Specifications
a Establish a mutually authenticated TLS connection by verifying both the client certificate and the server certificate
for the Enterprise Management Web Service using the enterprise management root certificate
b Generate the device transport key using ECMQV and the authenticated long-term public keys from the client
certificate and the server certificate for the Enterprise Management Web Service
10. The Enterprise Management Agent stores the device transport key in its keystore.
11. The Enterprise Management Web Service performs the following actions:
a Stores the device transport key in the BlackBerry Configuration Database
b Sends the IT policy, SRP information, profiles, and software configurations to the device over TLS
12. The Enterprise Management Agent sends an acknowledgment that it received the IT policy and other data to the
Enterprise Management Web Service over TLS. The activation process is complete.
The elliptic curve protocols used during the activation process use the NIST-recommended 521-bit curve.
Data flow: Activating a device over a
connection to the BlackBerry Infrastructure
1. You perform the following actions:
a Add a user account to the BlackBerry Device Service using the account information retrieved from your
organization's Microsoft Active Directory
b Set the user's activation type to either BlackBerry Balance or work space only
c Create an activation password for the user account
d Communicate the password and, if necessary, the SRP ID of the BlackBerry Device Service to the user
2. The user performs the following actions:
a Types the user ID, activation password, and SRP ID of the BlackBerry Device Service (if necessary) on the device
Security Technical Overview Activating devices
33