Search

US-20260127294-A1 - Data Protection Method and Data Protection Device

US20260127294A1US 20260127294 A1US20260127294 A1US 20260127294A1US-20260127294-A1

Abstract

A data protection method and a data protection device are provided according to the disclosure. The method includes: obtaining original data; generating, by a secret key generator, secret key information according to a plurality of parameters, wherein the secret key generator is implemented based on a native code and stored in a Java native interface (JNI) native library, and the parameters includes at least certificate information and signature validity information related to a package file; encrypting the original data by using the secret key information to obtain cipher data; and storing the cipher data in the package file.

Inventors

  • Yi-Xuan HE

Assignees

  • ASUSTEK COMPUTER INC.

Dates

Publication Date
20260507
Application Date
20241025
Priority Date
20231107

Claims (14)

  1. 1 . A data protection method, comprising: obtaining original data; generating, by a secret key generator, secret key information according to a plurality of parameters, wherein the secret key generator is implemented based on a native code and stored in a Java native interface (JNI) native library, and the parameters includes at least certificate information and signature validity information related to a package file; encrypting the original data by using the secret key information to obtain cipher data; and storing the cipher data in the package file.
  2. 2 . The data protection method according to claim 1 , wherein the parameters further comprise seed information, and step of encrypting the original data by using the secret key information to obtain the cipher data comprises: encrypting the original data by using the secret key information and the seed information to obtain the cipher data.
  3. 3 . The data protection method according to claim 1 , further comprises: obtaining digital signature information from the certificate information; calculating hash information according to file contents of the package file; and generating the signature validity information according to the digital signature information and the hash information.
  4. 4 . The data protection method according to claim 1 , wherein the parameters further comprise time validity information, and the data protection method further comprises: obtaining the certificate information and the signature validity information by the secret key generator within a period of time; and generating the time validity information according to the period of time by a time detector.
  5. 5 . The data protection method according to claim 1 , further comprises: calling the secret key generator via a Java native interface to start the secret key generator.
  6. 6 . The data protection method according to claim 1 , further comprises: decrypting the cipher data by using the secret key information to restore the original data.
  7. 7 . The data protection method according to claim 6 , wherein the parameters further comprise seed information, and the step of decrypting the cipher data by using the secret key information to restore the original data comprises: decrypting the cipher data by using the secret key information and the seed information to restore the original data.
  8. 8 . A data protection device, comprising: a storage circuit, configured to store a Java native interface (JNI) native library; and a processor, coupled to the storage circuit, wherein the processor is configured to: obtaining original data; generating, by a secret key generator, secret key information according to a plurality of parameters, wherein the secret key generator is implemented based on a native code and stored in the JNI native library, and the parameters includes at least certificate information and signature validity information related to a package file; encrypting the original data by using the secret key information to obtain cipher data; and storing the cipher data in the package file.
  9. 9 . The data protection device according to claim 8 , wherein the parameters further comprise seed information, and the operation of the processor encrypting the original data by using the secret key information to obtain the cipher data comprises: encrypting the original data by using the secret key information and the seed information to obtain the cipher data.
  10. 10 . The data protection device according to claim 8 , wherein the processor is further configured to: obtaining digital signature information from the certificate information; calculating hash information according to file contents of the package file; and generating the signature validity information according to the digital signature information and the hash information.
  11. 11 . The data protection device according to claim 8 , wherein the parameters further comprise time validity information, and the processor is configured to: obtaining the certificate information and the signature validity information by the secret key generator within a period of time; and generating the time validity information according to the period of time by a time detector.
  12. 12 . The data protection device according to claim 8 , wherein the processor is further configured to: calling the secret key generator via a Java native interface to start the secret key generator.
  13. 13 . The data protection device according to claim 8 , wherein the processor is further configured to: decrypting the cipher data by using the secret key information to restore the original data.
  14. 14 . The data protection device according to claim 13 , wherein the parameters further comprise seed information, and the operation of the processor decrypting the cipher data by using the secret key information to restore the original data comprises: decrypting the cipher data by using the secret key information and the seed information to restore the original data.

Description

CROSS-REFERENCE TO RELATED APPLICATION This application claims the priority benefit of Taiwan application serial no. 112142838, filed on Nov. 7, 2023. The entirety of the above-mentioned patent application is hereby incorporated by reference herein and made a part of this specification. BACKGROUND Technical Field The application relates to a data protection technology, and in particular, to a data protection method and a data protection device. Description of Related Art The development of most mobile applications requires the use of certain confidential information in the code depending on its functionality, such as passwords, keys, sensitive images, etc. used for server access. This important information must be protected to prevent the leakage of secrets after the application is cracked, resulting in serious security and financial losses. Generally speaking, this confidential information will be protected via an encryption system, such as using a key to encrypt and decrypt the data to be protected. However, once the key stored in the application or server is obtained by a hacker, the above data protection mechanism will be invalid. And the basic program reverse engineering techniques are often very easy to crack the above protection mechanisms. SUMMARY The disclosure provides a data protection method, which includes: obtaining original data; generating, by a secret key generator, secret key information according to a plurality of parameters, wherein the secret key generator is implemented based on a native code and stored in a Java native interface (JNI) native library, and the parameters includes at least certificate information and signature validity information related to a package file; encrypting the original data by using the secret key information to obtain cipher data; and storing the cipher data in the package file. The disclosure also provides a data protection device, which includes a storage circuit and a processor. The storage circuit is configured to store a JNI native library. The processor is coupled to the storage circuit. The processor is configured to: obtaining original data; generating, by a secret key generator, secret key information according to a plurality of parameters, wherein the secret key generator is implemented based on a native code and stored in the JNI native library, and the parameters includes at least certificate information and signature validity information related to a package file; encrypting the original data by using the secret key information to obtain cipher data; and storing the cipher data in the package file. Based on the above, the secret key generator can generate the secret key information according to a plurality of parameters. Especially, the secret key generator is implemented based on the native code and stored in a Java native interface native library. Besides, the parameters include at least certificate information and signature validity information related to the package file. Then, the secret key information is used to encrypt the original data to obtain cipher data, and the cipher data is stored in the package file. In this way, better data protection capabilities can be provided for the original data. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of a data protection device according to an embodiment of the present disclosure. FIG. 2 is a schematic diagram of a secret key information generated by the secret key generator according to an embodiment of the present disclosure. FIG. 3 is a timing diagram of generating the secret key information according to an embodiment of the present disclosure. FIG. 4 is a schematic diagram of generating the cipher data by an encryptor according to an embodiment of the present disclosure. FIG. 5 is a schematic diagram of restoring the original data by a decryptor according to an embodiment of the present disclosure. FIG. 6 is a flow chart of a data protection method according to an embodiment of the present disclosure. DESCRIPTION OF THE EMBODIMENTS Referring to FIG. 1, the data protection device 10 can be various electronic devices with data processing and computing functions, such as smartphones, tablets, laptops, game consoles, head-mounted displays, smart TVs, industrial computers or servers, and the type of the data protection device 10 is not limited thereto. the data protection device 10 includes a processor 11, a storage circuit 12 and an Input/Output (I/O) interface 13. The processor 11 is responsible for the entire or partial operation of the data protection device 10. For example, the processor 11 may be Central Processing Unit (CPU), Graphics Processing Unit (GPU), or other programmable general-purpose or special-purpose microprocessor, Digital Signal Processor (DSP), programmable Controllers, Application Specific Integrated Circuits (ASICs), Programmable Logic Devices (PLD) or other similar devices or combinations of these devices. The storage circuit 12 is coupled to the processo