Menu

Licensing

The Samsung SDKs use licenses as a security measure to prevent malicious activities by malware. When your app uses one of these SDKs, it must provide its unique license key to identify itself and provide evidence that it is authorized to use the SDK.

This section covers what license keys are, how to obtain a license key, how to active a license key and how to add priveledges in the app manifest file in order the set of API methods.

Licence overview

To use the Knox Tizen SDK for Wearables APIs you require the following license keys:

API category License required
Standard APIs ELM
Customization APIs ELM, KLM
Attestation APIs ELM, Rest API key

Enterprise License Management (ELM)

Samsung Enterprise License Management (ELM) provides secure B2B MDM services on the Tizen platform and consists of two parts: the ELM server and the ELM agent.

A web-based ELM server issues licenses (keys) to app developers and an ELM agent on each device checks with its server to ensure that a developer’s app is licensed to use the SDK. An ELM license key has 128 alphanumeric characters.

How Samsung ELM activation works

The MDM admin engages Samsung ELM services and obtains an ELM license by following these steps:

  1. The MDM developer obtains an enterprise license from Samsung to access the Knox Tizen SDK for Wearables APIs. For more information, see the Knox Partner Program web page.
  2. The MDM developer calls mdm_activate_license(pkg_name, license_key).
  3. The ELM server sends a response with the set of Knox permissions granted to this admin.
  4. The device enforces the license with the above permissions after successful activation.
  5. NOTE — ELM license is per app and not per device.

The following figure illustrates the license activation process:

Knox License Management (KLM)

Samsung Knox License Management System (KLM) is the license management and compliance system for Samsung Knox. KLM provisions valid licenses to enterprises to enable them to activate Knox services on supported devices. KLM helps Samsung to track Knox licenses on Knox devices, while ensuring license compliance as per Samsung’s business requirements.

KLM integrates with Samsung’s internal order management system to provide license usage to manage charging and billing to customers.

Developers use a KLM license to activate a paid Knox product or service like Customization APIs that is part of Knox Tizen SDK for Wearables. In this case too, a web-based server assigns and verifies license keys.

You need to pay for the Knox licenses. For example, if you deploy your Knox Customization app on 1000 devices, you would pay a license fee to activate Knox on each device.

To purchase production Knox licenses, contact a Samsung reseller

For testing purposes, you can generate the development key from the Knox Partner Program portal.

REST API key

This key is required for developers to use in REST API calls to cloud servers like the Samsung Enterprise Gateway and Attestation server.

For more resources, see Knox licenses.

About license keys

The license keys are used for verifying the validation to use Knox Tizen SDK for Wearables APIs in partner apps. Partners are allowed to use only the licensed permission(s).

License key types

There are two types of ELM and KLM license keys:

  • Development license—Use this license for development and QA environments. With this license, the licensing agent on the device does not authenticate SDK usage with the licensing server on the web. A development license expires after 6 months, at which point you must get a new license.
  • Production license—Use this license when you are ready to release your app in a production environment, for final QA testing or release. With this license, the licensing agent authenticates SDK usage with the licensing server, and uploads the API usage statistics to the web server. You must be registered as a partner to access ELM production licenses. See Get license keys
  • NOTE — You can get the KLM production license through Samsung resellers.

License key states

There are three license key states:

  • Valid — Registration on a new device is allowed.
  • Terminated — License is terminated and is no longer available.
  • No new registration — Registration on a new device is not allowed.

Get license keys

You can generate the ELM, KLM and Rest API keys from the Knox Partner Program site. Go to the License Keys for Samsung Knox Tizen SDK for Wearables web page.

ELM, KLM, Rest API Development Keys — On the License Keys page, click Create License Keys to generate an ELM and KLM development key.

ELM Production Keys — To generate an ELM production key, you need to be registered as a partner. However, if you are still registered as a developer, you need to request an upgrade to partner status to access production ELM licenses, “request an upgrade to partner status".

KLM Production Keys — You can buy the production Knox licenses through Samsung resellers.

For more information on license keys, see FAQ: What licenses do I need to use the Samsung Knox Tizen SDK for Wearables.

Activate license keys

Partners are strongly advised to securely store their license key on a server (either hosted or on-premise) and have the device fetch during license activation.

It is essential to keep the license key secure to prevent it from being leaked. A partner's client app must not store the license key on the device, because it can be disassembled or reverse-engineered.

Before calling license activation APIs, add the required privileges, in the manifest file. Also, verify that the date/time zone on device is current.

Activate an ELM license

The following code sample demonstrates how to register an MDM client and set a callback function:

// License callback
void __license_callback_(int oper, void * cb_data, void * user_data) {
  mdm_license_callback_t * ldata = (mdm_license_callback_t * ) cb_data;
  switch (oper) {
  case MDM_CB_LICENSE_DEACTIVATE_KNOX:
    if (ldata - & amp; gt; license_info != NULL) {
      // ...
    } else {
      // ...
    }
    break;
  default:
    // ...
    break;
  }
}
int ELM() {
  char license_key[] = "key";
  // Connect to the MDM
  mdm_get_service();
  // License callback registration.
  mdm_register_client_callback(MDM_LICENSE_CB, __license_callback_, NULL, NULL);
  mdm_data_t * lp_data = mdm_deactivate_knox_license(pkg_name, license_key);
  if (lp_data != NULL) {
    // mdm_get_license_info success
    mdm_license_status_t * license_status = (mdm_license_status_t * ) lp_data - & amp;
    gt;
    data;
    if (mdm_license_info_t != NULL) {
      // ...
    }
    mdm_free_data(lp_data);
  } else {
    // mdm_get_license_info fail
  }
}

Activate a KLM license

The following code sample demonstrates how to activate the KLM license:

// License callback
void __license_callback_(int oper, void * cb_data, void * user_data) {
  mdm_license_callback_t * ldata = (mdm_license_callback_t * ) cb_data;
  switch (oper) {
  case MDM_CB_LICENSE_ACTIVATE:
    if (ldata - & amp; gt; license_info != NULL) {
      // ...
    } else {
      // ...
    }
    break;
  case MDM_CB_LICENSE_VALIDATE_RESULT:
    if (ldata - & amp; gt; license_info != NULL) {
      //
    } else {
      //
    }
    break;
  default:
    // ...
    break;
  }
}
int fun() {
  char license_key[] = "LicenseKey";
  // Connect to the MDM
  mdm_get_service();
  // License callback registration.
  mdm_register_client_callback(MDM_LICENSE_CB, __license_callback_, NULL, NULL);
  mdm_data_t * lp_data = mdm_activate_license(pkg_name, license_key);
  if (lp_data != NULL) {
    // Success
    if (lp_data - & amp; gt; ret == MDM_ERR_NONE) {
      // Status OK
    } else {
      // Status Error
    }
    mdm_free_data(lp_data);
  } else {
    // Failure
  }
  return 0;
}

To activate Rest API license

In the header of every REST API call to the Attestation server, you must identify yourself by encoding your Attestation REST API key.

The following sample code shows how to insert a REST API key into the header of a REST API request:

& lt; ? php
// insert the REST API key you got from the Knox Partner Program portal
$api_key = '';

// initialize a new HTTP session
$curl = curl_init();
// specify the URL of the cloud service
curl_setopt($curl, CURLOPT_URL, "https://attest-api.secb2b.com/v2/nonces");
// select the HTTP POST method
curl_setopt($curl, CURLOPT_POST, 1);

// build the HTTP message header, which includes a field for the REST API key
$headers = array(
  'x-knox-attest-api-key: '.$api_key,
);
// set the HTTP message header
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
// execute the HTTP session
curl_exec($curl);

Add Privileges

You must add the required privileges in the manifest file of your app to call the set API methods.

The following are the privileges required for each category of Samsung Knox Tizen SDK for Wearables:

  • MDM Privileges
  • Customization Privileges
  • Attestation Privileges

MDM Privileges

The following are the required privileges to use MDM APIs:

<privileges>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.admin</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.apn</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.application</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.bluetooth</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.browser</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.datetime</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.device</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.eas</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.email</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.firewall</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.kiosk</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.misc</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.password</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.phonerestriction</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.remote</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.restriction</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.roaming</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.security</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.wifi</privilege>
</privileges>

Customization Privileges

The following are the required privileges to use Customization APIs:

NOTE — You require the "mdm.admin" privilege as well, to call the Customization APIs, as you need to activate the ELM and KLM license keys.
<privileges>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.admin</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/knoxcustom.admin</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/knoxcustom.prokiosk</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/knoxcustom.setting</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/knoxcustom.system</privilege>
</privileges>

Attestation Privileges

The following are the required privileges to use Attestation APIs:

<privileges>
<privilege>http://developer.samsung.com/tizen/privilege/mdm.admin</privilege>
<privilege>http://developer.samsung.com/tizen/privilege/knox.attestation</privilege>
</privileges>