Class Overview
This class provides enhanced attestation functionality.
Enhanced attestation executes Samsung attestation based on SAK and generates blob data.
The generated blob data is sent to the Samsung Attestation Server and server verifies if blob data is valid or not.
After the verification, Samsung Attestation Server stores the blob data with verification results.
You can query with HTTP command to get the stored enhanced attestation results to server.
Summary
[Expand]
Inherited Methods |
From class
java.lang.Object
Object
|
clone()
|
boolean
|
equals(Object arg0)
|
void
|
finalize()
|
final
Class<?>
|
getClass()
|
int
|
hashCode()
|
final
void
|
notify()
|
final
void
|
notifyAll()
|
String
|
toString()
|
final
void
|
wait(long arg0, int arg1)
|
final
void
|
wait(long arg0)
|
final
void
|
wait()
|
|
Public Methods
public
boolean
isSupported
()
Check if the device supports enhanced attestation or not.
Returns
true
if supported, false
if not supported.
Usage
Used to check the enhanced attestation supported.
|
EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
EnhancedAttestationPolicy enhancedAttestationPolicy = ekm.getEnhancedAttestationPolicy();
boolean supported = enhancedAttestationPolicy.isSupported();
|
Run enhanced attestation communicating with Samsung Attestation Server.
Parameters
auk
|
Attestation Unique Key issued to each vendor. |
nonce
|
A nonce value that must be unique for each request.
Nonce length can be 32 bytes string.
Alphanumeric and underscore(_), dash(-), dot(.) characters are allowed for nonce. |
cb
|
EnhancedAttestationPolicyCallback instance to get attestation result. |
Usage
Used to run the enhanced attestation process communicating with Samsung Attestation Server.
Caller needs to get unique nonce value before run enhanced attestation. The nonce is used for generating blob from the TrustZone.
The uniqueId and url for attested blob data on Samsung Attestation Server are sent back to the caller with Callback API.
|
// An EnhancedAttestationPolicyCallback object should be declared to handle result.
EnhancedAttestationPolicyCallback callback = new EnhancedAttestationPolicyCallback() {
// An EnhancedAttestationResult object including result passed with onAttestationFinished api.
public void onAttestationFinished(final EnhancedAttestationResult result) {
int error = result.getError();
String uniqueId = result.getUniqueId();
String url = result.getUrl();
}
}
EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
EnhancedAttestationPolicy enhancedAttestationPolicy = ekm.getEnhancedAttestationPolicy();
String auk;
String nonce;
enhancedAttestationPolicy.startAttestation(auk, nonce, callback);
|
Permission
The use of this API requires the caller to have the
"com.samsung.android.knox.permission.KNOX_ENHANCED_ATTESTATION" permission with a
protection level of signature. |
Run enhanced attestation for on-prem environments.
This method returns a blob data to you through a callback method.
Parameters
nonce
|
A nonce value that must be unique for each request.
Nonce length can be 32 bytes string.
Alphanumeric and underscore(_), dash(-), dot(.) characters are allowed for nonce. |
cb
|
EnhancedAttestationPolicyCallback instance to get enhanced attestation result. |
Usage
Used to run the enhanced attestation process on network closed environments.(on-prem)
Caller needs to get unique nonce value before run enhanced attestation. The nonce is used for generating blob from the TrustZone.
The blob data obtained from the TrustZone is sent back to the caller with Callback API.
|
// An EnhancedAttestationPolicyCallback object should be declared to handle result.
EnhancedAttestationPolicyCallback callback = new EnhancedAttestationPolicyCallback() {
// An EnhancedAttestationResult object including result passed with onAttestationFinished api.
public void onAttestationFinished(final EnhancedAttestationResult result) {
int error = result.getError();
String uniqueId = result.getUniqueId();
byte[] blob = result.getBlob();
}
}
EnterpriseKnoxManager ekm = EnterpriseKnoxManager.getInstance(context);
EnhancedAttestationPolicy enhancedAttestationPolicy = ekm.getEnhancedAttestationPolicy();
String nonce;
enhancedAttestationPolicy.startAttestation(nonce, callback);
|
Permission
The use of this API requires the caller to have the
"com.samsung.android.knox.permission.KNOX_ENHANCED_ATTESTATION" permission with a
protection level of signature. |