Add: A#511, Mingyou Purchasing Center, Baoyuan Rd., Xixiang St., Baoan Dis., Shenzhen Wesion Technology Co., Ltd. Shenzhen, China. Federal Communication Commission Equipment Authorization Division, Application Processing Branch 7435 Oakland Mills Road Columbia, MD 21046
<2020-01-06>
Attn: Office of Engineering and Technology Subject: Attestation Letter regarding UNII devices FCC ID: 2AVFM-VIM3 Software security questions and answers per KDB 594280 D02:
Software Security description General Description 1 Describe how any software/firmware update will be obtained, downloaded, and installed. Software that is accessed through manufacturers website or devices management system, must describe the different levels of security. 2 Describe all the radio frequency parameters that are modified by any software/firmware without any hardware changes. Are these parameters in some way limited, such that, it will not exceed the authorized parameters?
3 Describe in detail the authentication protocols that are in place to ensure that the source of the software/firmware is legitimate. Describe in detail how the software is protected against modification 4 Describe in detail the verification protocols in We do not release the firmware on our website for downloading. Our direct host manufacturer (OEM) can request the firmware from us and it will be made available via secure server. Radio frequency parameters are limited by US regulatory domain and country code to limit frequency and transmit power levels. These limits are stored in non-volatile memory by the module manufacturer at the time of production. They will not exceed the authorized values. The firmware is installed on each single module during manufacturing process. The correct firmware is verified and installed by the module manufacturer. In addition, the firmware binary is encrypted using open SSL encryption and the firmware updates can only be stored in non-volatile memory when the firmware is authenticated. The encryption key is known by the module manufacturer only. The process to flash a new firmware Add: A#511, Mingyou Purchasing Center, Baoyuan Rd., Xixiang St., Baoan Dis., Shenzhen Wesion Technology Co., Ltd. Shenzhen, China. place to ensure that installed software/firmware is legitimate 5 For a device that can be configured as a master and client (with active or passive scanning), explain how the device ensures compliance for each mode? In particular if the device acts as master in some band of operation and client in another; how is compliance ensured in each band of operation?
is using a secret key to decrypt the firmware, only correct decrypted firmware is stored in non-volatile memory (see #3). The device ensures the compliance by checking the configured parameter and operation values according to the regulatory domain and country code in each band. The device configured as a client without radar detection capability Software Security description Third-Party Access Control 1 2 3 1 No, third parties dont have the capability to access and change radio parameters. US sold modules are factory configured to US. N/A N/A Explain if any third parties have the capability to operate a US sold device on any other regulatory domain, frequencies, or in any manner that is in violation of the certification. Describe, if the device permits third-party software or firmware installation, what mechanisms are provided by the manufacturer to permit integration of such functions while ensuring that the RF parameters of the device cannot be operated outside its authorization for operation in the U.S. In the description include what controls and/or agreements are in place with providers of third-party functionality to ensure the devices underlying RF parameters are unchanged and how the manufacturer verifies the functionality. For Certified Transmitter modular devices, describe how the module grantee ensures that host manufacturers fully comply with these software security requirements for U-NII devices. If the module is controlled through driver software loaded in the host, describe how the drivers are controlled and managed such that the modular transmitter RF parameters are not modified outside the grant of authorization. Software Security description USER CONFIGURATION GUID Describe the user configurations permitted through the UI. If different levels of access are permitted for professional installers, system integrators or end-users, describe the differences. a. What parameters are viewable and There is no user configuration GUI. There is no user configuration GUI. Add: A#511, Mingyou Purchasing Center, Baoyuan Rd., Xixiang St., Baoan Dis., Shenzhen Wesion Technology Co., Ltd. configurable by different parties?
b. What parameters are accessible or modifiable Shenzhen, China. to the professional installer?
i. Are the parameters in some way limited, so that the installers will not enter parameters that exceed those authorized?
What controls exist that the user cannot operate the device outside its authorization in the U.S.?
ii. This device is not subject to professional installation c. What configuration options are available to the end-user?
i. ii. Are the parameters in some way limited, so that the installers will not enter parameters that exceed those authorized?
What controls exist that the user cannot operate the device outside its authorization in the U.S.?
d. Is the country code factory set? Can it be changed in the UI?
i. If so, what controls exist to ensure that the device can only operate within its authorization in the U.S.?
e. What are the default parameters when the device is restarted?
Can the radio be configured in bridge or mesh mode? If yes, an attestation may be required. Further information is available in KDB Publication 905462 D02. For a device that can be configured as a master and client (with active or passive scanning), if this is user configurable, describe what controls exist, within the UI, to ensure compliance for each mode. If the device acts as a master in some 2 3 The end user is not able to configure any parameters related to the devices radio The parameters can only be changed remotely within the limits of country code US. The country code and regulatory domain control do limit all the parameters set The country code is factory set and is never changed by UI. The country code is factory set and is never changed by UI At each boot up the country code and the antenna gain are read from the non-volatile memory, those values are configured during production. Not supported Not Supported Add: A#511, Mingyou Purchasing Center, Baoyuan Rd., Xixiang St., Baoan Dis., Shenzhen Wesion Technology Co., Ltd. 4 Shenzhen, China. bands and client in others, how is this configured to ensure compliance?
For a device that can be configured as different types of access points, such as point-to-point or point-to-multipoint, and use different types of antennas, describe what controls exist to ensure compliance with applicable limits and the proper antenna is used for each mode of operation. See Section 15.407(a). The device does not support these modes/features. Sincerely, Name:
Company:
Address:
Phone:
Fax:
E-Mail:
Terry Yang / Manager Shenzhen Wesion Technology Co., Ltd. A#511, Mingyou Purchasing Center, Baoyuan Rd., Xixiang St., Baoan Dis., Shenzhen, China. 0755-23076626 0755-23076626 terry@khadas.com