Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

Contents

1 About BlackBerry Device Service solution security ........................................................................... 7

BlackBerry Device Service solution security ........................................................................................................................ 7

Device security features ..................................................................................................................................................... 8

Hardware root of trust for BlackBerry devices ...................................................................................................................... 9

Architecture: BlackBerry Device Service ............................................................................................................................. 9

2 How the BlackBerry Device Service and the BlackBerry Infrastructure authenticate with each

other ............................................................................................................................................. 12

What happens when the BlackBerry Device Service and the BlackBerry Infrastructure open an initial connection .............. 12

Data flow: Authenticating the BlackBerry Device Service with the BlackBerry Infrastructure .............................................. 13

How the BlackBerry Device Service protects a TCP/IP connection to the BlackBerry Infrastructure .................................... 14

3 How devices connect to the BlackBerry Device Service .................................................................. 15

Types of encryption that devices use when they connect to your organization's resources .................................................. 16

Work Wi-Fi connection ............................................................................................................................................... 17

VPN connection ......................................................................................................................................................... 17

BlackBerry Infrastructure connection ......................................................................................................................... 18

Securing the communication between devices and your organization’s network ................................................................ 19

Using Kerberos to provide single sign-on from BlackBerry 10 devices ......................................................................... 20

Protecting connections from a device to content servers and application servers ............................................................... 20

How the BlackBerry Device Service manages email messages .......................................................................................... 21

How devices can connect to the BlackBerry Infrastructure ................................................................................................ 21

Data flow: Opening a TLS connection between the BlackBerry Infrastructure and a device .......................................... 22

Encrypting data that the BlackBerry Device Service and devices send to each other over the BlackBerry Infrastructure ..... 22

Device transport keys ................................................................................................................................................ 22

Message keys ............................................................................................................................................................ 23

Using a VPN with a device ................................................................................................................................................ 25

Protecting a connection between a device and a work Wi-Fi network ................................................................................. 25

How a device and the BlackBerry Device Service protect sensitive Wi-Fi information ................................................... 26

Layer 2 security methods that a device supports ........................................................................................................ 26

EAP authentication methods that devices support ...................................................................................................... 27

Activating devices ......................................................................................................................... 30

Activating a device over a wireless connection .................................................................................................................. 30

Data flow: Activating a device over a work Wi-Fi connection or a VPN connection ............................................................... 31

Data flow: Activating a device over a connection to the BlackBerry Infrastructure .............................................................. 33

Activating a device using the BlackBerry Web Desktop Manager ....................................................................................... 35

Data flow: Activating a device using the BlackBerry Web Desktop Manager ....................................................................... 36