Certificate Management and Application Signing for Mobile Operators
The operator can sign applications or files that can be loaded on the device after the device leaves the factory. To modify device configuration, the operator uses cab provisioning files (cpf) that are deployed in various ways. To deploy applications and cpf files, the operator can operate a PKI hierarchy for code signing. The following table shows an example of an operator PKI hierarchy.
| Certificate | Included in the device? |
|---|---|
| Operator Windows Mobile Privileged Root | Yes
Included in the Privileged Certificate Store. Included in the Software Publisher Store (SPC) with role mask = 222. |
| Operator Windows Mobile Privileged Intermediate CA (optional) | No |
| Operator Self Windows Mobile Privileged Code Identity | No |
| Operator Vendor A Privileged Code Identity | No |
| Operator Vendor B Privileged Code Identity | No |
| Operator Windows Mobile Unprivileged Root | Yes
Included in the Unprivileged Certificate Store. Included in the SPC with role mask = 16. |
| Operator Windows Mobile Unprivileged Intermediate CA (optional) | No |
| Operator Self Windows Mobile Unprivileged Code Identity | No |
| Operator Vendor A Unprivileged Code Identity | No |
| Operator Vendor B Unprivileged Code Identity | No |
Send Feedback on this topic to the authors