OTA and TPS role

[Frank Henningsen]

hi,

Im trying to obtain the Trusted Provisioning Server (TPS) role by
sending a NetwPin signed Wap Push message to a WM6 terminal (HTC
S710), but no matter what i set the 4104 (TPS) policy to, the terminal
always obtains the OPERATOR role. I dont understand why the 4104 (TPS)
policy gets ignored, no matter what value i give (0 or 1).

I have bootstraped the terminal with the following provisioning
document
<wap-provisioningdoc>
<characteristic type="BOOTSTRAP">
<parm name="PROVURL" value="http://my-tps-adress.dk/"/>
</characteristic>

<characteristic type="SecurityPolicy">
<parm name="4104" value="1"/> <!-- TPS carrier allowed -->
<parm name="4105" value="3"/> <!-- Retry count -->
<parm name="4111" value="128"/> <!-- OTA provisioning -->
<parm name="4113" value="1"/> <!-- WSP notif allowed -->
<parm name="4119" value="128"/> <!-- Grant Mgr -->
<parm name="4141" value="4096"/> <!-- ANY_PUSH_SOURCE -->
</characteristic>
</wap-provisioningdoc>

The X-Wap-Initiator-Uri parameter in the NetwPin signed Wap push
message is also given the value http://my-tps-adress.dk/, so i
expected that the terminal would identify the wap push message as the
TPS role, but no.

Has anyone obtained the TPS role succesfully? What am i doing wrong ?

best regards
Frank Henningsen

[Frank Henningsen]

Today ive tried to obtain the TPS role on a WM5 terminal (HTC S620)
but with the exact same result, and im still not able to obtain the
TPS role.

Ive tried to use both USERPIN and NETWPIN to as authentication method,
but i always obtain either the OPERATOR role for NETWPIN or the
USER_AUTH for USERPIN authentication.

How am i supposed to obtain the TPS role? Is it only possible by using
USERNETWPIN ?

best regards
Frank Henningsen

On 9 Okt., 09:41, Frank Henningsen <fhxs...@gmail.com> wrote:
> hi,
>
> Im trying to obtain the Trusted Provisioning Server (TPS) role by
> sending a NetwPin signed Wap Push message to a WM6 terminal (HTC
> S710), but no matter what i set the 4104 (TPS) policy to, the terminal
> always obtains the OPERATOR role. I dont understand why the 4104 (TPS)
> policy gets ignored, no matter what value i give (0 or 1).
>
> I have bootstraped the terminal with the following provisioning
> document
> <wap-provisioningdoc>
> <characteristic type="BOOTSTRAP">
> <parm name="PROVURL" value="http://my-tps-adress.dk/"/>
> </characteristic>
>
> <characteristic type="SecurityPolicy">
> <parm name="4104" value="1"/> <!-- TPS carrier allowed -->
> <parm name="4105" value="3"/> <!-- Retry count -->
> <parm name="4111" value="128"/> <!-- OTA provisioning -->
> <parm name="4113" value="1"/> <!-- WSP notif allowed -->
> <parm name="4119" value="128"/> <!-- Grant Mgr -->
> <parm name="4141" value="4096"/> <!-- ANY_PUSH_SOURCE -->
> </characteristic>
> </wap-provisioningdoc>
>
> The X-Wap-Initiator-Uri parameter in the NetwPin signed Wap push

> message is also given the valuehttp://my-tps-adress.dk/, so i

[Frank Henningsen]

yesterday i tried to send a USERNETWPIN encoded WAP push message to my
WM terminal, but this did not change anything, and im still not able

to obtain the TPS role.

I also tried to follow the guidelines from "Bootstrapping with Basic
Data Connection Information and Setting TPS for Continuous
Provisioning" at http://msdn2.microsoft.com/en-us/library/aa458944.aspx,
and have tried to add a trusted PPG and TPS with the following

provisioning document:
<wap-provisioningdoc>
<characteristic type="BOOTSTRAP">
<parm name="PROVURL" value="http://my-tps-adress.dk/" />
</characteristic>

<!-- Provide a trusted WAP push gateway's SMS address -->
<characteristic type="PXLOGICAL">
<parm name="NAME" value="WAP Push Gateway"/>
<parm name="PROXY-ID" value="PPG_PX"/>
<parm name="TRUST"/>
<characteristic type="PXPHYSICAL">
<parm name="PHYSICAL-PROXY-ID" value="Push Gateway 1"/>
<parm name="PXADDR" value="21070000"/>
<parm name="PXADDRTYPE" value="E164"/>
<parm name="PUSHENABLED" value="1"/>
<parm name="TO-NAPID" value="SMS NAP"/>
</characteristic>
</characteristic>

<!--Provide the NAPDEF for the PPG. This will be ignored by the
device
though because default SMSC number stored in SIM card will be used
for all incoming SMS messages. -->
<characteristic type="NAPDEF">
<parm name="NAPID" value="SMS NAP"/>
<parm name="NAME" value="SMS Connection"/>
<parm name="NAP-ADDRESS" value="21070000"/>
<parm name="BEARER" value="GSM-SMS"/>
</characteristic>

</wap-provisioningdoc>

But im still not able to obtain the TPS role. Does anyone know how to
obtain this TPS role, there is so much documentation about the TPS
role, so why doesnt it work?

best regards
Frank Henningsen

> > <parm name="4111" value="128"/> <!--OTAprovisioning -->

[Frank Henningsen]

ill reply to my own post to show some progres here.

A great description of the OTA proces on WM terminals can be found
under Effect of "Device Management Policies on the OTA Process" -
http://msdn2.microsoft.com/en-us/library/aa458967.aspx
which describes how security roles are obtained on WM terminals. But
the article fails to explain how the TPS role is obtained, so its
still a mystery to me how to optain the TPS role.

Can it be that im the first in the world to try and obtain the TPS
role, i hope not.

BTW: ive started another thread on the PocketPC dev group also =>
http://groups.google.com/group/microsoft.public.pocketpc.developer/browse_frm/thread/52b147ed2ebdbc31

best regards
Frank Henningsen

On 12 Okt., 14:24, Frank Henningsen <fhxs...@gmail.com> wrote:
> yesterday i tried to send a USERNETWPIN encoded WAP push message to my
> WM terminal, but this did not change anything, and im still not able
> to obtain theTPSrole.
>
> I also tried to follow the guidelines from "Bootstrapping with Basic
> Data Connection Information and SettingTPSfor Continuous

> Provisioning" athttp://msdn2.microsoft.com/en-us/library/aa458944.aspx,
> and have tried to add a trusted PPG andTPSwith the following

> But im still not able to obtain theTPSrole. Does anyone know how to
> obtain thisTPSrole, there is so much documentation about theTPS

> role, so why doesnt it work?
>
> best regards
> Frank Henningsen
>
> On 10 Okt., 17:20, Frank Henningsen <fhxs...@gmail.com> wrote:
>

> > Today ive tried to obtain theTPSrole on a WM5 terminal (HTC S620)

> > but with the exact same result, and im still not able to obtain the
> >TPSrole.
>
> > Ive tried to use both USERPIN and NETWPIN to as authentication method,
> > but i always obtain either the OPERATOR role for NETWPIN or the
> > USER_AUTH for USERPIN authentication.
>

> > How am i supposed to obtain theTPSrole? Is it only possible by using

> > USERNETWPIN ?
>
> > best regards
> > Frank Henningsen
>
> > On 9 Okt., 09:41, Frank Henningsen <fhxs...@gmail.com> wrote:
>
> > > hi,
>
> > > Im trying to obtain the Trusted Provisioning Server (TPS) role by
> > > sending a NetwPin signed Wap Push message to a WM6 terminal (HTC
> > > S710), but no matter what i set the 4104 (TPS) policy to, the terminal
> > > always obtains the OPERATOR role. I dont understand why the 4104 (TPS)
> > > policy gets ignored, no matter what value i give (0 or 1).
>
> > > I have bootstraped the terminal with the following provisioning
> > > document
> > > <wap-provisioningdoc>
> > > <characteristic type="BOOTSTRAP">
> > > <parm name="PROVURL" value="http://my-tps-adress.dk/"/>
> > > </characteristic>
>
> > > <characteristic type="SecurityPolicy">

> > > <parm name="4104" value="1"/> <!--TPScarrier allowed -->

> > > <parm name="4105" value="3"/> <!-- Retry count -->
> > > <parm name="4111" value="128"/> <!--OTAprovisioning -->
> > > <parm name="4113" value="1"/> <!-- WSP notif allowed -->
> > > <parm name="4119" value="128"/> <!-- Grant Mgr -->
> > > <parm name="4141" value="4096"/> <!-- ANY_PUSH_SOURCE -->
> > > </characteristic>
> > > </wap-provisioningdoc>
>
> > > The X-Wap-Initiator-Uri parameter in the NetwPin signed Wap push
> > > message is also given the valuehttp://my-tps-adress.dk/, so i
> > > expected that the terminal would identify the wap push message as the

> > >TPSrole, but no.
>
> > > Has anyone obtained theTPSrole succesfully? What am i doing wrong ?
>
> > > best regards
> > > Frank Henningsen

[Frank Henningsen]

Hurra!!!

I finally managed to obtain the TPS role by sending a NetwPin signed
WAP push message with the Push-Flag parameter (defined in WAP-189-
PushOTA-20000217-a ch 9.1.3) set to 1 (Initiator URI is
authenticated). I dont understand why no one was able to help me, but
i guess there are no WAP experts at microsoft. Thanks for nothing!

/Frank Henningsen

On 15 Okt., 11:43, Frank Henningsen <fhxs...@gmail.com> wrote:
> ill reply to my own post to show some progres here.
>
> A great description of the OTA proces on WM terminals can be found

> under Effect of "Device Management Policies on the OTA Process" -http://msdn2.microsoft.com/en-us/library/aa458967.aspx

> which describes how security roles are obtained on WM terminals. But

> the article fails to explain how theTPSrole is obtained, so its

> still a mystery to me how to optain theTPSrole.
>
> Can it be that im the first in the world to try and obtain theTPS
> role, i hope not.
>

> BTW: ive started another thread on the PocketPC dev group also =>http://groups.google.com/group/microsoft.public.pocketpc.developer/br...

[Frank Henningsen]

On 16 Okt., 15:42, Frank Henningsen <fhxs...@gmail.com> wrote:
> Hurra!!!
>

> I finally managed to obtain theTPSrole by sending a NetwPin signed

I found some more information about the Push-flag in the MSDN article
about OMA Client Provisioning Device Management =>
http://msdn2.microsoft.com/en-us/library/ms890748.aspx

"If supporting OTA continuous provisioning over a WAP push, the WAP
push gateway must authenticate the push initiator (OMA Client
Provisioning Server). The WAP push gateway must also set the
authentication flag in the Push-Flag header that is sent to the device
in the push message"