 link layer) so that the
wireless access point can authenticate the device and the device and the wireless access point can encrypt data that they
send to each other. The device supports the following layer 2 security methods:
WEP encryption (64-bit and 128-bit)
IEEE 802.1X standard and EAP authentication using EAP-FAST, EAP-TLS, EAP-TTLS, and PEAP
TKIP and AES-CCMP encryption for WPA-Personal, WPA2-Personal, WPA-Enterprise, and WPA2-Enterprise
To support layer 2 security methods, the device has a built-in IEEE 802.1X supplicant.
If a work Wi-Fi network uses EAP authentication, you can permit and deny device access to the work Wi-Fi network by
updating your organization’s central authentication server. You are not required to update the configuration of each access
point.
For more information about IEEE 802.11 and IEEE 802.1X, see www.ieee.org/portal/site. For more information about EAP
authentication, see RFC 3748.
IEEE 802.1X standard
The IEEE 802.1X standard defines a generic authentication framework that a device and a work Wi-Fi network can use for
authentication. The EAP framework is specified in RFC 3748.
The device supports EAP authentication methods that meet the requirements of RFC 4017 to authenticate the device to
the work Wi-Fi network. Some EAP authentication methods (for example, EAP-TLS, EAP-TTLS, EAP-FAST, or PEAP) use
credentials to provide mutual authentication between the device and the work Wi-Fi network.
The device is compatible with the WPA-Enterprise and WPA2-Enterprise specifications.
Security Technical Overview How devices connect to the BlackBerry Device Service
26