Knox Tizen Wearable SDK

Introduction

The document describes the API methods, parameters, error codes, and enumerated types in the Knox Tizen Wearable SDK.

The Knox Tizen Wearable SDK provides APIs that you can use for device management, customization, or enhanced security.

The Knox Tizen Wearable SDK includes three categories of APIs:

• MDM
• Customization
• Attestation

All of these APIs can be used by Mobile Device Management (MDM) Vendors, System Integrators (SIs), and Independent Software Vendors (ISVs) to create secure solutions for Samsung Galaxy Watch devices.

Overview

Knox Tizen Wearable SDK Overview

The above figure explains the software architecture of Knox Tizen Wearable Framework. It is a client-server structure, and communicates by IPC. The IPC must be point-2-point mechanism such as UNIX domain socket, not server related IPC such as dbus.

Application or middleware process can call MDM/Customization Framework API to control or manage capabilities of mobile device. In most cases, application or middleware process can be run in read-only mode, that is, it cannot make any policy change. Only privileged client process can be run in read-write mode, so it can make policy changes in order to manage the mobile device.

• MDM/Customization Client Library Client library is linked to application or middleware daemon. Therefore it belongs to the caller process, so UID, PID, and groups are also same. If the application calls service request API, the client tries to connect the server socket created by MDM server daemon. After receiving the successful response, socket connection is made and caller is ready to call other MDM/Customization APIs. Client library serializes and makes encrypted IPC requests using AES, so security is guaranteed between client and MDM/Customization server daemon. When all requests are done, client should call the service request API to close the socket.
• MDM/Customization Server Daemon MDM/Customization server daemon is a UNIX domain socket server, and waiting for IPC request from the client. When request API is received from the client, MDM/ Customization server first decrypts IPC request using key, and deserialize the message. After the successful decryption and deserialization of IPC request, routing of each request is made to call platform specific API. When the request to platform is finished, MDM/Customization server will send the response through socket.

Categories

• MDM APIs

  Mobile Device Management (MDM) vendors can make use of these APIs to manage the Galaxy watch device by enforcing policies. MDM APIs are divided into 17 policy groups:

  • APN
  • Application
  • Bluetooth
  • Date Time
  • Device Inventory
  • Enterprise Device
  • Firewall
  • Kiosk
  • License
  • Location
  • Misc
  • Password
  • Phone Restriction
  • Restriction
  • Roaming
  • Security
  • Wi-Fi

• Customization APIs

  Applications can call the Customization APIs which support ProKiosk mode and granular device configurations for the Galaxy watches.

  The Customization APIs are divided into 4 policy groups:

  • Device Manager
  • ProKiosk Manager
  • Settings Manager
  • System Manager

• Attestation

  Knox Attestation APIs let you to check the integrity of a device, to verify if it has been rooted or is running unofficial firmware. You can run these integrity checks to avoid handling data on compromised devices.

  • a web-based script that centrally initiates device attestation checks
  • a Galaxy watch app that starts an attestation check on a device and returns the raw measurements to the web script