Bootstrap Security
4/8/2010
Security Policy settings define levels of security and whether Windows Mobile devices are configurable over the air (OTA). For information about setting security policies, see Security Policies.
Because the bootstrap process provides configuration data to Windows Mobile devices it is important that the server that is initiating the bootstrap process is authenticated. To provide more secure provisioning, Windows Mobile devices rely on one of the following:
- A PIN-based mechanism
- A custom signed .cab file
- A secure channel between an OMA DM server and the client device.
The security roles of the DM server account are the same as the bootstrap message unless they are explicitly set by using Role parameters.
Note
The DM server account cannot have more roles than those of the bootstrap message, and it cannot configure a role that it doesn't have.
The security roles for the DM server are assigned as follows:
- If the DM server is bootstrapped at manufacture, the server is assigned all roles implicitly.
- When bootstrapping a DM server account OTA or through Remote API (RAPI), the DM server roles are set to the Role parameter of the server account, as described in DMAcc Configuration Service Provider and the w7 APPLICATION Configuration Service Provider.
For an OTA WAP push bootstrap that is initiated by a mobile operator, the message is signed with a user PIN and a network PIN known only by the mobile operator and the device. For example, the network PIN for Global System for Mobile Communications (GSM) is the International Mobile Subscriber Identity (IMSI) number from the device's Subscriber identity Module (SIM) card. For more information about how the device authenticates an OTA push provisioning message that is signed through one of the four methods defined in the OMA Provisioning Bootstrap Specification Version 1.1, see Security Policies and Security Roles.
Note
OTA bootstrapping is disabled by default in Windows Mobile devices. For more information, see Enabling OTA Bootstrapping.
When a business uses a .cab file for bootstrapping a corporate device over the air, the .cab file is signed with a private key from the corporate certificate. The corporate certificate is sent over the air to the device by the mobile operator and is processed by the CertificateStore configuration service provider. The mobile operator must use the format supported by the CertificateStore configuration service provider. The certificate itself is a base-64 encoded certificate. The Role element specifies that this certificate has a Manager role. For more information about this role, see Security Roles. For more information about CertificateStore configuration service provider, see CertificateStore Configuration Service Provider.