KR20130048508A - Generating method for root key and system, device, and mobile terminal supporting the same - Google Patents

Abstract

The present invention relates to the generation of a root key for secure operation of a terminal. Particularly, the present invention relates to a terminal-based key personalization support method in which a security module and a non-security module are physically separated. Generating a master key by modifying an insertion key, providing a master key by encrypting the generated master key and providing the master key to the root key support device, and generating a root key based on the master key by the root key support device The present invention discloses a root key supporting method including mounting the generated root key on a terminal, and a system, an apparatus, and a terminal for supporting the root key.

Description

Generating method for root key and system, device, and mobile terminal supporting the same}

The present invention relates to the generation of a root key of a terminal, and in particular, a root key generation system, method and apparatus for a terminal that supports generation of a root key based on information that provides unique and stable security for each terminal, and the same. It relates to a terminal to support.

A portable terminal is a terminal that supports a communication function based on mobility, and is used in a wide range of fields due to its convenience and ease of portability. These portable terminals have recently been developed in the form of smart phones equipped with various user functions, and provide various conveniences and entertainment. These smartphones enable customers to easily get the information they want by activating the App Store. In addition, the higher performance allows smartphones to handle many of the functions that PCs handle.

Smartphones are based on the open OS, which is a unique feature of smartphones, along with the rapid market expansion, and there are various security threats due to the operator's opening of the network and the use of applications through the open market. For example, smartphones are easily exposed to malwares and are vulnerable to hacking such as Lab Attack. Smartphones infected with malware can cause not only terminal malfunction but excessive battery consumption due to continuous network connection, excessive billing, and leakage of personal and financial information. These malicious codes are mainly dealt with by software through vaccines. On the other hand, in the case of Lab Attack, which is a hack that reads certain information in the internal storage area of the smartphone or references and changes the information of the device itself, the Lab Attack terminal is hacked to expose the device to the risk of theft such as duplication. Can be.

The current security technology for smartphones to remove the security risks described above has been mainly focused on software programs based on S / W or traffic control on the network. However, in the case of smartphones, user information can be easily exposed through hardware control, and existing S / W-based security technology alone cannot provide sufficient security. In particular, the security technology of the smartphone is essential for the security of the smartphone itself, such as jailbreak or rooting, payment, finance, corporate services, and the like.

Meanwhile, according to a key management method proposed as a security standard related to a conventional smartphone, the highest level of the security area is regarded as a root protection domain, and as a lower level of the root protection domain, one or more protection domains are set, and different services are provided. It supports the allocation to operators. At this time, the security standard defines each security key to be assigned to each of the root protection domains and the lower protection domains.In addition, the service providers are divided into lower levels by application in the protection domains assigned to each service provider. It allows you to assign a key. In such a key management method, the assignment of the root key assigned to the root domain can be a very important problem. In other words, if a root key is hacked or generated in a weak security format, subdomains based on the root key are also untrusted. Accordingly, there is a demand for a method and system that can minimize the possibility of exposing the root key of the terminal to the outside and provide excellent security.

Therefore, an object of the present invention is to solve the problems of the prior art as described above, in the terminal physically insecure module and the security module is separated from each other based on the unique security information of each terminal more secure root key The present invention provides a system and method and apparatus for generating a root key of a terminal for efficiently generating the terminal, and a terminal supporting the same.

According to an aspect of the present invention, a security module and a non-security module are physically separated, and a terminal for generating and providing a master key based on a device insertion key and a device identification number written in the security module, and a master key from the terminal. Disclosed is a configuration of a root key support system, comprising: a root key support apparatus for receiving and generating a root key having a public key structure based on the received master key and providing the root key to the terminal.

The present invention also provides a device communication unit for receiving a master key generated based on a device insertion key and a device identification number from a terminal physically separated from a security module and a non-security module, and a public key based on a master key received by the device communication unit. A configuration of a root key supporting apparatus including a device control unit for generating a root key of a structure and providing the generated root key to the terminal is disclosed.

The root key supporting apparatus may further include a device storage unit for storing the root identification key and the device identification number provided by the terminal together with the master key.

And at least one of a function of transmitting a message prohibiting the extraction of an additional master key to a terminal that has generated and delivered the root key and a function of transmitting a message requesting generation of a new root key to the terminal according to a preset policy. You can control to perform the function.

In this case, the root key supporting apparatus may further include a device storage unit for matching and storing the device identification number provided with the master key and the new root key.

The present invention also provides a control unit for physically separating and operating a security module and a non-security module, and generating a master key based on a device insertion key and a device identification number written in the security module and transmitting the master key to a root key supporting device. Configuration of a root key support terminal including a communication unit for establishing a communication channel with a root key support device for transmitting the master key under the control of the controller and receives a root key generated based on the master key from the root key support device Initiate.

Here, the security module may control to encrypt the device identification number together with the master key transmission and to transmit the encrypted data to the root key supporting device.

The control unit may further include a secure memory area configured in the form of a chipset to store the received root key.

Meanwhile, the communication unit may receive a message prohibiting key extraction based on the device insertion key and the device identification number from the root key supporting device.

The communication unit may receive a message for requesting a root key update from the root key support apparatus.

In this case, the controller generates a new master key based on the device insertion key and the device identification number upon receiving the message requesting the update of the root key, and transmits the generated master key to the root key supporting device to generate a new root key. It may be controlled to receive and operate from the root key support apparatus.

In this case, the controller may further include a secure memory area configured inside the chip set to replace a previously stored root key with a newly received root key.

The present invention also provides a terminal-based key personalization support method in which a secure module and a non-secure module are physically separated, generating a master key by modifying a unique serial number written in a terminal and a device insertion key. Providing a master key by encrypting a master key to a root key supporting apparatus, generating a root key based on the master key by the root key supporting apparatus, and mounting the generated root key on a terminal; Start configuring the root key support method.

In this process, the providing of the master key may be a step of encrypting the serial number of the terminal together and providing it to the root key supporting apparatus.

The method may further include storing, by the root key supporting apparatus, the generated root key and a serial number.

The method may further include transmitting, by the root key supporting apparatus, a message requesting an update of a root key mounted on the terminal to the terminal, the terminal based on the serial number and the device insertion key to generate a new root key. The method may further include generating a new master key and providing the new root key to the root key supporting apparatus, and generating and providing a new root key to the terminal based on the new master key.

The method may further include transmitting, by the device for supporting a root key, a message prohibiting the extraction of an additional master key to the terminal after the root key is generated.

As described above, according to the system, method, and apparatus for generating a root key of a terminal according to the present invention, and a terminal supporting the same, the present invention provides a key for authentication and encryption of a terminal in which a secure area and a non-secure area are physically separated. In setting, it is possible to provide excellent security by generating a root key using unique security information provided at the time of terminal manufacturing. In addition, the present invention can be expected to improve the root key reliability of each terminal by mapping and managing the root key and serial number for each terminal.

1 is a view schematically showing the configuration of a root key support system according to an embodiment of the present invention.
2 is a block diagram illustrating the configuration of the terminal of FIG. 1 in more detail.
FIG. 3 is a diagram illustrating the control unit configuration of the terminal illustrated in FIG. 2 in more detail.
4 is a view for explaining the data change of the platforms mounted on the terminal of the present invention.
5 is a view showing in more detail the configuration of the root key support apparatus of the present invention.
6 is a view for explaining a root key support method according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

In the following description of the embodiments of the present invention, descriptions of techniques which are well known in the technical field of the present invention and are not directly related to the present invention will be omitted. In addition, detailed description of components having substantially the same configuration and function will be omitted.

For the same reason, some of the elements in the accompanying drawings are exaggerated, omitted, or schematically shown, and the size of each element does not entirely reflect the actual size. Accordingly, the present invention is not limited by the relative size or spacing depicted in the accompanying drawings.

1 is a diagram schematically illustrating a configuration of a root key support system 10 supporting efficient root key generation according to an exemplary embodiment of the present invention.

Referring to FIG. 1, the root key support system 10 of the present invention may include a terminal 100, a network system 300, and a root key support apparatus 200.

In the root key support system 10 having the above configuration, the root key support apparatus 200 generates a public key pair based on the unique information of the terminal 100, in particular, the unique information of the security configuration mounted on the controller. Support the terminal 100 to operate. That is, the root key support system 10 of the present invention can generate a root key based on unique security information possessed by each terminal 100. Accordingly, the root key support system 10 of the present invention supports to increase the reliability of the generated public key by increasing the safety of the seed for generating the public key by individualizing the root key for each terminal 100. As a result, the root key support system 10 of the present invention can provide higher reliability and stability even when generating a lower security key that is additionally assigned based on the generated root key.

To this end, the terminal 100 may collect unique information of a security configuration disposed therein and generate a master key based on the collected unique information. The generated master key may be stored in a specific storage area of the terminal 100, for example, a secure memory area. In addition, the terminal 100 may encrypt the master key generated to obtain a public key pair to be used as the root key, and transmit the encrypted master key to the root key supporting apparatus 200 supporting the generation and transmission of the root key. Thereafter, the terminal 100 may download and store a public key pair to be used as a corresponding root key from the root key supporting apparatus 200 and may support various authentication, encryption, and decryption according to the operation of the terminal 100 based on this. The detailed configuration of the terminal 100 and the roles of the respective components will be described in more detail with reference to FIGS. 2 to 4.

Meanwhile, when the root key supporting apparatus 200 receives the encrypted master key from the terminal 100, the root key supporting apparatus 200 decrypts the master key and generates a public key pair to be used as the root key based on the extracted master key. The root key supporting apparatus 200 may transmit the public key pair to be used as the corresponding root key to the terminal 100 according to the terminal 100 request or by default. Thereafter, the root key supporting apparatus 200 manages the terminal 100 not to perform additional master key extraction, thereby suppressing indiscriminate master key extraction and operating one public key in one terminal 100. It supports to achieve personalization for each terminal 100. A more detailed description of the root key supporting apparatus 200 will be described later in more detail with reference to FIG. 5.

The network system 300 is configured to connect the terminal 100 and the root key supporting apparatus 200 to transmit and receive necessary data. The network system 300 transmits and receives data to be transmitted to the root key support apparatus 200 or data transmitted by the root key support apparatus 200 to the terminal 100 according to a designer's intention. I can keep it. To this end, the terminal 100 and the root key supporting apparatus 200 each include an encryption module applied to the network system 300, and encrypt the corresponding data according to the method supported by the network system 300, and then the network system ( 300 may be transmitted and received. The network system 300 includes a communication scheme provided by the communication module provided in the terminal 100 and a communication module provided in the root key supporting apparatus 200 to support data transmission and reception of the terminal 100 and the root key supporting apparatus 200. It can be provided to support all of the supported communication schemes. In particular, the network system 300 may be configured to include a mobile communication base station and a base station controller to support a mobile communication function when the terminal 100 is configured as a mobile device such as a smartphone. In addition, the network system 300 may be configured as a core network for supporting a wireless access point and a wireless access point to support a communication service of the terminal 100.

The network system 300 may be configured in a form that can provide a variety of communication methods of various generations, such as 2G, 3G, 4G. The network system 300 and the root key supporting apparatus 200 may be wirelessly connected or may be connected by wire. Accordingly, the present invention is not limited to a specific communication method, but the network system 300 may support various data transmission / reception required for generation, support, and management of a root key between the terminal 100 and the root key support apparatus 200. Should be understood as a network system. As described above, the root key support system 10 according to an embodiment of the present invention may generate a root key based on unique information related to the security module of the terminal 100 in which the non-security module and the security module have physically independent security configurations. Support. Accordingly, the root key support system 10 of the present invention is excellent in security for each terminal 100 and can provide a more stable and enhanced security capability by generating and supporting a root key based on individualized unique information.

2 is a block diagram showing in more detail the configuration of the terminal 100 according to an embodiment of the present invention.

2, the terminal 100 of the present invention includes a communication unit 110, an input unit 120, an audio processing unit 130, a display unit 140, a storage unit 150, and a controller 160 .

The terminal 100 of the present invention having such a configuration generates a master key using unique information according to a security configuration provided in the controller 160 and disposed independently of the storage unit 150, and uses the generated master key. The procedure for creating a root key can be performed. In particular, the terminal 100 transmits the generated master key to the root key supporting apparatus 200, and the root key supporting apparatus 200 can download and use the root key generated based on the master key provided by the terminal 100. have. Accordingly, the terminal 100 of the present invention can operate a root key classified for each terminal 100 by using individualized unique information according to the security configuration. In addition, the terminal 100 may obtain the security and expandability of the root key by using the public key pair based on the public key structure generated by the root key supporting apparatus 200 for the security of the root key. Hereinafter, the role and function of each component for the root key operation of the terminal 100 of the present invention will be described in detail.

First, the communication unit 110 may be configured as a communication module according to at least one communication method among various communication methods for forming a communication channel with the network system 300. For example, the communication unit 110 may be configured not only with a communication module supporting a communication method such as CDMA, GSM, but also at least one of a communication module supporting various communication methods such as 2G, 3G, 4G, such as WCDMA, OFDMA. The communication unit 110 forms a communication channel with the root key supporting apparatus 200 based on the network system 300 according to a preset routine or control of the controller 160 in the process of forming a communication channel for obtaining a root key, and Information for obtaining a root key may be transmitted and received through a communication channel. That is, the communication unit 110 may transfer the generated master key to the root key support apparatus 200. In this case, the delivered master key may be encrypted and transmitted, and may be encrypted with a serial number of the security module information of the controller 160 and transmitted to the root key supporting apparatus 200.

The communication unit 110 receives a root key generated based on the master key from the root key support apparatus 200. The received root key may be delivered to the controller 160. Meanwhile, the communication unit 110 may receive a message including an instruction regarding additional master key extraction control from the root key supporting apparatus 200. The received message may also be delivered to the controller 160. Meanwhile, when the root key is obtained, the controller 160 may install various application programs and encrypt and decrypt data required in the operation process based on the obtained root key. Accordingly, the communication unit 110 may receive application data related to the security-based user function from the outside, and may also transmit the encrypted security data required in the operation of the user function to a specific server device for supporting the application. have. The communication unit 110 may receive data that needs to be decrypted from the outside and transmit the data to the control unit 160.

The input unit 120 may be formed as a key button. When the terminal 100 is manufactured as a full touch screen, the input unit 120 may be configured as a side key, a separate hot key, a shortcut key, and the like to support a return to the initial screen. Key and the like. In addition, the input unit 120 may be replaced with a key map displayed on the touch screen of the terminal 100. The input unit 120 may include a plurality of input keys and function keys for receiving numeric or character information and setting various functions. In particular, the input unit 120 is an input signal for controlling the state change from the turn-off state of the terminal 100 to the turn-on for obtaining the root key, for consultation with the root key supporting apparatus 200 for additional root key update. An input signal can be generated according to the preparation of a specific message. The input unit 120 may generate an input signal for controlling various application programs that are operated based on the obtained root key according to the user control. The generated input signal may be transmitted to the controller 160 to operate as a command for obtaining a root key, updating a root key according to a specific policy setting, and operating a root key. In this case, the root key update may be omitted according to the policy of the root key supporting apparatus 200.

The audio processor 130 may include a speaker SPK for outputting various audio data generated during the operation of the terminal 100 and a microphone MIC for collecting audio data. In particular, the audio processor 130 of the present invention may support the output of the guide sound or the effect sound associated with root key acquisition, operation, and update. In this case, since the time when the root key is substantially acquired may be performed according to a schedule for performing a function for security or a schedule set as a default, the audio processor 130 may provide a separate sound effect or guidance during the root key acquisition process. It may be set to not support sound output. Meanwhile, when a root key is obtained, the audio processor 130 may support output of a guide sound or an effect sound related to obtaining the corresponding root key. The audio processor 130 may support an output of a guide sound for updating the corresponding root key at a predefined policy and a time point related to the root key updating in relation to the root key operation. In the case of the terminal 100 of the present invention, since the root key may be stored and managed in a secure memory area of the security configuration that is independently of the storage unit 150, the terminal 100 may provide excellent security against hacking. Accordingly, if the designer of the terminal 100 of the present invention does not design a separate root key update, the root key update process may be omitted. Accordingly, the audio processor 130 may not support the output of a separate guide sound or sound effect related to the root key update. Meanwhile, the above-described guide sound and effect sound output functions of the audio processor 130 may be omitted according to user settings.

The display unit 140 displays information input by the user or information provided to the user, including various menus of the terminal 100. That is, the display unit 140 may provide various screens according to the use of the terminal 100, for example, a standby screen, a menu screen, a message writing screen, a call screen, a terminal end screen, a terminal boot screen, and the like. The display unit 140 may be formed in the form of a flat panel display panel such as a liquid crystal display (LCD), an organic light emitting diode (OLED), or the like. The display unit 140 may be manufactured in a structure including a display panel and a touch panel according to a manufacturing form. In particular, the display unit 140 of the present invention is the data encrypted with various screens according to the root key operation after the root key acquisition, for example, a specific user function activation screen requiring a security function, a root key or a lower level encryption key derived from the root key. The screen instructing the transmission, the screen related to updating the root key, and the screen output by decoding the received data may be output. Meanwhile, master key generation, encryption of generated master key, transmission of encrypted master key, and reception of root key generated based on master key are performed by background processing or initial booting. Can be performed while the screen is running. Accordingly, the display unit 140 may not support direct indication screen output related to obtaining the root key.

The storage unit 150 stores an application program required for various user function operations supported by the terminal 100 and a screen image to be output to the display unit 140. In addition, when the display unit 140 is configured as a touch screen, the storage unit 150 may store a key map or a menu map for operating the touch screen. Here, the key map and the menu map may be various types. That is, the key map may be a keyboard map, a 3 * 4 key map, a qwerty key map, or the like, or may be a control key map for operation control of an currently activated application program. In addition, the menu map may be a menu map for controlling the currently running application program. The storage unit 150 may include a program area and a data area.

The program area may include an operating system (OS) for booting the terminal 100 and operating the above-described components, various user functions, for example, a user function for supporting a call function of the terminal 100, and accessing an Internet server. Various applications 151 for supporting a web browser, an MP3 user function for playing other sound sources, an image output function for playing pictures, a video play function, and the like, may be stored. In particular, the program area of the present invention may include a non-secure module for supporting a non-secure user function. The non-secure module may be loaded in response to a call of the controller 160 in a booting process, and may serve as an operating system for supporting a non-secure user function that supports activation of the application 151 described above.

The controller 160 controls power supply to each component of the terminal 100 to support the initialization process of each component. The controller 160 may control various message transmission / reception required for root key acquisition, root key operation, and root key update according to an embodiment of the present invention. To this end, the controller 160 may include a configuration as shown in FIG. 3.

3 is a view showing in more detail the configuration of the controller 160 of the present invention.

Referring to FIG. 3, the controller 160 of the present invention may include a non-secure module 200, a security module 300, and a secure memory area 310. The controller 160 of the present invention may be physically divided into a secure world in which the non-secure module 161 is located and a non-secure area in which the security module 163 is located. The non-secure module 161 executes a general-purpose operating system (OS) for supporting a user function that does not use secure data, and a standard interface thereof is disclosed. As a result, general users can create applications corresponding to various functions operating on a general-purpose OS. On the other hand, the security module 163 is not open and is a configuration corresponding to a separate Secure OS independent of the non-security module 161.

The non-secure module 161 and the security module 163 described above may be driven in time division, and the security module 163 may be processed in accordance with a request from the non-secure module 161, for example, authentication, encryption, Decryption or the like can be executed and the result can be passed to the non-secure module 161. In this case, the non-security module 161 may use the result value to perform the remaining processing of the corresponding function.

For example, when a payment request using secure data is generated, the non-secure module 161 passes the payment request to the secure module 163. The secure module 163 executes all payment processing for the payment request received from the non-secure module 161 and transfers the result value to the non-secure module 161. Accordingly, the non-secure module 161 may receive a result value for the success or failure of the payment process from the security module 163. Then, the non-security module 161 may receive data transmission / reception according to a procedure after a corresponding payment function, for example, a delivery procedure or a guidance procedure, upon receiving a result value for the payment success processing. In addition, the non-secure module 161 may process data transmission / reception for notification of non-transaction due to payment failure upon receiving a result value for payment failure processing. The non-secure module 161 and the security module 163 may also separate the memory space, thereby fundamentally blocking external access to data requiring security. That is, the non-security module 161 may store data, transmit data, and process data by using an area provided independently of the secure memory area 165 used by the security module 163 such as the storage 150 area.

In particular, the security module 163 of the present invention may support generating a root key to perform authentication, data encryption / decryption, etc. when downloading and installing a security application. In this case, the security module 163 generates a master key using an “eFuse Key” and a “Serial number” written with its own information, and generates a master key based on the generated master key. You can perform the procedure for creating a root key. A process for generating a root key by the security module 163 will be described in more detail with reference to FIG. 4.

4 is a view for explaining the operation of the security module 163 for generating a root key according to an embodiment of the present invention.

Referring to FIG. 4, the security module 163 of the present invention is largely a hardware layer 20 which is a physical layer supporting security functions, and a trusted platform 30 located on the hardware 20 layer. Platform) can be configured to include. The security module 163 may call the information stored in the secure memory area 165 to support a user function that requires operation based on the secure data. Meanwhile, when the terminal 100 is used for the first time, the security module 163 uses the Secure Boot Pub Key 21 area, the Device Insertion Key 23 area, and the device identification number 25 located on the hardware 20 layer as in step 401. ), And the trusted platform 30 may be located on the hardware 20 layer.

Thereafter, in step 403 which is a Code Image Fusing step, an Init Pub key 31 may be generated in the trusted platform 30. That is, the Init Pub key 31 is fused to the trusted platform 30. The Init Pub key 31 fused to the trusted platform 30 may be derived from the Secure Boot Pub Key 21 in the hardware 20 layer.

Next, in step 405, the trusted platform 30 may generate the master key 33 by collecting the device insertion key 23 and the device identification number 25 existing in the hardware 20 layer. The master key 33 may be generated by importing the device insertion key 23 and the device identification number 25 key into the number generator included in the security module 163 as a seed. The master key 33 may be stored in a secure memory area 165 implemented as a chipset in a storage area after generation, for example, the controller 160.

When the master key 33 is generated, the security module 163 may encrypt the master key 33 and transmit the encrypted key to the root key supporting apparatus 200. In this process, the security module 163 may encrypt the master key 33 using the public key. The public key used herein may be a public key provided by the root key supporting apparatus 200 or a security key allowable by the root supporting apparatus 200 such as an Init Pub key included in the terminal 100. RSA may be used as the encryption algorithm. To this end, the security module 163 may include an RSA engine.

The security module 163 may activate the communication unit 110 to transmit the encrypted master key 33 and attempt to access the root key supporting apparatus 200 using predefined address information. When the connection is completed, the security module 163 may transmit the encrypted master key 33 to the root key support apparatus 200. Meanwhile, the security module 163 may also encrypt the device identification number 25 in the process of encrypting the master key 33 and then transmit the encrypted device identification number 25 to the root key support apparatus 200.

When the root key supporting apparatus 200 receives the encrypted master key 33 from the terminal 100, the root key supporting apparatus 200 decrypts the encrypted master key 33 to extract the master key 33. The root key supporting apparatus 200 generates a public key pair based on the master key 33. When the public key pair is generated, the root key supporting apparatus 200 may store and manage the corresponding public key pair by matching the device identification number 25 of the terminal 100 transmitted together with the encrypted master key 33.

When the public key pair to be used as the root key of the terminal 100 is generated by the root key supporting apparatus 200, the terminal 100 downloads the public key pair from the root key supporting apparatus 200 in step 407. The security module 163 may allocate the AP Root Pub key 35 and the Loader Root Pub key 37 using the received root key. In addition, the security module 163 may proceed with data decryption using the SMK key Pri key 39. Meanwhile, the terminal 100 may store the received public key pair in the secure memory area 165 and also store the security key assigned to the lower level based on the root key in the secure memory area 165. Hash function may be stored in a certain order for security support based on SHA-1, for example.

In addition, the terminal 100 may receive a message for suppressing additional key extraction from the root key supporting apparatus 200. Accordingly, the security module 163 of the terminal 100 may control to suppress additional key extraction before applying a separate policy. That is, the processing of the message for confirming the device insertion key 23 and the device identification number 25 of the terminal 100 according to the external hacking can be performed by refusing or the like, and a warning and an alarm can be output as necessary.

Meanwhile, the terminal 100 may perform a root key update according to the request of the root key supporting apparatus 200, and in this process, the public key pair previously generated to verify the reliability of the request of the root key supporting apparatus 200. Can be used. That is, the root key supporting apparatus 200 encrypts the message according to the request based on the public key of the terminal 100 and provides the message to the terminal 100, and the terminal 100 decrypts the message with the private key upon receiving the corresponding message. can confirm. If the message content is related to the root key update and the root key supporting device 200 is trusted, the terminal 100 uses the device insertion key 23 and the device identification number 25 in the same manner to obtain a new master key. The generated new master key may be transmitted to the root key support apparatus 200 to support receiving and using a new public key pair. Upon receiving the new public key pair, the terminal 100 may remove the previous public key phase. When the terminal 100 receives the new public key pair, the terminal 100 may control to newly update the derived keys of the lower level of the corresponding root key.

5 is a diagram illustrating in more detail the configuration of the root key support apparatus 200 according to an embodiment of the present invention.

Referring to FIG. 5, the root key supporting apparatus 200 of the present invention may include a device communication unit 210, a device controller 260, and a device storage unit 270.

The device communication unit 210 forms a communication channel with the terminal 100 through the network system 300. The device communication unit 210 may receive the encrypted master key 33 and the device identification number 25 from the terminal 100 and transfer the received information to the device control unit 260 and the device storage unit 270. . In addition, the device communication unit 210 may transmit the root key of the public key structure generated under the control of the device control unit 260 to the terminal 100 through the network system 300. To this end, the device communication unit 210 may be configured as a communication module capable of forming a communication channel with the network system 300.

The device storage unit 270 may store various application programs necessary for operating the root key supporting apparatus 200 and various data generated according to the operation of the root key supporting apparatus 200. In particular, the device storage unit 270 temporarily stores the encrypted master key 33 transmitted by the terminal 100, the device identification number 25, and the public key generated based on the master key 33. In this case, the device storage unit 270 may match and store the generated public key of the root key and the device identification number 25 of the terminal 100.

The device controller 260 controls the device communication unit 210 to decrypt the encrypted master key 33 and the master key 33 when the encrypted master key 33 and the device identification number 25 are collected from a specific terminal 100. 33). The device controller 260 may control to generate a public key pair using the extracted master key 33 and a pre-stored encryption algorithm. In this case, the public key pair generated by the device controller 260 is provided to the terminal 100 and used as a root key. When the public key pair is generated, the device controller 260 may control to store the generated public key and the received device identification number 25 together in the device storage unit 270.

Meanwhile, the device controller 260 generates a message instructing the terminal 100 providing the master key 33 to stop additional key extraction. The device controller 260 may transmit the generated message to the terminal 100 through the device communication unit 210.

In addition, the device controller 260 may generate a message for updating the root key at a predetermined time point or at a predetermined period according to the administrator policy. In this case, the device controller 260 may encrypt the root key update message based on a predetermined encryption algorithm to transmit the message for updating the root key to the terminal 100, and then transmit the encrypted message to the terminal 100. Thereafter, when the device controller 260 receives the master key 33 from the corresponding terminal 100, the device controller 260 may generate a public key corresponding to the received master key 33 and transmit it to the terminal 100. The device controller 260 may control to match the new root key with the previously stored device identification number where the new root key is generated and to store the new root key in the device storage unit 270.

In this case, since the configuration of the root key update may be unnecessary in the terminal adopting the Trusted Platform, it is possible to set the appropriate time and time or control not to apply the policy according to the intention of the administrator.

In the above, the configuration of the root key support system 10 and the terminal 100 and the root key support apparatus 200 constituting the system have been described. Hereinafter, a method of operating the terminal 100 among the root key supporting method of the present invention will be described in detail with reference to the accompanying drawings.

6 is a flowchart illustrating a terminal operating method for a root key supporting function according to an embodiment of the present invention.

Referring to FIG. 6, the control unit 160 of the terminal 100 first initializes the components of the terminal 100 by using the power supplied from the power supply unit in step 701 and calls the security function in the initialization completion process or after the initialization completion. Accordingly, when the security module is activated, preparation for performing the root key support function of the present invention may be performed.

Thereafter, the controller 160 checks whether an event for generating a root key occurs in step 703. That is, the controller 160 checks whether a valid root key necessary for operating the security module 163 exists. In this case, when there is a valid root key necessary for operating the security module 163, that is, when there is no event generation for generating a separate root key, the controller 160 branches to step 705 to support performance of the event. For example, the controller 160 may perform data processing for supporting various functions such as a file play function, a financial settlement function, a content purchase function, and a web access function according to whether the terminal 100 supports the function.

On the other hand, when an event for generating a root key occurs in step 703, the controller 160 branches to step 707 to check whether the root key is allowed. If the terminal 100 has a root key, but it is assumed that an update event for the corresponding root key occurs. On the other hand, if it is impossible to obtain permission in step 707, the controller 160 branches to step 709 and outputs a warning and an alarm indicating that the root key cannot be generated. In other words, if a policy for root key renewal is not supported or if a root key already exists without a separate policy permission being provided, the controller 160 branches from step 707 to step 709 to not generate a root key. Warnings and alarms can be performed.

On the other hand, if it is possible to obtain permission for the root key in step 707, the controller 160 branches to step 711 to perform master key generation. That is, if the renewal policy of the root key is supported according to the request of the terminal 100, if the renewal support is supported according to the root key supporting apparatus 200, or if the procedure for generating the first root key is in progress, the controller 160 performs step 711. You can perform the function by branching to.

To this end, the security module 163 of the controller 160 based on the device insertion key 23 and the device identification number 25 provided to the terminal 100 in which the security module 163 and the non-security module 161 are physically separated. May generate a master key 33. When the master key 33 is generated, the controller 160 branches to step 713 and controls to encrypt the master key 33. In this case, encryption may be operated based on the public key provided by the root key supporting apparatus 200. When the encryption of the master key 33 is completed, the security module 163 of the controller 160 may control to transmit the encrypted master key 33 to the preset root key supporting apparatus 200 in step 713. . To this end, the security module 163 may control the communication unit 110 to activate a communication channel with the root key supporting apparatus 200. In this case, the controller 160 of the terminal 100 can encrypt the device identification number 25 together with the master key 33 and provide it to the root key supporting apparatus 200.

Thereafter, the controller 160 of the terminal 100 may receive a root key pair generated by the root key supporting apparatus 200 in the form of a public key structure based on the master key 33 in step 715. In operation 717, the security module 163 of the controller 160 may apply a corresponding root key to allocate a key to be used for low-level process processing.

Thereafter, the controller 160 checks whether an input signal for terminating the terminal 100 is generated in step 719 and, if there is no separate input signal for termination, branches to step 703 to control to perform the following process again. Can be. In this case, since the root key generation is substantially performed at the time of initial booting of the terminal 100 or at a long time according to the policy maker's policy, the routine for rerun may be removed.

As described above, a method, a system, an apparatus, and a terminal for supporting a root key according to an embodiment of the present invention generate a root key operated in the terminal 100 based on unique information related to the security module 163 of the terminal 100. This can provide reliability and stability for the root key.

Meanwhile, the terminal 100 may further include various additional modules according to the providing mode. That is, in the case of a communication terminal, the terminal 100 is a short-range communication module for short-range communication, an interface for data transmission and reception by a wired or wireless communication method of the terminal 100, an internet that communicates with an internet network, and performs an internet function. Configurations not mentioned above may be further included, such as a communication module and a digital broadcasting module for performing digital broadcasting reception and reproduction functions. These components can not be enumerated because of a wide variety of variations depending on the convergence trend of the digital device, but it is also possible that components having the same level as the above-mentioned components are further included in the device have. Also, it is needless to say that the terminal 100 of the present invention may be excluded from the specific configurations in the above configuration or may be replaced with other configurations in accordance with the provision mode thereof. Which will be readily apparent to those skilled in the art.

In addition, the terminal 100 according to an embodiment of the present invention may include all devices equipped with a controller in which the non-security module 161 and the security module 163 are physically divided. For example, the terminal 100 may include all mobile communication terminals operating based on communication protocols corresponding to various communication systems, a portable multimedia player (PMP), a digital All information communication devices such as a broadcasting player, a PDA (Personal Digital Assistant), a music player (for example, an MP3 player), a portable game terminal, a smart phone, a notebook and a handheld PC, Device.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. , And are not intended to limit the scope of the present invention. It will be apparent to those skilled in the art that other modifications based on the technical idea of the present invention may be practiced without departing from the scope of the invention disclosed herein.

According to a system, method and apparatus for generating a root key of a terminal according to the present invention, and a terminal supporting the same, the present invention provides a terminal for establishing a key for authentication and encryption of a terminal in which a secure area and a non-secure area are physically separated. Excellent security can be provided by having a root key generated using unique security information provided at the time of manufacture. In addition, the present invention can be expected to improve the root key reliability of each terminal by mapping and managing the root key and serial number for each terminal.

100: terminal 110:
120: input unit 130: audio processing unit
140: Display unit 150:
160 control unit 161 non-secure module
163: security module 165: secure memory area
200: root key support device 210: device communication unit
260: device control unit 270: device storage unit
300: Network system

Claims (18)

A terminal for physically separating the security module from the non-security module and generating and providing a master key based on the device insertion key and the device identification number written in the security module;
A root key supporting apparatus for receiving a master key from the terminal, generating a root key having a public key structure based on the received master key, and providing the root key to the terminal;
Root key support system comprising a. A device communication unit for receiving a master key generated based on a device insertion key and a device identification number recorded in the security module from a terminal physically separated from the security module and the non-security module;
A device controller configured to generate a root key having a public key structure based on a master key received by the device communication unit, and provide the generated root key to the terminal;
Root key support device comprising a. The method of claim 2,
A device storage unit which stores the device identification number provided by the terminal together with the master key and the root key;
Root key support device further comprises. The method of claim 2,
The device control unit
Root key support device, characterized in that for transmitting the message to prohibit the extraction of the additional master key to the terminal that generated and delivered the root key. The method of claim 2,
The device control unit
And a message for requesting generation of a new root key to the terminal according to a preset policy. The method of claim 5,
A device storage unit for matching and storing the device identification number provided by the terminal together with the master key and the new root key;
Root key support device further comprises. A controller which physically separates and operates a security module and a non-security module, and controls to generate a master key based on the device insertion key and the device identification number written in the security module and transmit the master key to the root key supporting apparatus;
A communication unit for establishing a communication channel with a root key support apparatus for transmitting the master key under the control of the controller and receiving a root key generated based on the master key from the root key support apparatus;
Root key support terminal comprising a. The method of claim 7, wherein
The security module
And encrypting the device identification number when transmitting the master key, and controlling to transmit the encrypted data to the root key supporting apparatus. The method of claim 7, wherein
The control unit
A secure memory area configured therein in a chipset form and storing the received root key;
Root key support terminal, characterized in that it further comprises. The method of claim 7, wherein
The communication unit
And a message for prohibiting key extraction based on the device insertion key and the device identification number from the root key support device. The method of claim 7, wherein
The communication unit
Root key support terminal, characterized in that for receiving a message for requesting a root key renewal from the root key support device. The method of claim 11,
The control unit
Upon receipt of the request for renewing the root key, a new master key is generated based on the device insertion key and the device identification number, and the generated master key is transmitted to the root key supporting device to transmit a new root key to the root key supporting device. Root key support terminal, characterized in that receiving from. The method of claim 12,
The control unit
A secure memory region configured internally in the form of a chipset and replacing a previously stored root key with a newly received root key;
Root key support terminal, characterized in that it further comprises. In the terminal-based key personalization support method in which a security module and a non-security module are physically separated,
Generating a master key by modifying a unique serial number written in the terminal and a device insertion key;
Providing a master key by encrypting the generated master key to a root key supporting apparatus;
Generating, by the root key supporting apparatus, a root key based on the master key;
Mounting the generated root key on a terminal;
Root key support method comprising a. 15. The method of claim 14,
The master key providing step
And encrypting the serial number of the terminal together and providing the terminal to the root key support apparatus. 16. The method of claim 15,
Storing, by the root key supporting apparatus, the generated root key and serial number together;
Root key support method further comprises. 15. The method of claim 14,
Transmitting, by the root key supporting apparatus, a message requesting an update of a root key mounted on the terminal to the terminal;
Generating, by the terminal, a new master key based on the serial number and the device insertion key to generate a new root key to a root key supporting device;
Generating, by the root key supporting apparatus, a new root key based on a new master key to the terminal;
Root key support method further comprises. 15. The method of claim 14,
Transmitting, by the root key supporting apparatus, a message prohibiting the extraction of the additional master key to the terminal after the root key is generated;
Root key support method further comprises.

Images