DATA SHEET
CA Mobile API Gateway with
Samsung KNOX
At a Glance
Samsung KNOX is a multi-layered device, app and data security technology that provides a secure and productive
workspace for mobile professionals. Key features include Secure Boot, ARM TrustZone-based Integrity Measurement
Architecture, Kernel with built in Security Enhanced Android Mandatory Access Controls and the KNOX Container.
Together CA Mobile API Gateway with Samsung KNOX provides mobile app single sign-on while controlling access to
APIs. This delivers a convenient user experience while extending Samsung’s existing KNOX capabilities for a unique
end-to-end mobile app security solution from app to API. CA Mobile API Gateway mandates device attestation and
container integrity as a condition for API access by users, devices and apps.
Key Benefits/Results
• Security Beyond KNOX. Additional security
delivered outside of the device controlling
access to APIs
• Easy and secure app development.
Mobile SDK provides a secure app
framework that accelerates development
within Samsung KNOX
• Security that’s convenient. Enables
SSO through the CA standards-based
approach with SAML 2.0, OAuth 2.0,
and OpenID Connect
Key Features
• KNOX Attestation for APIs Enables
CA Mobile API Gateway customers to create
policy assertions requiring device integrity
and app containerization checks as a
condition to accessing APIs
• KNOX Single Sign-On for APIs. Single-click
access across apps while controlling access
to enterprise APIs
• KNOX Container for APIs. Create or destroy
secure space for apps while denying app
calls to APIs
• Secure Token and Key Storage. Protects
encryption keys and client certs in TrustZone
• \App Status and Logging. Track app, devices
and containers connected and managed by
CA Mobile API Gateway
• Identity Standards. OpenID Connect, OAuth
2.0, SAML and PKI identify and authenticate
users, apps and devices
Business Challenges
As the app economy shifts into next gear and the enterprise opens its borders to enable a
more productive and satisfied mobile workforce, IT must approach security differently. The
mobile channel, while a significant point of engagement, cannot be viewed in a silo. The
API has enabled the enterprise to open up its data, externalizing value through multiple
channels, of which mobile is one. Security must now be applied broadly.
While some organizations have pursued the route of enabling per-app VPNs to secure the
mobile channel, this approach is not only onerous on the user, but it doesn’t protect the
entire channel. Mobile device vendors such as Samsung have built an enterprise mobile
security platform that protects the mobile device, apps and data. While important, this is
only one side of the equation. In order to protect the mobile channel end-to-end while
centralizing security across all channels of engagement, applying security at the API layer
provides the enterprise with additional security and administrative benefits.
In the case of Samsung KNOX there needs to be a way to bridge on-device security
capabilities with API security on the back end. Only then can IT be assured that the new
open enterprise has a sound operational environment for enterprise access.
Solution Overview
Together, Samsung and CA provide a unique end-to-end mobile security solution for enterprise
apps extending KNOX security to APIs. The solution can provide organizations with the ability
to deliver users convenient access across multiple apps with single one-click access while
controlling access to APIs based on the security state of the user, device and app.
KNOX includes a SSO framework for mobile apps that offers a pathway to identity and SSO
providers. Through the Samsung KNOX Authenticator, organizations may choose CA as its
identity and SSO provider. Once the KNOX administrator chooses CA as the identity provider
and the corresponding authenticator is downloaded to the device, access is then managed
from the app all the way to the API delivering a complete end-to-end security solution..
CA MOBILE API GATEWAY WITH SAMSUNG KNOX
In addition, organizations can now apply context to granting API access. KNOX administrators can create API policies that require device or
app container integrity verification prior to granting app access to APIs. Similarly, the gateway offers API policy assertions that mandates
device software attestation to be completed before API access grant.
Combined, CA and Samsung deliver a convenient end-to-end mobile security solution that applies fine-grained context to improve security
from the app to the backend API.
For more information, please visit ca.com/api
CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables them to seize the opportunities
of the application economy. Software is at the heart of every business, in every industry. From planning to development to
management and security, CA is working with companies worldwide to change the way we live, transact and communicate – across
mobile, private and public cloud, distributed and mainframe environments. Learn more at ca.com.
Copyright © 2014 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.
CS###_#####