Blackberry ENTERPRISE SOLUTION SECURITY - ENTERPRISE SOLUTION - SECURITY TECHNICAL Manuel d'utilisateur télécharger pdf (Page 67)

7. The BlackBerry Enterprise Server sends the IT policy to the BlackBerry device. If the BlackBerry device cannot accept

the IT policy, the activation does not complete.

8. The BlackBerry Enterprise Server sends the appropriate service books (for example, the messaging service book, wireless

calendar service book, browser service book, and other service books) to the BlackBerry device. The user can now send

messages from and receive messages on the BlackBerry device.

9. If the user is configured for wireless synchronization, and the BlackBerry device has wireless backup and wireless

calendar synchronization turned on, the BlackBerry Enterprise Server sends user data to the BlackBerry device.

Process flow: Resending an IT policy to the BlackBerry device manually

1. In the BlackBerry® Manager, the administrator clicks a user account, and then clicks Resend IT Policy.

2. The BlackBerry Policy Service reads the current IT policy settings of the user account from the BlackBerry Configuration

Database to determine which IT policy to send to the BlackBerry device.

3. The BlackBerry Policy Service prepares to send the IT policy using the GME protocol by adding the unique identifier

and version of the BlackBerry® Enterprise Server.

4. The BlackBerry Policy Service adds the unique key that the BlackBerry Domain uses to sign IT policy data packets to

the IT policy data packet.

5. The BlackBerry Policy Service sends the IT policy data packet to the BlackBerry Dispatcher.

6. The BlackBerry Dispatcher encrypts the IT policy data packet with the master encryption key of the BlackBerry device,

compresses the content, and then sends it to the BlackBerry Router for delivery to the BlackBerry device.

7. The BlackBerry Router sends the encrypted IT policy data packet over port number 3101 to the wireless network. The

wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered on the wireless network.

Process flow: Authenticating the data on a BlackBerry device without connecting to the

BlackBerry Infrastructure

1. A user connects a BlackBerry® device to a computer that the BlackBerry® Device Manager is running on.

2. The BlackBerry Router uses a unique authentication protocol to verify that the user is a valid BlackBerry device user.

This authentication sequence uses the authentication information for the BlackBerry® Enterprise Server and the

BlackBerry device that the SRP authentication sequence uses to validate the BlackBerry Enterprise Server before

allowing it to connect to the BlackBerry® Infrastructure. The BlackBerry Router cannot access the value of the master

encryption key on the BlackBerry device and the BlackBerry Enterprise Server.

3. The BlackBerry device and the BlackBerry Router use the BlackBerry Device Manager to send data to one another over

the physical connection, behind the firewall. All data that the BlackBerry device and the BlackBerry Enterprise Server

send to each other is compressed and encrypted. This data bypasses the wireless network.

The movement of wireless data over an SRP connection is restored when the user disconnects the BlackBerry device

from the computer or closes the BlackBerry Device Manager.

Feature and Technical Overview

BlackBerry device management process flows

1 2 ... 62 63 64 65 66 67 68 69 70 71 72 73 74 75

Pas de commentaire

Blackberry ENTERPRISE SOLUTION SECURITY - ENTERPRISE SOLUTION - SECURITY TECHNICAL Manuel d'utilisateur Page 67