Unwired Server communicates differently with replication, messaging, or Gateway applications.
- Replication applications – can use HTTP or HTTPS. By default, the data content in HTTP is unencrypted but compressed. HTTPS keeps the data confidential. For additional security, application developers can add end-to-end
encryption (E2EE), in which all the data is encrypted between the device and Unwired Server. To do this, an administrator uses a MobiLink utility to generate a key
pair. The public key is installed on the client device, and the ConnectionProfile is configured with the key location. Data
is encrypted using an AES in cipher block chaining mode; RSA handles the key
exchange.
- Messaging applications, hybrid workflow apps, and Online Data Proxy/OData applications
– network traffic is HTTP (HTTPS is not supported). Each HTTP message contains
an encrypted message. It follows this process:
- When the Messaging Server is installed, the server generates an RSA key pair.
- When
a device first contacts the server, it retrieves the public key and uses it to secure all future communication. For
performance reasons, only a small section of the data from device to server is encrypted with the public
key. Other items of note:
- Developers can pre-provision the RSA public key to the client application using Afaria.
- Administrators can enable auto-registration by setting up an application connection template in Sybase Control Center. Automatic registration means that administrator white-listing and generation of a single-use passwords is not necessary. For details, see Automatically Registering Applications in Sybase Control Center online help.
- Registration adds the user name and authorization code to a
white list. When the messaging client connects to the messaging server, it passes the user name, the activation code,
and the DeviceID to the server. The DeviceID is derived from the hardware.
- The device identified by the DeviceID is
permanently assigned to that user and added to the white list.
For every future interaction, communication session is initialized using the public key. For the remainder of the session, a rotating sequence of AES keys is used to yield better performance.
All data transferred between the device and the Messaging
Server is encrypted in this manner.
- Gateway applications – can use HTTP or HTTPS. Authentication over the channel varies:
- If BES, use a HTTP Basic authentication.
- If APNS, use Certificate authentication.