BlackBerry SecuSUITE version 6.0 and BlackBerry Envoy version 6.0 Client Security Target Version 0.6 02/17/26 Prepared for: BlackBerry Limited Prepared By: www.gossamersec.com SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 2 of 50 TABLE OF CONTENTS 1. SECURITY TARGET INTRODUCTION........................................................................................................4 1.1 SECURITY TARGET REFERENCE......................................................................................................................4 1.2 TOE REFERENCE............................................................................................................................................4 1.3 TOE OVERVIEW .............................................................................................................................................5 1.4 TOE DESCRIPTION .........................................................................................................................................6 1.4.1 TOE Architecture...................................................................................................................................9 1.4.2 TOE Documentation ............................................................................................................................14 2. CONFORMANCE CLAIMS............................................................................................................................15 2.1 CONFORMANCE RATIONALE.........................................................................................................................17 3. SECURITY OBJECTIVES ..............................................................................................................................18 3.1 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT ...................................................................18 4. EXTENDED COMPONENTS DEFINITION ................................................................................................19 5. SECURITY REQUIREMENTS.......................................................................................................................20 5.1 TOE SECURITY FUNCTIONAL REQUIREMENTS .............................................................................................20 5.1.1 Communication (FCO) ........................................................................................................................21 5.1.2 Cryptographic support (FCS)..............................................................................................................21 5.1.3 User data protection (FDP).................................................................................................................24 5.1.4 Identification and authentication (FIA) ...............................................................................................25 5.1.5 Security management (FMT) ...............................................................................................................26 5.1.6 Privacy (FPR)......................................................................................................................................27 5.1.7 Protection of the TSF (FPT) ................................................................................................................27 5.1.8 TOE access (FTA)................................................................................................................................31 5.1.9 Trusted path/channels (FTP)...............................................................................................................31 5.2 TOE SECURITY ASSURANCE REQUIREMENTS...............................................................................................31 5.2.1 Development (ADV).............................................................................................................................32 5.2.2 Guidance documents (AGD)................................................................................................................32 5.2.3 Life-cycle support (ALC) .....................................................................................................................33 5.2.4 Tests (ATE) ..........................................................................................................................................34 5.2.5 Vulnerability assessment (AVA)...........................................................................................................34 6. TOE SUMMARY SPECIFICATION..............................................................................................................36 6.1 COMMUNICATION.........................................................................................................................................36 6.2 CRYPTOGRAPHIC SUPPORT ...........................................................................................................................36 6.3 USER DATA PROTECTION ..............................................................................................................................39 6.4 IDENTIFICATION AND AUTHENTICATION.......................................................................................................40 6.5 SECURITY MANAGEMENT .............................................................................................................................40 6.6 PRIVACY.......................................................................................................................................................42 6.7 PROTECTION OF THE TSF .............................................................................................................................42 6.8 TOE ACCESS.................................................................................................................................................43 6.9 TRUSTED PATH/CHANNELS ...........................................................................................................................44 7. API USED BY THE TOE .................................................................................................................................45 7.1 ANDROID PLATFORM INTERFACES INVOKED BY THE TOE ............................................................................45 7.2 IOS/IPADOS PLATFORM INTERFACES INVOKED BY THE TOE .......................................................................49 LIST OF TABLES Table 5-1 TOE Security Functional Components...................................................................................................21 SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 3 of 50 Table 5-2 Third Party Libraries in TOE .................................................................................................................30 Table 5-3 Assurance Components............................................................................................................................32 Table 6-1 Cryptographic Functions .........................................................................................................................37 SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 4 of 50 1. Security Target Introduction This section identifies the Security Target (ST) and Target of Evaluation (TOE) identification, ST conventions, ST conformance claims, and the ST organization. The TOE is represented by the SecuSUITE/Envoy Client provided by BlackBerry Limited. The TOE is being evaluated as a Voice/Video over IP (VVoIP) endpoint. The Security Target contains the following additional sections: • Conformance Claims (Section 2) • Security Objectives (Section 3) • Extended Components Definition (Section 4) • Security Requirements (Section 5) • TOE Summary Specification (Section 6) Conventions The following conventions have been applied in this document: • Security Functional Requirements – Part 2 of the CC defines the approved set of operations that may be applied to functional requirements: iteration, assignment, selection, and refinement. o Iteration: allows a component to be used more than once with varying operations. In this ST, iteration may be indicated by a parenthetical number placed at the end of the component. For example FDP_ACC.1(1) and FDP_ACC.1(2) indicate that the ST includes two iterations of the FDP_ACC.1 requirement. Alternately, a usually descriptive textual extension may be added after a slash (/) character to identify a specific iteration. For example, iterations of a requirement such as FCS_COP.1 might be identified as FCS_COP.1/HASH and FCS_COP.1/CRYPT. o Assignment: allows the specification of an identified parameter. Assignments are indicated using bold and are surrounded by brackets (e.g., [assignment]). Note that an assignment within a selection would be identified in italics and with embedded bold brackets (e.g., [[selected-assignment]]). o Selection: allows the specification of one or more elements from a list. Selections are indicated using bold italics and are surrounded by brackets (e.g., [selection]). o Refinement: allows the addition of details. Refinements are indicated using bold, for additions, and strike-through, for deletions (e.g., “… all objects …” or “… some big things …”). • Other sections of the ST – Other sections of the ST use bolding to highlight text of special interest, such as captions. 1.1 Security Target Reference ST Title – BlackBerry SecuSUITE version 6.0 and BlackBerry Envoy version 6.0 Client Security Target ST Version – Version 0.6 ST Date – 02/17/26 1.2 TOE Reference TOE Identification – BlackBerry SecuSUITE version 6.0 and BlackBerry Envoy version 6.0 Client TOE Developer – BlackBerry Limited Evaluation Sponsor – BlackBerry Limited SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 5 of 50 1.3 TOE Overview The Target of Evaluation (TOE) is BlackBerry SecuSUITE version 6.0 and BlackBerry Envoy version 6.0 Client. The TOE, herein referred to as the SecuSUITE/Envoy Client or the TOE, is a VoIP application that executes on an Android 14, iOS 17 or iPadOS 17 mobile device operating system. Please note that the same TOE compiled for Apple platforms executes on both iOS and iPadOS. The TOE executes on the following mobile devices1 : 1. Samsung – Android 14 a. North America (Qualcomm Snapdragon 8 Gen 3) i. Galaxy S24 Ultra 5G ii. Galaxy S24+ 5G iii. Galaxy S24 5G iv. Galaxy S23 FE v. Galaxy Tab S8/S8+/S8 Ultra b. North America (Qualcomm Snapdragon 8 Gen 2) i. Galaxy S23 Ultra 5G ii. Galaxy S23+ 5G iii. Galaxy S23 5G iv. Galaxy Tab S9/S9+/S9 Ultra v. Galaxy Z Flip5 5G vi. Galaxy Z Fold5 5G c. North America (Qualcomm Snapdragon 8 Gen 1) i. Galaxy S22 Ultra 5G ii. Galaxy S22+ 5G iii. Galaxy S22 5G iv. Galaxy Z Fold4 5G v. Galaxy Z Flip4 5G d. North America (Qualcomm Snapdragon 750G) i. Galaxy A52 5G e. International (Samsung Exynos 2400) i. Galaxy S24 5G ii. Galaxy S24+ 5G f. International (Samsung Exynos 2200) i. Galaxy S23 FE ii. Galaxy S22 5G iii. Galaxy S22+ 5G iv. Galaxy S22 Ultra 5G 2. Apple iPhone – iOS17 a. A15 Bionic i. iPhone SE (3rd gen) ii. iPhone 13 iii. iPhone 13 Mini iv. iPhone 13 Pro v. iPhone 13 Pro Max vi. iPhone 14 vii. iPhone 14 Plus b. Apple A16 Bionic i. iPhone 14 Pro ii. iPhone 14 Pro Max iii. iPhone 15 c. Apple A17 Pro i. iPhone 15 Pro ii. iPhone 15 Pro Max 1 Note the list of equivalent devices is taken from the evaluated devices’ Security Targets. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 6 of 50 3. Apple iPad – iPadOS17 a. Apple M2 i. iPad Pro 11 inch (4th Gen) ii. iPad Pro 12.9 inch (6th Gen) iii. iPad Air 11 inch (6th Gen) iv. iPad Air 13 inch (6th Gen) The evaluation testing was done using the Samsung Galaxy S23, Apple iPhone 13, and Apple iPad Air M2 (6th generation). The mobile devices have been NIAP certified as follows: Samsung Galaxy Devices on Android 14 (VID11444): https://www.niap-ccevs.org/products/11444 Samsung Galaxy Devices on Android 14 (GalaxyA52 5G and Galaxy A42 5G only) (VID11539): https://www.niap-ccevs.org/products/11539 Apple iOS 17: iPhones (VID11446) https://www.niap-ccevs.org/products/11446 Apple iPadOS 17: iPads (VID11447): https://www.niap-ccevs.org/products/11447 Note that the iPad Air 11 inch (6th Gen) and iPad Air 13 inch (6th Gen), while not listed on VID11447, are equivalent devices due to having the same processor. 1.4 TOE Description The TOE is a VoIP application that executes on an evaluated mobile device operating system. Figure 1-1 TOE Usage User Context The TOE user downloads the TOE from an app store (e.g., Apple Store, Google Play). On first use of the app, the user must go through a registration process in order to register to a specified BlackBerry SecuSUITE Server (identified by URI). Once registered, the user can place secure VoIP calls using the app with largely the same interactions as with a normal phone call. The SecuSUITE Client provides encryption of user call signaling and voice data. Users are typically invited to join SecuSUITE/Envoy service via an activation email initiated by their corporate IT administrator who adds users via the BlackBerry SecuSUITE Server administration portal. The activation email includes the activation credentials as well as the option to scan a QR code to initiate the registration with the SCA server. SecuSUITE Context The TOE is part of the SecuSUITE Security Solution shown in Figure 1-2 below. The TOE does not work in isolation, but relies on BlackBerry SecuSUITE Server components to enable a secure VoIP communication. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 7 of 50 Figure 1-2 SecuSUITE Security Solution As shown in Figure 1-2, the SecuSUITE VoIP process flow is as follows: Step 1: Initial Registration Every participating client has to register first to the Secure Client Authentication (SCA) server. The SCA server authenticates users and enrolls required client and user certificates as well as client configuration. Only clients that have been enrolled via the SCA service are able to connect to the SIP server and are allowed to establish end-to-end encrypted communication to other SecuSUITE/Envoy clients. Note: Clients must also register to the SIP server using a SIP password. This is in addition to initial client registration with the SCA server. Step 2: Connection Establishment The Session Initiation Protocol (SIP) together with TLS is used to establish a secure connection between mobile devices. The use of a TLS connection, providing encryption and mutual authentication, ensures that the devices connect with authorized SIP servers and the dialed call numbers are transmitted encrypted. The BlackBerry SecuSUITE Server Security Target defines the SIP Server TOE. Step 3: Key Agreement When a call is placed and accepted, SecuSUITE clients exchange SIP messages that include digital certificates used to confirm caller identity and perform key agreement for SRTP encryption. Step 4: End-to-End Encrypted Voice Communication Established Clients utilize the SRTP protocol to exchange encrypted voice communications. The voice stream remains encrypted while traversing the BlackBerry SecuSUITE Server and only the clients have access to the SRTP session keys. Step 5: Forwarding of End-to-End Encrypted Voice Stream During connection signaling, the SIP server sets up the RTP/RTCP packet bridging in the Real-Time Transport Protocol (RTP) Proxy for this connection. The RTP Proxy relays/bridges the encrypted data stream between clients. The main purpose of the RTP Proxy is to make the communication between SIP user agents behind NAT/NAPT possible. VVoIP Client The SecuSUITE Client establishes a secure tunnel for voice communications with another SecuSUITE/Envoy client or the SecuSUITE Server. The tunnel provides confidentiality, integrity, and data authentication for information that travels across the public network. This occurs using the Secure Real-Time Transport Protocol (SRTP) that has been established using the Session Description Protocol (SDP) and the Security Descriptions for Media Streams (SDES) for SDP – the TOE supports SDES-SRTP. The TOE Client also protects communications between itself and the SIP Server by using a Transport Layer Security (TLS)-protected signaling channel. To register the TOE within the domain, the TOE is required to be password authenticated by the SIP Server. The TOE also makes use of certificates to authenticate both the SIP server end and the TOE itself through the TLS connection. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 8 of 50 Group/Conference Calls Besides the peer-to-peer calls between two instances of the TOE, the SecuSUITE/Envoy solution also allows the setup of a secure conference call between a group of SecuSUITE users. For that, individual calls and trusted channels are established between all TOEs participating in the group call (for a group call between 4 participants, every TOE has 3 individual calls to the members of the group). The individual SIP and SRTP connections are established exactly the same way the peer-to-peer calls are setup via the SecuSUITE Server. They are encrypted end-2-end and the individually decrypted audio stream is mixed only locally by each client so that no clear text representations of the audio streams exist in a central component. Secure Text Messaging The TOE client allows encrypted instant message transfer between client applications. Secure Text Messaging utilizes the same TLS protected communication channel that is used during initial SCA registration used to transfer client configuration settings and SIP credentials between SecuSUITE Server and client. Group Messaging Besides the peer-to-peer text messaging between two instances of the TOE, the SecuSUITE/Envoy solution also allows the setup of messaging groups between an arbitrary number of SecuSUITE users. The messages are individually encrypted for all TOE users participating in the group messaging session the same way peer-to-peer messages are protected. Calls Destined Beyond the SecuSUITE Server The TOE always encrypts the user’s call signaling and data (voice) transmitted to other TOE VoIP endpoints registered with the SecuSUITE Server and transmitted to the SecuSUITE Server itself. The SecuSUITE Server administrator can configure calling to additional endpoints which are reached through a PBX (another SIP server connected to local/internal landline phones and potentially connected to outside phone lines). If configured, the TOE can then place calls to additional endpoints beyond the SecuSUITE Server through the configured PBX; however, because the call signaling and call data travels beyond the SecuSUITE Server itself, its security lies beyond the TOE and SecuSUITE Server’s control. While the ability of the SecuSUITE Server to route calls to additional endpoints through a PBX lies beyond the scope of this ASPP14/PKGTLS11/VVoIPAS10 evaluation, the TOE can indicate when a user’s call travels beyond the SecuSUITE Server. The SecuSUITE Server allows an administrator to configure (refer to BlackBerry SecuSUITE Server evaluation VID11634 against the Enterprise Session Controller Protection Profile) which phone number prefixes the administrator deems “land secure” and which calls “breakout” to external phone lines (with unknown security). By default, the SecuSUITE Server treats all calls routed to the PBX as “breakout” calls. These designations cause an image indicating this disposition of the call to appear on the TOE’s User Interface (UI) as described in the Common Criteria Configuration Guide. Again, while beyond the scope of this evaluation, the concepts of “Secure Landing” and “Breakout Calls” are useful for TOE users to understand, in the event that their administrator has configured their SecuSUITE Server to route calls to additional endpoints through a PBX. Envoy Client The Envoy Client is a branded version of the SecuSUITE client that is identical from functional and security implementation perspective. The Envoy client is distributed by BlackBerry and differs basically in the used UI assets and product publishing. The relevant details are: • Different splash screens during client start-up • Replaced UI Assets and Text elements (e.g., Envoy logo, product name, app icon, status bar icon, EULA text and About screen) • Changes required to distribute the client under an independent publisher/developer in the App Stores (e.g., developer signing) Client configuration and UI flows are identical, otherwise same guidance document applies to both clients. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 9 of 50 The clients are created out of the same build process at the same point of time and have always matching major/minor release numbers. All descriptions and security claims in this document apply always to both clients even if only SecuSUITE is mentioned in the text. 1.4.1 TOE Architecture The TOE boundary is illustrated in Figure 1-3. Figure 1-3 TOE Boundary The TOE is compromised of the SecuSUITE version 6.0 and Envoy version 6.0. To operate, the SecuSUITE Client must be registered to SecuSUITE and to the BlackBerry SecuSUITE Server (also referred to as the Enterprise Session Controller, or ESC). Once properly registered, the Client can initiate or receive a “Call”. Call data is exchanged with a VVoIP endpoint through SecuSUITE Server which provides an SRTP proxy. The Enterprise Session Controller is also referred to as the SIP server. Client Registration to SecuSUITE Before a SecuSUITE client can exchange messages with the SIP Server, it must first be registered to the BlackBerry SecuSUITE Server via the SCA Server. This initial client registration is briefly described below to provide context to the reader: 1. SecuSUITE administrator adds a user to the SecuSUITE via the Admin Portal which generates activation codes that are delivered to the user via some out of band method (e.g., email/printed). 2. User downloads the SecuSUITE client application from supported app store and launches the client app. 3. Client app running on mobile device prompts the user to enter the activation code as well as the SCA Server URL and initiates a TLS connection to SCA Server. 4. The user is notified to define a device password in case no device password is defined yet. 5. SCA Server validates client for registration via secure remote password protocol using the activation code as the shared secret (this is not the SIP password). 6. Client generates multiple certificate signing requests and submits to SCA Server. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 10 of 50 7. SCA Server’s embedded CA creates, signs, and returns the certificates. Alternatively, the signing requests can be forwarded to an existing external CA for certificate signing. 8. Client gets its client configuration settings from SCA Server. 9. Client gets its SIP settings from SCA server (which retrieves settings from the database server). Settings include: a. E.164 telephone number (SIP alias) b. SIP Server URI c. TLS version (TLS 1.2 only) d. SIP domain to which client belongs e. SIP user name and password 10. User performs the following: a. Enter unique activation code b. Enter the SCA Server URL Client Registration with SIP Server The client registers with the SIP server every time a new connection with the SIP server is established. That is, after: • Client app was installed and SCA procedure was successfully passed, or • Client was restarted, or • Client had lost TLS connection to SIP server (e.g. because of network change or problems) Procedure: • Client opens two-way authenticated TLS session with SIP server. • Client registers using SIP REGISTER. • Once registered with the SIP server, the client can operate in one of two modes: o Constant connection mode, where the client uses periodic requests with the SIP server to keep the TLS connection open. o Push Service connection mode where the client registers with a PUSH notification service on the mobile device and provides that information to the SIP server. When a call is targeted at the client, the SIP server communicates with the PUSH service to awaken the client. Once the mobile device OS wakes the client, the client reconnects to the SIP server to establish a current TLS connection. • SIP server authenticates client’s SIP REGISTER request messages with SIP username and password/digest access authentication. Digest Access Authentication The SIP username and password are used to authenticate SIP REGISTER messages using digest access authentication per RFC 3261 as follows: • Client and server have a shared secret (H(A1) of SIP password) • Client sends request message to server • Server rejects request with request message containing challenge (“nonce”) • Client calculates digest from challenge and H(A1) of SIP password • Client sends request message again with request message now containing digest SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 11 of 50 • Server also calculates digest and compares this with value received from client • If digest values match, server accepts request Call Setup Preconditions: • Client A (“Alice”) and client B (“Bob”) have registered with SCA server. • Alice and Bob can establish TLS sessions with the SIP server. Alice calls Bob: • The SIP server routes SIP messages between Alice and Bob (using a PUSH server to awaken Bob’s client if necessary). • Alice and Bob do not exchange media packets (RTP/RTCP) directly. The SecuSUITE encompasses an RTP proxy which works as an RTP bridge. Alice sends her media packets to the RTP proxy which forwards them to Bob, and vice versa. During connection signaling, the SIP server sets up the RTP/RTCP packet bridging in the RTP proxy for this connection. The messages are as follows: • Alice’s SIP INVITE message includes: o Alice’s VoIP Encryption Certificate • Bob’s SIP 200 OK message includes within the SDP: o Bob’s VoIP Encryption Certificate o Bob’s SDP message o Bob’s SRTP master uplink key and salt (i.e. the key and salt Bob is using when sending RTP and RTCP packets to Alice, see RFC 4568 2006 section 5.1.1) in a message block containing a CMS EnvelopedData ASN.1 structure • Alice’s SIP ACK includes: o Alice’s SDP message o Alice’s SRTP master uplink key and salt (i.e. the key and salt Alice is using when sending RTP and RTCP packets to Bob; similar encoding as Bob) User Plane (Media) The main purpose of the RTP Proxy is to make the communication between SIP user agents behind NAT/NAPT possible: • Typically, the client has an internal (non-routable) IP address and will select some UDP port for RTP and another one for RTCP. NAPT will change the IP address and UDP ports to external values. The internal values, however, appear in the SDP and the remote client would use them as destination IP address and ports, which would not work. The solution is to replace the IP address and ports in the SDP. The new IP address is a routable IP address of an RTP proxy, and the RTP/RTCP ports are replaced and used as session identifiers. This replacement happens in the SIP server during call establishment. • When the SIP server receives the first SIP message with SDP content during call setup (e.g. 200 OK), it extracts the Call-ID, selects an RTP proxy, and sends the Call-ID to this RTP Proxy using the RTP Proxy Control Protocol. • The RTP Proxy creates a new session by randomly allocating two subsequent unused UDP ports from a range of UDP ports to that session and returns these port numbers to the SIP server via the RTP Proxy Control Protocol. The first port is for RTP, and the second one for RTCP. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 12 of 50 • After receiving the reply from the RTP Proxy, the SIP server replaces the RTP and RTCP media IP addresses and UDP ports in the SDP content of the message with the RTP Proxy IP address and the UDP ports the RTP Proxy has allocated. • Then the SIP server forwards this modified SIP message as usually to the intended destination. • When the SIP server receives an SIP follow-up message (e.g. ACK) containing SDP information from the other peer, it sends again the Call-ID to the RTP Proxy via the RTP Proxy Control Protocol. • Using the Call-ID as a key, the RTP Proxy performs a lookup among existing sessions, allocates randomly another pair of subsequent UDP ports to this session and returns these port numbers to the SIP server. • After receiving the second pair of port numbers from the RTP Proxy, the SIP server replaces the media IP address and Ports in the SDP content of the SIP follow-up message so that it now also points to the RTP Proxy. The SIP server forwards the SIP message as usually to the intended destination. • For RTP, the RTP Proxy now listens on the two ports it has allocated for that session and waits for receiving at least one UDP message from Alice and one from Bob. When such a packet is received, the proxy fills one of two IP address/UDP port structures associated to this call with the source IP address and the source UDP port of that packet. When both structures are filled in, the RTP proxy starts relaying UDP/RTP packets between the Alice and Bob. • The same happens for RTCP. • The RTP proxy tracks idle time for each of the existing sessions (i.e. the time within which there were no packets relayed), and automatically cleans up sessions whose idle times exceed a specified value (e.g. 60 seconds). Call Termination Users can terminate an ongoing call anytime by pushing the “End call” button. The client sends a SIP BYE message and the other party confirms with a SIP OK message. The SIP server then terminates the SRTP session by sending a Delete message for that call to the RTP Proxy. Clients will also terminate a call when no RTP data is received for more than 15 seconds. 1.4.1.1 Physical Boundaries The TOE executes on the devices listed in Section 1.3. Non-TOE Components The TOE is part of the SecuSUITE security solution and requires the following components to be present in the environment: a) SecuSUITE SCA Server. The SCA Server authenticates users and facilitates VoIP client enrollment and pushes client SIP configuration to the client. b) SecuSUITE SIP Server. The SIP Server is used to establish the secure connection between the mobile devices. The use of a TLS connection, providing encryption and mutual authentication, ensures that the devices connect with authorized SIP servers only and the dialed call numbers are transmitted encrypted. c) SecuSUITE RTP Proxy. The Real-Time Transport Protocol (RTP) Proxy bridges media packets sent between clients. The RTP Proxy is part of the SecuSUITE SIP Server. The SIP Server creates and deletes RTP and Real-Time Transport Control Protocol (RTCP) bridging sessions in the RTP Proxy. 1.4.1.2 Logical Boundaries This section summarizes the security functions provided by SecuSUITE/Envoy Client: • Communication SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 13 of 50 • Cryptographic support • User data protection • Identification and authentication • Security management • Privacy • Protection of the TSF • TOE access • Trusted path/channels 1.4.1.2.1 Communication The TOE utilizes the Opus codec by default to transmit voice media. The Opus codec utilizes a fixed bit-rate. 1.4.1.2.2 Cryptographic support The TOE includes its own cryptographic module to perform operations in support of authentication actions and network communications using the TLS and SRTP protocol. The TOE implements TLS version 1.2 with mutual authentication using elliptic-curve cryptography. The TOE also relies upon its platform for certain cryptographic operations, including providing random data to seed the TOE’s own DRBG. The TOE relies upon the platform (i.e., iOS, iPadOS, and Android) cryptographic libraries for operations related to protecting keys in platform offer storage (i.e., a key store). 1.4.1.2.3 User data protection The TOE enforces the media transmission policy when communicating with remote VVoIP endpoints which use TLS and SRTP protocols. The TOE also ensures that communication with an SCA server is protected using TLS. The TOE protects user data by utilizing platform services for data storage. 1.4.1.2.4 Identification and authentication The TOE authenticates TLS peers using X.509v3 certificates. It performs extensive X.509 certificate validation checks on these certificates, rejecting invalid or revoked certificates. 1.4.1.2.5 Security management The TOE receives configuration setting during its registration with an SCA server. The client allows management operations that specify the SIP server to use for connections. 1.4.1.2.6 Privacy The TOE does not transmit Personally Identifiable Information over any network interfaces. 1.4.1.2.7 Protection of the TSF The TOE relies on the physical boundary of the evaluated platform as well as the Android and iOS/iPadOS operating systems for the protection of the TOE’s application components. The TOE relies upon these platforms to indicate the current TOE version. If an update is needed, it is obtained from the platform’s application store. The TOE’s software is digitally signed in accordance with the requirements of each application store. The native Apple and Android cryptographic library, which provides some of the TOE’s cryptographic services, have built-in self-tests that are run at client start-up to ensure that the algorithms are correct. If any self-tests fail, the TOE SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 14 of 50 will not be able to perform its cryptographic services. The TOE includes its own cryptographic library that also includes self-tests that are run when the client starts. 1.4.1.2.8 TOE access The TOE includes a 15 second default timeout that can terminate idle voice/video transmission. This timeout value can be changed by the configuration obtained from the SCA server. 1.4.1.2.9 Trusted path/channels The TOE encrypts all data transmitted with an Enterprise Session Controller and another VVoIP endpoint using TLS to protect HTTPS, SIP and SRTP communications. The TLS channel established with an ESC or VVoIP endpoint can be used to exchange SIP messages or to initiate the use of SRTP for voice/video traffic. 1.4.2 TOE Documentation BlackBerry Limited offers documentation that describes the installation process for the TOE as well as guidance for subsequent use and administration of the applicable security features of the TOE. The following list of documents were examined as part of the evaluation. SecuSUITE Common Criteria Guide Release 6.0 Version 2 10a SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 15 of 50 2. Conformance Claims This TOE is conformant to the following CC specifications: • Common Criteria for Information Technology Security Evaluation Part 2: Security functional components, Version 3.1, Revision 5, April 2017. • Part 2 Extended • Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components, Version 3.1, Revision 5, April 2017. • Part 3 Extended • Package Claims: • PP-Configuration for Application Software and Voice/Video over IP (VVoIP) Endpoints, Version 1.1, 31 May 2022 ▪ Base-PP: Protection Profile for Application Software, Version 1.4, 07 October 2021 (PP_APP_V1.4) ▪ PP-Module for Voice/Video over IP (VVoIP) Endpoints, Version 1.0, 28 October 2020 (MOD_VVoIP_V1.0) • Functional Package for Transport Layer Security (TLS), Version 1.1, 01 March 2019 (PKG_TLS_V1.1) • with the following technical decisions: Package Technical Decision Applied Notes MOD_VVOIP_V1.0 TD0589 - Reliable Time for VVoIP Software TOEs Yes MOD_VVOIP_V1.0 TD0684 - VVoIP PP-Module Updated to Allow for App PP v1.4 as Base PP Yes MOD_VVOIP_V1.0 TD0718 - Format changes for MOD_VVoIP_V1.0 Yes MOD_VVOIP_V1.0 TD0730 - Clarification on Trusted Update sources for VVoIP Applications Yes MOD_VVOIP_V1.0 TD0785 - Terminology Change in MOD_VVoIP: Extended to Functional Package Yes MOD_VVOIP_V1.0 TD0834 - Aligning MOD_VVOIP 1.0 with NDcPP 3.0E No NDcPP 3.0E not claimed MOD_VVOIP_V1.0 TD0938 – Adding Support for Silence Packets When Muted Yes MOD_VVOIP_V1.0 TD0965 – Additional Option for FCS_SRTP_EXT.1 Test Yes PKG_TLS_V1.1 TD0442 – Updated TLS Ciphersuites for TLS Package Yes PKG_TLS_V1.1 TD0469 - Modification of test activity for FCS_TLSS_EXT.1.1 test 4.1 No TLSS not claimed PKG_TLS_V1.1 TD0499 - Testing with pinned certificates Yes PKG_TLS_V1.1 TD0513 - CA Certificate loading Yes PKG_TLS_V1.1 TD0726 - Corrections to (D)TLSS SFRs in TLS 1.1 FP No TLSS not claimed PKG_TLS_V1.1 TD0739 - PKG_TLS_V1.1 has 2 different publication dates Yes SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 16 of 50 PKG_TLS_V1.1 TD0770 - TLSS.2 connection with no client cert No TLSS not claimed PKG_TLS_V1.1 TD0779 - Updated Session Resumption Support in TLS package V1.1 No TLSS not claimed PP_APP_V1.4 TD0628 - Addition of Container Image to Package Format Yes PP_APP_V1.4 TD0650 - Conformance claim sections updated to allow for MOD_VPNC_V2.3 and 2.4 No MOD_VPNC not claimed PP_APP_V1.4 TD0664 - Testing activity for FPT_TUD_EXT.2.2 Yes PP_APP_V1.4 TD0717 - Format changes for PP_APP_V1.4 Yes PP_APP_V1.4 TD0719 - ECD for PP APP V1.3 and 1.4 Yes PP_APP_V1.4 TD0736 - Number of elements for iterations of FCS_HTTPS_EXT.1 No PP_APP_V1.4 TD0743 - FTP_DIT_EXT.1.1 Selection exclusivity Yes PP_APP_V1.4 TD0747 - Configuration Storage Option for Android Yes PP_APP_V1.4 TD0756 - Update for platform-provided full disk encryption Yes PP_APP_V1.4 TD0780 - FIA_X509_EXT.1 Test 4 Clarification Yes PP_APP_V1.4 TD0798 - Static Memory Mapping Exceptions Yes PP_APP_V1.4 TD0815 - Addition of Conditional TSS Activity for FPT_AEX_EXT.1.5 Yes PP_APP_V1.4 TD0822 - Correction to Windows Manifest File for FDP_DEC_EXT.1 No Windows not claimed PP_APP_V1.4 TD0823 - Update to Microsoft Windows Exploit Protection link in FPT_AEX_EXT.1.3 No Windows not claimed PP_APP_V1.4 TD0844 - Addition of Assurance Package for Flaw Remediation V1.0 Conformance Claim No ALC_FLR not claimed PP_APP_V1.4 TD0865 – Consistency of Cryptographic Key Sizes Yes PP_APP_V1.4 TD0914 – Addition of PKG_TLS_V2.0 to Conformance Claims No The TOE does not claim to support PKG_TLS_V2.0 as the claim is now optional PP_APP_V1.4 TD0931 – Clarification when CTR_DRBG is Selected for FCS_RBG_EXT.2.2 in PP_APP_V1.4 Yes PP_APP_V1.4 TD0945 – Adding FIPS 186-5 in PP_APP_V1.4 Yes PP_APP_V1.4 TD0964 – Clarifications to FMT_MEC_EXT.1 Windows Test No Windows not claimed For ease of reference, the following acronyms will be used: • PP_APP_V1.4 – ASPP14 • MOD_VVOIP_V1.0 – VVoIPAS10 • PKG_TLS_V1.1 – PKGTLS11 SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 17 of 50 2.1 Conformance Rationale The ST conforms to the ASPP14/PKGTLS11/VVoIPAS10. The security problem definition, security objectives, and security requirements have been drawn from the PP. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 18 of 50 3. Security Objectives The Security Problem Definition may be found in the ASPP14/PKGTLS11/VVoIPAS10 and this section reproduces only the corresponding Security Objectives for operational environment for reader convenience. The ASPP14/PKGTLS11/VVoIPAS10 offers additional information about the identified security objectives, but that has not been reproduced here and the ASPP14/PKGTLS11/VVoIPAS10 should be consulted if there is interest in that material. In general, the ASPP14/PKGTLS11/VVoIPAS10 has defined Security Objectives appropriate for software applications that provide Voice/Video over IP (VVoIP) endpoints and as such are applicable to the SecuSUITE/Envoy Client TOE. 3.1 Security Objectives for the Operational Environment OE.PLATFORM The TOE relies upon a trustworthy computing platform for its execution. This includes the underlying operating system and any discrete execution environment provided to the TOE. OE.PROPER_ADMIN The administrator of the application software is not careless, willfully negligent or hostile, and administers the software within compliance of the applied enterprise security policy. OE.PROPER_USER The user of the application software is not willfully negligent or hostile, and uses the software within compliance of the applied enterprise security policy. OE.UPDATE_SOURCE The operational environment will have TOE software/firmware made available on either the call control server that the TOE connects to or a separate file server managed by the organization. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 19 of 50 4. Extended Components Definition All of the extended requirements in this ST have been drawn from the ASPP14/PKGTLS11/VVoIPAS10. The ASPP14/PKGTLS11/VVoIPAS10 defines the following extended requirements and since they are not redefined in this ST, the ASPP14/PKGTLS11/VVoIPAS10 should be consulted for more information in regard to those CC extensions. Extended SFRs: - VVoIPAS10:FCO_VOC_EXT.1: Fixed-Rate Vocoder - ASPP14:FCS_CKM_EXT.1: Cryptographic Key Generation Services - ASPP14:FCS_HTTPS_EXT.1/Client: HTTPS Protocol - ASPP14:FCS_RBG_EXT.1: Random Bit Generation Services - ASPP14:FCS_RBG_EXT.2: Random Bit Generation from Application - VVoIPAS10:FCS_SRTP_EXT.1: Secure Real-Time Transport Protocol - ASPP14:FCS_STO_EXT.1: Storage of Credentials - PKGTLS11:FCS_TLS_EXT.1: TLS Protocol - PKGTLS11:FCS_TLSC_EXT.1: TLS Client Protocol - PKGTLS11:FCS_TLSC_EXT.2: TLS Client Support for Mutual Authentication - PKGTLS11:FCS_TLSC_EXT.3: TLS Client Support for Signature Algorithms Extension - PKGTLS11:FCS_TLSC_EXT.4: TLS Client Support for Renegotiation - PKGTLS11:FCS_TLSC_EXT.5: TLS Client Support for Supported Groups Extension - ASPP14:FDP_DAR_EXT.1: Encryption Of Sensitive Application Data - per TD0756 - ASPP14:FDP_DEC_EXT.1: Access to Platform Resources - per TD0822 - ASPP14:FDP_NET_EXT.1: Network Communications - ASPP14:FIA_X509_EXT.1: X.509 Certificate Validation - per TD0780 - ASPP14:FIA_X509_EXT.2: X.509 Certificate Authentication - ASPP14:FMT_CFG_EXT.1: Secure by Default Configuration - ASPP14:FMT_MEC_EXT.1: Supported Configuration Mechanism - per TD0747 - ASPP14:FPR_ANO_EXT.1: User Consent for Transmission of Personally Identifiable - ASPP14:FPT_AEX_EXT.1: Anti-Exploitation Capabilities - ASPP14:FPT_API_EXT.1: Use of Supported Services and APIs - ASPP14:FPT_IDV_EXT.1: Software Identification and Versions - ASPP14:FPT_LIB_EXT.1: Use of Third Party Libraries - ASPP14:FPT_TUD_EXT.1: Integrity for Installation and Update - VVoIPAS10:FPT_TUD_EXT.1: Trusted Update - per TD0730 - ASPP14:FPT_TUD_EXT.2: Integrity for Installation and Update - per TD0628 - ASPP14:FTP_DIT_EXT.1: Protection of Data in Transit - per TD0743 - VVoIPAS10:FTP_DIT_EXT.1: Protection of Data in Transit - per TD0785 Extended SARs: - ALC_TSU_EXT.1: Timely Security Updates SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 20 of 50 5. Security Requirements This section defines the Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) that serve to represent the security functional claims for the Target of Evaluation (TOE) and to scope the evaluation effort. The SFRs have all been drawn from the ASPP14/PKGTLS11/VVoIPAS10. The refinements and operations already performed in the ASPP14/PKGTLS11/VVoIPAS10 are not identified (e.g., highlighted) here, rather the requirements have been copied from the ASPP14/PKGTLS11/VVoIPAS10 and any residual operations have been completed herein. Of particular note, the ASPP14/PKGTLS11/VVoIPAS10 made a number of refinements and completed some of the SFR operations defined in the Common Criteria (CC) and that PP should be consulted to identify those changes if necessary. The SARs are also drawn from the ASPP14/PKGTLS11/VVoIPAS10. The ASPP14/PKGTLS11/VVoIPAS10 should be consulted for the assurance activity definitions. 5.1 TOE Security Functional Requirements The following table identifies the SFRs that are satisfied by SecuSUITE/Envoy Client TOE. Requirement Class Requirement Component FCO: Communication VVoIPAS10:FCO_VOC_EXT.1: Fixed-Rate Vocoder FCS: Cryptographic support ASPP14:FCS_CKM.1/AK: Cryptographic Asymmetric Key Generation - per TD0717 ASPP14:FCS_CKM.2: Cryptographic Key Establishment ASPP14:FCS_CKM_EXT.1: Cryptographic Key Generation Services ASPP14:FCS_COP.1/Hash: Cryptographic Operation - Hashing ASPP14:FCS_COP.1/KeyedHash: Cryptographic Operation - Keyed- Hash Message Authentication - per TD0717 ASPP14:FCS_COP.1/Sig: Cryptographic Operation - Signing - per TD0717 ASPP14:FCS_COP.1/SKC: Cryptographic Operation - Encryption/Decryption VVoIPAS10:FCS_COP.1/SRTP: Cryptographic Operation (Encryption/Decryption for SRTP) ASPP14:FCS_HTTPS_EXT.1/Client: HTTPS Protocol ASPP14:FCS_RBG_EXT.1: Random Bit Generation Services ASPP14:FCS_RBG_EXT.2: Random Bit Generation from Application VVoIPAS10:FCS_SRTP_EXT.1: Secure Real-Time Transport Protocol ASPP14:FCS_STO_EXT.1: Storage of Credentials – per TD0865 PKGTLS11:FCS_TLS_EXT.1: TLS Protocol PKGTLS11:FCS_TLSC_EXT.1: TLS Client Protocol PKGTLS11:FCS_TLSC_EXT.2: TLS Client Support for Mutual Authentication PKGTLS11:FCS_TLSC_EXT.3: TLS Client Support for Signature Algorithms Extension PKGTLS11: FCS_TLSC_EXT.4: TLS Client Support for Renegotiation PKGTLS11:FCS_TLSC_EXT.5: TLS Client Support for Supported Groups Extension FDP: User data protection ASPP14:FDP_DAR_EXT.1: Encryption Of Sensitive Application Data - per TD0756 SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 21 of 50 ASPP14:FDP_DEC_EXT.1: Access to Platform Resources - per TD0822 VVoIPAS10:FDP_IFC.1: Subset Information Flow Control VVoIPAS10:FDP_IFF.1: Simple Security Attributes per TD0938 ASPP14:FDP_NET_EXT.1: Network Communications FIA: Identification and authentication ASPP14:FIA_X509_EXT.1: X.509 Certificate Validation - per TD0780 ASPP14:FIA_X509_EXT.2: X.509 Certificate Authentication FMT: Security management ASPP14:FMT_CFG_EXT.1: Secure by Default Configuration ASPP14:FMT_MEC_EXT.1: Supported Configuration Mechanism - per TD0747 ASPP14:FMT_SMF.1: Specification of Management Functions VVoIPAS10:FMT_SMF.1/VVoIP: Specification of Management Functions (VVoIP Communications) FPR: Privacy ASPP14:FPR_ANO_EXT.1: User Consent for Transmission of Personally Identifiable FPT: Protection of the TSF ASPP14:FPT_AEX_EXT.1: Anti-Exploitation Capabilities ASPP14:FPT_API_EXT.1: Use of Supported Services and APIs ASPP14:FPT_IDV_EXT.1: Software Identification and Versions ASPP14:FPT_LIB_EXT.1: Use of Third Party Libraries ASPP14:FPT_TUD_EXT.1: Integrity for Installation and Update VVoIPAS10:FPT_TUD_EXT.1: Trusted Update - per TD0730 ASPP14:FPT_TUD_EXT.2: Integrity for Installation and Update - per TD0628 FTA: TOE access VVoIPAS10:FTA_SSL.3/Media: Media TSF-Initiated Termination (Media Channel) FTP: Trusted path/channels ASPP14:FTP_DIT_EXT.1: Protection of Data in Transit - per TD0743 VVoIPAS10:FTP_DIT_EXT.1: Protection of Data in Transit - per TD0785 VVoIPAS10:FTP_ITC.1/Control: Inter-TSF Trusted Channel (Signaling Channel) VVoIPAS10:FTP_ITC.1/Media: Inter-TSF Trusted Channel (Media Channel) Table 5-1 TOE Security Functional Components 5.1.1 Communication (FCO) 5.1.1.1 Fixed-Rate Vocoder (VVoIPAS10:FCO_VOC_EXT.1) VVoIPAS10:FCO_VOC_EXT.1.1 The TSF shall transmit voice media using a constant bit rate voice vocoder. 5.1.2 Cryptographic support (FCS) 5.1.2.1 Cryptographic Asymmetric Key Generation - per TD0717 (ASPP14:FCS_CKM.1/AK) ASPP14:FCS_CKM.1.1/AK The application shall [invoke platform-provided functionality, implement functionality] to generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm [[ECC schemes] using 'NIST curves' P-384 and [P-256, no other curves] that meet the following: FIPS PUB 186-4, 'Digital Signature Standard (DSS)', Appendix B.4]. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 22 of 50 5.1.2.2 Cryptographic Key Establishment (ASPP14:FCS_CKM.2) ASPP14:FCS_CKM.2.1 The application shall [implement functionality] to perform cryptographic key establishment in accordance with a specified cryptographic key establishment method: [[Elliptic curve-based key establishment schemes] that meets the following: [NIST Special Publication 800-56A, 'Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography']]. 5.1.2.3 Cryptographic Key Generation Services (ASPP14:FCS_CKM_EXT.1) ASPP14:FCS_CKM_EXT.1.1 The application shall [invoke platform-provided functionality for asymmetric key generation, implement asymmetric key generation]. Application Note: The Android application will implement this functionality. The iOS/iPadOS application will invoke platform provided functionality for keys related to TLS certificates and implement functionality for ephemeral keys as part of the TLS handshake. 5.1.2.4 Cryptographic Operation - Hashing (ASPP14:FCS_COP.1/Hash) ASPP14:FCS_COP.1.1/Hash The application shall perform cryptographic hashing services in accordance with a specified cryptographic algorithm [SHA-1, SHA-256, SHA-384, SHA-512] and message digest sizes [160, 256, 384, 512] bits that meet the following: FIPS Pub 180-4. 5.1.2.5 Cryptographic Operation - Keyed-Hash Message Authentication – per TD0717 (ASPP14:FCS_COP.1/KeyedHash) ASPP14:FCS_COP.1.1/KeyedHash The application shall perform [keyed-hash message authentication] in accordance with a specified cryptographic algorithm [HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512] and [HMAC- SHA-1] with key sizes [160, 256, 384, 512] and message digest sizes [256, 384, 512] and [160] bits that meet the following: [FIPS Pub 198-1, ‘The Keyed-Hash Message Authentication Code and FIPS Pub 180-4 ‘Secure Hash Standard’]. (TD0717 applied) 5.1.2.6 Cryptographic Operation - Signing - per TD0717 (ASPP14:FCS_COP.1/Sig) ASPP14:FCS_COP.1.1/Sig The application shall perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm [ • RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4 or FIPS PUB 186-5, 'Digital Signature Standard (DSS)', Section 5, • ECDSA schemes using 'NIST curves' P-256, P-384 and [no other curves] that meet the following: FIPS PUB 186-4 or FIPS PUB 186-5, 'Digital Signature Standard (DSS)', Section 6]. 5.1.2.7 Cryptographic Operation - Encryption/Decryption (ASPP14:FCS_COP.1/SKC) ASPP14:FCS_COP.1.1/SKC The application shall perform encryption/decryption in accordance with a specified cryptographic algorithm [AES-GCM (as defined in NIST SP 800-38D) mode] and cryptographic key sizes [256- bit]. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 23 of 50 5.1.2.8 Cryptographic Operation (Encryption/Decryption for SRTP) (VVoIPAS10:FCS_COP.1/SRTP) VVoIPAS10:FCS_COP.1.1/SRTP The TSF shall perform encryption/decryption to support SDES-SRTP in accordance with a specified cryptographic algorithm [AES-CTR (as defined in NIST SP 800-38A), AES-GCM (as defined in NIST SP 800-38D)] and cryptographic key sizes [256-bit]. 5.1.2.9 HTTPS Protocol (ASPP14:FCS_HTTPS_EXT.1/Client) ASPP14:FCS_HTTPS_EXT.1.1/Client The application shall implement the HTTPS protocol that complies with RFC 2818. ASPP14:FCS_HTTPS_EXT.1.2/Client The application shall implement HTTPS using TLS as defined in the Functional Package for TLS. ASPP14:FCS_HTTPS_EXT.1.3/Client The application shall [notify the user and not establish the user-initiated connection] if the peer certificate is deemed invalid. 5.1.2.10 Random Bit Generation Services (ASPP14:FCS_RBG_EXT.1) ASPP14:FCS_RBG_EXT.1.1 The application shall [implement DRBG functionality] for its cryptographic operations. 5.1.2.11 Random Bit Generation from Application (ASPP14:FCS_RBG_EXT.2) ASPP14:FCS_RBG_EXT.2.1 The application shall perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using [CTR_DRBG (AES)]. ASPP14:FCS_RBG_EXT.2.2 The deterministic RBG shall be seeded by an entropy source that accumulates entropy from a platform-based DRBG and [no other noise source] with a minimum of [256 bits] of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate. 5.1.2.12 Secure Real-Time Transport Protocol – per TD0965 (VVoIPAS10:FCS_SRTP_EXT.1) VVoIPAS10:FCS_SRTP_EXT.1.1 The TSF shall implement the Secure Real-Time Transport Protocol (SRTP) that complies with RFC 3711, and use Security Descriptions for Media Streams (SDES) in compliance with RFC 4568 to provide key information for the SRTP connection. VVoIPAS10:FCS_SRTP_EXT.1.2 The TSF shall implement SDES-SRTP supporting the following cipher suites: [AES_256_CM_HMAC_SHA1_80, in accordance with RFC 6188, AEAD_AES_256_GCM, in accordance with RFC 7714]. VVoIPAS10:FCS_SRTP_EXT.1.3 The TSF shall ensure the SRTP NULL algorithm can be disabled. VVoIPAS10:FCS_SRTP_EXT.1.4 The TSF shall allow the SRTP ports to be used for SRTP communications to be specified by an Authorized Administrator. 5.1.2.13 Storage of Credentials – per TD0865 (ASPP14:FCS_STO_EXT.1) ASPP14:FCS_STO_EXT.1.1 The application shall [invoke the functionality provided by the platform to securely store [secret and private keys]] to non-volatile memory. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 24 of 50 5.1.2.14 TLS Protocol (PKGTLS11:FCS_TLS_EXT.1) PKGTLS11:FCS_TLS_EXT.1.1 The product shall implement [TLS as a client]. 5.1.2.15 TLS Client Protocol (PKGTLS11:FCS_TLSC_EXT.1) PKGTLS11:FCS_TLSC_EXT.1.1 The product shall implement TLS 1.2 (RFC 5246) and [no earlier TLS versions] as a client that supports the cipher suites [ • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289, • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289 ] and also supports functionality for [mutual authentication]. (TD0442 applied) PKGTLS11:FCS_TLSC_EXT.1.2 The product shall verify that the presented identifier matches the reference identifier according to RFC 6125. PKGTLS11:FCS_TLSC_EXT.1.3 The product shall not establish a trusted channel if the server certificate is invalid [with no exceptions]. 5.1.2.16 TLS Client Support for Mutual Authentication (PKGTLS11:FCS_TLSC_EXT.2) PKGTLS11:FCS_TLSC_EXT.2.1 The product shall support mutual authentication using X.509v3 certificates. 5.1.2.17 TLS Client Support for Signature Algorithms Extension (PKGTLS11:FCS_TLSC_EXT.3) PKGTLS11:FCS_TLSC_EXT.3.1 The product shall present the signature_algorithms extension in the Client Hello with the supported_signature_algorithms value containing the following hash algorithms: [SHA384, SHA512] and no other hash algorithms. 5.1.2.18 TLS Client Support for Renegotiation (PKGTLS11:FCS_TLSC_EXT.4) PKGTLS11:FCS_TLSC_EXT.4.1 The product shall support secure renegotiation through use of the ‘renegotiation_info’ TLS extension in accordance with RFC 5746. 5.1.2.19 TLS Client Support for Supported Groups Extension (PKGTLS11:FCS_TLSC_EXT.5) PKGTLS11:FCS_TLSC_EXT.5.1 The product shall present the Supported Groups Extension in the Client Hello with the supported groups [secp384r1]. 5.1.3 User data protection (FDP) 5.1.3.1 Encryption Of Sensitive Application Data - per TD0756 (ASPP14:FDP_DAR_EXT.1) ASPP14:FDP_DAR_EXT.1.1 The application shall [protect sensitive data in accordance with FCS_STO_EXT.1] in non- volatile memory. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 25 of 50 5.1.3.2 Access to Platform Resources - per TD0822 (ASPP14:FDP_DEC_EXT.1) ASPP14:FDP_DEC_EXT.1.1 The application shall restrict its access to [network connectivity, camera, microphone, Bluetooth, [biometrics, notifications, external storage, vibration motor, audio speaker]]. ASPP14:FDP_DEC_EXT.1.2 The application shall restrict its access to [address book]. 5.1.3.3 Subset Information Flow Control (VVoIPAS10:FDP_IFC.1) VVoIPAS10:FDP_IFC.1.1 The TSF shall enforce the media transmission policy on voice/video media transmitted by the TOE. 5.1.3.4 Simple Security Attributes – per TD0718 and TD0938 (VVoIPAS10:FDP_IFF.1) VVoIPAS10:FDP_IFF.1.1 The TSF shall enforce the media transmission policy based on the following types of subject and information security attributes: TOE hook state, VVoIP call connection status, and VVoIP call control server status. VVoIPAS10:FDP_IFF.1.2 The TSF shall permit an information flow between a controlled subject and controlled information via a controlled operation if the following rules hold: • The TOE is [registered with a VVoIP call control server], • A call has been established with a telephony device (VVoIP endpoint), • The TOE is in the off-hook state, • The TOE is not in the mute state, • The TOE is in the mute state and only sending silence packets • [no other rules]. VVoIPAS10:FDP_IFF.1.3 The TSF shall enforce no additional information flow control policy rules. VVoIPAS10:FDP_IFF.1.4 The TSF shall explicitly authorize an information flow based on the following rules: no additional rules. VVoIPAS10:FDP_IFF.1.5 The TSF shall explicitly deny an information flow based on the following rules: all TCP and UDP ports used by the TOE are closed when not in active use. 5.1.3.5 Network Communications (ASPP14:FDP_NET_EXT.1) ASPP14:FDP_NET_EXT.1.1 The application shall restrict network communication to [user-initiated communication for [Updating contacts/settings and communications registration of the client with an SCA, initiation of an outgoing call, and sending encrypted instant messages], respond to [an incoming call, receipt of an encrypted instant message]]. 5.1.4 Identification and authentication (FIA) 5.1.4.1 X.509 Certificate Validation - per TD0780 (ASPP14:FIA_X509_EXT.1) ASPP14:FIA_X509_EXT.1.1 The application shall [implement functionality] to validate certificates in accordance with the following rules: • RFC 5280 certificate validation and certificate path validation. • The certificate path must terminate with a trusted CA certificate. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 26 of 50 • The application shall validate a certificate path by ensuring the presence of the basicConstraints extension, that the CA flag is set to TRUE for all CA certificates, and that any path constraints are met. • The application shall validate that any CA certificate includes caSigning purpose in the key usage field. • The application shall validate the revocation status of the certificate using [CRL as specified in RFC 8603]. • The application shall validate the extendedKeyUsage (EKU) field according to the following rules: o Certificates used for trusted updates and executable code integrity verification shall have the Code Signing purpose (id-kp 3 with OID 1.3.6.1.5.5.7.3.3) in the extendedKeyUsage field. o Server certificates presented for TLS shall have the Server Authentication purpose (id-kp 1 with OID 1.3.6.1.5.5.7.3.1) in the EKU field. o Client certificates presented for TLS shall have the Client Authentication purpose (id-kp 2 with OID 1.3.6.1.5.5.7.3.2) in the EKU field. o S/MIME certificates presented for email encryption and signature shall have the Email Protection purpose (id-kp 4 with OID 1.3.6.1.5.5.7.3.4) in the EKU field. o OCSP certificates presented for OCSP responses shall have the OCSP Signing purpose (id-kp 9 with OID 1.3.6.1.5.5.7.3.9) in the EKU field. o Server certificates presented for EST shall have the CMC Registration Authority (RA) purpose (id-kpcmcRA with OID 1.3.6.1.5.5.7.3.28) in the EKU field. ASPP14:FIA_X509_EXT.1.2 The application shall treat a certificate as a CA certificate only if the basicConstraints extension is present and the CA flag is set to TRUE. 5.1.4.2 X.509 Certificate Authentication (ASPP14:FIA_X509_EXT.2) ASPP14:FIA_X509_EXT.2.1 The application shall use X.509v3 certificates as defined by RFC 5280 to support authentication for [HTTPS, TLS]. ASPP14:FIA_X509_EXT.2.2 When the application cannot establish a connection to determine the validity of a certificate, the application shall [not accept the certificate]. 5.1.5 Security management (FMT) 5.1.5.1 Secure by Default Configuration (ASPP14:FMT_CFG_EXT.1) ASPP14:FMT_CFG_EXT.1.1 The application shall provide only enough functionality to set new credentials when configured with default credentials or no credentials. ASPP14:FMT_CFG_EXT.1.2 The application shall be configured by default with file permissions which protect the application binaries and data files from modification by normal unprivileged users. 5.1.5.2 Supported Configuration Mechanism - per TD0747 (ASPP14:FMT_MEC_EXT.1) ASPP14:FMT_MEC_EXT.1.1 The application shall [invoke the mechanisms recommended by the platform vendor for storing and setting configuration options]. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 27 of 50 5.1.5.3 Specification of Management Functions (ASPP14:FMT_SMF.1) ASPP14:FMT_SMF.1.1 The TSF shall be capable of performing the following management functions [[Specify the SIP Server to use for connections]]. 5.1.5.4 Specification of Management Functions (VVoIP Communications) (VVoIPAS10:FMT_SMF.1/VVoIP) VVoIPAS10:FMT_SMF.1.1/VVoIP The TSF shall be capable of performing the following management functions: • Ability to [ o register the TOE to an ESC [manually] ]; • [No other capabilities]. 5.1.6 Privacy (FPR) 5.1.6.1 User Consent for Transmission of Personally Identifiable (ASPP14:FPR_ANO_EXT.1) ASPP14:FPR_ANO_EXT.1.1 The application shall [not transmit PII over a network]. 5.1.7 Protection of the TSF (FPT) 5.1.7.1 Anti-Exploitation Capabilities (ASPP14:FPT_AEX_EXT.1) ASPP14:FPT_AEX_EXT.1.1 The application shall not request to map memory at an explicit address except for [none]. ASPP14:FPT_AEX_EXT.1.2 The application shall [not allocate any memory region with both write and execute permissions]. ASPP14:FPT_AEX_EXT.1.3 The application shall be compatible with security features provided by the platform vendor. ASPP14:FPT_AEX_EXT.1.4 The application shall not write user-modifiable files to directories that contain executable files unless explicitly directed by the user to do so. ASPP14:FPT_AEX_EXT.1.5 The application shall be built with stack-based buffer overflow protection enabled. 5.1.7.2 Use of Supported Services and APIs (ASPP14:FPT_API_EXT.1) ASPP14:FPT_API_EXT.1.1 The application shall use only documented platform APIs. 5.1.7.3 Software Identification and Versions (ASPP14:FPT_IDV_EXT.1) ASPP14:FPT_IDV_EXT.1.1 The application shall be versioned with [[a multi-part unique release number]] 5.1.7.4 Use of Third Party Libraries (ASPP14:FPT_LIB_EXT.1) ASPP14:FPT_LIB_EXT.1.1 The application shall be packaged with only [libraries shown in the following table]. Android & iOS/iPadOS Android Only SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 28 of 50 • Boost 1.84 • ZLIB 1.3.1 • Openssl 1.0.2zm • libpjproject 2.16 • Poco 1.13.2 • libphonenumber 8.13.45 • icu 63.1 • protobuf 33.2 • opus 1.5.2 • silk 1.0.9 • libsrtp2 2.4.2 • sqlite 3.50.4 • abseil 20250814.1 • androidx.activity 1.12.2 • androidx.annotation:annotation 1.9.1 • androidx.annotation:annotation-experimental 1.4.1 • androidx.annotation:annotation-jvm 1.9.1 • androidx.appcompat 1.7.1 • androidx.arch.core 2.2.0 • androidx.autofill:autofill 1.0.0 • androidx.biometric:biometric 1.1.0 • androidx.cardview:cardview 1.0.0 • androidx.collection 1.5.0 • androidx.compose.animation 1.10.0 • androidx.compose.foundation 1.10.0 • androidx.compose.material 1.10.0 • androidx.compose.material3 1.4.0 • androidx.compose.runtime 1.10.0 • androidx.compose.ui 1.10.0 • androidx.compose:compose-bom 2025.12.01 • androidx.concurrent 1.1.0 • androidx.constraintlayout:constraintlayout 2.2.1 • androidx.constraintlayout:constraintlayout-core 1.1.1 • androidx.coordinatorlayout:coordinatorlayout 1.3.0 • androidx.core:core 1.17.0 • androidx.core:core-ktx 1.17.0 • androidx.core:core-role 1.1.0 • androidx.core:core-viewtree 1.0.0 • androidx.cursoradapter:cursoradapter 1.0.0 • androidx.customview:customview 1.1.0 • androidx.customview:customview-poolingcontainer 1.0.0 • androidx.databinding 8.13.2 • androidx.datastore 1.1.7 • androidx.documentfile:documentfile 1.1.0 • androidx.drawerlayout:drawerlayout 1.1.1 • androidx.dynamicanimation:dynamicanimation 1.1.0 • androidx.emoji2 1.6.0 • androidx.exifinterface:exifinterface 1.3.6 • androidx.fragment 1.8.9 • androidx.graphics 1.0.1 • androidx.interpolator:interpolator 1.0.0 • androidx.legacy:legacy-support-core-utils 1.0.0 • androidx.lifecycle 2.10.0 • androidx.loader:loader 1.0.0 • androidx.localbroadcastmanager:localbroadcastmanager 1.0.0 • androidx.navigationevent 1.0.1 • androidx.print:print 1.0.0 • androidx.profileinstaller:profileinstaller 1.4.0 • androidx.recyclerview:recyclerview 1.4.0 • androidx.recyclerview:recyclerview-selection 1.2.0 • androidx.resourceinspection:resourceinspection-annotation 1.0.1 • androidx.room 2.7.0 • androidx.savedstate 1.4.0 • androidx.sqlite 2.5.0 SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 29 of 50 • androidx.startup:startup-runtime 1.2.0 • androidx.swiperefreshlayout:swiperefreshlayout 1.2.0 • androidx.tracing 1.2.0 • androidx.transition:transition 1.6.0 • androidx.vectordrawable 1.1.0 • androidx.versionedparcelable:versionedparcelable 1.1.1 • androidx.viewpager2:viewpager2 1.1.0-beta02 • androidx.viewpager:viewpager 1.0.0 • androidx.window 1.5.0 • androidx.work 2.11.0 • com.facebook.shimmer:shimmer 0.5.0 • com.github.bumptech.glide 5.0.5 • com.github.chrisbanes:PhotoView 2.3.0 • com.google.android.datatransport:transport-api 3.1.0 • com.google.android.datatransport:transport-backend-cct 3.1.9 • com.google.android.datatransport:transport-runtime 3.1.9 • com.google.android.gms:play-services-base 18.10.0 • com.google.android.gms:play-services-basement 18.10.0 • com.google.android.gms:play-services-cloud-messaging 17.2.0 • com.google.android.gms:play-services-stats 17.0.2 • com.google.android.gms:play-services-tasks 18.4.1 • com.google.android.material:material 1.13.0 • com.google.android.play:app-update 2.1.0 • com.google.android.play:app-update-ktx 2.1.0 • com.google.android.play:core-common 2.0.3 • com.google.errorprone:error_prone_annotations 2.26.0 • com.google.firebase:firebase-annotations 17.0.0 • com.google.firebase:firebase-common 22.0.1 • com.google.firebase:firebase-components 19.0.0 • com.google.firebase:firebase-datatransport 18.2.0 • com.google.firebase:firebase-encoders 17.0.0 • com.google.firebase:firebase-encoders-json 18.0.0 • com.google.firebase:firebase-encoders-proto 16.0.0 • com.google.firebase:firebase-iid-interop 17.1.0 • com.google.firebase:firebase-installations 18.0.0 • com.google.firebase:firebase-installations-interop 17.1.1 • com.google.firebase:firebase-measurement-connector 19.0.0 • com.google.firebase:firebase-messaging 25.0.1 • com.google.guava:listenablefuture 1.0 • com.google.zxing:core 3.4.1 • com.journeyapps:zxing-android-embedded 4.3.0 • com.squareup.okio 3.4.0 • commons-codec:commons-codec 1.20.0 • javax.inject:javax.inject 1 • joda-time:joda-time 2.14.0 • org.androidannotations:androidannotations-api 4.8.0 • org.jetbrains.kotlin:kotlin-bom 1.8.22 • org.jetbrains.kotlin:kotlin-parcelize-runtime 2.3.0 • org.jetbrains.kotlin:kotlin-stdlib 2.3.0 • org.jetbrains.kotlin:kotlin-stdlib-jdk7 1.8.22 • org.jetbrains.kotlin:kotlin-stdlib-jdk8 1.8.22 SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 30 of 50 • org.jetbrains.kotlinx:kotlinx-coroutines-android 1.10.2 • org.jetbrains.kotlinx:kotlinx-coroutines-bom 1.10.2 • org.jetbrains.kotlinx:kotlinx-coroutines-core 1.10.2 • org.jetbrains.kotlinx:kotlinx-coroutines-core-jvm 1.10.2 • org.jetbrains.kotlinx:kotlinx-coroutines-play-services 1.10.2 • org.jetbrains.kotlinx:kotlinx-serialization-bom 1.7.3 • org.jetbrains.kotlinx:kotlinx-serialization-core 1.7.3 • org.jetbrains.kotlinx:kotlinx-serialization-core-jvm 1.7.3 • org.jetbrains:annotations 23.0.0 • org.jspecify:jspecify 1.0.0 Table 5-2 Third Party Libraries in TOE 5.1.7.5 Integrity for Installation and Update (ASPP14:FPT_TUD_EXT.1) ASPP14:FPT_TUD_EXT.1.1 The application shall [leverage the platform] to check for updates and patches to the application software. ASPP14:FPT_TUD_EXT.1.2 The application shall [leverage the platform, provide the ability] to query the current version of the application software. ASPP14:FPT_TUD_EXT.1.3 The application shall not download, modify, replace or update its own binary code. ASPP14:FPT_TUD_EXT.1.4 Application updates shall be digitally signed such that the application platform can cryptographically verify them prior to installation. ASPP14:FPT_TUD_EXT.1.5 The application is distributed [as an additional software package to the platform OS] . 5.1.7.6 Trusted Update - per TD0730 (VVoIPAS10:FPT_TUD_EXT.1) VVoIPAS10:FPT_TUD_EXT.1.1 This PP-Module does not modify this SFR as it is defined in the App PP. However, note that this PP-Module expects that either the call control server or a separate file server managed by the organization to function as the source of TOE software/firmware updates. A vendor provided source should only be used if a call control server or separate file server cannot be configured. (TD0730 applied) 5.1.7.7 Integrity for Installation and Update - per TD0628 (ASPP14:FPT_TUD_EXT.2) ASPP14:FPT_TUD_EXT.2.1 The application shall be distributed using [the format of the platform-supported package manager]. ASPP14:FPT_TUD_EXT.2.2 The application shall be packaged such that its removal results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events. ASPP14:FPT_TUD_EXT.2.3 The application installation package shall be digitally signed such that its platform can cryptographically verify them prior to installation. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 31 of 50 5.1.8 TOE access (FTA) 5.1.8.1 /Media TSF-Initiated Termination (Media Channel) (VVoIPAS10:FTA_SSL.3/Media) VVoIPAS10:FTA_SSL.3.1/Media The TSF shall terminate voice/video transmission after inactivity longer than [[15] seconds]. 5.1.9 Trusted path/channels (FTP) 5.1.9.1 Protection of Data in Transit - per TD0743 (ASPP14:FTP_DIT_EXT.1) and per TD0785 (VVoIPAS10:FTP_DIT_EXT.1) ASPP14:FTP_DIT_EXT.1.1 The application shall [encrypt all transmitted [data] with [TLS as a client as defined in the Functional Package for TLS for [communication with an enterprise session controller (SecuSUITE Server)], HTTPS as a client in accordance with FCS_HTTPS_EXT.1/Client for [communication with an enterprise session controller (SecuSUITE Server)], Secure Real-Time Transport Protocol (SRTP)] between itself and another trusted IT product. (TD0743 and TD0785 applied) 5.1.9.2 Inter-TSF Trusted Channel (Signaling Channel) - per TD0718 (VVoIPAS10:FTP_ITC.1/Control) VVoIPAS10:FTP_ITC.1.1/Control The TSF shall be capable of using [Session Initiation Protocol (SIP)] to provide a trusted communication channel between itself and a VVoIP call control server that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data. (TD0718 applied) VVoIPAS10:FTP_ITC.1.2/Control The TSF shall permit [the TSF, the VVoIP call control server] to initiate communication via the trusted channel. (TD0718 applied) VVoIPAS10:FTP_ITC.1.3/Control The TSF shall initiate communication via the trusted channel for establishment of call control. 5.1.9.3 Inter-TSF Trusted Channel (Media Channel) - per TD0718 (VVoIPAS10:FTP_ITC.1/Media) VVoIPAS10:FTP_ITC.1.1/Media The TSF shall be capable of using [SRTP] to provide a trusted communication channel between itself and another VVoIP endpoint or other telephony device that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data. (TD0718 applied) VVoIPAS10:FTP_ITC.1.2/Media The TSF shall permit the TSF, another VVoIP endpoint or other telephony device to initiate communication via the trusted channel. VVoIPAS10:FTP_ITC.1.3/Media The TSF shall initiate communication via the trusted channel for transmission of voice/video media. 5.2 TOE Security Assurance Requirements The SARs for the TOE are the components as specified in Part 3 of the Common Criteria. Note that the SARs have effectively been refined with the assurance activities explicitly defined in association with both the SFRs and SARs. Requirement Class Requirement Component ADV: Development ADV_FSP.1: Basic Functional Specification SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 32 of 50 AGD: Guidance documents AGD_OPE.1: Operational User Guidance AGD_PRE.1: Preparative Procedures ALC: Life-cycle support ALC_CMC.1: Labelling of the TOE ALC_CMS.1: TOE CM Coverage ALC_TSU_EXT.1: Timely Security Updates ATE: Tests ATE_IND.1: Independent Testing - Conformance AVA: Vulnerability assessment AVA_VAN.1: Vulnerability Survey Table 5-3 Assurance Components 5.2.1 Development (ADV) 5.2.1.1 Basic Functional Specification (ADV_FSP.1) ADV_FSP.1.1d The developer shall provide a functional specification. ADV_FSP.1.2d The developer shall provide a tracing from the functional specification to the SFRs. ADV_FSP.1.1c The functional specification shall describe the purpose and method of use for each SFR-enforcing and SFR-supporting TSFI. ADV_FSP.1.2c The functional specification shall identify all parameters associated with each SFR-enforcing and SFR-supporting TSFI. ADV_FSP.1.3c The functional specification shall provide rationale for the implicit categorization of interfaces as SFR-non-interfering. ADV_FSP.1.4c The tracing shall demonstrate that the SFRs trace to TSFIs in the functional specification. ADV_FSP.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ADV_FSP.1.2e The evaluator shall determine that the functional specification is an accurate and complete instantiation of the SFRs. 5.2.2 Guidance documents (AGD) 5.2.2.1 Operational User Guidance (AGD_OPE.1) AGD_OPE.1.1d The developer shall provide operational user guidance. AGD_OPE.1.1c The operational user guidance shall describe, for each user role, the user-accessible functions and privileges that should be controlled in a secure processing environment, including appropriate warnings. AGD_OPE.1.2c The operational user guidance shall describe, for each user role, how to use the available interfaces provided by the TOE in a secure manner. AGD_OPE.1.3c The operational user guidance shall describe, for each user role, the available functions and interfaces, in particular all security parameters under the control of the user, indicating secure values as appropriate. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 33 of 50 AGD_OPE.1.4c The operational user guidance shall, for each user role, clearly present each type of security- relevant event relative to the user-accessible functions that need to be performed, including changing the security characteristics of entities under the control of the TSF. AGD_OPE.1.5c The operational user guidance shall identify all possible modes of operation of the TOE (including operation following failure or operational error), their consequences, and implications for maintaining secure operation. AGD_OPE.1.6c The operational user guidance shall, for each user role, describe the security measures to be followed in order to fulfill the security objectives for the operational environment as described in the ST. AGD_OPE.1.7c The operational user guidance shall be clear and reasonable. AGD_OPE.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 5.2.2.2 Preparative Procedures (AGD_PRE.1) AGD_PRE.1.1d The developer shall provide the TOE, including its preparative procedures. AGD_PRE.1.1c The preparative procedures shall describe all the steps necessary for secure acceptance of the delivered TOE in accordance with the developer's delivery procedures. AGD_PRE.1.2c The preparative procedures shall describe all the steps necessary for secure installation of the TOE and for the secure preparation of the operational environment in accordance with the security objectives for the operational environment as described in the ST. AGD_PRE.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AGD_PRE.1.2e The evaluator shall apply the preparative procedures to confirm that the TOE can be prepared securely for operation. 5.2.3 Life-cycle support (ALC) 5.2.3.1 Labelling of the TOE (ALC_CMC.1) ALC_CMC.1.1d The developer shall provide the TOE and a reference for the TOE. ALC_CMC.1.1c The application shall be labelled with a unique reference. ALC_CMC.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence.s 5.2.3.2 TOE CM Coverage (ALC_CMS.1) ALC_CMS.1.1d The developer shall provide a configuration list for the TOE. ALC_CMS.1.1c The configuration list shall include the following: the TOE itself; and the evaluation evidence required by the SARs. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 34 of 50 ALC_CMS.1.2c The configuration list shall uniquely identify the configuration items. ALC_CMS.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 5.2.3.3 Timely Security Updates (ALC_TSU_EXT.1) ALC_TSU_EXT.1.1d The developer shall provide a description in the TSS of how timely security updates are made to the TOE. Note: Application developers must support updates to their products for purposes of fixing security vulnerabilities. ALC_TSU_EXT.1.2d The developer shall provide a description in the TSS of how users are notified when updates change security properties or the configuration of the product. ALC_TSU_EXT.1.1c The description shall include the process for creating and deploying security updates for the TOE software. ALC_TSU_EXT.1.2c The description shall express the time window as the length of time, in days, between public disclosure of a vulnerability and the public availability of security updates to the TOE. ALC_TSU_EXT.1.3c The description shall include the mechanisms publicly available for reporting security issues pertaining to the TOE. Note: The reporting mechanism could include web sites, email addresses, as well as a means to protect the sensitivenature of the report (e.g., public keys that could be used to encrypt the details of a proof- of-concept exploit). ALC_TSU_EXT.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 5.2.4 Tests (ATE) 5.2.4.1 Independent Testing - Conformance (ATE_IND.1) ATE_IND.1.1d The developer shall provide the TOE for testing. ATE_IND.1.1c The TOE shall be suitable for testing. ATE_IND.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ATE_IND.1.2e The evaluator shall test a subset of the TSF to confirm that the TSF operates as specified. 5.2.5 Vulnerability assessment (AVA) 5.2.5.1 Vulnerability Survey (AVA_VAN.1) AVA_VAN.1.1d The developer shall provide the TOE for testing. AVA_VAN.1.1c The TOE shall be suitable for testing. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 35 of 50 AVA_VAN.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AVA_VAN.1.2e The evaluator shall perform a search of public domain sources to identify potential vulnerabilities in the TOE. AVA_VAN.1.3e The evaluator shall conduct penetration testing, based on the identified potential vulnerabilities, to determine that the TOE is resistant to attacks performed by an attacker possessing Basic attack potential. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 36 of 50 6. TOE Summary Specification This chapter describes the security functions: - Communication - Cryptographic support - User data protection - Identification and authentication - Security management - Privacy - Protection of the TSF - TOE access - Trusted path/channels 6.1 Communication The Communication function satisfies the following security functional requirements: • VVoIPAS10:FCO_VOC_EXT.1: The TOE uses the Opus codec by default. The specification for Opus (https://datatracker.ietf.org/doc/html/rfc6716) states that the vocoder has both a constant and variable bitrate mode. The TOE utilizes the vocoder in constant (fixed) bit-rate mode. 6.2 Cryptographic support The TOE contains its own internal FIPS cryptographic object module for cryptographic algorithm support. The module also uses OpenSSL 1.0.2zm with support for vulnerability patches. The TOE uses OpenSSL for TLS and certificate checking. The TOE generates random numbers using the internal module’s SP 800-90A AES-CTR DRBG. The TOE leverages the client device platform RBG to seed the internal FIPS object module DRBG. The client device platform RBG functionality is invoked as follows: • On Samsung devices, random seed data is read by invoking the java_security_SecureRandom cryptographic security on API • On Apple devices, random seed data is obtained by invoking SecRandomConvBytes that reads random data from /dev/random The CAVP certificates shown as A7723 in Table 6-1 Cryptographic Functions were obtained during the evaluation testing. Functions Requirement Standard Cert # Encryption/Decryption AES GCM (256 bits) ASPP14:FCS_COP.1/SKC NIST SP 800-38D A7723 Cryptographic hashing SHA-1, SHA-256, SHA-384, SHA-512 (digest sizes 160, 256, 384, 512) ASPP14:FCS_COP.1/Hash VVoIPAS10:FCS_COP.1/SRTP FIPS PUB 180-4 A7723 Cryptographic signature services Elliptic Curve Digital Signature Algorithm (ECDSA) with an elliptical curve size of 256 or 384 bits RSA Digital Signature with 2048 or 3072 bit keys (verification only) ASPP14:FCS_COP.1/Sig FIPS 186-4 A7723 Keyed-hash message authentication SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 37 of 50 HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 (digest sizes 160, 256, 384, 512) ASPP14:FCS_COP.1/KeyedHash VVoIPAS10:FCS_COP.1/SRTP FIPS PUB 198-1 A7723 Encryption/Decryption for SRTP AES-CTR (256 bit) AES-GCM (256-bit) VVoIPASEP10:FCS_COP.1/SRTP NIST SP 800-38A NIST SP 800-38D A7723 Random bit generation CTR_DRBG with sw based noise sources with a minimum of 256 bits of non-determinism ASPP14:FCS_RBG_EXT.2 NIST SP 800-90Ar1 A7723 Asymmetric Key Generation ECDSA Key Generation P-256, P-384 ASPP14:FCS_CKM.1/AK FIPS 186-4 A7723 Key Establishment Elliptic curve-based key establishment schemes ASPP14:FCS_CKM.2 SP 800-56A Rev 3 A7723 Table 6-1 Cryptographic Functions The TOE generates TLS key exchange keys using P-384. The TOE also supports generating P-256 keys for backwards compatibility with older BlackBerry SecuSUITE Servers. On Android, the TOE uses the internal cryptographic module’s asymmetric key generation services to generate asymmetric keys. On iOS/iPadOS, the TOE invokes platform provided functionality to generate asymmetric keys. The TOE uses Security Framework from iOS/iPadOS, specifically the APIs in /System/Library/Frameworks/Security_framework/Security. The TOE supports SRTP protocol as described by RFC 3711 using Security Descriptions for Media Streams (SDES) in compliance with RFC 4568. The SRTP session is negotiated via the SecuSUITE Server (also known as the ESC). The TOE supports both AEAD_AES_256_GCM and AES_256_GCM_HMAC_SHA1_80 ciphersuites for SDES- SRTP. The TOE and its VoIP peer must be registered to a SIP server (SecuSUITE Server) in order to communicate with each other. The TOE does not allow the NULL algorithm to be specified and will reject connections from an endpoint that use any invalid algorithm, including the NULL ciphersuite. The SRTP destination ports that shall be used for a specific call are ‘negotiated’ between RTP Proxy and SIP server and included into the SDES body of the forwarded SIP messages. The admin can restrict the port range in the SIP server configuration. Keying material is established per the RFC4568 recommendation. The TOE uses SMIME secure multiparts to protect the crypto attribute with an "inline" line that contains the key parameters along with the a=crypto ciphersuite. The TOE protects the a=crypto message such that only the application’s peer is able to interpret. The SDP message that contains both the cipher and the keying material for SRTP encryption. The TOE uses SHA-256 as the SIP message digest authentication mechanism during a SIP transaction. All SIP messages are protected via TLS. The TOE supports HMAC-SHA-1 only in the SRTP ciphersuite. The TOE supports both SHA-256 and SHA-384 in digital signatures. The TOE supports SHA-384 and SHA-512 in the TLS signature algorithms extension. The SRTP destination ports that shall be used for a specific call are ‘negotiated’ between RTP Proxy and SIP Server and included into the SDES body of the forwarded SIP messages. The admin can restrict the port range in the SIP server configuration. The TOE presents the signature_algorithms extension in the Client Hello with the supported signature algorithms. The TOE supports SHA-384 and SHA-512 only. These are the values supported by default and cannot be changed. The TOE rejects any connection in which a certificate is not using a supported signature algorithm. The TOE supports the following ciphersuites with only TLS v1.2 communication: • TLS_ECDHE _ECDSA_WITH_AES_256_GCM_SHA_384 • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 All older versions of TLS are rejected. The TOE also supports mutual authentication during a TLS negotiation. The Cryptographic support function satisfies the following security functional requirements: SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 38 of 50 • ASPP14:FCS_CKM.1/AK: The TOE supports asymmetric key generation for TLS key exchange. The TOE generates TLS key exchange keys using P-384. The TOE also supports generating P-256 keys for backwards compatibility with older BlackBerry SecuSUITE Servers. • ASPP14:FCS_CKM.2: The TOE supports key establishment using Elliptic curve-based schemes described above for TLS key exchange. • ASPP14:FCS_CKM_EXT.1: For the Android platform, the TOE uses its internal FIPS object module to generate keys. For the iOS/iPadOS platform, the TOE uses platform provided API to generate keys for TLS certificates and its internal FIPS object module to generate ephemeral keys for the TLS handshake. • ASPP14:FCS_COP.1/Hash: The TOE performs hashing operations using the internal FIPS object module SHA cryptographic functions described above. • ASPP14:FCS_COP.1/KeyedHash: The TOE performs HMAC operations using the internal FIPS object module HMAC cryptographic functions described above. • ASPP14:FCS_COP.1/Sig: The TOE performs signature operations using the internal FIPS object module cryptographic functions described above. The TOE supports RSA key sizes of 2048 and 3072 bits, and ECDSA curve sizes of P-256 and P-384. The TOE performs RSA signature verification only. The TOE only has an ECDSA certificate for mutual authentication. The TOE can connect to a SecuSUITE Server that might be configured to send an RSA server certificate to the TOE. In this case, the TOE can only verify the RSA certificate signature and the TOE will send an ECDSA certificate to the server during mutual authentication. • ASPP14:FCS_COP.1/SKC: The TOE performs encryption and decryption operations using the internal FIPS object module AES cryptographic functions described above. • VVoIPAS10:FCS_COP.1/SRTP: The TOE supports SDES-SRTP as described above, in accordance with AES-CTR (as defined in NIST SP 800-38A) and AES-GCM (as defined in NIST SP 800-38D), with both algorithms using 256-bit keys. • ASPP14:FCS_HTTPS_EXT.1/Client: The TOE conforms to RFC 2818 by securing HTTPS with TLSv1.2. The TOE uses TLS to protect communications with SecuSUITE Server for all activities such as client configuration and certificate enrollment. The TOE’s TLS implementation has been tested in accordance with the activities in the Functional Package for Transport Layer Security (TLS), version 1.2. The TOE always checks the peer’s certificate. • ASPP14:FCS_RBG_EXT.1: The TOE leverages platform RBG services to seed its own internal FIPS object module CTR_DRBG (AES-256) as described above. • ASPP14:FCS_RBG_EXT.2: The TOE implements its own CTR_DRBG (AES-256) which is seeded from platform RBG services with a minimum of 384 bits of entropy. • VVoIPAS10:FCS_SRTP_EXT.1: The TOE supports SRTP as described above. • ASPP14:FCS_STO_EXT.1: The TOE stores X.509v3 certificate private keys and the SRTP encryption key persistently. The TOE uses X509 certificates to authenticate to SecuSUITE Server when performing TLS. The TOE uses an AES key to encrypt SRTP media during a call session. The TOE stores the data when not in use in client device platform-provided key storage as follows: o Samsung Android Key Store o Apple iOS/iPadOS Keychain • PKGTLS11:FCS_TLS_EXT.1: The TOE acts as a TLS client. • PKGTLS11:FCS_TLSC_EXT.1: The TOE supports TLS communication with mutual authentication as described above. The TOE uses the connection URL as the reference identifier to compare against the identifier in the peer’s certificate. The TOE only supports both CN and SAN reference identifier checking, with the SAN check preferred over CN. The TOE verifies the certificate received matches the reference identifier for the expected peer. The TOE does not accept certificates that cannot be determined to be valid, with no exceptions. The TOE does not support pinned certificates and URIs. Wildcards are not supported. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 39 of 50 • PKGTLS11:FCS_TLSC_EXT.2: The TOE authenticates its TLS peer using X.509v3 certificates and presents a certificate at the request of its peer. • PKGTLS11:FCS_TLSC_EXT.3: The TOE sends a Client Hello with a signature_algorithms extension to show supported signature algorithms as described above. • PKGTLS11:FCS_TLSC_EXT.4: The TOE supports session renegotiation in accordance with RFC 5746. The TOE includes the SCSV ciphersuite in the Client Hello handshake message. • PKGTLS11:FCS_TLSC_EXT.5: The TOE supports the Supported Groups Extension in the TLS handshake process. The TOE uses secp384r1 as the supported group in the TLS key exchange packets. 6.3 User data protection The TOE enforces a media transmission policy between registered VVoIP endpoints. The VVoIP endpoints are identified by an E.164 telephone number (SIP alias). The TOE mediates the creation of SRTP channels between registered VVoIP endpoints, ensuring that both endpoints are properly identified. The TOE permits SRTP traffic only when the following conditions are true: • The client TOE must be registered with the ESC, • A call has been established with a VVoIP endpoint, • The TOE is not in the ‘off-hook’ state, and • The TOE is not in the ‘mute’ state. The TOE allows messages to be sent securely between two VVoIP endpoints. The TOE uses the same SIP-TLS protections on the secure text messages sent between two users of the TOE application. The TOE enforces no additional information flow control policy rules, nor does it explicitly authorize or deny any information flows. All TCP and UDP ports previously used by the TOE are closed when a call is terminated. The User data protection function satisfies the following security functional requirements: • ASPP14:FDP_DAR_EXT.1: The TOE’s sensitive data includes secret and private keys. The TOE also receives an SIP password sent by the SecuSUITE Server. The TOE protects secret and private keys by storing the keys using the platform provided key storage. This is in accordance with the selection made in FCS_STO_EXT.1. The TOE protects the SIP password storage on Android by saving the password in a file with the MODE_PRIVATE flag set, which is Android’s default mode for creating files that give exclusive access to the application. On iOS/iPadOS, the TOE relies on the default iOS/iPadOS NSFileProtectionCompleteUntilFirstUserAuthentication data protection class to store all application files. • ASPP14:FDP_DEC_EXT.1: The TOE restricts its access to the address book as the only sensitive information repository. The TOE restricts its access to the network connectivity, camera, microphone, Bluetooth, biometrics, notifications, external storage, vibration motor and audio speaker as detailed below: o Network Connectivity – SecuSUITE requires access to a network to communicate with the SecuSUITE Server. o Camera – SecuSUITE allows scanning of a QR code using the phone’s camera. o Microphone – SecuSUITE uses the microphone to record voice data. o Bluetooth – SecuSUITE can use Bluetooth devices, such as Bluetooth headsets. o Biometrics – The platform OS might use biometrics as the authentication factor. SecuSUITE requests access to use the platform keystore via biometrics if the phone is set up with a biometric authentication factor. o Notifications – SecuSUITE sends notifications to the user of incoming calls, texts, and alerts. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 40 of 50 o External Storage – SecuSUITE’s text messaging system allows attachments, which are possibly stored in the phone’s external storage. o Vibration motor – SecuSUITE uses the vibration motor to alert the phone user of incoming calls and messages o Audio speaker – SecuSUITE uses the audio speaker to play audio data • VVoIPAS10:FDP_IFC.1: The TOE enforces its voice/video media transmission policy as described above. • VVoIPAS10:FDP_IFF.1: The TOE enforces its voice/video media transmission policy as described above. • ASPP14:FDP_NET_EXT.1: The TOE restricts its network communication to include only registration of the client with an SCA (port 3978), initiation of an outgoing call (5061), accepting/rejecting an incoming call (port 5061), sending/receiving a secure text message (port 5061), and updating contacts and configuration settings from the ESC (port 5062). 6.4 Identification and authentication The Identification and authentication function satisfies the following security functional requirements: • ASPP14:FIA_X509_EXT.1: Certificates are validated as part of the authentication process when they are presented to the TOE and when they are loaded into the TOE. The TOE requires the certificate to contain a SAN extension. The following fields are verified as appropriate: SAN checks, key usages, chain validation, expiration status, and revocation status. Chain validation includes ensuring that all certificates representing a CA indicate so using the basicConstraints CA flag having a value of TRUE. Revocation checking is also performed using a Certificate Revocation List. Wildcards are not allowed in certificates. • ASPP14:FIA_X509_EXT.2: The TOE utilizes OpenSSL version 1.0.2zm to perform TLS communications and X509 certificate checking. The TOE has multiple interfaces that use TLS: o SCA Registration (TCP port 3978): This channel is for the initial set up to register the TOE to the SecuSUITE Server. o SIP Communications (TCP port 5061): This channel is used for securing the media channel setup between the TOE and SecuSUITE Server. o Secure Client Authentication (TCP port 5062): This channel is used in secure communications with SecuSUITE Server for activities such as updating configuration and secure contacts. In all cases, the TOE checks the TLS peer’s certificate. The TOE only supports mutual authentication when it connects to SecuSUITE Server for SIP communications and secure client authentication. Certificates are provisioned by the SecuSUITE Server during SCA registration. The TOE uses certificates automatically, and these certificates are exchanged during TLS negotiations for the media and configuration communications with SecuSUITE Server. If the TOE determines the certificates from the peer are not valid, the certificates are not accepted and the TOE rejects the connection attempt. If an otherwise valid certificate cannot have its CRL checked to confirm that the certificate is not revoked, the certificate is not accepted and the TOE rejects the connection. 6.5 Security management The SIP client and server use username and passwords to allow the client to access the SIP and SCA server (separate passwords). These passwords are transmitted during initial SCA registration in the SIP Settings response and are stored persistently by the TOE. The TOE uses soft key storage to protect these secrets. During initial start-up, the user needs to enter an activation code to start the initial registration. The Activation Code is a shared secret between the server and the client used only during initial registration. Without the initial registration, the client application cannot communicate with the SIP server. The client does not install with any default credentials and the TOE does not require any credentials to provide access to the TOE. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 41 of 50 The key chain of the TOE soft key store anchors in a secret stored to the platform key stores (key chain) and hence the user must unlock the keystore (using platform features such as fingerprint or device password) to open the application. The TOE supports the following management functions, which are mapped to specific SFRs: • Specify the SIP server to use for connections. User can enter SCA Server address/port during the activation phase or use and activation QR code, which determines the SIP server. Note: This is the only parameter that the user can configure via the TOE. (ASPP14:FTP_DIT_EXT.1, VVoIIPAS10:FTP_DIT_EXT.1, and VVoIPAS10:FMT_SMF.1/VVoIP) The SCA Server pushes configuration settings, including username and password during registration. This configuration is created on the ESC and is used by the TOE. These settings configure the following: • SIP Username and SIP Password which is a randomly generated 24-character alphanumeric value, generated on the SCA Server and transmitted within the SIP settings response of the SCA protocol. (VVoIPAS10:FTP_DIT_EXT.1) • SIP URL and Port (VVoIPAS10:FTP_DIT_EXT.1) • SecuSERV Username and SecuSERV Password which is a randomly generated 24-character alphanumeric value, generated on the SCA Server and transmitted within the SecuSERV settings response of the SCA protocol. A separate distinct username and password are also provided for the following services (VVoIPAS10:FTP_DIT_EXT.1) o Chat Service o Conference Service o Certificate Service o Contacts Service • Configure cryptographic algorithms associated with protocols mandated in this PP. The algorithms are selected by the SIP server during TLS handshake. (PKGTLS11:FCS_TLSC_EXT.1, VVoIPAS10:FCS_COP.1/SRTP and VVoIPAS10:FCS_SRTP_EXT.1) • Load X.509v3 certificates used for security functions in this PP – the client’s X.509v3 certificates are generated during registration with the SCA server. (ASPP14:FIA_X509_EXT.1 and ASPP14:FIA_X509_EXT.2) • Configure certificate revocation check. There are no configurable parameters for revocation checking. (ASPP14:FIA_X509_EXT.1 and ASPP14:FIA_X509_EXT.2) The client device platform performs the following management functions: • Ability to update the TOE and to verify the updates. The user may uninstall or update the TOE using the mobile device operating system and app store. Downloaded TOE updates (apps) are verified using digital signatures in accordance with supported mobile device Security Targets for Android and iOS/iPadOS platforms. (ASPP14:FPT_TUD_EXT.1 and ASPP14:FPT_TUD_EXT.2) The Security management function satisfies the following security functional requirements: • ASPP14:FMT_CFG_EXT.1: Prior to registration with the SCA server, the client is presented with the activation screen and cannot leave that screen until a valid Activation Code is presented to the SIP server. • ASPP14:FMT_MEC_EXT.1: The TOE uses Android’s SharedPreferences API (https://developer.android.com/reference/android/content/SharedPreferences) to store application configuration options. The TOE stores its settings in an XML file at location /data/data/package/shared_prefs. For iOS/iPadOS platforms, the TOE stores application configuration options using the user default system, which includes UserDefaults and NSUserDefaults APIs. TOE’s API configuration is stored locally, but established and modified by the remote SCA or SIP server. Neither the TOE nor the platform offer the ability to configure the TOE’s SIP settings locally. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 42 of 50 • ASPP14:FMT_SMF.1: The TOE provides the management functions identified above. • VVoIPAS10:FMT_SMF.1/VVoIP: The TOE provides the following management operations: o Ability to register the TOE to an ESC manually The TOE does not contain any default configuration after installation. The TOE requires the operator to enter in the server address to register the TOE with the ESC. This is done either by manual input or by scanning a QR code. 6.6 Privacy The Privacy function satisfies the following security functional requirements: • ASPP14:FPR_ANO_EXT.1: The TOE does not collect any PII and does not transmit any PII over a network. 6.7 Protection of the TSF The TOE is physically protected by the boundary of the evaluated device. The TOE is executed on an evaluated Android 14, iOS 17, or iPadOS 17 device. Under Android, the TOE is constructed as a Java Application that executes most security relevant code in the native layer implemented in C/C++ (as a shared library). The primary purpose of this Java code is to provide the UI Implementation. For iOS/iPadOS, the TOE is constructed as a native application implemented in objective C and C++. Memory mapping and permissions on memory regions are not functions applicable to a Java application. However, some 3rd party libraries are written in a language other than Java and thus are subject to the requirement for Anti- Exploitation Capabilities. However, none of the 3rd party libraries used by the TOE request memory mapping at explicit addresses and none allocate memory for both write and execute permissions. Android’s application management requires application updates to be signed with an Android key, thus allowing the secure updates of its applications. The Android OS Linux kernel is capable of ASLR (Address Space Layout Randomization), ensuring that no application uses the same address layout on two different devices. The TOE libraries are also compiled with the ‘-fstack-protector-all -fno-exceptions’ flags in order to enable ASLR and stack-based buffer overflow protections. On iOS/iPadOS the ASLR feature (-pie) is not set by a compiler flag because it is on by default on the C-language compiler and this setting is required by the Apple App store. The TOE is assigned a version2 number by the vendor, which is constructed using the following convention: ... For example, a release number might be 6.0.209.26050. This is interpreted as follows: Major: 6 Minor: 0 Build: 209 Year: 2026 Week: 05 Debug: 0 (0 = release; 1 = debug build) Major numbers represent significant product changes, while minor numbers are incremented for feature improvements and bug fixes. The build number, year, week, and debug state round out the identification of the software, providing increased uniqueness. The major, minor, and build number combination provides the exact code base that was compiled. The year, week, and debug numbers are purely informative. On Android, the version information is provided with all numbers as shown above. On iOS/iPadOS, the version number contains only the major, minor and build numbers. This is performed in accordance with how the platform presents version numbers for applications (https://developer.apple.com/documentation/packagedescription/version). 2 The vendor refers to this identifier as a release number. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 43 of 50 The list of 3rd party libraries can be found in FPT_LIB_EXT.1 above. The user may install or update the TOE using the mobile device operating system and app store. The TOE platform checks the signature of any update before the update is applied. TOE updates are signed with the BlackBerry software signing key associated with each platform. Downloaded TOE updates (apps) are verified using digital signatures in accordance with supported mobile device Security Targets (as mentioned in the TOE Overview). The Protection of the TSF function satisfies the following security functional requirements: • ASPP14:FPT_AEX_EXT.1: The TOE does not make requests to map memory at an explicit address, nor does it allocate any memory region with both write and execute permissions. Refer to the above discussion for more information. • ASPP14:FPT_API_EXT.1: The TOE uses platform services by using only documented platform provided APIs. The specific interfaces used by the TOE on Android and iOS/iPadOS platforms are provided in Section 7. • ASPP14:FPT_IDV_EXT.1: The TOE identifies software as described above. • ASPP14:FPT_LIB_EXT.1: The TOE includes the 3rd party libraries listed in FPT_LIB_EXT.1 above. The iOS/iPadOS version of the TOE has no external dependencies. • ASPP14:FPT_TUD_EXT.1 & VVoIPAS10:FPT_TUD_EXT.1: The TOE is distributed using the Android application package (APK) format on an Android platform and using the IPA format on an iOS/iPadOS platform. The TOE is distributed as an additional software package, and is installed using the respective app store of each platform. The TOE relies upon the platform to provide a mechanism that can check for product updates, to query the current version of the TOE, and to support the installation of an update as described above. Alternatively, the TOE can also query the current version of the TOE, but cannot check for product updates. The Android platform uses the Google Play Store, and the iOS/iPadOS platform uses the Apple App Store. Both app stores require developers to digitally sign their applications with a key recognized by each respective app store. This signature is used to verify that the application is from a trusted source. BlackBerry provides timely security updates for the TOE in case vulnerabilities have been discovered. Reported vulnerabilities and defects are investigated and rated based on the threat and result of the impact analysis and then scheduled for an upcoming bug fix release based on the severity. BlackBerry aims for a security update between 10 and a maximum of 50 days. Third party library updates are also included as a part of the TOE’s update. BlackBerry accepts vulnerability reports through the BlackBerry “Contact an Expert” form at https://www.blackberry.com/us/en/forms/enterprise/contact-us. • ASPP14:FPT_TUD_EXT.2: These platforms force the TOE to write all data within the application working directory (sandbox), thus ensuring the application’s removal results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events. BlackBerry is an authorized source as they are a vendor that obtained official signing keys from Google and Apple in order to publish the TOE application on both the Google Play Store and Apple App Store. The application signature is verified by each respective platform. 6.8 TOE access SecuSUITE Server enforces a default timeout of 15 seconds for the SRTP channel. Only SecuSUITE Server can configure the SRTP timeout value via SCA registration between the TOE and SecuSUITE Server. The TOE access function satisfies the following security functional requirements: • VVoIPAS10:FTA_SSL.3/Media: The configuration loaded into the TOE during registration includes the configured interval for termination of an idle voice/video transmission. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 44 of 50 6.9 Trusted path/channels The Trusted path/channels function satisfies the following security functional requirements: • ASPP14:FTP_DIT_EXT.1 and VVoIPAS10:FTP_DIT_EXT.1: The TOE encrypts all data transmitted between itself and an Enterprise Session Controller (ESC, or SecuSUITE Server) using HTTPS/TLS and SIP over TLS. The TOE encrypts media communications between itself and another VVoIP endpoint using SRTP. The TOE uses these protocols to protect requested services from the ESC (such as enrollment and configuration updates), SIP signaling, VoIP calls, and secure text messaging. The TOE uses HTTPS/TLS to protect communications with the SecuSUITE Server when requesting services from the server, such as enrollment and obtaining SIP server configuration options. • VVoIPAS10:FTP_ITC.1/Control: The TOE uses SIP for all data transmitted between itself and an Enterprise Session Controller for the purpose of communicating with another VVoIP endpoint. The SIP communication occurs within the context of an already established TLS session. The TOE or ESC can initiate SIP communication in the existing TLS session. • VVoIPAS10:FTP_ITC.1/Media: The TOE uses SRTP as a trusted channel to communicate with a proxy on SecuSUITE Server. Using this proxy, the TOE can communicate with another VVoIP endpoint for media traffic. The SRTP cryptographic parameters are passed between the TOE and the other VVoIP endpoint using SIP messages protected by TLS (traffic that is part of FTP_ITC.1/Control). The TOE can either initiate or receive voice/video media traffic. SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 45 of 50 7. API used by the TOE The TOE uses platform services by using only documented platform provided APIs. 7.1 Android platform interfaces invoked by the TOE The following are the platform APIs invoked by the TOE when running on an Android platform. android.animation.Animator; android.animation.AnimatorListenerAdapter; android.animation.AnimatorSet; android.animation.ArgbEvaluator; android.animation.ObjectAnimator; android.animation.ValueAnimator; android.annotation.SuppressLint; android.annotation.TargetApi; android.app.Activity; android.app.ActivityManager; android.app.AlarmManager; android.app.AlertDialog; android.app.Application; android.app.Dialog; android.app.ForegroundServiceTypeException; android.app.IntentService; android.app.KeyguardManager; android.app.Notification; android.app.NotificationChannel; android.app.NotificationManager; android.app.PendingIntent; android.app.Service; android.app.TimePickerDialog; android.bluetooth.BluetoothAdapter; android.bluetooth.BluetoothDevice; android.bluetooth.BluetoothHeadset; android.bluetooth.BluetoothManager; android.bluetooth.BluetoothProfile; android.content.ActivityNotFoundException; android.content.BroadcastReceiver; android.content.ClipboardManager; android.content.ClipData; android.content.ComponentCallbacks2; android.content.ComponentName; android.content.ContentProvider; android.content.ContentResolver; android.content.ContentUris; android.content.ContentValues; android.content.Context android.content.Context; android.content.CursorLoader; android.content.DialogInterface; android.content.DialogInterface.OnClickListener; android.content.Intent; android.content.IntentFilter; android.content.pm.ActivityInfo; android.content.pm.PackageInfo; android.content.pm.PackageManager; android.content.pm.ServiceInfo; android.content.res.ColorStateList; android.content.res.Resources; android.content.RestrictionsManager; android.content.res.TypedArray; android.content.ServiceConnection; android.content.SharedPreferences; android.database.ContentObserver; android.database.Cursor; android.database.MatrixCursor; android.graphics.Bitmap; android.graphics.BitmapFactory; android.graphics.Canvas; android.graphics.Color; android.graphics.ColorFilter; android.graphics.DashPathEffect; android.graphics.drawable.BitmapDrawable; android.graphics.drawable.ColorDrawable; android.graphics.drawable.Drawable; android.graphics.drawable.ShapeDrawable; android.graphics.drawable.shapes.OvalShape; android.graphics.Matrix; android.graphics.Paint; android.graphics.Path; android.graphics.PathEffect; android.graphics.PathMeasure; android.graphics.PixelFormat; android.graphics.Point; android.graphics.PorterDuff; android.graphics.PorterDuffXfermode; android.graphics.Rect; android.graphics.RectF; android.graphics.Region; android.graphics.Typeface; android.graphics.Xfermode; android.hardware.Sensor; android.hardware.SensorEvent; android.hardware.SensorEventListener; android.hardware.SensorManager; android.Manifest; android.media.AudioAttributes; android.media.AudioDeviceInfo; android.media.AudioFocusRequest; android.media.AudioManager; android.media.AudioRecordingConfiguration; android.media.ExifInterface; SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 46 of 50 android.media.MediaDataSource; android.media.MediaPlayer; android.media.MediaPlayer.OnCompletionListener; android.media.RingtoneManager; android.media.ThumbnailUtils; android.net.ConnectivityManager; android.net.LinkAddress; android.net.LinkProperties; android.net.Network; android.net.NetworkCapabilities; android.net.Uri android.net.Uri; android.os.Binder; android.os.Build android.os.Build; android.os.Bundle; android.os.CancellationSignal; android.os.Environment; android.os.Handler; android.os.IBinder; android.os.Looper; android.os.MemoryFile; android.os.Parcel; android.os.Parcelable android.os.Parcelable; android.os.ParcelFileDescriptor; android.os.PowerManager; android.os.PowerManager.WakeLock; android.os.SystemClock; android.os.Vibrator; android.preference.PreferenceManager; android.provider.CallLog; android.provider.ContactsContract; android.provider.DocumentsContract; android.provider.MediaStore; android.provider.OpenableColumns; android.provider.Settings; android.provider.Telephony; android.security.KeyPairGeneratorSpec; android.security.keystore.KeyGenParameterSpec; android.security.keystore.KeyPermanentlyInvalidatedE xception; android.security.keystore.KeyProperties; android.security.keystore.KeyProtection; android.service.notification.StatusBarNotification; android.telephony.CellSignalStrength; android.telephony.PhoneNumberFormattingTextWatch er; android.telephony.PhoneNumberUtils; android.telephony.SmsManager; android.telephony.SmsMessage; android.telephony.TelephonyManager; android.text.Editable; android.text.format.DateFormat; android.text.format.DateUtils; android.text.format.Formatter; android.text.Html; android.text.InputFilter; android.text.Layout; android.text.method.ScrollingMovementMethod; android.text.Spannable; android.text.SpannableString; android.text.SpannableStringBuilder; android.text.Spanned; android.text.style.AlignmentSpan; android.text.style.ImageSpan; android.text.style.StyleSpan; android.text.TextUtils android.text.TextUtils; android.text.TextWatcher; android.transition.TransitionInflater; android.util.AttributeSet android.util.AttributeSet; android.util.Base64; android.util.DisplayMetrics; android.util.Log android.util.Log; android.util.LongSparseArray; android.util.Pair; android.util.SparseArray; android.util.SparseIntArray; android.util.TypedValue; android.view.ActionMode; android.view.animation.AccelerateDecelerateInterpolat or; android.view.animation.AccelerateInterpolator; android.view.animation.Animation; android.view.animation.AnimationUtils; android.view.animation.DecelerateInterpolator; android.view.animation.PathInterpolator; android.view.animation.ScaleAnimation; android.view.ContextMenu; android.view.Display; android.view.GestureDetector; android.view.Gravity; android.view.inputmethod.EditorInfo; android.view.inputmethod.InputConnection; android.view.inputmethod.InputMethodManager; android.view.KeyEvent; android.view.LayoutInflater; android.view.Menu; android.view.MenuInflater; android.view.MenuItem; android.view.MotionEvent; android.view.ScaleGestureDetector; android.view.SubMenu; android.view.Surface; android.view.SurfaceHolder; android.view.SurfaceView; android.view.View; SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 47 of 50 android.view.ViewGroup; android.view.ViewGroup.LayoutParams; android.view.View.OnClickListener; android.view.View.OnFocusChangeListener; android.view.View.OnLongClickListener; android.view.View.OnTouchListener; android.view.ViewOutlineProvider; android.view.ViewTreeObserver; android.view.Window; android.view.WindowManager; android.webkit.MimeTypeMap; android.widget.ArrayAdapter; android.widget.BaseAdapter; android.widget.Button; android.widget.Checkable; android.widget.CheckBox; android.widget.Chronometer; android.widget.EditText; android.widget.Filter; android.widget.Filterable; android.widget.FrameLayout; android.widget.ImageButton; android.widget.ImageView; android.widget.LinearLayout; android.widget.ListView; android.widget.MediaController; android.widget.PopupWindow; android.widget.ProgressBar; android.widget.RelativeLayout; android.widget.ScrollView; android.widget.SectionIndexer; android.widget.SeekBar; android.widget.SeekBar.OnSeekBarChangeListener; android.widget.TextView; android.widget.TimePicker; android.widget.Toast; android.widget.ViewFlipper; androidx.activity.result.ActivityResult; androidx.activity.result.ActivityResultCallback; androidx.activity.result.ActivityResultLauncher; androidx.activity.result.contract.ActivityResultContract s; androidx.annotation.CallSuper; androidx.annotation.CheckResult; androidx.annotation.DimenRes; androidx.annotation.DrawableRes; androidx.annotation.FloatRange; androidx.annotation.IntDef; androidx.annotation.IntegerRes; androidx.annotation.IntRange; androidx.annotation.MainThread androidx.annotation.MainThread; androidx.annotation.NonNull; androidx.annotation.Nullable; androidx.annotation.RawRes; androidx.annotation.RequiresApi; androidx.annotation.StringRes; androidx.annotation.StyleRes; androidx.annotation.VisibleForTesting; androidx.appcompat.app.AlertDialog; androidx.appcompat.app.AppCompatActivity; androidx.appcompat.content.res.AppCompatResources; androidx.appcompat.widget.AppCompatEditText; androidx.appcompat.widget.AppCompatImageButton; androidx.appcompat.widget.AppCompatImageView; androidx.appcompat.widget.LinearLayoutCompat; androidx.appcompat.widget.SearchView; androidx.appcompat.widget.SwitchCompat; androidx.appcompat.widget.Toolbar; androidx.biometric.BiometricManager; androidx.biometric.BiometricPrompt; androidx.biometric.BiometricPrompt.AuthenticationCal lback; androidx.cardview.widget.CardView; androidx.compose.animation.animateColorAsState androidx.compose.animation.AnimatedVisibility androidx.compose.animation.core.tween androidx.compose.animation.fadeIn androidx.compose.animation.fadeOut androidx.compose.foundation.background androidx.compose.foundation.clickable androidx.compose.foundation.Image androidx.compose.foundation.isSystemInDarkTheme androidx.compose.foundation.layout.Arrangement androidx.compose.foundation.layout.Arrangement; androidx.compose.foundation.layout.Box androidx.compose.foundation.layout.fillMaxSize androidx.compose.foundation.layout.fillMaxWidth androidx.compose.foundation.layout.padding androidx.compose.foundation.layout.Row androidx.compose.foundation.layout.size androidx.compose.foundation.layout.Spacer androidx.compose.foundation.layout.wrapContentHeig ht androidx.compose.foundation.layout.wrapContentSize androidx.compose.material3.CircularProgressIndicator androidx.compose.material3.darkColorScheme androidx.compose.material3.dynamicDarkColorSchem e androidx.compose.material3.dynamicLightColorSchem e androidx.compose.material3.MaterialTheme androidx.compose.material3.Text androidx.compose.material3.Typography androidx.compose.material3.Typography; androidx.compose.runtime.collectAsState androidx.compose.runtime.Composable androidx.compose.runtime.Composable; androidx.compose.runtime.getValue androidx.compose.runtime.Immutable SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 48 of 50 androidx.compose.runtime.Immutable; androidx.compose.runtime.LaunchedEffect androidx.compose.runtime.Stable androidx.compose.runtime.Stable; androidx.compose.ui.Alignment androidx.compose.ui.Alignment; androidx.compose.ui.geometry.Offset androidx.compose.ui.graphics.Brush androidx.compose.ui.graphics.Brush; androidx.compose.ui.graphics.Color androidx.compose.ui.graphics.StrokeCap androidx.compose.ui.graphics.StrokeCap; androidx.compose.ui.graphics.vector.ImageVector androidx.compose.ui.graphics.vector.ImageVector; androidx.compose.ui.layout.ContentScale androidx.compose.ui.layout.ContentScale; androidx.compose.ui.Modifier androidx.compose.ui.Modifier; androidx.compose.ui.platform.AbstractComposeView androidx.compose.ui.platform.AbstractComposeView; androidx.compose.ui.platform.LocalContext androidx.compose.ui.res.colorResource androidx.compose.ui.res.stringResource androidx.compose.ui.res.vectorResource androidx.compose.ui.text.font.FontFamily androidx.compose.ui.text.font.FontWeight androidx.compose.ui.text.font.FontWeight; androidx.compose.ui.text.TextStyle androidx.compose.ui.text.TextStyle; androidx.compose.ui.tooling.preview.Preview androidx.compose.ui.tooling.preview.Preview; androidx.compose.ui.unit.dp androidx.compose.ui.unit.sp androidx.constraintlayout.widget.ConstraintLayout; androidx.constraintlayout.widget.Guideline; androidx.coordinatorlayout.widget.CoordinatorLayout; androidx.core.app.ActivityCompat; androidx.core.app.ActivityOptionsCompat; androidx.core.app.NotificationCompat; androidx.core.content.ContextCompat; androidx.core.content.FileProvider; androidx.core.content.res.ResourcesCompat; androidx.core.graphics.drawable.DrawableCompat; androidx.core.util.Pair; androidx.core.view.GestureDetectorCompat; androidx.core.view.inputmethod.EditorInfoCompat; androidx.core.view.inputmethod.InputConnectionComp at; androidx.core.view.inputmethod.InputContentInfoCom pat; androidx.core.widget.NestedScrollView; androidx.core.widget.TextViewCompat; androidx.databinding.BaseObservable; androidx.databinding.Bindable; androidx.databinding.BindingAdapter androidx.databinding.BindingAdapter; androidx.databinding.DataBinderMapper; androidx.databinding.DataBindingComponent; androidx.databinding.DataBindingUtil; androidx.databinding.ViewDataBinding; androidx.documentfile.provider.DocumentFile; androidx.emoji2.bundled.BundledEmojiCompatConfig; androidx.emoji2.text.EmojiCompat; androidx.emoji2.text.EmojiSpan; androidx.fragment.app.DialogFragment; androidx.fragment.app.Fragment; androidx.fragment.app.FragmentActivity; androidx.fragment.app.FragmentManager; androidx.fragment.app.FragmentOnAttachListener; androidx.lifecycle.DefaultLifecycleObserver; androidx.lifecycle.Lifecycle; androidx.lifecycle.LifecycleOwner; androidx.lifecycle.LiveData androidx.lifecycle.LiveData; androidx.lifecycle.map androidx.lifecycle.MediatorLiveData; androidx.lifecycle.MutableLiveData androidx.lifecycle.MutableLiveData; androidx.lifecycle.ProcessLifecycleOwner; androidx.lifecycle.SavedStateHandle; androidx.lifecycle.Transformations; androidx.lifecycle.ViewModel androidx.lifecycle.ViewModel; androidx.lifecycle.viewmodel.compose.viewModel androidx.lifecycle.ViewModelProvider androidx.lifecycle.ViewModelProvider; androidx.lifecycle.ViewModelStoreOwner androidx.lifecycle.ViewModelStoreOwner; androidx.localbroadcastmanager.content.LocalBroadcas tManager; androidx.recyclerview.selection.ItemDetailsLookup; androidx.recyclerview.selection.ItemKeyProvider; androidx.recyclerview.selection.MutableSelection; androidx.recyclerview.selection.SelectionPredicates; androidx.recyclerview.selection.SelectionTracker; androidx.recyclerview.selection.StorageStrategy; androidx.recyclerview.widget.DiffUtil; androidx.recyclerview.widget.DiffUtil.DiffResult; androidx.recyclerview.widget.GridLayoutManager; androidx.recyclerview.widget.LinearLayoutManager; androidx.recyclerview.widget.RecyclerView; androidx.recyclerview.widget.RecyclerView.Adapter; androidx.swiperefreshlayout.widget.SwipeRefreshLayo ut; androidx.viewbinding.ViewBinding; androidx.viewbinding.ViewBindings; androidx.viewpager.widget.PagerAdapter; androidx.viewpager.widget.ViewPager; SecuSUITE/Envoy Client version 6.0 Security Target Version 0.6, February 17, 2026 Page 49 of 50 7.2 iOS/iPadOS platform interfaces invoked by the TOE The following are the platform interfaces invoked by the TOE when running on an iOS/iPadOS platform. Payload/SecuSUITE.app/SecuSUITE: System/Library/Frameworks/CoreServices.framework System/Library/Frameworks/Photos.framework System/Library/Frameworks/MobileCoreServices.framework System/Library/Frameworks/Accelerate.framework System/Library/Frameworks/ImageIO.framework System/Library/Frameworks/AssetsLibrary.framework System/Library/Frameworks/QuartzCore.framework System/Library/Frameworks/BackgroundTasks.framework System/Library/Frameworks/CoreFoundation.framework System/Library/Frameworks/AudioToolbox.framework System/Library/Frameworks/AVFoundation.framework System/Library/Frameworks/CFNetwork.framework System/Library/Frameworks/Contacts.framework System/Library/Frameworks/CoreAudio.framework System/Library/Frameworks/CoreGraphics.framework System/Library/Frameworks/CoreTelephony.framework System/Library/Frameworks/Foundation.framework System/Library/Frameworks/PushKit.framework System/Library/Frameworks/SystemConfiguration.framework System/Library/Frameworks/UIKit.framework