Samsung Knox Tizen Wearable v2 - SEAP Tizen Wearable Intro... · - BT/WiFi/NFC control and more ... APN / WiFi configuration - Firewall settings ... To find out more information on

Samsung Knox Tizen Wearable v2.0

Introduction for app vendors

Sep. 2016

Samsung Electronics Co., Ltd.

What is Samsung Knox Tizen Wearable?

2

HARDWARE-BASED, BUILT-IN PLATFORM THAT EXISTS IN MOST SAMSUNG MOBILE DEVICES, OUT OF BOX

+ CUSTOMIZABILITY+ PRODUCTIVITY+ MANAGEABILITY+ SECURITY

TIZEN WEARABLE

ANDROIDSMARTPHONE

ANDROIDTABLET

What is Knox Tizen Wearable SDK? (1/2)

For the first time ever on a smart watch, the Knox Tizen Wearable SDK will be available to third-parties, enabling the development of Knox-enabled applications for Samsung’s wearable ecosystem

3

2015.Sep 2016.Sep

OS Ver. Tizen 2.3.1 Tizen 2.3.2

Knox Ver. Knox Tizen Wearable v1.0 Knox Tizen Wearable v2.0

Knox SDK N/AKnox Tizen

Wearable SDK v1.0

※ Gear S2 is planned for OS update to Tizen v2.3.2 and Knox Tizen v2.0 respectively

What is Knox Tizen Wearable SDK? (2/2)

Knox Tizen Wearable SDK enables developers to leverage the Knox Tizen APIs on Gear for enhanced features

4

Knox Tizen v1.0Tizen appDeveloper

Knox Tizen v2.0

Knox Tizen Wearable SDK v1.0

EMM Server

Knox APIs

Build

Build

DL, Install

DL, Install

Knox APIs

manage

Standalone or Companion: Apps integrated with Knox Wearable SDK can communicate directly with its server

Companion onlyPairing required

No Knox enhancement

Why Knox Tizen Wearable v2.0? (1) Directly manage Gear devices (1/2)

5

A. Directly managing Gear devices with EMM: Once the EMM agent is installed via deeplink, IT manager can use hundreds of APIs to manage Gear devices

Enterprise IT Manager

Employee Device

Directly manage

Device Management App Management

Enterprise Asset Protection Network Management

- Call/SMS/data management

- Mic/GPS/Ringtone control

- BT/WiFi/NFC control and more

- Install/Remove application

- Allow/Disallow app installation

- Start/Stop application and more

- Lock device

- Wipe device data

- Set password and more

- APN / WiFi configuration

- Firewall settings

- Roaming control and more

Why Knox Tizen Wearable v2.0? (1) Directly manage Gear devices (2/2)

6

B. Pushing apps into employee devices: Given Tizen doesn’t allow sideloading of an app onto the device, every app needs to be downloaded from the Tizen appstore. Knox Tizen Wearable supports Deeplink feature, enabling IT managers to easily distribute apps

Tizen WearableApp Store

SEAP* Siteseap.samsung.com

① Download SDK

③ get “Deeplink” for app

④ Pass Deeplink ⑤ Pass Deeplink via

1) SMS2) EMM console3) Knox Mobile Enrollment

⑥ Download appusing Deeplink

App Vendor EnterpriseIT Manager

EmployeeDevice

② Register app & check Yes to “Hide App”

* SEAP : Samsung Enterprise Alliance Program

Why Knox Tizen Wearable v2.0? (2) Build purpose-built appliances

The customization APIs in the SDK allow app vendors to tailor Gear devices to their unique needs

7

Lock Gear device to a single app

(Kiosk Mode)

HW Key Re-mapping

Settings Manager

Prevent from exiting out from the app by pressing the Home button

e.g. Long-press the Home button for device to open the app

Enables the app to turn on/off settings

e.g. App enforces to turn on GPS + B/T but off Mobile Data or Roaming

…

Why Knox Tizen Wearable v2.0? (3) Secure work data

Developers can build apps leveraging Knox platform to enhance security of the service offered to customers

8

SE for Tizen: Permission mgmt. for apps and data

Trusted Boot: Check if booting components have been tampered with

Kernel Protection: Real-time kernel monitoring and protection (default-on)

HW Root of Trust: Keys securely stored in TrustZone

Security hardening of Tizen, out-of-box Integrate Knox security feature to the app

Tizen app

Enhancement made using Knox Tizen Wearable SDK

TIMA* Attestation: Pings a device if it has properly loaded boot components and firmware. In other words, an app can check if the device has been tampered with.

Knox Tizen APIs

* TIMA : TrustZone-based Integrity Measurement Architecture

Access to Knox Tizen Wearable SDK

9

① Visit https://seap.samsung.com

② Enroll or Sign-in SEAP Samsung account

③ Click DEVELOP Tizen SDK Knox Tizen Wearable SDK

④ Click

①②

③One SDK

※ Beta ver. is available as of 5th sep, Commercial ver. will be released in Oct.

④

Licensing Scheme

10

Tizen StoreSEAP* Site

seap.samsung.com

① Download Knox Tizen Wearable SDK

App Vendor User Device

GSBN*

v3.samsunggsbn.comKnox License Servers

(A) ELM* License Key (B) KLM * License Key

④ Fetch License Key(A) or (A)+(B)

② Register App

③ DL app ⑤ Verify Knox license

Key Accessible Features Source Knox Product Price

(A) ELM Key Manage device/apps/network, Attestation SEAP N/A(platform-level features)

Free

(B) KLM Key Customization (Kiosk, HW-key remapping, …) GSBN Knox Customization Toolkit(works on Android and Tizen Wearable)

$3.00 / device

※ Please contact a Knox reseller or your Samsung counterpart to purchase a KLM license key

* one-time fee, Invoice Price

License request & generation

* SEAP : Samsung Enterprise Alliance Program* GSBN : Global Samsung Business Network

* ELM : Enterprise License Management* KLM : Knox License Management

11

To find out more information on Samsung Knox Tizen Wearable,

please visit: http://samsungknox.com

http://seap.samsung.com

12

Appendix

Comparison against v1.0

13

NOIndirect control of Gear through a paired

Samsung Android

YESIn addition to paired mode, direct control of Gear

by an external server is available

Secure/Trusted boot,PKM*, SE for Tizen

v1.0 + RKP*, DM-verity*, Attestation

Individual DLfrom Tizen Store

A simple linkto easily download from Tizen Store

No Wearable SDK (W-MDM, 39 API)No Customization API

Knox Wearable SDKOne SDK : MDM+Customization+Attestation

STANDALONE

SDK

APP INSTALLATION

PLATFORM SECURITY

Knox Tizen Wearable v1.0 Knox Tizen Wearable v2.0

(300+ API) (28 API)

* PKM : Periodic Kernel Measurerment* RKP : Real-time Kernel Protection* DM-verity : Device-Mapper-verity

Comparison against Knox Android

APIs for Andoroid Smartphone/Tablet

14

Hardware Root of Trust

Trusted Boot

TIMA*

SE for Android

Knox Container

Hardware Root of Trust

Trusted Boot

TIMA*

SE for Tizen

SECURITY MANAGEABILITY/PRODUCTIVITY

Knox Android

Knox Tizen Wearable

1100+

300+

| Android Specialization: Google Account, S-Beam..

| Smart/Tab Specialization: Browser, E-mail, EAS*, Dual SIM, External Memory..

| Tizen Wearable Feature: Call/SMS/Data Management,BT/WiFi/NFC Control,Manage Application,ProKiosk Mode,System Manager..

Based on the same security platform architecture with Knox Android, Knox Tizen supports manageability to B2B customer by providing APIs to meet wearable use case.

APIs for Tizen WearableKnox ContainerX

* TIMA : TrustZone-based Integrity Measurement Architecture * EAS : Microsoft Exchange Active Sync

Key features

15

| Manage Apps

∙ Install/Remove application

∙ Allow/Disallow app installation

∙ Start/Stop application

| Manage Device

∙ Call/SMS/data management

∙ Mic/GPS/Ringtone control

∙ BT/WiFi/NFC control

| Manage Network

∙ APN /Wifi configuration

∙ Firewall

∙ Roaming control

| Enterprise Asset Protection

∙ Lock device

∙ Wipe data

∙ Set password| Settings Manager

∙ Hide/Show setting menu

∙ Bluetooth on/off

∙ GPS on/off

∙ Data Roaming on/off

∙ Mobile data on/off

∙ WiFi on/off

| ProKiosk Mode

∙ Enhanced Kiosk mode

∙ Set pass code

∙ Set home activity

∙ Hide notification messages

| System Manager

∙ H/W Key remapping

∙ Set Power Saving mode

∙ Bluetooth HID for Barcode scanner

| Enhanced Security

∙ Attestation

MDM features

Security features

Customization features