Belkin® Secure DVI KVM Switch, Secure KM Switch and
Secure Windowing KVM EAL 4 augmented ALC_FLR.3 Security Target
Rev. 1.01
The TOE design provides clear and continuous visual indication of the selected channel through
one or more of the following (model specific): front panel LEDs illuminated for each channel
number selected, DCU display text highlighting, and windows frame colors (in Windowing KVM
models).
The PERIPHERAL PORT GROUP is connected to COMPUTER #1 by default upon completion of
the self‐check. This static setting cannot be modified.
Functional Requirements Satisfied: FMT_MSA.1, FMT_MSA.3, EXT_VIR.1
7.3 Protection of the TSF (TSF_TMP)
The TOE includes multiple tamper sensors connected to a microcontroller. When a sensor is
activated, it signals the microcontroller to enter into a permanent tamper state, thereby
disabling the TOE normal functionality permanently. The tampering sensors and
microcontroller are powered by the TOE power system while the TOE is powered on. When TOE
is powered off, the anti‐tampering subsystem is powered by a coin battery to enable operation
while the TOE is in transit or in storage. After a tampering event is detected, all LEDs flash to
indicate an error state. While the TOE is in the error state, the user is unable to pass any
information through the TOE to any COMPUTER, and user DISPLAYS are blank. Since the TOE
becomes unusable, the user will require replacement of the TOE. This ensures that security is
always maintained in the event of a physical attack.
The TOE is also protected by special holographic Tampering Evident Labels that are used as
seals to provide additional visual indication of attempted physical tampering. In the case of a
mechanical intrusion attempt, the label's location between enclosure parts assures that the
label must be moved or peeled, permanently exposing the text "VOID".
Each Tampering Evident Label contains a unique identification number and several visible and
invisible means to assist the operator in checking the authenticity of the label.
Functional Requirements Satisfied: FPT_PHP.1, FPT_PHP.3
7.4 USB Connection (TSF_IUC)
When a peripheral device is connected to the TOE, or when the TOE is being initialized, the TOE
will query the device for its characteristics such as USB class, sub‐class etc. In the event that the
reported set of characteristics match the pre‐defined profile, the TOE will start communicating
with that device (device is QUALIFIED). In the event that the device reported characteristics do
not match the pre‐defined profile, the TOE will reject the device and will no longer
communicate with it (device is rejected or UNAUTHORIZED).
Functional Requirements Satisfied: EXT_IUC.1
Page | 62