NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Kyocera DuraForce PRO

Certificate Date:  2017.01.05

Validation Report Number:  CCEVS-VR-VID10742-2017

Product Type:    Mobility

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Mobile Device Fundamentals Version 2.0

CC Testing Lab:  Gossamer Security Solutions

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Target of Evaluation is the Kyocera DuraForce PRO smartphone which includes the Qualcomm MSM8952 processor. 

The Kyocera DuraForce PRO includes a 5.0 inch, Full HD 1920x1080 resolution LCD display; a 13MP rear facing camera, 5MP front facing camera and a Super Wide View 1080p HD video Action Camera; 2GB of RAM; 32GB of built-in storage; and a microSD card slot.  The Kyocera DuraForce PRO can operate on CDMA, GSM, UMTS and LTE communication networks[1].

The Kyocera DuraForce PRO is a mobile device that supports individual users as well as corporate enterprises.  The Kyocera DuraForce PRO is based upon Android 6.0.1 as customized by Kyocera.

The TOE provides wireless connectivity and creates a runtime environment for applications designed for the mobile Android environment. The TOE also provides telephony features (make and receive phone calls, send and receive SMS messages), networking features (connect to Wi-Fi networks, send and receive MMS messages, connect to mobile data networks).

[1] CDMA is available only for Sprint and Verizon variants of the mobile device.

Evaluated Configuration

The evaluated configuration consists of the following devices:


Model #



Kernel Version

Build #

Carrier Variant

DuraForce PRO







DuraForce PRO







DuraForce PRO







Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, July 2012.  The product, when delivered and configured as identified in the Kyocera Explorer Common Criteria Guidance Manual, Version 1.2, January 5, 2017 document, satisfies all of the security functional requirements stated in the Kyocera DuraForce PRO Mobile Device (MDFPP20) Security Target, Version 1.0, January 5, 2017.  The project underwent CCEVS Validator review.  The evaluation was completed in October 2016.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10742-2016) prepared by CCEVS.

Environmental Strengths

The logical boundaries of the Kyocera DuraForce PRO are realized in the security functions that it implements. Each of these security functions is summarized below.

Cryptographic support: The TOE includes three cryptographic modules with CAVP validated algorithms for a wide range of cryptographic functions including: asymmetric key generation and establishment, symmetric key generation, encryption/decryption, cryptographic hashing and keyed-hash message authentication. These functions support random bit generation, key derivation, salt generation, initialization vector generation, secure key storage, and key and protected data destruction. These primitive cryptographic functions are used to implement security protocols such as TLS and HTTPS and also to encrypt the media (including the generation and protection of data, right, and key encryption keys) are used by the TOE. Many of these cryptographic functions are accessible as services to applications running on the TOE.

User data protection: The TOE controls access to system services by hosted applications, including protection of the Trust Anchor Database. Additionally, the TOE protects user and other sensitive data using encryption so that even if a device is physically lost, the data remains protected.

Identification and authentication: The TOE supports a number of features related to identification and authentication. From a user perspective, except for limited functions such as making phone calls to an emergency number and receiving notifications, a password (i.e., Password Authentication Factor) must be correctly entered to unlock the TOE. Also, even when the TOE is unlocked the password must be re-entered to change the password. Passwords are obscured when entered so they cannot be read from the TOE's display. The TOE limits the frequency of password entry and when a configured number of failures occurs, the TOE performs a full wipe of protected content. Passwords constructed using upper and lower cases characters, numbers, and special characters and up to 14 characters must be supported.

The TOE serves as an 802.1X supplicant and uses X509v3 certificates and perform certificate validation for a number of functions when applicable such as EAP-TLS, TLS, and HTTPS exchanges.

Security management: The TOE provides all the interfaces necessary to manage the security functions claimed in the corresponding Security Target (and conforming to the MDFPP requirements) as well as other functions commonly found in mobile devices. Some of the available functions are available only to the mobile device users while many are restricted to administrators operating through a Mobile Device Management solution once the TOE has been enrolled. Once the TOE has been enrolled and then un-enrolled, it issues an alert to the administrator and wipes the device to complete the unenrollment.

Protection of the TSF: The TOE implements a number of features designed to protect itself to ensure the reliability and integrity of its security features. It protects particularly sensitive data such as cryptographic keys so that they are not accessible or exportable. It provides a timing mechanism to ensure that reliable time information is available (e.g., for cryptographic operations and perhaps user accountability). It enforces read, write, and execute memory page protections, use address space layout randomization, and use stack-based buffer overflow protections to minimize the potential to exploit application flaws. It is also designed to protect itself from modification by applications as well as to isolate the address spaces of applications from one another to protect those applications.

The TOE includes functions to perform self-tests and software/firmware integrity checking so that it might detect when it is failing or may be corrupt. If any self-test fails, the TOE does not go into an operational mode. It also includes a mechanism (i.e., verification of the digital signature of each new image) so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE. Digital signature checking also extends to verifying applications prior to their installation.

Trusted path/channels: The TOE supports the use of 802.11-2012, 802.1X, and EAP-TLS to secure communications channels between itself and other trusted network devices.

TOE access: The TOE is lockable, obscuring its display, by a user or after a configured interval of inactivity.  The TOE is able to attempt to connect to wireless networks as configured.

Vendor Information

Kyocera Corporation
Anupam Juneja
Site Map              Contact Us              Home