User guide
y
B
P + e
B
R
B
≠ hP
• The BlackBerry Router does not accept the connection request if the BlackBerry Router calculates the following:
y
B
P + e
B
R
B
≠ y
D
P + e
D
R
D
• The BlackBerry Enterprise Server does not accept the connection request if the BlackBerry Enterprise Server
calculates the following:
y
D
P + e
D
R
D
≠ hP
• The BlackBerry Router stores R
D
, R
B
, y
D
P + e
D
R
D
, e
D
, and e
B
if the device accepts y
B
.
10. The BlackBerry Enterprise Server stores R
D
, R
B
, e
D
, e
B
, and h.
11. The BlackBerry Router overwrites y
B
and y
D
in memory with zeroes.
12. The BlackBerry Enterprise Server overwrites y
B
, y
D
, and r
B
in memory with zeroes.
13. The device overwrites y
B
, y
D
, and r
D
in memory with zeroes.
Data flow: Using the BlackBerry Router protocol to
close an authenticated connection
1. The BlackBerry Enterprise Server performs the following actions:
a selects a random value r
C
, where 1 < r
c
< p - 1
b calculates R
C
= r
C
P
c calculates another R
C
value if R
C
= R
B
, or R
C
= R
D
d sends the value R
C
to the BlackBerry Router
2. The BlackBerry Router performs the following actions:
a verifies that the value R
C
is random when the value R
C
approaches the point at infinity
b verifies that the value R
C
is random when the value R
C
= R
B
, or R
C
= R
D
c selects a random value e
C
, where 1 < e
c
< p - 1
d calculates another e
C
value if e
C
= e
D
, or e
c
= e
B
e sends the value e
C
to the BlackBerry Enterprise Server
3. The BlackBerry Enterprise Server performs the following actions:
a verifies that the value e
C
is random when the value e
C
= 0
b verifies that the value e
C
is random when the value e
C
= e
B
, or e
C
= e
D
c calculates y
C
= h - e
C
r
C
mod p
d sends the value y
C
to the BlackBerry Router
Security Technical Overview Protecting communication with a device
81