CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The TOE is a thin client application installed and executed on an Android mobile device. The TOE establishes communications to a Virtual Mobile Infrastructure (VMI) platform (using a remote display protocol) and remotely displays the virtual apps that are running within the VMI platform. No output is displayed from other applications. The TOE only connects the mobile device to the virtual servers and is not responsible for the execution of the virtual apps.

With VMI, virtual applications execute on a user’s behalf on VMI servers. No executable code associated with the virtual applications is downloaded to the user’s device. Instead, the TOE displays the output from the virtual applications, and forwards input from the user to the virtual applications.

The TOE controls all communication between itself and the VMI environment. The TOE is only to be used with the Nubo Management Server and the Nubo Gateway. This ensures that all communication occurs over a secure connection within a secure remote application infrastructure. All network connections are initiated by the TOE. Connection requests by a VMI server are not accepted.

Direct connection is established between the TOE and the Nubo Management Server. The Nubo Management Server processes user activation and login and communicates with the TOE and the Nubo Gateway.  The Nubo Gateway implements the connection for executing the virtual applications. The traffic for the virtual applications (that are transmitted from the VMI platform to the Nubo Gateway) is sent over a single trusted channel between the Management Server and the TOE.

The user installs the TOE from the Google Play Store. The app store contains a generic version of the Android app which does not contain any user credentials or details. Initially, TOE user credentials are sent to the Management Server, the Management Server registers the TOE user, the user activates the TOE, and connects to the Nubo Management Server. Once registered, the user is required to authenticate itself to the Management server on successive sessions with the VMI environment. 

The Target of Evaluation (TOE) is the Nubo Client Version 3.2. The TOE runs on Samsung Galaxy S10 devices with Android 12 operating system.  The TOE was tested on a Samsung Galaxy S10 64-bit device with Qualcomm Snapdragon 855 processor, running Android 12 operating system.

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Nubo Client Version 3.2 has been evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  The product, when configured as identified in the Nubo Client Version 3.2 Guidance Document, 15 December 2023, satisfies all of the security functional requirements stated in the Nubo Client Version 3.2 Security Target, version 1.18, 15 December 2023. The evaluation was completed in December 2023.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11380-2023) prepared by CCEVS.

The TOE implements the security functions and security mechanisms identified in the following sections.

Cryptographic Support: The TOE implements cryptographic functions for DRBG, key establishment, TLS and HTTPS protocols, and X.509 certificate validation. The TOE implements TLS using BoringSSL Library which in turn implements cryptographic functions using the BoringCrypto Library.

User Data Protection: The TOE stores sensitive user data (such as the user’s full name and email address) encrypted in local files. These files are private to the TOE. The TOE also stores unencrypted cache files of graphical resources that are fetched from the server, which are pre-defined as non-sensitive data. The TOE can access physical resources on the mobile device but does not store locally any data fetched from a physical resource.

Identification and Authentication: The identification of a user is comprised of the email address of the user and a unique client activation code, which identifies the specific TOE installation on a specific device. Authentication of the user of the TOE to the Nubo Management Server is one factor.

Security Management: The TOE does not have default credentials. The user selects the credentials when registering to the Management Server. The TOE uses the platform mechanism for storing configuration settings.

When the TOE is installed for the first time, it is not recognized by the remote system and must be activated prior to becoming operational. The user sends an activation request to which the Management Server responds either by a Client Activation Key or by a rejection of the activation. If activation is successful, the TOE saves the Client Activation Key in the Android keystore.

Once installed, the TOE may be upgraded and patches may be obtained from the Google Play Store if an appropriate upgrade is available.

Privacy: Personal Identifiable Information (PII) collected during the activation is transmitted to the Management Server over a trusted channel. The PII is a password created by the user. User consent is required before transmitting the information to the server.

Protection of the TSF: The Android platform provides protection of the TSF data. The platform protection mechanisms include checks that the TOE is properly signed and protection of the TOE and TOE Data from access by other apps. Secure delivery of the TOE and updates is accomplished though the delivery of the TOE and updates from the Google Play Store.

Trusted Channels: The TOE establishes a TLS 1.2 connection for all communications with the Management Server. The channel is used for identification, configuration, authentication, receiving remote display data from the virtual apps, and sending user input data to the servers and to the virtual apps.

Vendor Information