Basic Communication Procedures
Nur für den internen Gebrauch
A31003-S2000-R102-16-7620 02/2016
62
Provisioning Service, Developer’s Guide
c03.fm
Provisioning Service Driven Interaction
3.6.10
Secure Mode and Bootstrapping
Workpoint Interface supports Secure Mode, where mutual authentication based on individual
digital signatures takes place. The mode without mutual authentication is called Default Mode.
Bootstrapping means the interface security between device and provisioning service is raised
from Default Mode to Secure Mode. The bootstrapping process is initiated by the provisioning
service with sending the writeItems message containing the XML item 'goto-secure-mode'.
There is no other message exchanged between provisioning service and device that contains
this item.
There are two alternatives defined for bootstrapping, with PIN and without PIN.
For bootstrapping the provisioning service has to provide
– its individual client certificate, including private key
– the CA certificate(s), the provisioning server is signed with
– the port number where to contact provisioning service in Secure Mode
– the PIN which the user has to enter at the device in case the bootstrapping is protected by
PIN
In case of bootstrapping with PIN the data above are packed, encrypted and Base64-encoded.
To decrypt the data the device has to prompt the user to enter a PIN.
>
When the phone is in a call, it will not accept a
WriteItems
action. Instead, it will
reply with a message stating it is in
busy
status. Example:
<WorkpointMessage xsi:schemaLocation="http://www.siemens.com/
DLS" xmlns="http://www.siemens.com/DLS" xmlns:xsi="http://
www.w3.org/2001/XMLSchema-instance">
<Message nonce="957AE6C2E40C0E916B7CD5636480F171" max-
Items="-1" fragment="final">
<ReasonForContact status="busy" action="WriteItems">
reply-to</ReasonForContact>
</Message>
</WorkpointMessage>
When the provisioning service sends a CleanUp with a ’send-solicited’ item, the
phones reaction will be to schedule an automatic solicited connection to the provi-
sioning service when the busy condition is cleared (>=V3R3). See also Section
3.7.3, "Contact-Me during Busy State"
When sending a CleanUp without a ’send-solicited’ item, the phone will not inform
the provisioning service when it has returned to idle state, so the provisioning service
will have to resend the request periodically.