{"product_id":11450,"v_id":11450,"product_name":"TheJoin, Inc., Join-Virtual Mobile Platform 6.1.0","certification_status":"Certified","certification_date":"2024-02-08T00:00:00Z","tech_type":"Application Software, Network Encryption","vendor_id":{"name":"TheJoin, Inc.","website":"www.thejoin.co.kr"},"vendor_poc":"MyungHo Lee","vendor_phone":"82-2-6949-0335","vendor_email":"koobi.lee@thejoin.co.kr","assigned_lab":{"cctl_name":"Gossamer Security Solutions"},"product_description":"<p class=\"MsoNormal\" style=\"text-align: justify;\">The TOE is the <span style=\"mso-no-proof: yes;\">Join-Virtual Mobile Platform (</span>J-VMP) 6.1.0 Virtual Mobile Infrastructure (VMI) Client application.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The J-VMP client is a mobile client application installed on an Android or iOS mobile device. Using the J-VMP client application, users can access the same mobile environment that includes all their applications and data from any location, without being tied to a single mobile device.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The J-VMP client presents only the interface offered by the VMI server and ensures that communication with the server utilizes secured protocols.</p>","evaluation_configuration":"","security_evaluation_summary":"<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\">The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The evaluation demonstrated that <span style=\"mso-bidi-font-style: italic;\">the TOE </span>meets the security requirements contained in the Security Target.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. <span style=\"mso-spacerun: yes;\">&nbsp;</span>The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The product, when delivered and configured as identified in the <em><span style=\"mso-no-proof: yes;\">Join-Virtual Mobile Platform 6.1.0(J-VMP) USER&rsquo;s Guide</span></em>, Version 6.1.10, 01/25/2024 document, satisfies all of the security functional requirements stated in the <em><span style=\"mso-no-proof: yes;\">TheJoin, Inc., Join-Virtual Mobile Platform 6.1.0 Security Target</span></em>, Version <span style=\"mso-no-proof: yes;\">08</span>, <span style=\"mso-no-proof: yes;\">January 26, 2024</span>.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The project underwent CCEVS Validator review.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The evaluation was completed in <span style=\"mso-no-proof: yes;\">February 2024</span>.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID<span style=\"mso-no-proof: yes;\">11450-2024</span>) prepared by CCEVS.</p>","environmental_strengths":"<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\">The logical boundaries of the <span style=\"mso-no-proof: yes;\">J-VMP 6.1.0</span> client are realized in the security functions that it implements. Each of these security functions is summarized below.</p>\r\n<p class=\"MsoNormal\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Cryptographic support:</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">The J-VMP client utilizes platform APIs to provide secure network communication using HTTPS. The client also uses its own cryptography to establish a trusted TLS channel to transmit data to the VMI Server.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>User data protection:</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">The J-VMP client informs a user of hardware and software resources the TOE accesses. It uses the platform&rsquo;s permission mechanism to get a user&rsquo;s approval for access. The user initiates a secure network connection to the VMI server using the TOE. In general, sensitive data resides on the VMI server and not the J-VMP client, although the client does store encrypted credentials.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Identification and authentication:</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">The J-VMP client performs certificate validation checking for TLS connections.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Both Android and iOS applications support OCSP when performing validity checks.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Security management:</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">The J-VMP client does not include any predefined or default credentials, and utilizes the platform recommended storage process for configuration options.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Privacy:</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">The J-VMP client does not collect any PII and does not transmit any PII over a network.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Protection of the TSF:</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 6.0pt; text-align: justify;\">The J-VMP client relies on the physical boundary of the evaluated platform as well as the Android and iOS operating system for the protection of the TOE&rsquo;s application components.<span style=\"mso-spacerun: yes;\">&nbsp; </span>All compiled J-VMP client code is designed to utilize compiler provided anti-exploitation capabilities.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The J-VMP client application is available through the Google Playstore and the Apple store.</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Trusted path/channels:</strong></p>\r\n<p class=\"Body\"><span style=\"font-family: 'Times New Roman',serif;\">The </span>J-VMP <span style=\"font-family: 'Times New Roman',serif;\">client utilizes platform APIs to establish HTTPS connections to a VMI server. The client also uses its cryptographic library to establish TLS connections to a VMI server.</span></p>","features":[]}