Overview

Originally, we issued two types of licenses, Enterprise (ELM) licenses to access our enterprise-grade SDKs and Knox (KLM) licenses to access our premium SDK features. These legacy licenses came with a fixed set of API methods that you could call. With Knox 2.8, we are introducing the beta version of a new license key type named Samsung Knox License (SKL). With this license key type, we are trying to provide more flexible and secure entitlement, which addresses our partners’ requirements. In simple terms, entitlement can be referred to as ‘right of use’. With the new entitlement-based license model, our license management now provides specific rights or permissions to use certain features of a Knox SDK.

To accommodate flexible entitlement concept, the SKL key combines permissions from various types of keys into single key, enabling simple license activation process. For information on various license key types, see About license keys. Also, to enhance security and avoid misuse of your Samsung Knox License, you can now register the app information while requesting the Samsung Knox License. Registered app information will be verified during the license activation process, and thus, we can secure the use of issued licenses.

The new entitlement-based license model provides the following features:

  • Avoid license key misuse for security – You need to register the app information that will use the new entitlement-based license key, SKL. Only the registered apps will be able to activate the new SKL, and call the API methods granted to that license key.
  • Selective permissions for flexibility – You can select permissions which you want to use only by describing permissions in your app manifest.xml. This approach is aligned with Google’s method for getting permission. This feature will be available in the future Knox releases.

Through the new licensing entitlement model, you will be able to request a new Samsung Knox License with specific permissions to use selected features from multiple SDKs. However, currently, the entitlement-based licensing applies only to the Android version of the Knox Standard SDK. In future Knox releases, we may extend support to other Android SDKs.

Requirements

A SEAP account

Enroll to generate license key

How it works

    Through this SEAP portal, you can get an entitlement-based Samsung Knox License key. For security purposes, you must identify the apps that will use this key by providing their app package name and public key hash. To do this, you either upload the app (and let the SEAP portal extract the package name and hash) or manually enter the information yourself.

    1. SEAP Portal - The SEAP Portal requests a license from a Samsung License Server, then displays your license through your SEAP license dashboard. Determine the type of license that you need and select a permission group.
    2. Android manifest - Declare the permissions specific to your solutions in your Manifest file.
    3. Samsung Device - Your app activates the Samsung Knox License key by calling the API method KnoxEnterpriseLicenseManager.activateLicense. Your device compares the permissions declared in your Manifest file with the Knox permissions group that you’ve selected.  What happens next depends on the device, specifically which Knox platform it is using:
      • Device has Knox v2.8 or later - A new License Agent on the device sends your Samsung Knox License request to a Samsung License Server, asking for permission to use therequested API methods.
      • Device has Knox v2.7 or earlier - The previous License Agent forwards license requests to the Samsung License Server only when you activate an ELM license, using EnterpriseLicenseManager.activateLicense. So, in this case, if you want to use the new entitlement-based Samsung Knox License key, you need to activate both the new Samsung Knox License key as well as a backwards-compatible ELM key, which has no permissions but is needed to trigger a request for Samsung Knox License permissions. The order in which you activate the Samsung Knox License key and ELM key does not matter.
    4. Samsung License Server - Makes sure that the app activating a license was previously registered, determine what API methods the license has permission to call, then sends this information to the License Agent on the device. Your app can now execute the API methods that it was granted permission to use.

    You can continue to use the legacy ELM and KLM keys that are already issued; they will still work in the new licensing entitlement model. We will even continue issuing new ELM keys, in the event you have devices with Knox 2.7 or earlier but don’t want to change your app source code to activate the backwards-compatible ELM key along with the new Samsung Knox License key. We will eventually stop issuing the legacy ELM and KLM keys and instead provide only the new Samsung Knox License with a backwards-compatible ELM key.

    Next steps

    Back to About License keys