Expanded Selection of Galaxy Devices Bring Enhanced Security to Government and Enterprise Mobility
SEOUL, Korea – May 20, 2014 – Today, Samsung Electronics Co., Ltd. ("Samsung") announced that as of April 30, 2014 the Galaxy S5 and Note 10.1 2014 Edition became the latest KNOX-embedded devices to have received Common Criteria (CC) certification from the National Information Assurance Partnership (NIAP).
Common Criteria certifies the design and implementation of security-sensitive products and provides assurance that the specification, implementation, and evaluation of each solution have been thoroughly analyzed to meet the Common Criteria requirements. It assures that certified devices are independently evaluated and verified to meet fundamental security requirements specified in the Protection Profile and the certification is currently recognized across 26 countries globally through the Common Criteria Recognition Arrangement (CCRA).
Previous requirements already existed to protect traditional mobile devices and operating systems but as they became more and more vulnerable to ever-changing and increasingly intelligent forms of attack, a more robust standard was needed. The NIAP set up a new standard, Mobile Device Fundamentals Protection Profile (MDFPP), that includes over 80 essential core device security requirements, such as Key Management, Crypto Module, Device Encryption, WiFi Security, Screen Lock and Mobile Device Management (MDM).The MDFPP published in October 2013 addresses the security requirements of mobile devices for use in enterprise.
“As a leading provider of Android devices, it is Samsung’s mission to make the Android platform even more secure to lead the enterprise mobility market,” said JK Shin, President and CEO, Head of IT & Mobile Communications Division at Samsung Electronics. “This MDFPP CC certification is the culmination of Samsung’s effort to provide customers with enhanced and independently verified security technologies. We are delighted that we can add both the Galaxy S5 and Note 10.1 2014 Edition to the list of Samsung mobile devices that are Common Criteria certified.”
Along with CC certified security features, which include on-device encryption and secure data connectivity, Samsung Galaxy devices are also protected by Samsung KNOX – a holistic array of security enhancement from the hardware layer all the way to the application layer and KNOX security platform is built on the cryptographic module, which is CC certified. Thanks to this combination, both Samsung’s enterprise customers and individual users will be able to enjoy safe, secure access to networks and high-value information assets both at work and at home, having the ability to carry and use one device for both business and personal use.
Beginning with the Galaxy S Ⅱ's FIPS 140-2 certification of on-device cryptographic module, Samsung has been continuously validating its key cryptographic modules, and in Feb 2014, Galaxy S4, Note 3, Note Pro 12.2 became the first MDFPP CC certified devices in mobile industry. As of this writing Samsung is the only mobile device vendor to have MDFPP certified mobile devices.
About Samsung Electronics Co., Ltd.
Samsung Electronics Co., Ltd. is a global leader in technology, opening new possibilities for people everywhere. Through relentless innovation and discovery, we are transforming the worlds of TVs, smartphones, tablets, PCs, cameras, home appliances, printers, LTE systems, medical devices, semiconductors and LED solutions. We employ 286,000 people across 80 countries with annual sales of US$216.7 billion. To discover more, please visit www.samsung.com.
Samsung KNOX is an Android-based solution for government and enterprise, designed to enhance the security of Android-powered mobile devices. Launched in 2013, it provides a comprehensive set of tools to deliver safe and secure mobile working - by protecting Android handsets from data leakages, malware and malicious attacks.
About Common Criteria Certification.
The Common Criteria certification evaluates a mobile device from the outside in, looking at where and how it will be used and then measuring it to see that it provides an adequate level of security for the stated purpose. Instead of focusing just on the cryptography, the evaluation looks holistically at the entire product, from development/creation to physical delivery to end use by the customer, in order to establish the chain of trust for the mobile device.
Today, almost all evaluations are performed against a set of requirements laid out in a document called a Protection Profile (PP). The PP states exactly what the mobile device must accomplish, such as requiring the user to log in with a password and enforcing parameters and consequences should the login fail (i.e., password requirements, failure scenarios, etc.). The overall evaluation ensures compliance against both the mobile device documentation as well as the mobile device itself to verify that stated requirements are met.
The Mobile Device Fundamentals Protection Profile (MDFPP) was developed by the National Information Assurance Partnership (NIAP). Under this baseline security definition for mobility, part of the FIPS 140-2 validations is also integrated, as per international specifications. The MDFPP is continually evolving, with updates being driven in large part through Samsung efforts, to better meet the needs of government users. Common Criteria evaluates not only encryption capabilities but also other components within the device, ensuring that it meets stated regulatory requirements and is secure as a whole.