Samsung Knox

Knox is the most secure Android platform offering advanced data protection and security for corporate users.

Samsung KNOX is a technology offering “phone in a phone“. The device is divided into 2 containers separating private and business space.

Samsung Knox device

The business container offers a wide range of tools for corporate data protection and minimum risk exposure while using the mobile device.

KNOX runs on SE Android platform (Security Enhanced Android) which was developed by NSA (National Security Agency). Samsung added support of additional layers for better hardware interaction such as secure boot support. Devices using KNOX have been approved by the US Department of Defence for use in departmental networks.

KNOX configuration is supported by many MDM solutions i.e. by MobileIron, Airwatch, Good, Citrix etc.

Available versions:

  • My Knox – personal free Knox (for personal use)
  • Knox EMM (Enterprise Mobility Management) – offers a wide range of IT policies for mobile device administration, identity management and cloud access for internal policies implementations.
    • Knox Express
    • Knox Premium
  • Knox Marketplace – one-stop-shop for IT administrators offering KNOX and enterprise applications all in one place
  • Knox Customization – custom tailored Knox solution for your needs

System4u is a Samsung partner for delivery and implementation of Samsung Knox technologies.

How does Samsung Knox work?

From user perspective Samsung Knox is an application which creates a new container in the phone so that personal and professional data can be separated. Clicking on the Knox icon the user switches from the standard Android environment to the secure KNOX zone which is password protected. Each mode has its own colour for easier orientation.

The most important applications which are used most often are in Knox mode where certain functions such as printscreen are disabled. Applications running outside of the container have a limited access to data stored inside the container where the security is addressed on the operating system level.

Samsung Knox enables the administrators to remotely managed the device – distribute and set up a secure Knox container, create connectivity profiles for corporate network or remotely wipe the Knox container. Overall Samsung offers over 500 IT policies for mobile device management.


Why choose Samsung Knox?

  • Secure hardware and software platform for corporate mobile devices
  • Secure environment for corporate application and data management
  • Personal data protection from malware, phishing and other types of remote attack
  • A wealth of options for remote management and device configuration

 Top level security platform

Samsung KNOX offers leading edge core platform security and improves device integrity from kernel to applications. It is based namely on these elements:

  • Trusted Boot – basic element ensuring secure device boot by allowing only authorized SW to run on the device (verifies authenticity of bootloader and firmware)
  • ARM TrustZone-based Integrity Measurement Architecture (TIMA) – offers nonstop Linux kernel and operating system integrity check
  • Security Enhancements for Android (SE for Android) – Android security enhancement, authorized application verification etc.
  • KNOX container – separate encrypted environment for corporate data and applications. The container is protected by password or an external smart card reader.
Key core platform security improvements:
  • Certificate management in secure Trustzone – feature that generates and maintains client certificates inside Trustzone with additional support for industry standards such as PKCS#11; allows mobile devices to play the role of the smart card and its reader.
  • KNOX Key Store – Generates and maintains encryption keys inside the TrustZone protected environment; allows third parties to utilize encryption for security sensitive applications and makes sure that encrypted data is protected if the system is compromised
  • Real-Time Protection for System Integrity – Real-time monitoring that both detects and prevents any unauthorized modifications to the kernel code, critical kernel data and system partition.
  • ODE protection with TrustZone  – Encrypts the data stored in the device using the TrustZone encryption key. Option to disable at the detection of system integrity compromise.
  • Biometric two-factor authentication  – Makes container access even more secure by requiring both password and fingerprint to authenticate
  • Enhanced Generic Framework of KNOX – KNOX supports Per-App VPN for SSL VPN solutions

For more information about Samsung Knox technologies please visit Samsung web pages.

© 2019 System4u, a.s.
Powered by Wordpress