阅读说明：本技术 数据安全处理方法及装置、设备、存储介质 (Data security processing method and device, equipment and storage medium ) 是由 吴佳成 甘昕 张帅 于 2021-09-26 设计创作，主要内容包括：提供了一种数据安全处理方法、装置、设备及存储介质,所述方法包括：获取数据存储系统中存储的回收数据；所述回收数据包括在数据生成环境中收集的至少一帧图像和每一所述帧图像的识别结果；对每一所述帧图像中的目标对象进行模糊化处理,得到相应的候选帧图像；基于每一所述帧图像的识别结果对所述相应的候选帧图像进行标注,得到目标数据；其中,所述目标数据用于作为训练图像识别模型的训练样本。(A data security processing method, device, equipment and storage medium are provided, the method comprises: acquiring recovery data stored in a data storage system; the recovery data comprises at least one frame of image collected in the data generation environment and the identification result of each frame of image; fuzzifying the target object in each frame image to obtain a corresponding candidate frame image; labeling the corresponding candidate frame image based on the recognition result of each frame image to obtain target data; wherein the target data is used as a training sample for training an image recognition model.)

1. A method of secure processing of data, the method comprising:

acquiring recovery data stored in a data storage system; the recovery data comprises at least one frame of image collected in the data generation environment and the identification result of each frame of image;

fuzzifying the target object in each frame image to obtain a corresponding candidate frame image;

labeling the corresponding candidate frame image based on the recognition result of each frame image to obtain target data; wherein the target data is used as a training sample for training an image recognition model.

2. The method of claim 1, wherein the blurring the target object in each of the frame images to obtain the corresponding candidate frame image comprises:

determining sensitive information of the recycled data based on the service attribute of the data generation environment;

determining a target object in each frame image based on the sensitive information;

and performing mosaic processing on the target object in each frame image to obtain the corresponding candidate frame image.

3. The method according to claim 1 or 2, wherein said labeling the corresponding candidate frame image based on the recognition result of each frame image to obtain the target data comprises:

sending an annotation request to a remote virtual machine; wherein, the annotation request comprises the identification result of each frame image and the corresponding candidate frame image;

receiving a labeling response sent by the remote virtual machine; and the labeling response comprises target data obtained after labeling the corresponding candidate frame image based on the identification result of each frame image.

4. The method of any of claims 1 to 3, wherein the data storage system is a hard disk, the method further comprising:

acquiring at least one frame of image generated in the data generation environment and a recognition result of the corresponding frame of image;

and writing the recognition result of the at least one frame of image and the corresponding frame of image into the hard disk passing the security verification as recovered data.

5. The method of claim 4, wherein the hard disk comprises a card slot and a processing component, and the writing of the at least one frame of image and the identification result of the corresponding frame of image as recycle data into the hard disk which passes the security verification comprises:

acquiring an access password input by a user to the hard disk;

under the condition that a chip card is inserted into the card slot, the inserted chip card and the access password are respectively verified through the processing assembly to obtain a first verification result;

and writing the recycled data into the hard disk under the condition that the first verification result shows that the inserted card and the access password are verified to pass.

6. The method of claim 4, wherein the method further comprises:

acquiring attribute information of the hard disk; the attribute information comprises the identification of the hard disk and a manufacturer;

verifying the identifier of the hard disk and a manufacturer to obtain a second verification result;

and writing the recycled data into the hard disk again under the condition that the second verification result shows that the hard disk passes the verification.

7. The method of claim 6, wherein the attribute information of the hard disk further comprises a hidden file in the hard disk, the method further comprising:

determining encrypted characters in the hidden file in the hard disk;

verifying the encrypted character to obtain a third verification result;

and writing the recycled data into the hard disk again under the condition that the third verification result shows that the hard disk passes the verification.

8. A data security processing apparatus, the apparatus comprising a first obtaining module, a processing module and a labeling module, wherein:

the first acquisition module is used for acquiring the recovery data stored in the data storage system; the recovery data comprises at least one frame of image collected in the data generation environment and the identification result of each frame of image;

the processing module is used for performing fuzzification processing on the target object in each frame image to obtain a corresponding candidate frame image;

the labeling module is used for labeling the corresponding candidate frame image based on the identification result of each frame image to obtain target data; wherein the target data is used as a training sample for training an image recognition model.

9. An electronic device comprising a memory and a processor, the memory storing a computer program executable on the processor, wherein the processor, when executing the program, is configured to:

acquiring recovery data stored in a data storage system; the recovery data comprises at least one frame of image collected in the data generation environment and the identification result of each frame of image;

fuzzifying the target object in each frame image to obtain a corresponding candidate frame image;

labeling the corresponding candidate frame image based on the recognition result of each frame image to obtain target data; wherein the target data is used as a training sample for training an image recognition model.

10. The electronic device of claim 9, wherein, in blurring the target object in each of the frame images to obtain the corresponding candidate frame image, the processor is configured to:

determining sensitive information of the recycled data based on the service attribute of the data generation environment;

determining a target object in each frame image based on the sensitive information;

and performing mosaic processing on the target object in each frame image to obtain the corresponding candidate frame image.

11. The electronic device of claim 9 or 10, wherein, in labeling the corresponding candidate frame image based on the recognition result of each frame image, resulting in target data, the processor is configured to:

sending an annotation request to a remote virtual machine; wherein, the annotation request comprises the identification result of each frame image and the corresponding candidate frame image;

receiving a labeling response sent by the remote virtual machine; and the labeling response comprises target data obtained after labeling the corresponding candidate frame image based on the identification result of each frame image.

12. The electronic device of any of claims 9-11, wherein the data storage system is a hard disk, the processor further configured to:

acquiring at least one frame of image generated in the data generation environment and a recognition result of the corresponding frame of image;

and writing the recognition result of the at least one frame of image and the corresponding frame of image into the hard disk passing the security verification as recovered data.

13. The electronic device of claim 12, wherein the hard disk comprises a card slot and a processing component, wherein, when writing the at least one frame of image and the identification result of the corresponding frame of image as recycled data into the hard disk that passes the security authentication, the processor is configured to:

acquiring an access password input by a user to the hard disk;

under the condition that a chip card is inserted into the card slot, the inserted chip card and the access password are respectively verified through the processing assembly to obtain a first verification result;

and writing the recycled data into the hard disk under the condition that the first verification result shows that the inserted card and the access password are verified to pass.

14. The electronic device of claim 12, wherein the processor is configured to:

acquiring attribute information of the hard disk; the attribute information comprises the identification of the hard disk and a manufacturer;

verifying the identifier of the hard disk and a manufacturer to obtain a second verification result;

and writing the recycled data into the hard disk again under the condition that the second verification result shows that the hard disk passes the verification.

15. The electronic device of claim 14, wherein the attribute information of the hard disk further comprises a hidden file in the hard disk, the processor further configured to:

determining encrypted characters in the hidden file in the hard disk;

verifying the encrypted character to obtain a third verification result;

and writing the recycled data into the hard disk again under the condition that the third verification result shows that the hard disk passes the verification.

16. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, is configured to:

acquiring recovery data stored in a data storage system; the recovery data comprises at least one frame of image collected in the data generation environment and the identification result of each frame of image;

fuzzifying the target object in each frame image to obtain a corresponding candidate frame image;

labeling the corresponding candidate frame image based on the recognition result of each frame image to obtain target data; wherein the target data is used as a training sample for training an image recognition model.

17. The storage medium of claim 16, wherein, in blurring the target object in each of the frame images to obtain the corresponding candidate frame image, the computer program is configured to:

determining sensitive information of the recycled data based on the service attribute of the data generation environment;

determining a target object in each frame image based on the sensitive information;

and performing mosaic processing on the target object in each frame image to obtain the corresponding candidate frame image.

18. The electronic device of claim 16 or 17, wherein, in labeling the respective candidate frame image based on the recognition result of each of the frame images, resulting in target data, the computer program is configured to:

sending an annotation request to a remote virtual machine; wherein, the annotation request comprises the identification result of each frame image and the corresponding candidate frame image;

receiving a labeling response sent by the remote virtual machine; and the labeling response comprises target data obtained after labeling the corresponding candidate frame image based on the identification result of each frame image.

19. The electronic device of any of claims 16-18, wherein the data storage system is a hard disk, the computer program further configured to:

acquiring at least one frame of image generated in the data generation environment and a recognition result of the corresponding frame of image;

and writing the recognition result of the at least one frame of image and the corresponding frame of image into the hard disk passing the security verification as recovered data.

20. A computer program comprising computer instructions executable by an electronic device, wherein the computer instructions, when executed by a processor in the electronic device, are configured to:

acquiring recovery data stored in a data storage system; the recovery data comprises at least one frame of image collected in the data generation environment and the identification result of each frame of image;

fuzzifying the target object in each frame image to obtain a corresponding candidate frame image;

labeling the corresponding candidate frame image based on the recognition result of each frame image to obtain target data; wherein the target data is used as a training sample for training an image recognition model.

Technical Field

The present application relates to the field of computer communications, and relates to, but is not limited to, a data security processing method, apparatus, device, and storage medium.

Background

With the continuous and deep knowledge of information security, the technical level of information security assurance is also continuously improved. In particular, in the artificial intelligence service, some specific service processes need to store video information collected from the actual generation environment, so as to ensure that all service execution processes are analyzable. Meanwhile, the electronic device executing the service needs to collect data again according to the change of the actual environment information, and debug (debug) or improve the collected data. To achieve the above goal, data needs to be stored and used, which involves a problem of data protection.

Disclosure of Invention

The embodiment of the application provides a data security processing method, a device, equipment and a storage medium.

The technical scheme of the embodiment of the application is realized as follows:

in a first aspect, an embodiment of the present application provides a data security processing method, where the method includes:

acquiring recovery data stored in a data storage system; the recovery data comprises at least one frame of image collected in the data generation environment and the identification result of each frame of image;

fuzzifying the target object in each frame image to obtain a corresponding candidate frame image;

labeling the corresponding candidate frame image based on the recognition result of each frame image to obtain target data; wherein the target data is used as a training sample for training an image recognition model.

In some possible embodiments, the blurring the target object in each of the frame images to obtain a corresponding candidate frame image includes: determining sensitive information of the recycled data based on the service attribute of the data generation environment; determining a target object in each frame image based on the sensitive information; and performing mosaic processing on the target object in each frame image to obtain the corresponding candidate frame image.

In this way, the sensitive information of the recovered data in the data generation environment is determined, and the target content corresponding to the sensitive information is further subjected to mosaic processing, so that the sensitive content in the image can be ensured not to be leaked, and the safety of the recovered data is guaranteed.

In some possible embodiments, the labeling the corresponding candidate frame image based on the recognition result of each frame image to obtain target data includes: sending an annotation request to a remote virtual machine; wherein, the annotation request comprises the identification result of each frame image and the corresponding candidate frame image; receiving a labeling response sent by the remote virtual machine; and the labeling response comprises target data obtained after labeling the corresponding candidate frame image based on the identification result of each frame image.

Like this, carry out remote mark through the mode of long-range virtual machine, data can not directly be transmitted for marking personnel or marking equipment, avoid retrieving the transmission risk of data, ensure data safety.

In some possible embodiments, the data storage system is a hard disk, and the method further includes: acquiring at least one frame of image generated in the data generation environment and a recognition result of the corresponding frame of image; and writing the recognition result of the at least one frame of image and the corresponding frame of image into the hard disk passing the security verification as recovered data.

In this way, the recovery data generated in the data generation environment is selectively collected and stored in the hard disk passing the security verification in a persistent storage mode so as to be collected and then processed subsequently.

In some possible embodiments, the hard disk includes a card slot and a processing component, and the writing the identification result of the at least one frame of image and the corresponding frame of image as recycled data into the hard disk passing the security verification includes: acquiring an access password input by a user to the hard disk; under the condition that a chip card is inserted into the card slot, the inserted chip card and the access password are respectively verified through the processing assembly to obtain a first verification result; and writing the recycled data into the hard disk under the condition that the first verification result shows that the inserted card and the access password are verified to pass.

Therefore, the hard disk can be read and written by simultaneously verifying the chip card and the access password, a data protection mode combining software and hardware is realized, and persistent data can be better protected.

In some possible embodiments, the method further comprises: acquiring attribute information of the hard disk; the attribute information comprises the identification of the hard disk and a manufacturer; verifying the identifier of the hard disk and a manufacturer to obtain a second verification result; and writing the recycled data into the hard disk again under the condition that the second verification result shows that the hard disk passes the verification.

Therefore, whether the manufacturer is the manufacturer appointed by the business side or not is verified, and whether the hard disk identification is matched with the manufacturer or not is verified, so that the hard disk written with the recovery data is ensured to pass the safety verification.

In some possible embodiments, the attribute information of the hard disk further includes a hidden file in the hard disk, and the method further includes: determining encrypted characters in the hidden file in the hard disk; verifying the encrypted character to obtain a third verification result; and writing the recycled data into the hard disk again under the condition that the third verification result shows that the hard disk passes the verification.

Therefore, the hard disk written with the recycled data is ensured to pass the safety verification by verifying whether the hard disk has the appointed hidden file and the encrypted characters in the hidden file.

In a second aspect, an embodiment of the present application provides a data security processing apparatus, including a first obtaining module, a processing module, and a labeling module, where:

the first acquisition module is used for acquiring the recovery data stored in the data storage system; the recovery data comprises at least one frame of image collected in the data generation environment and the identification result of each frame of image;

the processing module is used for performing fuzzification processing on the target object in each frame image to obtain a corresponding candidate frame image;

the labeling module is used for labeling the corresponding candidate frame image based on the identification result of each frame image to obtain target data; wherein the target data is used as a training sample for training an image recognition model.

In a third aspect, an embodiment of the present application provides an electronic device, which includes a memory and a processor, where the memory stores a computer program that is executable on the processor, and the processor implements the steps in the data security processing method when executing the program.

In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the above-mentioned data security processing method.

The beneficial effects brought by the technical scheme provided by the embodiment of the application at least comprise:

in the embodiment of the application, firstly, recovery data stored in a data storage system is obtained; the recovery data comprises at least one frame of image collected in the data generation environment and the identification result of each frame of image; then, fuzzifying the target object in each frame image to obtain a corresponding candidate frame image; finally, labeling the corresponding candidate frame image based on the recognition result of each frame image to obtain target data; wherein the target data is used as a training sample for training an image recognition model. Therefore, the safety of the recovered data can be guaranteed to a great extent by carrying out fuzzy processing on the target object on the collected image in the stored data generation environment and then labeling the image, and sensitive information in the image is prevented from being leaked.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without inventive efforts, wherein:

fig. 1 is a schematic flow chart of a data security processing method according to an embodiment of the present application;

fig. 2 is a schematic flowchart of a data security processing method according to an embodiment of the present application;

fig. 3 is a schematic flowchart of a data security processing method according to an embodiment of the present application;

fig. 4 is a schematic flowchart of a data security processing method according to an embodiment of the present application;

fig. 5 is a schematic flowchart of a data security processing method according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of a data security processing apparatus according to an embodiment of the present application;

fig. 7 is a hardware entity diagram of an electronic device according to an embodiment of the present disclosure.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The following examples are intended to illustrate the present application but are not intended to limit the scope of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.

It should be noted that the terms "first \ second \ third" referred to in the embodiments of the present application are only used for distinguishing similar objects and do not represent a specific ordering for the objects, and it should be understood that "first \ second \ third" may be interchanged under specific ordering or sequence if allowed, so that the embodiments of the present application described herein can be implemented in other orders than illustrated or described herein.

It will be understood by those within the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which embodiments of the present application belong. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.

The embodiment of the application provides a data security processing method which is applied to electronic equipment. The electronic device includes, but is not limited to, a mobile phone, a laptop, a tablet and a web-enabled device, a multimedia device, a streaming media device, a mobile internet device, a wearable device, or other types of electronic devices. The functions implemented by the method can be implemented by calling program code by a processor in an electronic device, and the program code can be stored in a computer storage medium. The processor may be configured to perform a process of a data security management process, and the memory may be configured to store data required and data generated during the data security management process.

Fig. 1 is a schematic flow chart of a data security processing method provided in an embodiment of the present application, and as shown in fig. 1, the method at least includes the following steps:

step S110, acquiring the recovery data stored in the data storage system;

here, the recycle data includes at least one frame image collected in the data generation environment and a recognition result of each of the frame images. Wherein, at least one frame of image can be an image acquisition device arranged in the data generation environment, such as an image acquired by a camera module in real time; or other devices may transmit the data to a sideline device in the data generation environment by means of instant messaging, where the sideline device is an edge computing node or an Artificial Intelligence (AI) server. The embodiment of the present application does not limit the form of generating the image data.

In some possible implementations, a camera module disposed in the data generation environment captures live-action images in real time within a field of view, and transmits consecutive frames of live-action images as a video stream to a processor of the frontend device. The edge-end equipment is provided with an image processing module containing algorithms such as a detection algorithm, an identification algorithm, a correlation algorithm and the like, and each image in the video stream is sequentially processed by the image processing module

It should be noted that, due to reasons that data distribution in the data generation environment is inconsistent with the test environment, abnormal data may occur in the data generation environment, and the like, the problem that the recognition accuracy is reduced in the real production environment generally occurs in image recognition. For example, the face recognition model is difficult to recognize the face of the wearer, because the face of the wearer occupies a small proportion of the test set, which results in a low service recognition rate. Therefore, there is a need for data and processing results generated in a data generation environment to be collected in a storage device for collection of test data sets for later use in recreating problems, model training, or as other new services.

Step S120, fuzzification processing is carried out on the target object in each frame image to obtain a corresponding candidate frame image;

here, the blurring process may be a mosaic process, blurring, overlaying, or the like. The target object in each frame image is fuzzified, so that the details of the area where the target object is located cannot be displayed, that is, the target object in the obtained candidate frame image cannot be recognized.

The mosaic processing is an effect of degrading the details of the color gradation of the region where the target object is located in each frame of image and causing the color blocks to be disturbed, and the blurring is seemingly made up of small lattices one by one. The blurring process is usually a gaussian blurring (gaussian blur) algorithm, which is generally used to reduce image noise and reduce the level of detail of an image region where a target object is located, and essentially, each pixel of the target object is averaged with surrounding pixels, so that the target object is numerically "smoothed," and graphically equivalent to generating a "blurring" effect.

In a possible implementation manner, the image detection module may determine all the objects in each frame of image by performing detection and identification on each frame of image. It is understood that the target object may be set according to actual needs, and may include, but is not limited to: setting that specific objects in the live-action image are all target objects based on the service scene, for example, for an entertainment place, the personal privacy of a client is regarded as sensitive information, so that the target objects in the game image collected in the entertainment place can be human faces; or setting an object in the middle area in the live-action image as a target object; or after recognizing the object in the live-action image, the user may select the target object by himself, and the like, which is not limited in this embodiment of the application.

Step S130, labeling the corresponding candidate frame image based on the identification result of each frame image to obtain target data;

here, labeling the candidate frame image, that is, labeling an object other than the target object in the image can prevent information of the target object from being leaked to other labeling personnel at the time of manual labeling.

The target data is at least one frame of image marked with other objects except the target object, and can be directly used as a training sample for training the image recognition model.

In some embodiments, the labeling can be performed by a local data center through manual labeling or automatic labeling; in some embodiments, the labeling mode can also be provided for a labeling person to label by a remote virtual machine; in some embodiments, the manner of tagging may also be automatically tagged by the access device on which the remote virtual machine is located.

It is worth noting that in order to avoid data leakage in the transmission process, a remote labeling mode can be adopted for labeling, so that data security is guaranteed to the greatest extent, and sensitive information leakage is avoided.

In the embodiment of the application, firstly, recovery data stored in a data storage system is obtained; the recovery data comprises at least one frame of image collected in the data generation environment and the identification result of each frame of image; then, fuzzifying the target object in each frame image to obtain a corresponding candidate frame image; marking the corresponding candidate frame image based on the recognition result of each frame image to obtain target data; finally; wherein the target data is used as a training sample for training an image recognition model. Therefore, the safety of the recovered data can be guaranteed to a great extent by carrying out fuzzy processing on the target object on the collected image in the stored data generation environment and then labeling the image, and sensitive information in the image is prevented from being leaked.

Fig. 2 is a schematic flow chart of a data security processing method according to an embodiment of the present application, and as shown in fig. 2, the method at least includes the following steps:

step S210, acquiring the recovery data stored in the data storage system;

here, the recycle data includes at least one frame image collected in the data generation environment and a recognition result of each of the frame images. That is, the data is collected and then stored in the data storage system, and when the data needs to be processed, the corresponding collected data is read from the data storage system.

Step S220, determining the sensitive information of the recycled data based on the service attribute of the data generation environment;

here, the service attribute of the data generation environment may be an actual scene where the edge device is located, that is, a data source, or may be a specific requirement of a client, a specification of a related service, that is, a data requirement.

Illustratively, the data generation environment is a casino, at least one frame of game image collected from the casino is taken as recycling data, and the face information in each frame of game image can be taken as sensitive information for the provision of related game services in the casino.

Step S230, determining a target object in each frame image based on the sensitive information;

here, after the sensitive information in each frame of image is determined, a target object corresponding to the sensitive information may be determined by using a relevant image processing algorithm such as key point detection, semantic segmentation, and the like.

Step S240, performing mosaic processing on the target object in each frame image to obtain the corresponding candidate frame image;

here, the mosaic processing may be performed by first determining an image area where the target object is located, and then filling the image area where the target object is located with small color blocks (rectangles or squares) of different colors, so as to obtain candidate frame images corresponding to each of the frame images.

Illustratively, a mosaic process is performed on the face in the game image, and an image with a blurred face is obtained as a candidate frame image, so as to be subsequently labeled and used as a test data set of other new services.

Step S250, labeling the corresponding candidate frame image based on the identification result of each frame image to obtain target data;

here, the target data is used as a training sample for training the image recognition model.

Note that, labeling the candidate frame image, that is, labeling an object other than the target object in the image can prevent information of the target object from being leaked to other labeling personnel during manual labeling.

Common data labeling comprises classification labeling, frame labeling, area labeling and point tracing labeling, wherein the classification labeling is to label an object of a determined class and label the object as a specific class; and framing, namely framing the object to be detected. For example, when the face is recognized, firstly, the position of the face is determined, and then the face recognition is carried out on the area where the detection frame is located; compared with frame marking, the requirement of region marking is more accurate, and the edge can be flexible, such as road identification in automatic driving; the point marking is suitable for some applications requiring detail on features, such as bone recognition. The sample data set typically used for model training or testing is labeled.

In practical product application, usually, labeled data is needed as prior experience to perform supervised learning, so that whether the type of each object identified by the model is the same as the labeled type of each object is determined, and the identification accuracy of the trained model meets the requirement.

In the embodiment of the application, sensitive information of the recovered data in the data generation environment is determined, a target object corresponding to the sensitive information is further subjected to mosaic processing, and objects except the target object are labeled, so that sensitive content in an image can be prevented from being leaked, and the safety of the recovered data is further guaranteed.

Fig. 3 is a schematic flow chart of a data security processing method provided in an embodiment of the present application, and as shown in fig. 3, the method may be implemented by the following steps:

step S310, acquiring the recovery data stored in the data storage system;

here, the recycle data includes at least one frame image collected in the data generation environment and a recognition result of each of the frame images.

Step S320, fuzzification processing is carried out on the target object in each frame image to obtain a corresponding candidate frame image;

step S330, sending a labeling request to a remote virtual machine;

here, the remote virtual machine may be a server, a virtual machine, or the like, and the annotation request includes the recognition result of each frame image and the corresponding candidate frame image.

Step S340, receiving a labeling response sent by the remote virtual machine;

here, the labeling response includes target data obtained by labeling the corresponding candidate frame image based on the recognition result of each frame image. The target data is used as a training sample for training the image recognition model.

It should be noted that, in implementation, a annotator may remotely access the recycled data in the local data center by logging in the virtual machine, and annotate the corresponding candidate frame image based on the recognition result of each frame image to obtain target data. That is to say, for the data annotation demand, provide the annotator through the mode of remote virtual machine, retrieve data and can not directly transmit for the annotator to avoid the sensitive content in the retrieved data to leak.

In the embodiment of the application, after data recovery, each frame of image in the data storage system and the identification result of the corresponding frame of image are obtained; firstly, after fuzzy processing is carried out on a target object in each frame of image, remote labeling is carried out in a remote virtual machine mode, data cannot be directly transmitted to labeling personnel or labeling equipment, transmission risks of recovered data are avoided, and data safety is guaranteed.

Fig. 4 is a schematic flowchart of a data security processing method provided in an embodiment of the present application, and as shown in fig. 4, the method may be implemented by the following steps:

step S410, acquiring at least one frame of image generated in the data generation environment and the identification result of the corresponding frame of image;

here, images generated in the data generation environment, recognition results, processing results generated during program execution, and the like may be selectively collected in a certain storage system by automatic collection.

Step S420, taking the identification result of the at least one frame of image and the corresponding frame of image as recovery data, and writing the recovery data into a hard disk passing the security verification;

here, the hard disk is a storage method of persistent data, and before writing the recovery data, it is necessary to verify that the hard disk is a specific secure hard disk. Meanwhile, when a part of the recovered data is read from the hard disk for processing, the identity or the authority of the user also needs to be checked, and the hard disk can be read only after the verification is passed.

Note that persistent data in the hard disk is stored on a Flash memory (Flash) granule. Because the wear-out times of the flash memory particles are limited, when the wear-out times of the flash memory blocks exceed the rated erasing times, a programming failure or a data reading Error, such as an Uncorrectable Read Error (UNC) or the like, is likely to occur, which causes a security problem in data storage.

In this way, the recovery data generated in the data generation environment is selectively collected and stored in the hard disk passing the security verification in a persistent storage mode so as to be collected and then processed subsequently.

In some embodiments, the hard disk includes a card slot and a processing component, and the step S420 may be implemented by:

step S4201, obtaining an access password input by a user to the hard disk;

here, when the user wants to read the recycled data in the hard disk, the user needs to input an access password, which is usually determined by the business party and the user through negotiation.

Step S4202, under the condition that a chip card is inserted into the card slot, the inserted chip card and the access password are respectively verified through the processing assembly, and a first verification result is obtained;

here, the processing component is a small box which is externally wrapped with a processing chip, and can verify whether a card inserted into the card slot is a chip card corresponding to the hard disk or not; and simultaneously, after the corresponding chip card is inserted into the hard disk, whether the access password input by the user is consistent with the storage password of the data storage hard disk is verified, and a first verification result is obtained.

And step S4203, writing the recycle data into the hard disk if the first verification result indicates that the inserted card and the access password are verified.

Here, when the card inserted into the card slot is a chip card corresponding to a hard disk and the access password input by the user is identical to the stored password, the hard disk is readable and writable by the user. Therefore, the recycle data can be written into the hard disk which passes the security verification.

It is worth noting that a service party (such as a manager of a casino) manages the chip card and the storage password at the same time, and the storage password of the hard disk is updated regularly, so that privacy protection of persistent recovery data stored in the hard disk is ensured, and data information security in a data generation environment is ensured.

In the above steps S4201 to S4203, the hard disk can be read and written by simultaneously verifying the chip card and the access password, that is, the embodiment of the present application provides a data protection mode combining software and hardware, so that persistent data can be better protected.

Step S430, acquiring the recovery data stored in the data storage system;

here, the recycle data includes at least one frame image collected in the data generation environment and a recognition result of each of the frame images.

Step S440, fuzzification processing is carried out on the target object in each frame image to obtain a corresponding candidate frame image;

step S450, labeling the corresponding candidate frame image based on the identification result of each frame image to obtain target data;

here, the target data is used as a training sample for training the image recognition model.

In the embodiment of the application, the recovery data generated in the data generation environment is selectively collected and stored in the hard disk passing the security verification in a persistent storage mode, so that the recovery data is collected and then is subjected to subsequent processing. Meanwhile, before the recovered data are written into the hard disk, whether the hard disk is safe needs to be verified, the embodiment of the application provides a hard disk data read-write protection scheme of software and hardware, and the persistent recovered data can be better protected.

Fig. 5 is a schematic flowchart of a data security processing method according to an embodiment of the present application, and as shown in fig. 5, the method may be implemented by the following steps:

step S510, acquiring attribute information of the hard disk;

here, the attribute information includes an identification of the hard disk and a manufacturer.

It should be noted that, when the card inserted into the card slot of the hard disk and the access password input by the user are both verified, the local device, such as the local data center, which processes the recycled data, automatically reads the attribute information of the connected hard disk.

Step S520, verifying the identifier of the hard disk and a manufacturer to obtain a second verification result;

here, the manufacturer is a manufacturing company of the hard disk, and the Identifier (ID) is a unique identifier of the manufacturing company.

And obtaining a second verification result by verifying whether the manufacturer is the manufacturer appointed by the service party and whether the hard disk identifier is matched with the manufacturer.

Step S530, writing the recycled data into the hard disk again under the condition that the second verification result shows that the hard disk passes the verification;

here, when the manufacturer is a specified manufacturer and the identification of the hard disk is a unique identification of the manufacturer, it is described that the hard disk is correct and secure, and the recycle data can be written in the hard disk.

Step S540, determining the encrypted characters in the hidden file in the hard disk;

here, the hidden file is an encrypted file agreed by a service party and a manufacturer, and the file name of the hidden file is a string of encrypted characters consisting of numbers and letters, which is equivalent to an agreed password.

Step S550, verifying the encrypted character to obtain a third verification result;

in the implementation, whether an appointed hidden file exists in a hard disk is verified, and if the appointed hidden file does not exist, the hard disk is unsafe; and under the condition that the hidden file exists, reading the file name of the hidden file to obtain an encrypted character, and verifying whether the encrypted character is consistent with the appointed password or not, thereby obtaining a third verification result.

And step S560, writing the recycled data into the hard disk when the third verification result indicates that the hard disk passes the verification.

Here, when a hidden file exists in a hard disk and the encrypted character in the hidden file is correct, it is described that the hard disk is secure, and the collected data can be written in the hard disk.

In the embodiment of the application, whether a manufacturer is a manufacturer appointed by a service party or not and whether the hard disk identifier is matched with the manufacturer or not are verified, and then whether an agreed hidden file and encrypted characters in the hidden file exist in the hard disk or not is verified. That is, before writing the recycled data into the hard disk, the identification of the hard disk, the manufacturer, and the hidden file included in the hard disk are checked to ensure that the written hard disk is correct, so as to better protect the persistent recycled data.

The embodiment of the application can be at least applied to the following use scenes: video information collected in the game process needs to be stored in a casino to ensure that the game process on a game table in the casino is traceable, and meanwhile, an algorithm and a service layer need to be debugged or improved according to actual scene information. In order to achieve the above objective, the recycled data may need to be stored and used, which relates to the problem of data protection.

It should be noted that the various embodiments in this specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and like parts between various embodiments may be referred to each other.

Based on the foregoing embodiments, an embodiment of the present application further provides a data security processing apparatus, where the apparatus includes modules, and sub-modules and units included in the modules, and may be implemented by a processor in an electronic device; of course, the implementation can also be realized through a specific logic circuit; in the implementation process, the Processor may be a Central Processing Unit (CPU), a microprocessor Unit (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like.

Fig. 6 is a schematic structural diagram of a data security processing apparatus provided in an embodiment of the present application, and as shown in fig. 6, the apparatus 600 includes a first obtaining module 610, a processing module 620, and a labeling module 630, where:

the first obtaining module 610 is configured to obtain the recycled data stored in the data storage system; the recovery data comprises at least one frame of image collected in the data generation environment and the identification result of each frame of image;

the processing module 620 is configured to perform blurring processing on the target object in each frame image to obtain a corresponding candidate frame image;

the labeling module 630 is configured to label the corresponding candidate frame image based on the recognition result of each frame image to obtain target data; wherein the target data is used as a training sample for training an image recognition model.

In some possible embodiments, the processing module 620 includes a first determining sub-module, a second determining sub-module, and a processing sub-module, wherein: the first determining submodule is used for determining the sensitive information of the recycled data based on the service attribute of the data generation environment; the second determining submodule is used for determining a target object in each frame of image based on the sensitive information; and the processing submodule is used for carrying out mosaic processing on the target object in each frame image to obtain the corresponding candidate frame image.

In some possible embodiments, the labeling module 630 includes: a sending submodule and a receiving submodule, wherein: the sending submodule is used for sending an annotation request to the remote virtual machine; wherein, the annotation request comprises the identification result of each frame image and the corresponding candidate frame image; the receiving submodule is used for receiving an annotation response sent by the remote virtual machine; and the labeling response comprises target data obtained after labeling the corresponding candidate frame image based on the identification result of each frame image.

In some possible embodiments, the data storage system is a hard disk, and the apparatus 600 further includes a second obtaining module and a storage module, where: the second acquisition module is used for acquiring at least one frame of image generated in the data generation environment and the identification result of the corresponding frame of image; and the storage module is used for writing the identification result of the at least one frame of image and the corresponding frame of image into the hard disk passing the security verification as the recovery data.

In some possible embodiments, the hard disk includes a card slot and a processing component, and the storage module includes a first obtaining submodule, a first verifying submodule, and a first storage submodule, where: the first obtaining submodule is used for obtaining an access password input by a user to the hard disk; the first verification submodule is used for respectively verifying the inserted chip card and the access password through the processing component under the condition that the chip card is inserted into the card slot, so as to obtain a first verification result; the first storage submodule is used for writing the recycled data into the hard disk under the condition that the first verification result shows that the inserted card and the access password are verified to pass.

In some possible embodiments, the storage module further comprises a second obtaining sub-module, a second verifying sub-module, and a second storage sub-module, wherein: the second obtaining submodule is used for obtaining attribute information of the hard disk; the attribute information comprises the identification of the hard disk and a manufacturer; the second verification submodule is used for verifying the identifier of the hard disk and a manufacturer to obtain a second verification result; and the second storage submodule is used for writing the recovered data into the hard disk under the condition that the second verification result shows that the hard disk passes the verification.

In some possible embodiments, the attribute information of the hard disk further includes a hidden file in the hard disk, and the storage module further includes a third determining sub-module, a third verifying sub-module, and a third storage sub-module, where: the third determining submodule is used for determining encrypted characters in the hidden file in the hard disk; the third verification submodule is used for verifying the encrypted character to obtain a third verification result; and the third storage submodule is used for writing the recycled data into the hard disk again under the condition that the third verification result shows that the hard disk passes the verification.

Here, it should be noted that: the above description of the apparatus embodiments, similar to the above description of the method embodiments, has similar beneficial effects as the method embodiments. For technical details not disclosed in the embodiments of the apparatus of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.

It should be noted that, in the embodiment of the present application, if the data security processing method is implemented in the form of a software functional module and is sold or used as a standalone product, it may also be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for enabling an electronic device (which may be a smartphone with a camera, a tablet computer, etc.) to execute all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the present application are not limited to any specific combination of hardware and software.

Correspondingly, the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the data security processing method described in any of the above embodiments.

Correspondingly, in an embodiment of the present application, a chip is further provided, where the chip includes a programmable logic circuit and/or a program instruction, and when the chip runs, the chip is configured to implement the steps in the data security processing method in any of the above embodiments.

Correspondingly, in an embodiment of the present application, there is further provided a computer program product, which is used to implement the steps in the data security processing method in any of the above embodiments when the computer program product is executed by a processor of an electronic device.

Based on the same technical concept, the embodiment of the present application provides an electronic device, which is used for implementing the data security processing method described in the above method embodiment. Fig. 7 is a hardware entity diagram of an electronic device according to an embodiment of the present application, as shown in fig. 7, the electronic device 700 includes a memory 710 and a processor 720, the memory 710 stores a computer program that can be executed on the processor 720, and the processor 720 executes the computer program to implement steps in any data security processing method according to the embodiment of the present application.

The Memory 710 is configured to store instructions and applications executable by the processor 720, and may also buffer data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or already processed by the processor 720 and modules in the electronic device, and may be implemented by a FLASH Memory (FLASH) or a Random Access Memory (RAM).

The processor 720, when executing the program, performs the steps of any of the data security processing methods described above. The processor 720 generally controls the overall operation of the electronic device 700.

The Processor may be at least one of an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a Central Processing Unit (CPU), a controller, a microcontroller, and a microprocessor. It is understood that the electronic device implementing the above-mentioned processor function may be other electronic devices, and the embodiments of the present application are not particularly limited.

The computer storage medium/Memory may be a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read Only Memory (EPROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a magnetic Random Access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical Disc, or a Compact Disc Read-Only Memory (CD-ROM), and the like; and may be various electronic devices such as mobile phones, computers, tablet devices, personal digital assistants, etc., including one or any combination of the above-mentioned memories.

Here, it should be noted that: the above description of the storage medium and device embodiments is similar to the description of the method embodiments above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the embodiments of the storage medium and apparatus of the present application, reference is made to the description of the embodiments of the method of the present application for understanding.

It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application. The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units; can be located in one place or distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiments of the present application.

In addition, all functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.

Alternatively, the integrated units described above in the present application may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as independent products. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing an automatic test line of a device to perform all or part of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a removable storage device, a ROM, a magnetic or optical disk, or other various media that can store program code.

The methods disclosed in the several method embodiments provided in the present application may be combined arbitrarily without conflict to obtain new method embodiments.

The features disclosed in the several method or apparatus embodiments provided in the present application may be combined arbitrarily, without conflict, to arrive at new method embodiments or apparatus embodiments.

The above description is only for the embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.