Feature and Technical Overview

Local Navigation

BlackBerry device management process flows

Process flow: Activating a BlackBerry device over the wireless network

A user receives or purchases a new BlackBerry® device.

  1. The user contacts your organization's IT department to activate the BlackBerry device.
  2. You create a temporary activation password for the user account and communicate the password to the user. The password applies to the user account only.
  3. To activate the BlackBerry device over the wireless network, the user opens the activation application on the BlackBerry device and types the appropriate email address and activation password.
  4. The BlackBerry device sends an activation request message to the email account. The message contains information about the BlackBerry device, such as routing information and the public keys for the BlackBerry device.
  5. The BlackBerry® Enterprise Server sends the BlackBerry device an activation response that contains routing information about the BlackBerry Enterprise Server and the public keys for the BlackBerry Enterprise Server.

    The BlackBerry Enterprise Server and BlackBerry device establish a device transport key. The BlackBerry Enterprise Server and BlackBerry device confirm knowledge of the device transport key to each other. If the confirmation is successful, the activation proceeds and further communication between the BlackBerry Enterprise Server and BlackBerry device is encrypted.

    The BlackBerry Enterprise Server sends an IT policy to the BlackBerry device. If the BlackBerry device cannot accept the IT policy, the activation process does not complete.

    The BlackBerry Enterprise Server sends the appropriate service books (for example, the messaging service book, wireless calendar service book, browser service book, and other service books) to the BlackBerry device. The user can now send messages from and receive messages on the BlackBerry device.

  6. If the user account is configured for wireless synchronization, and if wireless backup and wireless calendar synchronization on the BlackBerry device are turned on, the BlackBerry Enterprise Server sends user data to the BlackBerry device.

Process flow: Resending an IT policy to a BlackBerry device manually

  1. You click a user account, and then click Resend IT Policy.
  2. The BlackBerry® Policy Service reads the current IT policy settings for the user account from the BlackBerry Configuration Database to determine which IT policy to send to the BlackBerry device.

    The BlackBerry Policy Service prepares to send the IT policy using the GME protocol by adding the unique identifier and BlackBerry® Enterprise Server version.

    The BlackBerry Policy Service adds the unique key that the BlackBerry Domain uses to sign IT policy data packets to the IT policy data packet.

    The BlackBerry Policy Service sends the IT policy data packet to the BlackBerry Dispatcher.

  3. The BlackBerry Dispatcher encrypts the IT policy data packet using the device transport key of the BlackBerry device, compresses the content, and sends it to the BlackBerry Router for delivery to the BlackBerry device.
  4. The BlackBerry Router sends the encrypted IT policy data packet to the wireless network over port 3101. The wireless network verifies that the PIN belongs to a valid BlackBerry device that is registered with the wireless network.

Process flow: Authenticating data on a BlackBerry device without connecting to the BlackBerry Infrastructure

  1. A user connects a BlackBerry® device to a computer that the BlackBerry® Device Manager is running on.
  2. The BlackBerry Router uses a unique authentication protocol to verify that the user is a valid BlackBerry device user.

    The authentication sequence uses the same authentication information for the BlackBerry® Enterprise Server and BlackBerry device that the SRP authentication sequence uses to validate the BlackBerry Enterprise Server before permitting it to connect to the BlackBerry® Infrastructure. The BlackBerry Router cannot access the value of the device transport key of the BlackBerry device and BlackBerry Enterprise Server.

  3. The BlackBerry device and BlackBerry Router use the BlackBerry Device Manager to send data to each other over the physical connection, behind the firewall. All the data that the BlackBerry device and BlackBerry Enterprise Server send to each other is compressed and encrypted. This data bypasses the wireless network.

    The transfer of wireless data over an SRP connection is restored when the user disconnects the BlackBerry device from the computer or closes the BlackBerry Device Manager.


Was this information helpful? Send us your comments.