Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
31323334353637383940
b For a work space only activation, accepts the organization notice, which outlines the terms and conditions that the
user must agree to
3. If the activation is a work space only activation, the device deletes all existing data and restarts.
4. The Enterprise Management Agent on the device establishes a connection through the BlackBerry Infrastructure to the
BlackBerry Device Service.
5. The BlackBerry MDS Connection Service receives the activation request and sends the Enterprise Management Web
Service host and port information back to the Enterprise Management Agent.
6. The Enterprise Management Agent on the device performs the following actions:
a Establishes a connection to the Enterprise Management Web Service through the BlackBerry MDS Connection
Service
b Sends an activation request to the Enterprise Management Web Service
c Creates the work space on the device
7. The Enterprise Management Agent and Enterprise Management Web Service generate a shared symmetric key from
the activation password using EC-SPEKE. The shared symmetric key is designed to help protect the CSR and response.
8. The Enterprise Management Agent performs the following actions:
a Generates a key pair for the certificate
b Creates a PKCS#10 CSR that includes the public key of the key pair
c Encrypts the CSR using the shared symmetric key and AES-256 in CBC mode with PKCS #5 padding
d Computes an HMAC of the encrypted CSR using SHA-256 and appends it to the CSR
e Sends the encrypted CSR and HMAC to the Enterprise Management Web Service
9. The Enterprise Management Web Service performs the following actions:
a Verifies the HMAC of the encrypted CSR and decrypts the CSR using the shared symmetric key
b Retrieves the user ID, work space ID, device PIN, and your organization’s name from the BlackBerry Configuration
Database
c Packages a client certificate using the information it retrieved and the CSR that the Enterprise Management Agent
sent
d Signs the client certificate using the enterprise management root certificate
e Encrypts the client certificate, enterprise management root certificate, and the Enterprise Management Web
Service URL using the shared symmetric key and AES-256 in CBC mode with PKCS #5 padding
f Computes an HMAC of the encrypted client certificate, enterprise management root certificate, and the Enterprise
Management Web Service URL and appends it to the encrypted data
g Sends the encrypted data and HMAC to the Enterprise Management Agent
10. The Enterprise Management Agent performs the following actions:
a Verifies the HMAC
b Decrypts the data it received from the Enterprise Management Web Service
Security Technical Overview Activating devices
34