WO2022055162A1 - Dispositif électronique et procédé de commande de celui-ci - Google Patents

Dispositif électronique et procédé de commande de celui-ci Download PDF

Info

Publication number
WO2022055162A1
WO2022055162A1 PCT/KR2021/011506 KR2021011506W WO2022055162A1 WO 2022055162 A1 WO2022055162 A1 WO 2022055162A1 KR 2021011506 W KR2021011506 W KR 2021011506W WO 2022055162 A1 WO2022055162 A1 WO 2022055162A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
signature value
security level
public key
allocated
Prior art date
Application number
PCT/KR2021/011506
Other languages
English (en)
Korean (ko)
Inventor
이성규
이남권
정동화
박현철
제의진
Original Assignee
삼성전자주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 삼성전자주식회사 filed Critical 삼성전자주식회사
Publication of WO2022055162A1 publication Critical patent/WO2022055162A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the present disclosure relates to an electronic device and a method for controlling the same, and more particularly, to an electronic device for verifying a signature value of a file using a virtualization environment, and a method for controlling the same.
  • the present disclosure has been made in response to the above-mentioned necessity, and an object of the present disclosure is to provide an electronic device for verifying a signature value of a file by allocating a separate public key or security level for each virtualization space and a control method thereof.
  • an electronic device shares a resource of an operating system and a kernel on the operating system and includes a plurality of virtualization spaces to which unique public keys are allocated, respectively, and a plurality of virtualizations.
  • a processor for verifying a signature value included in a file executed in at least one virtual space among the spaces wherein the processor executes the first file in a first virtual space to which a first public key is allocated among a plurality of virtual spaces. is detected, the signature value included in the executed first file is decrypted using the first public key, and the signature value of the first file is verified by comparing the decrypted signature value with the hash value corresponding to the first file.
  • the processor decrypts the signature value included in the second file using the second public key allocated on the operating system, and the second public key
  • the signature value of the second file may be verified by comparing the signature value decrypted using the key with a hash value corresponding to the second file, and the second public key and the first public key may be different from each other.
  • the processor may stop the execution of the first file.
  • the electronic device may further include a communication unit including a circuit, the processor receives the third file from the external server through the communication unit, and the kernel performs the third file on a third virtual space corresponding to the external server among the plurality of virtual spaces.
  • the signature value included in the third file is decrypted using the third public key included in the third virtual space, and the decrypted signature value is compared with the hash value corresponding to the third file. 3 You can verify the signature value of the file.
  • a security level is allocated to each of the plurality of virtualization spaces, and when the kernel detects that the fourth file is executed in the fourth virtualization space to which the first security level is allocated among the plurality of virtualization spaces, the security level allocated to the file and By comparing the first security level, it is possible to determine whether to stop the execution of the fourth file.
  • the processor determines to stop execution of the fourth file, and the security level assigned to the fourth file is If the first security level or higher, it may be determined to execute the fourth file.
  • the processor compares the security level of the fifth file with the second security level allocated on the operating system to stop the execution of the fifth file may be determined, and the second security level may be different from the first security level.
  • the processor decrypts the signature value of the file using the third public key and whether to stop the execution of the sixth file based on the decrypted signature value and the security level assigned to the sixth file.
  • the electronic device may further include a communication unit, and the processor changes the public key allocated to the first virtual space according to a user command, and transmits the private key corresponding to the changed public key to an external server corresponding to the first virtual space You can control the communication unit to do so.
  • an electronic device including an operating system and a memory including a plurality of virtualization spaces that share resources of a kernel on the operating system and have unique public keys allocated to each.
  • the kernel detects the execution of the first file in the first virtual space to which the first public key is allocated among a plurality of virtual spaces
  • the signature value included in the first file executed using the first public key is and verifying the signature value of the first file by comparing the decrypted signature value with a hash value corresponding to the first file.
  • the control method includes the steps of, when the kernel detects that the second file is executed in a space other than the plurality of virtualized spaces, decrypting the signature value included in the second file using the second public key allocated on the operating system;
  • the method may further include verifying the signature value of the second file by comparing the decrypted signature value using the public key with a hash value corresponding to the second file, wherein the second public key and the first public key are mutually may be different.
  • the verifying may further include stopping execution of the first file when the decrypted signature value and the hash value corresponding to the first file do not match or the signature value is not included in the first file. .
  • the control method includes receiving a third file from an external server, and when the kernel detects that the third file is executed in a third virtual space corresponding to the external server among a plurality of virtual spaces, the third file included in the third virtual space
  • the method may further include decrypting the signature value included in the third file using a public key and verifying the signature value of the third file by comparing the decrypted signature value with a hash value corresponding to the third file.
  • a security level is assigned to each of the plurality of virtualization spaces, and the control method is when the kernel detects that the fourth file is executed in the fourth virtualized space to which the first security level is allocated among the plurality of virtualization spaces, the security level assigned to the file
  • the method may further include determining whether to stop the execution of the fourth file by comparing the first security level with the first security level.
  • the method may further include determining that the fourth file is executed when the security level is higher than or equal to the first security level.
  • the execution of the fifth file is performed by comparing the security level of the fifth file with the second security level allocated to the operating system. determining whether to suspend, wherein the second security level may be different from the first security level.
  • the method may further include the step of decrypting using the decryption method and determining whether to stop the execution of the sixth file based on the decrypted signature value and the security level assigned to the sixth file.
  • the control method may further include changing the public key allocated to the first virtual space according to a user command, and transmitting the private key corresponding to the changed public key to an external server corresponding to the first virtual space.
  • the electronic device can efficiently respond to system maintenance and security problems by verifying the description of the file using the virtualized space, and can make a closed system due to signature check flexible system can be improved.
  • FIG. 1 is a view for explaining a process in which an electronic device performs signature verification using a virtual space, according to an embodiment of the present disclosure
  • FIG. 2 is a view for explaining a process of an electronic device verifying a signature using a virtual space, according to an embodiment of the present disclosure
  • 3A is a block diagram schematically illustrating a configuration of an electronic device according to an embodiment of the present disclosure
  • 3B is a block diagram illustrating in detail the configuration of an electronic device according to an embodiment of the present disclosure
  • FIG. 4 is a sequence diagram illustrating an operation between an electronic device and an external server according to an embodiment of the present disclosure
  • FIG. 5 is a flowchart illustrating a method of controlling an electronic device according to an embodiment of the present disclosure.
  • expressions such as “have,” “may have,” “include,” or “may include” indicate the presence of a corresponding characteristic (eg, a numerical value, function, operation, or component such as a part). and does not exclude the presence of additional features.
  • expressions such as “A or B,” “at least one of A and/and B,” or “one or more of A or/and B” may include all possible combinations of the items listed together.
  • “A or B,” “at least one of A and B,” or “at least one of A or B” means (1) includes at least one A, (2) includes at least one B; Or (3) it may refer to all cases including both at least one A and at least one B.
  • An electronic device may be, for example, a smartphone, a tablet PC, a mobile phone, a video phone, an e-book reader, a desktop PC, a laptop PC, a netbook computer, a server, a medical device, a camera, or It may include at least one of wearable devices.
  • the electronic device is, for example, a television, digital video disk (DVD) player, audio, refrigerator, air conditioner, vacuum cleaner, oven, microwave oven, washing machine, air purifier, set top box, home automation control. It may include at least one of a panel, a security control panel, a media box (eg, Samsung HomeSyncTM, Apple TVTM, or Google TVTM), and a game console (eg, XboxTM, PlayStationTM).
  • a component eg, a first component is "coupled with/to (operatively or communicatively)" to another component (eg, a second component);
  • another component eg, a second component
  • the certain element may be directly connected to the other element or may be connected through another element (eg, a third element).
  • a component eg, a first component
  • another component eg, a second component
  • the expression “a device configured to” may mean that the device is “capable of” with other devices or parts.
  • a processor configured (or configured to perform) A, B, and C refers to a dedicated processor (eg, an embedded processor) for performing the corresponding operations, or by executing one or more software programs stored in a memory device.
  • a generic-purpose processor eg, a CPU or an application processor
  • a 'module' or 'unit' performs at least one function or operation, and may be implemented as hardware or software, or a combination of hardware and software.
  • a plurality of 'modules' or a plurality of 'units' are integrated into at least one module and implemented with at least one processor (not shown) except for 'modules' or 'units' that need to be implemented with specific hardware.
  • FIG. 1 is a diagram for explaining a process in which an electronic device 100 verifies a signature value of a file using a virtualization space, according to an embodiment of the present disclosure.
  • the electronic device 100 may include an operating system (OS) 10 that controls hardware on the electronic device 100 and provides a base environment for executing application software.
  • the operating system 10 may serve as an interface between hardware of the electronic device and application software.
  • the operating system 10 may include a process constituting the operating system and a kernel that allocates resources to programs executed under the control of the operating system.
  • the kernel may allocate resources of the electronic device by connecting and managing interactions between physical components included in the electronic device 100 and individual middleware of the operating system 10 .
  • the kernel may detect that each application or file is executed.
  • the plurality of virtualization spaces 20 - 1 and 20 - 2 refer to virtualization spaces in which resources of a kernel of the operating system 10 are shared and a separate application can be executed.
  • the virtualized space may be implemented as a container.
  • the operating system 10 virtualization technology using a container divides the inside of the operating system into a kernel space that manages physical resources and a user space that executes user processes, that is, applications (APPs, applications), and divides the user space into several parts, each It refers to a technology for allocating and sharing hardware resources used in user processes of
  • the virtualization technology using a container is an OS virtualization method that does not use a guest OS, and consumes little host resources and takes very little time to start up, so it may be suitable for application virtualization.
  • virtualization technology using containers enables independent configuration and distribution of system infrastructure (existing physical servers (bare metal), virtual machines (virtual machines), etc.) by virtualizing at the OS level.
  • the first virtualization space 20-1 and the second virtualization space 20-2 share the resources of the kernel on the operating system 10, but are for executing separate applications and each application. It may include a library (library), middleware (middleware), and the like. Meanwhile, although FIG. 1 shows that the operating system 10 is virtualized with two virtualization spaces, this is only an example and may be virtualized into a variety of virtualization spaces.
  • a public key or a secure level used for decrypting a signature value may be allocated to each of the virtualization spaces 20 - 1 and 20 - 2 .
  • a public key is a key used for file encryption in a public key encryption method (or an asymmetric key encryption method), and has an inverse relationship with a private key in a function used in encryption. An embodiment related to the security level will be described in detail with reference to FIG. 2 .
  • a public key A may be allocated on the operating system 10, and public keys B and C different from the public key A may be allocated on the first virtual space 20-1 and the second virtual space, respectively. there is.
  • the electronic device 100 When the kernel detects execution of the first file in the first virtual space 20-1, the electronic device 100 writes the first file to the first file using the first public key allocated to the first virtual space 20-1.
  • the included signature value may be decrypted, and the signature value of the first file may be verified by comparing the decrypted signature value with a hash value corresponding to the first file.
  • the hash value corresponding to the first file means a hash value extracted from the first file.
  • the first file 30-1 includes a signature value obtained by encrypting the hash value with the private key A.
  • the signature value may be included at the end of the first file 30 - 1 , but this is only an example and may be included in the front part or the middle part.
  • the electronic device 100 When the kernel detects that the first file 30-1 is executed in the first virtual space 20-1, the electronic device 100 discloses the signature value included in the first file 30-1 to B. After decryption with the key, the signature value of the first file 30-1 may be verified by comparing the decrypted signature value with a hash value corresponding to the first file 30-1.
  • the electronic device 100 may identify that an incorrect signature value is included in the first file 30 - 1 and block execution of the first file 30 - 1 .
  • the hash value includes a signature value obtained by encryption with the private key B in the first file 30 - 2 .
  • the electronic device 100 sets the signature value included in the first file 30-2 as B.
  • the signature value of the first file 30 - 2 may be verified by comparing the decrypted signature value with a hash value corresponding to the first file 30 - 2 .
  • the electronic device 100 identifies that the first file 30-2 includes a signature value encrypted with the private key corresponding to the public key allocated to the first virtual space 20-1, and the first Execution of file 30-1 may be maintained.
  • the electronic device 100 when the kernel detects that a file is being executed in the second virtual space 20 - 2 , the electronic device 100 performs execution using the C public key allocated to the second virtual space 20 - 2 . You can verify the signature value of the detected file.
  • the second file 40-1 does not include a signature value.
  • the signature value cannot be decrypted using the C public key.
  • the electronic device 100 may block execution of the second file 40 - 1 that does not include a signature value.
  • a signature value obtained by encrypting a hash value with a C private key is included in the second file 40-2.
  • the electronic device 100 discloses the signature value included in the second file 40-2 to C.
  • the signature value of the second file 40-2 may be verified by comparing the decrypted signature value with a hash value corresponding to the second file 40-2.
  • the electronic device 100 identifies that the second file 40-2 includes a signature value encrypted with the private key corresponding to the public key allocated to the second virtual space 20-2, and the second Execution of file 40-2 may be maintained.
  • the electronic device 100 uses the second public key allocated to the operating system 10 . can be used to decrypt the signature value included in the second file.
  • the electronic device 100 may verify the signature value of the second file by comparing the decrypted signature value using the second public key with the hash value corresponding to the second file.
  • the hash value corresponding to the second file means a hash value extracted from the second file.
  • the A public key may be assigned to the operating system 10 .
  • the kernel detects that a file (50-2) that does not contain a signature value or a file (50-3) containing a signature value obtained by encrypting the hash with the private key B is executed in a space other than the virtualized space
  • the electronic The device 100 may identify that the signature of each of the files 50 - 2 and 50 - 3 is not intact through the verification process. Accordingly, the electronic device 100 may stop the execution of each of the files 50 - 2 and 50 - 3 .
  • the electronic The device 100 may decrypt the signature value of the file 50 - 1 with the public key A to perform verification on the signature value. Since the signature value decrypted using the public key A matches the hash value of the file 50 - 1 , the electronic device 100 may maintain the execution of the file 50 - 1 .
  • FIG. 2 is a diagram for explaining a process in which the electronic device 100 performs signature verification using a virtual space to which a security level is assigned, according to an embodiment of the present disclosure.
  • a security level may be assigned to each of the plurality of virtualization spaces 20 - 1 and 20 - 2 sharing kernel resources on the operating system 10 .
  • the security level quantifies or categorizes the degree of trust in a specific file based on at least one of the importance of the file, the area in which the file is executed, or the degree of impact to be generated according to the execution of the file. The higher the security level of a file, the more trustworthy it is.
  • security level 7 is allocated to the operating system 10 , and security level 5 and security level 5 and Security level 3 may be assigned. Since the operating system 10 has a greater effect on the entire process of the electronic device 100 than the other virtualized spaces 20-1 and 20-2, it is higher than the security level assigned to the other virtualized spaces 20-1 and 20-2. A higher security level may be assigned.
  • the security level is assigned to the signature value of each file in FIG. 2 , this is only an example.
  • the security level may be assigned to the front part or the back part of the file, and may be assigned to a location separate from the signature value.
  • the electronic device 100 When the kernel detects that the file is executed on the first virtual space 20-1 to which the security level 5 is allocated, the electronic device 100 performs the security level assigned to the file and the first virtual space 20-1 on the first virtual space 20-1. By comparing the security level assigned to
  • the electronic device 100 when the kernel detects that the file 60 - 1 to which the security level 3 is allocated is executed in the first virtual space 20 - 1 , the electronic device 100 is configured in the first virtual space 20 - 1 It is possible to determine whether to stop the execution of the file by comparing the security level assigned to the file 60 - 1 with the allocation level of the file 60 - 1 . Since the security level (security level 3) of the file 60-1 is lower than the security level (security level 5) allocated to the first virtual space 20-1, the electronic device 100 transmits the file 60-1 can stop running.
  • the electronic device 100 when the kernel detects that the file 60 - 2 to which the sixth security level is assigned is executed in the first virtual space 20 - 1 , the electronic device 100 is configured in the first virtual space 20 - 1 ) may be compared with the assigned level of the file 60 - 2 to determine whether to stop the execution of the file. Since the security level (security level 6) of the file 60-2 is higher than the security level (security level 5) allocated to the first virtual space 20-1, the electronic device 100 transmits the file 60-2. can keep running.
  • the electronic device 100 sets the security level allocated to the file and the second virtualization space. By comparing the security level allocated on the space 20-2, it is possible to determine whether to stop the execution of the file.
  • the electronic device 100 sets the security level to the file 70-1. It can identify this unassigned and abort the execution of file 70-1.
  • the electronic device 100 allocates the file 70 - 2 It is possible to determine whether to stop the execution of the file by comparing the security level 3, which is the security level, and the security level allocated to the second virtual space 20 - 2 . Since the security level allocated to the file 70-2 and the security level allocated to the second virtual space 20-2 are the same as security level 3, the electronic device 100 prevents the execution of the file 70-2. can keep
  • the electronic device 100 sets the security level allocated to the operating system 10 and the file allocated to the operating system 10 . You can compare the security levels to decide whether to keep the file running.
  • the electronic device 100 displays the file ( 80-1) can be stopped.
  • the electronic device 100 displays the file 80 - 2 , 80-3) can be maintained.
  • FIG. 3A is a block diagram schematically illustrating a configuration of an electronic device 100 according to an embodiment of the present disclosure.
  • the electronic device 100 may include a memory 110 and a processor 120 .
  • the configuration illustrated in FIG. 3A is an exemplary diagram for implementing embodiments of the present disclosure, and appropriate hardware and software configurations at a level obvious to those skilled in the art may be additionally included in the electronic device 100 .
  • the memory 110 may store instructions and programs related to at least one other component of the electronic device 100 .
  • An instruction means one action statement for the processor 120 in a programming language.
  • the program includes not only an application program for providing a specific service, but also an operating system for driving the application program.
  • the memory 110 may be implemented as a non-volatile memory, a volatile memory, a flash-memory, a hard disk drive (HDD), or a solid state drive (SSD).
  • the memory 110 is accessed by the processor 120 , and reading/writing/modification/deletion/update of data by the processor 120 may be performed.
  • memory refers to a memory 110, a ROM (not shown) in the processor 120, a RAM (not shown), or a memory card (not shown) mounted in the electronic device 100 (eg, micro SD). card, memory stick).
  • the memory 110 may include a plurality of virtualization spaces that share resources of the kernel on the operating system and include separate applications and libraries and middleware for executing applications.
  • the virtualized space may be implemented as a container. At least one of a public key or a virtualization space may be allocated to each of the plurality of virtualization spaces.
  • the processor 120 may be electrically connected to the memory 110 to control overall operations and functions of the electronic device 100 .
  • the processor 120 may verify a signature value included in a file executed in at least one virtualization space among a plurality of virtualization spaces.
  • the processor 120 stores the first file executed using the first public key.
  • the included signature value can be decrypted.
  • the processor 120 may verify the signature value of the first file by comparing the decrypted signature value with a hash value corresponding to the first file.
  • the processor 120 may extract a hash value of the first file to obtain a hash value corresponding to the first file.
  • the time point at which the hash value corresponding to the first file is acquired may be when execution of the first file is detected, but is not limited thereto.
  • the processor 120 may acquire a hash value corresponding to the first file while decrypting the signature value included in the first file regardless of an order or a time point.
  • the processor 120 may stop the execution of the first file. That is, when the integrity of the signature value of the first file is not verified, the electronic device 100 may stop the execution of the first file.
  • the processor 120 may identify the integrity of the first file and maintain the execution of the first file.
  • the processor 120 decrypts the signature value included in the second file by using the second public key allocated to the operating system. and a signature value decrypted using the second public key and a hash value corresponding to the second file may be compared to verify the signature value of the second file.
  • the processor 120 decrypts the signature value of the file using the public key allocated to the specific virtualized space, and when the file is executed in a space other than the specific virtualized space, the processor 120 ) can decrypt the signature value of the file using the public key assigned to the operating system.
  • the public key allocated to the operating system and the virtualization space may be different.
  • the processor 120 sets the security level allocated to the fourth file and the first security level. By comparing, it is possible to determine whether to stop the execution of the fourth file. That is, the processor 120 may determine whether to stop the execution of the file by comparing the security level allocated to the virtualization space and the security level on the file whose execution is detected.
  • the processor 120 may determine to stop the execution of the fourth file.
  • the processor 120 may determine to maintain the execution of the fourth file.
  • the processor 120 compares the security level of the fifth file with the second security level allocated on the operating system to execute the fifth file. You can decide whether to stop or not.
  • the second security level allocated on the operating system may be different from the security level allocated on another virtualization space.
  • the security level allocated on the operating system may be higher than the security level allocated on another virtualization space, but is not limited thereto, and may be equal to or less than the security level.
  • both a security level and a public key may be allocated on each operating system and virtualization space.
  • the processor 120 determines whether the file is executed based on the security level and signature value of the executed file and the security level and public key allocated on the executed space. You can decide whether to stop execution or not.
  • the processor 120 For example, if the kernel detects the execution of the sixth file in the sixth virtual space to which the first security level is allocated and the third public key is allocated among the plurality of virtualization spaces, the processor 120 generates the signature value of the file. 3 It can be decrypted using the public key. In addition, the processor 120 may determine whether to stop the execution of the sixth file based on the decrypted signature value and the security level assigned to the sixth file.
  • the processor 120 compares the hash value corresponding to the sixth file with the decrypted signature value, and compares the first security level with the security level assigned to the sixth file to determine whether to stop the execution of the sixth file. can decide whether When the hash value corresponding to the sixth file and the decrypted signature value are different or the security level assigned to the sixth file is smaller than the first security level, the processor 120 may stop the execution of the sixth file.
  • the processor 120 may receive the third file from the external server through the communication unit 130 .
  • the description of the communication unit 130 will be described in a later part.
  • the third file may be a file set to be executed in one of a plurality of virtualization spaces.
  • the processor 120 uses the third public key included in the third virtual space to perform a third The signature value included in the file can be decrypted. Then, the processor 120 may verify the signature value of the third file by comparing the decrypted signature value with the hash value corresponding to the third file. When the decrypted signature value and the hash value corresponding to the third file match, the processor 120 may maintain the execution of the third file. When the decrypted signature value and the hash value corresponding to the third file do not match or the third file does not include the signature value, the processor 120 may maintain the execution of the third file.
  • the processor 120 may change the public key allocated to the plurality of virtualization spaces according to a user command. For example, when the private key corresponding to the public key allocated to the first virtual space is leaked, the processor 120 may receive a user command to change the public key allocated to the first virtual space.
  • the processor 120 controls the communication unit 130 to change the public key allocated to the first virtual space based on a user command, and to transmit the private key corresponding to the changed public key to an external server corresponding to the first virtual space. can do.
  • the external server corresponding to the first virtual space means a server that creates, signs, and transmits a file that can be executed in the first virtual space to the electronic device 100 .
  • the processor 120 may change the security level allocated to the plurality of virtualization spaces according to a user command. For example, the processor 120 may receive a user command to increase the security level allocated to the first virtual space in order to increase the reliability of the file executed on the first virtual space. The processor 120 may increase the security level allocated to the first virtual space based on the input user command.
  • the processor 120 includes a central processing unit (CPU), a micro controller unit (MCU), a micro processing unit (MPU), a controller, and an application processor (AP) for processing a digital signal. )), a communication processor (CP), and one or more of an ARM processor, or may be defined by a corresponding term.
  • the processor 120 may be implemented as a system on chip (SoC), large scale integration (LSI), or a field programmable gate array (FPGA) having a built-in processing algorithm.
  • SoC system on chip
  • LSI large scale integration
  • FPGA field programmable gate array
  • the processor 120 may perform various functions by executing computer executable instructions stored in the memory 110 .
  • the electronic device 100 may include a memory 110 , a processor 120 , a communication unit 130 , a display 140 , a speaker 150 , and an input unit 160 . Since the memory 110 and the processor 120 have been described in detail with reference to FIG. 3A , redundant descriptions will be omitted.
  • the communication unit 130 may be implemented as a separate hardware device including a circuit.
  • the communication unit 130 may communicate with an external device (eg, another type of electronic device or an external server).
  • the communication connection of the communication unit 130 with the external device may include communication through a third device (eg, a repeater, a hub, an access point, a server, or a gateway, etc.).
  • the communication unit 130 may include various communication modules to communicate with an external device.
  • the communication unit 140 may include a wireless communication module, for example, LTE, LTE Advance (LTE-A), 5G ( 5th Generation), CDMA (code division multiple access), WCDMA (wideband CDMA) ), a universal mobile telecommunications system (UMTS), wireless broadband (WiBro), and a cellular communication module using at least one of Global System for Mobile Communications (GSM).
  • LTE LTE Advance
  • 5G 5th Generation
  • CDMA code division multiple access
  • WCDMA wideband CDMA
  • UMTS universal mobile telecommunications system
  • WiBro wireless broadband
  • GSM Global System for Mobile Communications
  • the wireless communication module may include, for example, at least one of wireless fidelity (WiFi), Bluetooth, Bluetooth low energy (BLE), Zigbee, and radio frequency (RF).
  • WiFi wireless fidelity
  • BLE Bluetooth low energy
  • RF radio frequency
  • the communication unit 130 may receive a file from an external server.
  • the external server may be a server that encrypts a hash value of a file based on a private key corresponding to a public key allocated to one of the virtual spaces of the electronic device 100 . An embodiment related thereto will be described in detail with reference to FIG. 4 .
  • the communication unit 130 may transmit the private key corresponding to the public key changed by the user command to the external server.
  • the display 140 may display various information under the control of the processor 120 .
  • the display 140 displays a message indicating that the execution of the file is stopped Alternatively, an indicator indicating this may be displayed.
  • the display 150 may be implemented as a touch screen together with a touch panel or as a flexible display.
  • the speaker 150 is configured to output not only various audio data on which various processing tasks such as decoding, amplification, and noise filtering have been performed by the audio processing unit, but also various notification sounds or voice messages.
  • the speaker 150 may output, under the control of the processor 120 , a notification sound or a voice message indicating that execution of the file is stopped based on a security level or a signature value included in the file being executed.
  • a configuration for outputting audio may be implemented as a speaker, but this is only an exemplary embodiment and may be implemented as an output terminal capable of outputting audio data.
  • the input unit 160 may receive a user input for controlling the electronic device 100 .
  • the input unit 170 may include a touch panel for receiving a user touch input using a user's hand or a stylus pen, a button for receiving a user manipulation, and the like.
  • the input unit 160 may be implemented as another input device (eg, a keyboard, a mouse, a motion input unit, etc.).
  • the input unit 160 may receive a public key allocated to one of a plurality of virtualization spaces or a user command for changing a security level.
  • the processor 120 may change a public key or a security level allocated to one of a plurality of virtualization spaces based on a user command input to the input unit 160 .
  • FIG. 4 is a flowchart illustrating an operation between the electronic device 100 and the external server 200 according to an embodiment of the present disclosure.
  • the external server 200 may create a file and perform a digital signature operation on the file (S410).
  • the file generated by the external server 200 may be a file to be executed in a specific virtualization space of the electronic device 100 .
  • the external server 200 may add a signature value obtained by encrypting the hash value of the generated file with a private key to a portion of the file.
  • the external server 200 may transmit the generated file including the signature value to the electronic device 100 (S420).
  • the electronic device 100 may detect execution of a file in a virtual space corresponding to the external server 200 among a plurality of virtual spaces ( S430 ). For example, at least one of a plurality of virtualization spaces on the electronic device 100 may be set to execute a file generated by the external server 200 . That is, the external server 200 may obtain a signature value by encrypting a hash value of a file generated with a private key corresponding to a public key allocated on at least one set virtual space.
  • the electronic device 100 decrypts the signature value included in the file using the public key allocated to the virtual space corresponding to the external server 200 . It can be done (S440).
  • the electronic device 100 may verify the signature value of the file by comparing the decrypted signature value with a hash value corresponding to the file received from the external server 200 (S450).
  • the hash value corresponding to the file received from the external server 200 means a hash value extracted from the file.
  • the electronic device 100 may determine whether to stop the execution of the file according to the verification result of the signature value (S460). When the decrypted signature value and the hash value corresponding to the file are the same, the electronic device 100 may identify the integrity of the signature value and maintain the execution of the file. When the decrypted signature value is different from the hash value corresponding to the file, the electronic device 100 may stop the execution of the file.
  • the electronic device 100 may change the public key allocated to the virtual space corresponding to the external server 200 according to a user command (S470). For example, when the private key corresponding to the public key allocated to the virtualization space is leaked, the electronic device 100 may receive a user command to change the public key. The electronic device 100 may transmit the private key corresponding to the changed public key to the external server 200 (S480).
  • the external server 200 may generate a file to be transmitted to the electronic device 100 and perform a digital signature operation on the generated file using the received private key (S490). Specifically, the external server 200 may obtain a signature value by encrypting a hash value of a newly generated file using the received changed private key, and may transmit the file including the signature value to the electronic device 100 .
  • FIG. 5 is a flowchart illustrating a method of controlling the electronic device 100 according to an embodiment of the present disclosure.
  • the electronic device 100 uses the first public key to generate a signature included in the executed first file
  • the value may be decoded (S510).
  • the electronic device 100 may verify the signature value of the first file by comparing the decrypted signature value with a hash value corresponding to the first file ( S520 ).
  • the hash value corresponding to the first file means a hash value extracted through the first file.
  • the electronic device 100 may identify the integrity of the signature value and maintain execution of the file.
  • the electronic device 100 may stop the execution of the file.
  • Various embodiments of the present disclosure may be implemented as software including instructions stored in a machine-readable storage medium readable by a machine (eg, a computer).
  • a device that is called and can operate according to the called command it may include an electronic device (eg, the electronic device 100) according to the disclosed embodiments.
  • the processor When the command is executed by the processor, the processor directly Alternatively, a function corresponding to the instruction may be performed using other components under the control of the processor.
  • the instruction may include code generated or executed by a compiler or an interpreter.
  • a 'non-transitory storage medium' may include a buffer in which data is temporarily stored.
  • the method according to various embodiments disclosed in this document may be included and provided in a computer program product.
  • Computer program products may be traded between sellers and buyers as commodities.
  • the computer program product may be distributed in the form of a machine-readable storage medium (eg, compact disc read only memory (CD-ROM)) or online through an application store (eg, Play StoreTM).
  • an application store eg, Play StoreTM
  • at least a portion of the computer program product is at least temporarily stored in a storage medium such as a memory of a server of a manufacturer, a server of an application store, or a relay server, or is temporarily stored can be created with
  • Each of the components may be composed of a singular or a plurality of entities, and some sub-components of the aforementioned sub-components may be omitted, or other sub-components may be It may be further included in various embodiments.
  • some components eg, a module or a program
  • operations performed by a module, program, or other component are executed sequentially, parallel, iteratively, or heuristically, or at least some operations are executed in a different order, are omitted, or other operations are added.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)

Abstract

La présente invention concerne un dispositif électronique et un procédé de commande de celui-ci. Un dispositif électronique de la présente invention peut comprendre : un système d'exploitation ; une mémoire comprenant une pluralité d'espaces de virtualisation qui partagent une ressource d'un noyau sur le système d'exploitation et dont chacun est attribué à une clé publique unique ; et un processeur pour vérifier une valeur de signature incluse dans un fichier exécuté dans au moins un espace de virtualisation parmi la pluralité d'espaces de virtualisation, lorsque le noyau détecte l'exécution d'un premier fichier dans un premier espace de virtualisation auquel une première clé publique est attribuée parmi la pluralité d'espaces de virtualisation, le processeur décode une valeur de signature incluse dans le premier fichier exécuté à l'aide de la première clé publique, et compare la valeur de signature décodée avec une valeur de hachage correspondant au premier fichier pour vérifier la valeur de signature du premier fichier.
PCT/KR2021/011506 2020-09-11 2021-08-27 Dispositif électronique et procédé de commande de celui-ci WO2022055162A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2020-0116907 2020-09-11
KR1020200116907A KR20220034483A (ko) 2020-09-11 2020-09-11 전자 장치 및 이의 제어 방법

Publications (1)

Publication Number Publication Date
WO2022055162A1 true WO2022055162A1 (fr) 2022-03-17

Family

ID=80632266

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2021/011506 WO2022055162A1 (fr) 2020-09-11 2021-08-27 Dispositif électronique et procédé de commande de celui-ci

Country Status (2)

Country Link
KR (1) KR20220034483A (fr)
WO (1) WO2022055162A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120011502A1 (en) * 2010-07-12 2012-01-12 International Business Machines Corporation Managing unique electronic identification for kernel extensions in isolated virtual space
US20140325644A1 (en) * 2013-04-29 2014-10-30 Sri International Operating system-independent integrity verification
US20180109387A1 (en) * 2016-10-18 2018-04-19 Red Hat, Inc. Continued verification and monitor of application code in containerized execution environment
KR101876297B1 (ko) * 2012-03-16 2018-07-10 삼성전자주식회사 전자 서명 검증 장치 및 방법
US20190319941A1 (en) * 2016-03-30 2019-10-17 Airwatch Llc Associating user accounts with enterprise workspaces

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120011502A1 (en) * 2010-07-12 2012-01-12 International Business Machines Corporation Managing unique electronic identification for kernel extensions in isolated virtual space
KR101876297B1 (ko) * 2012-03-16 2018-07-10 삼성전자주식회사 전자 서명 검증 장치 및 방법
US20140325644A1 (en) * 2013-04-29 2014-10-30 Sri International Operating system-independent integrity verification
US20190319941A1 (en) * 2016-03-30 2019-10-17 Airwatch Llc Associating user accounts with enterprise workspaces
US20180109387A1 (en) * 2016-10-18 2018-04-19 Red Hat, Inc. Continued verification and monitor of application code in containerized execution environment

Also Published As

Publication number Publication date
KR20220034483A (ko) 2022-03-18

Similar Documents

Publication Publication Date Title
CN110178136B (zh) 现场可编程门阵列程序的签名验证的方法和设备
US10078599B2 (en) Application access control method and electronic apparatus implementing the same
US9432195B2 (en) Method of operating data security and electronic device supporting the same
TWI585612B (zh) 管理具有隔離元件的現場可程式設計閘陣列的使用
US10146942B2 (en) Method to protect BIOS NVRAM from malicious code injection by encrypting NVRAM variables and system therefor
US11039486B2 (en) System, method and computer program product for secure bluetooth cryptography in a virtual mobile device platform
US10372628B2 (en) Cross-domain security in cryptographically partitioned cloud
JP2016517241A (ja) ストレージデバイスによって支援されるインライン暗号化および暗号化解除
JP2011048661A (ja) 仮想サーバ暗号化システム
WO2017122980A1 (fr) Dispositif électronique et procédé d'authentification d'informations d'identification associé
WO2016148491A1 (fr) Procédé et appareil pour protéger une application
JP2017511554A (ja) マルチオペレーティングシステム装置に対するアクセス分離
US11086986B2 (en) Processing control apparatus, processing control method, and non-transitory recoding medium
TW201942784A (zh) 資料加密、解密方法及裝置
TW201939337A (zh) 行為識別、數據處理方法及裝置
EP3066604B1 (fr) Commande d'accessibilité de données
KR102180529B1 (ko) 어플리케이션 접근 제어 방법 및 이를 구현하는 전자 장치
WO2021080123A1 (fr) Dispositif électronique et son procédé de commande
WO2016200058A1 (fr) Dispositif, procédé et programme informatique de fusion binaire
CN104115413A (zh) 用于在支持安全执行环境的便携式终端中输出内容的方法和设备
WO2021006574A1 (fr) Procédé et appareil de gestion d'application
WO2022055162A1 (fr) Dispositif électronique et procédé de commande de celui-ci
US8332658B2 (en) Computer system, management terminal, storage system and encryption management method
KR102368208B1 (ko) 보안 기능을 지원하는 파일 시스템 및 공통적 파일 액세스 인터페이스에 기초한 파일 유출 방지
TW201942788A (zh) 應用程式資訊的儲存、處理方法及裝置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21867028

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21867028

Country of ref document: EP

Kind code of ref document: A1