Blackberry Activation Process
Blackberry Activation Process
The enterprise activation process is designed to allow a BlackBerry device to be wirelessly activated on the BlackBerry Enterprise Server. With this process, you can wirelessly manage encryption keys and service book records.
Pre-requisites for enterprise activation
Before setting up an enterprise activation process, verify that the following conditions are met:
* The service provider has provisioned the BlackBerry device with the BlackBerry Enterprise Server service class. * The BlackBerry device user account is added to the BlackBerry Enterprise Server. * The BlackBerry Enterprise Server is correctly configured to access the BlackBerry device user's mailbox. See KB02276 for information on BlackBerry Enterprise Server administration account permissions. * An activation password is set for the BlackBerry device user account.
Note: For instructions on setting up an enterprise activation process, see KB03674.
Once the conditions listed above are met, the BlackBerry Enterprise Server monitors the mailbox for new messages, including the ETP.DAT activation message that will be sent from the BlackBerry device.
The following scenario outlines the steps used to prepare for a wireless enterprise activation process:
1. A BlackBerry device user receives a new BlackBerry device and contacts you to activate it. 2. You set the enterprise activation password on the BlackBerry device user’s account and communicate it to the BlackBerry device user.
In this period (before the BlackBerry device user initiates activation), the account status is Initializing.
Stages of the enterprise activation process
This section provides an overview of the four stages of the enterprise activation process.
Stage 1 - Activation
1. The BlackBerry device user types the email address and activation password in the Enterprise Activation application on the BlackBerry device. 2. The BlackBerry device creates an encrypted activation message containing an ETP.DAT file and sends it using the wireless network to the BlackBerry device user's mailbox.
The ETP.DAT message contains information about the BlackBerry device such as routing information and the BlackBerry device’s activation public keys.
The ETP.DAT message is routed through the BlackBerry® Infrastructure to the BlackBerry device user's mailbox as a standard message with an attachment. See the Role of the ETP.DAT message in the enterprise activation process section in this article for more information on the ETP.DAT message.
When the ETP.DAT message is sent, the BlackBerry device displays a status of Activating.
Stage 2 - Encryption verification
1. When the ETP.DAT message arrives at the messaging server, the BlackBerry Messaging Agent checks the message contents. 2. The BlackBerry Enterprise Server processes the data attached to the message, first verifying that the encrypted password matches the one set for the BlackBerry device user. If it matches, the BlackBerry Messaging Agent generates a new permanent encryption key using either Triple Data Encryption Standard (Triple DES) or Advanced Encryption Standard (AES) and sends it to the BlackBerry device.
The BlackBerry device displays a status of Verifying Encryption.
Stage 3 - Receiving services
1. The BlackBerry Enterprise Server and the BlackBerry device establish a master encryption key. The BlackBerry device and the BlackBerry Enterprise Server verify their knowledge of the master key to each other. 2. The BlackBerry device implements the new encryption key and displays the following message:
Encryption Verified. Waiting for Services. 3. The BlackBerry Messaging Agent forwards a request to the BlackBerry Policy Service to generate service books. The BlackBerry Policy Service receives and queues the request, and then sends out an IT policy update to the BlackBerry device. 4. The BlackBerry device registers that the policy is applied successfully. 5. The BlackBerry Policy Service generates and sends the service books to the BlackBerry device, which is now able to send messages and displays the Services Received status. The BlackBerry device then displays the following message:
Your email address, <email@example.com> is now enabled. Synchronization service Desktop [S<SRP_Identifier>]
Stage 4 - Slow synchronization
1. Once the [CMIME] service book has arrived, the BlackBerry device will be able to reconcile messages with the BlackBerry device user's email account. You can configure reconciliation as required. All the service books should arrive at the same time, but only the [CMIME] is required for email reconciliation. 2. The BlackBerry device registers the receipt of its service books to the BlackBerry Enterprise Server and the activation process completes. The message Activation Complete is shown. 3. The slow synchronization process begins with a BlackBerry device request, synchronizing data from the calendar first (using the [CICAL] service book) and then the other organizer databases with the BlackBerry device. 4. For wireless synchronization to occur, the Desktop [SYNC] service book is sent to the BlackBerry device. The [SYNC] service book allows for organizer data synchronization, wireless backup and restore capability, and synchronization of email settings and filters.
The process is managed by the BlackBerry Messaging Agent for the Calendar, and the BlackBerry Synchronization Service for the remaining organizer databases. For more information on wireless organizer synchronization and the slow synchronization protocol, see KB03804. 5. The appropriate service books and IT policies are sent from the BlackBerry Enterprise Server to the BlackBerry device. The BlackBerry device user is now able to send and receive email messages on the BlackBerry device. 6. If the BlackBerry device user is configured for wireless organizer data synchronization and wireless backup, the BlackBerry Enterprise Server will send the following data to the BlackBerry device: * Calendar entries * Address Book entries * Tasks * Memos * Email messages * Existing BlackBerry device options that were backed up through automatic wireless backup
When the enterprise activation process is complete, the BlackBerry device displays a status of Activation Complete.
Role of the ETP.DAT message in the enterprise activation process
During the enterprise activation process, the BlackBerry device sends a message containing an ETP.DAT file, which contains activation information, to an activation email address stored on the BlackBerry device.
Once the BlackBerry device user selects Activate in the Enterprise Activation application on the BlackBerry device, the following actions occur:
1. The ETP.DAT message is sent to the BlackBerry Infrastructure, which forwards it to the email address that was typed in the Enterprise Activation application. 2. The BlackBerry Enterprise Server, which monitors the BlackBerry device user’s mailbox, picks up the ETP.DAT message. The activation process begins. 3. The BlackBerry Enterprise Server sends the acknowledgement and encryption information to the BlackBerry device. 4. The IT policy is sent to the BlackBerry device. Once the BlackBerry Enterprise Server verifies that the policy has been applied successfully, it sends the required service books to the BlackBerry device. 5. When the BlackBerry Enterprise Server has sent all the required information to the BlackBerry device, the following message is displayed:
Your email address “<firstname.lastname@example.org>” is now enabled 6. The slow synchronization process begins.