User guide
IEEE 802.1X standard
The IEEE 802.1X standard defines a generic authentication framework that a Wi-Fi enabled BlackBerry device and an
enterprise
Wi-Fi network can use for authentication. The EAP framework that the IEEE 802.1X standard uses for
authentication is specified in RFC3748.
The device supports EAP authentication methods that meet the requirements of RFC4017. The device uses the EAP
authentication methods to authenticate with the enterprise Wi-Fi network. Some EAP authentication methods (for
example, EAP-TLS, EAP-TTLS, EAP-FAST, or PEAP) use credentials to provide mutual authentication between the device
and the enterprise
Wi-Fi network.
The device is compatible with the WPA-Enterprise and WPA2-Enterprise specifications.
Roaming in an enterprise Wi-Fi network
The BlackBerry device is designed to minimize loss of network connectivity when it moves from one wireless access point
to another in an enterprise
Wi-Fi network that uses WPA2-Enterprise authentication. If the enterprise Wi-Fi network
supports Wi-Fi CERTIFIED Voice-Enterprise, the device uses the IEEE 802.11r standard to move from one wireless access
point to another. If the enterprise Wi-Fi network does not use Wi-Fi CERTIFIED Voice- Enterprise, the device uses the IEEE
802.11i standard with the IEEE 802.1X standard to move from one wireless access point to another.
When the device uses the IEEE 802.11i standard with the IEEE 802.1X standard, the key exchange that occurs during EAP
authentication generates the required keying material. The device and a wireless access point use the keying material
when they create the PMK.
The device and wireless access point can cache the PMK. The PMK caching process permits the device and the access
point to generate session keys and skip EAP authentication during subsequent connections. PMK caching helps reduce
the roaming latency for the device when the device moves to another access point in an enterprise
Wi-Fi network.
18
Security Technical Overview IEEE 802.1X standard
155