15. Operation Description for software security

FCC ID: TE7CPE510V32

Attestation Statements

Download: PDF

FCCID_4501570

< TP-Link Technologies Co., Ltd.>
<Building 24 (floors 1,3,4,5) and 28 (floors1-4), Central
Science and Technology Park,Nanshan Shenzhen,
518057 China>

Operation Description
SOFTWARE SECURITY REQUIREMENTS FOR U-NII DEVICES

Federal Communication Commission
Equipment Authorization Division, Application Processing Branch
7435 Oakland Mills Road
Columbia, MD21048
Date: <2019-10-18>

Attn: Office of Engineering and Technology
Subject: Attestation Letter regarding UNII devices
FCC ID: TE7CPE510V32
Software security questions and answers per KDB 594280 D02:

SOFTWARE SECURITY DESCRIPTION
General 1. Describe how any software/firmware New firmware versions are posted at
Description updates for elements than can affect the http://www.tp-link.com and can be downloaded
device’s RF parameters will be obtained, for free. To install the new firmware, choose
downloaded, validated and installed. For “Advanced → System Tools → Firmware
software that is accessed through Upgrade” and then follow the tips in the
manufacturer’s website or device’s webpage.
management system, describe the
different levels of security as
appropriate.
2. Describe the RF parameters that are Radio 5G: 5.180GHz ~ 5.240GHz, 5.745GHz ~
modified by any software/firmware
5.825GHz.
without any hardware changes. Are
these parameters in some way limited The Radio range is fixed by our
such that any other software/firmware software/firmware, and can't be configured out
changes will not allow the device to of the giving range.
exceed the authorized RF
characteristics?
3. Describe in detail the authentication No, the RF parameters are put in the read-only
protocols that are in place to ensure that partition of device's flash and could only be
the source of the RF-related installed by the factory. RF parameters:
software/firmware is valid. Describe in frequency operation, power settings and
detail how the RF-related software is country code.
protected against modification.

4. Describe in detail any encryption The firmware is compiled as binary file and
methods used to support the use of cannot change the RF parameter through this
legitimate RF-related software/firmware. binary file. It is read-only without the change to
change setting.

< TP-Link Technologies Co., Ltd.>
<Building 24 (floors 1,3,4,5) and 28 (floors1-4), Central
Science and Technology Park,Nanshan Shenzhen,
518057 China>

5. For a device that can be configured as a There are no differences between the
master and client (with active or passive
master and client mode in our device for
scanning), explain how the device
the RF mode, channel, and power. If the
ensures compliance for each mode? In
particular if the device acts as master in mast mode is compliance for the
some band of operation and client in certification , so is the client mode.The
another; how is compliance ensured in device cannot be configured as a master and
each band of operation? client simultaneously.

Third-Party 1. Explain if any third parties have the capability The firmware does not support changing
Access to operate a U.S.-sold device on any other regulatory domain. Devices sold in the
Control regulatory domain, frequencies, or in any United States are fixed to U.S.
manner that may allow the device to operate in specifications at time of manufacture.
violation of the device’s authorization if The software/firmware for U.S.-bound
activated in the U.S. devices is tested to operate the radio
within the limits set forth in the FCC’s
regulations.
2. Describe, if the device permits third-party The secure booting process prevents
software or firmware installation, what
the use of software/firmware
mechanisms are provided by the manufacturer
to permit integration of such functions while created by third parties. The
ensuring that the RF parameters of the device locale is fixed to the U.S. at the time
cannot be operated outside its authorization for of manufacture.
operation in the U.S. In the description include
what controls and/or agreements are in place
with providers of third-party functionality to
ensure the devices’ underlying RF parameters
are unchanged and how the manufacturer
verifies the functionality.
3. For Certified Transmitter modular devices, This device is not a modular device.
describe how the module grantee ensures that
host manufacturers fully comply with these
software security requirements for U-NII
devices. If the module is controlled through
driver software loaded in the host, describe
how the drivers are controlled and managed
such that the modular transmitter RF
parameters are not modified outside the grant
of authorization.

SOFTWARE CONFIGURATION DESCRIPTION GUIDE
For devices which have “User Interfaces” (UI) to configure the device in a manner that may
impact the operational RF parameters, the following questions shall be answered by the
applicant and the information included in the operational description. The description must
address if the device supports any of the country code configurations or peer-peer mode
communications discussed in KDB 594280 Publication D01.

< TP-Link Technologies Co., Ltd.>
<Building 24 (floors 1,3,4,5) and 28 (floors1-4), Central
Science and Technology Park,Nanshan Shenzhen,
518057 China>

SOFTWARE CONFIGURATION DESCRIPTION
USER 1. Describe the user configurations permitted SSID, Security Type, Encryption Type,
CONFIGURATION through the UI. If different levels of access Security Key, IP Address.Different levels
GUIDE are permitted for professional installers, of access are notpermitted.
system integrators or end-users, describe
the differences.
a. What parameters are viewable and SSID, Security Type, Encryption Type,
configurable by different parties? Security Key, IP Address.
b. What parameters are accessible or This device is not a professionally
modifiable by the professional installer installed device.
or system integrators?
(1) Are the parameters in some way limited, This device is not a professionally
so that the installers will not enter installed device.
parameters that exceed those
authorized?
(2) What controls exist that the user cannot This device is not a professionally
operate the device outside its installed device.
authorization in the U.S.?
c. What parameters are accessible or Wireless Mode, Channel-Width,
modifiable by the end-user?
Channel, Transmit Power, SSID,
Security Type, Encryption Type,
Security Key, IP Address.
(1) Are the parameters in some way Yes, the parameters are in some
limited, so that the user or installers
way limited.The firmware provides
will not enter parameters that exceed
those authorized? legal options and prompts the user
to select among them.
(2) What controls exist so that the user The firmware is compiled as
cannot operate the device outside its
binary file and cannot change
authorization in the U.S.?
the RF parameter through this
binary file.It is read-only without
the change to change the
setting.
d. Is the country code factory set? Can it be Yes,the factory setting is US.
changed in the UI?
No, the country code cannot be
changed in the UI.
(1) If it can be changed, what controls The country code cannot be
exist to ensure that the device can
changed in the UI.
only operate within its authorization in
the U.S.?
e. What are the default parameters when Country code is US.
the device is restarted?

< TP-Link Technologies Co., Ltd.>
<Building 24 (floors 1,3,4,5) and 28 (floors1-4), Central
Science and Technology Park,Nanshan Shenzhen,
518057 China>

2. Can the radio be configured in bridge or No, the radio can't be configured in
mesh mode? If yes, an attestation may be
bridge or mesh mode.
required. Further information is available in
KDB Publication 905462 D02.
3. For a device that can be configured as a There are no
master and client (with active or passive
differences between the master
scanning), if this is user configurable,
describe what controls exist, within the UI, to and client mode in our device for
ensure compliance for each mode. If the the RF mode, channel, and
device acts as a master in some bands and power. If the mast mode is
client in others, how is this configured to
compliance for the certification ,
ensure compliance?
so is the client mode.The device
cannot be configured as a master
and client simultaneously.
4. For a device that can be configured as This device cannot be configured as
different types of access points, such as different types of access points. This
point-to-point or point-to-multipoint, and use device also does not support
different types of antennas, describe what external antennas configuration.
controls exist to ensure compliance with Hence, the device cannot be
applicable limits and the proper antenna is configured to use different types of
used for each mode of operation. (See antennas beyond those that are
Section 15.407(a)) shipped with the device and tested
for this certification.

Document Created: 2019-10-23 19:51:10
Document Modified: 2019-10-23 19:51:10

© 2024 FCC.report
This site is not affiliated with or endorsed by the FCC