Apple iOS Server Data Encryption
To enable communication between a provider and a device, the Apple Push Notification Service (APNS) must
expose port 443. To ensure security, it must also regulate access
to this entry point. For this purpose, APNS requires two different levels of trust for providers,
devices, and their communications. These are known as connection trust and token trust.
- Connection trust establishes certainty that, on one side, the APNS connection is with an
authorized provider with whom Apple has agreed to deliver notifications. On the device side of the
connection, APNS must validate that the connection is with a legitimate device.
- Token trust is made possible through the device token. A device token is an opaque identifier of
a device that APNS gives to the device when it first connects with it. The device shares the device
token with its provider. Thereafter, this token accompanies each notification from the provider.
It is the basis for establishing trust that the routing of a particular notification is legitimate. In a
metaphorical sense, it has the same function as a phone number, identifying the destination of a