Secure element for processing and authenticating digital key and operation method therefor

The invention claimed is: 1. A secure element (SE) for running a digital key application to process a digital key, the SE comprising: a memory for storing programs and a plurality of instance certificate authorities (CAs) corresponding to the digital key application, wherein each of the plurality of instance CAs includes a key pair for a service provider and is used for a different service provider; and at least one processor for executing the programs stored in the memory, wherein the at least one processor is configured to: receive a digital key processing request related to an external entity from a service framework, wherein the external entity is a target device or a server related to the service provider, determine whether a digital key service is providable to the external entity, process the digital key based on digital key processing information, upon determining that the digital key service is providable to the external entity, generate a digital key processing certificate based on authentication information, and provide the digital key processing certificate to the service framework. 2. The SE of claim 1 , wherein processing the digital key comprises at least one of generating or managing the digital key. 3. The SE of claim 1 , wherein the at least one processor is further configured to determine whether the digital key service is providable to the external entity, based on at least one of: whether an instance CA corresponding to the service provider for the external entity is stored in the SE, whether a key pair for a certificate including a public key and a private key of the service provider is stored in the SE, whether identification information of the digital key is stored in the SE, whether identification information of the target device is stored in the SE, whether certification information of the service provider is valid, or whether the target device is a valid target device. 4. The SE of claim 1 , wherein the digital key processing information includes at least one of identification information of the target device, a valid time, or identification information of the digital key, and wherein an instance CA corresponding to the service provider comprises a key pair for a certificate including a public key and a private key of the service provider. 5. The SE of claim 1 , wherein the service framework is configured to provide the digital key processing certificate to at least one of the external entity or an entity other than the external entity. 6. The SE of claim 1 , wherein, when a request to integrally process digital keys of the service provider stored in the memory is received, the at least one processor is further configured to: determine whether integral processing is enabled, integrally process the digital keys of the service provider stored in the memory upon determining that integral processing is enabled, issue an integral processing certificate, and transmit the integral processing certificate to the service provider. 7. The SE of claim 1 , wherein the at least one processor is further configured to: receive a digital key authentication request from the target device, determine whether a registered digital key is present in the target device, and perform an authentication procedure based on an authentication request type upon determining that the registered digital key is present in the target device. 8. The SE of claim 7 , wherein, in case that the digital key authentication request received from the target device is a one-way authentication request, the at least one processor is further configured to: determine whether one-way authentication is performable, and perform one-way authentication upon determining that one-way authentication is performable. 9. The SE of claim 7 , wherein the authentication request type includes at least one of a type for standard transaction, or a type for fast transaction. 10. The SE of claim 7 , wherein the at least one processor is further configured to: determine whether user authentication is performed, and in case that the user authentication is not performed, terminate the authentication procedure. 11. A method, performed by a secure element (SE), for running a digital key application to process a digital key, the method comprising: receiving a digital key processing request related to an external entity from a service framework, wherein the external entity is a target device or a server related to a service provider; determining whether a digital key service is providable to the external entity, wherein the SE includes a plurality of instance certificate authorities (CAs) corresponding to the digital key application, and wherein each of the plurality of instance CAs includes a key pair for the service provider and is used for a different service provider; processing the digital key based on digital key processing information, upon determining that the digital key service is providable to the external entity; generating a digital key processing certificate based on authentication information; and providing the digital key processing certificate to the service framework. 12. The method of claim 11 , wherein processing the digital key comprises at least one of generating or managing the digital key. 13. The method of claim 11 , wherein determining whether the digital key service is providable to the external entity comprises: determining at least one of whether an instance CA corresponding to the service provider for the external entity is stored in the SE, whether a key pair for a certificate including a public key and a private key of the service provider is stored in the SE, whether identification information of the digital key is stored in the SE, whether identification information of the target device is stored in the SE, whether certification information of the service provider is valid, or whether the target device is a valid target device. 14. The method of claim 11 , wherein the digital key processing information includes at least one of identification information of the target device, a valid time, or identification information of the digital key, and wherein an instance CA corresponding to the service provider comprises a key pair for a certificate including a public key and a private key of the service provider. 15. The method of claim 11 , wherein the service framework is configured to provide the digital key processing certificate to at least one of the external entity or an entity other than the external entity. 16. The method of claim 11 , wherein, when a request to integrally process digital keys of the service provider stored in a memory of the SE is received, the method further comprises: determining whether integral processing is enabled; integrally processing the digital keys of the service provider upon determining that integral processing is enabled; issuing an integral processing certificate; and transmitting the integral processing certificate to the service provider. 17. The method of claim 11 , further comprising: receiving a digital key authentication request from the target device, determining whether a registered digital key is present in the target device, and performing an authentication procedure based on an authentication request type upon determining that the registered digital key is present in the target device. 18. The method of claim 17 , wherein the authentication request type includes at least one of a type for standard transaction, or a type for fast transaction. 19. The method of