Device management refers to technologies that allow authorised third parties, typically an enterprise or a network operator, to remotely configure and manage an end user's device. There are a number of well established use cases, including provisioning of application and connection settings, remotely locking and wiping the device, and updating the device's firmware. One of the original use cases for device management on mobile phones was over the air provisioning, or OTA provisioning for short. Devices ship with pre-installed applications that provide users with access to various services, such as the Internet, the ability to send MMS messages, the ability to backup and restore their devices, etc. These applications require operator specific settings to work, e.g., the address of the operator’s MMS service centre. Provisioning is the name given to the process by which devices are provided with the settings they need to function in their host network.
Device settings could of course be burnt onto the device at factory time, but this only works if the device is locked to a specific operator in a specific geography, and the operator settings do not change over time. In addition, factory provisioning cannot be used for account based settings, such as email accounts, that differ from one user to another. For these reasons, the mobile phone industry has developed some standards that allow settings to be provisioned Over The Air (OTA) after the device has left the factory. The Open Mobile Alliance (OMA) maintains two standards that can be used to provision settings over the air. These are OMA Client Provisioning (OMA CP) and OMA Device Management (OMA DM). The CPClient, implements the first of these standards, OMA CP.
OMA Client Provisioning
OMA Client Provisioning can be used to provision a range of application types, such as browser, SyncML, IMPS, MMS, AGPS, and email. OMA CP settings are placed in an XML document, WBXML encoded and sent to the device via a WAP Push message. OMA CP messages need to be authenticated on the client before the settings they contain can be applied. Authentication is based on the existence of a shared secret. This can be a PIN code supplied to the user by the operator before the message is sent, or it can be based on some piece of SIM specific data known to both the operator and the device, e.g., the IMSI.
A typical OMA CP use case is as follows. A user gets a new phone and SIM card. He discovers that he cannot connect to the Internet or send MMS messages with his new SIM card. He goes to the operator's web site, navigates to the configuration page, selects his phone model, enters his phone number and presses a button. The web page displays a PIN code which the user notes down. A few seconds later the user should receive a notification on his device. When he clicks on the notification he will be informed that new settings have been received and he will be asked for the pin code. Once he enters the pin code and clicks ok, the settings will be applied. Having accepted the settings the user should discover that he can now browse the Internet and send MMS messages.
For more information about OMA CP the reader is referred to the OMA CP Standards