Mobile Payments and Security

WHAT WE DO

We build the highest-rated mobile security platform in the enterprise mobility space and the only universally accepted mobile wallet solution available today.

KNOX Logo Large

Samsung KNOX was developed with the vision to break through the enterprise market by offering a more secure Android platform for both work and play. KNOX was first introduced to the world in February 2013 at the Mobile World Congress in Barcelona and since then, we’ve continued to evolve the product and its offerings.

The Samsung KNOX platform is purpose-built with security in mind. It delivers the best protection for work content for both corporate-owned and BYOD devices.  Samsung is currently the only Android provider of defense-grade and government-certified mobile security complying with the US Government and Department of Defense (DoD) initiatives and other standards for mobile security.  Samsung KNOX is available on a wide range of Samsung smartphones and tablets.

www.samsungknox.com

 

Samsung Pay Horizontal Logo Artwork RGB 0623

Samsung Pay is a secure and easy-to-use mobile wallet solution that is accepted virtually everywhere. It can transmit credit and debit cards via Near Field Communication (NFC) and a new proprietary technology called Magnetic Secure Transmission (MST), which works at virtually all merchant locations with no merchant POS system changes required. Samsung Pay can also work with private label credit cards and is the first mobile wallet service to enable ubiquitous acceptance that can truly change consumer behavior.

Going forward, Samsung Pay will reinvent the way people pay for goods and services and transform how they use their smartphones. Samsung is deeply committed to making Samsung Pay the de facto standard in mobile payments. Come join the Samsung Mobile Payment team and be part of the future of secure mobile payment.

www.samsung.com/us/samsung-pay


Samsung Pay Leverages KNOX System Integrity

Samsung Pay is built on top of the KNOX platform, and it inherits multiple system integrity features from KNOX. The following highlights a few that are essential to the security of Samsung KNOX and Samsung Pay: 

Secure Boot: All Samsung devices adopt Secure Boot. During the device boot time, all the bootloaders, the Trusted Execution Environment (TEE), and the hardened Android kernel are verified through code signing. In particular, only the Samsung approved TEE, which hosts the security critical payment data and operations, can be loaded to the devices. 

The TEE leveraged from the Samsung KNOX platform also ensures isolation of sensitive data. Tokenization replaces debit and credit card numbers, and eliminates the possibility of cybercriminals capturing personal and financial data at rest or in transit. Transactions must be authenticated with cryptograms, and cryptogram generation requires proof that users authorize payments with a biometric fingerprint or a PIN. 

Trusted Boot and remote attestation: In addition to Secure Boot, Samsung devices also adopt Trusted Boot, which measures and records the cryptographic fingerprints of the bootloaders, the TEE, and the Android kernel. During the provisioning of payment credentials, the Samsung Pay server remotely verifies the integrity of these key pieces of system software (particularly the TEE) through remote attestation. If any of them has been modified, payment credentials will not be provisioned to the device. 

Verification of Trusted Apps: Every time a Trusted App is loaded into memory, the TEE performs a cryptographic verification of the binary. This further ensures that only the authentic Samsung Pay Trusted Apps are executed and allowed to access the payment credentials. This is performed in addition to the installation time verification of the Samsung Pay app available on regular Android devices. 

Mandatory Access Control: Samsung Pay leverages SE for Android to enforce Mandatory Access Control so that only the authentic Samsung Pay app is allowed to execute Samsung Pay-specific functionalities. For example, only authorized apps are permitted to access the Trusted Apps. 

Theses security features, along with other KNOX platform security mechanisms, provide a high bar for any malicious party aiming to attack Samsung Pay.

WHO WE ARE

Mobile Payments and Security focus on the following areas for Samsung KNOX:

  • TrustZone-based Integrity Measurement Architecture (TIMA): The TIMA team develops new hardware-rooted mobile platform security features. Examples of TIMA features include Real-time Kernel Protection, Periodic Kernel Measurement, Trusted Boot, Remote Attestation, Key Store, and Client Certificate Manage. These features have shipped on many Samsung KNOX devices today.
  • SE for Android: The SE for Android team develops and applies Mandatory Access Control (MAC) mechanisms to offer fundamental OS-level and Android framework-level security functions on Samsung KNOX platform, including platform integrity, strong application isolation, and enterprise data protection.
  • KNOX Container: The KNOX container team develops features related to the Samsung KNOX container (a.k.a., the KNOX Workspace). The KNOX container offers a secure environment to run enterprise applications and protect enterprise data. Applications and data inside the container are isolated and protected from applications outside the container. This team is working diligently to develop more features desired by enterprise customers.
  • Mobile Authentication: The Mobile Authentication team develops new technologies to introduce novel ways for secure and convenient mobile user authentication. Besides classic mobile user authentication problems such as unlocking mobile devices, this team develop new features so that mobile users can leverage their mobile devices to a broader range of authentication applications, such as authenticate and access enterprise computer systems, secure web sites, buildings, and physical security check points.
  • Identity and Access Management (IAM): The Knox IAM team develops new technologies for the management of user identity and authentication credentials for remote accesses. An example accomplishment of this team is the KNOX Single-Sign-On (SSO) Framework, which supports a wide range of Identity Management services.
  • KNOX Security: The KNOX Security team focuses on security considerations in product requirements, design, implementation, and deployment for Samsung KNOX. This team develops tools for static and dynamic code analysis, penetration test, and reverse engineering. This team is also responsible for security incident responses for KNOX products.
  • Mobile Device Management (MDM): The KNOX MDM team develops KNOX APIs and SDK to enable partners to build more applications and services on the Samsung KNOX platform. The Samsung KNOX MDM APIs are widely used by MDM vendors and enterprise partners. This team also supports preferred partners to integrate the KNOX platform services into their solutions.
  • Data-at-Rest: The Data-at-Rest team develops new technologies for secure storage of enterprise data. They leverage the hardware-rooted security foundation on Samsung KNOX devices to build Data-at-Rest solutions that offer device-binding, application-binding, and user-binding. The team’s goal is to provide complete data protection without impacting performance and usability of the mobile device.
  • KNOX Cloud Services: The KNOX Cloud Services team builds the cloud services that enable Samsung Mobile to lead the enterprise mobility space. Our services and platform are specifically designed to satisfy stringent enterprise and government requirements, while scaling to support large scale and decentralized deployments in SMB and mid-tier enterprise markets. Examples of accomplishments include Samsung Enterprise Gateway, remote attestation service, and Universal Mobile Device Management (MDM) support on Samsung KNOX.
  • Mobile Networking: KNOX mobile Networking team develops the mobile networking framework on Samsung KNOX for integrating third party network security solutions such as VPN and split billing. This team also works closely with partners so that they can smoothly integrate mobile network security features for Samsung KNOX.

 

Mobile Payments and Security focus on the following areas for Samsung Pay:

  • Secure by Design: Samsung Pay is not only widely accepted and easy-to-use, but also incredibly secure, with several layers of security to ensure its users’ information stays safe. Why is Samsung Pay so secure? Because it protects people at three levels: guarding their private information (tokenization), requiring authentication, and constantly monitoring their devices with Samsung KNOX. 
  • Accepted Virtually Anywhere: Samsung Pay can be used in more stores than any other mobile payment service because it supports both MST and NFC. This means that if you can use your credit or debit card, chances are you can use Samsung Pay just as easily. 
  • More than Payments: Samsung Pay isn't just for making purchases. With a list of partners that continues to grow, Samsung Pay also supports membership cards, rewards cards and public transit cards. Buying gift cards for friends, family or just yourself is also possible straight from the app.
  • In-App Promotions: Introduce In-app marketing promotions/consumer engagement capability with sophisticated targeting and reporting to help increase Samsung Pay product usage.
  • In-App Payments: Enable 3rd Party Android apps to be able to use Samsung Pay to pay for any physical or virtual goods/services within the app.


Mobile Payments and Security Management processes:

  • Program Management: The KNOX and Pay Program Management team is responsible for the coordination of all R&D projects, the Quality Assurance of KNOX and Pay products, and the engineering infrastructure supports. This team works with all R&D teams to ensure that new KNOX and Pay features are commercialized successfully in a timely manner.
  • Product Management: The Product Management team gathers customers’ requirements and works with the R&D teams to refine existing KNOX and Pay features and define new features.
  • Business Development, Sales, and Marketing: The Business Development team works with partners to identify new opportunities and facilitate the collaboration between Samsung KNOX and Pay and their partners. The Sales team is responsible for global re-seller account management, re-seller operations, KNOX and Pay Sales Engineering, and other sales issues. The Marketing team works with the global B2B marketing team to handle all the KNOX and Pay marketing activities. 
Peng Ning Web3

Peng Ning

Peng Ning and his team lead Mobile Payments and Security. He is currently the global engineering co-head for both Samsung KNOX, the most secure enterprise mobile security platform, and Samsung Pay, the most widely accepted and secure mobile wallet. He also acted as the Chief Security Architect for Samsung KNOX.

Before joining Samsung in 2012, Peng was a Professor of Computer Science at North Carolina State University. He was a recipient of National Science Foundation (NSF) CAREER award, a Steering Committee member of ACM CCS and ACM WiSec, and served as General Chair, Program Chair, organizing or program committee member for over seventy technical conferences or workshops related to computer and network security.

Peng's Google Scholar page can be found at http://scholar.google.com/citations?user=y5_J6KIAAAAJ

OUR THINKING

Security Matters: The Evolution of Samsung KNOX and Samsung Pay

In a customer discovery world, business transformation requires a secure environment. In this session, Jae Shin, VP of KNOX Business Group, discusses the new capabilities available to companies who want to embrace Android in their business. Samsung KNOX makes Android safe and secure for your business. See More

Samsung KNOX Receives Most “Strong” Ratings of Any Security Platform in Gartner Report Mobile Device Security

Samsung Electronics announced that Samsung KNOX 2.6, Samsung’s built in defense grade security that is ready for work right out of the box, received the most “Strong” ratings of any mobile security platform in the report “Mobile Device Security: A Comparison of Platforms” from Gartner, Inc.. The report, published on April 6, 2016 compared the core OS security features built into twelve mobile device platforms as well as enterprise management capabilities. READ MORE

Samsung KNOX wins the 2015 Best Security/ Anti-Fraud Solution at MWC 2015

Samsung KNOX won 'Best Security/ Anti-Fraud Product or Solution' at Mobile World Congress 2015. 

Judge’s comments: The technology behind this product is a genuine and significant step forward in providing verifiable security on mobile devices

 

20150303 174647

Keep going. There's more to see.

Open Positions

Check out these open positions.

Working at SRA

Our strength is our people. We assemble the smartest, most original thinkers and encourage great work with a collaborative environment.

Partnerships

We work closely with corporations and industry partnerships, and offer collaboration opportunities with top U.S. universities.