Certificate Management and Application Signing for Mobile Operators
4/8/2010
The operator can sign applications or files that can be loaded on the device after the device leaves the factory. To modify device configuration, the operator uses cab provisioning files that are deployed in various ways. To deploy applications and cab provisioning files, the operator can operate a PKI hierarchy for code signing. The following table shows an example of an operator PKI hierarchy.
Certificate | Included in the device? |
---|---|
Operator Windows Mobile Privileged Root |
Yes Included in the Privileged Certificate Store. Included in the Software Publisher Store (SPC) with role mask = 222. |
Operator Windows Mobile Privileged Intermediate CA (optional) |
No |
Operator Self Windows Mobile Privileged Code Identity |
No |
Operator Vendor A Privileged Code Identity |
No |
Operator Vendor B Privileged Code Identity |
No |
Operator Windows Mobile Normal Root |
Yes Included in the Normal Certificate Store. Included in the SPC with role mask = 16. |
Operator Windows Mobile Normal Intermediate CA (optional) |
No |
Operator Self Windows Mobile Normal Code Identity |
No |
Operator Vendor A Normal Code Identity |
No |
Operator Vendor B Normal Code Identity |
No |