Belkin® Secure DVI KVM Switch, Secure KM Switch and
Secure Windowing KVM EAL 4 augmented ALC_FLR.3 Security Target
It should be noted here that this TOE may switch the User Authentication Device PERIPHERAL
DATA to a second COMPUTER based on user selection.
The TOE may contain up to seven separate types of switching modules (model specific):
Keyboard and pointing device; Display EDID; Analog display; Digital display; DP display; Audio
output; and User Authentication device.
The types of digital data and analog signals processed by the TOE are: keyboard data (USB or
PS/2), pointing device data (USB or PS/2), Display Channel Plug & Play (EDID) information,
analog video signals, Digital video signals, User Authentication device, USB data, and audio
output analog signals. Specific models of the TOE accommodate subsets or supersets of the
listed signals to support different deployment configurations. In all cases, the TOE ensures data
separation for all signal paths using hardware only.
Each module is managed by an independent microcontroller. The microcontroller receives
channel select commands from the TOE main system controller and invokes state changes to
each module, as needed.
It should be noted that TOE switching functions are disabled in the following cases:
1. Before TOE self test and initialization process completed.
2. If the TOE anti‐tampering system was triggered by an enclosure intrusion attempt.
The TOE will transition to normal TOE operation on default channel one following a passed self‐
test. The TOE does not recover after the anti‐tampering system is triggered.
The basic arrangement of the microcontrollers used for shared peripheral data ensures data
separation in hardware. It does this by physically separating the microcontrollers connected to
the user's peripheral devices (the host emulators) from the microcontrollers connected to the
attached computers (the device emulators). In TOE operation, the host emulator
microcontrollers receive user inputs from the shared peripherals; the bi‐directional USB stream
is converted into a proprietary unidirectional stream that is switched to the appropriate
channel and passed through an optical data diode. At the selected channel the device emulator
converts the proprietary stream back into a standard USB format that is coupled to the selected
COMPUTER. Separation is ensured in hardware by use of separate microcontrollers for each of
the computers and for the shared user peripheral devices.
Functional Requirements Satisfied: FDP_ETC.1, FDP_IFC.1a, FDP_IFC.1b, FDP_IFF.1a,
FDP_IFF.1b, FDP_ITC.1
7.2 Security Management (TSF_MGT)
The TOE accepts inputs from the AUTHORIZED USER to perform any switching through the front
panel switching commands (push buttons), mouse keys, DCU switch or keyboard shortcuts. The
TOE does not store any data passing through it (PERIPHERAL DATA).
Rev. 1.01
Page | 61