The Target of Evaluation (TOE) is Hypori Halo Client (Windows) 4.3. The TOE is a component of the Hypori Halo Platform. In the Hypori Halo Platform, end users install and run the TOE on their devices to access a Hypori Virtual Device running on a Hypori Server in the cloud. The Hypori Virtual Device on the Hypori Server contains data and applications for the users. The TOE communicates with the Hypori Virtual Device using TLS 1.2 and brokers access between the device and the applications executing in the Hypori Virtual Device.
\r\nThe TOE comprises the Hypori Halo Client (Windows) 4.3 application that installs on the end user’s device and communicates with the Hypori Virtual Device on the server using TLS 1.2 (provided by the underlying Windows platform). The Hypori Server, Hypori Virtual Device, Admin Console, User Management Console, applications running on the Hypori Server, the hardware platform device, and any functions not specified in the ST are outside the scope of the TOE. The TOE’s operational environment comprises the Windows-based device on which it is installed. The TOE is evaluated on Windows 10 and 11.
","evaluation_configuration":"","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the Protection Profile for Application Software, Version 1.4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance documentation, satisfies all of the security functional requirements stated in the Hypori Halo Client (Windows) 4.3 Security Target. The evaluation was completed in March 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
","environmental_strengths":"Cryptographic Support
\r\nThe TOE establishes secure communication with the Hypori Virtual Device on the server using TLS. It uses cryptographic services provided by the platform. The TOE stores certificates for mutual authentication in the Windows Certificate Store.
\r\nUser Data Protection
\r\nThe TOE informs a user of hardware and software resources the TOE accesses. The user initiates a secure network connection to the Hypori Virtual Device on the server using the TOE. In general, sensitive data resides on the Hypori Server and not the TOE or TOE platform, although the TOE does store credentials securely in accordance with the Cryptographic Support function.
\r\nIdentification and Authentication
\r\nThe TOE supports X.509 certificate validation as part of establishing TLS connections. The TOE relies on platform-provided functionality to support certificate validity checking methods, including the checking of certificate revocation status using OCSP. If the validity status of a certificate cannot be determined, the certificate will not be accepted.
\r\nSecurity Management
\r\nSecurity management consists of setting Hypori Client configuration options and applying configuration policies from the Hypori Server. The TOE uses the platform’s mechanisms for storing the configuration settings.
\r\nPrivacy
\r\nThe TOE does not transmit personally identifiable information (PII) over a network.
\r\nProtection of the TSF
\r\nThe TOE uses security features and APIs that the platform provides. The TOE leverages package management for secure installation and updates. The TOE package includes only those third-party libraries necessary for its intended operation.
\r\nTrusted Path/Channels
\r\nThe TOE invokes platform-provided functionality to encrypt all transmitted data using TLS 1.2 for all communication with the Hypori Virtual Device on the Hypori Server.
","features":[{"id":572,"feature_name":"Certificate Authentication"},{"id":573,"feature_name":"Certificate Validation"},{"id":574,"feature_name":"Credential Storage"},{"id":575,"feature_name":"DRBG"},{"id":576,"feature_name":"HTTPS Client"},{"id":577,"feature_name":"HTTPS Server with Mutual Authentication"},{"id":578,"feature_name":"PBKDF"}]}