Skip Navigation

Data flow: Sending and receiving work data from a
BlackBerry Dynamics
app on an
Android
device using
BlackBerry Secure Connect Plus

This data flow describes how data travels when a
BlackBerry Dynamics
app on an
Android Enterprise
or
Samsung Knox Workspace
device uses
BlackBerry Secure Connect Plus
.
If you are using
BlackBerry Secure Connect Plus
with
BlackBerry Dynamics
apps on an
Android Enterprise
device, it is recommended that you restrict
BlackBerry Dynamics
apps from using
BlackBerry Secure Connect Plus
to avoid network latency. You can't restrict specific apps on
Samsung Knox Workspace
devices.
If you are using
BlackBerry Secure Connect Plus
with
BlackBerry Dynamics
apps on an
Android Enterprise
device or a
Samsung Knox Workspace
device, it is recommended that you configure
UEM
not to send
BlackBerry Dynamics
app data through the
BlackBerry Infrastructure
to reduce network latency.
Diagram showing the steps and components mentioned in the following data flow.
  1. The user opens a
    BlackBerry Dynamics
    app to access work data.
  2. The device sends a request through a TLS tunnel, over port 443, to the
    BlackBerry Infrastructure
    to request a secure tunnel to the work network. The signal is encrypted by default using FIPS-140 certified
    Certicom
    libraries. The signaling tunnel is encrypted end to end.
  3. BlackBerry Secure Connect Plus
    receives the request from the
    BlackBerry Infrastructure
    through port 3101.
  4. The device and
    BlackBerry Secure Connect Plus
    negotiate the tunnel parameters and establish a secure tunnel for the device through the
    BlackBerry Infrastructure
    . The tunnel is authenticated and encrypted end to end with DTLS.
  5. BlackBerry Secure Connect Plus
    establishes a connection with
    BlackBerry Proxy
    .
  6. The
    BlackBerry Dynamics
    app establishes a connection to
    BlackBerry Proxy
    using the
    BlackBerry Secure Connect Plus
    tunnel.
  7. BlackBerry Proxy
    authenticates with the
    BlackBerry Dynamics
    app using its server certificate.
    BlackBerry Proxy
    validates the app using a MAC keyed with a session key known only to
    BlackBerry Proxy
    and the app.
  8. When the secure connection is established between
    BlackBerry Proxy
    and the app, work data can travel between the device and application or content servers behind the firewall using the
    BlackBerry Secure Connect Plus
    tunnel to
    BlackBerry Proxy
    .
    BlackBerry Secure Connect Plus
    encrypts and decrypts traffic using FIPS-140 certified Certicom libraries.