Enabling OTA Bootstrapping
Before shipping, your OEM must update the following policies for the device to support OTA bootstrapping:
Add the OPERATOR role to Grant Manager policy (4119).
Add the SECROLE_ANY_PUSH_SOURCE role to the OMA CP User Network PIN Policy (4143).
These changes will enable the device to accept messages sent over the air by way of WAP. To bootstrap a device OTA, do the following:
If necessary, you can provision the device with this setting after manufacture as described in How to Change Security Policies. The following example shows how to change those policies.
<characteristic type="SecurityPolicy"> <parm name="4119" value="132"/> <parm name="4143" value="7296"/> </characteristic>
After deployment, send a WAP OTA bootstrap message to set the Provisioning Server address along with other corresponding data connectivity settings, and change the security settings by removing roles from the 4119 and 4143 policies. The bootstrap message must be signed with a user PIN and network PIN.
The following example shows how to change those policies.
<characteristic type="SecurityPolicy"> <parm name="4119" value="128"/> <parm name="4143" value="3200"/> </characteristic>
After the device has been configured with the Provisioning Server and related settings, you must then ensure that OTA messages can only be received from the Provisioning Server.
One provisioning XML file typically contains configuration information for multiple configuration service providers. To use this example, you must replace the values as appropriate, and add the node as a child of the OMA Client Provisioning file. For information about the syntax of this file, see OMA Client Provisioning Files. For examples, see OMA Client Provisioning XML File Examples.