CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The TOE is the Join-Virtual Mobile Platform (J-VMP) 6.1.0 Virtual Mobile Infrastructure (VMI) Client application.  The J-VMP client is a mobile client application installed on an Android or iOS mobile device. Using the J-VMP client application, users can access the same mobile environment that includes all their applications and data from any location, without being tied to a single mobile device.  The J-VMP client presents only the interface offered by the VMI server and ensures that communication with the server utilizes secured protocols.

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance.  The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.  The product, when delivered and configured as identified in the Join-Virtual Mobile Platform 6.1.0(J-VMP) USER’s Guide, Version 6.1.10, 01/25/2024 document, satisfies all of the security functional requirements stated in the TheJoin, Inc., Join-Virtual Mobile Platform 6.1.0 Security Target, Version 08, January 26, 2024.  The project underwent CCEVS Validator review.  The evaluation was completed in February 2024.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11450-2024) prepared by CCEVS.

The logical boundaries of the J-VMP 6.1.0 client are realized in the security functions that it implements. Each of these security functions is summarized below.

Cryptographic support:

The J-VMP client utilizes platform APIs to provide secure network communication using HTTPS. The client also uses its own cryptography to establish a trusted TLS channel to transmit data to the VMI Server.

User data protection:

The J-VMP client informs a user of hardware and software resources the TOE accesses. It uses the platform’s permission mechanism to get a user’s approval for access. The user initiates a secure network connection to the VMI server using the TOE. In general, sensitive data resides on the VMI server and not the J-VMP client, although the client does store encrypted credentials.

Identification and authentication:

The J-VMP client performs certificate validation checking for TLS connections.  Both Android and iOS applications support OCSP when performing validity checks.

Security management:

The J-VMP client does not include any predefined or default credentials, and utilizes the platform recommended storage process for configuration options.

Privacy:

The J-VMP client does not collect any PII and does not transmit any PII over a network.

Protection of the TSF:

The J-VMP client relies on the physical boundary of the evaluated platform as well as the Android and iOS operating system for the protection of the TOE’s application components.  All compiled J-VMP client code is designed to utilize compiler provided anti-exploitation capabilities.  The J-VMP client application is available through the Google Playstore and the Apple store.

Trusted path/channels:

The J-VMP client utilizes platform APIs to establish HTTPS connections to a VMI server. The client also uses its cryptographic library to establish TLS connections to a VMI server.

Vendor Information