Method and electronic device for managing digital keys

What is claimed is: 1. A method, performed by an electronic device, of managing keys for accessing a plurality of services, the method comprising: transmitting, by a secure domain (SD) in a secure area of the electronic device, a certificate of the SD to a plurality of service providers (SPs); receiving, by an application installed in the electronic device, a certificate of each of the plurality of SPs from the plurality of SPs; receiving, by the application, first signed data from a first SP among the plurality of SPs; authenticating, by the application, the first signed data by using a certificate of the first SP received from the first SP and obtaining an encrypted key of the first SP from the first signed data; decrypting, by the SD, the encrypted key of the first SP by using a private key of the SD; and storing the decrypted key of the first SP in a first instance corresponding to the first SP among a plurality of instances of the SD. 2. The method of claim 1 , further comprising generating, by the application, the plurality of instances of the SD corresponding to the plurality of SPs. 3. The method of claim 2 , wherein generating the plurality of instances comprises: installing, by the application, the SD in the secure area, based on information received from a secure area issuer; and generating the plurality of instances by instantiating the SD. 4. The method of claim 1 , wherein the certificate of the SD comprises a public key of the SD, wherein the certificate of each of the plurality of SPs comprises a public key of each of the plurality of SPs, and wherein the key of the first SP is a symmetric key for the first SP to use to provide an access service through a secure channel. 5. The method of claim 1 , wherein the first signed data received from the first SP comprises: the key of the first SP encrypted using a public key of the SD; and a signature using a private key of the first SP. 6. The method of claim 1 , wherein obtaining the encrypted key of the first SP from the first signed data comprises authenticating the first signed data by using a public key of the first SP. 7. The method of claim 1 , further comprising: receiving, by the application, second signed data from a second SP among the plurality of SPs; authenticating, by the application, the second signed data by using a certificate of the second SP received from the second SP and obtaining an encrypted key of the second SP from the second signed data; decrypting, by the SD, the encrypted key of the second SP by using the private key of the SD; and storing the decrypted key of the second SP in a second instance corresponding to the second SP among the plurality of instances of the SD. 8. The method of claim 1 , further comprising: performing mutual authentication between a first device providing an access service related to the first SP and the first instance by using the key of the first SP stored in the first instance, and setting up a secure channel; generating, by the first instance, a session key by using the key of the first SP, and transmitting the session key to the first device through the secure channel; generating an ultra-wide band (UWB) session key by using the session key; and performing ranging by transmitting or receiving a ranging frame including a scrambled timestamp sequence (STS) code generated using the UWB session key. 9. The method of claim 8 , wherein setting up the secure channel comprises setting up the secure channel by using a Bluetooth communication method, and wherein performing the ranging comprises transmitting or receiving the ranging frame by using a UWB communication method. 10. The method of claim 1 , further comprising: performing mutual authentication between a first device providing an access service related to the first SP and the first instance by using the key of the first SP stored in the first instance, and setting up a secure channel; generating, by the first instance, a session key by using the key of the first SP, and transmitting the session key to the first device through the secure channel; receiving an ultra-wide band (UWB) session key through the secure channel; and performing ranging by transmitting or receiving a ranging frame including a scrambled timestamp sequence (STS) code generated using the UWB session key. 11. An electronic device comprising: a secure area configured to store keys for the electronic device to access a plurality of services; and a processor connected to the secure area, wherein a secure domain installed in the secure area is configured to transmit a certificate of the secure domain to a plurality of service providers (SPs), wherein the processor is configured to control an application installed in the electronic device to: receive a certificate of each of the plurality of SPs from the plurality of SPs; receive first signed data from a first SP among the plurality of SPs; and authenticate the first signed data by using a certificate of the first SP received from the first SP and obtain an encrypted key of the first SP from the first signed data, and wherein the secure domain installed in the secure area is further configured to: decrypt the encrypted key of the first SP by using a private key of the secure domain, and store the decrypted key of the first SP in a first instance corresponding to the first SP among a plurality of instances of the secure domain. 12. The electronic device of claim 11 , wherein the processor is further configured to control the application to generate the plurality of instances of the secure domain corresponding to the plurality of SPs. 13. The electronic device of claim 12 , wherein the processor is further configured to control the application to: install the secure domain in the secure area, based on information received from a secure area issuer, and generate the plurality of instances by instantiating the secure domain. 14. The electronic device of claim 11 , wherein the certificate of the secure domain comprises a public key of the secure domain, wherein the certificate of each of the plurality of SPs comprises a public key of each of the plurality of SPs, and wherein the key of the first SP is a symmetric key for the first SP to use to provide an access service through a secure channel. 15. The electronic device of claim 11 , wherein the first signed data received from the first SP comprises the key of the first SP encrypted using a public key of the secure domain and a signature using a private key of the first SP. 16. The electronic device of claim 11 , wherein the processor is further configured to control the application to authenticate the first signed data by using a public key of the first SP to obtain the encrypted key of the first SP from the first signed data. 17. The electronic device of claim 11 , wherein the processor is further configured to control the application to: receive second signed data from a second SP among the plurality of SPs, authenticate the second signed data by using a certificate of the second SP received from the second SP, and obtain an encrypted key of the second SP from the second signed data, and wherein the secure domain installed in the secure area is further configured to: decrypt the encrypted key of the second SP by using the private key of the secure domain, and store the decrypted key of the second SP in a second instance corresponding to the second SP among the plurality of instances of the secure domain. 18. The electronic device of claim 11 , wherein the fir