Knox leverages a processor architecture known as ARM TrustZone where there are two worlds: the Normal World, and the Secure World. Virtually all smartphone software runs in Normal World. The Secure World is reserved for highly sensitive computations made during encryption, decryption, signing, and verification
TrustZone consists of three core components:
- TIMA KeyStore
- Real-time Kernel Protection
Knox Premium SDK — Lets you manage data stored in the TrustZone-based key stores, and protect sensitive operations.
Knox Universal Credential Management — Third-party storage providers can use this SDK as a central interface to store different vendor certificates and private keys. UCM provides a single interface to independent parties who are sharing the mobile device environment resources.
Knox ISV SDK — Attestation — Can be requested on demand to let you check if a device has been compromised, so that you can take the appropriate actions to protect your app and its valuable data.