Data flow: Sending and receiving work data using

BlackBerry Secure Connect Plus

The user opens an app to access work data from a content or application server behind your organization's firewall.

On
Android Enterprise
, and
Samsung Knox Workspace
devices, all work apps can use
BlackBerry Secure Connect Plus
.
On
iOS
devices, you specify whether all apps or only specified apps can use
BlackBerry Secure Connect Plus
.

The device determines that a secure IP tunnel is the most direct, cost-efficient method available to connect to the application or content server to retrieve the data and sends a requests through a TLS tunnel, over port 443, to the

BlackBerry Infrastructure

for a secure tunnel to the work network. By default, the signal is encrypted using FIPS-140 certified Certicom libraries. The signaling tunnel is encrypted end-to-end.

BlackBerry Secure Connect Plus

receives the request from the

BlackBerry Infrastructure

through port 3101.

The device and

BlackBerry Secure Connect Plus

negotiate the tunnel parameters and establish a secure tunnel for the device through the

BlackBerry Infrastructure

. The tunnel is authenticated and encrypted end-to-end with DTLS.

The app uses the tunnel to connect to the application or content server using standard IPv4 protocols (TCP and UDP).

BlackBerry Secure Connect Plus

transfers the IP data to and from your organization's network.

BlackBerry Secure Connect Plus

encrypts and decrypts traffic using FIPS-140 certified Certicom libraries.

The app receives and displays the data on the device.

As long as the tunnel is open, supported apps use it to access network resources. When the tunnel is no longer the best available method to connect to your organization's network,

BlackBerry Secure Connect Plus

terminates it.