Declaration Letter for 5G WiFi Software Security

FCC ID: 2ACRLCTR

Cover Letter(s)

Download: PDF
FCCID_4351516

        Harman Automotive Electronic Systems(Suzhou) Co., Ltd

Federal Communications Commission                                      2019-07-10
Oakland Mills Road
Columbia MD 21046
FCC ID: 2ACRLCTR
Subject: Software security requirements for U-NII device.
The information within this section of the Operational Description is to show compliance against the
Software Security Requirements laid out within KDB 594280 D02 U-NII Device Security v01r03.
General Description
1. Describe how any software/firmware update          The software/firmware update is bundled, as part
will be obtained, downloaded, and installed.          of the device software update, and the user or
Software that is accessed through manufacturer’s      installer cannot modify the content. The
website or device’s management system, must           installation and/or update proceeds automatically
describe the different levels of security.            once the user accepts to install/update the
                                                      software/firmware.
2. Describe all the radio frequency parameters        The Software/Firmware in the device, controls
that are modified by any software/firmware            the following RF parameters: 1. Transmitter
without any hardware changes. Are these               Frequency
parameters in some way limited, such that, it will    2. Transmitter Output Power
not exceed the authorized parameters?                 3. Receiver Frequency
                                                      4. Channel Bandwidth
                                                      5. RSSI calibration
                                                      The Software/Firmware controls the RF
                                                      parameters listed above so as to comply with the
                                                      specific set of regulatory limits in accordance with
                                                      the FCC grants issued for this device.
                                                      The RF parameters are limited to comply with FCC
                                                      rules and requirements during calibration of the
                                                      device in the factory. Security keys (certification
                                                      certificates) are in place to ensure that these
                                                      parameters cannot be access by the User and/or a
                                                      3rd party.
3. Describe in detail the authentication protocols    All software images are digitally signed with public
that are in place to ensure that the source of the    key cryptography. Images are signed by private key
software/firmware is legitimate. Describe in detail   stored in securely merged server, and verified by
how the software is protected against                 public key stored in a device when they are flashed
modification.                                         into the device.
4. Describe in detail the verification protocols in   The same as General Description Q3
place to ensure that installed software/firmware is
legitimate.




5G Wi-Fi Declaration Letter


        Harman Automotive Electronic Systems(Suzhou) Co., Ltd

5. For a device that can be configured as a master    This device is only a client in 5 GHz
and client (with active or passive scanning), explain operation and does not operate as master.
how the device ensures compliance for each
mode? In particular if the device acts as master in
some band of operation and client in another; how
is compliance ensured in each band of operation?
3 rd Party Access Control
1. Explain if any third parties have the capability to   3rd party does not have the capability
operate a U.S.-sold device on any other regulatory
domain, frequencies, or in any manner that
may allow the device to operate in violation of the
device’s authorization if activated in the U.S.
2. Describe, if the device permits third-party           3rd party cannot access SW/FW
software or firmware installation, what
mechanisms are provided by the manufacturer to
permit integration of such functions while
ensuring that the RF parameters of the device
cannot be operated outside its authorization for
operation in the U.S. In the description include
what controls and/or agreements are in
place with providers of third-party functionality to
ensure the devices’ underlying RF parameters are
unchanged and how the manufacturer
verifies the functionality.
3. For Certified Transmitter modular devices,            Not applicable – this is not a modular device
describe how the module grantee ensures that
hosts manufactures fully comply with these
software security requirements for U-NII devices.
If the module is controlled through driver software
loaded in the host, describe how the drivers are
controlled and managed such that the modular
transmitter parameters are not modified outside
the grant of authorization.
SOFTWARE CONFIGURATION DESCRIPTION

1. To whom is the UI accessible? (Professional N/A
installer, end user, other.)
a) What parameters are viewable to the                   N/A
professional installer/end-user?
b) What parameters are accessible or modifiable          N/A
to the professional installer?




5G Wi-Fi Declaration Letter


         Harman Automotive Electronic Systems(Suzhou) Co., Ltd

i) Are the parameters in some way limited, so that        N/A
the installers will not enter parameters that
exceed those authorized?
ii) What controls exist that the user cannot              N/A
operate the device outside its authorization in the
U.S.?
c) What configuration options are available to the        N/A
end-user?
i) Are the parameters in some way limited, so that        N/A
the installers will not enter parameters that
exceed those authorized?
ii) What controls exist that the user cannot operate      N/A
the device outside its authorization in the
U.S.?

d) Is the country code factory set? Can it be             N/A
changed in the UI?
i) If so, what controls exist to ensure that the          N/A
device can only operatewithin its authorization in
the U.S.?
e) What are the default parameters when the               N/A
device is restarted?

2. Can the radio be configured in bridge or mesh          N/A
mode? If yes, an attestation may be required.
Further information is available in KDB Publication
905462 D02.
3. For a device that can be configured as a master        N/A
and client (with active or passive scanning),if this is
user configurable, describe what controls exist,
within the UI, to ensure compliance for each
mode.
If the device acts as a master in some bands and
client in others, how is this configured to ensure
compliance?
Best Regards


Name: Danie Hong
Title: Project handler
Company: Harman Automotive Electronic Systems(Suzhou) Co., Ltd.
Address: No.125, Fangzhou Road, SIP,Suzhou, Jiangsu Province, China
E-mail: Danie.Hong@harman.com        TEL: 86-512-62554740



5G Wi-Fi Declaration Letter



Document Created: 2019-07-11 13:56:41
Document Modified: 2019-07-11 13:56:41

© 2024 FCC.report
This site is not affiliated with or endorsed by the FCC