Skip Navigation

Data flow: Creating a 
BBM Enterprise
 conference

Diagram showing the data flow during the creation of a BBM Enterprise conference
  1. BBM Enterprise
     user that wants to host or join a conference is authorized with a secure, short-lived permission grant issued by the BBM Enterprise server, following validation of the user against their organization’s policies.
  2. The user connects to the 
    BBM Enterprise
     Conferencing server and is authenticated using the issued permission grant.
  3. The 
    BBM Enterprise
    Conferencing server initiates a conference hosting/joining flow with the 
    BBM Enterprise
     media server over a secure, authenticated connection within the BlackBerry Infrastructure.
  4. The 
    BBM Enterprise
     app and media server generate a self-signed certificate for establishing the DTLS connection in accordance with RFC5763 of DTLS-SRTP.
  5. The 
    BBM Enterprise
     app and media server exchange DTLS fingerprints via an SDP payload using a WSS (Web Secure Sockets) connection to the 
    BBM Enterprise
     Conferencing server. Exchanging DTLS fingerprints over a trusted proxy provides assurance that the eventual DTLS connection between the 
    BBM Enterprise
     app and the media server has not been subject to MITM attack.
  6. The 
    BBM Enterprise
     app and the media server negotiate SRTP encryption keys for real-time communication over the established DTLS connection in accordance with the RFC5764 specification of DTLS-SRTP and RFC3711 of SRTP.
    1. Encryption: AES-128 CTR/CM or AES-128 in GCM as per RFC3711.
    2. Message authentication and integrity: HMAC-SHA1-80 as per RFC3711.
    3. KDF: DTLS PRF and SRTP AES-CM KDF as per RFC5764
  7.   Encrypted real-time media flows directly between the 
    BBM Enterprise
     app and the media server.