Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
server. EAP-TLS authentication uses the TLS encrypted tunnel and a client certificate to send the credentials of the device
to the authentication server.
Devices support EAP-TLS authentication when the authentication server and the client use certificates that meet specific
requirements. To configure EAP-TLS authentication, you must install a client certificate and a root certificate on the device
that corresponds to the certificate of the authentication server. You can use SCEP to enroll certificates on devices. For
more information, see the BlackBerry Device Service Advanced Administration Guide.
For more information about EAP-TLS authentication, see RFC 2716.
EAP-TTLS authentication
EAP-TTLS authentication extends EAP-TLS authentication to permit a device and an authentication server to mutually
authenticate. When the authentication server uses its certificate to authenticate with the device and open a protected
connection to the device, the authentication server uses an authentication protocol over the protected connection to
authenticate with the device.
Devices support EAP-MS-CHAPv2, MS-CHAPv2, and PAP as second-phase protocols during EAP-TTLS authentication so
that devices can exchange credentials with the work Wi-Fi network. If you want to use PAP as a second-phase protocol, you
must set the EAP Inner Link Security profile setting to Auto.
To configure EAP-TTLS authentication, you must install the root certificate on the device that corresponds to the certificate
of the authentication server. For more information, see the BlackBerry Device Service Advanced Administration Guide.
EAP-FAST authentication
EAP-FAST authentication uses PAC to open a TLS connection to a device and verify the supplicant credentials of the device
over the TLS connection.
Devices support EAP-MS-CHAPv2 and EAP-GTC as second-phase protocols during EAP-FAST authentication so that
devices can exchange authentication credentials with work Wi-Fi networks. Devices support the use of automatic PAC
provisioning with EAP-FAST authentication only.
For more information about EAP-FAST authentication, see RFC 4851.
EAP authentication methods that devices support the use of CCKM with
Devices support the use of CCKM with all supported EAP authentication methods to improve roaming between wireless
access points. Devices do not support the use of CCKM with the Cisco CKIP encryption algorithm or the AES-CCMP
encryption algorithm.
Using certificates with PEAP authentication, EAP-TLS authentication, or
EAP-TTLS authentication
If your organization uses PEAP authentication, EAP-TLS authentication, or EAP-TTLS authentication to protect the wireless
access points for a work Wi-Fi network, a device must authenticate mutually with an access point using an authentication
server. To generate the certificates that the device and authentication server use to authenticate with each other, you
require a CA.
Security Technical Overview How devices connect to the BlackBerry Device Service
28