June 29, 2021

Samsung Knox File Encryption 1.3 – Expanding support for Dual Data-at-Rest to more devices

Brian Wood

In December 2019, Samsung certified Samsung Knox File Encryption 1.0, the first integrated Dual Data-at-Rest (DAR) solution in the market. While this was the first version certified, it is not the last, and Samsung has continued to update the software to support newer devices and versions of Android. With the completed certification of Samsung Knox File Encryption 1.3, customers can utilize the latest devices while still maintaining two independent layers of encryption on their data.


What is a Dual DAR solution?

A Data-at-Rest (DAR) product is one that encrypts stored data. Normally this is something done in the background so the user does not need to specifically choose to encrypt anything, it just happens. So when the device is off (or locked, depending on the implementation), nothing that is stored is readable.

A Dual DAR solution is basically a doubling of this, having one layer of DAR encrypt the data, and then a second layer encrypt the already encrypted data one more time. There are many reasons to consider doing this, from the level of trust to have in one layer of encryption, to being able to keep some data encrypted even when the device is on. A more in-depth discussion of this can be found in the post https://www.samsungknox.com/en/blog/samsung-knox-file-encryption-1-0-the-first-certified-integrated-dual-data-at-rest-solution-for-mobile-devices.


Is there a reason Samsung has certified Knox File Encryption again?

The way Common Criteria evaluations are structured requires that you specify the specific configuration and platforms which are supported. This means that moving the software to a new device with a new configuration (such as a new version of Android or new processors) requires a new evaluation to verify that everything still works as expected. Samsung focuses on ensuring that our customers are able to maintain a secure, validated configuration, and so performs new evaluations as the underlying configuration has changed.


What has changed since the first certification?

The initial certification was limited to Galaxy S10 and similar devices (such as the Galaxy Note10 series), running Android 9. But since this time, there have been two new versions of Android released and several new devices have been launched. The latest certification covers not only the original Galaxy S10 and Galaxy Note10 devices but the intervening newer device generations on the latest version of Android. The functionality itself, how it works and is deployed, has not changed, but it is now supported on many more devices.


What is the set of devices now supported?

The biggest news in terms of supported devices is the addition of new form factors to the list of devices that are supported. Previously the only supported devices were smartphones, while now tablets, including ruggedized tablets, support Samsung Knox File Encryption.

The full list of supported devices is:

  • Galaxy S21 series
  • Galaxy S20 series
  • Galaxy Note20 series
  • Galaxy Tab S7 & Galaxy Tab S7+ series
  • Galaxy S10 series
  • Galaxy Note10 series
  • Galaxy Tab Active3 series

With this range of supported devices, it is possible to protect data in any usage scenario.

Galaxy Tab Active3 series are newly included to the supported devices.


Galaxy Tab Active3

Galaxy Tab Active3 is tailored to meet these demands through military-grade MIL-STD-810H certification and IP68 rated water and dust resistance—able to withstand high altitudes, changes in temperature and humidity, and tough conditions. Other frontline features include Touch Sensitivity for tablet interaction while wearing work gloves, a ruggedized IP68 Certified S Pen that makes digital interaction simple in inclement weather, and a replaceable long-lasting 5050mAh battery.