Connect Pocket PC to desktop without ActiveSync?

[tamberg]

Are there simple ways to get bytes from a standard Pocket PC to a
desktop PC over a cable (no bluetooth or wifi radio), not involving
ActiveSync? I think of stuff like mounting the device as an USB disk
(?), using a USB to RS232 adapter (?), ...

 

[Paul G. Tobey [eMVP]]

Not without system software support, no. If you want to mount the device as
a USB disk, you need a driver on the device that makes it look like that
(and disables it from looking like an ActiveSync device). I don't know of
any devices that do that, so you'd have to write the driver or find someone
to write it for you.

Let's try a different way of asking this question: *what* are you trying to
accomplish (sending some bytes is not specific enough)? Don't tell us how
you want to do it, but *what* you want to do.

Paul T.

 

[tamberg]

We're looking for a secure way to allow exactly one application on the
desktop to receive data form exactly one device. It's crucial that the
desktop does not become vulnerable. If it's possible to lock down
ActiveSync this might work for us.

 

[Paul G. Tobey [eMVP]]

You don't need to lock down ActiveSync; you need to validate the device that
is trying to connect. So clear this up for me: can you do any of the
following:

1. Install a certificate on the device that you want to allow and check for
that? This seems to be 100% possible for any combination of device and PC.
It's also the hardest to implement.

2. Physically secure the cradle. Put it in a locked box and give the key to
the guy who has the device you want to allow. Low-tech, but very effective
and easy to implement.

3. Get the GUID for the device and send that to the server as part of the
'sign-on' sequence. Pretty reliable, but, if the GUID value becomes known,
easy to bypass.

In all of these cases, ActiveSync is just the conduit for the network
messages between the device and the desktop. I see few potential problems
with that.

Paul T.

 

[Markus Humm]

Hello,

if you can make sure that ActiveSync won't be installed on the PC you
can use RS232 and e.g. user OpenNETCF SDF serial class or the one from
CF 2.0. With this you can send and receive anything you like.

What you make out of it is entirely up to you then!

Greetings

Markus

 

[tamberg]

1) Is there a built in certificate mechanism or do you refer to this MS
Exchange-related
tool?(http://www.microsoft.com/downloads/...18-7965-4883-a8c3-f73f1f4733ac&DisplayLang=en)

2) The PDA / it's user is not trustworthy ...

3) .. but the fact that out client application is running on the PDA
would be good enough, as long as all network traffic is guaranteed to
be handled by our application level protocol.

So I'm still not shure if it's possible to restrict communication over
ActiveSync to a single application.

 

[Paul G. Tobey [eMVP]]

1. Certificate mechanism? There's nothing built into ActiveSync to validate
a certificate. I'm saying that you'd open a socket on the PC and only
validate a connection if the certificate that the client connecting to it,
in this case over ActiveSync, was trusted. It's a very manual scheme where
you have to do everything.

2. I don't understand. You're trying to allow a trustworthy device to
connect, right? So, only give the key to the trustworthy guy! If you just
want to prevent anyone from ever connecting, lock the computer up and don't
install ActiveSync on it!

3. You can't restrict the connection in that way with anything that is built
in. You could configure a firewall on the PC, maybe, and only allow TCP
traffic to certain ports through.

Paul T.

 

[tamberg]

OK, thanks for taking time to answer.