Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 - Instalační příručka stáhnout pdf (Strana 28)

BlackBerry Enterprise Solution Security

Protecting the BlackBerry Infrastructure connections 28

Changing the BlackBerry configuration database

If you move the BlackBerry device to a BlackBerry Enterprise Server that uses a different BlackBerry

configuration database, you or a user must erase all user and application data, the BlackBerry device master

encryption key, and the IT policy public key from the BlackBerry device. See “Erasing data from BlackBerry

device memory and making the BlackBerry device unavailable” on page 41 for more information.

You or the user must initiate regeneration of a new, unique master encryption key. The new BlackBerry

Enterprise Server must generate a unique IT policy private and public key pair and digitally sign and send the

Default IT policy and the IT policy public key to the BlackBerry device before the BlackBerry device can

communicate with the new BlackBerry Enterprise Server.

The new BlackBerry configuration database stores the new BlackBerry Enterprise Server name and the

BlackBerry device master encryption key and IT policy private key.

BlackBerry MDS Services databases

The BlackBerry MDS Services store their database access credentials in plain text form in

INSTALL_DIR\BlackBerry MDS Services 4.1.0\jakarta-tomcat-5.5.9\conf\server.xml. To protect the access

credentials in that storage location, you must

• use a separate SQL login account to install and manage the BlackBerry MDS Services databases

• assign read and write control to that location to a separate BlackBerry MDS Services SQL login account only

See the BlackBerry Enterprise Server Installation Guide for more information.

Protecting the BlackBerry Infrastructure connections

The BlackBerry Enterprise Server is designed to communicate with the BlackBerry Infrastructure using SRP

authentication. The BlackBerry Enterprise Server contacts the BlackBerry Infrastructure to establish an initial

connection using SRP. The BlackBerry Enterprise Server and the BlackBerry Infrastructure perform an

authentication handshake when they attempt to establish a connection. If the authentication fails, they do not

establish a connection.

After the BlackBerry Enterprise Server and the BlackBerry Infrastructure establish an initial connection over the

Internet, the BlackBerry Enterprise Server uses a persistent TCP/IP connection to send data to the BlackBerry

Infrastructure. The BlackBerry Infrastructure uses standard protocols to send data to the BlackBerry device.

A BlackBerry device can bypass SRP connectivity and authentication by using the BlackBerry Router to connect

directly to the BlackBerry Enterprise Server. The BlackBerry Enterprise Server can communicate with the

BlackBerry Router using a combination of the SRP and BlackBerry Router authentication protocols.

SRP authentication

SRP is designed to perform the following actions when the BlackBerry Enterprise Server and BlackBerry

Infrastructure establish an authenticated connection and subsequently transfer data between them.

SRP action Description

authenticate the BlackBerry

Infrastructure to the

BlackBerry Enterprise Server

and the BlackBerry Enterprise

Server to the BlackBerry

Infrastructure

The BlackBerry Infrastructure and the BlackBerry Enterprise Server

authenticate with each other before they can transfer data. The

authentication handshake sequence depends on a shared secret encryption

key (the SRP authentication key) on both the BlackBerry Enterprise Server

and the BlackBerry Infrastructure. If at any point in the authentication

handshake sequence the authentication fails, SRP terminates the

connection.

www.blackberry.com

1 2 ... 23 24 25 26 27 28 29 30 31 32 33 ... 51 52

Komentáře k této Příručce

Žádné komentáře

Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 - Instalační příručka Strana 28

Komentáře k této Příručce

Související produkty a manuály pro Software Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 -