Knox marketing jumbotron banner

Samsung Knox

Knox is Samsung's defense-grade security platform built into our latest mobile devices.

Knox Marketing SDK

Defense-grade security from the chip up

The enhanced security offered by Samsung Knox has been approved by 29 governments worldwide. Its chip-level security reinforces several layers of protection that work at both the hardware and software levels to safeguard your privacy and confidential data around the clock.

 

View all SDK and developer tools

 

 

Knox Technology

The security of corporate data on mobile devices remains a top concern for CEOs and CIOs when adopting enterprise mobility. Finding a mobile security solution that is both resilient and user-friendly can be a challenge, which is why Samsung designed Knox.

Multi-layered security icon

Multi-layered security

Real-time Protection icon

Real-time Protection

Hardware-based encryption icon

Hardware-based encryption

Worldwide certification icon

Worldwide certification

Tools in the Samsung Enterprise Alliance Program enable developers to leverage the security of the Knox framework to secure, manage, and customize Samsung mobile devices to best suit business needs.

Examples of how the layers of Knox are utilized by SDKs provided in SEAP below:


Knox Containers isolate and protect applications and data that are placed within. Knox Workspace is designed to create a separation between business and personal apps and data, while providing enhanced granular control over device features to enterprise IT administrators. Secure folder – included on the latest Galaxy smartphones – is a new consumer solution built on the Knox platform that enables everyday users to move apps and data to a secure folder to gain an additional layer of security and privacy.

Knox Premium SDK — Lets you create and manage Knox containers, amongst many other advanced security features such as Single Sign-On & VPN.

Knox Enabled App — Deploy your solution inside its own invisible Knox container without affecting end-user behavior. Isolate and protect app data, so that potentially malicious apps can’t access data in unauthorized ways.

Security Enhancements for Android protect applications and data by strictly defining what each process is allowed to do, and what data it can access. SE for Android helps to secure a device by defining domains, rights, and security policies, to enforce Mandatory Access Control.

Knox Premium SDK — Includes an SE for Android Management System (SEAMS) that lets you create your own containers and manage app permissions and data access.

Knox Enabled App — Isolate and protect app data, so that potentially malicious apps can’t access data in unauthorized ways. You just enable the feature and we set up the intents and access through SE for Android policies.

Knox leverages a processor architecture known as ARM TrustZone where there are two worlds: the Normal World, and the Secure World. Virtually all smartphone software runs in Normal World. The Secure World is reserved for highly sensitive computations made during encryption, decryption, signing, and verification

TrustZone consists of three core components:

  • TIMA KeyStore
  • Real-time Kernel Protection
  • Attestation

Knox Premium SDK — Lets you manage data stored in the TrustZone-based key stores, and protect sensitive operations.

Knox Universal Credential Management — Third-party storage providers can use this SDK as a central interface to store different vendor certificates and private keys. UCM provides a single interface to independent parties who are sharing the mobile device environment resources.

Knox ISV SDK — Attestation — Can be requested on demand to let you check if a device has been compromised, so that you can take the appropriate actions to protect your app and its valuable data.

Secure Boot ensures that only certified, authorized bootloaders and kernels are loaded onto the device during boot up and the Knox container can be used without being compromised.

Trusted Boot ensures that the bootloader and OS kernel are the originals from the factory or updates from authorized OTA firmware upgrades or patches.

Knox Premium SDK — Lets you create and manage Knox containers that lock down if Secure Boot or Trusted Boot fails.

Knox Enabled App — Apps operating in their own Knox container can prevent malware access by locking down and preventing access to data if authentication operations with Secure Boot and Trusted Boot fail.

Knox ISV SDK — Attestation and Sensitive Data Protection — if authentication fails with the components of Secure Boot and Trusted Boot, sensitive apps and data will be locked down and secured.

A set of security mechanisms built into device hardware that flag any time the device's default controls have been altered. These include Secure Boot Key and Device Root Key, which perform authentication and encryption operations associated with the device.

Knox Premium SDK — Lets you create and manage Knox containers, as well as determine actions to take if authentication within the Hardware Root of Trust fail.

Knox Enabled App — Apps operating in their own Knox container as a Knox Enabled App will not function and data will not be accessible if authentication operations within the Hardware Root of Trust fail.

Knox ISV SDK — Attestation and Sensitive Data Protection — if authentication fails with the components of the Hardware Root of Trust, sensitive apps and data will be locked down and secured.

For more information on Samsung Knox, please visit SamsungKnox.com .

Join the Samsung Enterprise Alliance Program today to develop and distribute your B2B solution, and connect with the global Samsung community.

Learn more about the program