With Samsung Knox Native, a solution is now available in Germany that makes secure communication for authorities and companies quick and easy. The solution, developed in close cooperation with the BSI (Federal Office for Information Security), creates its own, separate security area on mobile devices. The security solution is built directly into smartphones and tablets – in the form of an evaluated hardware anchor, the embedded Secure Element (eSE). This encrypts personal and classified data using the integrated BSI Java Card Applet (BSI Mobile Security Anchor) and can store it locally on the device in a tamper-proof manner. Knox Native will be available for a variety of mobile Samsung smartphones and tablets from mid-August 2024.1
Until now, external SD cards, additional software and various PINs were necessary for secure mobile communication with Android-based solutions, data storage and processing of classified information. This often involved a great deal of manual effort, high costs and long approval and evaluation processes before these security solutions could be put into operation and used.
“With our embedded Secure Element and the BSI Java Card Applet, we are breaking new ground,” says Tuncay Sandikci, Director MX B2B at Samsung. “Samsung Knox Native takes the security of sensitive data and identities to a new level by storing and encrypting them in an area isolated from the rest of the device. This allows us to meet the growing security requirements, particularly at government level, in state authorities and companies.”
The embedded Secure Element (eSE) built directly into the device is certified according to CC EAL 6+ (Common Criteria Evaluation Assurance Level)2. The encryption follows the BSI specifications and is based on cryptographic keys, as is the VPN authentication.
Native Customer Experience
The Embedded Secure Element (eSE) can be loaded with key material over the air, providing device encryption and other authentication options. In addition, thanks to integrated protection of data-at-rest, data-in-use and data-in-transit, Knox Native offers a fundamental platform for solution providers and customers with their own apps.
“With Knox Native, we offer a consistent and, as the name suggests, native customer experience. The devices are intuitive to use, procurement, commissioning, administration and decommissioning are quick and easy to implement, and at the same time they meet high security standards,” says Sandikci.
The BSI has evaluated Knox Native for processing classified information with a security level of “VS – For Official Use Only” (VS-NfD). This means that native functions such as email, calendar or contacts can be used directly in the VS-NfD environment. This authorization also applies to the Samsung Knox Suite, Knox VPN and Knox UCM (Universal Credential Management).
Oliver Zendel, Head of Department V2 at the BSI: “Samsung Knox Native and the BSI Java Card Applet create an experience for processing classified information that users are familiar with from their private devices. Thanks to the scalability of the native security function and the modular structure of the ecosystem, the range of functions can be continuously expanded to include additional secure apps. This means that the federal administration can continue to benefit from innovative, needs-based solutions for secure, mobile work in the future and at the same time ensure a high level of protection for our data.”
Diverse areas of application in authorities and companies
The solution can be used wherever security plays an important role, for example when transmitting or checking personal data. Knox Native is not only suitable for use within the government apparatus, state authorities, public administrations or the police. This solution, which is suitable for VS-NfD, is also useful and can be implemented for private companies such as energy suppliers, banks or other organizations with high security standards. A large number of models1 are available for the various application areas.
Another advantage of Samsung Knox Native is its ease of use: a single PIN is enough to activate all areas. There is also the option of securely integrating company-specific apps via specific interfaces without any further complex evaluation. This means that even larger device fleets that are to be equipped with high available security standards can be operated economically. The devices can be managed via the Knox Suite. Admin functions are available for PIN management, app management, and device, account, and SIM blocking.
Expansion with more native functions and apps
In the future, even more standard functions for processing VS data on the end device will be made available, thus creating an app ecosystem for VS-NfD. The aim of the technical testing of the apps is to ensure a high level of security while keeping effort and adjustments to a minimum in order to enable a quick process.
Prices and purchase options
Samsung Knox Native as a standalone license costs €45 (RRP) per year per device and can be purchased through authorized Knox deployment partners.
For more information about Samsung Knox Native, see: https://www.samsung.com/de/business/mobile-solutions/samsung-knox-native/
1 Verfügbar für Galaxy Z Fold5, Galaxy Z Flip5, Galaxy S24 5G Enterprise Edition, Galaxy S24 Ultra 5G, Galaxy S23 5G Enterprise Edition, Galaxy S23 Ultra 5G Enterprise Edition, Galaxy XCover6 Pro Enterprise Edition, Galaxy Tab Active5 Enterprise Edition, Galaxy Tab S8 + 5G Enterprise Edition
2 Common Criteria: New CC Portal (commoncriteriaportal.org)
