Share via

Effect of Device Management Policies on the OTA Process

  • Article

The security policies that are enforced for device management help to protect the device from threats that may originate from over-the-air (OTA) downloads or push messages.

When a push message is received, security roles are assigned to the message based on its origin. Security roles can include:

  • SECROLE_OPERATOR_TPS
  • SECROLE_PPG_TRUSTED
  • SECROLE_PPG_AUTH
  • SECROLE_TRUSTED_PPG
  • SECROLE_KNOWN_PPG

For more information, see Security Roles.

The message is then checked for the presence of the content-type parm SEC:

  • If the SEC parm is not present, the message is unsigned.
  • If the SEC parm is present and has a valid value, the message is signed.

The following diagrams illustrate the OTA process with the device management policies.

 

The OTA process, part 1

 

The OTA process, part 2

The following steps describe the OTA process for unsigned messages with the device management policies:

  1. If the message is unsigned, the default security role is assigned to the message: SECROLE_USER_UNAUTH.
  2. The Unsigned Message policy is then checked to evaluate whether the unsigned message should be discarded.If the policy allows unsigned messages, the message continues to be processed.

The following steps describe the OTA process for signed messages with the device management policies:

  1. If the message is signed, the validity of the SEC parm value is verified as follows:

    If the value of SEC is invalid, the message is discarded.

    If the value of SEC is valid, processing continues. Valid values are 0 (NETWPIN), 1 (USERPIN), 2 (USERNETWPIN) and 3 (USERPINMAC).

  2. Based on the SEC value, a security role is assigned to the message as follows:

    If the value of SEC is NETWPIN, the message is assigned SECROLE_OPERATOR.

    If the value of SEC is USERNETWPIN, the message is assigned SECROLE_OPERATOR and SECROLE_USER_AUTH.

    If the value of SEC is USERPIN, the message is assigned SECROLE_USER_AUTH.

    If the value of SEC is USERPINMAC, the message is assigned SECROLE_USER_AUTH.

  3. The WAP Message policy is applied as follows:

    If the roles assigned to the push message are insufficient, the message is discarded.

    If the roles assigned to the push message are sufficient, the message continues to be processed.

  4. The hash key is required to authenticate the signature on the message, as follows:

    If the value of SEC is NETWPIN, the network PIN or International Mobile Station Identifier (IMSI) is automatically used as the hash key.

    If the value of SEC is USERNETWPIN, the network PIN — appended by a user PIN that is requested from the user — is used as the hash key and the user is prompted to provide a user PIN.

    If the value of SEC is USERPIN, the user is prompted to provide a PIN that is used as the hash key.

  5. Given the key and the media access control (MAC), the message is authenticated as follows:

    If the message fails authentication, the message is discarded.

See Also

Physical Access Control | Security Policies and Roles WAP Push OTA Protocol Features

Send feedback on this topic to the authors.

© 2005 Microsoft Corporation. All rights reserved.