The security of corporate data on mobile devices remains a top concern for CEOs and CIOs when adopting enterprise mobility. Finding a mobile security solution that is both resilient and user-friendly can be a challenge, which is why Samsung designed Knox.

Knox is a multi-layered technology built into both the hardware and software of Samsung’s latest devices. From the Hardware Root of Trust to the Android Framework, Knox constantly verifies the integrity of the device and detects any tampering, ensuring your data is more secure.

Security Enhancements for Android protect applications and data by strictly defining what each process is allowed to do, and what data it can access. SE for Android help to secure a device by using domains, rights, security policies and Mandatory Access Control.

Knox leverages a processor architecture known as ARM TrustZone. In TrustZone, there are two worlds: the Normal World, and the Secure World. Virtually all smartphone software as we know today still runs in Normal World. The Secure World is reserved for highly sensitive computations, and is used extensively by Knox for protecting confidential enterprise data.
TrustZone consists of three core components:
  • TIMA KeyStore
  • Real-time Kernel Protection
  • Attestation

Secure Boot prevents unauthorized bootloaders and kernels from being loaded onto the device. This means that your device has not been tampered with and the Knox container can be loaded.

Trusted Boot ensures that the bootloader and OS kernel are the originals from the factory. This is done by recording the original device measurements and consistently checking the device at the start up to make sure these measurements haven't changed.

The Hardware Root of Trust is a set of security mechanisms built into device hardware that flag any time the device's default controls have been altered. These include Secure Boot Key and Device Root Key, which perform authentication and encryption operations associated with the device.


