Specifications

11. The Enterprise Management Web Service performs the following actions:

a Verifies the HMAC of the encrypted CSR and decrypts the CSR using the shared symmetric key

b Retrieves the user ID, work space ID, device PIN, and your organization’s name from the BlackBerry Configuration

Database

c Packages a client certificate using the information it retrieved and the CSR that the Enterprise Management Agent

e Encrypts the client certificate, enterprise management root certificate, and the Enterprise Management Web

Service URL using the shared symmetric key and AES-256 in CBC mode with PKCS #5 padding

f Computes an HMAC of the encrypted client certificate, enterprise management root certificate, and the Enterprise

a Establish a mutually authenticated TLS connection by verifying both the client certificate and the server certificate

for the Enterprise Management Web Service using the enterprise management root certificate

b Generate the device transport key using ECMQV and the authenticated long-term public keys from the client

certificate and the server certificate for the Enterprise Management Web Service

14. The Enterprise Management Agent stores the device transport key in its keystore.

15. The Enterprise Management Web Service performs the following actions:

a Stores the device transport key in the BlackBerry Configuration Database

b Sends the IT policy, SRP information, profiles, and software configurations to the device over TLS

16. The Enterprise Management Agent sends an acknowledgment that it received the IT policy and other data to the

Enterprise Management Web Service over TLS. The activation process is complete.