updated 03:47 pm EST, Tue February 25, 2014
Knox 2.0 ships on Galaxy S5, will be included with KitKat upgrades
Continuing Samsung's announcements in Barcelona at the Mobile World Congress, the Korean manufacturer has updated its Knox security suite to 2.0. The biggest change to the security manager is how it handles Google Play apps -- before the update, apps had to be run in the Knox workspace, with personal and business apps separated. The update combines the two, securing data without the "sandboxing" required previously.
Knox 2.0 provides users with enhanced container features, such as support for most Android apps from the Google Play Store, meaning there is no need to go through the wrapping process for third-party apps. Knox 2.0 also supports SE Android policy configurations for third party containers -- such as Good's secure container, Fixmo's SafeZone, and MobileIron's AppConnect -- so that these third-party containers will receive the same level of HW-based protection as the Knox container receives. This evolution of Knox allows for the choice of different types of containers for a more flexible approach to enterprise bring-your-own-device (BYOD) strategies.
The new Knox 2.0 upgrade brings six new features to the suite. TrustZone-Protected Certificate Management is a device-wide feature that generates and maintains client certificates inside Trustzone with additional support for industry standards. The Knox Key Store Generates and maintains encryption keys inside the TrustZone protected environment; allows third parties to utilize encryption for security sensitive applications and makes sure that encrypted data is protected if the system is compromised.
Knox 2.0 also performs real-time monitoring that both detects and prevents any unauthorized modifications to the kernel code, critical kernel data and system partition, Samsung says. The TrustZone-Protected ODE encrypts the data stored in the device through the TrustZone-protected encryption key, which can be disabled at the detection of system integrity compromise. Two-factor Biometric Authentication makes container access even more secure by requiring both password and fingerprint verification to authenticate on units that have the feature. Finally, the Enhanced Generic Framework of Knox supports Per-App VPN functions for SSL VPN solutions such as Juniper, F5 and Cisco. The previous version only supported them for IPsec VPN.
The new Knox 2.0 comes factory-installed on the Galaxy S5. Original Knox users will be updated to the 2.0 specification when their device is given the Samsung-provided Android 4.4 KitKat update, if their device qualifies for it.