Since: API level 28
public class

EnhancedAttestationPolicy

extends Object
java.lang.Object
   ↳ com.samsung.android.knox.integrity.EnhancedAttestationPolicy

Class Overview

This class provides enhanced attestation functionality. Enhanced attestation executes Samsung attestation based on SAK and generates blob data. The generated blob data is sent to the Samsung Attestation Server and server verifies if blob data is valid or not. After the verification, Samsung Attestation Server stores the blob data with verification results. You can query with HTTP command to get the stored enhanced attestation results to server.

Since
API level 29
KNOX 3.4

Summary

Public Methods
boolean isSupported()
Check if the device supports enhanced attestation or not.
void startAttestation(String auk, String nonce, EnhancedAttestationPolicyCallback cb)
Run enhanced attestation communicating with Samsung Attestation Server.
void startAttestation(String nonce, EnhancedAttestationPolicyCallback cb)
Run enhanced attestation for on-prem environments.
[Expand]
Inherited Methods
From class java.lang.Object

Public Methods

public boolean isSupported ()

Since: API level 28

Check if the device supports enhanced attestation or not.

Returns
  • true if supported, false if not supported.
Usage
Used to check the enhanced attestation supported.

 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 EnhancedAttestationPolicy enhancedAttestationPolicy = ekm.getEnhancedAttestationPolicy();
 boolean supported = enhancedAttestationPolicy.isSupported();
 
Since
API level 29
KNOX 3.4
Multiuser Environment
User Scope

public void startAttestation (String auk, String nonce, EnhancedAttestationPolicyCallback cb)

Since: API level 28

Run enhanced attestation communicating with Samsung Attestation Server.

Parameters
auk
Attestation Unique Key issued to each vendor.
nonce
A nonce value that must be unique for each request. Nonce length can be 32 bytes string. Alphanumeric and underscore(_), dash(-), dot(.) characters are allowed for nonce.
cb
EnhancedAttestationPolicyCallback instance to get attestation result.
Usage
Used to run the enhanced attestation process communicating with Samsung Attestation Server. Caller needs to get unique nonce value before run enhanced attestation. The nonce is used for generating blob from the TrustZone. The uniqueId and url for attested blob data on Samsung Attestation Server are sent back to the caller with Callback API.

 // An EnhancedAttestationPolicyCallback object should be declared to handle result.
 EnhancedAttestationPolicyCallback callback = new EnhancedAttestationPolicyCallback() {
 // An EnhancedAttestationResult object including result passed with onAttestationFinished api.
     public void onAttestationFinished(final EnhancedAttestationResult result) {
         int error = result.getError();
         String uniqueId = result.getUniqueId();
         String url = result.getUrl();
     }
 }
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 EnhancedAttestationPolicy enhancedAttestationPolicy = ekm.getEnhancedAttestationPolicy();
 String auk;
 String nonce;
 
 enhancedAttestationPolicy.startAttestation(auk, nonce, callback);
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_ENHANCED_ATTESTATION" permission with a protection level of signature.
Since
API level 29
KNOX 3.4
Multiuser Environment
User Scope

public void startAttestation (String nonce, EnhancedAttestationPolicyCallback cb)

Since: API level 28

Run enhanced attestation for on-prem environments. This method returns a blob data to you through a callback method.

Parameters
nonce
A nonce value that must be unique for each request. Nonce length can be 32 bytes string. Alphanumeric and underscore(_), dash(-), dot(.) characters are allowed for nonce.
cb
EnhancedAttestationPolicyCallback instance to get enhanced attestation result.
Usage
Used to run the enhanced attestation process on network closed environments.(on-prem) Caller needs to get unique nonce value before run enhanced attestation. The nonce is used for generating blob from the TrustZone. The blob data obtained from the TrustZone is sent back to the caller with Callback API.

 // An EnhancedAttestationPolicyCallback object should be declared to handle result.
 EnhancedAttestationPolicyCallback callback = new EnhancedAttestationPolicyCallback() {
 // An EnhancedAttestationResult object including result passed with onAttestationFinished api.
     public void onAttestationFinished(final EnhancedAttestationResult result) {
         int error = result.getError();
         String uniqueId = result.getUniqueId();
         byte[] blob = result.getBlob();
     }
 }
 EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
 EnhancedAttestationPolicy enhancedAttestationPolicy = ekm.getEnhancedAttestationPolicy();
 String nonce;
 
 enhancedAttestationPolicy.startAttestation(nonce, callback);
 
Permission
The use of this API requires the caller to have the "com.samsung.android.knox.permission.KNOX_ENHANCED_ATTESTATION" permission with a protection level of signature.
Since
API level 29
KNOX 3.4
Multiuser Environment
User Scope