Kyocera DuraForce PRO Common Criteria Guidance Manual

1|Page

2|Page

Document History Version 0.1 0.2 0.3 0.4 0.5 1.0 1.1 1.2

Date 12/05/2016 27/07/2016 05/08/2016 06/09/2016 08/09/2016 30/09/2016 08/11/2016 05/01/2017

Description First Draft Second Draft Third Draft Fourth Draft Fifth Draft Official Release Revision 1 Revision 2

3|Page

Table of Contents Document History ................................................................................................................................... 3 1. Document Introduction ...................................................................................................................... 7 1.1. Evaluated Devices ........................................................................................................................ 7 1.2. Glossary ........................................................................................................................................ 8 2. Evaluated Capabilities ......................................................................................................................... 9 2.1. Cryptographic Key Management ................................................................................................. 9 2.2. Data Protection .......................................................................................................................... 10 2.3. User Data Protection.................................................................................................................. 10 2.4. Certificate Validation ................................................................................................................. 11 2.5. MDM Capabilities....................................................................................................................... 11 2.6. Firmware Update Protection ..................................................................................................... 12 3. Security Configuration ...................................................................................................................... 13 3.1 Common Criteria Mode .............................................................................................................. 13 3.2. Common Criteria Related Settings ............................................................................................. 14 4. Secure Update Process ..................................................................................................................... 24 5. Cryptographic APIs ............................................................................................................................ 24 5.1 FCS_CKM.2(1) - RSA .................................................................................................................... 24 5.2 FCS_CKM.2(1) – ECDH ................................................................................................................. 25 5.3 FCS_COP.1(1) - AES CBC .............................................................................................................. 26 5.4 FCS_COP.1(2) - SHA ..................................................................................................................... 26 5.6 FCS_COP.1(3) – ECDSA(Signature Algorithms)............................................................................ 27 5.7 FCS_COP.1(4) - HMAC ................................................................................................................. 29 6. VPN Configuration............................................................................................................................. 30 6.1. Configuring Advanced IPSec VPN............................................................................................... 30 7. Wi-Fi Configuration ........................................................................................................................... 34 8. Bluetooth Configuration ................................................................................................................... 35 9. Data Separation ................................................................................................................................ 37 9.1. Wiping Enterprise Data .............................................................................................................. 37 10. Device Internal Storage ................................................................................................................... 37 10.1 Device Internal storage full encryption......................................................................................... 37 11. SD Card Behaviour .......................................................................................................................... 39 11.1. Encrypting New Files on a SD Card .......................................................................................... 39 11.2. Encrypting All Files on a SD Card.............................................................................................. 40 11.3. Decrypting a SD Card ............................................................................................................... 44 12. Notification Control ........................................................................................................................ 49

4|Page

Appendix A. Generating Secure Random Data ..................................................................................... 52 Appendix A.1. Android API for Generating Secure Random Data .................................................... 52 Appendix B. Secure Key Storage ........................................................................................................... 52 Appendix B.1. Key Usage .................................................................................................................. 52 Appendix B.2. Symmetric Key Generation ........................................................................................ 53 Appendix B.3. Symmetric Key Encryption/Decryption ..................................................................... 53 Appendix B.4. Asymmetric Key Generation ...................................................................................... 54 Appendix B.5. Asymmetric Key Sign and Verify ................................................................................ 54 Appendix B.6. Key Destruction ......................................................................................................... 55 Appendix C. Guidance for Using HTTPS/TLS APIs ................................................................................. 55 Appendix C.1. Android APIs for TLS Connection ............................................................................... 55 Appendix C.2. How to Set Cipher Suites Using Android API ............................................................. 56 Appendix C.3. How to Set Client Certificate ..................................................................................... 57 Appendix D. Guidance for Bluetooth APIs ............................................................................................ 58 Appendix D.1. Android APIs for Bluetooth ....................................................................................... 58 Appendix. D.2. How to Establish a Secure Channel for Bluetooth using Android API ...................... 59 Appendix D.3. How to Interact with the BLE device via the Android BLE API .................................. 59 Appendix. D.4. How to Establish a Profile Connection for Bluetooth Using Android API ................ 61 Appendix E: Error Cases ........................................................................................................................ 62 Secure Boot ....................................................................................................................................... 62 Self Test ............................................................................................................................................. 63

5|Page

6|Page

1. Document Introduction This document contains information and guidance for the deployment of Kyocera DuraForce PRO devices in accordance with the Common Criteria configuration.

1.1. Evaluated Devices The Common Criteria evaluation was performed on the Kyocera DuraForce PRO device. The table below provides the list of devices and their specifications that have been evaluated for compliance to the Mobile Device Fundamentals Protection Profile. Device Information Device Name

Base Android Kernel Build Number Model Version Version Number E6810 6.0.1 3.10.84 77f9a2518fcf54e010ac4708f980bc92

Kyocera DuraForce PRO with SAPPHRE SHIELD Kyocera E6820 DuraForce PRO Kyocera E6830 DuraForce PRO

Carrier Processor Model Information Verizon Qualcomm MSM8952

6.0.1

3.10.84 5af5d0a4566fec0b8bab756b3386c667 AT&T

Qualcomm MSM8952

6.0.1

3.10.84 c0307913ad6ff1e293bf8a646988d5bd Sprint

Qualcomm MSM8952

The information about the device, components on the device and build details are available under Settings/About phone. The following are version information that can be found: Android version : Click on Settings/About Phone/Software Info/Android version This shows the details of the Android OS version. Software version: Click on Settings/About Phone/Software Info/Software version This shows the details of the binary image version for the device. Security software version: Click on Settings/About Phone/Software Info/Security software version This shows the Common Criteria evaluations and the version of the software components related to those evaluations on the device.The evaluated version is 1.0.

Note:  All the evaluated Kyocera DuraForce PRO device models have the Android 6 (Marshmallow) version.

7|Page

1.2. Glossary                                           

AES : Advanced Encryption Standard BLE : Bluetooth Low Energy API : Application Programming Interface APK : Android Application Package CA : Certificate Authority CBC : Cipher Block Chaining CC : Common Criteria CCTL : Common Criteria Testing Laboratory CTR : Counter DEK : Data Encryption Key DPC : Device Policy Controller DRBG : Deterministic Random Bit Generator ECDH : Elliptic curve Diffie–Hellman ECDSA : Elliptic Curve Digital Signature Algorithm EAP-TLS : Extensible Authentication Protocol - Transport Layer Security EAP-TTLS : Extensible Authentication Protocol – Tunneled Transport Layer Security FDE : Full Disk Encryption FIPS : Federal Information Processing Standards GPS : Global Positioning System HMAC : Keyed-Hash Message Authentication Code HTTP : Hypertext Transfer Protocol HTTPS : HTTP Secure IPsec : Internet Protocol Security IT : Information Technology KEK : Key Encryption Key FOTA : Firmware Over The Air MDM : Mobile Device Management MTP : Media Transfer Protocol NFC : Near Field Communication NIST : National Institute of Standards and Technology ODE : On Device Encryption OS : Operating System PBKDF2 : Password-Based Key Derivation Function 2 PIN : Personal Identification Number PKCS : Public Key Cryptography Standards POST : Power On Self Test RFCOMM : Radio Frequency Communication RSA : Rivest Shamir Adleman SD Card : Secure Digital Card SDK : Software Development Kit SHA : Secure Hash Algorithm SMS : Short Message Service SSID : Service Set Identifier

8|Page

       

TLS : Transport Layer Security URL : Uniform Resource Locator USB : Universal Serial Bus VPN : Virtual Private Network WEP : Wired Equivalent Privacy Wi-Fi : Wireless Fidelity WLAN : Wireless Local-Area Network WPA : Wi-Fi Protected Access

2. Evaluated Capabilities The Kyocera DuraForce PRO has been evaluated for the following security capabilities. In CC mode, the device will only use approved cryptography and no configuration is required.

2.1. Cryptographic Key Management The device Key Management capability secures the keys and/or credentials necessary for on device encryption, SD Card encryption & Android KeyStore. i. Random Number Generation Random Number Generation will be in accordance with NIST 800 - 90a using CTR_DRBG (AES) to generate keys that provide entropy greater than 128 bits. ii. Key Management Data protection keys like DEKs along with keys that protect other keys like KEKs are generated using strong key generation cryptographic algorithms. iii. Key Storage The key storage functionality is designed to store the cryptographic keys which are backed by a hardware-protected key into a special user partition. This special partition will be wiped out on factory reset.

2.2. Data Protection Kyocera device provide security functionality for data-at-rest protection. The device is equipped with capability to deliver fool-proof protection to all user data stored on the internal device storage and an external SD card. Kyocera data at rest protection works as below: Encryption of device internal storage

9|Page

 All user data is encrypted with 256-bits AES (Advanced Encryption Standard) algorithm and stored in the user partition.  The encryption key is protected by the KEK key generated by combining a KEK derived from a user PIN or password using PBKDF2 with a randomly generated KEK which is protected by the hardware. Encryption of removable storage  All the files already saved to the SD Card (along with any new files that will be created in future) will get encrypted using 256-bits AES algorithm. These encrypted file will be stored in the SD Card.  The encryption key is protected by the KEK which lies in the Kernel database.

2.3. User Data Protection The device provides the following categories of system services to applications. 1. Normal: A lower-risk permission that gives an application access to isolated application-level features, with minimal risk to other applications, the system, or the user. The system automatically grants this type of permission to a requesting application at installation, without asking for the user's explicit approval (though the user always has the option to review these permissions before installing). 2. Dangerous: A higher-risk permission that would give a requesting application access to private user data or control over the device that can negatively impact the user. Because this type of permission introduces potential risk, the system may not automatically grant it to the requesting application. For example, any dangerous permissions requested by an application may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities. 3. Signature: A permission that the system is to grant only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval. 4. SignatureOrSystem: A permission that the system is to grant only to packages in the Android system image or that are signed with the same certificates. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. This permission is used for certain special situations where multiple vendors have applications built in to a system image which need to share specific features explicitly because they are being built together.

10 | P a g e

2.4. Certificate Validation To protect your secure connection from invalid certificates and possibility of spoofing, the device performs certificate validation and revocation status check before establishing connection. This feature is enabled automatically when the device functions in CC mode.

2.5. MDM Capabilities Although MDM capabilities are available in native Android OS, Kyocera has added extensive set of MDM APIs thereby providing extended capabilities to configure various device and application settings, control hardware components and manage applications at much more granular levels. This includes ability to enforce Wi-Fi whitelisting, enable/disable of GPS and VPN, blocking the usage of camera etc. Kyocera approved third party MDM vendors can use Kyocera MDM SDK to write their own MDM solutions. Kyocera MDM Features * Password Management * Encryption policy * Device hardware/feature restriction * Wi-Fi Configuration Management * Application Management * CC Mode Management

2.6. Firmware Update Protection In the CC mode, only updates verified using 2048-bit RSA algorithm and SHA-256 hash are permitted. Restriction is imposed on all other methods for performing unsecured firmware updates.

11 | P a g e

3. Security Configuration 3.1 Common Criteria Mode Kyocera provides stand-alone app that can bring the device into the Common Criteria-evaluated configuration. This is called CC Mode. To configure CC Mode, user need to obtain CC Mode APK from Kyocera or Kyocera approved point of contacts.The usage of CC Mode application may be governed by additional contracts/agreements regulated by Kyocera International Inc. Before installing the CC Mode app, you must enable Unknown Sources for applications as the app will not be installed from the Google Play Store. This can be achieved by going to Settings/Security/Unknown sources. To enable CC Mode, find the app (named CC Status change). Launch the app and configure the settings as given below: 1. Enable the lock screen password. 2. Set incorrect password attempts for device wipe. 3. Set password history length. 4. Enable device internal storage full encryption. 5. Enable SD card encryption. Click ENABLE CC STATUS. In CC Mode, below restrictions will be applied to the device : 1. 2. 3. 4.

Use of fingerprint authentication for device unlock will be restricted. Smart Lock will be disabled. Adb access will be disabled. For the “Screen lock type” setting, all available options other than “Password” will be disabled. 5. On expiration of the lock screen password, the device will continuosly display the password change screen.User must change the password to use the device. Note: - Once CC Status change apk is installed, Unknown Sources can be disabled. - The CC Mode status can be seen by going to Settings/About phone/Status/Common Criteria status. - Once a device has been placed into CC Mode, the only way to disable it is to select “Disable Common Criteria Status” in CC App or perform a factory reset (Settings/Backup&Reset/Factory Data Reset). Once CC Mode has been enabled, the app can be removed from the device. To remove the app from the device, you must first disable it as a Device Administrator. This can be done through Settings/Security/Device Administrators. Unselect the CC Status change and choose Deactivate. The app can now be removed through the Application Manager or through the MDM.

12 | P a g e

3.2. Common Criteria Related Settings To enable CC Mode on device the CC Mode application uses the APIs as listed in Table 1. Sr N o. 1.

Secu rity Feat ure CC Mod e

2.

CC Mod e

3.

CC Mod e

4.

CC Mod e

5.

CC Mod e

Setti ng

Descripti on

Req. Value

API

Com mon Crite ria Mod e Com mon Crite ria Mod e Com mon Crite ria Mod e Com mon Crite ria Mod e

Enable/ Disable CC Mode on device

EnableCCMode = True/False

setCCMode(final ComponentName adminReceiver, final boolean enableCCMode)

Com mon Crite ria Mod e

UI

Check CC Mode precondi tions on device

checkCCModePreconditions (ComponentName adminReceiver, int userHandle)

Check if CC Mode is enabled on device Enforce external SD Card encrypti on (It is one of precondi tions to enable CC Mode) Enforce Internal storage full encrypti on (It is one of precondi tions to enable CC Mode)

isCCModeEnabled(Compon entName adminReceiver, int userHandle)

SdcardConfig = MdmPolicyManager.SDCARD_ENFOR CE_ENCRYPTION

setSdcardRestricted(Compo nentName adminReceiver,int sdcardConfig)

StorageEncryptionConfig = MdmPolicyManager.INTERNAL_ENFO RCE_ENCRYPTION_FULL

setStorageEncryption(Comp onentName adminReceiver,int storageEncryptionConfig)

PreCond itions

13 | P a g e

6.

CC Mod e

Com mon Crite ria Mod e

7.

CC Mod e

8.

CC Mod e

Com mon Crite ria Mod e Com mon Crite ria Mod e

Enforce passwor d quality (It is one of precondi tions to enable CC Mode) Set passwor d history length

Quality = DevicePolicyManager.PASSWORD_Q UALITY_ALPHANUMERIC

setPasswordQuality(Compo nentName adminReceiver, int quality)

Length = 3

setPasswordHistoryLength( ComponentName adminReceiver, int length)

Set incorrect passwor d attempts before device wipe(It is one of precondi tions to enable CC Mode)

Authentications =10

setIncorrectAuthForWipe(C omponentName adminReceiver, int authentications)

PreCond itions

PreCond itions

Table 1. APIs to enable CC Mode.

List of MDM APIs in addition to that of Android Device Policy Manager (DPM) are listed in Table 2. Sr Security No Feature .

Setting

Description

Req. Value

API

UI

14 | P a g e

1.

2.

Password Managem ent

Wipe Device

Removes all Enable data from device

wipeProtectedData(ComponentName adminReceiver)

Reset your settings to the factory default values and delete all your data. Settings > Backup & reset > Factory data reset

Password Length

Minimum number of characters in a password

setMiniPasswordLength(ComponentNa me adminReceiver, int passLength)

NA

Greater than 6

3.

Password Specify the Complexit type of y characters required in a password

setPasswordQuality(ComponentName adminReceiver, int quality)

NA

4.

Max. Password Failed Attempts Remote Lock

setIncorrectAuthForWipe(ComponentN ame adminReceiver, int authentications)

N/A

5.

6.

7.

8.

Radio Control

Max no. of 10 or authenticati less on failures

Locks the device remotely Remove You cannot Enterprise see the applicatio application ns icon in the Launcher's menu Control Control Wi-Fi access to Wi-Fi

Enable

lockNow(ComponentName adminReceiver)

N/A

Disable

removeEnterpriseApps(ComponentNa me adminReceiver)

N/A

Enable/ Disable

Control

Enable/

setMdmWifiRestricted(ComponentNam Turns on Wie adminReceiver, int wifiConfig) Fi to connect to available Wi-Fi networks. Settings > Networks > Wi-Fi setLocationRestricted(ComponentNam Turn on

Control

15 | P a g e

GPS

access to GPS

Disable

9.

Control Cellular

Control access to Cellular

Enable/ Disable

10 .

Control NFC

Control access to NFC

Enable/ Disable

11 .

Control Control Bluetooth access to Bluetooth

Enable/ Disable

e adminReceiver,int locationConfig)

location service, your phone determines your approximate location using GPS. Settings > General > Location > Mode > Device sensors only(GPS only) setCellularRestricted(ComponentName Turn off all adminReceiver,int cellConfig) wireless connections( Wi-Fi, Bluetooth and data) and calls. Settings > Networks > More > Wireless & networks > Airplane mode setFeatureRestricted(ComponentName Allow adminReceiver,int featureConfig) sending and receiving data, such as transportatio n or credit card info, by holding phone and other device together. Settings > Networks > Share & connect > NFC setBluetoothRestricted(ComponentNa Turn the me adminReceiver,int bluetoothConfig) Bluetooth wireless feature on or off to use Bluetooth Settings > Networks >

16 | P a g e

Bluetooth Turn on location service, your phone determines your approximate location using GPS, Wi-Fi and mobile networks Settings > General > Location > Mode > High accuracy(GPS and networks) N/A

12 .

Control Location Service

Control access to Location Service

Enable/ Disable

setLocationRequired(ComponentName adminReceiver,int locationConfig)

13 .

Control SMS

Enable/ Disable

setFeatureRestricted(ComponentName adminReceiver,int featureConfig)

14 .

Control VPN

Control Messaging capabilities Control access to VPN

Enable/ Disable

15 Wi-Fi . Settings

Specify Wi-Fi SSIDs

setNetworkFunctions(ComponentName Displays the adminReceiver,int networkFunction) list of Virtual Private Networks (VPNs) that you've previously configured. Allows you to add different types of VPNs. Settings > Networks > More > Wireless & networks > VPN addSsidToWhitelist(ComponentName NA adminReceiver, List ssids)

Specify SSID listType values for =2 connecting to Wi-Fi. Can also create white and black lists for SSIDs

isWhitelistedSsid(ComponentName adminReceiver, String ssid) removeSsidFromWhitelist(ComponentN ame adminReceiver, List ssids) getMdmWifiWhitelistEnabled(Compon

17 | P a g e

entName adminReceiver) setMdmWifiWhitelistEnabled(Compone ntName adminReceiver, boolean enableWhitelist) 16 .

Set WLAN CA Certificat e

Select the CA addNetworkConfig(ComponentName CA Certificat adminReceiver, KCWifiConfiguration Certificate e kcConfig) for the WiFi connection getInstalledCertificates(ComponentNa me adminReceiver,

Add new WiFi Config : Settings > WiFi > Add Network

String prefix) 17 .

18 .

19 Hardware . Control

20 . 21 .

22 .

23 .

Specify security type

Specify the connection security (WEP, WPA2, etc) Select Specify the client client credential credentials s to access a specified WLAN Control Control Micropho access to ne microphone s Control Control Camera access to camera Control Control USB access to Debuggin USB g debugging.

Wi-Fi connecti on type

addNetworkConfig(ComponentName adminReceiver, KCWifiConfiguration kcConfig)

Wi-Fi credenti als

addNetworkConfig(ComponentName adminReceiver, KCWifiConfiguration kcConfig)

Enable/ Disable

setCaptureRestricted(ComponentName N/A adminReceiver,int captureConfig)

Enable/ Disable

setNativeAppRestricted(ComponentNa N/A me adminReceiver,int nativeAppConfig)

Enable/ Disable

Control SD Card

Enable/ Disable

setMdmUsbRestricted(ComponentNam Turn on e adminReceiver, int usbConfig) debug mode when USB is connected Settings > General > Developer options > USB debugging setSdcardRestricted(ComponentName Settings > adminReceiver, int sdcardConfig) General > Storage >SD CARD setMdmUsbRestricted(ComponentNam Connect the e adminReceiver, int usbConfig) USB cable to share the internet connection

Control access to SD card storage. Control Control USB access to Tethered USB Connectio tethered ns connections

Enable/ Disable

Add new WiFi Config : Settings > WiFi > Add Network Add new WiFi Config : Settings > WiFi > Add Network

18 | P a g e

.

24 .

Control Bluetooth Tethered Connectio ns

Control Enable/ access to Disable Bluetooth tethered connections .

25 .

Control Hotspot Connectio ns

Control Enable/ access to Disable Wi-Fi hotspot connections

26

Automati

Allows the

Enable/

with the computer. Settings > Networks > More > Wireless & networks > USB tethering setBluetoothRestricted(ComponentNa Turn on me adminReceiver,int bluetoothConfig) Bluetooth tethering and connect other devices to phone via Bluetooth Settings > Networks > More > Wireless & networks > Bluetooth tethering setFeatureRestricted(ComponentName Allows you to adminReceiver,int featureConfig) use your device as a Wi- Fi hotspot for other devices to use your mobile network connection. Set up Wi-Fi hotspot: Sets the SSID and password for your Wi-Fi hotspot. Timeout: Allows you to set the time after which Wi-Fi hotspot automatically turns off. Settings > Networks > More > Wireless & networks > Mobile Hotspot setFeatureRestricted(ComponentName Use Date &

19 | P a g e

.

c Time

27 Applicatio . n Control

Install Installs Applicatio specified n application

installPackage(ComponentName adminReceiver, Uri packageURI, IPackageInstallObserver observer, int flags, String installerPackageName)

28 .

Uninstall Uninstalls Applicatio specified n application

uninstallPackage(ComponentName adminReceiver, String packageName, IPackageDeleteObserver observer, boolean isAllUsers)

29 Backup .

Enable/di sable backup

30 Bluetooth .

31 Hotspot .

device to get time from the Wi-Fi connection

Disable backup to locally connected system Disable backup to remote system Set/Updat Sets or e updates bluetooth bluetooth name name Set and retrieve hotspot state

Sets or retrieves Hotspot state

Disable

Disable

adminReceiver,int featureConfig)

setNativeAppRestricted(ComponentNa me adminReceiver,int nativeAppConfig)

time settings to set how dates will be displayed. You can also use these settings to set your own time and time zone rather than obtaining the current time from the mobile network. Settings > General > Date & Time Install applications from Google Play Store app Settings > General > Application manager > menu > Uninstall apps N/A

updateBluetoothName(ComponentNa me adminReceiver, String name)

Settings > Bluetooth> Menu > Rename this device

setWifiApState(ComponentName adminReceiver, boolean state)

Settings > Mobile Hotspot

isWifiApEnabled(ComponentName adminReceiver) 32 Certificate

Import

Installs

installCertificate(ComponentName

Settings >

20 | P a g e

.

X509 v3 X509 v3 certificate certificate s from internal storage / sdcard

adminReceiver, Uri certUri, byte[] certBuffer, String password, String certName, int uId)

Security > Install from SD card

33 .

Password history length

Sets device password history length

setPasswordHistoryLength(final ComponentName adminReceiver,

N/A

34 .

Internal storage encryptio n

Encrypts internal storage(full device encryption)

setStorageEncryption(ComponentName Settings > adminReceiver, Security > Phone int storageEncryptionConfig)

35 .

System software update

Runs the system software update

doSystemSoftwareUpdate(Component Name adminReceiver)

int length)

Settings > System updates

Table 2. Kyocera specific MDM API

[Password Policy Recommendation] Users will be required to set a password when the device is first configured in CC Mode. The password will protect device against unauthorised access and will protect the key to encrypt the data on the device. While the password is entered, the device obscures the character by replacing it with a dot (.) symbol. For better security, it is strongly recommended to select an appropriate password using below password policies.

1. Password Length: For setting the good password, administrator has to set password length. It is recommended that the password length is more than 8 characters. (Please refer to No.10 in Table 2) . 2. Password Complexity and Quality: Password complexity should include more than 1 character, number and symbol. Administrator can enforce minimum number of numeric, upper and lower case, symbol, and so on. Administrator also can choose one of password quality to increase the level of password strength; PASSWORD_QUALITY_UNSPECIFIED, PASSWORD_QUALITY_SOMETHING, PASSWORD_QUALITY_NUMERIC, PASSWORD_QUALITY_ALPHABETIC,

21 | P a g e

PASSWORD_QUALITY_ALPHANUMERIC, or PASSWORD_QUALITY_COMPLEX. (Please refer to No. 11 in Table 2). 3. Maximum password failed attempt: Administrator can set maximum password failed attempt policy. The device will be wiped immediately when maximum count is reached in case of unsuccessful authentication. For example, when maximum password failed attempt is 10, if the half of maximum count(5) is reached , device shows the warning message and requires user input to continue trying authentication and then, if maximum count(10) is reached, the device will be wiped. (Please refer to No.12 in Table 2).

4. Secure Update Process This section provides details about the process of delivering secure updates. Kyocera allows installation of updates using USB and Firmware over the Air (FOTA).The updates are either in the form of full or delta packages. When FOTA updates are made available, the user will be prompted to download and install the update. The user may also choose to manually download update from designated cloud server and install the update manually over USB (using Kyocera provided update tool). For both manual and FOTA install method, the update package is checked automatically for integrity and validity by using the public keys present on the device. If the check fails, the user is informed about the errors in the update and the update will not be installed.For more details refer to flowchart 1.

22 | P a g e

Flowchart 1. Secure update process

5. Cryptographic APIs In CC mode, only approved cryptographic algorithms are used. An Android developer who wish to use approved cryptography for the below mentioned cryptographic algorithms must choose “AndroidOpenSSL” as provider where an API usage requires provider name as one of its parameters.

5.1 FCS_CKM.2(1) - RSA Assume that “Receiver” knows a private key and “Sender” knows Receiver's public key. Sender sent a key encrypted by the Receiver's public key. This example shows how Receiver gets the key sent by Sender. Receiver needs his own private key to decrypt an encrypted key. // configure parameters to generate private key KeyFactory kf = KeyFactory.getInstance("RSA", “ AndroidOpenSSL”); RSAPrivateKeySpec rsa_private = new RSAPrivateKeySpec(new BigInteger(n, 16), new BigInteger(d, 16)); // generate private key PrivateKey privKey = kf.generatePrivate(rsa_private); // Decrypt an encrypted key Cipher cipher = Cipher.getInstance(“ RSA/ECB/NoPadding”, “ AndroidOpenSSL”); cipher.init(Cipher.DECRYPT_MODE, privKey); cipher.update(encryptedKey); byte[] resultK = cipher.doFinal(); Algorithms of AndroidOpenSSL for RSA Pair-wise key establishment

23 | P a g e

“RSA/ECB/NoPadding” “RSA/ECB/PKCS1Padding” Reference webpage: http://developer.android.com/intl/ko/reference/javax/crypto/Cipher.html

5.2 FCS_CKM.2(1) – ECDH Assume that “Receiver” knows his own private key and a “Sender”'s public key. “Sender” knows his own private key and “Receiver”s public key. Then “Receiver” and “Sender” can share a secret key via ECDH Key agreement. // Sender's public key ECPublicKey SenderPubkey = … ; // Receiver's private key generation ECPrivateKey ReceiverPrivkey = … ; //Generate Secret key for Sender KeyAgreement ka = KeyAgreement.getInstance(“ECDH”,”AndroidOpenSSL”); ka.init(ReceiverPrivkey); ka.doPhase(SenderPubkey, true); byte[] secret = ka.generateSecret(); Key agreement of AndroidOpenSSL “ECDH” for KeyAgreement Reference webpage: http://developer.android.com/intl/ko/reference/javax/crypto/KeyAgreement.html

5.3 FCS_COP.1(1) - AES CBC Cipher class encrypts or decrypts a plaintext. // get cipher instance with provided algorithm and provider Cipher cipher = Cipher.getInstance(“AES/CBC/NoPadding”, “AndroidOpenSSL”); // generate key and iv to be used when encrypt or decrypt SecretKeySpec skeySpec = new SecretKeySpec(key, "AES"); AlgorithmParameterSpec ivSpec = new IvParameterSpec(iv); // initiate cipher instance as encrypt mode cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec); byte[] encrypted = cipher.doFinal(plaintext); // initiate cipher instance as decrypt mode cipher.init(Cipher.DECRYPT_MODE, skeySpec, ivSpec); byte[] decrypted = cipher.doFinal(encrypted);

24 | P a g e

AES algorithms of AndroidOpenSSL “AES/CBC/NoPadding” Reference webpage http://developer.android.com/intl/ko/reference/javax/crypto/Cipher.html

5.4 FCS_COP.1(2) - SHA You can use MessageDigest class to calculate the hash of plaintext. MessageDigest md = MessageDigest.getInstance(“SHA-256”, “AndroidOpenSSL”); md.update(plaintext); byte[] hashdata = md.digest(); MessageDigest algorithms of AndroidOpenSSL “SHA-1”, “SHA-256”, “SHA-384”, “SHA-512” Reference webpage: http://developer.android.com/reference/java/security/MessageDigest.html

5.5 FCS_COP.1(3) – RSA(Signature Algorithms) KeyFactory class generates RSA private key and public key. Signature class signs a plaintext with private key generated above and verifies it with public key. // generate key spec KeyFactory kf = KeyFactory.getInstance(“RSA”, “AndroidOpenSSL”); RSAPrivateKeySpec rsa_private = new RSAPrivateKeySpec( new BigInteger(n, 16), new BigInteger(d, 16)); RSAPublicKeySpec rsa_public = new RSAPublicKeySpec( new BigInteger(n, 16), new BigInteger(e, 16)); // generate key PrivateKey privKey = kf.generatePrivate(rsa_private); PublicKey pubKey = kf.generatePublic(rsa_public); // sign test Signature signature = Signature.getInstance(“SHA1WithRSA”, “AndroidOpenSSL”); signature.initSign(privKey); signature.update(plaintext); byte[] signed = signature.sign(); // verify test

25 | P a g e

signature.initVerify(pubKey); signature.update(plaintext); boolean verified = signature.verify(signed); Signature algorithms of AndroidOpenSSL “SHA1WithRSA” “SHA256WithRSA” “SHA384WithRSA” “SHA512WithRSA” Key generators of AndroidOpenSSL “RSA” KeyFactory “RSA” KeyPairGenerator Reference webpages: http://developer.android.com/reference/java/security/KeyFactory.html http://developer.android.com/reference/java/security/Signature.html http://developer.android.com/reference/java/security/spec/RSAPrivateKeySpec.html http://developer.android.com/reference/java/security/spec/RSAPublicKeySpec.html

5.6 FCS_COP.1(3) – ECDSA(Signature Algorithms) Signature class signs a hash data with EC private key and verifies it with EC public key. KeyPairGenerator kpg; ECGenParameterSpec kpgparams; kpg = KeyPairGenerator.getInstance("EC", “AndroidOpenSSL”); kpgparams = new ECGenParameterSpec(”secp256r1”); kpg.initialize(kpgparams, new SecureRandom()); ECParameterSpec params = ((ECPublicKey)kpg.generateKeyPair().getPublic()).getParams(); // key spec generation ECPoint point = new ECPoint(Qx, Qy); ECPublicKeySpec ec_public = new ECPublicKeySpec(point, params); ECPrivateKeySpec ec_private = new ECPrivateKeySpec(d, params); // key generation KeyFactory kf; kf = KeyFactory.getInstance("EC", “AndroidOpenSSL”); ECPrivateKey privkey = (ECPrivateKey) kf.generatePrivate(ec_private); ECPublicKey pubkey = (ECPublicKey) kf.generatePublic(ec_public); // sign the hashdata and generate signature

26 | P a g e

Signature signature = Signature.getInstance(“SHA256WithECDSA”, “AndroidOpenSSL”); signature.initSign(privkey); signature.update(hashdata); byte[] signed = signature.sign(); // verify the signature with public key signature.initVerify(pubkey); signature.update(hashdata); boolean verified = signature.verify(signed); Signature algorithms of AndroidOpenSSL “SHA256withECDSA” “SHA384withECDSA” “SHA512withECDSA” Key generators of AndroidOpenSSL “EC” for KeyFactory “EC” for KeyPairGenerator Supported curves “secp256r1” “secp384r1” “secp521r1” Reference webpages: http://developer.android.com/reference/java/security/Signature.html http://developer.android.com/reference/java/security/spec/ECPublicKeySpec.html http://developer.android.com/reference/java/security/spec/ECPrivateKeySpec.html

5.7 FCS_COP.1(4) - HMAC Mac class calculates the hash of plaintext with key. Mac hmac = Mac.getInstance(“HmacSHA1”, “AndroidOpenSSL”); SecretKeySpec secretkey = new SecretKeySpec(key, algorithm); hmac.init(secretkey); byte[] hmacdata = hmac.doFinal(plaintext); MAC algorithms of AndroidOpenSSL “HmacSHA1”

27 | P a g e

“HmacSHA256” “HmacSHA384” “HmacSHA512” Reference webpages: http://developer.android.com/reference/javax/crypto/Mac.html

28 | P a g e

6. VPN Configuration The device provide “Basic VPN” and “Advanced IPsec VPN” options.User must select “Advanced IPsec VPN” to meet the Common Criteria requirements. The Split-tunneling feature will be disabled in the CC Mode.

6.1. Configuring Advanced IPSec VPN 1. Select Advanced IPsec VPN by navigating to the Settings/VPN tab.

2. Click on 'Add new VPN' button at bottom to add and configure a new VPN profile.

29 | P a g e

3. Select 'Configure Manually' for manual configuration of the VPN profile.

4. Input the required details like server name,protocols etc.

30 | P a g e

5. Click on 'Save Settings' to save the configuration of the created VPN profile.

31 | P a g e

6. Click on the saved VPN Profile to Connect.

7. After successful establishment of VPN connection, all network traffic will go only through VPN tunnel(icon resembling a key will be displayed on the notification bar to indicate VPN connection).

32 | P a g e

7. Wi-Fi Configuration User can set Wi-Fi configuration on the device by going to ‘Settings > Wi-Fi’. Follow the next instructions to test EAP-TLS/TTLS in the device: 1. Place certificates into internal storage or external SD card by using MTP or Email attachment. Administrators are able to distribute certificates by web link that executes certificates installation directly. 2. “Install certificates” in the “Advanced” menu. 

In CC mode user has to install CA certificate and client certificate from Install certificate option  Must select “Wi-Fi” of “Credential use” tab

33 | P a g e

3. Back to the Wi-Fi menu, Select Access point which is supported EAP-method.    

Select EAP method to “TLS” or “TTLS” Select CA certificate, User certificate installed on Step #2 Input identity parameter Push “Connect” button

8. Bluetooth Configuration User can set Bluetooth configuration on the device by going to ‘Settings > Bluetooth’. Follow the instructions given below to test pairing with a remote Bluetooth device: 1. Search remote device

34 | P a g e

2. Select device to pair if you find remote device

35 | P a g e

3. Please check pairing code and select “PAIR” 4. You can connect device if you succeed to pair.

9. Data Separation 9.1. Wiping Enterprise Data Kyocera device do not distinguish between user(personal) data and enterprise data.So deletion of enterprise data/application using the MDM APIs will delete both normal and enterprise data.

10. Device Internal Storage 10.1 Device Internal storage full encryption When MDM application sets policy for device internal storage full encryption, notification will be displayed. When user clicks on notification, internal storage encryption flow will get triggered. For encryption, user must have set device password. Before start of encryption, device credentials will be asked to authenticate the user.

36 | P a g e

The below flow chart shows the process of device internal storage full encryption.

37 | P a g e

11. SD Card Behaviour 11.1. Encrypting New Files on a SD Card The flowchart shows a step-by-step process of encrypting New Files when a SD card is not enabled with encryption.

Figure A. Encrypting new files on SD card.

38 | P a g e

Figure B. If screen lock password is not set while encrypting. This is a default prompt that is triggered if a user does not have a lock screen password. This is triggered every time a user is encrypting or decrypting a SD card.

11.2. Encrypting All Files on a SD Card The flowchart below shows a step-by-step process of encrypting All Files on a SD card.

39 | P a g e

Figure C. Encrypting all files on SD card. All-files encryption will block users from accessing un-encrypted files.

40 | P a g e

Figure D. Encrypting all files on SD card through notification.

Users must ensure that the SD card has enough space before opting for all files encryption.

41 | P a g e

Figure E. Encrypting all files on SD card through MDM

42 | P a g e

Figure F. Encryption success case message.

Figure G. Encryption error case message

11.3. Decrypting a SD Card The flowchart below shows the step-by-step process to decrypting a SD card.

43 | P a g e

Figure H. When all files encryption is enabled.

44 | P a g e

Figure I. Decryption of SD card files.

45 | P a g e

Figure J. Decryption of SD card files through notifications.

46 | P a g e

Figure K. Decryption success case message.

Figure L. Decryption error case message.

47 | P a g e

12. Notification Control You can control how and when you get notifications on your device. To configure the display of notifications when device is locked, navigate to Settings/Sound & notification, tap “When device is locked”. The below options as seen in the figure M are available.

Figure M. Sound & notification screen. Show all notification content. This is the default setting. All allowed notifications will be shown on the lock screen. Hide sensitive notification content. Notifications with sensitive contents will not be shown in the lock screen. Don’t show notification at all. None of the notifications will be shown on the lock screen. Note : You can always enable Do Not Disturb( Settings/Sound & notification/Do not disturb) mode and disable all notifications as seen in Figure N.

48 | P a g e

Figure N. Do not disturb screen.

User may choose to control notifications on per-app basis using below options by navigating to Application Manager (Settings/Application Manager /Select the app/Notification) or App Notification (Settings/Sound & Notification/App Notification /Select tha app).Refer to figure O for per-app notification control.

49 | P a g e

Figure O. Screen to control per-app notifications Block all. Disable all notifications from that app. Treat as priority. Display notifications from the app when Do Not Disturb mode is set to Priority. Allow peeking. Display notification on top of other apps. Hide sensitive content. Do not display private information in the notification from this app when phone screen is locked. Persistent alerts. Notify users of pending notifications by means of timely alerts.

50 | P a g e

Appendix A. Generating Secure Random Data This appendix guides how to generate cryptographically secure pseudo-random data.

Reference Page: http://developer.android.com/reference/java/security/SecureRandom.html

Appendix A.1. Android API for Generating Secure Random Data SecureRandom() provides the most cryptographically strong provider available as following example. SecureRandom sr = new SecureRandom(); Byte[] output = new byte[16] Sr.nextBytes(output);

Appendix B. Secure Key Storage This appendix guides how to utilize the key management with Keystore APIs Reference Page: https://developer.android.com/reference/java/security/KeyStore.html

Appendix B.1. Key Usage Use the AndroidKeyStore provider to let an individual app store its own credentials that only the application itself can access. This provides a way for applications to manage credentials that are usable only by themselves. AndroidKeyStore is registered as a KeyStore type for use with the KeyStore.getInstance(type) method and as a provider for use with the KeyPairGenerator.getInstance(algorithm, provider) method. You can refer to examples from the Android KeyStore System webpage for generating a new key pair, signing and verifying as follow. Reference pages: https://developer.android.com/training/articles/keystore.html https://developer.android.com/reference/java/security/KeyPairGenerator.html

51 | P a g e

https://developer.android.com/intl/ko/reference/android/security/keystore/KeyGenParameterSpec .html

Appendix B.2. Symmetric Key Generation The Android Keystore system lets you create secret keys in the secure key storage. KeyGenerator keygen = KeyGenerator.getInstance( KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore"); keygen.init(new KeyGenParameterSpec.Builder( "AESTEST", KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) .setBlockModes(KeyProperties.BLOCK_MODE_CBC) .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) .setRandomizedEncryptionRequired(false) .build()); SecretKey sk = keygen.generateKey(); Generators of AndroidKeyStore “AES” SecretKeyFactory & KeyGenerator

Appendix B.3. Symmetric Key Encryption/Decryption Applications can encrypt their plain text by using a SecretKey stored in the AndroidKeyStore. Encrypt and decrypt a message by a key stored in the AndroidKeyStore AlgorithmParameterSpec ivSpec = new IvParameterSpec(hexToBytes(iv)); KeyStore keystore = KeyStore.getInstance("AndroidKeyStore"); keystore.load(null); SecretKeyEntry keystoreKey = (SecretKeyEntry)keystore.getEntry("AESTEST", null); SecretKey sk = keystoreKey.getSecretKey(); Cipher cipher = Cipher.getInstance(algorithm); cipher.init(Cipher.ENCRYPT_MODE, sk, ivSpec); byte[] encrypted = cipher.doFinal(hexToBytes(plaintext)); cipher.init(Cipher.DECRYPT_MODE, sk, ivSpec); byte[] decrypted = cipher.doFinal(encrypted); Cipher algorithm of AndoridKeyStore “AES/ECB/NoPadding”

52 | P a g e

Appendix B.4. Asymmetric Key Generation Generate a key pair in the AndroidKeyStore KeyPairGenerator kpg1 = KeyPairGenerator.getInstance( KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore"); kpg1.initialize(new KeyGenParameterSpec.Builder("RSATEST1", KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY) .setKeySize(Integer.parseInt(mod)) .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512) .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) .build()); // Generate Key Pair from the Secure Key Store kpg1.generateKeyPair(); Generators of AndroidKeyStore “RSA” KeyFactory & KeyPairGenerator “EC” KeyFactory & KeyPairGenerator

Appendix B.5. Asymmetric Key Sign and Verify Sign and Verify KeyStore ks = KeyStore.getInstance("AndroidKeyStore"); ks.load(null); // Get RSA Key KeyStore.Entry entry1 = ks.getEntry("TEST1", null); PrivateKey privKey1 = ((PrivateKeyEntry) entry1).getPrivateKey(); PublicKey pubKey1 = ((PrivateKeyEntry) entry1).getCertificate().getPublicKey(); // Sign Test Signature s = Signature.getInstance(algorithm); s.initSign(privKey1); s.update(msg, 0, expectedMaxMessageSizeBytes); byte[] signature = s.sign(); // Verify Test s.initVerify(pubKey1); s.update(msg, 0, expectedMaxMessageSizeBytes); Signature algorithms of AndroidKeyStore “NONEwithRSA” “SHA1withRSA”

53 | P a g e

“SHA256withRSA” “SHA384withRSA” “SHA512withRSA” “ECDSA” “SHA256withECDSA” “SHA384withECDSA” “SHA512withECDSA”

Appendix B.6. Key Destruction Application can delete the entry identified with the given alias from this KeyStore. KeyStore ks = KeyStore.getInstance("AndroidKeyStore"); ks.load(null); ks.deleteEntry(“TEST_ALIAS_1”);

Appendix C. Guidance for Using HTTPS/TLS APIs This appendix guides how to use HTTPS/TLS APIs in your source codes. Using URL class is easy and safe way to use HTTPS. Developers can use SSLSocket class directly to utilize TLS connection. The detail guidance is available at following reference webpages. Reference webpage: http://developer.android.com/reference/javax/net/ssl/package-summary.html https://developer.android.com/training/articles/security-ssl.html

Appendix C.1. Android APIs for TLS Connection Https connections can be established by using URL class. URL url = new URL("https://wikipedia.org"); URLConnection urlConnection = url.openConnection(); InputStream in = urlConnection.getInputStream(); copyInputStreamToOutputStream(in, System.out);

54 | P a g e

Appendix C.2. How to Set Cipher Suites Using Android API It describes how to use TLS cipher suites with Android APIs. The numbers of cipher suites in CC Mode are restricted to prevent establishment of TLS connection using weak ciphers. Application developers can choose to use fewer cipher suites among the approved ciphers. Example codes private X509HostnameVerifier hostname Verifier; @Override public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { SSLSocket sslSocket = (SSLSocket) socketFactory.createSocket(socket, host, port, autoClose); sslSocket.setEnabledProtocols(protocol); String[] ciphersuits = new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_ SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256"}; sslSocket.setEnabledCipherSuites(ciphersuits); hostnameVerifier.verify(host, sslSocket); return sslSocket; } Approved Cipher Suites TLS Version TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLSv1 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLSv1.1 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLSv1.2

55 | P a g e

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Appendix C.3. How to Set Client Certificate If server requires client certificate to establish a TLS connection, client should provide a certificate to be authenticated by the server. A custom X509KeyManager can be used to supply a client certificate. Example source code KeyStore keyStore = ...; String algorithm = KeyManagerFactory.getDefaultAlgorithm(); KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(keyStore); SSLContext context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(), null, null); URL url = new URL("https://www.example.com/"); HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); urlConnection.setSSLSocketFactory(context.getSocketFactory()); InputStream in = urlConnection.getInputStream(); Reference webpage: http://developer.android.com/intl/ko/reference/javax/net/ssl/HttpsURLConnection.html

56 | P a g e

Appendix D. Guidance for Bluetooth APIs This appendix guides how to establish a secure channel for Bluetooth in your source codes. Reference webpage: http://developer.android.com/reference/android/bluetooth/package-summary.html

Appendix D.1. Android APIs for Bluetooth Android provides classes that manage Bluetooth functionality, such as scanning for devices, connecting with devices, and managing data transfer between devices. The Bluetooth API supports both "Classic Bluetooth" and Bluetooth Low Energy. The Bluetooth APIs let applications:       

Scan for other Bluetooth devices (including BLE devices) Query the local Bluetooth adapter for paired Bluetooth devices Establish RFCOMM channels/sockets Connect to specified sockets on other devices Transfer data to and from other devices Communicate with BLE devices, such as proximity sensors, heart rate monitors, fitness devices, and so on Act as a GATT client or a GATT server (BLE)

BluetoothA2dp - This class provides the public APIs to control the Bluetooth A2DP profile. BluetoothGatt - Public API for the Bluetooth GATT Profile.BluetoothGattServer Public API for the Bluetooth GATT Profile server role. BluetoothHeadset - Public API for controlling the Bluetooth Headset Service. BluetoothHealth - Public API for Bluetooth Health Profile. BluetoothAdapter - Represents the local device Bluetooth adapter. BluetoothDevice - Represents a remote Bluetooth device. BluetoothManager - High level manager used to obtain an instance of a BluetoothAdapter and to conduct overall Bluetooth Management. BluetoothServerSocket - A listening Bluetooth socket. BluetoothSocket - A connected or connecting Bluetooth socket

57 | P a g e

Appendix. D.2. How to Establish a Secure Channel for Bluetooth using Android API It describes how to establish a secure channel for Bluetooth with Android APIs.

Example source code: Start the bonding (pairing) process with the remote device. public boolean startPairing() { if (!mDevice.createBond()) { return false; } } This is an asynchronous call, it will return immediately. Register for ACTION_BOND_STATE_CHANGED intends to be notified when the bonding process completes, and its result. Android system services will handle the necessary user interactions to confirm and complete the bonding process. public SecureSocket createSocket() { BluetoothSocket socket = null; try { socket = device.createRfcommSocketToServiceRecord(UUID_SPP); } catch (IOException e) { ; } } Use this socket only if an authenticated socket link is possible. Authentication refers to the authentication of the link key to prevent man-in-the-middle type of attacks. For example, for Bluetooth 2.1 devices, if any of the devices does not have an input and output capability or just has the ability to display a numeric key, a secure socket connection is not possible.

Appendix D.3. How to Interact with the BLE device via the Android BLE API Here is an example to interact with the BLE device via the Android BLE API. // A service that interacts with the BLE device via the Android BLE API. public class BluetoothLeService extends Service { private final static String TAG = BluetoothLeService.class.getSimpleName(); } private BluetoothManager mBluetoothManager; private BluetoothAdapter mBluetoothAdapter; private String mBluetoothDeviceAddress; private BluetoothGatt mBluetoothGatt;

58 | P a g e

private int mConnectionState = STATE_DISCONNECTED; private static final int STATE_DISCONNECTED = 0; private static final int STATE_CONNECTING = 1; private static final int STATE_CONNECTED = 2; public final static String ACTION_GATT_CONNECTED = "com.example.bluetooth.le.ACTION_GATT_CONNECTED"; public final static String ACTION_GATT_DISCONNECTED = "com.example.bluetooth.le.ACTION_GATT_DISCONNECTED"; public final static String ACTION_GATT_SERVICES_DISCOVERED = "com.example.bluetooth.le.ACTION_GATT_SERVICES_DISCOVERED"; public final static String ACTION_DATA_AVAILABLE = "com.example.bluetooth.le.ACTION_DATA_AVAILABLE"; public final static String EXTRA_DATA = "com.example.bluetooth.le.EXTRA_DATA"; public final static UUID UUID_HEART_RATE_MEASUREMENT = UUID.fromString(SampleGattAttributes.HEART_RATE_MEASUREMENT); // Various callback methods defined by the BLE API. private final BluetoothGattCallback mGattCallback = new BluetoothGattCallback() { @Override public void onConnectionStateChange(BluetoothGatt gatt, int status, int newState) { String intentAction; if (newState == BluetoothProfile.STATE_CONNECTED) { intentAction = ACTION_GATT_CONNECTED; mConnectionState = STATE_CONNECTED; broadcastUpdate(intentAction); Log.i(TAG, "Connected to GATT server."); Log.i(TAG, "Attempting to start service discovery:" + mBluetoothGatt.discoverServices()); } else if (newState == BluetoothProfile.STATE_DISCONNECTED) { intentAction = ACTION_GATT_DISCONNECTED; mConnectionState = STATE_DISCONNECTED; Log.i(TAG, "Disconnected from GATT server."); broadcastUpdate(intentAction); } } @Override // New services discovered public void onServicesDiscovered(BluetoothGatt gatt, int status) { if (status == BluetoothGatt.GATT_SUCCESS) { broadcastUpdate(ACTION_GATT_SERVICES_DISCOVERED); } else { Log.w(TAG, "onServicesDiscovered received: " + status); } } @Override // Result of a characteristic read operation public void onCharacteristicRead(BluetoothGatt gatt,

59 | P a g e

BluetoothGattCharacteristic characteristic, int status) { if (status == BluetoothGatt.GATT_SUCCESS) { broadcastUpdate(ACTION_DATA_AVAILABLE, characteristic); } } ... }; ... } http://developer.android.com/intl/ko/guide/topics/connectivity/bluetooth-le.html

Appendix. D.4. How to Establish a Profile Connection for Bluetooth Using Android API It describes how to establish a profile connection for Bluetooth with Android APIs. Example codes You can connect device with each profile like as below. - profile.connect(mDevice) You can get the each profile proxy like as below API to handle each profile. public boolean getProfileProxy(Context context, BluetoothProfile.ServiceListener listener, int profile) { if (context == null || listener == null) return false; if (profile == BluetoothProfile.HEADSET) { BluetoothHeadset headset = new BluetoothHeadset(context, listener); return true; } else if (profile == BluetoothProfile.A2DP) { BluetoothA2dp a2dp = new BluetoothA2dp(context, listener); return true; } else if (profile == BluetoothProfile.A2DP_SINK) { BluetoothA2dpSink a2dpSink = new BluetoothA2dpSink(context, listener); return true; } else if (profile == BluetoothProfile.AVRCP_CONTROLLER) { BluetoothAvrcpController avrcp = new BluetoothAvrcpController(context, listener); return true; } else if (profile == BluetoothProfile.INPUT_DEVICE) { BluetoothInputDevice iDev = new BluetoothInputDevice(context, listener); return true; } else if (profile == BluetoothProfile.PAN) { BluetoothPan pan = new BluetoothPan(context, listener); return true; } else if (profile == BluetoothProfile.DUN) { BluetoothDun dun = new BluetoothDun(context, listener); return true; } else if (profile == BluetoothProfile.HEALTH) { BluetoothHealth health = new BluetoothHealth(context, listener); return true;

60 | P a g e

} else if (profile == BluetoothProfile.MAP) { BluetoothMap map = new BluetoothMap(context, listener); return true; } else if (profile == BluetoothProfile.HEADSET_CLIENT) { BluetoothHeadsetClient headsetClient = new BluetoothHeadsetClient(context, listener); return true; } else if (profile == BluetoothProfile.SAP) { BluetoothSap sap = new BluetoothSap(context, listener); return true; } else if (profile == BluetoothProfile.HID_DEVICE) { BluetoothHidDevice hidd = new BluetoothHidDevice(context, listener); return true; } else { return false; } }

Appendix E: Error Cases Secure Boot During boot process, in case the device experiences any error during any stage of secure boot, it may transition to Recovery Mode/Shutdown/Display an error based on the type of failure and the stage which lead to the failure(failure part) as seen in the table below:

Failures

Failure Part

Actions

Secure Boot

Secondary Bootloader

Transition to Emergency Download Mode

TrustZone, Hypervisor, Resource Power Manager, OS Bootloader

Transition to Download Mode

Linux Kernel, MBA, Modem, WCNSS, Application Digital signal processor

Error Display

Authentication Failure

Below message is for Verizon Model. Message: Start Up Failed. Your device didn’t start up successfully. Use the Verizon Software Repair

61 | P a g e

Assistant on a computer to repair your device. Connect your device to your computer to get the Verizon Software Assistant. Below message is for AT&T and Sprint Model. Message: This phone has been flashed with unauthorized software and is locked. Call your mobile operator for additional support. Please note that repair/return for this issue may have additional cost.

Self Test While in CC Mode, the device performs software integrity verifications by executing self-tests on every boot. Any failures in self-tests will be reported by displaying notifications on the device. The failures in self-tests will lead to the non-operational state of the device and USB access will get restricted. To recover the device from non-operational mode, user needs to approach the nearest Kyocera service center to get the device repaired/re-flashed.

62 | P a g e