Samsung KNOX SDKs: More than Security!

Similar documents
iphone in Business Mobile Device Management

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

In-Depth Look at Capabilities: Samsung KNOX and Android for Work

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

KNOX Customization: Find the Right Fit for your Customers

Deploying iphone and ipad Mobile Device Management

ipad in Business Mobile Device Management

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology

Cloud Services MDM. ios User Guide

End User Devices Security Guidance: Apple ios 8

Release Notes. KNOX Premium SDK. Version 2.5

Windows Phone 8.1 Mobile Device Management Overview

GO!Enterprise Mobile Device Management Android Release Notes

BlackBerry 10.3 Work and Personal Corporate

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Kaspersky Security for Mobile Administrator's Guide

Managing ios Devices. Andrew Wellington Division of Information The Australian National University XW11

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

MobileIron and Samsung Value Proposition

Samsung KNOX 2. UK Government EUD Guidance Whitepaper

Connecting your Aiki phone to a network

Samsung SDS. Enterprise Mobility Management

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

Bell Mobile Device Management (MDM)

Mobile App Containers: Product Or Feature?

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Introduction to AirWatch and Configurator

Policy and Profile Reference Guide

Cloud Services MDM. Telecom Management Admin Guide

Troubleshooting BlackBerry Enterprise Service 10 version Instructor Manual

Systems Manager Cloud-Based Enterprise Mobility Management

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Advanced Administration

Junos Pulse for Google Android

This guide describes features that are common to most models. Some features may not be available on your tablet.

Android support for Microsoft Exchange in pure Google devices

ManageEngine Desktop Central. Mobile Device Management User Guide

Mobile Device Management Solution Hexnode MDM

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

LabTech Mobile Device Management Overview

Enterprise Mobility S.E.A.L / Galaxy S III

Android Support on Galaxy Nexus, Nexus S, and Motorola Xoom for Microsoft Exchange Policies

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Samsung KNOX User Guide KNOX for Consumers Edition

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Building Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh

NHSmail mobile configuration guide Android mobile devices

PMDP is simple to set up, start using, and maintain

A Guide to New Features in Propalms OneGate 4.0

Mobile Device Manager. Windows User Guide (Windows Phone 8/RT)

Corporate-level device management for BlackBerry, ios and Android

Windows Phone 8.1 in the Enterprise

COMMUNITAKE TECHNOLOGIES MOBILE DEVICE MANAGEMENT FROM BELL USER GUIDE

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

End User Devices Security Guidance: Apple OS X 10.10

McAfee Enterprise Mobility Management

Configuration Guide BES12. Version 12.1

Windows Phone 8 Security deep dive

Sophos Mobile Control Technical Guide. Product version: 3

SAP Mobile - Webinar Series SAP Mobile Platform 3.0 Security Concepts and Features

Guidance End User Devices Security Guidance: Apple ios 7

Configuration Guide BES12. Version 12.3

Zenprise Device Manager 6.1.5

Telstra Mobile Device Management (T MDM) Getting Started Guide

Compliance Rule Sets in MaaS360

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback -

White Paper : An Overview of Samsung KNOX

Feature List for Kaspersky Security for Mobile

White Paper : An Overview of Samsung KNOX

Exchange Administrators will be able to use a more secure authentication mechanism compared with username and password

Sophos Mobile Control SaaS startup guide. Product version: 6

Configuration Guide BES12. Version 12.2

Cortado Corporate Server

BYOD Guidance: BlackBerry Secure Work Space

ENTERPRISE MOBILITY MANAGEMENT & REMOTE ACCESS SOLUTIONS

This guide describes features that are common to most models. Some features may not be available on your tablet.

Advanced Configuration Steps

ios Enterprise Deployment Overview

USER TRAINING. Enterprise Mobility Solutions October 23, 2013

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Bell Mobile Device Management (MDM)

Oracle Mobile Security

Grid-In-Hand Mobile Grid Revised 1/27/15

Kony Mobile Application Management (MAM)

Workday Mobile Security FAQ

Administration Guide BES12. Version 12.3

User Manual for Version Mobile Device Management (MDM) User Manual

Mobility Manager 9.5. Users Guide

Transcription:

Samsung KNOX SDKs: More than Security! Victor Okunev SEAP Developer Evangelist Samsung Electronics

Introduction Hello! My name is Victor Okunev. Developer Evangelist Vancouver Enterprise Lab Samsung Electronics Canada Email: v.okunev@samsung.com 2

Agenda Webinar Duration: 1 hour 1. Presenter Introduction 2. Samsung KNOX Platform 3. KNOX Standard SDK Key Features 4. KNOX ISV SDK Key Features 5. Introduction to SEAP 3

Mobile software requirements Consumer vs Business Performance UX Security Scalability Generic platform all that but Hardened Security Manageability Customization Best-suited platform No can do: 4

Samsung KNOX Platform Tamper-resistant HW/SW Security Stack Built into Samsung Galaxy devices Hardware Root of Trust Boot-time system integrity OS-level data and app protection Run-time kernel integrity Integrity-based security services Secure application and data container Includes Samsung APIs SDKs are provided free of charge In-code license activation required 5

Samsung KNOX Security Certifications https://www.samsungknox.com/en/security-certifications CANADA UK USA FRANCE CHINA AUSTRALIA 6

Samsung KNOX SDKs 7

KNOX Standard SDK 8

Mobile Device Management 101 What is a device policy? 9

Advanced MDM APIs for Android KNOX Standard SDK Integrated with Samsung KNOX Platform 430+ device policies App Management, HW/SW Component Management, Expense Management, Security Management, Inventory monitoring, Services Provisioning, etc. Used in 120+ MDM products 10

KNOX Standard SDK: Core Features Application Management Security Management App Control App Permissions Security Firewall Password Customized Device Mode HW / SW Component Management Kiosk Mode Lock Screen Settings Backup Date and Time Voice/Data Management Restrictions Bluetooth Browser Roaming Phone Remote Configuration Exchange Wi-Fi SSO Location-based Services Android VPN Email LDAP Geo fencing Location APN Multi User Help Desk Device Inventory Remote Control Inventory Per user polices Per device polices 11

KNOX Standard SDK: Core Features Application Management Security Management App Control App Permissions Security Firewall Password Customized Device Mode HW / SW Component Management Kiosk Mode Lock Screen Settings Backup Date and Time Voice/Data Management Restrictions Bluetooth Browser Roaming Phone Remote Configuration Exchange Wi-Fi SSO Location-based Services Android VPN Email LDAP Geo fencing Location APN Multi User Help Desk Device Inventory Remote Control Inventory Per user polices Per device polices 12

Application Management KNOX Standard SDK API examples Silent install/uninstall of applications Restrict installation and un-installation of applications Disable and enable applications Use case example: POS system Silently push an app update No user interaction required Even with extra new permissions Download an APK from your server 13

KNOX Standard SDK: Core Features Application Management Security Management App Control App Permissions Security Firewall Password Customized Device Mode HW / SW Component Management Kiosk Mode Lock Screen Settings Backup Date and Time Voice/Data Management Restrictions Bluetooth Browser Roaming Phone Remote Configuration Exchange Wi-Fi SSO Location-based Services Android VPN Email LDAP Geo fencing Location APN Multi User Help Desk Device Inventory Remote Control Inventory Per user polices Per device polices 14

Customized Device Mode KNOX Standard SDK Hidden Notification Bar KIOSK MODE Custom Wallpaper Custom Applications API examples Customize Home screen Disable Settings changes Customize device lock screen with client's company logo No default Applications Disable Menu key Calculator Calendar Contacts Camera Disable Soft keys Use case example: In-room hospitality devices Minimize the device environment To prevent guest from misconfiguring it Provide access to relevant apps only Simplify the OS experience for non-android users Disable Hardware keys 15

KNOX Standard SDK: Core Features Application Management Security Management App Control App Permissions Security Firewall Password Customized Device Mode HW / SW Component Management Kiosk Mode Lock Screen Settings Backup Date and Time Voice/Data Management Restrictions Bluetooth Browser Roaming Phone Remote Configuration Exchange Wi-Fi SSO Location-based Services Android VPN Email LDAP Geo fencing Location APN Multi User Help Desk Device Inventory Remote Control Inventory Per user polices Per device polices 16

Location-Based Services KNOX Standard SDK Main gate API examples Define Polygonal, Circular, and Linear geofences Apply specific behavior based on the device location Configure frequency of GPS location querying Based on time and distance Use case example: Preventing data leakage from restricted area Detect when device enters the geofence Disable camera and Bluetooth on the device Detect when device leaves the geofence Restore device and Bluetooth functionality 17

KNOX Standard SDK: Core Features Application Management Security Management App Control App Permissions Security Firewall Password Customized Device Mode HW / SW Component Management Kiosk Mode Lock Screen Settings Backup Date and Time Voice/Data Management Restrictions Bluetooth Browser Roaming Phone Remote Configuration Exchange Wi-Fi SSO Location-based Services Android VPN Email LDAP Geo fencing Location APN Multi User Help Desk Device Inventory Remote Control Inventory Per user polices Per device polices 18

Help Desk: Remote Control KNOX Standard SDK Device Screen Sharing API examples Inject touch events Inject hardware key events Access the frame-buffer to capture the screen content Use case example: Customer support Need to take control of the device Via standard VNC client Build a mobile VNC server No device rooting required! The user assistance is not needed Keyboard/ Mouse Event Sharing 19

KNOX Standard SDK: Core Features Application Management Security Management App Control App Permissions Security Firewall Password Customized Device Mode HW / SW Component Management Kiosk Mode Lock Screen Settings Backup Date and Time Voice/Data Management Restrictions Bluetooth Browser Roaming Phone Remote Configuration Exchange Wi-Fi SSO Location-based Services Android VPN Email LDAP Geo fencing Location APN Multi User Help Desk Device Inventory Remote Control Inventory Per user polices Per device polices 20

Security Management KNOX Standard SDK API examples Configure firewall rules to allow, block, and reroute traffic, based on app or server identity Configure HTTP proxy Encrypt SD Card Install user & CA certificates Force user to change device password Use case example: Restricted data usage Allow business app only to use mobile network The rest of the apps can access data over Wi-Fi The user can't bypass this restriction 21

KNOX Standard SDK: Core Features Application Management Security Management App Control App Permissions Security Firewall Password Customized Device Mode HW / SW Component Management Kiosk Mode Lock Screen Settings Backup Date and Time Voice/Data Management Restrictions Bluetooth Browser Roaming Phone Remote Configuration Exchange Wi-Fi SSO Location-based Services Android VPN Email LDAP Geo fencing Location APN Multi User Help Desk Device Inventory Remote Control Inventory Per user polices Per device polices 22

HW/SW Component Management KNOX Standard SDK API examples Disable Wi-Fi, Bluetooth, NFC, SD Card Disallow factory reset Detect SIM change Disable tethering Perform full backup of application data Use case example: Fleet management solution Force the GPS On No user confirmation is required Prevents user from turning the GPS Off 23

KNOX Standard SDK: Core Features Application Management Security Management App Control App Permissions Security Firewall Password Customized Device Mode HW / SW Component Management Kiosk Mode Lock Screen Settings Backup Date and Time Voice/Data Management Restrictions Bluetooth Browser Roaming Phone Remote Configuration Exchange Wi-Fi SSO Location-based Services Android VPN Email LDAP Geo fencing Location APN Multi User Help Desk Device Inventory Remote Control Inventory Per user polices Per device polices 24

Remote Configuration KNOX Standard SDK API examples Control & configure Wi-Fi access points settings Configure Android VPN settings Create, update, and delete VPN profiles Provision accounts for MS Exchange ActiveSync, IMAP, and POP Use case example: Secure app traffic over untrusted data connections Detect if Wi-Fi is a trusted profile If so, disconnect corporate VPN to save VPN server load Otherwise the data connection is not trusted, enable VPN 25

Learn from Samsung Partner Solutions https://seap.samsung.com/solution-briefs 26

KNOX ISV SDK 27

KNOX ISV SDK: Core Features Device Integrity Attestation Data Security Sensitive Data Protection (SDP) Secure Credential Storage Universal Credential Management (UCM) 28

KNOX ISV SDK: Core Features Device Integrity Attestation Data Security Sensitive Data Protection (SDP) Secure Credential Storage Universal Credential Management (UCM) 29

Device Attestation KNOX ISV SDK API examples Request trusted device measurements Use case example: Ensure device is not compromised before installing banking app Initiate attestation sequence Receive attestation verdict Whether device has been rooted or is running unofficial firmware If device is uncompromised, install the app 30

Device Attestation How it Works: TrustZone Attestation Agent Your App Your Server Attestation Server 1 Get nonce Start attestation (nonce) Get nonce Nonce Nonce generated and stored with timestamp Attest (nonce) Start attestation (nonce) 2 Blob with nonce, Measurements, device ID, signature and certificate Attest (blob) Attest (blob) 3 Get verdict (nonce, blob) Verdict (success/fail) Verify blob signature, certificates; parse blob data 31

KNOX ISV SDK: Core Features Device Integrity Attestation Data Security Sensitive Data Protection (SDP) Secure Credential Storage Universal Credential Management (UCM) 32

Sensitive Data Protection (SDP) KNOX ISV SDK API examples Protect selected databases and database columns Protect selected application files Create custom SDP engine Use case example: Ensure protection of patient's confidential data even in the event of security breach on the device Mark application file as sensitive Choose SDP engine Default or custom Let SDP infrastructure to do the rest 33

Sensitive Data Protection (SDP) How it Works: Power on Power off Unlock state Lock state Decrypted Encrypted Write Read 34

KNOX ISV SDK: Core Features Device Integrity Attestation Data Security Sensitive Data Protection (SDP) Secure Credential Storage Universal Credential Management (UCM) 35

Universal Credential Management (UCM) KNOX ISV SDK API examples Query available credential storages on the device Check if the storage is locked Install certificates to credential storage (Used by Email, Browser, Wi-Fi, VPN) Use case example: Provide financial application with credential storage access: Ability to support Embedded Secure Elements, Micro SD cards, SIM cards, and Common Access Card (CAC) smartcards from third-party vendors Do not create dependency on the vendor API Use generic API Take advantage of plugin architecture 36

Universal Credential Management (UCM) How It Works: Credential-consuming apps (Email, browser, WiFi, VPN, etc.) Storage management apps 37

Where do I get Samsung B2B SDKs? https://seap.samsung.com/ SEAP Samsung Enterprise Alliance Program Instant registration, start developing in minutes: 38

Samsung Enterprise Alliance Program Sales Support Dedicated sales support from Samsung sales network based on Business Opportunities Co-Marketing Activities Partner Promotion via Samsung online channels Co-branded marketing materials Samsung event participation SEAP Newsletter & Logo Access Samsung s technology KNOX SDKs and licenses Technical Q&A ticket Priority technical support Technical consultants Marketing Sales Tech Support 39

Q&A and THANK YOU for your time. Victor Okunev v.okunev@samsung.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information