KR20170040721A - Authentication apparatus based on public key cryptosystem, mobile device having the same and authentication method thereof - Google Patents

Abstract

An authentication apparatus included in a device supporting a network communication according to the present invention comprises: a certificate handler receiving a certificate of the other party, and analyzing or verifying the received certificate; a cryptographic primitive receiving an authentication request of the other party, generating a random number in response to the authentication request, generating a challenge corresponding to the random number, and verifying the response of the other party corresponding to the challenge; a shared memory storing the analyzed certificate, the random number, the challenge, and the response; and an authentication controller controlling the certificate handler, the cryptographic primitive, and the shared memory through a register setting according to an authentication protocol.

Description

TECHNICAL FIELD [0001] The present invention relates to an authentication device based on a public key cryptosystem, a mobile device having the authentication device, and an authentication method thereof. [0002]

The present invention relates to an authentication apparatus based on a public key cryptosystem, a mobile apparatus having the same, and an authentication method thereof.

Internet of things (IoT) refers to the technology of connecting sensors and communication functions to various objects and connecting them to the Internet. Here, things become various embedded systems such as household appliances, mobile equipment, and wearable computers. In the IoT environment, various devices connect to the network, communicate with each other, and share data, thereby providing a service for the user. At this time, sensitive data related to the privacy of the user is transmitted through the network and used for the service. In order to provide the service while protecting the personal information, the identity of the other party of the communication is confirmed, and the device can protect the privacy through the interaction with the authenticated party and can provide the service desired by the user.

In recent years, the subject of authentication has also been expanded to require authentication between components within the device. Even if it is not a device in the IoT environment, if the function of a part is provided between parts without authentication, an attack on the user's sensitive data may cause a privacy invasion accident. In addition, problems such as the production of counterfeit products due to reuse and theft of specific parts may occur. Such authentication at the component level can perform the function of activation by checking the identity of the other party, that is, the part, and furthermore, by protecting the privacy of the user, a more secure service can be provided. Therefore, there is a need for a lightweight authentication device that can be applied not only to the device but also to the component level.

An object of the present invention is to provide an authentication apparatus that can be reduced in weight, a mobile apparatus having the same, and an authentication method thereof.

An authentication device included in an apparatus for supporting network communication according to an embodiment of the present invention includes a certificate handler for receiving a certificate of a counter party and inputting, analyzing, or verifying the received certificate, Generating a random number in response to the authentication request, generating a challenge corresponding to the random number, verifying a response of the counterpart corresponding to the challenge, or generating a response of an authentication device corresponding to a challenge of the counterpart An authentication controller for controlling the certificate handler, the cipher primitives, and the shared memory through register settings according to an authentication protocol, a shared memory for storing the random number, the challenge, the response, .

A mobile device according to an embodiment of the present invention includes a first component and a second component, wherein at least one of the first and second components includes an authentication device, A certificate handler for inputting, analyzing, or verifying the certificate of the certificate, generating a random number, generating a challenge corresponding to the random number, verifying the response of the counterpart corresponding to the challenge, A random number, a challenge, a shared memory for storing the response, and a register setting according to an authentication protocol upon request of the other party or an authentication request of the other party And a controller for controlling the certificate handler, the encryption primitives, and the shared memory.

An authentication method of an authentication apparatus according to an embodiment of the present invention includes the steps of receiving an authentication request from a counter party, setting a first register indicating the authentication request to be readable and writable, The method comprising: generating a challenge; setting a second register for storing the first challenge to be readable and writable; receiving a first certificate and a first response corresponding to the first challenge from the partner; The method comprising: setting a first certificate, a value for verifying the first certificate, information data, and registers for storing the first response to be readable and writable, verifying the first certificate and the first response And setting registers for storing intermediate values or result values of the verification to be read / write enabled.

An authentication apparatus according to an embodiment of the present invention may receive an authentication request of a counterpart, verify a response of the counterpart in response to the authentication request, or generate a response of an authentication apparatus corresponding to a counterparty's challenge.

The authentication device according to the present invention, the mobile device including the authentication device, and the authentication method thereof can reduce the conventional memory to be used independently among components as the memory is shared, By eliminating a central processing unit (CPU) or nonvolatile memory (NVM), it can be light-weighted.

Brief Description of the Drawings FIG. 1 is an exemplary diagram illustrating a network system illustrating an authentication method of an apparatus having an authentication apparatus according to an embodiment of the present invention.
2 is a block diagram illustrating an authentication apparatus according to an exemplary embodiment of the present invention.
FIG. 3 is a block diagram illustrating an exemplary authentication controller shown in FIG. 2. FIG.
FIG. 4 is a block diagram illustrating an exemplary cryptographic primitive shown in FIG. 2. FIG.
FIG. 5 is an exemplary diagram illustrating data areas to be stored in a shared memory when an authentication protocol of an authentication apparatus according to an embodiment of the present invention is performed.
6 is an exemplary diagram illustrating reuse of input / output values of each component stored in a shared memory in another component when an authentication apparatus according to an embodiment of the present invention performs an authentication protocol.
FIG. 7 is a diagram illustrating an exemplary authentication protocol process of an authentication apparatus according to an exemplary embodiment of the present invention. Referring to FIG.
8 is a diagram illustrating an example of rights management for internal information when an authentication apparatus according to an embodiment of the present invention proceeds with a single authentication protocol.
9 is a ladder diagram conceptually illustrating a single authentication protocol of an authentication apparatus according to an embodiment of the present invention.
10 is a diagram for explaining a process of receiving an authentication request when the authentication apparatus of the authentication apparatus according to the embodiment of the present invention is in progress.
11 is a view for explaining a process of generating a challenge corresponding to an authentication request when an authentication protocol of an authentication apparatus according to an embodiment of the present invention is performed.
12 is a diagram for explaining a process of receiving a public key certificate and a response of a counterpart when a single authentication protocol of an authentication device according to an embodiment of the present invention is performed.
FIG. 13 is a view for explaining a process of verifying a public key certificate and a response of a counterpart when the single authentication protocol of the authentication device according to the embodiment of the present invention is performed.
FIG. 14 is a diagram illustrating an exemplary process of a mutual authentication protocol process of an authentication apparatus according to an embodiment of the present invention.
FIG. 15 is a diagram illustrating an example of rights management for internal information when an authentication apparatus according to an embodiment of the present invention performs a mutual authentication protocol.
16 is a ladder diagram conceptually illustrating a mutual authentication protocol of an authentication apparatus according to an embodiment of the present invention.
17 is a diagram for explaining a process of transmitting a public key and a challenge of an authentication apparatus to a counterpart when a mutual authentication protocol of an authentication apparatus according to an embodiment of the present invention is performed.
18 is a diagram for explaining a process of receiving a public key certificate, a response, and a challenge of a counterpart when a mutual authentication protocol of an authentication device according to an embodiment of the present invention is performed.
19 is a diagram for explaining a process of generating a response of an authentication apparatus in response to a challenge to a counterpart when a mutual authentication protocol of the authentication apparatus according to an embodiment of the present invention is performed.
FIG. 20 is a diagram for explaining a process of generating a shared secret key when an authentication protocol of an authentication apparatus according to an embodiment of the present invention is performed.
21 is an exemplary illustration of a mobile device in accordance with an embodiment of the present invention.
22 is a diagram illustrating an exemplary IoT network system according to an embodiment of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features and advantages of the present invention will be more apparent from the following detailed description taken in conjunction with the accompanying drawings, in which: FIG. The embodiments according to the concept of the present invention can make various changes and can take various forms, so that the embodiments are illustrated in the drawings and described in detail herein. It should be understood, however, that there is no intention to limit the embodiments according to the concepts of the present invention to the specific disclosed embodiments, and all changes, equivalents, or alternatives included in the spirit and scope of the present invention.

Since the authentication apparatus based on the public key cryptosystem according to the present invention has a dedicated module for reducing the conventional memory to be used independently among the components and sharing the memory and performing the authentication protocol, by removing the central processing unit (NVM) or nonvolatile memory (NVM).

Authentication devices require dedicated cryptographic hardware to perform the functions required to provide services based on a public key cryptosystem at high speed. This is because the public key cryptosystem can perform integer operations based on a cryptographic hard problem requiring high computation, such as modular addition / subtraction / multiplication / exponentiation and elliptic curve point addition / doubling, scalar multiplication and message digest, and so on.

In addition, the authentication apparatus can be implemented by combining an integer calculator and a hash calculator for reducing a message. At this time, each functional component may have mutually overlapping resources. For example, each component may require a separate memory (e.g., static random access memory (SRAM)) to perform its functions. Since such memory may be a redundant resource between components, it may be used as a shared memory for optimization and lightweight construction of an authentication device.

Further, by storing the internal variables of the respective components in the shared memory, the size of each component can be minimized. In an embodiment, an authentication function of a product such as a flip-cover of a smartphone, a battery, and a power cable may be implemented so as to perform authentication after providing a service or providing a service first . If the authentication fails, the corresponding service can be immediately stopped.

The authentication apparatus according to the embodiment of the present invention may not use an independent CPU for performing authentication based on the public key cryptosystem and an NVM for storing the SW for performing the authentication procedure. In addition, an internal component of the authentication apparatus according to the embodiment of the present invention can continuously access and operate the shared memory. In addition, the exclusively operating components can share the memory. At this point, the components can share the necessary data with each other through the memory.

1 is an exemplary diagram illustrating a network system 10 showing an authentication method of devices A and B having an authentication device according to an embodiment of the present invention. Referring to FIG. 1, the network system 10 may include a network 11 for wired / wireless connection of the devices A, B, and C to each other. In an embodiment, the network 11 may be an internet of things (IoT) network. In FIG. 1, three devices A, B and C are connected to the network 11 for convenience of explanation. However, the number of devices connected to the network 11 will not be limited thereto.

The first device A and the second device B may each include a corresponding authentication device 100, 200. Unlike the first and second devices A and B, the third device C may not include an authentication device.

As shown in FIG. 1, the network system 10 according to the present invention can be roughly divided into two types. First, mutual authentication between mutual (or 'bidirectional') authentication between devices A and B having authentication devices 100 and 200 and authentication of device A or B having authentication device 100 or 200 (Unilateral or " unidirectional ") authentication between the device C having no authentication device and the device C having no authentication device. In an embodiment, the first device A is a flip cover that wraps a smartphone, the second device B is a smartphone, and the third device C is a device that does not include an authentication device .

The authentication device (e.g., 200) may also be used to perform internal authentication between the first and second components 201, 202 of device B, Internal authentication can include mutual authentication or single authentication as external authentication. In an embodiment, the first component 201 may be a display driver integrated chip (DDI) device and the second component 202 may be a display device. In FIG. 1, device B illustrates one authentication device 200 included in component 201. However, the present invention is not limited thereto. Although not shown, other components 202 of device B may also include an authentication device. The method of configuring the authentication apparatus 100 of the first apparatus A may be similar to that of the authentication apparatus 200 of the second apparatus B although not shown.

On the other hand, it should be understood that the network system 10 shown in FIG. 1 is only an embodiment that does not limit the present invention

FIG. 2 is a block diagram illustrating an authentication apparatus 100 according to an exemplary embodiment of the present invention. Referring to FIG. Referring to FIG. 2, the authentication device 100 may include an authentication controller 110, a certificate handler 120, cryptographic primitives 130, and a shared memory 140.

The authentication controller 110 may be implemented to perform an authentication protocol based on a public key cryptosystem. Here, the authentication protocol may be an external authentication protocol with an external device or an internal component and an internal authentication protocol. The authentication controller 110 can directly take charge of the authentication protocol through communication with the other party. For example, the authentication controller 110 may repeatedly invoke the components 120 and 130 that perform a unit operation to perform an operation required when proceeding with an authentication protocol. In addition, the authentication controller 110 may share the shared memory 140 by sequentially controlling the operation timing of the respective components 120 and 130. That is, the authentication controller 110 includes a certificate handler 120, a cryptographic primitive 130, and a shared memory 140 (not shown) so that a value input and output through the shared memory 140 can be used by another component, Can be controlled. In an embodiment, the authentication controller 110 may control the certificate handler 120, the encryption primitive 130, and the shared memory 140 for the authentication protocol via register settings.

The certificate handler 120 may be implemented to manage public key certificates. The certificate handler 120 may generate, analyze, or verify a certificate. The certificate handler 120 may parse the certificate entered from the other party and store the parsed certificate in the shared memory 140. [ For example, the certificate handler 120 receives the public key certificate of the other party and can verify that the public key certificate of the other party is valid by using the root certificate of the certificate authority (CA).

The certificate handler 120 may be implemented to access the shared memory 140 from time to time to maintain the public key certificate. That is, the certificate handler 120 may be implemented to store the internal variables for generating or verifying the public key certificate in the shared memory 140.

The encryption primitive 130 may be implemented to perform a public key cryptographic operation, perform a hash operation, or generate a random number.

In an embodiment, the cryptographic primitive 130 may generate a challenge in response to an authentication request of the other party in the course of the authentication protocol. Here, the challenge can be obtained by inputting a random number into the hash algorithm. In addition, the cryptographic primitive 130 may verify the response generated in the other party in response to the challenge of the authentication device 100. [ For example, the lease entered from the other party may be a value obtained by signing the challenge of the authentication device 100 with the other party's private key. At this time, the encryption primitive 130 can verify the response of the counterpart by decrypting the challenge using the counterpart's response (signature value) and the counterpart's public key (certificate).

In addition, the cryptographic primitive 130 may generate a response (or signature value) of the authentication device corresponding to the challenge issued by the counterpart.

In an embodiment, the cryptographic primitive 130 may generate a mutual shared secret using a random number generated in the course of mutual authentication protocol.

The encryption primitives 130 may be implemented to access the shared memory 140 from time to time to continuously perform a public key cryptographic operation, perform a hash operation, or generate a random number. That is, the encryption primitive 130 can be implemented to store the internal variables for the cryptographic operation, the hash operation, or the random number generation in the shared memory 140.

The shared memory 140 is implemented to store data for operation of at least one of the authentication controller 110, the certificate handler 120, and the encryption primitives 130, data generated during operation, . In an embodiment, the shared memory 140 may be implemented as a volatile memory, a nonvolatile memory, or a hybrid memory composed of volatile memory and nonvolatile memory. For example, the shared memory 140 may be a dynamic random access memory (DRAM), a static random access memory (SRAM), an embedded multimedia card (eMMC), or the like. The input / output control operation of the shared memory 140 may be performed by the authentication controller 120. [ That is, the authentication controller 120 may include a memory controller for controlling the shared memory 140.

In an embodiment, the components 110, 120, 130, 140 of the authentication device 100 may be implemented to be interconnected by data lines 101, 102, 103, 104, Each of the data lines 101, 102, 103, 104, and 105 may be used as an input / output line of internal data generated when performing an authentication protocol.

The components 110, 120, and 130 of the authentication device 100 of the present invention may share the shared memory 140. Therefore, the input / output of each of the components 110, 120, and 130 can be shared with other components. That is, the authentication apparatus 100 of the present invention can reduce the weight of the authentication apparatus by reducing the conventional memory that uses the constituent elements independently.

In addition, the authentication apparatus 100 of the present invention includes the component 110 that exclusively performs the authentication protocol, thereby eliminating the CPU or NVM for driving SW (software) for authentication in the conventional authentication apparatus have. That is, the authentication device can be lightened. In addition, since the authentication apparatus 100 of the present invention does not need to store the SW for proceeding with the authentication protocol, it is possible to exclude the possibility of the malfunction of the authentication apparatus due to the up / modulation of the SW.

The authentication apparatus 100 of the present invention may be configured such that a user inputs a public key certificate to the authentication apparatus 110 using an authentication controller 110 that performs an authentication protocol and a certificate handler 120 that processes a public key certificate And can operate the authentication device 100 based on the public key cryptosystem.

Meanwhile, the authentication device 100 of the present invention can be applied to various devices and parts to provide various authentication functions in various environments. The public key cryptosystem-based authentication protocols supported by the authentication apparatus 100 of the present invention are single authentication and mutual authentication.

Each component can operate organically according to the operation in which the authentication protocol is performed. In the embodiment, in the case of the single authentication, the result of the operation of the authentication apparatus 100 is a result of the identification of the other party. In another embodiment, in the case of mutual authentication, the result of operation of the authentication device 100 is a sharing of the identity of the other party and a secret value to be used to generate a session key for subsequent secret communication.

On the other hand, it should be understood that the authentication apparatus 100 shown in FIG. 2 is merely an embodiment that does not limit the present invention.

FIG. 3 is a block diagram illustrating the authentication controller 110 shown in FIG. 2 by way of example. Referring to FIG. 3, the authentication controller 110 may include registers 112 and one-time programmable memory 114.

The registers 112 include a first register 112-1 for storing an execution value for instructing the start of authentication protocol processing of the authentication apparatus 100, a second register 112-1 for storing a ready value to be set when receiving an authentication request 112-2, and a third register 112-3 that stores authentication result values. When the first register 112-1 is set, the authentication apparatus 100 can start the authentication protocol operation. Upon receiving an authentication request from an external device, the second register 112-2 can be set. When the authentication protocol is successfully completed, the third register 113-3 can be set.

The one-time programmable memory 114 may be implemented to store a certificate 114-1 for the authentication device 110. [ The certificate 114-1 may include a public key 114-2 and a secret key 114-3 of the authentication device 110 required to perform a public key cryptographic system based authentication protocol . The one-time programmable memory 114 may be implemented with a counter measure to protect the secret key 114-3.

On the other hand, it should be understood that the authentication controller 110 shown in FIG. 3 is only an embodiment that does not limit the present invention.

FIG. 4 is a block diagram illustrating an exemplary encryption primitive 130 shown in FIG. 4, the cryptographic primitive 130 may include a public key accelerator 131, a hash function 132, and a random number generator 133.

The public key accelerator 131 may be implemented to perform a modular operation or a point operation required for the authentication protocol. In an embodiment, the public key accelerator 131 and the authentication controller 110 may be coupled through a data line 103-1. In an embodiment, the public key accelerator 131 and the shared memory 140 may be connected via a data line 104-1.

The hash function 132 may be implemented to perform a hash algorithm. In an embodiment, the hash function 132 and the authentication controller 110 may be connected via a data line 103-2. In an embodiment, the hash function 132 and the shared memory 140 may be connected via a data line 104-2.

The random number generator 133 may be implemented to generate a random number. In an embodiment, the random number generator 133 and the authentication controller 110 may be connected via a data line 103-3. In an embodiment, the random number generator 133 and the shared memory 140 may be connected via a data line 104-3.

Further, in the embodiment, the data lines 103-1, 103-2, and 103-3 are included in the data line 103 shown in FIG. 2, and the data lines 104-1 104-2 and 104-4 -3) may be included in the data line 104 shown in FIG.

On the other hand, it should be understood that the cipher primitives 130 shown in FIG. 4 are merely examples that do not limit the present invention.

5 is an exemplary diagram illustrating data areas to be stored in the shared memory 140 when the authentication protocol of the authentication apparatus 100 according to the embodiment of the present invention is performed.

The shared memory 130 includes a first area 141 for storing a challenge of the authentication device 100 generated by the authentication controller 110 when the authentication protocol is executed, A second area 142 for storing a response generated by the opponent in response to the request, a third area 143 for storing a certificate parsed from the other party, A fourth area 144 for storing the challenge, a fifth area 145 for storing the response generated in the authentication device 100 in response to the other party's challenge, and an intermediate value for the authentication protocol And a seventh area 147 for storing a hashed value which is a result of the sixth area 146 and the hash function 124 (see FIG. 4). Here, the third area 143 includes an area 143-1 for storing a public key of the other party, an area 143-2 for storing a value for signature verification, and information data necessary for performing other authentication protocols And an area 143-3 for storing data.

6 illustrates an example of reusing input / output values of each of the components 110, 120, and 130 stored in the shared memory 140 in another component when the authentication apparatus 100 according to an embodiment of the present invention performs an authentication protocol. It is the drawing which shows it as enemy.

The input / output values of the priority components 110, 120, and 130 may be stored as follows. The input and output values of the public key accelerator 131 may be stored in the sixth area 146 of the shared memory 140 via the data line 104-1. The input and output values of the hash function 132 may be stored in the seventh area 147 of the shared memory 140 via the data line 104-2. The input / output values of the random number generator 133 may be stored in the first area 141 of the shared memory 140 via the data line 104-3. The input / output values of the certificate handler 120 may be stored in the third area 143 of the shared memory 140 via the data line 102.

In addition, the values stored in the shared memory 140 may be reused in other components as follows. In an embodiment, the challenge value stored in the first area 141 may be reused in the hash function 132 via the data line 104-5 and the result value stored in the seventh area 147. [ The hash value stored in the seventh region 147 may be reused in the public key accelerator 131 via the data line 104-6 and the resulting value may be stored in the sixth region 146 . In an embodiment, the parsed certificate of the third region 143 may be reused in the public key accelerator 131 via the data line 104-7, and the resulting value may be stored in the sixth region 146 . In an embodiment, the parsed certificate of the third region 143 may be reused in the hash function 132 via the data line 104-8, and the resulting value may be stored in the seventh region 147. [

On the other hand, each of the components 110, 120, and 130 of the authentication device 100 can repeatedly access the memory 140 from time to time and generate an output value.

On the other hand, it should be understood that the method of reusing input / output values of the components 110, 120, and 130 shown in FIG. 2 is merely an embodiment that does not limit the present invention.

FIG. 7 is a diagram illustrating an exemplary authentication protocol process of an authentication apparatus according to an exemplary embodiment of the present invention. Referring to FIG. Referring to Figs. 1 to 7, the single authentication protocol of the authentication apparatus 100 can be proceeded as follows.

When the authentication device 100 is reset, the authentication device 100 may be in the initial state S110. In addition, transition may be made from the end state (S160) to the initial state (S110) by the initializing operation. Also, the transition from the failure state (S170) to the initial state (S110) can be made by reset.

(S111), the transition from the initial state (S110) to the standby state (S120) can be performed based on an apparatus including the authentication apparatus 100 or an internal signal. In the waiting state (S120), an authentication request can be awaited from the other party to proceed with the authentication protocol. When the authentication request is inputted from the other party (S121), the authentication apparatus 100 can be transited to the challenge occurrence state (S130). Where the challenge value may be generated in the random number generator 133 of the cipher primitives 130 (see also). The generated challenge value can be transmitted to the outside of the authentication apparatus 100, that is, to the other party. When the challenge transmission is completed (S131), the state can be switched to the public key and response input state (S140) of the other party. In S140, a public key of the other party to be authenticated and a response to the challenge of the authentication device 100 may be transmitted from the other party. If the public key of the other party and the lease field are input (S141), the authentication device 100 can be transitioned to the public key and response verification state (S150). In S150, if verification of the public key of the other party is performed and it is determined that the public key is a valid public key as the public key verification result, verification of the response can be performed.

If this verification is successful (S151), the authentication apparatus 100 can transition to the end state (S160) for the authentication protocol. On the other hand, if this verification fails (S152), the authentication apparatus 100 can transition to the failure state (S170) for the authentication protocol.

On the other hand, it should be understood that the process of the single authentication protocol shown in FIG. 7 is merely an embodiment that does not limit the present invention.

Meanwhile, the authentication apparatus 100 according to the embodiment of the present invention may set a value generated during the operation of the single authentication protocol or a read / write permission for the values for the progress in the respective operation steps differently. As a result, a specific value is modulated by the attacker, so that an action affecting the authentication result can be blocked. To this end, the authentication controller 110 shown in FIG. 3 may store the values stored in the registers 112 (see FIG. 3) or the values stored in the one-time programmable memory 114 (see FIG. 3) The access rights to the stored values can be adjusted.

 8 is a diagram illustrating an example of rights management for internal information when an authentication apparatus according to an embodiment of the present invention proceeds with a single authentication protocol.

In the initial state (S110), both the reading and the writing are possible for the execution value. In the standby state (S120), the execution value is readable, and the read ready value is both readable and writable. In the challenge occurrence state (S130), the execution value and the request preparation value are readable, and the challenge of the authentication apparatus 100 is both readable and writeable. In the public key and response input state (S140), the execution value and the request preparation value are readable, and the public key value, the certificate verification value, the information data, and the response value of the other party are both readable and writable Do. In the public key and response validation state S150, it is possible to read out the execution value, the request preparation value, the challenge value of the authentication device, the public key value of the counterpart, the certificate verification value, the information data, The median value for the protocol, the hash value, and the authentication result value are both readable and writable. In the end state (S160) and the failure state (S170), the authentication result value is readable, and writing is impossible.

In an embodiment, the read and write rights settings may be implemented by status registers that store corresponding bit values.

On the other hand, values other than the values shown in the table of FIG. 8 may not allow reading or writing.

FIG. 9 is a ladder diagram conceptually illustrating a single authentication protocol of the authentication apparatus 100 according to the embodiment of the present invention. Referring to FIG. 9, the single authentication protocol of the authentication apparatus 100 may proceed as follows. The authentication apparatus 100 receives the authentication request from the counterpart 300 (S11), generates a challenge in response to the authentication request, and transmits the challenge to the counterpart 300 (S12). The other party 300 may generate a response using the transmitted challenge. The authentication apparatus 100 receives the public key and the response of the other party 300 (S13), and can verify them using the secret key of the authentication apparatus (S14). Thereby, the single authentication protocol can be terminated.

In the embodiment, the other party 300 is another component of the device B (see FIG. 1) including the authentication device 100, or a device C outside the device including the authentication device 100 .

FIG. 10 is a diagram for explaining a process of receiving an authentication request when the authentication apparatus 100 according to the embodiment of the present invention performs a single authentication protocol. 7 to 10, the authentication request can be input as follows. The authentication apparatus 100 can receive an authentication request in a standby state (S120, see FIG. 7) (S11). Here, the authentication request can be input from the device A. [ The device A can receive an authentication request from another component of the device A or receive an authentication request from an external device of the device A and can transmit the authentication request to the authentication device 100. [ In an embodiment, the authentication request may be input to the authentication controller 110.

11 is a view for explaining a process of generating a challenge corresponding to an authentication request when the authentication apparatus 100 according to an exemplary embodiment of the present invention conducts a single authentication protocol. Referring to FIGS. 7 to 11, a process of generating a challenge is as follows. In order to generate the challenge, the authentication controller 110 may control the hash function 132 and the random number generator 133 in response to the authentication request (S12-1). The random number generator 133 generates a seed value corresponding to the challenge according to the control of the authentication controller 110 and transmits the generated seed value to the shared memory 140 (S12-2). The hash function 132 generates a random value using the seed value under the control of the authentication controller 110 and may transmit the generated random value to the shared memory 140 (S12-3). Here, the random value may be a challenge value. 11, it is to be understood that the challenge value generation process using the hash function 132 and the random number generator 133 is merely an embodiment that does not limit the present invention.

In an embodiment, the authentication controller 110 may control the input / output of the shared memory 140 (S12-4).

FIG. 12 is an exemplary diagram illustrating a process of receiving a public key certificate and a response of a counterpart when a single authentication protocol of the authentication apparatus 100 according to an embodiment of the present invention is performed. Referring to FIGS. 7 to 12, the process of receiving the public key certificate and the response of the other party is as follows.

The authentication apparatus 100 can receive a certificate (including a public key) of the partner 300 and a response to the challenge. The certificate of the other party 300 may be input to the certificate handler 120 and stored in the shared memory 140 (S13-1). The certificate handler 120 may process the other's certificate stored in the shared memory 140 according to a predetermined procedure (S13-2). Also, the responder of the other party may be stored in the shared memory 140 via the certificate controller 110 (S13-3). The authentication controller 110 may control the overall operation of the shared memory 140 for public key certificate and response input (S13-4).

13 is a diagram for explaining a process of verifying a public key certificate and a response of a counterpart when an authentication protocol of the authentication device 100 according to an embodiment of the present invention is performed. 7 to 13, the process of verifying the public key certificate and response of the other party 300 is as follows.

The authentication controller 110 may verify the public key certificate and the response by repeatedly operating the cryptographic primitive 120 and the shared memory 140 (S14-1). The public key accelerator 131 may access the shared memory 140 repeatedly in the public key certificate and response verification operations (S14-2). The hash function 132 may access the shared memory 140 repeatedly during the public key certificate and response verification operations (S14-3).

Meanwhile, the authentication apparatus 100 according to the embodiment of the present invention is applicable to a mutual authentication protocol.

FIG. 14 is a diagram illustrating an exemplary process of a mutual authentication protocol process of an authentication apparatus according to an embodiment of the present invention. Referring to Figs. 1 to 6 and 14, the mutual authentication protocol of the authentication apparatus 100 may proceed as follows.

S210, S220, and S230 may be performed in the same or similar manner to steps S110, S120, and S130 shown in FIG. 7, respectively, so that their descriptions are omitted here.

When a challenge for proceeding with the mutual authentication protocol occurs (S231), the authentication device 100 can transmit the certificate and challenge having the public key of the authentication device 100 (S240).

When the certificate and the challenge having the public key of the authentication device 100 are transmitted to the other party (S241), the other party receives the public key certificate and challenge of the authentication device 100, verifies the public key certificate and the challenge, And a challenge, and a response corresponding to the challenge of the authentication device 100. [ The authentication apparatus 100 can receive the public key certificate and the response of the other party (S250).

When the authentication apparatus 100 receives the public key certificate and the challenge and response of the other party (S251), the authentication apparatus 100 can verify whether the public key certificate and the responder of the other party are valid (S260). On the other hand, if the authentication apparatus 100 does not receive the other party's public key certificate and challenge and response during a predetermined time (S252), the authentication apparatus 100 enters the mutual authentication protocol failure state 295 .

If the verification is successful (S261), the authentication apparatus 100 can generate a response and transmit it to the other party (S270). On the other hand, if the verification fails (S262), the authentication apparatus 100 can enter the mutual authentication protocol failure state (S295).

When the occurrence and transmission of the response of the authentication apparatus 100 is completed (S271), the authentication apparatus 100 can generate a shared secret key (S280). When the generation of the shared secret key is completed (S281), the authentication apparatus 100 can terminate the mutual authentication protocol (S290).

Meanwhile, it should be understood that the process of the mutual authentication protocol shown in FIG. 14 is merely an embodiment that does not limit the present invention.

Meanwhile, the authentication apparatus 100 according to the embodiment of the present invention may set a value generated during the mutual authentication protocol process or a read / write permission for the values for the progress in the respective operation steps differently.

FIG. 15 is a diagram illustrating an example of rights management for internal information when an authentication apparatus according to an embodiment of the present invention performs a mutual authentication protocol.

In the initial state (S210), reading and writing are both possible for the execution value. In the standby state (S220), the execution value is readable, and the read ready value is both readable and writable. In the challenge occurrence state (S230), the execution value and the request preparation value are readable, and the challenge of the authentication apparatus 100 is both readable and writeable.

In the public key and challenge transmission state (S240), the execution value, the request preparation value, the challenge value of the authentication apparatus 100, and the public key certificate of the authentication apparatus 100 are readable and not writable.

In the public key and response input state (S250), the public key certificate, the certificate verification value, the information data, the response value corresponding to the challenge of the authentication apparatus 100, Can be read and written.

In the public key and response validation state (S260), the execution value, the request preparation value, the challenge value of the authentication device, the counterpart's public key certificate, the certificate verification value, the information data, The response value is readable, the intermediate value for the authentication protocol, the hash value, and the authentication result value are both readable and writable.

The response value, the request preparation value, the challenge value of the authentication device 100, the secret key value of the authentication device 100, the public key certificate of the other party, and the information data are readable in the responder generation and transmission state (S270) , The intermediate value for the authentication protocol, the hash value, and the authentication result value are both readable and writable.

In the shared secret key generation state S280, the execution value, the request preparation value, the challenge value of the authentication apparatus 100, and the challenge value of the other party are readable, and the intermediate value, the hash value, Both reading and writing are possible.

In the end state (S290) and the failure state (S295), the authentication result value is readable, and writing is impossible.

16 is a ladder diagram conceptually illustrating a mutual authentication protocol of the authentication apparatus 100 according to the embodiment of the present invention. Referring to FIG. 16, the mutual authentication protocol of the authentication apparatus 100 may proceed as follows. The authentication apparatus 100 receives an authentication request from the other party 400 in step S21, and may generate a challenge (Challenge_A) in response to the authentication request (S23). The authentication apparatus 100 may transmit a certificate (Certificate_A) having a public key of the authentication apparatus 100 and a challenge (Challenge_A) to the other party 400 for mutual authentication protocol (S24).

The other party 400 can verify the certificate (Certificate_A) of the transmitted authentication device 100 and generate a response corresponding to the challenge (Challenge_A) of the authentication device 100. [ As a result of the verification, if the certificate (Certificate_A) of the authentication apparatus 100 is valid, the other party 400 generates a response (Response_O) corresponding to the challenge of the authentication apparatus 100 and a challenge (Challenge_O) .

The authentication apparatus 100 can receive a certificate (Certificate_O) having a public key of the counter party 400, a response (Response_O) of the counter party 400 and a challenge (Challenge_O) of the counterpart 400 (S25). Thereafter, the authentication apparatus 100 can verify the certificate 400 of the partner 400 and the response (Response_O) of the partner (S26). Thereafter, if the verification of the other party 400 is valid, the authentication device 100 can generate a response (Response_A) of the authentication device 100 (S27). Then, the authentication apparatus 100 can generate a shared secret key with the counter party 400 (S28). After that, the authentication apparatus 100 can transmit the response_0 indicating the success of the mutual authentication protocol and the shared secret key to the counterpart party 400. [ The shared secret key may be a session key.

17 is a diagram for explaining a process of transmitting a public key and a challenge of an authentication apparatus 100 to a counter party 400 when a mutual authentication protocol of the authentication apparatus 100 according to an embodiment of the present invention is in progress.

The authentication apparatus 100 may generate a challenge (Challenge_A) in response to the authentication request of the counterpart 400. [ The challenge generation method may proceed as described in FIG. The generated challenge (Challenge_A) may be stored in the shared memory 140. In order to proceed with the mutual authentication protocol, the authentication apparatus 100 may transmit the certificate (Certificate_A) stored in the authentication controller 110 to the counterpart 400 (S24-1). The authentication apparatus 100 may transmit a challenge (Challenge_A) of the authentication apparatus 100 stored in the shared memory 140 to the other party 400 via the authentication controller 110 (S24-2).

18 is a diagram for explaining a process of receiving a public key certificate, a response, and a challenge of a counter party when a mutual authentication protocol of the authentication apparatus 100 according to an embodiment of the present invention is performed. 14 to 18, a process of receiving a public key certificate (Certificate_O), a response (Response_O), and a challenge (Challenge_O) of the other party is as follows.

The authentication apparatus 100 can receive the public key certificate (Certificate_O), response (Response_O), and challenge (Challenge_O) of the counter party 400. The certificate (Certificate_O) of the other party 400 may be stored in the shared memory 140 via the certificate handler 120 (S25-1). The certificate handler 120 may process the certificate (Certificate_O) of the counterpart stored in the shared memory 140 according to a predetermined procedure (S25-2).

In addition, the response_O and the challenge_O of the other party 400 may be stored in the shared memory 140 via the certificate controller 110 (S25-3). The authentication controller 110 may control the overall operation of the shared memory 140 for inputting a public key certificate (Certificate_O), a response (Response_O), and a challenge (Challenge_O) (S25-4).

19 is a view for explaining a process of generating a response of an authentication apparatus 100 in response to a challenge to a counterpart when a mutual authentication protocol of the authentication apparatus 100 according to an embodiment of the present invention proceeds. 14 to 19, a process of generating a response (Response_A) of the authentication apparatus 100 in response to a challenge (Challenge_O) of the other party 400 is as follows.

The authentication controller 110 may control the encryption primitives 120 and the shared memory 140 in order to generate the response_A in response to the challenge of the counterpart 400 in step S27-1. The public key accelerator 131 may repeatedly access the shared memory 140 to generate a response (Response_A) of the authentication apparatus 100 (S27-2). In addition, the hash function 132 can access the shared memory 140 repeatedly to generate the response (Response_A) of the authentication apparatus 100 (S27-3). The generated response (Response_A) may be transmitted to the other party (400) via the authentication controller (110) (S27-4).

20 is a view for explaining a process of generating a shared secret key when the mutual authentication protocol of the authentication apparatus 100 according to the embodiment of the present invention proceeds. Referring to FIGS. 14 and 20, a shared secret key generation process of the authentication apparatus 100 is as follows.

The authentication controller 110 may generate a shared secret key by repeatedly accessing the public key accelerator 131 and the shared memory 140 (S28-1). The public key accelerator 131 may repeatedly access the shared memory 140 to generate the shared secret key (S28-2).

21 is an exemplary illustration of a mobile device in accordance with an embodiment of the present invention. 21, the mobile device 1000 includes a security chip 1020, a processor (AP / ModAP 1100), a buffer memory 1200, a display / touch module 1300, and a storage device 1400.

The security chip 1020 may be implemented to provide overall security functionality of the mobile device 1000. The security chip 1020 is comprised of software and / or tamper resistant hardware that allows for a high level of security and can work in cooperation with the trusted execution environment (TEE) of the processor 1100. The security chip 1020 includes a native operating system (OS) as an operating system, a secure storage device as an internal data store, an access control block for controlling access rights to the security chip 1020, ownership management, key management, digital signature, encryption / decryption, and the like, and a firmware update block for updating the firmware of the security chip 1020. The security chip 1020 may be, for example, a universal IC card (e.g., USIM, CSIM, ISIM), a subscriber identity module (SIM) card, embedded secure elements (ESE), MicroSD, Stikers,

In addition, the security chip 1020 of the present invention may include the authentication device 100 described in FIGS. 1 to 20. In FIG. 21, the authentication device is shown to be external to the processor 1100. However, the location of the authentication device of the present invention need not be limited thereto. The authentication device of the present invention may be internal to the processor 1100.

The processor 1100 may be implemented to control the overall operation of the mobile device 1000 and the wired / wireless communication with the outside. For example, the processor 1100 may be an application processor (AP), an integrated modem application processor (ModAP), or the like.

The buffer memory 1200 may be implemented to temporarily store data necessary for the processing operation of the mobile device 1000. [ The display / touch module 1300 may be implemented to display data processed by the processor 1100 or receive data from the touch panel. The storage device 1400 may be implemented to store user data. The storage device 1400 may be an embedded multimedia card (eMMC), a solid state drive (SSD), a universal flash storage (UFS), or the like. The storage device 1400 may include at least one non-volatile memory device.

The nonvolatile memory device may be a NAND flash memory, a vertical NAND (VNAND), a NOR flash memory, a resistive random access memory (RRAM), a phase change memory (PRAM), a magnetoresistive random access memory (MRAM), a ferroelectric random access memory (FRAM), a spin transfer random access memory (STT-RAM), etc. .

The non-volatile memory device may also be implemented as a three-dimensional array structure. As an embodiment of the present invention, a three-dimensional memory array may be monolithically connected to one or more physical levels of arrays of memory cells having active areas disposed above a circuit associated with operation of a silicon substrate and memory cells. ). The circuitry associated with the operation of the memory cells may be located within or on the substrate. The term monolithical means that layers of each level in a three-dimensional array are deposited directly on the lower-level layers of the three-dimensional array.

As an embodiment in accordance with the inventive concept, a three-dimensional memory array has vertical directionality and includes vertical NAND strings in which at least one memory cell is located on the other memory cell. The at least one memory cell includes a charge trap layer. Each vertical NAND string may include at least one select transistor located over the memory cells. The at least one select transistor has the same structure as the memory cells and can be formed monolithically with the memory cells.

A three-dimensional memory array is composed of a plurality of levels and has word lines or bit lines shared between the levels. Suitable configurations for a three-dimensional memory array will be described in US 7,679,133, US 8,553,466, US 8,654,587, US 8,559,235, and US 2011/0233648, filed by Samsung Electronics and incorporated herein by reference. The nonvolatile memory device (NVM) of the present invention is applicable not only to a flash memory device in which the charge storage layer is composed of a conductive floating gate but also to a charge trap flash (CTF) in which the charge storage layer is composed of an insulating film.

A method of configuring an authentication device based on a public key cryptosystem of the present invention includes a method in which subcomponents share a resource, a method in which a storage device in a component is limited and a shared resource is utilized, a public key cryptosystem- , And a structure for processing the public key certificate by the sub-component.

The hardware structure of the authentication device based on the public key cryptosystem of the present invention proposes a hardware device for performing an authentication protocol based on a public key cryptosystem and a device for managing a public key certificate.

22 is a diagram illustrating an exemplary IoT network system according to an embodiment of the present invention. 22, the mobile device 22-1, the wearable device 22-2, or the smart glass 22-3, the sensor 22-4, and the like are similar to the authentication device 100 of the present invention .

The products to which the invention can be applied include devices that must support public key cryptosystem based authentication, such as a smartphone, a bulb / thermometer / motion detection sensor that supports the IoT environment, a printer toner, a smartphone flip cover, A driver integrated circuit (DDI), and the like. It is also applicable to all other devices that need to support public key cryptographic system based authentication in addition to the above-described devices.

While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those skilled in the art that various changes and modifications may be made therein without departing from the spirit and scope of the invention. Therefore, the scope of the present invention should not be limited to the above-described embodiments, but should be determined by the equivalents of the claims of the present invention as well as the claims of the following.

Claims (20)

An authentication device included in a device supporting network communication, comprising:
A certificate handler for receiving a certificate of the other party and analyzing or verifying the other party's certificate;
A cipher primitive for receiving a response to the authentication request of the other party, generating a random number in response to the authentication request, generating a challenge corresponding to the random number, and verifying the response of the counterpart corresponding to the challenge;
A shared memory for storing the analyzed certificate, the random number, the challenge, and the response; And
And an authentication controller for controlling the certificate handler, the encryption primitives, and the shared memory through register setting according to an authentication protocol. The method according to claim 1,
Wherein the authentication controller comprises:
Registers for storing values for proceeding with the authentication protocol; And
And a one-time programmable memory for storing the certificate of the authentication device. 3. The method of claim 2,
The registers,
A first register for indicating the start of the authentication protocol;
A second register that is set when the authentication request is received from the other party; And
And a third register for storing a result value of the authentication protocol. 3. The method of claim 2,
Wherein the certificate of the authentication device includes a public key of the authentication device and a secret key of the authentication device. The method according to claim 1,
The cryptographic primitive includes:
A public key accelerator for performing a modular operation or a point operation necessary for generating the challenge or verifying the response;
A hash function for receiving the random number and generating the challenge based on a hash algorithm; And
And a random number generator for generating the random number in response to the authentication request. 6. The method of claim 5,
Wherein the public key accelerator repeatedly accesses the shared memory via a first data line,
The hash function repeatedly accesses the shared memory via a second data line,
And the random number generator repeatedly accesses the shared memory via a third data line. The method according to claim 1,
The shared memory includes:
A first area for storing the challenge of the authentication device; A second area for storing a response of the authentication device; A third area for storing the analyzed certificate of the other party; A fourth area for storing a challenge of the other party; A fifth area for storing the response of the other party; A sixth area for storing an intermediate value in the progress of the authentication protocol; And a seventh area for storing a hash value of the hash function. 8. The method of claim 7,
Wherein at least one of the values stored in the first to seventh areas is reused in at least one of the certificate handler, the encryption primitives, and the authentication controller. 9. The method of claim 8,
Further comprising a separate data line for transmitting said at least one value to be reused. The method according to claim 1,
Wherein the authentication controller sets a read or write right for a register corresponding to an operation step of the authentication protocol differently. A first component; And
And a second component,
Wherein at least one of the first and second components comprises an authentication device,
The authentication device includes:
A certificate handler for entering, analyzing, or verifying the other party's certificate;
A cipher primitive for generating a random number, generating a challenge corresponding to the random number, verifying a response of the counterpart corresponding to the challenge, or generating a response of the authentication device corresponding to the challenge of the counterpart;
A shared memory for storing the analyzed certificate, the random number, the challenge, and the response; And
And a controller for controlling the certificate handler, the encryption primitives, and the shared memory through a register setting according to an authentication protocol when the authentication request of the counterpart or the authentication request to the counterpart is made. 12. The method of claim 11,
Wherein the authentication protocol is a single authentication protocol based on a public key cryptosystem,
Wherein the single authentication protocol comprises:
Receives the authentication request from the other party,
Generate the challenge in response to the authentication request, send the challenge to the counterpart,
Receives the certificate of the other party and the response of the other party from the other party,
And verifying the other party's certificate and the other party's response. 13. The method of claim 12,
Wherein the authentication controller receives the authentication request from the counterpart and sets a corresponding register in response to the authentication request. 13. The method of claim 12,
Wherein the cryptographic primitive further comprises a random number generator and a hash function,
Wherein the authentication controller generates the challenge by reusing the random number stored in the shared memory in the hash function to store the random number in the shared memory so as to generate the random number in the random number generator in response to the authentication request The random number generator, the hash function, and the shared memory. 13. The method of claim 12,
Wherein the certificate handler inputs and analyzes the certificate of the other party, stores the analyzed certificate in the shared memory,
Wherein the authentication controller receives the response of the other party and stores the response in the shared memory. 16. The method of claim 15,
The certificate handler verifies that the certificate stored in the shared memory is valid,
Wherein the authentication controller uses the cryptographic primitives to determine if a responder stored in the shared memory is valid when the other party's certificate is valid. 12. The method of claim 11,
Wherein the authentication protocol is a mutual authentication protocol based on a public key cryptosystem,
Wherein the single authentication protocol comprises:
Receives the authentication request from the other party,
Generating the challenge in response to the authentication request, sending the challenge and the certificate of the authentication device to the other party,
Receives the certificate of the other party, the response of the partner, and the challenge of the partner from the partner,
Verifying the other party's certificate and the other party's response,
Generate a response of the authentication device in response to the challenge of the other party,
And when the authentication operation succeeds, generating a shared secret key. 12. The method of claim 11,
Wherein the first component is a display driver chip,
Wherein the second component is a display device. 12. The method of claim 11,
The mobile device is a smartphone,
Wherein the other party is a flip cover that encloses the smartphone. An authentication method for an authentication apparatus comprising:
Receiving an authentication request from the other party;
Setting a first register indicating the authentication request to be readable and writable;
Generating a first challenge in response to the authentication request;
Setting a second register for storing the first challenge to be readable and writable;
Receiving a first certificate and a first response corresponding to the first challenge from the other party;
Setting the first certificate, a value for verifying the first certificate, information data, and registers for storing the first response to be readable and writable;
Verifying the first certificate and the first response; And
And setting registers that store intermediate values or result values of the verification to be read / write enabled.

Images