Home Library Learn Samples Downloads Support Community Forums
Microsoft Developer Network >
Device Security and certificate problems.

已锁定 Device Security and certificate problems.

已锁定

  • Thursday, December 25, 2008 4:35 PM
     
     
    Sign In to Vote
    0
     Device Security and certificate  problems.
       

    All Replies

    • Thursday, December 25, 2008 5:05 PM
       
       Answered
      Sign In to Vote
      0

      A device has the following four security configurations:


      • Locked or Mobile2Market Locked

        • With a Locked configuration, the only applications that will run are those applications that have been signed with a certificate in one of the device's certificate stores. Moreover, the use of the certificates that are in the certificate stores is controlled completely by the original equipment manufacturer (OEM), the mobile operator, or Mobile2Market.

      • Two-Tier-Prompt

        • In a Two-Tier Prompt device, the only applications that will run with privileged execution mode are those that are signed with a certificate in the privileged store. Applications that are signed with a certificate in the normal store will run with normal mode execution. Applications that are unsigned will only be allowed to run if you respond affirmatively to the security prompt that appears when you try to run a given unsigned application. After you have allowed a given application to run by responding affirmatively to the prompt, the application will always run in normal execution mode.

      • One-Tier-Prompt

        • On a One-Tier-Prompt device, applications are either executed in privileged mode or are not allowed to be executed. If you try to run an unsigned application, you will be prompted to allow the application to run, and if you respond affirmatively, the application will run with privileged mode execution.

      • Security-Off Device

        • On a Security-Off configuration, all applications will execute on privileged mode, even if they are unsigned.


      Based on the above theory, when you encounter a security problem, you can first use the device security manager tool, which can view device security configurations. Visual Studio 2008 is shipped with it. For testing purposes, you can install an SDK certificate, which includes a privileged certificate and unprivileged certificate. When you are about to release a product, you can apply an M2M certificate, because almost every OEM installs M2M in privileged stores.


      Related issues:

      http://social.msdn.microsoft.com/forums/en-US/windowsmobiledev/thread/68b5ed80-9fb9-43e3-8e43-cac9acbdb951/ 

      http://social.msdn.microsoft.com/forums/en-US/netfxcompact/thread/28d07fe4-d148-4987-9013-0e4d66629a6b/ 

      http://social.msdn.microsoft.com/forums/en-US/vssmartdevicesnative/thread/c1141350-e1b7-4e17-b866-5b6056111a97/ 


      For how to sign an application, you can refer to MSDN document:

      Step by Step: Understanding Windows Mobile Security Using the Device Security Manager




      For more FAQ about Windows Mobile Development, please see Windows Mobile Development FAQ

         
      © 2013 Microsoft. All rights reserved.