KR101628615B1 - Method for Providing Safety Electronic Signature by using Secure Operating System - Google Patents

Abstract

The present invention relates to a security signature providing method using a security operating system, and a security signature providing method using a security operating system according to the present invention is characterized in that a secure operating system (OS) having a secure kernel and a kernel structure are disclosed (N) of a general OS allocates a memory area accessible from a designated program (s) of the secure OS, or allocates a memory area accessible by a designated program (s) of the secure OS, A second step of providing the signature request information to the memory area by the program (n); and a step of checking whether the program (s) of the secure OS verifies signature request information from the memory area A fourth step in which the program (s) confirms the signature subject information based on the signature request information, and a third step in which the program (s) A fifth step of extracting a signature key from the certificate and generating an electronic signature value for the signature subject information or verifying an electronic signature value generated through a HSM (Hardware Security Module) And a sixth step of transmitting the digital signature value to the designated server by using the communication means of the second embodiment.

Description

Technical Field [0001] The present invention relates to a method for providing a secure signature using a secure operating system,

In a wireless terminal equipped with a secure operating system (OS) having a secure kernel and a general OS having a kernel structure, a certificate is provided to a separate secure OS side isolated from a general OS and then a certificate And simultaneously transmits the digital signature to the designated server and performs signature processing.

Recently, a Trust Zone technology has been proposed in which each physical processor core is divided into two worlds, Secure World and Normal World, and each world is isolated. Trust Zone technology is equipped with a normal operating system in the normal world, and Secure World is equipped with a security-enhanced operating system. By keeping Secure World isolated from the normal world, even if the normal world is hacked or forged, security of the normal world and isolated secure world .

The isolation of Secure World and Normal World in Trust Zone technology is one of the key points to ensure the security of Secure World. An application executed in the secure world can directly access and control various components such as a display device, a communication device, and an input device provided in the terminal without using the operating system of the normal world (Patent Registration No. 10-1259824) . Although Secure World and Normal World physically share a single processor core in a single terminal and Secure World runs through Normal World, Secure and Normal Worlds, in terms of hardware and software, Other systems.

Therefore, when a certificate is provided to a wireless terminal equipped with a secure world and a normal world, implementing a certificate function through only the secure world regardless of the normal world is performed by referring to a technical standard related to the trust zone, In order to implement the normal world and the secure world in real time, it is necessary to internally isolate the necessary procedures from each other through the isolated world, Which is difficult to solve.

SUMMARY OF THE INVENTION An object of the present invention to overcome the above problems is to provide a secure OS in which when a heterogeneous OS including a normal operating system and a secure operating system is mounted on a wireless terminal, The program (n) of the general OS allocates a memory area accessible from the designated program (s) of the secure OS, or identifies a pre-allocated memory area, Signing request, the program (s) of the security OS verifies the signature target information, and electronically signs the signature target information through a certificate mounted on the secure OS, And provides a secure signature providing method using the secure signature.

The secure signature providing method using the secure operating system according to the present invention is a method for providing a secure signature using a security operating system (Secure Operating System) having a secure kernel and a wireless terminal equipped with a normal operating system (N) of the general OS allocates a memory area accessible in a designated program (s) of the secure OS or identifies a pre-allocated memory area; A second step of providing the signature request information to the memory area; a third step of the program (s) of the secure OS verifying signature request information from the memory area; (S) extracts a signature key from a certificate provided in the secure OS, and transmits an electronic signature for the signature target information Or a digital signature value generated through a hardware security module (HSM); and transmitting the digital signature value to the designated server using the communication means of the wireless terminal And a sixth step.

According to the present invention, the secure OS may include a trust zone installed in the processor.

According to the present invention, a method for providing a secure signature using the secure operating system is provided, wherein the program (n) identifies that the program (s) specified in the secure OS is mounted or identifies the program (s) Storing the information in the general OS storage area, wherein the first step includes: allocating or confirming the memory area by the program (n) when the program (s) is loaded on the secure OS And a control unit.

According to the present invention, the secure signature providing method using the secure operating system may further include storing the user's certificate in the certificate storage area of the secure OS or in the HSM using the program (s) And the program (n) allocates or confirms the memory area when the user's certificate is stored in the certificate storage area of the secure OS or in the HSM.

According to the present invention, the secure signature providing method using the secure operating system further includes storing and maintaining state information on the program (n) immediately before the program (n) is switched to the secure OS, The second step is characterized in that the program (n) provides signature request information to the memory area after the state information is stored.

According to the present invention, the second step may further include the step of the program (n) operating a secure OS through a SMC (Secure Monitor Call) command.

According to the present invention, in the second step, the program (n) can allocate the memory area to the general OS or the pre-allocated memory area.

According to the present invention, the second step may allocate the memory area to the security monitor that performs the switching procedure between the general OS and the secure OS, or may check the pre-allocated memory area.

According to the present invention, in the second step, the program (n) can allocate a memory area accessible from the program (s) of the secure OS to the security server on the network or check the pre-allocated memory area.

According to the present invention, the second step may further comprise setting the program (n) as a process of the general OS side in which the program (n) refers to the memory area.

According to the present invention, in the second step, the program (n) of the general OS sends signature request information for confirming the signature subject information from the server designated by the communication means of the wireless terminal in the program (s) of the secure OS And provide the data to the memory area.

According to another aspect of the present invention, there is provided a secure signature providing method using a security operating system, wherein a signature of a program (n) of the general OS is transmitted from a designated server through a communication means of the wireless terminal And receiving the object information, wherein the second step configures the signature request information including the signature object information and provides the signature request information to the memory area.

According to the present invention, the secure signature providing method using the secure operating system may further include generating the signature target information by the program (n) of the general OS before providing the signature request information to the memory area And the second step configures signature request information including the signature subject information and provides the signature request information to the memory area.

According to the present invention, a method for providing a secure signature using the secure operating system comprises: after the program s confirms signature request information from the memory area, the program s accesses the input means of the wireless terminal through the secure OS Receiving a PIN (Personal Identification Number), and authenticating the validity of the PIN input through the secure OS.

According to the present invention, the secure signature providing method using the secure operating system may further include: after the program (s) checks the digital signature value, the program (s) Wherein the encrypted digital signature value is transmitted to the designated server through the communication means of the wireless terminal.

According to the present invention, a method for providing a secure signature using the secure operating system includes: after the program (s) checks the digital signature value, the program (s) generates signature data including the generated digital signature value And the sixth step is characterized in that the signature data is transmitted to a designated server through the communication means of the wireless terminal.

According to the present invention, a method for providing a secure signature using the secure operating system includes: after the program (s) checks the digital signature value, the program (s) generates signature data including the generated digital signature value And encrypting the generated signature data so that the program (s) can be decrypted through a designated server, wherein the step (c) further comprises the step of encrypting the encrypted signature data through communication means of the wireless terminal To the server.

According to the present invention, a secure signature providing method using the secure operating system may be configured such that after the program (s) transmits the digital signature value to a designated server, the program (s) generates an electronic signature result using the digital signature value And providing the digital signature result to the memory area by the program (s).

According to the present invention, a secure signature providing method using the secure operating system may further include: after the program (s) provides the digital signature result to the memory area, the program (n) And providing the digital signature-based service based on the digital signature result by the program (n).

According to the present invention, when a heterogeneous OS including a general OS and a secure OS is installed in a wireless terminal, a user's certificate is provided to the secure OS, the signature object information is checked in the secure OS according to a request of the general OS, There is an advantage of providing a secure digital signature for hacking or tampering with a general OS by processing the digital signature in the secure OS through the certificate of the secure OS.

1 is a diagram illustrating a functional configuration of a wireless terminal according to an embodiment of the present invention.
2 is a diagram showing a functional configuration of a program according to an embodiment of the present invention.
3 is a diagram illustrating a process of preparing a program s in a secure OS according to an embodiment of the present invention.
4 is a diagram illustrating a transaction interoperation process between a general OS and a secure OS according to an embodiment of the present invention.
5 is a diagram illustrating a process of generating an electronic signature through a secure OS according to an embodiment of the present invention.
6 is a diagram illustrating a process of processing digital signatures through a secure OS according to an embodiment of the present invention.
7 is a diagram illustrating a process of processing digital signatures through a secure OS according to another embodiment of the present invention.
FIG. 8 is a diagram illustrating a process of using an electronic signature result processed through a secure OS according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

1 is a functional block diagram of a wireless terminal 100 according to an embodiment of the present invention.

1 is a block diagram illustrating a configuration of a secure OS 120 having a secure kernel 130 and a general OS 110 having a kernel structure disclosed therein. The present invention is not limited to the above-described embodiments, but may be modified and changed without departing from the spirit and scope of the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention as defined by the following claims. The wireless terminal 100 of FIG. 1 may include various terminals such as a smart phone, a tablet PC, and a PDA, which are equipped with the secure OS 120 and the general OS 110.

1, the wireless terminal 100 includes a control unit 105, a memory unit 175, a screen output unit 140, a user input unit 145, a sound processing unit 150, a short range wireless communication unit 155, A wireless network communication unit 160, a USIM reader unit 165, and a USIM, and has a battery for power supply.

The control unit 105 is a general term for controlling the operation of the wireless terminal 100. The control unit 105 physically includes a processor and an execution memory, ). Preferably, the processor may comprise an ARM processor.

According to the present invention, the control unit 105 includes a normal world in which a normal OS 110 in which a kernel structure, an API and a driver are displayed, and a secure kernel And a secure world in which a secure operating system 120 (Secure Operating System) having a security function 130 is operated. The normal world and the secure world are constructed in a mutually isolated structure. Preferably, the secure OS 120 includes a Trust Zone of the ARM processor. Hereinafter, a functional configuration for the present invention on the general OS 110 and the secure OS 120 will be described with reference to the control unit 105 for convenience.

The memory unit 175 is a generic name of a nonvolatile memory corresponding to a storage unit included in the wireless terminal 100 and includes at least one program code executed through the control unit 105 and at least one And stores the data set.

According to the present invention, the memory unit 175 may include a general OS storage area accessed by the general OS 110 and a secure OS storage area accessed by the secure OS 120, I can not access the OS storage area. The general OS storage area may store program codes corresponding to applications executed through the general OS 110 and at least one data set used by applications of the general OS 110. [ The secure OS storage area may store program codes corresponding to applications executed through the secure OS 120 and at least one data set used by applications of the secure OS 120. [

The general OS 110 has a kernel (hereinafter, referred to as a "general kernel 115" in contrast to the security kernel 130 of the secure OS 120) The general kernel 115 of the wireless terminal 100 may include various types of the wireless terminal 100 such as the screen output unit 140, the user input unit 145, the sound processing unit 150, the short- Resources, and may be provided with a driver on the general OS 110 for this purpose. The general kernel 115 of the general OS 110 can not access the secure OS storage area and the general OS 110 and the secure OS 120 are isolated from each other.

The secure OS 120 includes a secure kernel 130 in which a kernel structure is not disclosed and the secure kernel 130 of the secure OS 120 includes a screen output unit 140, a user input unit 145, The mobile terminal 100 may access various resources of the wireless terminal 100 such as the processor 150, the short range wireless communication unit 155 and the wireless network communication unit 160 and may include a driver on the secure OS 120 for this purpose. Preferably, the secure kernel 130 of the secure OS 120 can not access the normal OS storage area, and the secure OS 120 and the normal OS 110 are isolated from each other.

According to an embodiment of the present invention, the secure OS storage area may include an HSM area operated by a hardware security module (HSM)

The screen output unit 140 may include a display such as a liquid crystal display (LCD) or a touch screen including a touch input unit as a screen output unit provided in the wireless terminal 100 .

The general kernel 115 of the general OS 110 includes a driver for accessing and controlling the display or the touch screen of the screen output unit 140. The general kernel 115 is connected to the screen output unit 140, The security OS 120 can not access the screen output unit 140. In this case,

The secure kernel 130 of the secure OS 120 has a separate security driver for accessing and controlling the display or the touch screen of the screen output unit 140, The general OS 110 can not access the screen output unit 140 when accessing and controlling the display unit 140. [

The user input unit 145 may be a user input unit provided in the wireless terminal 100 and may include a touch input unit of the touch screen when the screen output unit 140 includes a touch screen. A keypad, and a key button.

The general kernel 115 of the general OS 110 includes a driver for accessing and controlling a touch input unit, a keypad or a key button of the user input unit 145. The general kernel 115 is connected to the user input unit 145 The security OS 120 can not access the user input unit 145. In this case,

The secure kernel 130 of the secure OS 120 has a separate security driver for accessing and controlling the touch input unit, keypad or key button of the user input unit 145, When accessing and controlling the input unit 145, the general OS 110 can not access the user input unit 145.

The sound processing unit 150 may include sound output means and sound input means included in the wireless terminal 100, and may include a speaker for outputting sound and a microphone for receiving sound.

The general kernel 115 of the general OS 110 includes a driver for accessing and controlling the speaker or the microphone of the sound processing unit 150. The general kernel 115 accesses the sound processing unit 150 The security OS 120 can not access the sound processing unit 150 controlled by the general OS 110. [

The secure kernel 130 of the secure OS 120 has a separate security driver for accessing and controlling the speaker or microphone of the sound processing unit 150. The secure kernel 130 may be provided in the sound processing unit 150, The general OS 110 can not access the sound processing unit 150 controlled by the secure OS 120. In this case,

The wireless network communication unit 160 and the short-range wireless communication unit 155 are communication means for connecting the wireless terminal 100 to a communication network. Preferably, the wireless terminal 100 is a wireless communication unit And may further include one or more short-range wireless communication units 155. FIG.

The wireless network communication unit 160 is a collective term for communication means for connecting the wireless terminal 100 to a wireless communication network via a base station and includes an antenna for transmitting and receiving a radio frequency signal of a specific frequency band, And at least one processing module. The wireless network communication unit 160 may connect the wireless terminal 100 to a call network including a call channel and a data channel via the exchange and may transmit the packet data based wireless network data To a data network providing communication (e.g., the Internet).

According to an embodiment of the present invention, the wireless network communication unit 160 may be a mobile communication unit that performs at least one of connection to a mobile communication network, location registration, call processing, call connection, data communication, and handoff according to the CDMA / WCDMA / ≪ / RTI > Meanwhile, according to the intention of a person skilled in the art, the wireless network communication unit 160 may further include a portable Internet communication structure for performing at least one of connection to the portable Internet, location registration, data communication and handoff according to the IEEE 802.16 standard, It is evident that the present invention is not limited by the wireless communication configuration provided by the wireless network communication unit 160. [ That is, the wireless network communication unit 160 is a general term for a configuration unit that connects to a wireless communication network through a cell-based base station irrespective of a frequency band of a wireless section, a type of a communication network, or a protocol.

The general kernel 115 of the general OS 110 includes a driver for accessing and controlling the wireless network communication unit 160. The general kernel 115 accesses and controls the wireless network communication unit 160 The security OS 120 can not access the wireless network communication unit 160 controlled by the general OS 110. [

The secure kernel 130 of the secure OS 120 has a separate security driver for accessing and controlling the wireless network communication unit 160. The secure kernel 130 may access the wireless network communication unit 160 The general OS 110 can not access the wireless network communication unit 160 controlled by the secure OS 120. [

The short-range wireless communication unit 155 is a generic term of communication means for connecting a communication session using a radio frequency signal within a predetermined distance (for example, about 10 meters) as a communication medium and connecting the wireless terminal 100 to the communication network The wireless terminal 100 can be connected to the communication network through at least one of Wi-Fi communication, Bluetooth communication, public wireless communication, and UWB. According to an embodiment of the present invention, the short-distance wireless communication unit 155 may connect the wireless terminal 100 to a data network providing packet-based short-range wireless data communication through a wireless AP.

The general kernel 115 of the general OS 110 includes a driver for accessing and controlling the short range wireless communication unit 155. The general kernel 115 accesses and controls the short range wireless communication unit 155 The secure OS 120 can not access the short range wireless communication unit 155 controlled by the general OS 110. [

The secure kernel 130 of the secure OS 120 has a separate security driver for accessing and controlling the short range wireless communication unit 155 and the secure kernel 130 may access the short range wireless communication unit 155 The general OS 110 can not access the short range wireless communication unit 155 controlled by the secure OS 120. [

The NFC unit 170 may be a communication resource for processing one or more proximity wireless communications, such as bi-directional proximity wireless communication, full-duplex proximity wireless communication, and half-duplex proximity wireless communication, using a radio frequency signal as a communication medium at a close distance , And is capable of processing proximity wireless communication according to the NFC (Near Field Communication) standard of the 13.56-MHz frequency band.

The general kernel 115 of the general OS 110 includes a driver for accessing and controlling the NFC unit 170. When the general kernel 115 accesses and controls the NFC unit 170, The secure OS 120 can not access the NFC unit 170 controlled by the general OS 110. [

The secure kernel 130 of the secure OS 120 has a separate security driver for accessing and controlling the NFC unit 170. The secure kernel 130 accesses the NFC unit 170 to control The general OS 110 can not access the NFC unit 170 controlled by the secure OS 120. [

The USIM reader unit 165 is a generic term of a configuration for exchanging at least one data set with a universal subscriber identity module mounted or detached from the mobile station 100 based on the ISO / IEC 7816 standard , And the data set is exchanged in a half duplex communication manner through an APDU (Application Protocol Data Unit).

The USIM is an SIM type card provided with an IC chip according to the ISO / IEC 7816 standard, and includes an input / output interface including at least one contact connected to the USIM reader unit 165, (Or processing) the program code for the IC chip or extracting (or processing) the data set in accordance with at least one command transmitted from the wireless terminal 100 in connection with the input / output interface To the input / output interface.

According to the present invention, the general OS 110 is loaded with various applications operating using the general kernel 115, and the user can control various applications executed in the general OS 110 through the general kernel 115 The general OS 115 performs a user operation by a user input unit 145 controlled by the general kernel 115 while displaying one or more interface screens through a screen output unit 140. The general OS 115, The application of the present invention performs a designated transaction operation and provides various services to the user. Hereinafter, an application (or a program module embedded in or linked to an application) operating in accordance with the present invention on the general OS 110 is referred to as " program (n) 200 " Preferably, the program (n) 200 includes an application using an electronic signature such as a banking application, a payment application, or an authentication application executed in the general OS 110 . However, the program (n) 200 is not limited to a banking application, a payment application, or an authentication application. Any application can be used as long as it is an application running on the general OS 110, and belongs to the scope of the present invention .

According to the embodiment of the present invention, the program (n) 200 of the general OS 110 is provided in the upper part of the general kernel 115 on the OS structure and operates using the general kernel 115.

According to the present invention, at least one security application operating on the secure kernel 130 is installed in the secure OS 120. [ The security application on the secure OS 120 operates using the secure kernel 130 and may be connected to the screen output unit 140, the user input unit 145, the sound processing unit 150, The wireless network communication unit 160, the short range wireless communication unit 155, and the like. Hereinafter, a security application (or a program module embedded in or linked to a security application) operating in accordance with the present invention on the general OS 110 is referred to as " program (s) 235 " Preferably, the program (s) 235 may include a certificate application running on the secure OS 120. [

According to an embodiment of the present invention, the program (s) 235 of the secure OS 120 is provided in the upper part of the secure kernel 130 on the OS structure and operates using the secure kernel 130.

According to an embodiment of the present invention, the program (s) 235 may include program code for operating the HSM 135 on the secure OS 120.

According to the embodiment of the present invention, the program (s) 235 can be interworked with the NFC-based HSM 135 provided outside the wireless terminal 100 through the NFC unit 170.

The OS of the wireless terminal 100 is switched from the general OS 110 to the secure OS 120 in the secure OS 120 (or between the general OS 110 and the secure OS 120) Or a security monitor 125 (Secure Monitor) that performs a series of procedures for switching from the security OS 120 to the general OS 110. [ Since the security monitor 125 uses the command of the secure OS 120, FIG. 1 illustrates the security monitor 125 as being provided in the secure OS 120 for the sake of convenience.

The security monitor 125 monitors whether an SMC (Secure Monitor Call) command is generated through the kernel or an IRQ (Interrupt Request) to FIQ (Fast Interrupt Request) Can be performed.

2 is a diagram showing a functional configuration of a program according to an embodiment of the present invention.

2 shows the functional configuration of the program (n) 200 of the general OS 110 and the program (s) 235 of the secure OS 120. In the technical field of the present invention, It will be understood by those skilled in the art that various changes and modifications of the program may be made without departing from the spirit and scope of the present invention as defined by the following claims. The technical characteristics are not limited only by the method shown in FIG.

Referring to FIG. 2, the program (s) 235 of the secure OS 120 includes a certificate storage area 240 of a secure OS 120 or a HSM 135 for storing and managing a user's certificate .

The program (s) 235 is a general term for a program executed in the secure OS 120 and managing a certificate used by the secure OS 120. The program (s) 235 preferably stores the certificate of the user issued through the certification authority, Or to issue a certificate to the HSM 135 implemented in the secure OS 120. The HSM 135 may be configured to perform the following steps.

When the program (s) 235 loaded in the secure OS 120 is executed at least once, the certificate storage unit 240 stores the certificate of the user in the certificate storage area of the secure OS 120 or the HSM 135 . If the user's certificate is not stored in the certificate storage area or the HSM 135, the certificate storage unit 240 may issue or copy the user's certificate according to a designated procedure and store the certificate in the certificate storage area or the HSM 135, Lt; / RTI >

According to an embodiment of the present invention, when a key pair (e.g., a public key, a private key, etc.) is generated and submitted to a certification authority in a designated terminal / server in a certificate issuing procedure, the certification authority generates a certificate And the certificate storage unit 240 receives the certificate through the wireless network communication unit 160 or the short-range wireless communication unit 155 of the wireless terminal 100, 120) certificate storage area.

Meanwhile, when the HSM 135 implemented by the security OS 120 is implemented by software, the certificate storage unit 240 stores the key pair in the HSM 135 of the secure OS 120, The HSM 135 transmits the public key generated by the HSM 135 to the certification authority through the wireless network communication unit 160 or the short- Meanwhile, the certificate authority can confirm that the corresponding HSM 135 is distributed to a specific user by using the key stored in the HSM 135. To this end, the certificate storage unit 240 stores the key stored in the HSM 135 And can provide the authentication server. When it is confirmed that the HSM 135 is distributed to a specific user using the key stored in the HSM 135, the certification authority generates a certificate, registers it in an authentication authority, issues the certificate, The secure terminal 240 may receive the certificate through the wireless network communication unit 160 or the short-range wireless communication unit 155 of the wireless terminal 100 and store the received certificate in the HSM 135 of the secure OS 120.

Or if the security OS 120 is interworking with the external HSM 135 through the NFC unit 170 of the wireless terminal 100, the key pair is generated in the HSM 135 linked through the NFC unit 170 The certificate storage unit 240 submits the public key generated by the HSM 135 to the certification authority through the wireless network communication unit 160 or the short-range wireless communication unit 155 of the wireless terminal 100. Meanwhile, the certificate authority can confirm that the corresponding HSM 135 is distributed to a specific user by using the key stored in the HSM 135. To this end, the certificate storage unit 240 stores the key stored in the HSM 135 And can provide the authentication server. When it is confirmed that the HSM 135 is distributed to a specific user using the key stored in the HSM 135, the certification authority generates a certificate, registers it in an authentication authority, issues the certificate, The wireless terminal 240 may receive the certificate through the wireless network communication unit 160 or the short range wireless communication unit 155 of the wireless terminal 100 and store the certificate in the HSM 135 through the NFC unit 170.

Meanwhile, when the user's certificate is issued through the certification authority, the certificate storage unit 240 performs the specified certificate copying procedure to transmit the certificate, which has been issued to the user, to the certificate storage area of the secure OS 120 or the secure OS 120 to the HSM 135 or the HSM 135 that is linked through the NFC unit 170. [ At this time, the certificate storage unit 240 can provide the key stored in the HSM 135 to the authentication server. When the certification authority confirms that the HSM 135 has been distributed to a specific user using the key stored in the HSM 135, the certificate storage unit 240 stores the certificate issued by the authorized HSM 135 You can copy and save the certificate. Hereinafter, the HSM 135 implemented in the secure OS 120 or the HSM 135 interworking through the NFC unit 170 will be collectively referred to as "HSM 135".

Referring to FIG. 2, the program (s) 235 of the secure OS 120 registers PIN information for performing PIN (Personal Identification Number) authentication for digital signature using a certificate on the secure OS 120 And a PIN registration unit 245 for registering the PIN.

When the program (s) 235 loaded on the secure OS 120 is executed at least once, the PIN registration unit 245 stores PIN information for digital signature in a designated PIN storage area on the secure OS storage area . If the PIN information is not stored in the PIN storage area, the PIN registration unit 245 obtains the access right of the screen output unit 140 and the user input unit 145 according to the designated procedure, And receives the PIN information through the user input unit 145 and stores the PIN information in the PIN storage area. The PIN registration unit 245 may encrypt the PIN information according to a designated encryption scheme and store the encrypted PIN information in the PIN storage area. The general OS 110 can not access the PIN storage area.

2, the program (n) 200 of the general OS 110 includes an electronic signature determination unit 205 for determining a digital signature process using a user's certificate while performing a specified operation, The information configuration unit 215 configuring the signature request information to be provided to the security OS 120 in the signing process and a series of procedures for switching to the secure OS 120 through the general kernel 115, (220) for allocating a memory area accessible by the designated program (s) (235) of the memory unit (120) or checking a pre-allocated memory area and providing the confirmed signature request information to the memory area And an information verifying unit 210 for verifying the signature subject information when the signature subject information is provided to the security OS 120 through the signature request information.

The program (n) 200 is executed in the general OS 110 to perform at least one designated operation among banking, settlement, and authentication, and the digital signature determination unit 205 determines whether the security OS It is determined whether to perform the digital signature processing using the user's certificate provided in the server 120.

When the electronic signature processing using the user's certificate provided in the secure OS 120 is performed, the information construction unit 215 transmits the digital signature to the secure OS 120 for digital signature processing using the user's certificate provided in the secure OS 120. [ (S) 235 of the signature server 120. The signature request information is provided to the program (s)

According to the first signature requesting method of the present invention, the information constructing unit 215 may be configured to allow the server 180 specified in the program (s) 235 of the secure OS 120 through the communication means of the wireless terminal 100, The signature request information including information for receiving signature object information from the signature request information. Preferably, the signature request information includes at least one of server information providing signature target information to be subjected to electronic signature processing during a specified operation of the program (n) 200, address information of a storage medium storing the signature target information, 180, and the identification value for identifying the signature subject information included in the signature information. Preferably, the signature subject information may include authentication information for certificate login, authentication information for user authentication, and a denial of a transaction corresponding to a transaction operation performed through the program (n) 200 of the general OS 110 And < RTI ID = 0.0 > a < / RTI >

According to the second signature requesting method of the present invention, the information verifying unit 210 checks the signature subject information to be digitally signed in association with the designated operation of the program (n) 200, May configure signature request information including the signature subject information. Preferably, the signature subject information may include authentication information for certificate login, authentication information for user authentication, and a denial of a transaction corresponding to a transaction operation performed through the program (n) 200 of the general OS 110 And < RTI ID = 0.0 > a < / RTI >

According to the first signature verification method of the information verification unit 210, the information verification unit 210 can receive signature subject information from the designated server 180 through the communication means of the wireless terminal 100 . For example, when the program (n) 200 is a banking app, the information checking unit 210 receives from the designated banking server 180 signature target information including transaction information corresponding to a banking transaction through the banking app Lt; / RTI > Alternatively, when the program (n) 200 is a payment application, the information verification unit 210 may receive signature target information including payment information for payment through the payment application from the designated payment server 180 . Alternatively, when the program (n) 200 is an authentication application, the information verification unit 210 may receive signature target information including authentication information for authentication through the authentication application from the designated authentication server 180 .

According to the second signature verification method of the information verification unit 210, the information verification unit 210 can generate signature subject information during the designated operation of the program (n) 200. [ For example, when the program (n) 200 is a banking app, the information checking unit 210 may generate signature information including transaction information input through the banking app. Alternatively, when the program (n) 200 is a payment application, the information verification unit 210 can generate signature target information including payment information inputted through the payment application. Or the program (n) 200 is an authenticated app, the information verifying unit 210 verifies whether or not the program (n) 200 is a signature object including authentication information (e.g. MIN, IMSI, IMEI, etc. of the wireless terminal 100) Information can be generated.

According to the third signature verification method of the information verification unit 210, the information verification unit 210 can verify the signature subject information by combining the first and second signature verification methods. For example, some of the signature subject information may be received from a designated server 180 and some of the signature subject information may be generated during a specified operation of the program (n)

According to the third signature requesting method of the present invention, the information constructing unit 215 may construct the signature request information by combining the first and second signature requesting methods. For example, the information constructing unit 215 may include at least a part of the signature target information confirmed through the information verifying unit 210, and the program (s) 235 of the secure OS 120 may be included in the wireless terminal It is possible to configure signature request information including information for acquiring another part of signature subject information using the communication means of the mobile terminal 100. [

The interworking procedure unit 220 checks whether the secure OS 120 is loaded in the wireless terminal 100 when the program (n) 200 is loaded into the general OS 110 at least for the first time, And a program (s) 235 for managing the user's certificate and processing the digital signature to the secure OS 120 when the secure OS 120 is installed in the wireless terminal 100 Can be performed. If the secure OS 120 manages the user's certificate and processes a digital signature, the interworking procedure unit 220 sends the program s (s) 235 to the secure OS 120, (S) 235 mounted on the secure OS 120 and information identifying the program (s) 235 mounted on the secure OS 120 may be stored and held in the general OS storage area .

When the signature request information is configured through the information configuration unit 215, the linkage procedure unit 220 determines that the program (s) 235 is loaded on the secure OS 120 based on the identification information (S) 235 loaded on the secure OS 120. The program (s)

(S) 235 of the secure OS 120 through the signature request information and / or the identification information, the interworking procedure unit 220 transmits the secure () (N) 200 immediately before switching to the OS 120. The program (n) The interworking procedure unit 220 manages the certificate of the user through the general kernel 115 at the time of switching the OS of the wireless terminal 100 from the general OS 110 to the secure OS 120, The OS of the wireless terminal 100 is switched from the general OS 110 to the secure OS 120 by storing the state information of the program (s) 235 for processing the signature in the general OS storage area, (N) 200, the interface state of the program (n) 200, and the state of the communication session state of the program (n) 200 when switching from the general OS 120 to the general OS 110 Etc.) can be maintained.

According to an embodiment of the present invention, the interworking procedure unit 220 may be configured to execute the security OS 120 immediately before switching to the secure OS 120 through the general kernel 115 (for example, immediately before the security OS 120 is driven through the SMC command) The program (n) 200 may be initialized and / or the general OS 110 (n) may be initialized in the process of switching the general OS 110 to the secure OS 120 by maintaining the state information of the program When the OS of the wireless terminal 100 is switched from the secure OS 120 to the normal OS 110 even if an exceptional situation occurs such as a page fault occurs during the procedure of switching from the secure OS 120 to the secure OS 120, The state of the program (n) 200 can be restored to the state immediately before switching to the secure OS 120 using the state information.

(S) 235 of the secure OS 120 and / or the state information of the program (n) 200 is stored in the signature request information and / or the signature request information, (220) generates an SMC command for driving the secure OS (120) through the general kernel (115). The security monitor 125 verifies the validity of the SMC command and performs a procedure for driving the secure OS 120 according to the SMC command when the verification is successful.

Meanwhile, at a predetermined point in time before, during, or after the start of the operation of the secure OS 120, the linkage procedure unit 220 accesses the secure OS 120 while being accessible from the program (n) (S) 235 of the memory area 233 or identifies the pre-allocated memory area. For example, the allocated memory area may include a shared memory for inter-process communication between the program (n) 200 of the general OS 110 and the program (s) 235 of the secure OS 120 have. While the normal shared memory is allocated in the OS for inter-process communication within the same OS, the memory region of the present invention is used for inter-process communication of heterogeneous processes executed in heterogeneous OS including general OS 110 and secure OS 120 Which is a shared memory for providing the data.

According to the first memory area allocation method of the present invention, the linking procedure unit 220 allocates the memory area on the general OS 110 or confirms the memory area allocated on the general OS 110 . In this case, the security monitor 125 may access or monitor the memory area of the general OS 110, and the program (s) 235 of the secure OS 120 may be accessed through the security monitor 125 (Or access to) the memory area of the OS 110 indirectly.

According to the second memory area allocation method of the present invention, the linking procedure unit 220 allocates the memory area on the security monitor 125 or the memory area allocated to the security monitor 125 have. In this case, the interworking procedure unit 220 can allocate the memory area to the security monitor 125 or check the memory area allocated to the security monitor 125 through the SMC command.

According to the third memory area allocation method of the present invention, the interworking procedure unit 220 can access (or access) the program (n) 200 and can also access the program (s) 235 (Or connect) to a security server 180 on a network capable of accessing (or connecting to) the security server 180, or can identify a memory area allocated to the security server 180. When the memory area is allocated to the security server 180 on the network, the program (n) 200 of the general OS 110 and the program (s) 235 of the secure OS 120 are connected to the security server 180 180) to read or write data to / from the memory area.

The interworking procedure unit 220 can set the program (n) 200 as a process of the general OS 110 that refers to the allocated memory area. Preferably, the interworking procedure unit 220 provides a PID (Process ID) of the program (n) 200 to the memory area so that the program (s) 235 of the secure OS 120 operates The program (s) 235 can set the program (n) 200 as a process of the general OS 110 side to read data recorded in the allocated memory area.

If a memory area accessible by the program (s) 235 of the secure OS 120 is allocated through at least one of the first to third memory area allocation schemes, or if a pre-allocated memory area is identified, The procedure unit 220 may set a program (s) 235 designated as a process accessible to the allocated memory area in the secure OS 120. [ For example, the interworking procedure unit 220 may store the address information of the allocated memory area (e.g., a memory address on a RAM or a memory address of a RAM provided in the processor, (S) 235 of the secure OS 120 via the security monitor 125 and a network address (and / or identification value) identifying the memory area, . ≪ / RTI >

(S) 235 of the secure OS 120 are allocated / identified and / or the memory area is made accessible (s) 235 of the secure OS 120 In this case, the interworking procedure unit 220 interlocks with the security monitor 125 to prevent access to the memory area from other processes except for the program (n) 200 of the processes of the general OS 110 . Preferably, the interworking procedure unit 220 uses the memory access control function of the security monitor 125 to control the process of the general OS 110 in a process other than the program (n) Can not be accessed.

Meanwhile, a memory area accessible by the program (s) 235 of the secure OS 120 may be allocated, or a pre-allocated memory area may be identified through at least one of the first to third memory area allocation schemes, and / Or the access control procedure of the memory area is performed, the linkage procedure unit 220 provides the signature request information configured through the information configuration unit 215 to the memory area, (s) 235 checks the signing request information for signing information and processes the user's certificate as a misidentified electronic signature.

When the secure OS 120 is activated by the SMC command and the program (s) 235 of the secure OS 120 is executed, the access right of the allocated / confirmed memory area is managed by the security monitor 125 Is assigned to the designated program (s) 235 of the secure OS 120.

Referring to FIG. 2, the program (s) 235 of the secure OS 120 may identify a memory area allocated through at least one of the first to third memory area allocation methods and refer to the memory area And an interlock processing unit 250 for performing a procedure for interlocking.

When the secure OS 120 is activated and the program (s) 235 of the secure OS 120 is executed, the interworking processor 250 interlocks with the operation procedure performed through the security monitor 125, (S) 235 to access the memory area through at least one of the first to third memory area allocation methods. Preferably, the interworking processor 250 may perform a procedure of obtaining an access right to the memory area.

Meanwhile, the interworking processor 250 may check the memory area at any time before referring to the memory area in the program (s) 235, and the interworking processor 250 may check the memory area at a specific time The present invention is not limited thereto.

2, when the user's PIN information is stored in the designated PIN storage area of the secure OS 120 through the PIN registration unit 245, the program (s) 235 of the secure OS 120 stores the PIN And a PIN authentication unit 255 for receiving the PIN information through the input unit of the wireless terminal 100 and authenticating the validity.

When the secure OS 120 is activated and the program (s) 235 of the secure OS 120 is executed, the PIN authenticator 255 accesses the screen output unit 140 and the user input unit 145, displays an interface for PIN authentication on the screen output unit 140, inputs PIN information through the user input unit 145, and compares the PIN information with PIN information stored in the PIN storage area (Or verification operation) to verify the validity of the input PIN information.

Referring to FIG. 2, the program (s) 235 of the secure OS 120 includes a signature interworking unit 260 for checking signature request information from a memory area shared with the program (n) 200, And a signature verification unit 265 for verifying signature subject information based on the signature request information.

When the secure OS 120 is activated and the program (s) 235 of the secure OS 120 is executed and / or the PIN authentication is successful, the signature interworking unit 260 transmits the signature to the interworking processing unit 250, And checks the signature request information corresponding to the transaction operation of the general OS 110 from the memory area shared with the program (n) 200 of the general OS 110 in association with the general OS 110. Preferably, the signature request information includes information for the program (s) 235 to receive signature target information (or part of the signature target information) directly from the specified server 180 using the communication means, or And may include signature subject information (or a part of signature subject information) provided by the program (n) 200.

When the signature request information is confirmed, the signature verification unit 265 checks the signature subject information to be digitally signed using the signature of the user using the signature request information. The signature subject information may be provided from the designated server 180 and / or included in the signature request information.

When information for directly receiving signature subject information (or part of signature subject information) is included from the server 180 specified in the signature request information, the signature subject confirmation unit 265 refers to the signature request information, The signature target information (or a part of the signature target information) can be provided directly from the designated server 180 through the communication means of the terminal 100. [

Meanwhile, when the signature request information includes signature subject information provided by the program (n) 200, the signature subject verification unit 265 determines whether the signature subject information included in the signature request information Some) can be confirmed.

Referring to FIG. 2, the program (s) 235 of the secure OS 120 includes a certificate validation unit for verifying a certificate of a user provided in the certificate storage area of the secure OS 120 or the HSM 135 A signature key extraction unit 275 for extracting a signature key from the certificate, an electronic signature unit 280 for generating an electronic signature value of the signature subject information using the signature key, And an electronic signature processing unit (290) for transmitting the generated digital signature value (or signature data including the digital signature value) to the designated server (180) by using the communication means of the digital signature value And signature data including a signature value).

When the secure OS 120 is activated and the program (s) 235 of the secure OS 120 is executed and / or the PIN authentication is successful, the certificate validation unit 270 checks the certificate storage unit 240 ) Of the secure OS 120 or the user certificate stored in the HSM 135 via the secure OS 120.

If the certificate of the user stored in the certificate storage area of the secure OS 120 or the HSM 135 is verified through the certificate verification unit 270 and the PIN authentication is successful according to the method, A signature procedure using the user's certificate is performed. If the user's certificate is provided to the HSM 135 and the signature process using the certificate is performed through the HSM 135, the certificate validation unit 270 provides the signature target information to the HSM 135 .

The signature key extractor 275 or the HSM 135 extracts a signature key (for example, a user private key or the like) from the user's certificate based on the PIN authentication result and transmits the signature to the digital signature unit 280 or the HSM 135 ) Electronically signs the signature subject information through the signature key to generate an electronic signature value.

According to the first digital signature processing method of the present invention, the digital signature processing unit 290 can transmit the digital signature value of the signature subject information to the designated server 180 through the communication means of the wireless terminal 100. The encryption processing unit 285 encrypts the digital signature value (for example, encrypts the digital signature value through a user public key) so that the digital signature value is decrypted through the designated server 180 according to the designated encryption method, The encrypted digital signature value may be transmitted to the designated server 180 through the communication means of the terminal 100.

According to the second digital signature processing method of the present invention, the digital signature processing unit 290 generates signature data (for example, a combination of digital signature value and signature subject information) including the digital signature value, 100 to the designated server 180 through the communication means. The encryption processing unit 285 encrypts the signature data (for example, encrypts the signature data through a user public key) so that the encryption processing unit 285 decrypts the signature data through the designated server 180 according to the designated encryption method. 100 to the designated server 180 through the communication means.

Referring to FIG. 2, the program (s) 235 of the secure OS 120 generates an electronic signature result processed in the secure OS 120 through the program (s) 235, And a result providing unit 295 for providing the digital signature result to the memory area.

The result provider 295 generates the digital signature result of the digital signature procedure processed in the secure OS 120 through the digital signature processor 290 and outputs the digital signature result to the memory area confirmed through the interlock processor 250 And provides the digital signature result, and the security monitor 125 converts the OS of the wireless terminal 100 from the secure OS 120 to the normal OS 110 according to a designated procedure. Preferably, the result providing unit 295 reads the digital signature result through the program (n) 200 of the general OS 110 or records the digital signature result in the memory area so that the result can be referred to .

When the OS of the wireless terminal 100 is switched to the general OS 110 according to an embodiment of the present invention, the linkage procedure unit 220 of the program (n) 200 acquires the access right of the memory area (Or based on the acquired rights) to access the memory area. Meanwhile, the interworking procedure unit 220 of the program (n) 200 can restore the status of the program (n) 200 immediately before switching to the secure OS 120 using the status information.

Referring to FIG. 2, the program (n) 200 of the general OS 110 refers to the memory area and confirms the digital signature result provided by the program (s) 235 of the secure OS 120 A result confirming unit 225, and an electronic signature using unit 230 for performing an operation of using an electronic signature based on the electronic signature result.

When the OS of the wireless terminal 100 is switched to the general OS 110, the result confirmation unit 225 refers to the memory area in cooperation with the linkage procedure unit 220, The program (s) 235 confirms the digital signature result provided to the memory area.

The digital signature using unit 230 reads the digital signature result and checks whether the digital signature procedure is completed (or succeeded) through the secure OS 120. If the digital signature procedure is completed (or succeeded) And performs an operation for providing a signature-based designated service (for example, a banking service, a payment service, an authentication service, and the like).

FIG. 3 is a diagram illustrating a process of preparing a program (s) 235 in the secure OS 120 according to an embodiment of the present invention.

More specifically, FIG. 3 illustrates a process of loading a program (s) 235 in the secure OS 120 and storing the user's certificate. If the program (s) 235 is stored in the secure OS 120, It will be appreciated that various implementations of the process of preparing the program (s) 235 (e.g., omitting some steps or changing the order) may be inferred by referring to and / or modifying Figure 3, The present invention includes all of the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Referring to FIG. 3, a program (n) 200 of a general OS 110 is connected to a security OS 120 (or a wireless terminal 100) based on a model (or a type of a processor) ) (Trust zone) is mounted (300). If the security OS 120 is installed in the wireless terminal 100, the program (n) 200 performs a procedure for loading the program (s) 235 specified in the secure OS 120 (305).

(S) 235 is loaded (310) in the secure OS 120 according to a designated procedure and the program (s) 235 is loaded into the certificate storage area of the secure OS 120 or the HSM 135 (315) whether the user's certificate is provided. If the certificate storage area of the secure OS 120 or the certificate of the user provided in the HSM 135 is not checked, the program (s) 235 may access the certificate storage area of the secure OS 120 or the HSM 135 (320) a certificate of the user to the certificate storage area of the secure OS 120 or the certificate storage area of the HSM 135.

If the issuance / copying of the certificate is completed, the program (s) 235 stores (325) the user's certificate in the certificate storage area of the secure OS 120 or the HSM 135 (325) The PIN storage area of HSM 135 or the PIN storage area of HSM 135 as a result of performing the procedure of registering PIN information in HSM 135 ).

When the program (s) 235 is loaded on the secure OS 120, the program 200 of the normal OS 110 transmits the program s 235 to the secure OS 120 (S) (235) mounted on the secure OS (120), and / or information identifying the presence of the program (s) (235) mounted on the secure OS (120).

4 is a diagram illustrating a transaction interlocking process between the general OS 110 and the security OS 120 according to an embodiment of the present invention.

More specifically, FIG. 4 shows an electronic signature process in the program (s) 235 of the secure OS 120 when the program (n) 200 of the general OS 110 performs the specified operation while determining the electronic signature process Referring to FIG. 4 and / or modified by those skilled in the art, it will be understood by those skilled in the art that various changes and modifications may be made in the process of interlocking between the general OS 110 and the secure OS 120 It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it is to be understood and appreciated that the invention may be practiced otherwise than as specifically described herein, Its technical characteristics are not limited.

4, a program (n) 200 of the general OS 110 performs a designated operation (400) and determines whether a digital signature process using a user's certificate is necessary during the designated operation 405). Preferably, the program (n) 200 may determine that digital signature processing is necessary when the signature subject information is confirmed during the designated operation.

If it is determined that the digital signature process is necessary, the program (n) 200 manages the user's certificate on the security OS 120 side of the wireless terminal 100 using the identification information and processes the digital signature It is checked whether the program (s) 235 is mounted (410). If the program (s) 235 is not loaded in the secure OS 120, the program 200 may execute a procedure for loading the program s 235 in the secure OS 120 Can be performed.

Meanwhile, when the program (s) 235 is loaded on the secure OS 120, the program (n) 200 may transmit status information of the program (n) 200 before switching to the secure OS 120 (S) 235 of the secure OS 120 and allocates a memory area accessible by the program (s) 235 of the secure OS 120 by switching the OS of the wireless terminal 100 to the secure OS 120, The allocated memory area is checked (420). If the memory area is allocated / confirmed, the program (n) 200 sets the access right of the program (n) 200 to the allocated / confirmed memory area, and at the same time, (S) 235 of the secure OS 120 to access the memory area (step 425), the signature request information requesting the digital signature processing through the program (s) 235 of the secure OS 120 (435). The signature request information includes information for receiving the signature subject information (or part of the signature subject information) directly from the specified server 180 using the communication means, or the program (s) n) 200 (or a part of the signature target information) provided by the user. If the signature request information includes the signature subject information (or a part of the signature subject information), the program (n) 200 confirms (430) the signature subject information associated with the designated action, The signature request information including the subject information (or a part of the subject information to be signed) may be configured (435). The program (n) 200 provides the configured signature request information to the memory area 440 so that the OS of the wireless terminal 100 is switched to the secure OS 120 through the security monitor 125 (445).

When the OS of the wireless terminal 100 is switched to the secure OS 120 and the program s 235 is executed 450, the program s 235 is executed through the process shown in FIG. If the PIN information is registered in the PIN storage area of the secure OS 120 and acquires the access right to the screen output unit 140 and the user input unit 145 of the wireless terminal 100 in case of registration, And outputs the input interface and confirms the PIN information input through the interface (455). If the PIN information is inputted, the program (s) 235 authenticates the validity of the inputted PIN information through the PIN information stored in the PIN storage area (450). If the validity of the PIN information is not authenticated The program (s) 235 processes the OS of the wireless terminal 100 to switch to the general OS 110 (step 465), and the OS of the wireless terminal 100 switches to the general OS 110 (N) 200 of the general OS 110 restores the state of the program (n) 200 before switching to the secure OS 120 (step 470).

Meanwhile, when the validity of the PIN information is authenticated, the program (s) 235 identifies a memory area that is allocated through the program (n) 200 and can be shared with the program (n) 200 475). The memory area may be allocated through the program (s) 235 according to an implementation method, and the present invention may include an embodiment in which the program (s) 235 allocates the memory area. If the memory area accessible by the program (s) 235 is not confirmed, the program (s) 235 processes the OS of the wireless terminal 100 to switch to the general OS 110 (step 465) , When the OS of the wireless terminal 100 is switched to the general OS 110, the program n of the general OS 110 transmits the program n (n) before the switch to the secure OS 120 200 are restored (470).

Meanwhile, if a memory area accessible by the program (s) 235 is confirmed, the program (s) 235 confirms the access right to the memory area (480). If the access right to the memory area is not confirmed, the program (s) 235 processes the OS of the wireless terminal 100 to switch to the general OS 110 (465), and the wireless terminal 100 (N) 200 of the general OS 110 restores the state of the program (n) 200 before switching to the secure OS 120 when the OS of the general OS 110 is switched to the general OS 110 (470).

FIG. 5 is a diagram illustrating a process of generating an electronic signature through the secure OS 120 according to an embodiment of the present invention.

More specifically, FIG. 5 illustrates a process of confirming signature target information corresponding to signature request information in the program (s) 235 of the secure OS 120 and digitally signing the signature target information through the user's certificate. Those skilled in the art will appreciate that various implementations of the process for generating an electronic signature via the secure OS 120 (e.g., some steps may be omitted, However, the present invention is not limited to the above-described embodiments, and it is to be understood that the invention is not limited to the disclosed embodiments.

Referring to FIG. 5, a memory area shared by the program (s) 235 of the secure OS 120 and the program (n) 200 of the general OS 110 is checked through the process shown in FIG. 4 When the access right is confirmed, the program (s) 235 confirms the signature request information provided by the program (n) 200 of the general OS 110 (500) from the memory area. If the signature request information is not confirmed from the memory area, the program (s) 235 processes the OS of the wireless terminal 100 to switch to the normal OS 110 through the process shown in FIG. 8 .

Meanwhile, if the signature request information is confirmed from the memory area, the program (s) 235 checks signature subject information to be digitally signed through the user's certificate based on the signature request information (505). Preferably, the program (s) 235 receives (505) the signature target information (or a part of the signature target information) corresponding to the signature request information from the designated server 180 (505) The signature target information (or a part of the signature target information) can be confirmed (505).

When the signature object information is confirmed, the program (s) 235 confirms the certificate of the user provided in the HSM 135 or the certificate storage area of the secure OS 120 through the process shown in FIG. 3 510). If the HSM 135 has a user's certificate, the program (s) 235 may provide the signature subject information to the HSM 135.

If the user's certificate is confirmed, the program (s) 235 or the HSM 135 extracts a signature key from the user's certificate (515). If the signature key is confirmed, the program (s) 235 or the HSM 135 generates an electronic signature value for the verified signature target information using the signature key (520).

FIG. 6 is a diagram illustrating a process of processing an electronic signature through the secure OS 120 according to an embodiment of the present invention.

6 illustrates a process of transmitting an electronic signature value generated through the process shown in FIG. 5 in the program (s) 235 of the secure OS 120 to a designated server 180 and processing an electronic signature Those skilled in the art will appreciate that various implementations of the process of processing digital signatures through the secure OS 120 with reference to and / For example, some of the steps may be omitted or the order may be changed. However, the present invention includes all of the above-mentioned methods of practicing the invention. It is not limited.

Referring to FIG. 6, when an electronic signature value for signature target information is generated through the process shown in FIG. 5, the program (s) 235 transmits the digital signature value The encrypted electronic signature value is transmitted to the designated server 180 through the communication means of the wireless terminal 100 in operation 605. The server 180 transmits the encrypted electronic signature value to the designated server 180 through the communication network, The signature value is received (610). In this case, it is preferable that the server 180 keeps signature target information corresponding to the digital signature value.

The server 180 decrypts the encrypted digital signature value (615) and performs a series of procedures for authenticating the decrypted digital signature value (620) and transmits the encrypted digital signature value to the program (s) 235 And provides a digital signature processing result (625). The program (s) 235 receives the digital signature processing result through the communication means of the wireless terminal 100 (630), and based on the digital signature processing result, generates an electronic signature A result is generated (635).

FIG. 7 is a diagram illustrating a process of processing a digital signature through the secure OS 120 according to another embodiment of the present invention.

More specifically, FIG. 7 generates signature data including the digital signature value generated through the process shown in FIG. 5 in the program (s) 235 of the secure OS 120 and transmits the generated signature data to the designated server 180 If the person skilled in the art is familiar with the process of referring to and / or modifying FIG. 7 to process the digital signature through the secure OS 120 It will be appreciated that various implementations of the process may be inferred (e.g., some steps omitted, or alternate implementations), but the present invention encompasses all such contemplated implementations, The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 7, when an electronic signature value for signature target information is generated through the process shown in FIG. 5, the program (s) 235 generates signature data including the digital signature value 700 Encrypts the signature data so as to be decryptable through the designated server 180 and transmits the encrypted signature data to the designated server 180 through the communication means of the wireless terminal 100 in operation 710, , The server 180 receives the encrypted signature data through a communication network (715).

The server 180 decrypts the encrypted signature data (720), verifies the digital signature value from the decrypted signature data (725), and performs a series of procedures for authenticating the verified digital signature value 730) and provides the electronic signature processing result to the program (s) 235 through the communication network (735). The program (s) 235 receives the electronic signature processing result through the communication means of the wireless terminal 100 (740), and based on the electronic signature processing result, generates an electronic signature A result is generated (745).

FIG. 8 is a diagram illustrating a process of using an electronic signature result processed through the secure OS 120 according to an embodiment of the present invention.

8 shows an electronic signature result corresponding to the digital signature process performed through the process shown in FIG. 6 or FIG. 7 in the program (s) 235 of the secure OS 120, (N) 200 of the program (n) 200 and providing the designated service using the digital signature result in the program (n) 200. The program If so, it will be possible to refer to and / or modify the FIG. 8 to derive various implementations of the process of using the digital signature results (e.g., omitting some steps or changing the order) The present invention is not limited to the above-described embodiment.

Referring to FIG. 8, when an electronic signature result for the digital signature process performed through the process shown in FIG. 6 or 7 is generated, the program (s) 235 transmits the digital signature result to the general OS 110 (800), processing the OS of the wireless terminal (100) to switch to the general OS (805), and providing the wireless terminal (100) with the program (n) (N) 200 of the general OS 110 restores the state of the program (n) 200 before switching to the secure OS 120 when the OS of the general OS 110 is switched to the general OS 110 (810).

The program 200 of the general OS 110 identifies and accesses a memory area shared with the program s 235 of the secure OS 120 in step 815, (S) 235 of the user terminal 120 (820).

When the result of the digital signature is confirmed, the program (n) 200 reads the digital signature result and checks 825 whether the digital signature process through the secure OS 120 is completed (or succeeded). If the digital signature processing through the secure OS 120 fails, the program (n) 200 may output an error and initialize the operation of the program (n) 200 (830). Meanwhile, if the digital signature process through the secure OS 120 is completed (or succeeded), the program (n) 200 performs an electronic signature-based service operation procedure corresponding to the digital signature completion (or success) 835).

100: wireless terminal 110: general OS
115: Generic kernel 120: Security OS
125: Security Monitor 130: Security Kernel
200: program (n) 205: digital signature judgment unit
210: information confirmation unit 215: information configuration unit
220: Interworking procedure unit 225: Result confirmation unit
230: Digital signature use part 235: Program (s)
240: certificate storage unit 245: PIN registration unit
250: interworking processor 255: PIN authenticator
260: signature interworking unit 265: signature verification unit
270: Certificate verification unit 275: Signature key extraction unit
280: digital signature unit 285:
290: digital signature processing unit 295:

Claims (19)

A method for executing a secure operating system (OS) having a secure kernel and a normal operating system (OS) having a kernel structure,
A first step in which the program (n) of the general OS allocates a memory area accessible by the designated program (s) of the secure OS or identifies an allocated memory area;
The program (n) providing signature request information to the memory area;
A third step of the program (s) of the secure OS verifying signature request information from the memory area;
A fourth step of the program (s) confirming signature subject information based on the signature request information;
The program (s) extracts a signature key from a certificate provided in the secure OS and generates an electronic signature value for the signature subject information or verifies an electronic signature value generated through an HSM (Hardware Security Module) step; And
And a sixth step of the program (s) transmitting the digital signature value to a designated server using a communication means of the wireless terminal.
The method of claim 1,
And a trust zone installed in the processor. The method for providing a secure signature using the secure operating system.
The method according to claim 1,
Further comprising the step of identifying whether the program (n) has the program (s) assigned to the secure OS mounted or the identification information identifying the program (s) mounted on the secure OS in the general OS storage area,
Wherein the first step comprises the step of allocating or confirming the memory area by the program (n) when the program (s) is loaded in the secure OS. Way.
The method according to claim 1,
Further comprising the step of the program (s) storing the user's certificate in the certificate storage area of the secure OS or the HSM,
Wherein the first step comprises the step of allocating or confirming the memory area by the program (n) when the user's certificate is stored in the certificate storage area of the secure OS or in the HSM. How to provide a secure signature.
The method according to claim 1,
Further comprising the step of storing and holding status information on the program (n) immediately before the program (n) is switched to the secure OS,
Wherein the second step comprises the step of providing the signature request information to the memory area after the state information is stored.

2. The method according to claim 1,
Further comprising the step of the program (n) operating a secure OS through a SMC (Secure Monitor Call) command.
2. The method according to claim 1,
Wherein the program (n) allocates the memory area to a general OS or identifies a pre-allocated memory area.
2. The method according to claim 1,
Wherein the program (n) allocates the memory area to the security monitor performing the switching procedure between the general OS and the secure OS, or identifies the pre-allocated memory area.
2. The method according to claim 1,
Wherein the program (n) allocates a memory area accessible from the program (s) of the secure OS to the security server on the network or identifies a pre-allocated memory area.
2. The method according to claim 1,
Further comprising setting the program (n) as a process of a general OS side in which the program (n) refers to the memory area.
2. The method according to claim 1,
Characterized in that the program (n) of the general OS constructs signature request information for confirming signature subject information from a server specified by the communication means of the wireless terminal in the program (s) of the secure OS and provides the signature request information to the memory area A method for providing a secure signature using a secure operating system.
The method according to claim 1,
Before providing the signature request information to the memory area,
Further comprising a step in which the program (n) of the general OS receives signing object information from a designated server via communication means of the wireless terminal,
Wherein the second step comprises constructing signature request information including the signature subject information and providing the signature request information to the memory area.
The method according to claim 1,
Before providing the signature request information to the memory area,
Further comprising the step of the program (n) of the general OS generating the signature subject information,
Wherein the second step comprises constructing signature request information including the signature subject information and providing the signature request information to the memory area.
The method according to claim 1,
After the program (s) checks signature request information from the memory area,
Receiving the PIN (Personal Identification Number) by accessing the input means of the wireless terminal through the security OS; And
And authenticating the validity of the PIN entered through the secure OS. The method of claim 1, further comprising:
The method according to claim 1,
After the program (s) checks the digital signature value,
Further comprising encrypting the generated digital signature value so that the program (s) can be decrypted via a designated server,
And the sixth step transmits the encrypted digital signature value to the designated server through the communication means of the wireless terminal.
The method according to claim 1,
After the program (s) checks the digital signature value,
The program (s) generating signature data including the generated digital signature value,
And the sixth step transmits the signature data to a designated server through the communication means of the wireless terminal.
The method according to claim 1,
After the program (s) checks the digital signature value,
The program (s) generating signature data including the generated digital signature value; And
Further comprising encrypting the generated signature data so that the program (s) can be decrypted via a designated server,
And the sixth step transmits the encrypted signature data to the designated server through the communication means of the wireless terminal.

The method according to claim 1,
After the program (s) sends the digital signature value to the designated server,
Generating an electronic signature result using the electronic signature value; And
And providing the program (s) with the digital signature result to the memory area.
19. The method of claim 18,
After the program (s) provides the digital signature result to the memory area,
The program (n) verifying the digital signature result from the memory area; And
And providing the digital signature based service on the basis of the digital signature result by the program (n).

Images