 
Security Model
For Windows Mobile 5.0 and Windows Mobile 6
Date February 2007
Applies to: Windows Mobile Version 5.0
Windows Mobile 6
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2007 Microsoft Corporation. All rights reserved.
Microsoft, ActiveSync, Authenticode, Outlook, Windows, Windows Mobile are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Table of Contents
Table of Contents 3
Security Model 1
Naming Conventions 1
Protection Against Threats and Risks 1
Permissions 4
Security Configuration 4
Security and CAB Signing 7
Executables and DLL Signing 7
Other Resources 7
Security Policies for Windows Mobile 5.0 and Windows Mobile 6 9
Protecting Devices with Security Policies 9
Security Roles for Windows Mobile 5.0 and Windows Mobile 6 15
Additional Security Settings 19
Device Wipe 19
Local Wipe 19
Remote Wipe 20
Lock a Device 20
Authentication with LASS and LAP 20
Enhanced PIN Strength 21
Password/PIN Expiration 21
User PIN Reset 22
Password History 23
Certificates for Windows Mobile 5.0 and Windows Mobile 6 25
Certificates Shipped on Windows Mobile Powered Devices 25
Certificate Stores 26
Adding Certificates to Windows Mobile Powered Devices 28
Installing Certificates on a Windows Mobile 5.0-based Device 28
Installing Certificates on a Windows Mobile 6 Powered Device 30
Certificate Chains 31
Certificate-based Authentication 31
Managing Certificates with the CertificateEnroller Configuration Service Provider 32
Using Desktop Enrollment 32
Revoking a Certificate for a Signed Application 33
Security Services for Windows Mobile 5.0 and Windows Mobile 6 34
Cryptographic Services and FIPS Compliance in Windows Mobile 5.0 and Windows Mobile 6 37
This page left intentionally blank
| 