Samsung Knox Security Platform

Trust from the hardware up

We build our Chain of Trust from tamper-resistant hardware Root of Trust (RoT).

Our Root of Trust is deeply embedded in our chips and not exposed to the outside world while accessible only to a limited set of applications. We ensure our primary software functions are not tampered with while offering end-to-end personal data protection. Our hardware-backed security features allow our customers to feel safe and maintain peace of mind.

Provide a safe execution environment for security-sensitive software

We provide a dedicated execution environment that processes sensitive and confidential data while protecting against malware attacks.

Protected Video Playback, User authentication, and Payment Applications run in our safe execution environment. For User Authentication Apps, our safe execution environment blocks unauthorized access to sensitive biometric information. For Payment Apps, our safe execution environment ensures the secure handling of payment transactions.

Keep sensitive data in fully isolated secure storage

Highly sensitive data such as biometrics, PIN values, or PII are stored in fully isolated secure storage that is robust towards data leakage threats.

Our fully isolated secure storage is also resistant to physical attacks.

Adopt proven cryptography technologies

We adopt proven cryptographic algorithms and technology to offer data protection solutions.

Samsung's products and services use internationally recognized and standardized cryptographic technologies. We ensure the implementation of these cryptographic technologies through certifications such as the Federal Information Processing Standard(FIPS). Customers’ data is safely stored in encrypted form. Such data protection mechanisms are also applied to data-at-rest and data-in-transit.

Apply robust user authentication technologies

We apply robust authentication technologies that qualify only designated users to access our devices and services.

A broad range of user authentication technologies such as PIN, pattern, password, fingerprint, and iris recognition are used in combination to offer robust user authentication. In addition, Samsung Account can be used to control access to internet services, and our multi-authentication may be applied to allow only designated users to access and use devices, services, and data.

Proactively prevent tampering of code and data

We deploy technologies that detect illegal tampering activities in your device and services.

We proactively build mechanisms that notify and alert users of these activities to prevent any potential threats to users. We detect and prevent tampering attempts launched on our products to ensure that each and every product remains safe and sound. We verify the integrity of the executed software at boot-up time using secure boot. Our software verification technology carries over to software updates preventing non-verified installation of software updates. Our real-time protection technology provides always-on protection over run-time software and sensitive data.

Apply the latest security updates

We apply the latest security updates and patches to combat attacks from the ever-changing malware and hacking landscape.

Samsung products provide security updates through a variety of channels. We offer online Over-the-Network updates as well as periodic and urgent security updates to broadly and swiftly address vulnerabilities.

Follow a strict security development process

From concept to end of life, we follow a strict security development process that covers the entire lifespan of our products and customer experience.

Our security policies extend to classifying, handling, and processing how we protect personal data and other forms of confidential data. We implement rigorous security design reviews that consider all types of attack vectors. We constantly monitor the threat landscape for emerging threats over our devices and services.

Samsung Knox Security Principles

Certificates Obtained by Samsung Knox