Enabling OTA Bootstrapping
OTA bootstrapping is disabled by default on Windows Mobile-based devices. The device will not initially accept provisioning messages sent over the air by way of Wireless Access Protocol (WAP). To bootstrap your device(s) OTA do the following:
Before shipping, your OEM must add the OPERATOR role to the Wireless Access Protocol (WAP) Signed Message policy and Grant Manager policy. This will enable the device to accept, over the air, messages that are signed with both a USER PIN and NETWORK PIN.
If needed, the OEM can provision the device with this setting after manufacture as described in How To Change Security Policies. The following example shows how to change those policies.
<characteristic type="SecurityPolicy"> <parm name="4119" value="132"/> <parm name="4107" value="3204"/> </characteristic>
After deployment send a Wireless Access Protocol (WAP) OTA bootstrap message to set the Provisioning Server address along with other corresponding data connectivity settings, and change the security settings by removing the Operator role from the Wireless Access Protocol (WAP) signed message policy and grant manager policy. The bootstrap message must be signed with user pin and network pin.
The following is the example shows how to change those policies.
<characteristic type="SecurityPolicy"> <parm name="4119" value="128"/> <parm name="4107" value="3200"/> </characteristic>
After the device has been configured with the Provisioning Server and related settings you must then ensure that OTA messages can only be received from the Provisioning Server.
See Also
Bootstrapping Windows Mobile-Based Devices
Send Feedback on this topic to the authors