Jump to content

How to get a privileged certificate from Orange ?

Guest The PocketTV Team

By Guest The PocketTV Team
in Smartphone General Discussion

 Share

Recommended Posts

Guest The PocketTV Team

Guest The PocketTV Team

Posted
Posted

What is the procedure for getting a privileged certificate from Orange ?

We need a privileged certificate in order to access some privileged API on the Smartphone (e.g. the API to access the device unique ID, which allows a better copy protection system).

Mr Orange, can you please provide instructions to Smartphone developers for obtaining a privileged certificate from Orange ?

Thanks.

Guest Monolithix [MVP]

Guest Monolithix [MVP]

Posted
Posted

I'm pretty sure Orange won't do that, full stop. They own exclusive rights to the only priv cert on the handset and any 3rd party signings are passed straight on to Verisign and Baltimore for unprivilidged signing.

The 3 companies (Orange/Baltimore/Verisign) are totally obsessed with liability, and as good as your reputation may or may not be none of them are willing to risk signing an app that could potencially damage the network or customer relations.

Guest Maverick

Guest Maverick

Posted
Posted

The Privilaged certs are locked away in the Tower of London alongside the Kohinoor ;-)

Guest Will

Guest Will

Posted
Posted

From the small but perfectly formed forum on http://developers.orange.com (see the discussion forum, under securtity)

SNIP!

As for acquiring a privileged certificate - that is done on a case by case basis. Since an application signed with a privileged certificate can do just about anything on the SPV, access to these certificates is very closely controlled.

If you are thinking of doing a product that needs privileged access to the SPV, then please contact me, and I can get get you in touch with the appropriate people inside Orange.

Sincerely,

John Wolfe

__________________

John Wolfe

[email protected]

So there you have the answer I think? or have you already tried this route

Guest The PocketTV Team

Guest The PocketTV Team

Posted
Posted

Yes.

The problem applications need to have a privileged certificate in order to do simple things (that should not require privileges), such as:

- determining the processor type (i.e. Xscale vs StrongARM)

- accessing the device unique ID.

etc.

On Pocket PC, all applications can access those informations, but on Smartphone (2002 and 2003), you need privileges for those, unfortunately...

And you need a privileged cert from each operator, i.e. that's a big pain for developers.

MS needs to change that, i.e.:

1) make it easier to get one privileged cert that will work on all Smartphones

and/or

2) Change the OS so that innocuous operations (i.e. that cannot cause any security problem) do not need privileges.

Guest spacemonkey

Guest spacemonkey

Posted
Posted

Strange, you start a thread which is discussing "How to get a privileged certificate from Orange", but then it turns out that you allready know that getting such a certificate will be really hard.

And, here we go, we're back to your usual soap box about microsofts design of the privileged/non privileged system.

Maybe a more honest thread would be one with a title "Why does microsoft not allow unprivileged applications access to uniqueid".

As to copy protection, what some applications have done is use the Owner Information-Name as a basis for registration keys. This seems quite sensible to me, as most people will be unlikely to want to put "haxor579" in owner information just to pirate software, and besides bad keys for different software would all require different Owner names.

Guest The PocketTV Team

Guest The PocketTV Team

Posted
Posted

> Strange, you start a thread which is discussing "How to get a privileged certificate from Orange", but then it turns out that you allready know that getting such a certificate will be really hard.

Not strange: We do want a privileged certificate from Orange, and until now we did not have a contact there. Now we can ask Mr Orange.

> Maybe a more honest thread would be one with a title "Why does microsoft not allow unprivileged applications access to uniqueid".

Because they did not think. We already know that. They told us that this was a result of a "blanket decision" covering all the KernelIOCtrl calls. Now until they fix the problem (in Smartphone 2004?), we need all those certificates from all the operators, so we'll ask each operator for one.

> As to copy protection, what some applications have done is use the Owner Information-Name as a basis for registration keys.

We have used that in the past, it did not work very well. People change the spelling of their name (e.g. add a middle-name initial) or they change their email, then their key stops working and they ask for support/help. Not a good solution. But if you publish software, it may be good enough for you. It depends on the volume that you have and the type of support that you provide.

Guest Gorskar

Guest Gorskar

Posted
Posted

And for determining the processor type would it be so terrible to have a user selectable option? - It can be found in settings/about if the user doesnt know.

I admit this is annoying, but until they fix these mistakes it seems the only thing to do, apart from get a privaleged certificate from each and every operator, which would require a lot of effort and expense.

NB If you are using the deviceID as copy protection what happens when someone upgrades their phone?

Guest The PocketTV Team

Guest The PocketTV Team

Posted
Posted
And for determining the processor type would it be so terrible to have a user selectable option? - It can be found in settings/about if the user doesnt know.

I admit this is annoying, but until they fix these mistakes it seems the only thing to do, apart from get a privaleged certificate from each and every operator, which would require a lot of effort and expense.

NB If you are using the deviceID as copy protection what happens when someone upgrades their phone?

A User-selectable option is not a good solution, and if you pick Xscale while your processor is not Xscale-compatible, you will crash the system (i.e. if your application attempts to execute optimized Xscale-only instructions).

A better work-around solution is to determine the model of device from the OEM info string and guess the type of processor this way.

Regarding the DeviceID: This ID is embeded in the hardware (not in the ROM), so it does not change when you upgrade the firmware on your device. It is different for each device.

Guest spacemonkey

Guest spacemonkey

Posted
Posted

I thought Gorskar was refering to an actual physical upgrade. Ie. I have an SPV now, and buy PocketTV, then I get myself a new e100. Surely I am legally entitled to put my licensed copy of PocketTV onto my new handset, but if you base your copy protection on DeviceID (for convenience) are you saying I'd need to buy a new copy?

Remember, phones are a bit different from PDA's, if I bought a PDA I'd expect to have it for a few years, where as I expect to upgrade my phone every single year.

Regarding the DeviceID: This ID is embeded in the hardware (not in the ROM), so it does not change when you upgrade the firmware on your device.  It is different for each device.
Guest The PocketTV Team

Guest The PocketTV Team

Posted
Posted

No, you can get a new key for your new device if you have your TransactionID (i.e. proof of purchase).

But the key is based on the Devide Unique ID, so you can do a hard-reset, then re-install the applications, and you do not need a new key, the old key will work.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept