Black Box Version 1.0 Manual de usuario descargar pdf (Pagina 7)

Notifications - Server

• Short message

–Payload <= 256 bytes

• Sent in JSON format

• Addressed by the DeviceToken

• Signed by originator and sent to Apple

(image source: Apple)

0 320 (binary data) 0 34 {"aps":{"alert":"You have mail"}}

Cmd

Token

Length

Device Token

Payload

Length

Payload (JSON encoded)

MDM Notifications

• Does not have the “aps{}” field

• Instead, single string “mdm”

• Value is another token, “PushMagic”

• PushMagic, DeviceToken, and Certificate ID

–Together authenticate MDM push message

0 320 (binary data) 0 47

{"mdm":"040ac7bf-391a-4a36-

a8ab-47bd380afd33"}

Cmd

Token

Length

Device Token

Payload

Length

Payload (JSON encoded)

Once the provider has the Device Token, they can send push

notiﬁcations to the device. The payload is JSON formatted, and total

length (including JSON structure) limited to 256 bytes. The Device

Token and some framing information are prepended to the payload, and

the whole bit is wrapped and signed by the Push Notiﬁcation certiﬁcate

obtained from Apple.

Once received by Apple, the notiﬁcation is sent to whichever device

corresponds to the Device Token (presuming it’s got an active APNS

session), and thus, the notiﬁcation is delivered.

MDM notiﬁcations are pretty similar, but instead of the top-level “aps{}”

dictionary, the payload contains only a top-level string named “mdm”.

The contents of that string are another token provided by the device

during enrollment, the “Push Magic” token.

So the device needs to have match three items in order for a push

notiﬁcation to trigger an MDM response: The Device Token (without

which the notiﬁcation will never reach the device), and the Push Magic

token (without which the MDM client will just discard the notiﬁcation).

Finally, the “Subject Name / User ID” ﬁeld in the push notiﬁcation

certiﬁcate used to sign the notiﬁcation must match the “Topic” ﬁeld in the

MDM proﬁle.

These three items, especially the User ID on the certiﬁcate signed by

Apple, together make it fairly difﬁcult (if not impossible) to forge a push

notiﬁcation to the MDM client on the device.

1 2 3 4 5 6 7 8 9 10 11 12 ... 30 31

Comentarios a estos manuales

Sin comentarios

Black Box Version 1.0 Manual de usuario Pagina 7

Comentarios a estos manuales

Relacionado con productos y manuales para Redes Black Box Version 1.0