5
Belkin
®
Advanced Secure Windowing KVM User Manual
oVerVIeW
SECTIONS
2
security features
Product is designed, manufactured and delivered in security-controlled
environments. Below is a summary of the main advanced features
incorporated in product:
nIaP PPs Ver . 3 .0 compliant
Product is designed from scratch to comply with latest NIAP PPS ver.
3.0 standard. Thoroughly tested, product meets international NIAP
security requirements and covers latest technologies:
• Optimized for USB (USB 1.1, 2.0, 3.0 and Type C) to support
newest peripherals;
• Optimized for HDMI and DisplayPort video;
• Enables newer protocols such as MHL to support mobile devices
and not only computers;
• Supports modern user interaction modes, such as cursor control,
touch-screen, multi-touch, and more.
advanced isolation between computers and shared peripherals
The emulations of keyboard, mouse and display EDID, prevent direct
contact between computers and shared peripherals. Product design
achieves maximal security by keeping the video path separate with
keyboard and mouse switched together, purging keyboard buffer when
switching channels. All these features contribute to strong isolation
between computer interfaces, maintained even when product is
powered off.
unidirectional data flow: usb, audio and video
Unique hardware architecture components prevent unauthorized data
flow, including:
• Optical unidirectional data flow diodes in the USB data path that
filtrate and reject unqualified USB devices;
• Secure analog audio diodes that prevent audio eavesdropping
at TEMPEST level with no support for microphone or any other
audio-input device;
• Video path is kept separate from all other traffic, enforcing
unidirectional native video flow. EDID emulation is done at power
up and blocks all EDID/MCCS writes. For DisplayPort video,
filtration of AUX channel exists to reject unauthorized transactions.
Isolation of power domains
Complete isolation of power domains prevents signaling attacks.
secure administrator access & log functions
Product incorporates secure administrator access and log functions to
provide auditable trail for all product security events, including battery
backup life for anti-tampering and log functions. Non-reprogrammable
firmware prevents the ability to tamper with product logic.