CN108647262B - Picture management method and device, computer equipment and storage medium - Google Patents

Picture management method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN108647262B
CN108647262B CN201810394760.3A CN201810394760A CN108647262B CN 108647262 B CN108647262 B CN 108647262B CN 201810394760 A CN201810394760 A CN 201810394760A CN 108647262 B CN108647262 B CN 108647262B
Authority
CN
China
Prior art keywords
file
picture
key
encrypted
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810394760.3A
Other languages
Chinese (zh)
Other versions
CN108647262A (en
Inventor
蒋灵彬
黄伟星
宫林涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810394760.3A priority Critical patent/CN108647262B/en
Priority to PCT/CN2018/101845 priority patent/WO2019205366A1/en
Publication of CN108647262A publication Critical patent/CN108647262A/en
Application granted granted Critical
Publication of CN108647262B publication Critical patent/CN108647262B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The embodiment of the application discloses a picture management method and device, computer equipment and a storage medium. The method comprises the following steps: acquiring a picture; identifying whether the picture carries preset sensitive information or not; if the picture does not carry preset sensitive information, encrypting the picture based on a file encryption algorithm to obtain a corresponding encrypted file; and storing the encrypted file into a sample database. The method can reasonably manage the pictures applied to the aspects of face recognition algorithm and the like, improve the safety of picture management and reduce the risk of picture leakage.

Description

Picture management method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for managing pictures, a computer device, and a storage medium.
Background
Face recognition algorithms and the like generally require more than millions of sample pictures (hereinafter referred to as sample pictures) as positive and negative samples to perform algorithm training so as to improve the accuracy of recognition. At present, the management mode of the enterprise for the sample maps is to simply collect the sample maps in a map library, and when a certain algorithm training process needs to use the sample maps, the corresponding sample maps need to be manually screened out, and then the sample maps are packed and compressed to be transmitted to a terminal. However, in the current sample map management mode, leakage is easily caused in the processes of sample map storage, screening, transmission and the like, and potential safety hazards are caused to people in the sample maps.
Therefore, how to manage these patterns efficiently and safely becomes an urgent problem to be solved.
Disclosure of Invention
The application provides a picture management method, a picture management device, computer equipment and a storage medium, so as to improve the safety of picture management.
In a first aspect, the present application provides a picture management method, which includes:
acquiring a picture;
identifying whether the picture carries preset sensitive information or not;
if the preset sensitive information is not carried in the picture, encrypting the picture based on a file encryption algorithm to obtain a corresponding encrypted file;
and storing the encrypted file into a sample database.
In a second aspect, the present application provides a picture management apparatus, comprising:
an acquisition unit configured to acquire a picture;
the identification unit is used for identifying whether the picture carries preset sensitive information or not;
the encryption unit is used for encrypting the picture based on a file encryption algorithm to obtain a corresponding encrypted file if the preset sensitive information is not carried in the picture;
and the storage unit is used for storing the encrypted file into the sample map database.
In a third aspect, the present application further provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the picture management method provided in any one of the present applications when executing the computer program.
In a fourth aspect, the present application further provides a storage medium, wherein the storage medium stores a computer program, the computer program comprises program instructions, which when executed by a processor, cause the processor to execute any of the picture management methods provided in the present application.
The application provides a picture management method and device, computer equipment and a storage medium. The picture management method screens pictures which do not carry preset sensitive information by screening the pictures, encrypts the pictures based on a file encryption algorithm to obtain corresponding encrypted files, and stores the encrypted files in a sample map database. The picture management method comprises the steps of screening out pictures which do not carry preset sensitive information as pictures in aspects of face recognition algorithm and the like, and encrypting and storing the pictures so as to reduce the risk of picture leakage and improve the safety of picture storage.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a picture management method according to an embodiment of the present application;
FIG. 2 is a detailed schematic flow chart of a picture management method shown in FIG. 1;
FIG. 3 is a detailed schematic flow chart of a picture management method shown in FIG. 2;
FIG. 4 is another specific schematic flowchart of a picture management method shown in FIG. 2;
fig. 5 is a schematic flowchart of a picture management method according to an embodiment of the present application;
FIG. 6 is a schematic block diagram of a picture management apparatus according to an embodiment of the present application;
FIG. 7 is a block diagram of a picture management device shown in FIG. 6;
FIG. 8 is a block diagram of a picture management device shown in FIG. 7;
fig. 9 is a schematic block diagram of a picture management apparatus according to an embodiment of the present application;
fig. 10 is a schematic block diagram of a computer device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
Referring to fig. 1, fig. 1 is a schematic flowchart of a picture management method according to an embodiment of the present disclosure. The picture management method is applied to a server, for example, the server can be a server for managing and storing pictures. As shown in fig. 1, the picture management method includes steps S101 to S104.
And S101, acquiring a picture.
In this embodiment, a picture library is provided in the server, and the picture library is a database for storing various pictures. The server reads the picture from the picture library and performs step S102.
And S102, identifying whether the picture carries preset sensitive information.
Specifically, in an embodiment, whether preset sensitive information is carried in the picture may be recognized through an OCR image recognition technology. The preset sensitive information may be text information. For example, the preset sensitive information may be name, address, identification number, phone number, etc. related to privacy. In addition, the character type of the preset sensitive information is not limited to Chinese characters, English characters, numbers and the like.
When the server recognizes that the preset sensitive information is carried in the picture, in order to prevent the preset sensitive information from being leaked subsequently, the server may discard the picture in the picture library, that is, the picture is not used as a training sample of algorithms such as face recognition. When the server identifies that the picture does not carry the preset sensitive information, the picture can be used as a training sample of algorithms such as face identification, and the server executes the step S103.
For example, if the picture is an identity document photo of zhang san, the picture will tend to carry information such as a head portrait, a name, an identity card number, and the like of zhang san, the server can recognize that preset sensitive information exists in the picture through an OCR image recognition technology, and the server discards the picture in a picture library, that is, the picture is not used as a training sample of algorithms such as face recognition.
S103, if the preset sensitive information is not carried in the picture, encrypting the picture based on a file encryption algorithm to obtain a corresponding encrypted file.
In order to ensure the security of the picture, before the picture is stored, the picture needs to be encrypted to generate an encrypted file corresponding to the picture.
Specifically, in an embodiment, as shown in fig. 2, fig. 2 is a specific schematic flowchart of a picture management method shown in fig. 1. This step S103 includes steps S1031 and S1032.
And S1031, performing Base64 transcoding processing on the pictures to generate corresponding Base64 coded files.
First, the pictures are subjected to a Base64 transcoding process to convert the picture format to a Base64 encoded file. That is, the picture format is converted into a file containing character strings. After the Base64 encoded file corresponding to the picture is acquired, step S1032 is executed.
S1032, carrying out encryption processing on the Base64 encoded file based on a file encryption algorithm to generate an encrypted file.
In one embodiment, in order to improve the security of the encrypted file, the Base64 encoded file may be subjected to a double encryption process based on a file encryption algorithm to generate the encrypted file.
Specifically, as shown in fig. 3, fig. 3 is a specific schematic flowchart of a picture management method shown in fig. 2. The step S1032 specifically includes steps S1032a to S1032 c.
S1032a, generating an initial key, and encrypting the Base64 encoded file based on an AES encryption algorithm and the initial key to generate a primary encrypted file.
In one embodiment, the initial key may be a randomly dynamically generated key. Generally, a server processes a plurality of pictures, in order to improve the security level of the pictures and prevent the plurality of pictures from being decrypted by the same key, the initial key is a private key, that is, the initial keys of the plurality of pictures are different from each other, and the different initial keys are obtained by a random dynamic generation method.
Of course, in other embodiments, the initial key may also be a public key, that is, multiple pictures may share the same initial key. When the server serially or parallelly processes a plurality of pictures in batch, the initial key generated by processing each picture is the same.
After the initial key is generated, the Base64 encoded file is encrypted based on the AES encryption algorithm and the initial key, so that a primary encrypted file corresponding to the picture is generated, and the first re-encryption processing is completed.
S1032b, calculating a secondary key according to the initial key and a preset calculation rule.
Specifically, in an embodiment, calculating a secondary key according to the initial key and a preset calculation rule includes: acquiring current time information; converting the current time information into a corresponding time character string; encrypting the time string based on the AES encryption algorithm and the initial key to compute a secondary key.
And the current time information is the time information of the current picture processed by the server. For example, the current time information may be 2018.1.10.18.20.50.230, for example. And after converting the current time information into a corresponding time character string, encrypting the time character string by an AES encryption algorithm and an initial key so as to calculate a secondary key.
In order to improve the security of the encrypted file, the secondary key is a private key, that is, the secondary keys corresponding to each picture are different from each other. In order to ensure that the secondary key is a private key, when the initial key is a private key, the server can process a plurality of pictures in series or in parallel; when the initial key is a public key, the server needs to select the serial processing pictures to ensure that the current time information obtained by processing each picture is different, and further obtain different secondary keys. Of course, in other embodiments, the secondary key may also be a public key, which is not limited herein.
Specifically, in another embodiment, in order to improve the processing efficiency of the pictures, the server may process a plurality of pictures in parallel, but in this way, when the initial key is the public key, the current time information corresponding to the plurality of pictures is the same time information, and further, the generated secondary key is the public key, thereby reducing the security of the encrypted file.
In order to calculate the secondary key according to the initial key and a preset calculation rule under the condition that the initial key is a public key and the server processes a plurality of pictures in a parallel manner, the method comprises the following steps: numbering at least two Base64 encoded files which are currently processed in parallel; acquiring current time information; converting the current time information into a corresponding time character string, and converting a number corresponding to each Base64 encoded file into a corresponding number character string; and encrypting the time character string and the number character string based on the AES encryption algorithm and the initial key to calculate a secondary key corresponding to each Base64 encoded file.
For example, assuming that the server performs encryption processing on ten Base64 encoded files in parallel, in order to enable the secondary keys corresponding to each Base64 encoded file to be different from each other and improve the security level of the Base64 encoded files, the server firstly numbers the ten Base64 encoded files processed in batch currently, for example, the numbers are "001", "002" … … "010" in sequence. Then, the current time information is obtained, and the current time information and the corresponding numbers of the ten Base64 coding files are converted into corresponding character strings respectively. Specifically, the current time information is converted into a time character string, and the number corresponding to each Base64 encoded file is converted into a number character string. And encrypting the time character string and the number character string based on an AES encryption algorithm and an initial key to obtain a secondary key corresponding to each Base64 encoded file. Thus, although the current time information corresponding to the ten Base64 encoded files is the same, the last generated secondary key is still a private key due to the introduction of different numbers.
It is to be understood that, in other embodiments, the numbering may be replaced by other ones, as long as the function is equivalent to that of the numbering, and no particular limitation is imposed thereon.
S1032c, performing secondary encryption processing on the primary encrypted file based on a preset encryption algorithm and the secondary key to generate an encrypted file.
Specifically, in an embodiment, performing secondary encryption processing on the primary encrypted file based on a preset encryption algorithm and the secondary key to generate an encrypted file includes: performing digitalization processing on the character string in the primary encrypted file according to a first preset digit to generate a corresponding file array, and performing digitalization processing on the character string in the secondary key according to a second preset digit to generate a corresponding key array; and recombining the elements in the file array and the elements in the key array to generate the encrypted file.
For example, assuming that the first predetermined number of bits is 10 and the second predetermined number of bits is 1, the character string in the primary encrypted file is divided by taking 10 bits as a unit, and the character string formed by every 10 characters is used as an element of the file array. Similarly, the character string in the secondary key may be divided by taking 1 bit as a unit, and each character is used as an element of the key array. Then, the elements in the file array and the key array are enteredAnd (5) row recombination. For example, a plurality of elements in the file array are respectively represented as A1、A2、A3……AnA plurality of elements in the key array are respectively represented as B1、B2、B3……BnArranging the elements at the same position in the file array and the key array according to a certain sequence to form A1B1A2B2A3B3…AnBnThe file where the new character string is located is the encrypted file.
In some cases, the number of elements in the file array may be greater than the number of elements in the key array, and the redundant elements in the file array may be arranged in order after the new string, e.g., A1B1A2B2…AnBnAn+1An+ 2An+3An+4… are provided. In addition, the way of arranging the elements in the file array and the key array in a certain order is not limited to the above example, and other ways are also possible, such as A1A2B1A3A4B2A5A6B3…A2nBnAre arranged.
In addition, in other embodiments, only the Base64 encoded file generated in step S1031 may be subjected to one-time encryption processing to generate an encrypted file. Specifically, as shown in fig. 4, fig. 4 is another specific schematic flowchart of the picture management method shown in fig. 2. The step S1032 includes steps S1032d and S1032 e.
S1032d, generating an initial key.
Wherein the initial key may be a randomly dynamically generated key. In an embodiment, in order to improve the security level of the pictures and prevent multiple pictures from being decrypted by the same key, the initial key is a private key. Of course, in other embodiments, the initial key may also be a public key.
S1032e, carrying out encryption processing on the Base64 encoded file based on an AES encryption algorithm and the initial key to generate an encrypted file.
After the initial key is generated, the Base64 encoded file is encrypted based on the AES encryption algorithm and the initial key, and then the encrypted file is generated.
And S104, storing the encrypted file into a sample database.
In particular, in one embodiment, the encrypted files may be stored in the sample database based on distributed storage techniques. The sample graph database is used for storing and managing encrypted files corresponding to training sample graphs required by algorithms such as face recognition.
In the picture management method in the embodiment, the pictures which do not carry the preset sensitive information are screened out firstly and used as the pictures in the aspects of the face recognition algorithm and the like, and then the pictures are encrypted and stored, so that the risk of picture leakage is reduced, and the safety of picture storage is improved.
Referring to fig. 5, fig. 5 is a schematic flowchart of a picture management method according to an embodiment of the present disclosure. The picture management method is applied to a server, for example, the server can be a server for managing and storing pictures. As shown in fig. 5, the picture management method includes steps S201 to S216.
S201, obtaining a picture.
S202, identifying whether the picture carries preset sensitive information.
Specifically, in an embodiment, whether preset sensitive information is carried in the picture may be recognized through an OCR image recognition technology. The preset sensitive information may be text information, for example, the preset sensitive information may be a name, an address, an identification number, a phone number, and other information related to personal privacy. In addition, the character type of the preset sensitive information is not limited to Chinese characters, English, numbers and the like.
S203, if the preset sensitive information is not carried in the picture, encrypting the picture based on a file encryption algorithm to obtain a corresponding encrypted file.
In order to ensure the security of the picture, before the picture is stored, the picture needs to be encrypted to generate an encrypted file corresponding to the picture.
Specifically, in one embodiment, step S203 includes: performing Base64 transcoding processing on the pictures to generate corresponding Base64 coded files; and carrying out encryption processing on the Base64 encoded file based on a file encryption algorithm to generate an encrypted file.
Since the specific contents in steps S201, S202, and S203 have been described in detail in the foregoing embodiments, for the simplicity of the description, the details are not repeated herein.
And S204, acquiring the identification information of the picture.
In some cases, in order to improve the identification degree of the picture and facilitate the staff to search for the picture, the staff often names the picture in the modes of name, name plus identification number, etc., so that the name of the picture carries the preset sensitive information. If the picture leaks, illegal persons can acquire the preset sensitive information through the name of the picture. In order to avoid leakage of preset sensitive information through the identification information of the picture, the identification information of the picture needs to be acquired. The identification information of the picture may be, for example, a name of the picture.
S205, identifying whether the identification information of the picture carries the preset sensitive information.
Specifically, whether preset sensitive information is carried in the identification information of the picture can be recognized through an OCR image recognition technology.
When the identification information of the picture is identified to carry the preset sensitive information, in order to avoid leakage of the preset sensitive information, the server executes step S206. When it is recognized that the identification information of the picture does not carry the preset sensitive information, the server executes step S207.
S206, if the identification information of the picture carries the preset sensitive information, carrying out serialization processing on the identification information of the picture based on a serialization algorithm to obtain file identification information of an encrypted file corresponding to the picture.
When the identification information of the picture carries the preset sensitive information, the identification information of the picture can be serialized through a serialization algorithm to obtain file identification information of an encrypted file corresponding to the picture, and step S208 is executed. It can be understood that the file identification information of the encrypted file corresponding to the picture will not carry the preset sensitive information.
For example, the identification information of the picture is "Zhang III 11010219880272314", i.e. the identification information of the picture is composed of a name and an identification number. After the processing of the serialization algorithm, the file identification information of the encrypted file corresponding to the picture may be, for example,/X00000000001001/a, "and the name and the identification number cannot be known from the file identification information of the encrypted file corresponding to the picture, thereby protecting the preset sensitive information.
S207, if the identification information of the picture does not carry the preset sensitive information, setting the identification information of the picture as file identification information of an encrypted file corresponding to the picture, and executing the step S208.
For example, the identification information of the picture is "picture 0010", the identification information of the picture does not carry preset sensitive information, and the file identification information of the encrypted file corresponding to the picture is set to be "picture 0010".
And S208, generating a file directory according to the file identification information of the encrypted file.
Specifically, the server generates an empty file directory and then writes the file identification information of the encrypted file into the file directory.
S209, obtaining the access authority information of the file directory, and setting the access authority of the file directory according to the access authority information.
In order to improve the security of the picture, the server acquires the access authority information set for the file directory by the user, and then sets the access authority of the file directory according to the access authority information. That is, in this embodiment, the user may set an access right for the file directory to exclude some illegal users from accessing the picture.
For example, the access rights information may be, for example, an access key 1534avrd, which only allows a user who has accurately entered the access key to have access to the encrypted file in the file directory. It is also equivalent to setting the access authority of each encrypted file in the file directory.
It should be noted that the sequence of step S201 to step S209 may be adjusted accordingly, and the sequence of each step is not limited to the sequence shown in fig. 5. For example, step S204 may be incorporated into step S201. For another example, step S205 and related steps may be performed before step S202, and so on.
S210, storing the encrypted files and the file directories into a sample database.
And after the encrypted file and the file directory corresponding to the picture are obtained, storing the encrypted file and the file directory in the sample database. The sample graph database is used for storing and managing data such as training sample graphs required by algorithms such as face recognition.
After step S210 is executed, the server may send the file directory to a legal end user, that is, send the file identification information corresponding to the encrypted file in the file directory to the legal end user, so that the legal end user may obtain the encrypted file from the server when needing to use a certain encrypted file or certain encrypted files.
S211, obtaining an access request sent by a terminal, wherein the access request comprises a transmission key, terminal user identity information and file identification information of a target file.
When a certain end-user needs to use a certain picture or pictures in the sample database, he can send an access request to the server. When the server receives the access request, the server may parse the access request to obtain information such as the transmission key, the terminal user identity information, and the file identification information of the target file.
The transmission key is a key which is randomly generated by the terminal and used for encrypting the transmission data in the data transmission process. The end user identity information may include information for verifying whether the end user has access rights.
S212, judging whether the transmission key is valid and whether the terminal user identity information is matched with the access authority information of the file directory.
In one embodiment, to ensure the security of the data during transmission, the server may first determine whether the transmission key is valid. In particular, the server may determine whether the transport key is first used and is within a valid use period. The transmission key carries time information when the terminal generates the transmission key, and the server can judge whether the transmission key is in the valid use period according to the time information in the transmission key. If the transmission key is judged to be used for the first time and is in the valid use period, the transmission key is judged to be valid. Otherwise, the transmission key is determined to be invalid.
After the transmission key is judged to be valid, the server judges whether the terminal user identity information is matched with the access authority information of the file directory, namely, whether the terminal user has the authority of accessing the file directory is determined. If the terminal user identity information matches the access right information of the file directory, it indicates that the terminal user is a valid user and can access the file directory, and then step S213 is executed.
It should be noted that the sequence of determining whether the transmission key is valid and determining whether the terminal user identity information matches the access right information by the server is not limited to the above sequence, and may also be determined whether the terminal user identity information matches the access right information first and then determine whether the transmission key is valid, which is not limited herein.
In addition, when the server determines that the transmission key is invalid or determines that the terminal user identity information does not match the access right information, step S214 is executed.
S213, if the transmission key is valid and the terminal user identity information is matched with the access authority information, decrypting the encrypted file corresponding to the identification information of the target file to obtain the target file.
The server obtains the corresponding encrypted file according to the identification information of the target file in the access request, then decrypts the encrypted file to obtain the target file, and executes step S215.
In an embodiment, when the data in the sample database is only used by a specific terminal, for example, the data in the sample database is only used by a terminal of a certain enterprise or only used by certain terminals in a certain enterprise, before decrypting the encrypted file corresponding to the identification information of the target file to obtain the target file, the method further includes: acquiring network address information of the terminal; judging whether the network address information is matched with preset network address information or not; and if the network address information is matched with the preset network address information, executing a step of decrypting the encrypted file corresponding to the identification information of the target file to obtain the target file. The network address information may be, for example, IP address information. By judging whether the network address information is matched with the preset network address information or not, other terminals outside the enterprise or other terminals in the enterprise can be excluded from using the sample graph database.
S214, if the transmission key is invalid or the terminal user identity information is not matched with the access authority information, ignoring the access request.
And when the transmission key is judged to be invalid or the terminal user identity information is not matched with the access authority information, ignoring the access request, thereby ensuring the security of the data information in the sample graph database and avoiding the encrypted file in the sample graph database from being leaked to an illegal user.
S215, the target file is encrypted based on the AES encryption algorithm and the transmission key to obtain an encrypted target file.
In order to ensure the security of the target file during transmission, in this embodiment, the server may perform encryption processing on the target file based on the AES encryption algorithm and the transmission key to obtain an encrypted target file.
S216, sending the encrypted target file to the terminal, so that the terminal decrypts the encrypted target file according to the transmission key to obtain the target file.
And the server sends the encrypted target file to the terminal. Therefore, after the terminal receives the encrypted target file, the encrypted target file can be decrypted according to the transmission key, and the target file is obtained.
The picture management method in the embodiment can screen out pictures which do not carry preset sensitive information as pictures in aspects of face recognition algorithm and the like, and encrypt and store the pictures and the identification information of the pictures, so that the risk of sensitive information leakage caused by the leakage of the pictures or the identification information of the pictures is reduced, and the safety of picture storage is improved. In addition, according to the picture management method, when the server provides some pictures for the terminal, the server needs to correspondingly judge the transmission key and the terminal user identity information sent by the terminal, and after the judgment is passed, the server encrypts the required target file and transmits the encrypted target file to the terminal, so that the whole process does not need manual repeated operation, the data extraction efficiency is improved, the time is saved, and meanwhile, the safety of data transmission is ensured.
The embodiment of the application also provides a picture management device, and the picture management device is used for executing any one of the picture management methods. Specifically, please refer to fig. 6, wherein fig. 6 is a schematic block diagram of an image management apparatus according to an embodiment of the present disclosure. The picture management apparatus 300 may be installed in a server, for example, the server may be a server for managing and storing pictures.
As shown in fig. 6, the picture management apparatus 300 includes an acquisition unit 301, an identification unit 302, an encryption unit 303, and a storage unit 304.
An acquiring unit 301 configured to acquire a picture.
An identifying unit 302, configured to identify whether the picture carries preset sensitive information.
Specifically, in an embodiment, the identifying unit 302 identifies whether the picture carries preset sensitive information through an OCR image recognition technology. The preset sensitive information may be text information. For example, the preset sensitive information may be name, address, identification number, phone number, etc. related to privacy. In addition, the character type of the preset sensitive information is not limited to Chinese characters, English characters, numbers and the like.
An encrypting unit 303, configured to encrypt the picture based on a file encryption algorithm to obtain a corresponding encrypted file if the preset sensitive information is not carried in the picture.
Specifically, in an embodiment, as shown in fig. 7, fig. 7 is a specific schematic block diagram of a picture management device shown in fig. 6. The encryption unit 303 includes a transcoding unit 3031 and a file encryption unit 3032.
And the transcoding unit 3031 is used for performing Base64 transcoding processing on the pictures to generate corresponding Base64 coded files.
A file encryption unit 3032, configured to encrypt the Base64 encoded file based on a file encryption algorithm to generate an encrypted file.
Specifically, in an embodiment, as shown in fig. 8, fig. 8 is a specific schematic block diagram of a picture management device shown in fig. 7. The file encryption unit 3032 includes a generation sub-unit 30321, a key calculation sub-unit 30322, and a file encryption sub-unit 30323.
The generating sub-unit 30321 is used for generating an initial key and encrypting the Base64 encoded file based on an AES encryption algorithm and the initial key to generate a primary encrypted file.
And the key calculation subunit 30322 is configured to calculate a secondary key according to the initial key and according to a preset calculation rule.
Specifically, in an embodiment, the key calculation subunit 30322 is specifically configured to obtain current time information; converting the current time information into a corresponding time character string; and encrypting the time string based on the AES encryption algorithm and the initial key to compute a secondary key.
Specifically, in another embodiment, in order that the secondary key is still a private key in the case where the initial key is a public key and the picture management device 300 processes a plurality of pictures in parallel, at this time, the key calculation subunit 30322 is specifically configured to number at least two Base64 encoded files that are currently processed in parallel; acquiring current time information; converting the current time information into a corresponding time character string, and converting a number corresponding to each Base64 encoded file into a corresponding number character string; and encrypting the time character string and the number character string based on the AES encryption algorithm and the initial key to calculate a secondary key corresponding to each Base64 encoded file.
And a file encryption sub-unit 30323, configured to perform secondary encryption processing on the primary encrypted file based on a preset encryption algorithm and the secondary key to generate an encrypted file.
Specifically, the file encryption subunit 30323 is configured to perform grouping processing on the character string in the primary encrypted file according to a first preset number of bits to generate a corresponding file array, and perform grouping processing on the character string in the secondary key according to a second preset number of bits to generate a corresponding key array; and recombining the elements in the file array and the elements in the key array to generate an encrypted file.
In addition, in other embodiments, the file encryption unit 3032 may perform only one encryption process on the generated Base64 encoded file to generate an encrypted file. Specifically, the file encryption unit 3032 is configured to: generating an initial key; and encrypting the Base64 encoded file based on an AES encryption algorithm and the initial key to generate an encrypted file.
A storage unit 304, configured to store the encrypted file in a sample map database.
In particular, in an embodiment, the storage unit 304 may store the encrypted file into the sample database based on a distributed storage technique.
It should be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the picture management apparatus 300 and each unit described above may refer to corresponding processes in the foregoing picture management method embodiments, and are not described herein again.
In the image management device 300 in this embodiment, the images that do not carry the preset sensitive information are first screened out to be used as the images in the aspects of the face recognition algorithm and the like, and then the images are encrypted and stored, so that the risk of image leakage is reduced, and the safety of image storage is improved.
Referring to fig. 9, fig. 9 is a schematic block diagram of a picture management apparatus according to an embodiment of the present disclosure. The picture management apparatus 400 is installed in a server, for example, the server may be a server for managing and storing pictures. As shown in fig. 9, this picture management apparatus 400 includes an acquisition unit 401, a recognition unit 402, an encryption unit 403, an identification acquisition unit 404, an information recognition unit 405, a serialization processing unit 406, an identification setting unit 407, a directory generation unit 408, a setting unit 409, a storage unit 410, a request acquisition unit 411, a judgment unit 412, a decryption unit 413, a target file encryption unit 414, and a transmission unit 415.
An obtaining unit 401 is configured to obtain a picture.
An identifying unit 402, configured to identify whether the picture carries preset sensitive information.
Specifically, in an embodiment, the identifying unit 402 identifies whether the picture carries preset sensitive information through an OCR image recognition technology. The preset sensitive information may be text information. For example, the preset sensitive information may be name, address, identification number, phone number, etc. related to privacy. In addition, the character type of the preset sensitive information is not limited to Chinese characters, English characters, numbers and the like.
An encrypting unit 403, configured to encrypt the picture based on a file encryption algorithm to obtain a corresponding encrypted file if the preset sensitive information is not carried in the picture.
Specifically, in an embodiment, the encryption unit 403 is configured to perform Base64 transcoding processing on the pictures to generate corresponding Base64 encoded files; and carrying out encryption processing on the Base64 encoded file based on a file encryption algorithm to generate an encrypted file.
An identification obtaining unit 404, configured to obtain identification information of the picture.
An information identifying unit 405, configured to identify whether the identification information of the picture carries the preset sensitive information.
Specifically, the information recognition unit 405 may recognize whether the identification information of the picture carries preset sensitive information through an OCR image recognition technology.
A serialization processing unit 406, configured to, if the identification information of the picture carries the preset sensitive information, perform serialization processing on the identification information of the picture based on a serialization algorithm to obtain file identification information of an encrypted file corresponding to the picture.
An identifier setting unit 407, configured to set, if the identifier information of the picture does not carry the preset sensitive information, the identifier information of the picture as file identifier information of an encrypted file corresponding to the picture.
A directory generating unit 408, configured to generate a file directory according to the file identification information of the encrypted file.
The setting unit 409 is configured to obtain access right information of the file directory, and set an access right of the file directory according to the access right information.
The storage unit 410 is configured to store the encrypted files and the file directories in the sample database.
The request obtaining unit 411 is configured to obtain an access request sent by a terminal, where the access request includes a transmission key, terminal user identity information, and file identification information of a target file.
The transmission key is a key which is randomly generated by the terminal and used for encrypting the transmission data in the data transmission process. The end user identity information may include information for verifying whether the end user has access rights.
A determining unit 412, configured to determine whether the transmission key is valid and whether the end user identity information matches the access right information of the file directory.
When the determining unit 412 determines that the transmission key is invalid or determines that the end user identity information does not match the access right information, the determining unit 412 ignores the access request.
When the judging unit 412 judges that the transmission key is valid and the end user identification information matches the access right information, the judging unit 412 sends a signal to the decrypting unit 413 to cause the decrypting unit 413 to perform a corresponding operation.
A decryption unit 413, configured to decrypt the encrypted file corresponding to the identification information of the target file to obtain the target file if the transmission key is valid and the terminal user identity information matches the access right information.
In an embodiment, the decryption unit 413 is further configured to obtain the network address information of the terminal before decrypting the encrypted file corresponding to the identification information of the target file to obtain the target file; judging whether the network address information is matched with preset network address information or not; and if the network address information is matched with the preset network address information, executing the operation of decrypting the encrypted file corresponding to the identification information of the target file to obtain the target file.
And the target file encryption unit 414 is configured to encrypt the target file based on the AES encryption algorithm and the transmission key to obtain an encrypted target file.
A sending unit 415, configured to send the encrypted target file to the terminal, so that the terminal decrypts the encrypted target file according to the transmission key to obtain the target file.
It should be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the picture management apparatus 400 and each unit described above may refer to corresponding processes in the foregoing picture management method embodiment, and are not described herein again.
The picture management device 400 in this embodiment can screen out pictures that do not carry preset sensitive information as pictures in aspects such as a face recognition algorithm, and encrypt and store the pictures and the identification information of the pictures, so as to reduce the risk of sensitive information leakage caused by leakage of the pictures or the identification information of the pictures, and improve the safety of picture storage. In addition, when the picture management device 400 provides some pictures for the terminal, the transmission key and the terminal user identity information sent by the terminal need to be correspondingly judged, after the judgment is passed, the required target file is encrypted and transmitted to the terminal, the whole process does not need manual repetitive operation, the data extraction efficiency is improved, the time is saved, and meanwhile, the safety of data transmission is ensured.
The above-described picture management apparatus may be implemented in the form of a computer program that can be run on a computer device as shown in fig. 10.
Referring to fig. 10, fig. 10 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 500 may be a server.
Referring to fig. 10, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032 comprises program instructions that, when executed, cause the processor 502 to perform a picture management method.
The processor 502 is used to provide computing and control capabilities that support the operation of the overall computer device 500.
The internal memory 504 provides an environment for the operation of the computer program 5032 in the non-volatile storage medium 503, and when the computer program 5032 is executed by the processor 502, the processor 502 can be enabled to execute a picture management method.
The network interface 505 is used for network communication such as sending assigned tasks and the like. Those skilled in the art will appreciate that the configuration shown in fig. 10 is a block diagram of only a portion of the configuration relevant to the present teachings and is not intended to limit the computing device 500 to which the present teachings may be applied, and that a particular computing device 500 may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
Wherein the processor 502 is configured to run the computer program 5032 stored in the memory to implement the following functions: acquiring a picture; identifying whether the picture carries preset sensitive information or not; if the preset sensitive information is not carried in the picture, encrypting the picture based on a file encryption algorithm to obtain a corresponding encrypted file; and storing the encrypted file into a sample database.
In an embodiment, when the processor 502 performs an encryption process on the picture based on a file encryption algorithm to obtain a corresponding encrypted file, the following functions are specifically implemented: performing Base64 transcoding processing on the pictures to generate corresponding Base64 coded files; and carrying out encryption processing on the Base64 encoded file based on a file encryption algorithm to generate an encrypted file.
In one embodiment, when the processor 502 executes the encryption processing on the Base64 encoded file based on the file encryption algorithm to generate the encrypted file, the following functions are specifically implemented: generating an initial key, and encrypting the Base64 encoded file based on an AES encryption algorithm and the initial key to generate a primary encrypted file; calculating a secondary key according to the initial key and a preset calculation rule; and performing secondary encryption processing on the primary encrypted file based on a preset encryption algorithm and the secondary key to generate an encrypted file.
In an embodiment, when the processor 502 calculates the secondary key according to the initial key and the preset calculation rule, the following functions are specifically implemented: acquiring current time information; converting the current time information into a corresponding time character string; encrypting the time string based on the AES encryption algorithm and the initial key to compute a secondary key.
In an embodiment, when the processor 502 performs the secondary encryption processing on the primary encrypted file based on the preset encryption algorithm and the secondary key to generate the encrypted file, the following functions are specifically implemented: performing digitalization processing on the character string in the primary encrypted file according to a first preset digit to generate a corresponding file array, and performing digitalization processing on the character string in the secondary key according to a second preset digit to generate a corresponding key array; and recombining the elements in the file array and the elements in the key array to generate the encrypted file.
In one embodiment, the processor 502 further performs the following functions before executing the step of storing the encrypted file in the sample database: acquiring identification information of the picture; identifying whether the identification information of the picture carries the preset sensitive information or not; if the identification information of the picture carries the preset sensitive information, carrying out serialization processing on the identification information of the picture based on a serialization algorithm to obtain file identification information of an encrypted file corresponding to the picture; generating a file directory according to the file identification information of the encrypted file; and acquiring the access authority information of the file directory, and setting the access authority of the file directory according to the access authority information.
Correspondingly, when the processor 502 stores the encrypted file in the sample map database, the following functions are specifically implemented: and storing the encrypted files and the file directories into a sample database.
In one embodiment, the processor 502, after executing the step of storing the encrypted files and file directories in the sample database, further implements the following functions: acquiring an access request sent by a terminal, wherein the access request comprises a transmission key, terminal user identity information and file identification information of a target file; judging whether the transmission key is valid or not and whether the terminal user identity information is matched with the access authority information of the file directory or not; if the transmission key is valid and the terminal user identity information is matched with the access authority information, decrypting the encrypted file corresponding to the identification information of the target file to obtain the target file; encrypting the target file based on an AES encryption algorithm and the transmission key to obtain an encrypted target file; and sending the encrypted target file to the terminal so that the terminal decrypts the encrypted target file according to the transmission key to acquire the target file.
It should be understood that in the embodiment of the present Application, the Processor 502 may be a Central Processing Unit (CPU), and the Processor 502 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
In another embodiment of the present application, a storage medium is provided. The storage medium may be a computer-readable storage medium. The storage medium stores a computer program, wherein the computer program comprises program instructions. The program instructions, when executed by the processor, cause the processor to perform the following: acquiring a picture; identifying whether the picture carries preset sensitive information or not; if the preset sensitive information is not carried in the picture, encrypting the picture based on a file encryption algorithm to obtain a corresponding encrypted file; and storing the encrypted file into a sample database.
In an embodiment, when the program instruction is executed by the processor to perform encryption processing on the picture based on a file encryption algorithm to obtain a corresponding encrypted file, the following program is specifically executed: performing Base64 transcoding processing on the pictures to generate corresponding Base64 coded files; and carrying out encryption processing on the Base64 encoded file based on a file encryption algorithm to generate an encrypted file.
In one embodiment, when the program instructions are executed by the processor to encrypt the Base64 encoded file based on the file encryption algorithm to generate an encrypted file, the following specific procedures are executed: generating an initial key, and encrypting the Base64 encoded file based on an AES encryption algorithm and the initial key to generate a primary encrypted file; calculating a secondary key according to the initial key and a preset calculation rule; and performing secondary encryption processing on the primary encrypted file based on a preset encryption algorithm and the secondary key to generate an encrypted file.
In an embodiment, when the program instruction is executed by the processor to calculate the secondary key according to the initial key and the preset calculation rule, the following program is specifically executed: acquiring current time information; converting the current time information into a corresponding time character string; encrypting the time string based on the AES encryption algorithm and the initial key to compute a secondary key.
In an embodiment, when the program instruction is executed by the processor to perform secondary encryption processing on the primary encrypted file based on a preset encryption algorithm and the secondary key to generate an encrypted file, the following specific program is executed: performing digitalization processing on the character string in the primary encrypted file according to a first preset digit to generate a corresponding file array, and performing digitalization processing on the character string in the secondary key according to a second preset digit to generate a corresponding key array; and recombining the elements in the file array and the elements in the key array to generate the encrypted file.
In one embodiment, before the program instructions are executed by the processor to store the encrypted file in the sample database, the following program is further executed: acquiring identification information of the picture; identifying whether the identification information of the picture carries the preset sensitive information or not; if the identification information of the picture carries the preset sensitive information, carrying out serialization processing on the identification information of the picture based on a serialization algorithm to obtain file identification information of an encrypted file corresponding to the picture; generating a file directory according to the file identification information of the encrypted file; and acquiring the access authority information of the file directory, and setting the access authority of the file directory according to the access authority information.
Correspondingly, when the program instruction is executed by the processor to store the encrypted file in the sample database, the following program is specifically executed: and storing the encrypted files and the file directories into a sample database.
In one embodiment, after the program instructions are executed by the processor to store the encrypted files and file directories in the sample database, the program instructions further execute the following program: acquiring an access request sent by a terminal, wherein the access request comprises a transmission key, terminal user identity information and file identification information of a target file; judging whether the transmission key is valid or not and whether the terminal user identity information is matched with the access authority information of the file directory or not; if the transmission key is valid and the terminal user identity information is matched with the access authority information, decrypting the encrypted file corresponding to the identification information of the target file to obtain the target file; encrypting the target file based on an AES encryption algorithm and the transmission key to obtain an encrypted target file; and sending the encrypted target file to the terminal so that the terminal decrypts the encrypted target file according to the transmission key to acquire the target file.
The storage medium may be various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, various elements or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented.
The steps in the method of the embodiment of the application can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the application can be combined, divided and deleted according to actual needs. In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a storage medium. Based on such understanding, the technical solution of the present application may be substantially or partially implemented in the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a terminal, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application.
While the invention has been described with reference to specific embodiments, the scope of the invention is not limited thereto, and those skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (7)

1. A picture management method, comprising:
acquiring a picture;
identifying whether the picture carries preset sensitive information or not;
if the preset sensitive information is not carried in the picture, encrypting the picture based on a file encryption algorithm to obtain a corresponding encrypted file;
storing the encrypted file into a sample database;
if the preset sensitive information is carried in the picture, the picture is reserved in an initial preset picture library;
the encrypting the picture based on the file encryption algorithm to obtain a corresponding encrypted file comprises the following steps:
performing Base64 transcoding processing on the pictures to generate corresponding Base64 coded files; and
encrypting the Base64 encoded file based on a file encryption algorithm to generate an encrypted file;
the file encryption algorithm-based encryption processing of the Base64 encoded file to generate an encrypted file comprises the following steps:
generating an initial key, and encrypting the Base64 encoded file based on an AES encryption algorithm and the initial key to generate a primary encrypted file;
calculating a secondary key according to the initial key and a preset calculation rule; and
performing secondary encryption processing on the primary encrypted file based on a preset encryption algorithm and the secondary key to generate an encrypted file;
the calculating a secondary key according to the initial key and a preset calculation rule comprises:
acquiring current time information;
converting the current time information into a corresponding time character string; and
encrypting the time string based on the AES encryption algorithm and the initial key to calculate a secondary key;
wherein, before the step of encrypting the time string based on the AES encryption algorithm and the initial key to calculate a secondary key, the method further comprises:
numbering at least two Base64 encoded files which are currently processed in parallel;
converting the number corresponding to each Base64 encoding file into a corresponding number character string;
the step of encrypting the time string based on the AES encryption algorithm and the initial key to compute a secondary key comprises:
and encrypting the time character string and the number character string based on the AES encryption algorithm and the initial key to calculate a secondary key corresponding to each Base64 encoded file.
2. The picture management method according to claim 1, wherein the performing of the secondary encryption processing on the primary encrypted file based on the preset encryption algorithm and the secondary key to generate an encrypted file comprises:
performing digitalization processing on the character string in the primary encrypted file according to a first preset digit to generate a corresponding file array, and performing digitalization processing on the character string in the secondary key according to a second preset digit to generate a corresponding key array; and
and recombining the elements in the file array and the elements in the key array to generate the encrypted file.
3. The method for managing pictures according to claim 1, further comprising, before said storing said encrypted file in a sample database:
acquiring identification information of the picture;
identifying whether the identification information of the picture carries the preset sensitive information or not;
if the identification information of the picture carries the preset sensitive information, carrying out serialization processing on the identification information of the picture based on a serialization algorithm to obtain file identification information of an encrypted file corresponding to the picture;
generating a file directory according to the file identification information of the encrypted file; and
acquiring access authority information of the file directory, and setting the access authority of the file directory according to the access authority information;
the storing the encrypted file into a sample graph database includes: and storing the encrypted files and the file directories into a sample database.
4. The method for managing pictures according to claim 3, further comprising, after said storing said encrypted files and file directories in a sample database:
acquiring an access request sent by a terminal, wherein the access request comprises a transmission key, terminal user identity information and file identification information of a target file;
judging whether the transmission key is valid or not and whether the terminal user identity information is matched with the access authority information of the file directory or not;
if the transmission key is valid and the terminal user identity information is matched with the access authority information, decrypting the encrypted file corresponding to the identification information of the target file to obtain the target file;
encrypting the target file based on an AES encryption algorithm and the transmission key to obtain an encrypted target file; and
and sending the encrypted target file to the terminal so that the terminal decrypts the encrypted target file according to the transmission key to acquire the target file.
5. A picture management apparatus, comprising:
an acquisition unit configured to acquire a picture;
the identification unit is used for identifying whether the picture carries preset sensitive information or not;
the encryption unit is used for encrypting the picture based on a file encryption algorithm to obtain a corresponding encrypted file if the preset sensitive information is not carried in the picture;
the storage unit is used for storing the encrypted file into the sample map database;
the storage unit is used for storing the picture in an initial preset picture library if the preset sensitive information is carried in the picture;
wherein the encryption unit includes:
the transcoding unit is used for performing Base64 transcoding processing on the pictures to generate corresponding Base64 coded files;
the file encryption unit is used for carrying out encryption processing on the Base64 encoded file based on a file encryption algorithm to generate an encrypted file;
the file encryption unit includes:
the generation subunit is used for generating an initial key and encrypting the Base64 encoded file based on an AES encryption algorithm and the initial key to generate a primary encrypted file;
the key calculation subunit is used for calculating a secondary key according to the initial key and a preset calculation rule;
the file encryption subunit is used for carrying out secondary encryption processing on the primary encrypted file based on a preset encryption algorithm and the secondary key so as to generate an encrypted file;
the key calculation subunit is specifically configured to: numbering at least two Base64 encoded files which are currently processed in parallel; acquiring current time information; converting the current time information into a corresponding time character string, and converting a number corresponding to each Base64 encoded file into a corresponding number character string; and encrypting the time character string and the number character string based on the AES encryption algorithm and the initial key to calculate a secondary key corresponding to each Base64 encoded file.
6. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the picture management method according to any of claims 1 to 4 when executing the computer program.
7. A storage medium, characterized in that the storage medium stores a computer program comprising program instructions that, when executed by a processor, cause the processor to perform the picture management method according to any one of claims 1-4.
CN201810394760.3A 2018-04-27 2018-04-27 Picture management method and device, computer equipment and storage medium Active CN108647262B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810394760.3A CN108647262B (en) 2018-04-27 2018-04-27 Picture management method and device, computer equipment and storage medium
PCT/CN2018/101845 WO2019205366A1 (en) 2018-04-27 2018-08-23 Picture management method and apparatus, computer device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810394760.3A CN108647262B (en) 2018-04-27 2018-04-27 Picture management method and device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN108647262A CN108647262A (en) 2018-10-12
CN108647262B true CN108647262B (en) 2021-03-09

Family

ID=63747943

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810394760.3A Active CN108647262B (en) 2018-04-27 2018-04-27 Picture management method and device, computer equipment and storage medium

Country Status (2)

Country Link
CN (1) CN108647262B (en)
WO (1) WO2019205366A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109067814B (en) * 2018-10-31 2021-04-20 苏州科达科技股份有限公司 Media data encryption method, system, device and storage medium
CN111259407A (en) * 2018-12-03 2020-06-09 珠海格力电器股份有限公司 Picture processing method and device, storage medium and terminal
CN109784067A (en) * 2018-12-15 2019-05-21 平安科技(深圳)有限公司 Picture management method, device, electronic equipment and storage medium
CN111428261A (en) * 2020-02-26 2020-07-17 深圳壹账通智能科技有限公司 Photo information processing method, device, equipment and medium
CN111967033B (en) * 2020-08-28 2024-04-05 深圳康佳电子科技有限公司 Picture encryption method and device based on face recognition, terminal and storage medium
CN112788012B (en) * 2020-12-30 2023-07-25 深圳市欢太科技有限公司 Log file encryption method and device, storage medium and electronic equipment
CN113810484A (en) * 2021-09-10 2021-12-17 深圳云之家网络有限公司 File request processing method and device, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3715081A1 (en) * 1987-05-06 1988-11-17 Siemens Ag Method for encrypting digital video signals
CN104270800A (en) * 2014-08-14 2015-01-07 平安科技(深圳)有限公司 Method and system for establishing communication connection with terminal
CN105205376A (en) * 2015-09-23 2015-12-30 南京奇幻通信科技有限公司 Method for logging into intelligent application through fingerprints based on Android system
CN105631354A (en) * 2014-11-26 2016-06-01 Ncr公司 Secure image processing
CN107590465A (en) * 2017-09-14 2018-01-16 维沃移动通信有限公司 A kind of image processing method and mobile terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102684877B (en) * 2012-03-31 2016-03-30 北京奇虎科技有限公司 A kind of method and device carrying out user profile process
CN103942469A (en) * 2014-04-14 2014-07-23 小米科技有限责任公司 Picture processing method, device and terminal
CN107465513A (en) * 2017-08-09 2017-12-12 西南大学 A kind of file encrypting method and system based on recognition of face

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3715081A1 (en) * 1987-05-06 1988-11-17 Siemens Ag Method for encrypting digital video signals
CN104270800A (en) * 2014-08-14 2015-01-07 平安科技(深圳)有限公司 Method and system for establishing communication connection with terminal
CN105631354A (en) * 2014-11-26 2016-06-01 Ncr公司 Secure image processing
CN105205376A (en) * 2015-09-23 2015-12-30 南京奇幻通信科技有限公司 Method for logging into intelligent application through fingerprints based on Android system
CN107590465A (en) * 2017-09-14 2018-01-16 维沃移动通信有限公司 A kind of image processing method and mobile terminal

Also Published As

Publication number Publication date
CN108647262A (en) 2018-10-12
WO2019205366A1 (en) 2019-10-31

Similar Documents

Publication Publication Date Title
CN108647262B (en) Picture management method and device, computer equipment and storage medium
KR101888903B1 (en) Methods and apparatus for migrating keys
WO2021114614A1 (en) Application program secure startup method and apparatus, computer device, and storage medium
CA2877082C (en) Secure password management systems, methods and apparatuses
EP3637674A1 (en) Computer system, secret information verification method, and computer
WO2022193620A1 (en) Encoding method and apparatus for network file protection, and decoding method and apparatus for network file protection
CN110851481A (en) Searchable encryption method, device, equipment and readable storage medium
WO2019120038A1 (en) Encrypted storage of data
CN115795538A (en) Desensitization document anti-desensitization method, apparatus, computer device and storage medium
CN115982761A (en) Sensitive information processing method and device, electronic equipment and storage medium
CN111404892A (en) Data supervision method and device and server
CN112860933B (en) Ciphertext image retrieval method, device, terminal equipment and storage medium
US11695740B2 (en) Anonymization method and apparatus, device, and storage medium
CN112069479B (en) Face data calling method and device based on block chain
US11451388B2 (en) Data extraction system, data extraction method, registration apparatus, and program
WO2019178981A1 (en) Password management method and device employing customized rules, terminal apparatus, and storage medium
CN115098877A (en) File encryption and decryption method and device, electronic equipment and medium
CN111475690B (en) Character string matching method and device, data detection method and server
CN114462088A (en) Method and device for de-identifying shared data
CN115935299A (en) Authorization control method, device, computer equipment and storage medium
CN111726320B (en) Data processing method, device and equipment
CN109729076B (en) Data desensitization and inverse desensitization method and device, storage medium and terminal
US9882879B1 (en) Using steganography to protect cryptographic information on a mobile device
CN115001833B (en) Login method and device
US20240107318A1 (en) A method and a system for securely sharing datasets via glyphs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant