Home » Motorola Manuals » Handheld Devices » Motorola MC3090G » Manual Viewer

Motorola MC3090G Integration Guide - Page 112

Locking Down a Mobile Computer, Trust Certificate Store.

Add to My Manuals
Save this manual to your list of manuals

Page 112 highlights

5 - 2 MC3000 Integrator Guide certificate, they are assured that the package is authentic and that it was created by Motorola. By enforcing the use of digital signatures, users can also prevent malicious applications from executing on the MC3000. For example, users can provision the MC3000 to only execute "trusted" applications (digitally signed). Motorola ships all Windows Mobile 6.1 based products in an "open" state, which means all signed and unsigned applications should work. However, customers can still reconfigure their MC3000s to operate in the "trusted" mode. This means that only applications signed with a certificate from the Privileged Execution Trust Certificate Store can run. To support the broadest number of deployments, third-party software developers should perform the following when releasing software for a Windows Mobile 6.1 devices: • Sign all their EXEs & DLLs with their private key • Provide the corresponding public certificate to end-users so that it can be installed into Privileged Execution Trust Certificate Store. If the software is installed via a .CAB file, developer should also: • Sign the .CAB file with their private key • Provide the corresponding public certificate to end-users so that it can be installed into SPC Certificate Store. Locking Down a Mobile Computer Like most configuration options in Windows Mobile 6.1, security settings are set via XML provisioning. For example, to enforce the "trusted" model and only allow applications signed with a privileged certificate to run, use the following provisioning document: For more information on various security options, refer to the Security Policy Settings topic in the latest Windows Mobile documentation.

Section	Page
Patents	4
Revision History	5
Table of Contents	7
About This Guide	13
Introduction	13
Documentation Set	13
Configurations	14
Software Versions	14
Chapter Descriptions	17
Notational Conventions	17
Related Documents and Software	18
Service Information	18
Getting Started	21
Introduction	21
Unpacking the Mobile Computer	21
Accessories	22
Parts	23
Mobile Computer Startup	26
Install Main Battery	26
Battery Charging	28
Spare Battery Charging	29
Stylus	29
Starting the Mobile Computer	30
Calibration Screen	30
Resetting the Mobile Computer	31
Windows CE Devices	31
Performing a Warm Boot	31
Performing a Cold Boot	32
Windows Mobile 6.1 Devices	32
Performing a Warm Boot	32
Performing a Cold Boot	32
Waking the Mobile Computer	33
Main Battery Removal	33
Strap/Door Assembly Removal and Replacement	35
Strap/Door Assembly Removal and Replacement (MC3090G)	36
File System Directory Structure	37
Flash Storage	37
Launching Applications	38
Accessories	39
Introduction	39
Cradles	39
Spare Battery Chargers	39
Cables	39
SD Card	39
Single Slot Serial/USB Cradle	40
Setup	41
Battery Charging	41
LED Charge Indications	42
Communication Setup	43
Four Slot Charge Only Cradle	44
Setup	44
Battery Charging	44
Power LED	45
LED Charge Indications	45
Four Slot Ethernet Cradle	46
Setup	46
Ethernet Cradle Drivers (Windows CE 5.0)	46
Ethernet Cradle Drivers (Windows Mobile 6.1)	47
Charging and Communication	48
LED Charge Indications	49
Speed LED	49
Link LED	49
Daisychaining Ethernet Cradles	49
Bandwidth Considerations when Daisychaining	49
Wall Mount Bracket	51
Four Slot Spare Battery Charger	54
Setup	54
Spare Battery Charging	54
LED Charge Indications	55
Cables	56
Setup	57
Battery Charging	57
LED Charge Indications	57
Communication Setup	57
Universal Battery Charger (UBC) Adapter	58
Setup	58
Spare Battery Charging	58
UBC Adapter LED Charge Indications	59
Secure Device Card (Windows CE 5.0 Only)	61
Copy Files onto the SD Card	62
Delete a File From The SD Card	63
Format an SD Card	63
Serial/USB Communication	68
Installing Serial/USB Communication Software	68
Communication Setup	68
Serial Communication Setup	68
Setting Up a Connection on the Mobile Computer (Windows Mobile 6.1)	68
Setting Up a Serial Connection on the Mobile Computer (Windows CE 5.0)	70
USB Connection Setup	72
Cradle/Cable Setup	74
USB Host Communication Setup	75
ActiveSync	77
Introduction	77
Installing ActiveSync	77
Mobile Computer Setup	78
Setting Up an ActiveSync Connection on the Host Computer	79
Setting up a Partnership with a Windows CE 5.0 Device	80
Synchronization with a Windows Mobile 6.1 Device	82
Application Deployment for Windows CE 5.0	85
Software Installation on Development PC	85
Required System Configurations	85
Device Configuration Package	86
Components	86
Platform SDK	87
EMDK for C	87
Components	88
Installing Other Development Software	89
Software Updates	89
Deployment	89
ActiveSync	89
Copying Files	89
Adding Programs	91
Adding a Program from the Internet	91
IPL	91
Provisioning	91
SD Card (Windows CE 5.0 Only)	92
Creating and Loading Hex Images	92
Starting Terminal Configuration Manager	92
Defining Script Properties	94
Creating the Script for the Hex Image	96
Opening a New or Existing Script	96
Updating TCM 1.X Scripts	96
Copying Components to the Script	96
Saving the Script	96
Building the Image	97
Sending the Hex Image	97
TCM Error Messages	102
IPL Error Detection	103
Creating a Splash Screen	105
Splash Screen Format	106
Flash Storage	106
FFS Partitions	106
Working with FFS Partitions	106
RegMerge.dll	107
CopyFiles	107
Non-FFS Partitions	108
Downloading Partitions to the Mobile Computer	108
IPL	108
Partition Update vs. File Update	108
Upgrade Requirements	108
Application Deployment for Windows Mobile 6.1	111
Introduction	111
Application Design Considerations	111
Security	111
Application Security	111
Digital Signatures	111
Locking Down a Mobile Computer	112
Installing Certificates	113
Device Management Security	113
Remote API Security	113
Packaging	114
Deployment	114
Installation Using ActiveSync	114
Installation Using AirBEAM	114
MSP 3.X	114
Image Update	115
Creating a Splash Screen	115
XML Provisioning	116
Creating an XML Provisioning File	116
XML Provisioning vs. RegMerge and Copy File	117
RegMerge	117
CopyFiles	117
Storage	118
Random Access Memory	118
Volatile File Storage (Cache Disk)	118
Persistent Storage	119
Application Folder	119
Symbol Configuration Manager	119
File Types	119
User Interface	119
Menu Functions	120
Parameter State Indicators	121
Window Status Bar	121
File Deployment	121
Enterprise Mobility Developer Kits	122
Wireless Applications	123
Introduction	123
Signal Strength Icon	124
Turning Off the Radio	125
On Device with Windows CE 5.0 (OEM Version 01.15 or lower)	125
On Device with Windows CE 5.0 (OEM Version 01.16 or higher)	125
Bluetooth Radio	125
On Device with Windows Mobile 6.1	126
Find WLANs Application	127
Profile Editor Wizard	128
Profile ID	128
Operating Mode	129
Ad-Hoc	131
Authentication	131
Tunneled Authentication	132
User Certificate Selection	134
User Certificate Installation	134
Server Certificate Selection	135
Credential Cache Options	136
User Name	138
Password	139
Advanced Identity	139
Encryption	140
Key Entry Page	142
Passkey Dialog	142
IP Mode	143
IP Address Entry	143
Transmit Power	145
Battery Usage	146
Manage Profiles Application	147
Changing Profiles	148
Editing a Profile	148
Creating a New Profile	148
Deleting a Profile	149
Ordering Profiles	149
Export a Profile	149
Wireless Status Application	149
Signal Strength Window	150
Current Profile Window	152
IPv4 Status Window	153
Wireless Log Window	154
Saving a Log	154
Clear the Log	155
Versions Window	155
Wireless Diagnostics Application	156
ICMP Ping Window	156
Trace Route Window	157
Known APs Window	158
Options	159
Operating Mode Filtering	159
Regulatory Options	159
Band Selection	160
System Options	160
Change Password Dialog Box	161
Export	162
Cold Boot Persistence	163
Login, Log Off Application	164
User Already Logged In	164
No User Logged In	164
Staging and Provisioning	167
Introduction	167
Staging	167
RD Client Version 1.9.0	167
Scanning RD Bar Codes	168
RD Client Version 3.28 and above	170
Bar Code Scanning	170
On-Demand Staging	172
ActiveSync Connection Mode	172
Ethernet Cradle Connection Mode	172
Already existing IP Connection Mode	173
Well-known WLAN Connection Mode	173
RD Client Main Menu	175
Client Info	175
Log Menu	176
View Log	176
View Job Log	177
Set Log Level	177
Set Job Log Level	177
Package List	178
Provisioning	179
MSP Agent	179
MSP Agent Main Menu	179
Monitor Processing	180
Force Check-In	180
Package List	181
Client Info	181
Log Menu	182
View Log	182
View Job Log	183
Set Log Level	183
Set Job Log Level	184
Hide UI	184
AirBEAM Smart Client	186
AirBEAM Package Builder	186
AirBEAM Smart Client	186
AirBEAM License	186
Configuring the AirBEAM Smart Client	186
Packages(1) Tab	187
Packages(2) Tab	188
Server Tab	188
Misc(1) Tab	189
Misc(2) Tab	190
Misc(3) Tab	191
Misc(4) Tab	192
Synchronizing with the Server	193
Manual Synchronization	193
Automatic Synchronization	194
Maintenance & Troubleshooting	195
Introduction	195
Maintaining the Mobile Computer	195
Battery Safety Guidelines	195
Troubleshooting	196
Mobile Computer	196
Single Slot Serial/USB Cradle	198
Four Slot Charge Only Cradle	199
Four Slot Ethernet Cradle	200
Four Slot Spare Battery Charger	200
UBC Adapter	201
Cables	202
Technical Specifications	203
Mobile Computer and Accessory Technical Specifications	203
Mobile Computer Pin-Outs	206
Laser Decode Ranges	208
Imager Decode Ranges	210
Internet Explorer Kiosk Mode	213

Match case Limit results 1 per page

5 - 2

MC3000 Integrator Guide

certificate, they are assured that the package is authentic and that it was created by Motorola. By enforcing the use

of digital signatures, users can also prevent malicious applications from executing on the MC3000. For example,

users can provision the MC3000 to only execute “trusted” applications (digitally signed).

Motorola ships all Windows Mobile 6.1 based products in an “open” state, which means all signed and unsigned

applications should work. However, customers can still reconfigure their MC3000s to operate in the “trusted” mode.

This means that only applications signed with a certificate from the Privileged Execution Trust Certificate Store can

run.

To support the broadest number of deployments, third-party software developers should perform the following

when releasing software for a Windows Mobile 6.1 devices:

•

Sign all their EXEs & DLLs with their private key

•

Provide the corresponding public certificate to end-users so that it can be installed into Privileged Execution

Trust Certificate Store.

If the software is installed via a .CAB file, developer should also:

•

Sign the .CAB file with their private key

•

Provide the corresponding public certificate to end-users so that it can be installed into SPC Certificate Store.

Locking Down a Mobile Computer

Like most configuration options in Windows Mobile 6.1, security settings are set via XML provisioning. For

example, to enforce the “trusted” model and only allow applications signed with a privileged certificate to run, use

the following provisioning document:

<wap-provisioningdoc>

</characteristic>

</wap-provisioningdoc>

For more information on various security options, refer to the Security Policy Settings topic in the latest Windows

Mobile documentation.