Share via


Bootstrapping Windows Mobile Devices

Although Microsoft® Windows® Mobile-based Smartphone and Windows Mobile-based Pocket PC, Phone Edition, can make and receive voice calls before bootstrapping the device, they cannot use a data service until the device is provisioned with information about how to connect to the Web. The bootstrap procedure provisions the device with the required connectivity data to enable access to Wireless Application Protocol (WAP) Web sites, Internet Web sites, and any third-party corporation services.

The bootstrap procedure could also optionally change the security model from the default and change the logical manager of the device. User and PIN signed messages that are sent to the mobile device are assigned the Manager role by default. The Metabase defines what role is required to change a specific setting.

The security model can be changed by sending a security policy update XML file to the device. For a description of the different security models, security roles, and security policies, and for details about how to change the security model by using XML, see Security Policies and Roles. For the list of default settings that can be modified by a message that is assigned a Manager role see the Pocket PC Developer's Reference.

The following list shows how Smartphone and Pocket PC can be bootstrapped:

  • Smartphone and Pocket PC can be preconfigured by putting the configuration XML in the appropriate ROM region so that when the device is cold booted, the device is configured.

  • The bootstrap procedure can be initiated using the over-the-air (OTA) WAP push mechanism.

    Note   The OTA bootstrap push message that is signed with the USERPIN or USERPINMAC method, as defined in the WAP Provisioning Bootstrap specification, will be discarded by the WAP-signed message policy by default. Although we do not recommend it, the original equipment manufacturer (OEM) can change this policy by putting a provisioning file in the OEM ROM region to accept those messages. The provisioning file is used to change the policy during the cold boot procedure. For a description of XML in the ROM region, see Provisioning Using a ROM Configuration XML File (PPC Only).

  • When the device is cradled to a desktop computer, the bootstrap procedure can be initiated through a desktop configuration tool.

This section describes the typical bootstrap scenarios for mobile operators and customers, various bootstrap methods, the support of standard WAP connectivity provisioning XML messages, and security mechanisms for the bootstrap procedure.

Note   All XML provisioning files must be Universal Transformation Format 8 (UTF-8) encoded.

The mobile operator can provision the device by using basic data connectivity information, Trusted Provisioning Server (TPS), and trusted Push Proxy Gateway (PPG) for continuous provisioning.

For enhanced security the recommended method for continuous provisioning is to establish a trusted PPG that is able to address devices over the cellular network using WAP Protocols. Bootstrap the device to accept user-PIN-signed WAP push messages if they originate from a trusted PPG and the PPG authenticated the push initiator.

Security Note   When provisioning a device with a PXPHYSICAL address that is an Internet IP address, it is potentially easier for expert users to elevate their privileges on the device to a higher security level. If you specify the PPG as an Internet IP address, an expert user could potentially spoof the Internet IP address; create push messages with counterfeit Internet IP source addresses to make them appear to have originated from a trusted port. Once gaining access to the private network and spoofing the Internet IP address, the expert user could send packets and make the network devices believe the packet is coming from the PPG Internet IP address. Filtering the packets of your networks over GPRS does not solve this potential security issue.

For more information on bootstrapping the devices for more secure provisioning see Bootstrapping with Basic Data Connection Information and Setting TPS for Continuous Provisioning.

See Also

Provisioning for Windows Mobile Devices | Options for Delivering Provisioning XML Files to Windows Mobile Devices

Send feedback on this topic to the authors.

© 2005 Microsoft Corporation. All rights reserved.