Back to top
Home / Knox Manage / Knox Manage knowledge base articles /

Knox Enhanced Attestation Error code -5: ERROR_INVALID_NONCE

Last updated July 26th, 2023

Categories:

Configuration

Environment

  • Knox Platform for Enterprise (Knox 3.4 and above)
  • Knox Enhanced Attestation v3

Overview

On Samsung devices that support Knox and run Knox 3.4 or higher, when EMM or ISV tries to verify device data integrity with a generated nonce, the Knox attestation server returns a -5 or 400 invalid nonce error.

Cause

A nonce is a one-time token and its time period is 5 minutes. Therefore, an invalid nonce error can happen in the following scenarios:

  1. The same nonce is used multiple times.
  2. The nonce is used 5 minutes or more after being created.
  3. The nonce is not generated by the Knox Server or AUK is not matched.

Resolution

Please ensure the following to prevent an error message:

  1. The same nonce should not be used multiple times.
  2. If the last nonce is generated more than 5 minutes ago, create a new nonce before starting the attestation.
  3. Generate AUK from your KPP account and refer to the Knox attestation tutorial for creating a nonce.

On this page

Is this page helpful?