User guide
Data flow: Authenticating a Wi-Fi enabled
device with a work Wi-Fi network using the
IEEE 802.1X standard
If you configured a wireless access point to use the IEEE 802.1X standard, the access point permits communication using
EAP authentication only. This process flow assumes that you configured a Wi-Fi enabled BlackBerry device to use an EAP
authentication method to communicate with the access point.
1. The Wi-Fi enabled device associates itself with the access point that you configured to use the IEEE 802.1X standard.
The device sends its credentials (typically a user name and password) to the access point.
2. The access point sends the credentials to the authentication server.
3. The authentication server performs the following actions:
a authenticates the device on behalf of the access point
b instructs the access point to permit access to the work Wi-Fi network
c sends Wi-Fi credentials to the device to permit it to authenticate with the access point
4. The access point and device use EAPoL-Key messages to generate encryption keys (for example, WEP, TKIP, or AES-
CCMP, depending on the EAP authentication method that the device uses).
When the device sends EAPoL messages, the device uses the encryption and integrity requirements that the EAP
authentication method specifies. When the device sends EAPoL-Key messages, the device uses the ARC4 algorithm or
AES algorithm to provide integrity and encryption.
After the access point and device generate the encryption key, the device can access the work Wi-Fi network.
Security Technical Overview IEEE 802.1X standard
156