Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
151152153154155156157158159160
The device supports EAP-TLS authentication when the authentication server and client use certificates that meet specific
requirements for authentication. To configure EAP-TLS authentication, you must install a client certificate and a root
certificate on the device that corresponds to the certificate of the authentication server. For more information, see the
BlackBerry Enterprise Server Administration Guide.
For more information about EAP-TLS authentication, see RFC 2716.
EAP-TTLS authentication
EAP-TTLS authentication extends EAP-TLS authentication to permit a Wi-Fi enabled BlackBerry device and an
authentication server to authenticate with each other. When the authentication server uses its certificate to authenticate
with the device and open a protected connection to the device, the authentication server uses an authentication protocol
over the protected connection to authenticate the device.
The device supports EAP-MS-CHAPv2 and MS-CHAPv2 as second-phase protocols during EAP-TTLS authentication so
that the device can exchange credentials with the work Wi-Fi network.
To configure EAP-TTLS authentication, you must install the root certificate on the device that corresponds to the certificate
of the authentication server. For more information, see the BlackBerry Enterprise Server Administration Guide.
EAP-FAST authentication
EAP-FAST authentication uses PAC to open a TLS connection to a Wi-Fi enabled BlackBerry device and verify the
supplicant credentials of the device over the TLS connection.
The device supports EAP-MS-CHAPv2 and EAP-GTC as second-phase protocols during EAP-FAST authentication so that
the device can exchange authentication credentials with the work Wi-Fi network. The device supports using automatic PAC
provisioning with EAP-FAST authentication only.
For more information about EAP-FAST authentication, see RFC 4851.
EAP-SIM authentication
EAP-SIM authentication uses a GSM SIM card to authenticate a Wi-Fi enabled BlackBerry device with a work Wi-Fi network
and distribute session keys. EAP-SIM authentication uses a challenge-response method without mutual authentication.
The device supports using EAP-SIM authentication with the credentials on the GSM SIM card only. The user is not required
to type or select credentials on the device.
The user identity that EAP-SIM uses for authentication on the device is built from IMSI using the 3GPP technical
specification 3GPP-TS-23.003.
The device can receive at least two challenges from the authentication server to provide stronger authentication.
For more information about EAP-SIM authentication, see RFC 4186.
Security Technical Overview IEEE 802.1X standard
158