Compliant Product - Hypori Virtual Mobile Infrastructure Platform 4.2.0 Client (Windows)
Certificate Date: 2021.06.07CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11159-2021
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Application Software Version 1.3
CC Testing Lab: Leidos Common Criteria Testing Laboratory
The Target of Evaluation (TOE) is Hypori Virtual Mobile Infrastructure (VMI) Platform 4.2.0 Client (Windows) (also identified as Hypori Client (Windows) 4.2.0). The TOE is a component of the Hypori VMI Platform. In the Hypori VMI Platform, end users install and run the TOE on their Windows device to access a Hypori Virtual Device running on a Hypori Server in the cloud. The Hypori Virtual Device on the Hypori Server contains data and applications for the users. The TOE communicates with the Hypori Virtual Device using TLS 1.2 and brokers access between the Windows device’s sensors and the applications executing in the Hypori Virtual Device.
The TOE comprises the Hypori Client (Windows) 4.2.0 application as defined in the Hypori Client installation package. The TOE is a Windows-based thin client that communicates only with the Hypori Server, using TLS 1.2 (provided by the underlying Windows platform). The Hypori Server, applications running on the Hypori Server, and any functions not specified in the ST are outside the scope of the TOE. The TOE’s operational environment comprises the Windows-based device on which it is installed. The TOE is supported on Microsoft Windows 10 (64 bit), version 1809 (build 17763) and version 1903 (build 18362).
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the Protection Profile for Application Software, Version 1.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance documentation, satisfies all of the security functional requirements stated in the Hypori Virtual Mobile Infrastructure Platform 4.2.0 Client (Windows) Security Target. The evaluation was completed in June 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE establishes secure communication with the Hypori Server using TLS. It uses cryptographic services provided by the platform. The TOE stores credentials and certificates for mutual authentication in the Windows Credential Manager and the Windows Certificate Store.
User Data Protection
The TOE informs a user of hardware and software resources the TOE accesses. It uses the platform’s permission mechanism to get a user’s approval for access as part of the installation process. The user initiates a secure network connection to the Hypori Server using the TOE. In general, sensitive data resides on the Hypori Server and not the TOE or TOE platform, although the TOE does store credentials securely in accordance with the Cryptographic Support function. Some account provisioning information is also stored locally in the TOE’s private data store, which is controlled by Windows. The data is located in a hidden directory with confidential data stored encrypted, which can only be unencrypted on that local device with that specific user logged in using Windows.Security.Cryptography.DataProtection. DataProtectionProvider class.
Identification and Authentication
The TOE uses the platform’s certificate validation services to authenticate the X.509 certificate the Hypori Server presents as part of establishing a TLS connection.
Security management consists of setting Hypori Client configuration options. The TOE uses the platform’s mechanisms for storing the configuration settings.
The TOE does not transmit personally identifiable information (PII) over a network.
Protection of the TSF
The TOE uses security features and APIs that the platform provides. The TOE leverages package management for secure installation and updates. The TOE package includes only those third-party libraries necessary for its intended operation.
The TOE invokes platform-provided functionality to encrypt all transmitted data using TLS 1.2 for all communication with the Hypori Server.
Matthew A Stern
703-766-7999 ext. 121