1. Manuals
  2. Brands
  3. Unify Manuals
  4. IP Phone
  5. OpenStage
  6. Developer's manual

Secure Mode And Bootstrapping - Unify OpenStage Developer's Manual

Provisioning interface
Hide thumbs
Table of Contents

Advertisement

c03.fm
Basic Communication Procedures
Provisioning Service Driven Interaction
3.6.10

Secure Mode and Bootstrapping

Workpoint Interface supports Secure Mode, where mutual authentication based on individual
digital signatures takes place. The mode without mutual authentication is called Default Mode.
Bootstrapping means the interface security between device and provisioning service is raised
from Default Mode to Secure Mode. The bootstrapping process is initiated by the provisioning
service with sending the writeItems message containing the XML item 'goto-secure-mode'.
There is no other message exchanged between provisioning service and device that contains
this item.
There are two alternatives defined for bootstrapping, with PIN and without PIN.
For bootstrapping the provisioning service has to provide
– its individual client certificate, including private key
– the CA certificate(s), the provisioning server is signed with
– the port number where to contact provisioning service in Secure Mode
– the PIN which the user has to enter at the device in case the bootstrapping is protected by
PIN
In case of bootstrapping with PIN the data above are packed, encrypted and Base64-encoded.
To decrypt the data the device has to prompt the user to enter a PIN.
When the phone is in a call, it will not accept a WriteItems action. Instead, it will
>
reply with a message stating it is in busy status. Example:
<WorkpointMessage xsi:schemaLocation="http://www.siemens.com/
DLS" xmlns="http://www.siemens.com/DLS" xmlns:xsi="http://
www.w3.org/2001/XMLSchema-instance">
<Message nonce="957AE6C2E40C0E916B7CD5636480F171" max-
Items="-1" fragment="final">
<ReasonForContact status="busy" action="WriteItems">
reply-to</ReasonForContact>
</Message>
</WorkpointMessage>
When the provisioning service sends a CleanUp with a 'send-solicited' item, the
phones reaction will be to schedule an automatic solicited connection to the provi-
sioning service when the busy condition is cleared (>=V3R3). See also Section
3.7.3, "Contact-Me during Busy State"
When sending a CleanUp without a 'send-solicited' item, the phone will not inform
the provisioning service when it has returned to idle state, so the provisioning service
will have to resend the request periodically.
62
Nur für den internen Gebrauch
A31003-S2000-R102-16-7620 02/2016
Provisioning Service, Developer's Guide

Advertisement

Table of Contents
loading

Related Manuals for Unify OpenStage

Related Content for Unify OpenStage

This manual is also suitable for:

Openscape

Table of Contents