The Big Picture

Samsung provides both web-based as well as device-based APIs to manage our devices and services. Here is a high-level overview:

The first three services support the enterprise deployment of Samsung mobile devices:

  1. Knox Deployment Program (KDP)—Knox device resellers use KDP to register the IDs of devices purchased by enterprises. Resellers can do this through Samsung's KDP reseller portal. Or, they can use our KDP REST APIs to integrate this functionality into their own websites. The device information is stored on our Knox cloud servers for other services to access.
  2. Knox Mobile Enrollment (KME)—Enterprise IT admins use KME to identify the Mobile Device Management (MDM) system that manages purchased devices. Enterprises can do this through Samsung's KME web portal or they can use our KME REST APIs to integrate this functionality into their own websites. The MDM information is stored on our Knox cloud servers for other services to access.
  3. Mobile Device Management (MDM)—When a purchased device first boots up, the Knox Enrollment Service connects to a Knox cloud server to see which MDM manages it, then connects to the MDM server to download the MDM client app. The MDM client deploys any corporate policies set up by the IT admin. So the device is enterprise ready right out of the box with minimal user setup needed. MDM clients use the Knox SDK (#7 in the diagram).

The next three services provide device customization, security, and management.

  1. Knox Configure (KC)—System Integrators use KC to customize devices for a wide range of vertical applications. For example, they can develop purpose-built info kiosks, point-of-sales terminals, inventory trackers, or entertainment systems. System Integrators can do this through Samsung's KC web portal and/or the KC REST APIs. Alternatively, they can use the Knox SDK (#7 in the diagram) to fully customize the setup and operation of a device.
  2. Knox Attestation—MDM vendors or Independent Software Vendors (ISVs) can use Knox Attestation to ensure that a device is running authorized firmware that was installed in the factory or upgraded through official updates. They use a combination of Attestation REST APIs and the Knox SDK.
  3. Knox E-FOTA—MDM vendors or Independent Software Vendors (ISVs) can use Knox E-FOTA to control device firmware updates, which are typically managed by carriers. They can do this through Samsung's Knox E-FOTA portal.

The final two items support device management, security, and customization on the Samsung devices:

  1. Knox SDK—Developers use the Knox SDK to create apps that manage, secure, and customize Samsung devices. There is a Knox SDK for Android phones and tablets, and a Knox Tizen SDK for wearables. Apps can take orders from a web-based MDM or KC portal, and implement them on the device using calls to APIs in the Knox SDK. The Knox SDK extends functionality in the Android SDK (for phones and tablets) and Tizen SDK (for watches), offering enhanced device manageability, security, customization, and usability.
  2. Knox Service Plugin (KSP)—MDM vendors can use the KSP to deploy new Knox features the moment they're released. Minimally, a web developer uses an iframe to display the list of features configurable through KSP. The KSP client on the device handles the new feature configuration, so that MDM clients don't need to.