Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft provides the Windows Mobile software and Microsoft applications such as Word Mobile, Excel Mobile, and Outlook Mobile. As a platform software vendor and an application software vendor, Microsoft also operates a PKI hierarchy for code signing.
As the platform software vendor, Microsoft is similar to the OEM and operator with the following differences:
- Microsoft does not create the final run-time image for the devices, therefore Microsoft does not sign applications from third parties and ship them in the platform.
- Most of the platform software are installed in the firmware before the devices reach the user.
- Patches and upgrades are shipped by the OEM or operator.
For cases when a patch or a service pack may require a signed package, Microsoft operates two certificate authorities roots. These certificates must be in the Windows Mobile-based devices for the patch or service pack to run on the devices. The following table shows the Windows Mobile software PKI hierarchy.
| Certificate | Included in the device? |
|---|---|
| Windows Mobile-based Device Privileged Component PCA | Yes
Included in the Privileged Certificate Store. Included in the SPC with role mask = 222. |
| Windows Mobile-based Device PCA | Yes
Included in the Unprivileged Certificate Store. Included in the SPC with role mask = 16. |
Send Feedback on this topic to the authors