Home >Documents >Knox Solutions - Samsung Knox · PDF file - Provide Knox Customer ID - Get Knox Reseller ID 01...

Knox Solutions - Samsung Knox · PDF file - Provide Knox Customer ID - Get Knox Reseller ID 01...

Date post:13-Jul-2020
View:11 times
Download:4 times
Share this document with a friend
  • Knox Solutions

    Cloud Services

    Knox Guard

    What is Samsung Knox?

    Knox Platform for Enterprise

    On-device Security

    A comprehensive set of cloud enterprise solutions built on top of a secure on-device platform to address various business needs

  • Contents

    Ⅰ . Product Overview

    Ⅱ . Product Offerings

    Ⅲ . Device Eligibility & Verification

    Ⅳ . Customer Benefits

    Ⅴ . Appendix

  • Product Overview

  • What is Knox Guard? Cloud-based service that allows carriers/banks to remotely control and

    lock Samsung devices to reduce financial risks while running installment plans


    “ Reduced Financial Risks Larger Consumer Base ”

    Message Notification

    Periodic Screen Lock

    Device Lock

    Remote Device Control for Devices with Installment Plans

    Ⅰ. Product Overview

  • USP 1 : Mandatory Message Notification Notify device users of overdue payments by remotely

    sending message notifications to their devices

    Admin (Carrier/Bank)

    Device Users

    Use Cases

    · Notification of overdue payments

    · Reminder of payment terms & conditions

    · Advance warning of upcoming restrictions


    Message Notification

    · Customizable notification message

    · Real-time delivery

    Ⅰ. Product Overview

  • USP 2 : Periodic Screen Lock Notify device users of overdue payments more strongly

    by periodically locking screen

    Use Cases

    · Periodic restriction of device use

    · Early warning of upcoming restrictions

    Admin (Carrier/Bank)

    Device Users


    Periodic Screen Lock

    · Full-screen lock

    · Non-dismissible message remains in the

    notification bar after screen lock is dismissed

    · Lock frequency: 3 seconds ~ 24 hours

    · Customizable lock message

    Ⅰ. Product Overview

  • USP 3 : Device Lock Prevent unpaid devices from being resold in the gray market

    by fully locking device

    Admin (Carrier/Bank)

    Device Users

    Device Lock

    · Blocked access to Home Screen

    · No factory reset & binary flashing allowed

    · No USB/Bluetooth/Tethering/NFC allowed

    · Customizable Lock Screen message

    Location monitoring

    Use Cases

    · Persistent device lock-down

    · Enforced location monitoring

    Outgoing Call Restriction

    Exceptions: : Call to Customer Call Center, Emergency Call

    Ⅰ. Product Overview


  • 09

    - Status Inquiry

    - Device ID Upload

    - Action/Control

    - License Order

    Automated Operation Flexible Device Registration Methods SIM Control

    SIM Control

    - Lock device

    - Apply Restriction (Call/SMS/Data)

    - Based on MCC/MNC/GID1

    Additional Features

    Offline Lock

    Offline Lock

    - Prevent call-only fraud

    - Offline period threshold from 15 to 200 days


    Ⅰ. Product Overview

  • Hardware-backed Security

    Agent Network Blocking-proof

    All security-sensitive operations of Knox Guard securely run inside the TrustZone, a vault designed to protect the device from any attempts to compromise or hack. If user attempts to manipulate the TrustZone to escape Knox Guard’s control, device will subsequently lock itself.

    Knox Guard has ability to lift any network block or filtering placed on Knox Guard agent by any malicious app, and connect back to Knox Guard server to remain under control.



    Ⅰ. Product Overview

    Enhanced Security


    Firewall App


    Unauthorized Firmware Blocking

    Any attempts to replace the official software binary with a maliciously modified one are blocked on devices that are enrolled to Knox Guard to prevent devices from being compromised. NO CUSTOM ROM

    IMEI Tamper-proof

    Any intentional IMEI changes cannot alter or affect the control over the device because, upon Knox Guard device enrollment, each device is assigned a unique/secure identifier other than its IMEI within the server. IMEI


  • Product Offerings

  • Ⅱ. Product Offerings

    Product Polices

    Pricing Licensing

    · Per Device, One-time

    - Each device has own license period based on the enrollment timing of the device

    - Non-transferrable, Irrevocable from

    activated devices

    · Maintenance fee included

    - SLA-based technical support

    - Software maintenance

    · Upon Expiration

    - All policies applied on the device will be removed.

    - The device will be out of control.

    - Devices cannot be registered to Knox server with an expired license

    · Upon Device Deletion

    - All the policies and installed agent are withdrawn from the device

    - Device stops receiving command from the server, to push commands, the device must be registered and enrolled once again * License can be activated during 1 year from the "activation date" set

    by customer. Each device can be controlled up to 3 years after activation


  • Device Eligibility & Verification

  • Technical Requirements Device Ownership Verification

    Device Eligibility

    Ⅲ. Device Eligibility & Verification


    · Devices must be purchased from Knox Deployment Program- participating resellers

    · Designed for a large number of commercial devices

    Type 1

    By Device Reseller (Bulk Device ID Upload)

    · Devices can also be verified using Knox Deployment App in real time

    · Designed for a small number of devices (e.g., test devices)

    Type 2

    By IT Admin (NFC/Bluetooth Connection)

    Samsung Galaxy (smartphones/tablets)

    With Knox v3.2.1 (=Android Pie OS) or greater

    * Basic Knox Guard features are supported even from Knox v2.7.1+ but Knox Guard is preloaded and fully secured from Pie OS.

  • Ⅲ. Device Eligibility & Verification

    Type 1 : By Reseller – Bulk Device ID Upload KDP1)-participating resellers can upload a number of device IDs in bulk for

    verification automatically via Knox Reseller API or manually via Knox Reseller Portal


    Admin (Carrier/Bank) Device Users

    Knox Deployment Program

    Participating Device Reseller

    Manage devices over-the-air, out-of-the-box

    05 Submit device IMEI/SNs for verification


    Deploy devices to end users04

    Submit Reseller ID, accept device ID uploads, and select devices to register


    Purchase devices from Participating resellers - Provide Knox Customer ID - Get Knox Reseller ID




    Knox Reseller API

    Knox Reseller Portal

    KG Customer Portal

    1) Knox Deployment Program

  • Master Device Target Device 03 NFC

    Bump each target device Prepare a master device and download & install Knox Deployment App


    Sign in with IT Admin account to register target devices

    02 Device ID uploaded by app

    04 Device registration and management capability enabled immediately


    Ⅲ. Device Eligibility & Verification

    Bluetooth Open https://guard.samsungknox.com from web browser on each target device and click on “First Time” button

    Type 2 : NFC/Bluetooth Connection IT Admin can self-verify device ownership and immediately apply Knox Guard on devices

    by connecting each device via NFC or Bluetooth using the Knox Deployment App



  • Customer Benefits Customer Benefits

  • Ⅳ. Customer Benefits



    Customer Consumer

    Reduced Operating Costs

    Eliminate costs associated with manual labor and fees

    incurred through SMS and/or call reminders

    Increase Customer Base Lower Interest Rates Wider Product Portfolio

    Places the Customer(finance companies, carriers, etc.) at an advantage against other device

    channels with higher interest rates and operating costs.

    Lowered interest rates are favorable for consumers

    as total costs associated with financing a device is lower

    Consumers have a wider range of devices to choose from, including premium

    devices that are not available for financing elsewhere.


  • Appendix

  • Ⅴ. Appendix

    Business Model : Device Registration at point of sale Device resellers sell devices with an installment plan, enabling devices at point of sale,

    to be managed by financial service providers through Knox Guard


    Device Users

    Financial Service Provider

    · Such as Banks or Carriers · Purchases Knox licenses · Serves as IT admin for

    Knox Guard

    Device Reseller

    · Such as Retailers or Carriers · Participating in KDP*

    Check credit01

    Upload device IDs at point of sales


    Resell devices

    - With installment plan - with signed terms & conditions


    Control devices04

    Could be the same company OR

    Knox Deployment App (at the point o

Click here to load reader

Reader Image
Embed Size (px)