Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
151152153154155156157158159160
EAP authentication methods that a Wi-Fi
enabled device supports
LEAP authentication
LEAP authentication is designed to improve WEP authentication. You can use LEAP authentication to authenticate a Wi-Fi
enabled BlackBerry device with a work Wi-Fi network, generate WEP encryption keys that are unique to the device, and
configure the work Wi-Fi network to update the WEP encryption keys automatically during a session with the device.
The device supports using LEAP authentication with a user name and password. The device uses a one-way function to
encrypt the password before it sends the password to the authentication server on the work Wi-Fi network. You can
configure password policies on a work Wi-Fi network that require the device to use LEAP authentication to connect to the
work
Wi-Fi network.
LEAP authentication does not provide mutual authentication between the device and work Wi-Fi network.
PEAP authentication
PEAP authentication permits a Wi-Fi enabled BlackBerry device to authenticate with an authentication server and access a
work Wi-Fi network. PEAP authentication uses TLS to create an encrypted tunnel between the device and the
authentication server. The device uses the TLS tunnel to send the authentication credentials to the authentication server.
The device supports PEAPv0 and PEAPv1 for PEAP authentication. The device also supports EAP-MS-CHAPv2 and EAP-
GTC as second-phase protocols during PEAP authentication. The device can use the second-phase protocols to exchange
credentials with the work Wi-Fi network.
To configure PEAP authentication, you must install a root certificate on the device that corresponds with the authentication
server certificate and install client certificates, if required.
For more information, see the BlackBerry Enterprise Server Administration Guide.
EAP-TLS authentication
EAP-TLS authentication uses a PKI to permit a Wi-Fi enabled BlackBerry device to authenticate with an authentication
server and access a work Wi-Fi network. EAP-TLS authentication uses TLS to create an encrypted tunnel between the
device and the authentication server. EAP-TLS authentication uses the TLS encrypted tunnel and a client certificate to
send the credentials of the device to the authentication server.
Security Technical Overview IEEE 802.1X standard
157