Knox Platform for Enterprise
(KPE)

Enhance your solution using Samsung Knox SDKs

Increase the security and manageability of your enterprise solutions using Samsung Knox SDKs, which leverage the cutting-edge Knox Platform for Enterprise.

You can learn more about our flagship SDKs below.

Knox SDK

The Knox SDK provides granular access to Samsung Android mobile device features, security options, customization settings, and more. With more than 1,500 APIs to build apps and mobile solutions, the Knox SDK allows you to unleash your creativity and start building-world-class device security and management solutions.

Knox Tizen SDK for Wearables

The Knox Tizen SDK for Wearables provides APIs for Samsung wearables device management, customization, and security enhancement.

Samsung wearables increase in popularity in the enterprise market and enterprises can now manage Samsung wearable devices using the Knox Tizen SDK for Wearables.

Knox Platform for Enterprise (KPE)

Knox Platform for Enterprise (KPE) is a defense-grade mobile platform built into the hardware and software of most Samsung consumer and enterprise devices.

KPE is our industry-leading mobile security solution, designed to meet the most stringent needs of governments and regulated industries, which can be managed via Knox cloud services and partner solutions such as EMM. It also enables enterprise solution vendors to build their own hardware-backed security solutions and address the strictest of enterprise mobility requirements using Knox SDKs. KPE is designed to separate, isolate, encrypt, and better protect work data on mobile devices and provides a wide variety of capabilities for granular device management, real-time device integrity verification, and data protection. You can find a sampling of KPE features below:

Security

Security

  • Real-Time Kernel Protection
  • Device Health Attestation
  • Sensitive Data Protection
  • Dual Data-At-Rest (DAR)
  • Enhanced Workspace Isolation
  • Biometric Authentication
  • AD Integration
  • Government Certifications
  • Firewall Management
  • Advanced VPN Configuration
    • - Per-Device, Per-Container and Per-app VPNs
    • - On-Demand VPN
    • - On-Prem VPN Bypass
    • - VPN Chaining
    • - HTTP Proxy over VPN
  • Remote Control
  • Audit Log
Manage

Manageability

  • Knox E-FOTA
  • Granular Device Management
  • Comprehensive Device Customization
  • Enterprise Productivity Apps
  • Advanced App Management
  • Extensive Workspace Configuration
  • Network Platform Anaylytics
  • Automated Certificate Enrollment
  • Universal Credential Management
  • Client Certificate Manager
  • DeX Management
  • Split Billing

Android Enterprise platform
Basic security protections, management policies, network functions

Samsung Knox Platform for Enterprise also leads the mobile security industry in the number of security regulations it complies with, such as Common Criteria and FIPS 140-2. Designed with the needs of highly regulated industries in mind, Knox Platform for Enterprise should be the cornerstone of your mobile security strategy.

KPE Licenses

To use Knox SDKs and activate all features of the Knox Platform, you will need to use Knox Platform for Enterprise (KPE) license keys.

KPE has three types of licenses:

  • KPE Standard Edition (free): Offers a hardware-backed security foundation and system-level management policies, and include Android Enterprise as a base.

  • KPE Premium Edition (paid): Includes all KPE Standard Edition features, addresses more sophisticated security needs with advanced security management features and government compliance capabilities.

  • KPE DualDAR Edition (paid): Includes all KPE Premium Edition features, as well as the DualDAR feature which provides two separate layers of encryption and key generation for industry-leading security.

Below are the feature comparisons by edition:

KEY FEATURES (1)
KEY FEATURES (1) KPE DualDAR KPE PREMIUM KPE STANDARD ANDROID ENTERPRISE(2) KPE DIFFERENTIATION
Hardware-backed Trusted Environment Hardware Root of Trust Fully supported Fully supported Fully supported Partially supported Device-unique hardware keys and one-time programmable fuses
Build Trust Fully supported Fully supported Fully supported Partially supported Hardware-backed
Maintain Trust Fully supported Fully supported Fully supported Partially supported Runtime kernel protection (Android only supports DM-Verity)
Prove Trust Fully supported Fully supported Fully supported Partially supported Hardware-backed, device-identifiable
Robust Data Protection Data at Rest HW-based Data Isolation Fully supported Fully supported Partially supported Partially supported 3rd-party container support, granular configuration
Data at Rest On Device Encryption Fully supported Fully supported Fully supported Fully supported Verifies system integrity before decrypting data
Data at Rest Sensitive Data Protection Fully supported Fully supported Fully supported Not supported Data-at-Rest protection even while device is in use (Common Criteria)
Data at Rest DualDAR Fully supported Not supported Not supported Not supported Provides two separate layers of data encryption and key generation
Data in Transit Flexible On-device VPN options Fully supported Fully supported Partially supported Partially supported On-demand, dual-chaining, web proxy over VPN
Data in Transit Gov. - certified Built-in VPN Client Fully supported Fully supported Fully supported Partially supported Government certified features
Data in Transit On-device Firewall Management Fully supported Fully supported Fully supported Not supported URL based filtering, per-app control, blocked access logs
Comprehensive Device Management Wide Range of Device Configuration Fully supported Fully supported Partially supported (with differentiation added) Partially supported Advanced authentication options, booting splash customization, etc.
Advanced Mobile App Management Fully supported Fully supported Fully supported Partially supported Granular app management without Managed Google Play, etc.
System-level Device Feature Restriction Fully supported Fully supported Partially supported (with differentiation added) Partially supported Factory reset (recovery mode), firmware flashing (download mode)
Granular Device Monitoring & Control In-depth Device Usage Fully supported Fully supported Not supported Not supported Audit logs
In-depth Network Usage Fully supported Fully supported Not supported Not supported Network Platform Analytics
Optimized Remote Control Fully supported Fully supported Fully supported Partially supported High performance, device-wide controls; SECURE_FLAG overriding
Versatile Credential / Credential Mgmt Universal Credential Management Fully supported Fully supported Not supported Not supported Custom Keyguard, custom ODE
HW-based Client Certificate Management Fully supported Fully supported Partially supported (with differentiation added) Partially supported Hardware-backed, wide range of CSR/CEP support
Certified & Trusted by Experts and Government Bodies Fully supported Fully supported Partially supported (with differentiation added) Partially supported "Strong" ratings in 25 of 28 categories in 2017 Gartner mobile security report

(1) Some feature availability is subject to support by EMMs

(2) Android Open Source Project without Knox Platform for Enterprise

* Dependent on device manufacturer's implementation (not everyone does)

Learn more

For more information on Knox, read our Knox Whitepaper.

For more information developing with Knox Platform for Enterprise, please visit Knox SDK and Knox Tizen SDK for Wearables.

Join the Samsung Enterprise Alliance Program today to develop and distribute your B2B solution, and connect with the global Samsung community.

Learn more about the program