Windows Device Management Architecture

We can manage a device by provisioning [8] it. Provisioning a device involves creating a provisioning XML file that contains configuration information, and then sending the file to the device, Configuration Manager and Configuration Service Providers built in mobile devices configure the device based on the contents of the provisioning XML file.

Configuration Service Providers execute configuration requests by changing or querying the values of settings. The Configuration Manager sends configuration requests to the

Configuration Service Providers in XML format.

- 16 -

Figure 6 – Configuration Manager operation of smartphone

4.2 Messages Delivery Method

There are a number of options for delivering provisioning files to Windows Mobile-based devices. 1. Send over the air (OTA): A device can be provisioned OTA by either a one-time push, or by using a two-way communication between server and client called continuous provision. Windows Mobile Version 5.0 uses Open Mobile Alliance (OMA) device

management standards for OTA provisioning. The form of the Provisioning file is dependent upon the two protocols: OMA Client Provisioning --- A one-way Wireless Application Protocol ( WAP ) push. The other is OMA Device Management ( DM ) --- Continuous provisioning. A provisioning XML file in a CAB provisioning Format (.cpf) file can also be pulled by the device over HTTP or Internet Explorer Mobile. 2. Download in a CAB provisioning Format (.cpf) file. 3. Send through Remote API (RAPI): Provisioning XML can be downloaded from the desktop, using the RAPI in ActiveSync to push the file to a device.4. Send through DMProcessConfigXML API: OEMs and application developers can provision a device by

using the DMProcessConfigXML function. 5. Provision during manufacture: the OEM can burn the file in flash memory and configure the device such that the file is loaded during the cold or warm boot procedure.

In the research, we take Remote API delivery method to implement the inhibition system and simulate the possible conditions, because OMA Client Provisioning and OMA Device

Management ( DM ) need to set up complicated communication channel between DM server and mobile devices. Downloading a CAB file is inconvenient to package up the XML file. The others are belonging to OEM manufacture for provisioning.

4.3 Security Policy

Security policies are used for configuring security settings that are then enforced with the help of security roles and certificates. They provide the flexibility to control the level of

security on the device. The policies are defined globally and enforced locally in their respective components.

The security policy [10] is set during boot by executing a configuration file called provxml.

provxml. This provisioning file is in ROM and it contains the default setting specified by the OEM.

The security policies are loaded onto Microsoft Windows Mobile-based devices in a security policy-provisioning document, which is an XML file that is assigned the correct security role to apply the security settings to the device. These security policies are enforced at critical points across the architecture of the device. Often, these policies will interact with Configuration Manager and the metabase security settings. When the security policy document is delivered to the device, it is validated and verified by the Push Router, administered by Configuration Manager, and then applied by the Security Policy Configuration Service Provider.

- 18 -

Figure 7 - The Security Policy and Operation

For example, Grant Manager Policy, its Policy ID is 4119, the setting grants the system administrative privileges held by SECROLE_MANAGER to other security roles, without modifying metabase role assignments. The configuration manager enforces the Grant

Manager policy. Default value is OPERATOS_TPS for Windows Mobile-based Smartphone.

The required role to modify this policy is SECROLE_MANAGER. We need to realize RAPI

Policy to configure mobile devices via RAPI. RAPI Policy, its Policy ID is 4097, the setting restricts the access of remote applications that are using Remote API (RAPI) to implement ActiveSync operations on Windows Mobile-based devices. Default value is 2 for Windows Mobile-based Pocket PC and Smartphone.

The following list shows the possible values:

”0” indicates that the ActiveSync service is shut down. RAPI calls are rejected.

”1” indicates full access to ActiveSync is provided. RAPI calls are allowed to process without restrictions.

“2” indicates that access to ActiveSync is restricted to the

SECROLE_USER_AUTH( User Authenticated ) role. RAPI calls are checked against this role mask before they are granted.

4.4 Bootstrapping Windows Mobile-Based Devices

Bootstrapping is initially configuring a device so that it can be continuously provisioned by a trusted agent. Bootstrapping a Windows Mobile-Based device usually involves configuring the device with the following information: Trusted Provisioning Server (TPS), Trusted Push Proxy Gateway, WAP connectivity, GPRS connectivity, and Changes to the default security model. In the front section, Security Policy settings define levels of security and whether Windows

Mobile-based devices are configurable. The bootstrap process provides configuration data to Windows Mobile-based devices. It is important that the server that is initiating the bootstrap process is authenticated over-the-air (OTA). To provide more secure provisioning, Windows Mobile-based devices rely on one of the following:

• A PIN-based mechanism

• A custom signed .cab file

• A secure channel between an OMA DM server and the client device.

- 20 -

The security roles of the DM server account are the same as the bootstrap message unless using role parameters explicitly sets them.

The security roles for the DM server are assigned as follows:

• If the DM server is bootstrapped at manufacture, the server is assigned all roles implicitly.

• When bootstrapping a DM server account over the air (OTA) or through Remote API (RAPI), the DM server roles are set to the Role parameter of the server account. For an OTA Wireless Application Protocol (WAP) push bootstrap that is initiated by a mobile operator, the message is signed with a user PIN and a network PIN known only by the mobile operator and the device. For example, the network PIN for Global System for Mobile Communications (GSM) is the International Mobile Subscriber Identity (IMSI) number from the device's Subscriber identity Module (SIM) card.

When a business uses a .cab file for bootstrapping a corporate device over the air, the .cab file is signed with a private key from the corporate certificate. The corporate certificate is sent over the air to the device by the mobile operator and is processed by the CertificateStore Configuration Service Provider. The mobile operator must use the format supported by the CertificateStore Configuration Service Provider. The certificate itself is a base-64 encoded certificate. The Role element specifies that this certificate have a Manager role.

We enable Remote API (RAPI) bootstrapping of mobile devices in the simulate platform.

The Remote API Security policy is set to RESTRICTED by default. Under this policy the device will only receive RAPI messages that are assigned the MANAGER role (SECROLE_

MANAGER). By default the Authenticated User role does not have MANAGER privileges.

With this default setting, we cannot make all of the configuration changes required to bootstrap the device. For example, we cannot change security settings.

To enable bootstrapping by using RAPI we must first give MANAGER privileges to the Authenticated User role. After bootstrapping the device we must then remove those privileges to ensure that subsequent RAPI messages will not have unrestricted access to the device.

This enables the device to accept RAPI messages that require MANAGER privileges. If needed, the OEM can provision the device with this setting after manufacture. The following example shows how to change the GRANT MANAGER policy to add SECROLE_

MANAGER. The OEM would include this in the provisioning XML file that uses the Security Policy Configuration Service Provider.

<wap-provisioningdoc>

<characteristic type="SecurityPolicy">

<parm name="4119" value="8">

</characteristic>

<!-- other settings -->

</wap-provisioningdoc>

1. After we receive the device, we must do the following:

• Use the desktop configuration tool (rapiconfig.exe) to bootstrap the device over

• At the end of our bootstrap message change the Grant Manager policy to remove

SECROLE_ MANAGER. This ensures that subsequent RAPI messages will not have MANAGER privileges.

The following XML example shows how to change the Grant MANAGER policy to remove SECROLE_ MANAGER after the device has been bootstrapped.

• <wap-provisioningdoc>

• <characteristic type="SecurityPolicy">

• <parm name="4119" value="128">

- 22 -

• </characteristic>

• <!-- other settings -->

</wap-provisioningdoc>

After bootstrapping the device, Provisioning XML file will change configuration settings with MANAGER role.

The mobile devices settings that we can access are determined by roles. We get a role when we try to access Configuration Manager. The following table shows the roles for each device type.

4.5 Procedure for inhibiting function in Smartphone

First of all, we use Bluetooth technology as the connection method and enable the desktop PC Bluetooth function. Browsing the mobile device and building up the connection with ActiveSync.

ActiveSync provides support for synchronizing data between a Windows-based desktop computer and Microsoft Windows CE .NET-based portable devices. ActiveSync [12] supplies the following features for the Windows CE-based device: Backing up and restoring device data, Installing and removing programs. It also supports the following interactions between the desktop computer and the Windows CE-based device: Data synchronization, File conversion between the desktop computer and device formats, Importing and exporting database tables, and preparing the desktop for remote connections.

Figure 8 –Bluetooth Function Enable

- 24 -

Figure 9 –Bluetooth Connection Setting

Figure 10 – Mobile Device Connect Desktop PC

The second, we must choose a method of delivery, Remote API (RAPI), then query device policies before changing them that means to create a provisioning XML file that queries the device settings. RAPI transfers XML format to mobile device after building up Microsoft ActiveSync connection. Nevertheless, the RAPI executes in DOS mode, it is hard to operate and compose the XML command file. I add the Graphic User Interface (GUI ) : Smart XML 1.0 on it, it supports to compose the XML file and send and receive messages between sensor network and mobile devices.

The Smart XML 1.0 GUI also displays sent XML contents and replied messages from smartphone.

Figure 11 – Smart XML 1.0(RAPI utility)

The third, the simulate platform uses the following development utility: Windows CE Registry Editor to query mobile device registry settings. We use registry editor to show the registry key and value of Windows mobile. The registry [11] key and value were recorded the significant parameters and flags of functions or modules. So we can change smartphone behaviors or functions by modifying registry key and value.

- 26 -

Figure 12 – Windows CE Registry Editor

Summarize the above descriptions, sensor network connect smartphone via Bluetooth, then open Microsoft ActiveSync and Smart XML 1.0 to query and bootstrap the security registry.

We prepare registry XML file for inhibition and send it to mobile devices. The mobile device manager of smartphone will receive the XML and trigger registry CSP to change specific registry. For example, we send the camera inhibition registry message. The smartphone will automatically disable camera function. In the research, we also program to modify [13] the registry via embedded VC++ instead of XML file. There are two samples for camera inhibition:

CamInhibition and CamDaemon. CamInhibition program [14] can change camera registry to turn off photography function of smartphone. CamDaemon program responds to monitor inhibition periods by timestamp. If the CamDaemon check if timestamp is out of date, that means there is no inhibition messages. It will release the inhibition registry and turn on photography function of smartphone.

The following list the registry path and value of Font Size, Sound, Security, and Camera, Operation mode.

Font Size

<wap-provisioningdoc>

<characteristic type="Registry">

<characteristic type="HKCU\ControlPanel\Accessibility">

<parm name="FontSize" value="1"/>

</characteristic>

</characteristic>

</wap-provisioningdoc>

Security : enable for RAPI

<wap-provisioningdoc>

<characteristic type="SecurityPolicy">

<parm name="4097" value="1"/>

</characteristic>

</wap-provisioningdoc>

Camera :turn on

<wap-provisioningdoc>

<characteristic type="Registry">

<characteristic type="HKCU\Software\IA Style\IA Capture for Smartphone (Smartphone)\2.55\Strings">

<parm name="Video Prefix" value="VIDEO"/>

<parm name="Image Prefix" value="IMAGE"/>

- 28 -

<characteristic type="Registry">

<characteristic type="HKCU\ControlPanel\Sounds\RingTone0">

<parm name="Sound" value="\Storage\Application Data\Sounds\Surface.wma"/>

</characteristic>

</characteristic>

</wap-provisioningdoc>

Sound: turn off

<wap-provisioningdoc>

<characteristic type="Registry">

<characteristic type="HKCU\ControlPanel\Sounds\RingTone0">

<parm name="Sound" value="*none*"/>

</characteristic>

</characteristic>

</wap-provisioningdoc>

Operation Mode: change normal

<wap-provisioningdoc>

<characteristic type="Registry">

<characteristic type="HKCU\ControlPanel\Profiles">

<parm name="ActiveProfile" value="Normal"/>

</characteristic>

</characteristic>

</wap-provisioningdoc>

Operation Mode: change silent

<wap-provisioningdoc>

<characteristic type="Registry">

<characteristic type="HKCU\ControlPanel\Profiles">

<parm name="ActiveProfile" value="Silent"/>

</characteristic>

</characteristic>

</wap-provisioningdoc>

- 30 -

4.6 Implementation Limitation

Mobile devices always belong to an embedded system that is various type of computer system or computing device that performs a dedicated function and/or is designed for use with a specific embedded software application. Embedded systems may use a combination of

‘Read-only’ as well as with ‘Read-Write’ based operation system. But it is not usable as a commercially viable substitute for general-purpose computers or devices. It normally guarantees a certain capability within a specified storage size and time constraint as well as with application programs. It has very-likely structure of a normal operating system however mainly differentiated by some factors such as type of pre-installed device, functional limits, and taking designed job only.

So smartphone have several class of security management. We were not allowed to access the registry until we got the proper security role. Moreover, some of specific registry changed isn’t effective, it need to reboot the smartphone to reload the application.

5. Conclusion

5.1 Research Summary

Technology continuously develop, Mobile life brings us convenient. It gradually became to hardly separate from human activities. The passive data security maintenance or privacy protection are not sufficient, we need to develop the positive function inhibition of mobile devices.

This thesis aims to propose a new design prototype for actively security protection. Using a wireless sensor network to inhibit recording capability of portable devices could be a smart and cost efficient way. In the research, this can be achieved as long as the mobile device can

recognize the inhibition message/signals from the wireless sensor networks.

The wireless sensor networks transmit an inhibition message to the mobile devices; mobile devices control modules will parse the message. According to the parsed inhibition actions, the mobile devices proceed to inhibit the forbidding function. Besides, the mobile devices can periodically inquire if any inhibition messages, if there is no the banned messages, the mobile device eliminates the inhibition to cause the original function and reply normal state.

5.2 Direction in the future

Nowadays, Mobile device hardware and software was designed for more functionality and operational capability. For example, taking photography with more million pixels and high quality dots per inch (dpi), or producing a great and clear sound.

In the future, Mobile business must become the big part of human life. We need to more focus on humanity and develop smarter mobile device in the world.

Reference

[1] Cellphones could disrupt airplane systems, Posted by Thomas Ricker, Carnegie Mellon University say,

http://www.engadget.com/2006/03/01/cellphones-could-disrupt-airplane-systems-study/

[2] www.Dajiyuan.com, http://www.epochtimes.com/b5/5/2/22/n822700.htm, mobile phone interference in New York

[3] David Blankenbeckler, “An Introduction to Bluetooth”, <

http://www.wirelessdevnet.com/channels/bluetooth/features/bluetooth.html >, Wireless Developer Network.

[4] Intelligraphics ,”Introduction to IEEE 802.11”

<http://www.intelligraphics.com/articles/80211_article.html>

[5] Microsoft Download Center, “SDK for Window Mobile 2003-based Smartphones”,

- 32 -

http://www.microsoft.com/downloads/details.aspx?FamilyId=A6C4F799-EC5C-427C-807C-4 C0F96765A81&displaylang=en, Leveraging the Microsoft® .NET Compact Framework

[6] Microsoft Download Center, ”eMbedded Visual C++ 4.0”,

http://www.microsoft.com/downloads/details.aspx?familyid=1DACDB3D-50D1-41B2-A107-F A75AE960856&displaylang=en, Delivers a complete desktop development environment for creating applications and system components for Windows ® CE .NET-powered devices.

[7] Mattscholey, ”Cool things to do with your smartphone”, MODACO Smartphone, http://www.modaco.com/index.php?showtopic=94657&hl=smartphone+camera, from Manchester, UK, June 22, 2003

[8] “Device Management Architecture”,

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/mobilesdk5/html/wce51conde vicemanagementarchitecture.asp, Windows Mobile Version 5.0 SDK, MSDN Home

[9] Stuart.Preston, “Enable RAPI and user provided certificates”, I-mate SP5 Smartphone, http://blogs.conchango.com/stuartpreston/archive/2005/11/10/2376.aspx, November 10, 2005

[10] “Security Policies”,

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/mobilesdk5/html/wce51conSe curityPolicies.asp, Windows Mobile Version 5.0 SDK, February 1,2006

[11]”Registry Functions”,

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcedata5/html/wce50grfregistr yfunctions339.asp, Platform Builder for Microsoft Windows CE 5.0, September 14, 2005

[12]Vicky_vigia, Microsoft ActiveSync, ”Getting Download Failed Message”, MSDN Forums/Smart Device Development/Device Emulator General, 26 Jan 2006 UTC

[13] “Windows Mobile Programming”,

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/devguidesp/html/sp_conwinm obile_programming.asp, SDK Documentation for Windows Mobile-Based Smartphones, April

22, 2005

[14] Moo_Ski_Doo, “Want to get Started Smartphone programming”,

http://www.modaco.com/index.php?showtopic=103221&hl=smartphone+camera, from Nottingham, UK, Feb 28, 2004

在文檔中 使用無線感測網路對行動裝置功能實施抑制行為之研究 (頁 25-0)