Software Security Declaration Letter

FCC ID: PY317200378

Cover Letter(s)

Download: PDF
FCCID_3548004

Software Security Declaration FCC ID : PY317200378 SOFTWARE SECURITY DESCRIPTION General 1. Describe how any software/firmware Software / firmware updates for the Description updates for elements than can affect the MR1100-320 mobile hotspot is available via device’s RF parameters will be obtained, an over-the-air update process through a downloaded, validated and installed. FOTA server managed by AT&T. The For software that is accessed through update process is secure through unique manufacturer’s website or device’s username and password device management system, describe the combinations that are authenticated by different levels of security as appropriate. the server via encrypted SSL connection. 2. Describe the RF parameters that are Two Wi-Fi radio frequency parameters modified by any software/firmware can be configured via the user interface: without any hardware changes. Are Wi-Fi Channel, Wi-Fi Channel Bandwidth. these parameters in some way limited These parameters are limited to a such that any other software/firmware pre-set list for the user to select from UI. changes will not allow the device to exceed the authorized RF characteristics? 3. Describe in detail the authentication The update package is only available via protocols that are in place to ensure that a secure server, using SSL and username the source of the RF-related / password for authentication. This software/firmware is valid. Describe in ensure the source of the detail how the RF-related software is software/firmware is legitimate. protected against modification. 4. Describe in detail any encryption SSL / AES / TKIP /PKCS#1 /PKCS#7 methods used to support the use of legitimate RF-related software/firmware. 5. For a device that can be configured as The AC815S cannot be configured as a master and client (with active or passive Wi-Fi client, it only operates as an access scanning), explain how the device point (master). ensures compliance for each mode? In particular if the device acts as master in some band of operation and client in another; how is compliance ensured in each band of operation?

SOFTWARE SECURITY DESCRIPTION Third-Party 1. Explain if any third parties have the It is impossible, because RF parameters, Access capability to operate a U.S.-sold device on country of operation and other Control any other regulatory domain, parameters related to device compliance frequencies, or in any manner that may are permanent settings in the NVRAM allow the device to operate in violation of the device’s authorization if activated in the U.S. 2. Describe, if the device permits The product firmware uses an NVRAM third-party software or firmware SKU value to check and validate any installation, what mechanisms are update package to ensure that it is provided by the manufacturer to permit applicable to the appropriate region. integration of such functions while Furthermore, all parameters indicating ensuring that the RF parameters of the different countries are permanent settings device cannot be operated outside its in the NVRAM. The software/firmware authorization for operation in the U.S. itself doesn’t contain these parameters In the description include what controls and so it will not be affected by version of and/or agreements are in place with software. providers of third-party functionality to ensure the devices’ underlying RF parameters are unchanged and how the manufacturer verifies the functionality. Note : See, for example, www.XXXXX.com/ 3. For Certified Transmitter modular The product is a mobile hotspot, not a devices, describe how the module modular device. grantee ensures that host manufacturers fully comply with these software security requirements for U-NII devices. If the module is controlled through driver software loaded in the host, describe how the drivers are controlled and managed such that the modular transmitter RF parameters are not modified outside the grant of authorization.

Note that Certified Transmitter Modules must have sufficient level of security to ensure that when integrated into a permissible host the device’s RF parameters are not modified outside those approved in the grant of authorization. (See, KDB Publication 99639). This requirement includes any driver software related to RF output that may be installed in the host, as well as, any third-party software that may be permitted to control the module. A full description of the process for managing this should be included in the filing.

SOFTWARE SECURITY DESCRIPTION USER 1. Describe the user configurations User can view the following parameters: CONFIGURATION permitted through the UI. If different Wi-Fi Mode, Channel Bandwidth, GUIDE levels of access are permitted for Channel, SSID, Security Type. There is no professional installers, system different level of access. integrators or end-users, describe the differences. a. What parameters are viewable and User can view the following parameters: configurable by different parties? Wi-Fi Mode, Channel Bandwidth, Note: The specific parameters of interest for this Channel, SSID, Security Type. There is no purpose are those that may impact the compliance of the device (which would be those parameters different level of access determining the RF output of the device). These typically include frequency of operation, power settings, antenna types, DFS settings, receiver thresholds, or country code settings which indirectly programs the operational parameters. b. What parameters are accessible or There is no professional installer for this modifiable by the professional installer type of product or system integrators? (1) Are the parameters in some way There is no professional installer for this limited, so that the installers will not type of product enter parameters that exceed those authorized? (2) What controls exist that the user There is no professional installer for this cannot operate the device outside its type of product authorization in the U.S.? c. What parameters are accessible or End user can modify the following modifiable by the end-user? parameters: Wi-Fi Mode, Channel Bandwidth, Channel, SSID, Security Type (1) What parameters are accessible or End user can modify the following modifiable by the end-user? parameters: Wi-Fi Mode, Channel Bandwidth, Channel, SSID, Security Type (2) What controls exist so that the user All parameters (RF, frequencies, etc.) cannot operate the device outside its indicating different countries are authorization in the U.S.? permanent settings within the NVRAM. If a device is a product for the US, it cannot be changed for another region.

d. Is the country code factory set? Can it The country code is factory set and be changed in the UI? cannot be changed by UI (1) If it can be changed, what controls The country code is factory set and exist to ensure that the device can only cannot be changed by UI operate within its authorization in the U.S.? e. What are the default parameters The parameters that the user last saved when the device is restarted? in the UI.

SOFTWARE SECURITY DESCRIPTION USER 2. Can the radio be configured in bridge Neither mesh nor bridge mode is CONFIGURATION or mesh mode? If yes, an attestation supported on this device GUIDE may be required. Further information is available in KDB Publication 905462 D02. 3. For a device that can be configured as The device cannot be configured as a a master and client (with active or client, it operates only as a master / passive scanning), if this is user access point configurable, describe what controls exist, within the UI, to ensure compliance for each mode. If the device acts as a master in some bands and client in others, how is this configured to ensure compliance? 4. For a device that can be configured as The device cannot be configured to different types of access points, such as operate as a different type of access point-to-point or point-to-multipoint, point. The internal PCB antennas are not and use different types of antennas, user-accessible or user-serviceable. All describe what controls exist to ensure applicable limits are permanent settings compliance with applicable limits and within NVRAM, as tested in compliance the proper antenna is used for each process mode of operation. (See Section 15.407(a))


Document Created: 2017-08-31 15:03:06
Document Modified: 2017-08-31 15:03:06
© 2024 FCC.report
This site is not affiliated with or endorsed by the FCC