Announcements 21 Jul 2014

A closer look at Knox contribution in Android

Samsung Knox has come a long way in a short period of time. We are proud to say that our users have responded very positively since we launched Knox. Over the last several months, we have seen over 200,000 new users per month sign up to use Samsung Knox. This trend is accelerating. On June 25th, Samsung announced a new partnership with Google which integrates Samsung Knox technology into the next version of Android (Android ‘L’).

We are excited about this partnership and its ability to drive industry-wide thought and technology leadership. Samsung remains in complete control of Samsung Knox and we will work closely with Google to deliver a unified, secure implementation of Android to the enterprise. This will bring a number of new features to Android ‘L’, such as the ability to manage and separate business and personal data. In addition, Samsung will also continue to invest in and drive Samsung Knox.

Samsung Knox will offer differentiated features on top of Android ‘L’ to serve the unique needs of businesses who will benefit from the combination of Samsung software and hardware. For instance, to serve users with defense-grade and government-certified features requires deep linkages with the hardware.

So which components of Samsung Knox are coming to the next version of Android?

As outlined in the Android Developers blog, Samsung Knox features above the hardware level including Security Enhancements for Android, the Knox Framework and data separation technology from the Knox Workspace will be integrated into Android.

Hardware-dependent features from which the root of trust is built will remain specific to Samsung, including

  • TrustZone-based Integrity Management Architecture (TIMA)
    • Real-time Kernel Protection
    • Client Certificate Management (CCM)
    • Trusted Boot-based Key store
    • Remote attestation
  • Trusted Boot
  • Biometric authentication
  • Knox Smart Card Support
  • Government-certified Knox components
    • Common Criteria
    • STIG standards (FIPS certified crypto library, FIPS VPN, audit, etc.)

All of these features are part of the advanced Knox offering which will continue using the existing business model with our partners and customers.

Knox APIs will be a superset of Android ‘L’ enterprise APIs and will be continually supported on all Samsung devices embedded with Knox. In addition, a Knox compatibility library will map Knox API calls to their corresponding ’L’ enterprise API calls if such APIs exist. This will ensure that applications built using Knox APIs will work on all ‘L’ devices. This gives a jump start to Knox developers who want their applications to work across ‘L’ devices.

We encourage all our solution partners to keep innovating with Knox to meet the needs of customers. We want our partners to get the best of both worlds: a unified Android foundation and deep differentiation. We will work very closely with both our partners and customers on the path to this brighter future. The best is yet to come. Stay tuned.