Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.10
  3. BlackBerry UEM Architecture and Data Flows
  4. Receiving device configuration updates
  5. Data flow: Activating a BlackBerry Dynamics app

Data flow: Activating a 
BlackBerry Dynamics
 app

This data flow describes how data travels when a 
BlackBerry Dynamics
 app is activated.
 
Diagram showing the steps and components used when activating a BlackBerry Dynamics app
 
  1. An administrator assigns one or more 
    BlackBerry Dynamics
     apps to a user.
  2. The user installs the app on the device.
  3. If the device is not a 
    Samsung KNOX Workspace
     device and the 
    BlackBerry UEM Client
     is installed on the device, the 
    BlackBerry Dynamics
     app performs the following actions:
    1. Establishes a secure channel with the 
      BlackBerry UEM Client
       on the device. Data exchanged over the secure channel is encrypted using an AES-CBC cipher.
    2. Asks the 
      BlackBerry UEM Client
       to request an access key for the new 
      BlackBerry Dynamics
       app. The request includes a randomly generated nonce.
  4. One of the following events occurs:
    • The 
      BlackBerry UEM Client
       sends the access key request and the randomly generated nonce to the 
      BlackBerry UEM Core
      .
    • If the 
      BlackBerry UEM Client
       is not installed on the device, or if the device uses 
      Samsung KNOX Workspace
       and this is the first 
      BlackBerry Dynamics
       app activated, the administrator generates an access key to send to the user or the user logs into 
      BlackBerry UEM Self-Service
       and generates an access key.
    • If the device or 
      KNOX Workspace
       already contains an activated 
      BlackBerry Dynamics
       app, the activated app sends an access key request and the randomly generated nonce to the 
      BlackBerry UEM Core
      .
  5. The 
    BlackBerry UEM Core
     sends the requested access key to the 
    BlackBerry UEM Client
    .
  6. The 
    BlackBerry UEM Client
     provides the access key to the 
    BlackBerry Dynamics
     app.
  7. The 
    BlackBerry Dynamics
     app establishes an SSL connection with the 
    BlackBerry Dynamics NOC
     and sends it a hash of the access key.
  8. The 
    BlackBerry Dynamics NOC
     verifies the access key and, if the verification is successful, sends provisioning data, including the master link key and connection information, to the 
    BlackBerry Dynamics
     app.
  9. The 
    BlackBerry Dynamics
     app begins the process of establishing a shared secret with the 
    BlackBerry UEM Core
     by sending a secure channel setup message to the 
    BlackBerry Dynamics NOC
     over the SSL connection.
    The secure channel setup message contains a user identifier (email address), ephemeral ECDH public key, a salt value, a token, and a MAC of the message to authenticate the sender and guarantee the integrity of the message.
  10. The 
    BlackBerry Dynamics NOC
     forwards the secure channel setup message to 
    BlackBerry Proxy
     over an HTTPS connection.
  11. BlackBerry Proxy
     forwards the secure channel setup message to the 
    BlackBerry UEM Core
    .
  12.  The 
    BlackBerry UEM Core
     responds to the 
    BlackBerry Dynamics
     app. The response contains a new ephemeral ECDH public key and a MAC of the message.
  13. The 
    BlackBerry Dynamics
     app requests provisioning data from the 
    BlackBerry UEM Core
    . The request travels through the 
    BlackBerry Dynamics NOC
     and 
    BlackBerry Proxy
    .
  14. The 
    BlackBerry UEM Core
     sends encrypted provisioning data, including the master session key, app configuration data, and a list of 
    BlackBerry Proxy
     instances, to the 
    BlackBerry Dynamics
     app to complete the activation.