Manualshelf

Specifications

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
31323334353637383940
Data flow: Activating a device using the
BlackBerry Web Desktop Manager
1. You perform the following actions:
a Add a user account to the BlackBerry Device Service using the account information retrieved from your
organization's Microsoft Active Directory
b Set the user's activation type to either BlackBerry Balance or work space only
2. A user performs the following actions:
a Connects a device to a computer using a USB cable
b On the computer, browses to the BlackBerry Web Desktop Manager using Windows Internet Explorer and logs in
3. If necessary, the browser downloads and installs the BlackBerry device communication components. The BlackBerry
device communication components are Microsoft ActiveX controls that permit the BlackBerry Device Service to
communicate with a tethered device.
4. The BlackBerry device communication components send the device PIN to the BlackBerry Device Service over an
HTTPS connection to start the activation process.
5. The BlackBerry Device Service receives the device PIN and performs the following actions:
a Stores the device PIN in the BlackBerry Configuration Database
b Generates an activation password. You and the user cannot view the activation password
c Sends the activation password, user ID, and the server name and port of the Enterprise Management Web Service
to the Enterprise Management Agent
6. If the activation is a work space only activation, the user accepts the organization notice, which outlines the terms and
conditions that the user must agree to.
7. If the activation is a work space only activation, the device deletes all existing data and restarts.
8. The Enterprise Management Agent creates the work space on the device.
9. The Enterprise Management Agent and Enterprise Management Web Service generate a shared symmetric key from
the activation password using EC-SPEKE. The shared symmetric key is designed to help protect the CSR and response.
10. The Enterprise Management Agent performs the following actions:
a Generates a key pair for the certificate
b Creates a PKCS#10 CSR that includes the public key of the key pair
c Encrypts the CSR using the shared symmetric key and AES-256 in CBC mode with PKCS #5 padding
d Computes an HMAC of the encrypted CSR using SHA-256 and appends it to the CSR
Security Technical Overview Activating devices
36