Windows Mobile Security Features

Security technologies control access to resources, such as devices, applications and data. They help ensure information confidentiality, data integrity, entity authentication, and data origin authentication. Windows Mobile devices have the following security features.

Account Database

The Account Database is a repository that contains descriptions about each account and group on the system, as well as system privilege assignments.

Certificates

Certificates enable users to provide enhanced security in communications by providing a common credential to verify identity.
For more information about Certfiicates see http://msdn.microsoft.com/en-us/library/aa923645.aspx.

Credential Manager

Credential Manager is one of several authentication services which can be used to authenticate clients accessing remote resources. Credential Manager, specifically, deals with managing credential information such as user names and passwords.
Credential Manager provides storage for cached credentials, and enables the sharing of common credentials. A credential represents information used to access resources on behalf of a user. An example of a user credential is the password of a domain user that is used to access remote file shares.
For more information see http://msdn.microsoft.com/en-us/library/aa923650.aspx.

Authentication Services

Authentication services can be used by application developers to authenticate clients. Services supported include security services for user authentication, credential management, and message protection through a programming interface called the Security Support Provider Interface (SSPI).
Within SSPI, different security providers are available, such as the NTLM security support provider (SSP) and Kerberos SSP; each one contains different authentication and cryptographic schemes. Optionally, an OEM can write their own security package and add it to the registry for applications to use.
More information, reference, and code samples can be found on MSDN: http://msdn.microsoft.com/en-us/library/aa922814.aspx.

Cryptography

Cryptography provides a way to distribute or receive information in secret code, so only the intended parties can read or send it. Cryptography in Windows Mobile devices includes the Cryptography API set (CryptoAPI), which provides services that enable application developers to add encryption and decryption of data. Application developers can use CryptoAPI without knowing details of the underlying implementation, in much the same way as they can use a graphics library without knowing anything about the particular graphics hardware settings. CryptoAPI works with a number of Cryptographic Service Providers that perform the actual cryptographic functions.
For more information see http://msdn.microsoft.com/en-us/library/aa920071.aspx.

Local Authentication Subsystem (LASS)

LASS provides the infrastructure that enables user authentication independent of the application and the specific authentication mechanism. LASS allows you to support sophisticated authentication mechanisms, such as biometrics. In addition, you can use LASS functionality to specify event-based policies to authenticate users.
For more information see http://msdn.microsoft.com/en-us/library/aa923670.aspx.

Security Loader

The Security Loader is an authentication mechanism that is used to determine access rights for processes.

SmartCard

The smart card subsystem provides a link between smart card reader hardware and applications that are smart-card-aware.
For more information see http://msdn.microsoft.com/en-us/library/aa919726.aspx.

Return to Windows Mobile Developer Wiki Home Page.