Samsung KNOX was developed with the vision to break through the enterprise market by offering a more secure Android platform for both work and play. KNOX was first introduced to the world in February 2013 at the Mobile World Congress in Barcelona and since then, we’ve continued to evolve the product and its offerings.
The Samsung KNOX platform is purpose-built with security in mind. It delivers the best protection for work content for both corporate-owned and BYOD devices. Samsung is currently the only Android provider of defense-grade and government-certified mobile security complying with the US Government and Department of Defense (DoD) initiatives and other standards for mobile security. Samsung KNOX is available on a wide range of Samsung smartphones and tablets.
Samsung Pay is a secure and easy-to-use mobile wallet solution that is accepted virtually everywhere. It can transmit credit and debit cards via Near Field Communication (NFC) and a new proprietary technology called Magnetic Secure Transmission (MST), which works at virtually all merchant locations with no merchant POS system changes required. Samsung Pay can also work with private label credit cards and is the first mobile wallet service to enable ubiquitous acceptance that can truly change consumer behavior.
Going forward, Samsung Pay will reinvent the way people pay for goods and services and transform how they use their smartphones. Samsung is deeply committed to making Samsung Pay the de facto standard in mobile payments. Come join the Samsung Mobile Payment team and be part of the future of secure mobile payment.
Samsung Pay Leverages KNOX System Integrity
Samsung Pay is built on top of the KNOX platform, and it inherits multiple system integrity features from KNOX. The following highlights a few that are essential to the security of Samsung KNOX and Samsung Pay:
Secure Boot: All Samsung devices adopt Secure Boot. During the device boot time, all the bootloaders, the Trusted Execution Environment (TEE), and the hardened Android kernel are verified through code signing. In particular, only the Samsung approved TEE, which hosts the security critical payment data and operations, can be loaded to the devices.
The TEE leveraged from the Samsung KNOX platform also ensures isolation of sensitive data. Tokenization replaces debit and credit card numbers, and eliminates the possibility of cybercriminals capturing personal and financial data at rest or in transit. Transactions must be authenticated with cryptograms, and cryptogram generation requires proof that users authorize payments with a biometric fingerprint or a PIN.
Trusted Boot and remote attestation: In addition to Secure Boot, Samsung devices also adopt Trusted Boot, which measures and records the cryptographic fingerprints of the bootloaders, the TEE, and the Android kernel. During the provisioning of payment credentials, the Samsung Pay server remotely verifies the integrity of these key pieces of system software (particularly the TEE) through remote attestation. If any of them has been modified, payment credentials will not be provisioned to the device.
Verification of Trusted Apps: Every time a Trusted App is loaded into memory, the TEE performs a cryptographic verification of the binary. This further ensures that only the authentic Samsung Pay Trusted Apps are executed and allowed to access the payment credentials. This is performed in addition to the installation time verification of the Samsung Pay app available on regular Android devices.
Mandatory Access Control: Samsung Pay leverages SE for Android to enforce Mandatory Access Control so that only the authentic Samsung Pay app is allowed to execute Samsung Pay-specific functionalities. For example, only authorized apps are permitted to access the Trusted Apps.
Theses security features, along with other KNOX platform security mechanisms, provide a high bar for any malicious party aiming to attack Samsung Pay.