May 30, 2022

Differentiator factors of the usage of Knox Vault

Kamil Grondys, Solutions Architect of Samsung R&D Institute Poland

Samsung Knox is already well recognized and trusted by security experts and government agencies. Knox has achieved many certifications including Common Criteria and FIPS 140-2. Knox provides secure critical communication and encryption at the highest possible levels. Applications of Knox allow replacing physical documents, and even car keys with digital IDs and digital car keys.

The newly introduced Knox Vault is integrated into Samsung devices starting from the Galaxy S21, and its components are evaluated at EAL4+ and higher. By default, Knox Vault can:

·        Store sensitive data such as hardware-backed Android Keystore keys, the Samsung Attestation Key (SAK), biometric data, and blockchain credentials.

·      Run security-critical code that authenticates a user with increasing timeouts between failures and controls access to keys depending on authentication.

By using StrongBox Keymaster powered by Knox Vault, partners can elevate their solutions and replace external EAL4+ storage and use it for critical communication or increase device encryption by incorporating API to generate and encrypt keys for securing communication or provide an additional layer of encryption using DualDAR architecture.

The other area that could easily be improved by applying Knox Vault is e-signature, including qualified and biometric signatures.

The architecture of basically any cryptographic solution that is using asymmetric or symmetric cryptography can not only be improved but also a Partner who would like to achieve a certification level for his solution often required by Customers or regulations can follow up the integration of Knox Vault.

In critical communication, where end-to-end encryption is an important differentiator, private key of a user can be securely generated inside embedded Secure Element (eSE), and session keys can be protected by that key or other side’s public key. That can be also added to e-mail clients using the OpenPGP standard.

All the above is already a huge game-changer. However, Knox Vault is not only limited to protecting Data-at-Rest (DAR). It can also be applied to Data in Transit. A part of the Knox SDK is the Knox VPN framework that allows third-party developers to implement it in VPN client solutions. Availability of open-source solutions (such as strongSwan) can help to implement required by Government Customers standards, i.e. IKEv2.

In summary, if you are a Partner who provides the following:

·        Communicator, including voice/video, text

·        Biometric or e-signature

·        Encrypted E-mails (OpenPGP standard)

·        Secure storage for qualified documents

·        VPN Client

You can elevate your solutions with StrongBox Keymaster and Samsung Knox to the highest possible level achievable only on mobile devices supporting Knox Vault.

For more information, visit the following links:

Whitepaper - Knox Vault

DualDAR architecture

Knox SDK overview

 

[Icon] close

Get the right solution for your business

Join 25,000+ organizations around the world.

[Icon] suitcase
Are you a reseller or solution partner?

Get access to the Knox Partner Program for helpful partner tools, such as the Knox Deployment Program portal, Knox MSP portal, partner SDKs, and more.

[Icon] info
Unified Endpoint Management
Knox Suite
Rebranding and customization
Knox Configure
Fraud and theft protection
Knox Guard
Device protection plan
Samsung Care + for Business
Other products & services

Get started with

[Image] Knox Suite

All-in-one solution bundle for enterprise mobility.

[Icon] Check mark

Join us and get a 90-day free trial for Knox Suite and other Knox products. *Approval required

[Icon] Check mark

A complete set of tools to secure, deploy, manage, and analyze your enterprise's corporate mobile devices.

[Icon] Check mark

Try powerful features bundled with Knox Suite, such as Knox Remote Support.

Knox Suite include:

[Icon] Knox Platform for Enterprise Knox Platform for Enterprise
[Icon] Knox E-FOTA Knox E-FOTA
[Icon] Knox Mobile Enrollment Knox Mobile Enrollment
[Icon] Knox Asset Intelligence Knox Asset Intelligence
[Icon] knox manage Knox Manage
[Icon] knox capture Knox Capture

Get started with

[Image] Knox Configure Logo

Remotely configure Samsung devices in bulk and tailor them to specific needs, right out of the box.

[Icon] Check mark

After approval, you can try both the:

  • Setup edition — designed for a one-time deployment
  • Dynamic edition — deploy and update policies as many times without a factory reset.
[Icon] Check mark

Try either the Setup edition or Dynamic edition of Knox Configure on up to 30 devices.

[Icon] Check mark

Get a free Knox Suite trial upon approval to try our UEM.

Get started with

[Icon] Knox Guard Logo

Remotely control Samsung devices to reduce financial risks and protect assets.

[Icon] Check mark

After you get approved, generate your free trial license for 90 days.

check-mark

Try all the features of Knox Guard on up to 30 devices, including SIM control and device locking.

[Icon] Check mark

Get a free Knox Suite trial upon approval to try our UEM.

Get started with

[Image] Samsung Care Plus For Business Logo

Protect your business devices against accidental damage and mechanical breakdowns.

[Icon] Check mark

Are you already a Samsung Care+ for Business customer? Create an account and access the Samsung Care+ for Business console.

[Icon] Check mark

Contact the Samsung sales team and get peace of mind for your devices.

Other products & services

[Image] Others logo
[Icon] Check mark

Samsung offers additional solutions to serve the unique needs of your business. Talk to a Samsung expert today.

CONTACT SALES
Back to top