CN113052045A - Method, apparatus, computing device and medium for recognizing finger vein image - Google Patents

Method, apparatus, computing device and medium for recognizing finger vein image Download PDF

Info

Publication number
CN113052045A
CN113052045A CN202110288238.9A CN202110288238A CN113052045A CN 113052045 A CN113052045 A CN 113052045A CN 202110288238 A CN202110288238 A CN 202110288238A CN 113052045 A CN113052045 A CN 113052045A
Authority
CN
China
Prior art keywords
finger vein
data
fragment data
image
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110288238.9A
Other languages
Chinese (zh)
Other versions
CN113052045B (en
Inventor
林晓锐
张锦元
沈超建
邓泳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110288238.9A priority Critical patent/CN113052045B/en
Publication of CN113052045A publication Critical patent/CN113052045A/en
Application granted granted Critical
Publication of CN113052045B publication Critical patent/CN113052045B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/40Spoof detection, e.g. liveness detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/14Vascular patterns

Abstract

The present disclosure provides a method for recognizing finger vein images, which can be used in information security or other fields. The method comprises the following steps: acquiring a finger vein image to be identified; extracting finger vein feature data from a finger vein image to be identified through a finger vein feature extraction algorithm; determining a plurality of fragment data according to the finger vein feature data; encrypting the plurality of fragment data to obtain a plurality of ciphertext fragment data; sending the plurality of ciphertext fragment data to the server-side equipment so that the server-side equipment generates an identification result aiming at the finger vein image to be identified according to the plurality of ciphertext fragment data; and receiving the identification result from the server device. The present disclosure also provides an apparatus for recognizing a finger vein image, another method of recognizing a finger vein image, another apparatus for recognizing a finger vein image, a computing device, a computer storage medium, and a computer program product.

Description

Method, apparatus, computing device and medium for recognizing finger vein image
Technical Field
The present disclosure relates to the field of information security, and more particularly, to a method, an apparatus, a computing device, a computer storage medium, and a computer program product for recognizing finger vein images.
Background
The finger vein recognition has the characteristics of high anti-counterfeiting performance, simplicity, convenience, easy use, quick recognition and high accuracy, and is one of the internationally recognized biological characteristics with uniqueness. After decades of development, the finger vein recognition technology is mature and applied in more and more industries. However, with the expansion of the application range of finger vein recognition technology, the number of finger vein feature data to be recognized and collected is increasing, and under the trend that the regulatory requirements are becoming stricter, how to ensure the privacy and security of the biometric data becomes a big problem. In particular to the industries with extremely high data privacy, such as finance and insurance, once finger vein feature data are lost, leaked or even used maliciously in the process of using the finger vein recognition technology in a cross-institution, and the like, the loss influence which is difficult to estimate can be caused.
Disclosure of Invention
One aspect of the present disclosure provides a method of recognizing a finger vein image, including: acquiring a finger vein image to be identified; extracting finger vein feature data from the finger vein image to be identified through a finger vein feature extraction algorithm; determining a plurality of fragment data according to the finger vein feature data; encrypting the plurality of fragment data to obtain a plurality of ciphertext fragment data; sending the plurality of ciphertext fragment data to server-side equipment so that the server-side equipment generates an identification result aiming at the finger vein image to be identified according to the plurality of ciphertext fragment data; and receiving the identification result from the server device.
Optionally, the extracting, by a finger vein feature extraction algorithm, finger vein feature data from the finger vein image to be recognized includes: determining a standardized image according to the finger vein image to be identified; and extracting the minutiae data in the standardized image according to a minutiae feature extraction algorithm to serve as the finger vein feature data.
Optionally, the determining a normalized image according to the finger vein image to be recognized includes: performing normalization processing on the finger vein image to be identified to obtain the normalized image, wherein the normalization processing comprises at least one of the following operations: median filtering and denoising, edge detection image region cutting, size and gray level normalization, histogram equalization image enhancement, gray level threshold value image segmentation and feature refinement.
Optionally, the plurality of sliced data includes a first sliced data and a second sliced data; the determining the plurality of sliced data according to the finger vein feature data includes: generating first sliced data with the same dimension as the finger vein feature data based on the finger vein feature data according to a random generation algorithm; and executing preset operation aiming at the finger vein feature data and the first fragment data to obtain second fragment data with the same dimension as the finger vein feature data.
Optionally, the generating, according to a random generation algorithm, first sliced data having the same dimension as the finger vein feature data based on the finger vein feature data includes: randomly determining target operation according to a random generation algorithm; and respectively executing the target operation aiming at each element in the finger vein characteristic data to obtain an operation result with the same dimensionality as the finger vein characteristic data, wherein the operation result is used as the first fragment data.
Optionally, the preset operation is a difference operation; the performing a preset operation on the finger vein feature data and the first fragment data to obtain second fragment data having the same dimension as the finger vein feature data includes: and calculating the difference between each element in the finger vein feature data and the element corresponding to the element in the first fragment data to obtain a plurality of difference values, wherein the difference values are used as the second fragment data.
Optionally, the ciphertext fragment data includes a first ciphertext fragment data and a second ciphertext fragment data; the encrypting the plurality of fragment data to obtain a plurality of ciphertext fragment data includes: and according to a second encryption algorithm, encrypting the second fragment data to obtain second ciphertext fragment data.
Optionally, the acquiring the finger vein image to be recognized includes: collecting an original finger vein image; performing living finger vein detection and/or image quality detection on the original finger vein image; and determining an original finger vein image detected by the finger vein living body detection and/or the image quality detection as the finger vein image to be identified.
Optionally, the method is applied to a client device.
Another aspect of the present disclosure provides a method of recognizing a finger vein image, including: receiving a plurality of ciphertext fragment data from client equipment, wherein each ciphertext fragment data in the ciphertext fragment data comprises feature information of a finger vein image to be identified; decrypting the plurality of ciphertext fragment data to obtain a plurality of fragment data; distributing the plurality of fragment data to a plurality of computing nodes so as to identify the plurality of fragment data through the plurality of computing nodes and obtain an identification result aiming at the finger vein image to be identified; and sending the recognition result to the client device.
Optionally, the ciphertext fragment data includes a first ciphertext fragment data and a second ciphertext fragment data; the decrypting the plurality of ciphertext fragment data to obtain a plurality of fragment data includes: and according to the second encryption algorithm, decrypting the second ciphertext fragment data to obtain second fragment data.
Optionally, the allocating the plurality of sliced data to a plurality of computing nodes to identify the plurality of sliced data through the plurality of computing nodes to obtain an identification result for the finger vein image to be identified includes: allocating a first compute node to the first sliced data and a second compute node to the second sliced data; acquiring the first fragment data through the first computing node, and computing a first similarity between the first fragment data and pre-stored finger vein features; acquiring the second fragment data through the second computing node, and computing a second similarity between the second fragment data and pre-stored finger vein features; and determining the recognition result according to the first similarity and the second similarity.
Optionally, the method further comprises: storing the first fragment data into a first data cache space and storing the second fragment data into a second data cache space, wherein the first data cache space and the second data cache space belong to different management domains; wherein the obtaining, by the first computing node, the first sliced data comprises: reading first fragment data in the first data cache space through the first computing node; the obtaining, by the second computing node, the second tile data comprises: and reading second fragment data in the second data cache space through the second computing node.
Optionally, the method is applied to a server device.
Another aspect of the present disclosure provides an apparatus for recognizing a finger vein image, including: the acquisition module is used for acquiring a finger vein image to be identified; the extraction module is used for extracting finger vein feature data from the finger vein image to be identified through a finger vein feature extraction algorithm; the fragmentation module is used for determining a plurality of fragmentation data according to the finger vein feature data; the encryption module is used for encrypting the plurality of fragment data to obtain a plurality of ciphertext fragment data; the sending module is used for sending the plurality of ciphertext fragment data to the server side equipment so that the server side equipment generates an identification result aiming at the finger vein image to be identified according to the plurality of ciphertext fragment data; and the first receiving module is used for receiving the identification result from the server-side equipment.
Another aspect of the present disclosure provides an apparatus for recognizing a finger vein image, including: the second receiving module is used for receiving a plurality of ciphertext fragment data from the client device, wherein each ciphertext fragment data in the ciphertext fragment data comprises the characteristic information of the finger vein image to be identified; the decryption module is used for decrypting the ciphertext fragment data to obtain fragment data; the identification module is used for distributing the fragment data to a plurality of computing nodes so as to identify the fragment data through the computing nodes and obtain an identification result aiming at the finger vein image to be identified; and the sending module is used for sending the identification result to the client equipment.
Another aspect of the disclosure provides a computing device comprising: one or more processors; storage means for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method as described above.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
According to the embodiment of the disclosure, the finger vein feature data of the finger vein image to be recognized is fragmented through the client device to obtain a plurality of fragment data, then the fragment data are encrypted, and a plurality of encrypted fragment data obtained after encryption are sent to the server device, so that the server device generates the recognition result aiming at the finger vein image to be recognized according to the ciphertext fragment data.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
fig. 1 schematically shows a system architecture of a method of identifying a finger vein image and an apparatus for identifying a finger vein image according to an embodiment of the present disclosure;
fig. 2 schematically shows a flow chart of a method of identifying a finger vein image according to an embodiment of the present disclosure;
FIG. 3 schematically shows a flow chart of a method of identifying images of finger veins according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart of a method of identifying images of finger veins according to another embodiment of the present disclosure;
fig. 5 schematically shows a block diagram of an apparatus for recognizing a finger vein image according to an embodiment of the present disclosure;
fig. 6 schematically shows a block diagram of an apparatus for recognizing a finger vein image according to another embodiment of the present disclosure;
FIG. 7 schematically illustrates a block diagram of an identification module according to an embodiment of the present disclosure; and
FIG. 8 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks. The techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable storage medium having instructions stored thereon for use by or in connection with an instruction execution system.
The disclosure provides a method and a device for identifying a finger vein image, which can realize privacy protection of inter-mechanism finger vein identification technology application and technically improve the safety and compliance of finger vein characteristic data.
Embodiments of the present disclosure provide a method of recognizing a finger vein image and an apparatus for recognizing a finger vein image to which the method can be applied. The method comprises the steps of obtaining a finger vein image to be identified; extracting finger vein feature data from a finger vein image to be identified through a finger vein feature extraction algorithm; determining a plurality of fragment data according to the finger vein feature data; encrypting the plurality of fragment data to obtain a plurality of ciphertext fragment data; sending the plurality of ciphertext fragment data to the server-side equipment so that the server-side equipment generates an identification result aiming at the finger vein image to be identified according to the plurality of ciphertext fragment data; and receiving the identification result from the server device.
The method and the device for recognizing the finger vein image according to the embodiment of the present disclosure may be used in the field of information security, and may also be used in any field other than information security.
Fig. 1 schematically shows a system architecture of a method of recognizing a finger vein image and an apparatus for recognizing a finger vein image according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a scenario in which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, but does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include a server device 110, a client device 120, and a network 130. Network 130 is the medium used to provide a communication link between client device 120 and server device 110. Network 130 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may use client device 120 to interact with server device 110 over network 130 to receive or send messages, etc. Client device 120 may have installed thereon a client application program such as an online banking client, a shopping-type application, a web browser application, a search-type application, an instant messaging tool, a mailbox client, social platform software, etc. (by way of example only).
Client device 120 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablets, laptop portable computers, desktop computers, and the like.
The server device 110 may be a server that provides various services, such as a back-office management server (for example only) that provides support for websites browsed by users using the client device 120. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device. The server device 110 may schedule a plurality of compute nodes, each of which may be used to identify feature information in the finger vein image. It should be noted that the computing node may be disposed in the server device 110, or may be disposed in other devices besides the server device 110 and capable of interacting with the server device 110, and this disclosure does not specifically limit this. For example, in the embodiment of the present disclosure, the server device 110 may be a server deployed in the cloud.
In the embodiment of the present disclosure, the client device 120 has, for example, a finger vein capture device 121, such as a near-infrared imaging device, for capturing a finger vein image. The client device 120 may drive the near-infrared imaging device 121 through a pre-installed SDK (software development kit) to complete finger vein image acquisition, complete random fragmentation processing and encryption processing of finger vein feature data through the finger vein feature extraction, data fragmentation and encryption functions integrated by the SDK, obtain a plurality of encrypted fragmentation data, and send the encrypted fragmentation data to the server device 110. After decrypting the received encrypted fragment data, the server device 110 allocates the decrypted fragment data to different computing nodes for identification, and obtains an identification result. The server device 110 then returns the recognition result to the client device 120.
According to an embodiment of the present disclosure, the client device 120 may act as a data owner and the server device 110 may act as a technical service provider. A finger vein recognition privacy computing service may be deployed in the server device 110 for invocation by a client program in the client device 120. The client program in the client device 120 may drive the video stream data acquired by the camera device, obtain the finger vein image, perform feature extraction, fragmentation and encryption processing, and then invoke the finger vein identification privacy calculation service of the server device 110 to complete decryption and fragmentation comparison processing, so as to implement the whole finger vein identification process, and ensure the privacy security of the finger vein information of the data owner.
It should be understood that the number of client devices, networks, and server devices in fig. 1 is merely illustrative. There may be any number of client devices, networks, and server devices, as desired for an implementation.
Fig. 2 schematically shows a flow chart of a method of identifying a finger vein image according to an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S210 to S260. The method of the embodiments of the present disclosure may be performed, for example, by a client device, which may be, for example, the client device 120 shown in fig. 1.
In operation S210, a finger vein image to be recognized is acquired.
According to an embodiment of the present disclosure, a client device has an imaging device, such as a near-infrared imaging device. Finger vein images of an object to be identified are acquired by an imaging device.
According to the embodiment of the disclosure, in order to improve the identification accuracy, the collected finger vein image can be subjected to finger vein living body detection and/or image quality detection, a finger vein image with poor effect is screened out according to the detection result, and an original finger vein image subjected to finger vein living body detection and/or image quality detection is determined as a finger vein image to be identified. The finger vein living body detection is used for detecting whether a finger vein image is collected from a living body object, if the finger vein image is detected to be collected from the living body object, the finger vein image passes through the living body object, and if the finger vein image is not detected to be collected from the living body object, the finger vein image does not pass through the living body object. The image quality detection is used for detecting the imaging effect of the finger vein image, if the imaging effect is determined to meet the preset requirement, the finger vein image passes through the image, otherwise, the finger vein image does not pass through the image, and therefore the image with poor imaging effect is screened out. More specifically, the preset requirements may include, for example, that the degree of shaking, angle, size, brightness, and the like of the finger vein image are within a preset range.
In operation S220, finger vein feature data is extracted from the finger vein image to be recognized through a finger vein feature extraction algorithm.
According to an embodiment of the present disclosure, the finger vein feature extraction algorithm may be, for example, a minutiae feature extraction algorithm (CN). The minutiae data in the standardized image of the finger vein image to be recognized can be extracted according to a minutiae feature extraction algorithm and used as the finger vein feature data.
According to the embodiment of the disclosure, in order to improve the effect of feature extraction, the finger vein image to be recognized may be subjected to normalization processing before feature extraction, so as to convert and segment a normalized image with finger vein features from the finger vein image. The normalization process may include, for example, median filtering denoising, edge detection image region cropping, size and grayscale normalization, histogram equalization image enhancement, grayscale threshold image segmentation, feature refinement, and the like.
In operation S230, a plurality of sliced data is determined according to the finger vein feature data.
According to the embodiment of the disclosure, the sliced data can be generated based on the finger vein feature data according to a random generation algorithm. Wherein, the number of the fragment data is at least two.
For example, in this embodiment, the fragmentation data may include a first fragmentation data and a second fragmentation data. First slice data may be generated based on the finger vein feature data according to a random generation algorithm, and then a preset operation may be performed on the finger vein feature data and the first slice data to obtain second slice data. Wherein, the finger vein feature data, the first slice data and the second slice data have the same dimension. The predetermined operation may be, for example, a difference operation. According to other embodiments of the present disclosure, the predetermined operation may also be addition, multiplication, division, and other operations.
More specifically, an operation may be randomly determined as a target operation according to a random generation algorithm, and then the target operation is performed for each element in the finger vein feature data, resulting in an operation result having the same dimension as the finger vein feature data as the first sliced data. And then calculating the difference between each element in the finger vein feature data and the element corresponding to the element in the first fragment data to obtain a plurality of difference values, wherein the difference values are used as the second fragment data.
For example, the finger vein feature data is as follows:
Figure BDA0002979906430000101
respectively comparing a with a when the target operation randomly determined according to the random generation algorithm is multiplied by 2 and then subtracted by 11、a2、a3And a4Performing the operation of multiplying by 2 and subtracting by 1 to obtain the first sliced data as follows:
Figure BDA0002979906430000102
then, the difference between each element in the finger vein feature data and the element corresponding to the element in the first slice data, that is, (2 a)1-1)-a1=a1-1,(2a2-1)-a2=a2-1 … … and so on, and the second slice data is obtained as follows:
Figure BDA0002979906430000103
those skilled in the art will appreciate that the above-described exemplary embodiments are only for understanding the present disclosure, and the present disclosure is not limited thereto.
According to the embodiment of the disclosure, because the fragment data is randomly generated based on the finger vein feature data, the finger vein feature data can be hidden while the data features of the finger vein feature data are kept, and the data security is further improved.
In operation S240, the plurality of sliced data are encrypted to obtain a plurality of ciphertext sliced data.
According to the embodiment of the disclosure, the first fragment data is encrypted according to a first encryption algorithm to obtain first ciphertext fragment data, and the first ciphertext fragment data and the second fragment data are encrypted according to a second encryption algorithm to obtain second ciphertext fragment data. The first encryption algorithm and the second encryption algorithm may be a symmetric encryption algorithm or an asymmetric encryption algorithm. The first encryption algorithm and the second encryption algorithm may be the same algorithm or different algorithms. Illustratively, in this embodiment, the first encryption algorithm and the second encryption algorithm are the same symmetric encryption algorithm, which may be, for example, the ZUC algorithm (ZUC algorithm) in compliance with the national cryptographic standard.
In operation S250, the plurality of ciphertext fragment data are sent to the server device, so that the server device generates an identification result for the finger vein image to be identified according to the plurality of ciphertext fragment data.
According to the embodiment of the disclosure, the client device can send the plurality of ciphertext fragment data to the server device, and the server device generates the identification result for the finger vein image to be identified according to the plurality of ciphertext fragment data.
In operation S260, the recognition result from the server device is received.
According to the embodiment of the disclosure, after the identification result generated by the server device, the generated identification result can be sent from the server device to the client device, and accordingly, the identification result from the server device can be received by the client device.
According to the embodiment of the disclosure, the finger vein feature data of the finger vein image to be recognized is segmented through the client device to obtain the plurality of segment data, then the plurality of segment data are encrypted, and the plurality of encrypted segment data obtained after encryption are sent to the server device, so that the server device generates the recognition result for the finger vein image to be recognized according to the plurality of encrypted segment data.
Fig. 3 schematically shows a flow chart of a method of identifying a finger vein image according to an embodiment of the present disclosure.
As shown in fig. 3, the method includes operations S310 to S340. The method of the embodiment of the present disclosure may be performed by a server device, for example, the server device may be the server device 110 shown in fig. 1.
In operation S310, a plurality of ciphertext fragment data is received from a client device.
According to the embodiment of the disclosure, each ciphertext fragment data in the received plurality of ciphertext fragment data contains the feature information of the finger vein image to be identified.
In operation S320, the plurality of ciphertext fragment data are decrypted to obtain a plurality of fragment data.
According to the embodiment of the disclosure, the first ciphertext fragment data may be decrypted according to a first encryption algorithm to obtain the first fragment data, and the second ciphertext fragment data may be decrypted according to a second encryption algorithm to obtain the second fragment data.
In operation S330, the plurality of patch data are distributed to a plurality of computing nodes, so that the plurality of patch data are identified by the plurality of computing nodes, and an identification result for the finger vein image to be identified is obtained.
According to embodiments of the present disclosure, a first compute node may be allocated for a first sliced data and a second compute node may be allocated for a second sliced data. Then, the first fragment data can be obtained through the first computing node, and the first similarity between the first fragment data and the pre-stored finger vein features is computed. And acquiring second fragment data through a second computing node, and computing a second similarity between the second fragment data and the pre-stored finger vein characteristics. And determining a recognition result according to the first similarity and the second similarity.
According to an embodiment of the present disclosure, the pre-stored finger vein features are pre-recorded finger vein features of the user. For example, in the present embodiment, the pre-stored finger vein features extracted in advance from the finger vein image entered by the user at the time of registration may be stored in the database.
For example, in this embodiment, when both the first similarity and the second similarity are greater than the similarity threshold, the recognition result is determined to be the feature coincidence, and when any one of the first similarity and the second similarity is less than or equal to the similarity threshold, the recognition result is determined to be the feature non-coincidence. The similarity threshold may be determined according to actual needs, and this disclosure does not specifically limit this.
According to the embodiment of the disclosure, the first fragment data may be stored to a first data cache space, and the second fragment data may be stored to a second data cache space, where the first data cache space and the second data cache space belong to different management domains. Because the first fragment data and the second fragment data are stored in different management domains, even if the data in a certain management domain is stolen by others, because only a single fragment data is stored in the management domain, the original data cannot be recovered by the stealer, and the security is higher.
Based on this, the first fragment data may be obtained by the first computing node reading the first fragment data in the first data cache space, and the second fragment data may be obtained by the second computing node reading the second fragment data in the second data cache space.
In operation S340, the recognition result is transmitted to the client device.
In the related technology, the privacy protection of finger vein recognition under a cross-mechanism application scene is realized by adopting a method for transforming an original plaintext image and a method for implementing full encryption on the finger vein image. For the method of transforming the original plaintext image, the original characteristics of the image are changed in the process of transforming the original plaintext image, so that the biological characteristic value extracted by the finger vein recognition algorithm is influenced, the recognition accuracy is influenced, and even the extracted characteristics cannot be used for finger vein recognition. The method for implementing full encryption on the finger vein image improves the security of transmitting the finger vein feature image, but before the finger vein recognition algorithm is executed, the finger vein image needs to be decrypted first to finish the extraction of the finger vein recognition feature, and under the condition of external attack, the decrypted finger vein image still has the risk of being leaked.
According to the embodiment of the disclosure, the server device decrypts the received ciphertext fragment data to obtain the fragment data, then the fragment data are distributed to the computing nodes, and the computing nodes identify the fragment data to obtain the identification result of the finger vein image to be identified. In the process, the fragment data are isolated from each other, and the finger vein feature data are hidden in the fragment data, so that the finger vein feature cannot be leaked even if the decrypted fragment data are lost, the safety of the finger vein feature data is improved, and the privacy data of a user is protected.
The method of fig. 2 is further described with reference to fig. 4 in conjunction with specific embodiments.
Those skilled in the art will appreciate that the following example embodiments are only for the understanding of the present disclosure, and the present disclosure is not limited thereto.
Fig. 4 schematically shows a flowchart of a method of identifying a finger vein image according to another embodiment of the present disclosure.
As shown in fig. 4, the method may include, for example, the following steps S401 to S411.
In step S401, the client device acquires a finger vein image.
According to the embodiment of the disclosure, the client device can acquire and generate a complete original finger vein image meeting the standard after living finger vein detection and picture quality detection are carried out by driving the near-infrared imaging device. The acquisition function can be compatible with finger vein near infrared imaging equipment of different manufacturers.
In step S402, the client device completes extraction of finger vein feature data from the finger vein original image acquired in step S401 through a finger vein feature extraction algorithm.
According to the embodiment of the disclosure, a standardized image with refined finger vein features can be segmented through the steps of median filtering denoising processing, edge detection image region cutting, size and gray level normalization, histogram equalization image enhancement, gray level threshold image segmentation, feature refinement and the like. And then, extracting the minutiae information of the finger vein image by using a minutiae feature extraction algorithm Cross Number (CN), outputting a 256-dimensional vector space, and calling the vector space as a feature vector A for convenience of description.
In step S403, the client device divides the finger vein feature data into random sliced data by a slicing algorithm.
According to the embodiment of the disclosure, the 256-dimensional feature vectors extracted from the original plaintext image of the finger vein can be sliced, and random sliced data of the finger vein features can be generated. In this embodiment, a random difference processing of feature vector elements is used to generate a random sequence of finger vein features, and more specifically, a random vector B corresponding to a length of 256 dimensions is generated by a random function according to the dimension number of the feature vector a, and a difference operation is performed on each element of the random vector B and the random vector B to obtain a vector C of 256 dimensions. Because the generation of the random vector B is random, the numerical values are different every time, and even if the finger vein feature data of the same person is the same, the feature values of the vector C are different under different use scenes. Therefore, two pieces of finger vein feature random slice data, namely the feature vector B and the feature vector C, can be generated according to the feature vector A extracted from the original image.
In step S404, the client device encrypts the data fragment through an encryption algorithm to obtain ciphertext fragment data.
According to the embodiment of the disclosure, the random fragmentation data of the finger vein features are encrypted, and the confidentiality protection transmission of the fragmentation data of the finger vein features is realized. In this embodiment, for example, a symmetric encryption algorithm is used to encrypt the sliced data into a ciphertext, and the symmetric encryption algorithm uses a ZUC algorithm that meets the national cryptographic standard.
In step S405, the client device uploads the ciphertext fragment data to the cloud server device.
In step S406, the server device receives the finger vein feature ciphertext fragment data sent by the client device.
In step S407, the server device invokes the symmetric encryption key, decrypts the received ciphertext fragment data, and restores the ciphertext fragment data to be the finger vein feature random fragment data.
According to the embodiment of the disclosure, the server device decrypts the ciphertext fragment by using a symmetric encryption algorithm corresponding to the client device, and restores the ciphertext fragment into random fragment data with finger vein characteristics.
According to the embodiment of the disclosure, the server device may send the encrypted fragment data to the partner databases belonging to different administrative domains, respectively. Because the same management domain only grasps partial fragments, any participant can not restore the finger vein characteristic value under the condition that the fragment data of other participants is not acquired, and the data security is enhanced.
In step S408, the server device routes the fragmented data to the corresponding computing node.
According to the embodiment of the disclosure, after the decrypted random fragmented data of the finger vein features are respectively sent to the data cache spaces belonging to different management domains, the random fragmented data of the finger vein features can be forwarded to the algorithm computing nodes for finger vein identification comparison according to the routes specified by task scheduling, and the registered and identified random fragmented data of the finger vein features are respectively used as the data input of the respective computing nodes.
In step S409, the server starts a finger vein identification comparison algorithm operation through the cloud computing node, and respectively inputs the registered finger vein feature fragment data and the received field finger vein feature fragment data as data of respective computing nodes, so as to cooperatively complete comparison calculation of finger vein features, thereby obtaining an identification result.
According to the embodiment of the disclosure, a plurality of finger vein identification computing nodes in different management domains can be scheduled to start a cooperative computing task according to the requirement of the finger vein identification computing task, cosine distance is used for judging the similarity of two groups of features, the operations of field finger vein photo (field collected finger vein image to be identified) finger vein feature vector random fragmentation data and registered finger vein photo (finger vein photo collected during registration) finger vein feature vector random fragmentation data are completed, when the similarity of the two is greater than a set threshold value, the field finger vein photo and the registered finger vein photo are considered to belong to the same person, and a final finger vein feature comparison operation result is returned after the computation is completed.
In step S410, the server device returns the recognition result to the client device in real time.
In step S411, the client device receives the recognition result.
According to the embodiment of the disclosure, the client device drives the near-infrared imaging device to complete finger vein image acquisition through the SDK of the client software, completes random fragmentation and encryption of finger vein feature data through finger vein feature extraction, data fragmentation and encryption functions integrated by the SDK of the client, and realizes finger vein identification service with privacy protection function in cooperation with finger vein identification privacy calculation service of the cloud.
The method for recognizing the finger vein image can realize privacy protection of cross-mechanism finger vein recognition technology application. Based on the method, on the premise of no trusted third party management and no dependence on specific hardware equipment, the data owner can technically ensure that the privacy of the finger vein information of the user is protected and the finger vein information data is prevented from being leaked in the cross-organization circulation process when the finger vein identification service of an external technology service provider is used. More specifically, the method is advantageous at least in the following way.
Firstly, the legal rights and interests of the user can be guaranteed. According to the embodiment of the disclosure, the finger vein information of the user is converted into finger vein feature random fragment data or ciphertext data in the registration, transmission and identification processes, and the finger vein feature random fragment data or the ciphertext data are dispersed in different management nodes for storage and collaborative calculation, so that the personal privacy is not invaded while the user obtains the convenient finger vein identification authentication service.
And secondly, the operation benefit of the data owner can be improved. According to the embodiment of the disclosure, the data owner is used as a personal biological information collection main body, so that the data use purpose and range of the personal finger vein information of the user can be effectively managed, convenient and safe intelligent service is provided for the user, the capacities of the user and the live client are enhanced, the personal information safety protection duty is implemented while the operation performance is improved, and the requirements of supervision and compliance are met.
And thirdly, the service boundary of the technical service provider can be expanded. According to the method for identifying the finger vein image, the technical means of finger vein identification privacy protection is improved, the worry of a user about leakage of the collected finger vein is eliminated, the finger vein identification technology can be promoted to provide more partner scenes for popularization, so that more enterprises are driven to be upgraded intelligently, and the range and quality of service output are improved.
Fig. 5 schematically shows a block diagram of an apparatus for recognizing a finger vein image according to an embodiment of the present disclosure.
As shown in fig. 5, the apparatus 500 for recognizing a finger vein image includes an obtaining module 510, an extracting module 520, a slicing module 530, an encrypting module 540, a transmitting module 550, and a first receiving module 560. The apparatus 500 for recognizing a finger vein image may perform the method described above with reference to fig. 2.
In particular, the obtaining module 510 may be configured to obtain an image of a finger vein to be identified.
The extracting module 520 may be configured to extract finger vein feature data from the finger vein image to be recognized through a finger vein feature extraction algorithm.
The slicing module 530 may be configured to determine a plurality of sliced data according to the finger vein feature data.
The encrypting module 540 may be configured to encrypt the multiple fragment data to obtain multiple ciphertext fragment data.
The sending module 550 may be configured to send the plurality of ciphertext fragment data to the server device, so that the server device generates an identification result for the finger vein image to be identified according to the plurality of ciphertext fragment data.
The first receiving module 560 may be configured to receive the identification result from the server device.
Exemplarily, in this embodiment, the obtaining module 510 may be specifically configured to collect an original plaintext image of a finger vein. Packaging the finger vein acquisition SDK, driving a near-infrared imaging device, acquiring a finger vein image of a user, acquiring a front image meeting the finger vein identification requirement after finger vein living body detection and picture quality detection, and generating a whole finger vein plaintext image.
For example, in this embodiment, the extraction module 520 may be specifically configured to extract a finger vein feature vector value from an input finger vein original image through a finger vein feature extraction algorithm. The method specifically comprises the following steps: the standardized image with the refined finger vein features is segmented through the steps of median filtering denoising processing, edge detection image region cutting, size and gray level normalization, histogram equalization image enhancement, gray level threshold value image segmentation, feature refinement and the like. And then, extracting the minutiae information of the finger vein image by using a minutiae feature extraction algorithm Cross Number (CN), and outputting a 256-dimensional vector space.
For example, in this embodiment, the slicing module 530 may be specifically configured to perform slicing processing on the 256-dimensional feature vectors extracted from the original plaintext image of the finger vein, and generate random slicing data of the finger vein features. The method adopts random difference processing of feature vector elements to generate a finger vein feature random sequence, and specifically comprises the following steps: and generating a random vector B corresponding to 256-dimensional length through a random function according to the dimension number of the feature vector A generated by the finger vein feature extraction unit, and performing difference operation on each element of the random vector B and the random vector B to obtain a 256-dimensional vector C. Because the generation of B is random, the numerical values are different every time, and even if the data are finger vein feature data of the same person, the feature values of the vector C are different under different use scenes. Therefore, two pieces of finger vein feature random slice data, namely the feature vector B and the feature vector C, can be generated according to the feature vector A extracted from the original image.
Exemplarily, in this embodiment, the extraction module 520 may be specifically configured to perform encryption processing on the finger vein feature random fragment data, so as to implement confidentiality protection transmission of the finger vein feature fragment data. And encrypting the sliced data into a ciphertext by adopting a symmetric encryption algorithm, wherein the symmetric encryption algorithm adopts a ZUC algorithm which accords with the national cipher standard.
Fig. 6 schematically shows a block diagram of an apparatus for recognizing a finger vein image according to another embodiment of the present disclosure.
As shown in fig. 6, the apparatus 600 for recognizing a finger vein image includes a second receiving module 610, a decrypting module 620, a recognizing module 630, and a transmitting module 640. The apparatus 600 for recognizing a finger vein image may perform the method described above with reference to fig. 3.
Specifically, the second receiving module 610 may be configured to receive a plurality of ciphertext fragment data from the client device, where each ciphertext fragment data in the plurality of ciphertext fragment data includes feature information of the finger vein image to be identified.
The decryption module 620 may be configured to decrypt the ciphertext fragment data to obtain a plurality of fragment data.
The identifying module 630 may be configured to allocate the plurality of sliced data to a plurality of computing nodes, so as to identify the plurality of sliced data by the plurality of computing nodes, and obtain an identification result for the finger vein image to be identified.
A sending module 640 may be configured to send the recognition result to the client device.
Exemplarily, in this embodiment, the decryption module 620 may be specifically configured to restore ciphertext fragments of the finger vein features to plaintext random fragment data. Specifically, a symmetric encryption algorithm corresponding to the client may be adopted to decrypt the ciphertext fragment and restore the ciphertext fragment into random fragment data with finger vein characteristics.
Fig. 7 schematically illustrates a block diagram of an identification module according to an embodiment of the present disclosure.
As shown in fig. 7, the identification module 630 may include, for example, a data access unit 731, a multi-party security computation unit 732, and a task scheduling unit 733.
The data access unit 731 may be configured to receive and route the finger vein feature random fragmentation data restored by the decryption module 620, and distribute the required feature data of finger vein identification operation to corresponding computing nodes. Specifically, the decrypted random fragmented data of the finger vein features are respectively sent to data cache spaces which belong to different management domains, then forwarded to algorithm computing nodes for finger vein identification comparison according to routes specified by task scheduling, and the registered and identified random fragmented data of the finger vein features are respectively used as data input of respective computing nodes.
The multi-party security calculation unit 732 may be configured to complete comparison operation of random fragmented data of finger vein features, and ensure that the computation result of the fragmented data is consistent with the computation result of the complete feature data, or the result loss precision is within an acceptable range. Specifically, the multi-party security computing unit can be divided into two parts, namely computing support and business computing logic. The computing support realizes secret sharing, homomorphic encryption, a garbled circuit and other basic multi-party security computing protocols, and encapsulates basic computing functions such as addition, subtraction, multiplication, division, comparison and the like and other complex computing functions derived from the basic computing functions. The service calculation logic part comprises calculation steps required by supporting the finger vein recognition service scene, and each step is used for completing the calculation of the finger vein feature data by calling a basic calculation function and a derivative calculation function.
The task scheduling unit 733 may be configured to implement task scheduling management between different computing nodes. According to the requirement of a finger vein identification calculation task, a plurality of finger vein identification calculation nodes in different management domains are integrally scheduled to start a cooperative calculation task, cosine distance is used for judging the similarity of two groups of features, the operation of finger vein feature vector random fragment data of field finger vein photos and finger vein feature vector random fragment data of registered finger vein photos is completed, when the similarity of the two groups of feature vectors is larger than a set threshold value, the field finger vein photos and the registered finger vein photos are considered to belong to the same person, and a final finger vein feature comparison operation result is returned after the calculation is completed.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the obtaining module 510, the extracting module 520, the fragmenting module 530, the encrypting module 540, the sending module 550, the first receiving module 560, the second receiving module 610, the decrypting module 620, the identifying module 630 and the sending module 640 may be combined into one module to be implemented, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the obtaining module 510, the extracting module 520, the slicing module 530, the encrypting module 540, the sending module 550, the first receiving module 560, the second receiving module 610, the decrypting module 620, the identifying module 630, and the sending module 640 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or by a suitable combination of any of them. Alternatively, at least one of the obtaining module 510, the extracting module 520, the fragmenting module 530, the encrypting module 540, the transmitting module 550, the first receiving module 560, the second receiving module 610, the decrypting module 620, the identifying module 630 and the transmitting module 640 may be at least partially implemented as a computer program module which, when executed, may perform a corresponding function.
FIG. 8 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method according to an embodiment of the present disclosure. The computer system illustrated in FIG. 8 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 8, a computer system 800 according to an embodiment of the present disclosure includes a processor 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. The processor 801 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 801 may also include onboard memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing different actions of the method flows according to embodiments of the present disclosure.
In the RAM 803, various programs and data necessary for the operation of the system 800 are stored. The processor 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. The processor 801 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 802 and/or RAM 803. Note that the programs may also be stored in one or more memories other than the ROM 802 and RAM 803. The processor 801 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
System 800 may also include an input/output (I/O) interface 805, also connected to bus 804, according to an embodiment of the disclosure. The system 800 may also include one or more of the following components connected to the I/O interface 805: an input portion 806 including a keyboard, a mouse, and the like; an output section 807 including a signal such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 808 including a hard disk and the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. A drive 810 is also connected to the I/O interface 805 as necessary. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as necessary, so that a computer program read out therefrom is mounted on the storage section 808 as necessary.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method provided by the embodiments of the present disclosure, when the computer program product is run on an electronic device, the program code being adapted to cause the electronic device to carry out the method for recognizing images of finger veins provided by the embodiments of the present disclosure.
The computer program, when executed by the processor 801, performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure. In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via communication section 809, and/or installed from removable media 811. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 802 and/or RAM 803 described above and/or one or more memories other than the ROM 802 and RAM 803.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (19)

1. A method of identifying images of finger veins, comprising:
acquiring a finger vein image to be identified;
extracting finger vein feature data from the finger vein image to be identified through a finger vein feature extraction algorithm;
determining a plurality of fragment data according to the finger vein feature data;
encrypting the plurality of fragment data to obtain a plurality of ciphertext fragment data;
sending the plurality of ciphertext fragment data to server-side equipment so that the server-side equipment generates an identification result aiming at the finger vein image to be identified according to the plurality of ciphertext fragment data; and
and receiving the identification result from the server-side equipment.
2. The method according to claim 1, wherein the extracting finger vein feature data from the finger vein image to be identified through a finger vein feature extraction algorithm comprises:
determining a standardized image according to the finger vein image to be identified; and
and extracting the minutiae data in the standardized image according to a minutiae feature extraction algorithm to serve as the finger vein feature data.
3. The method according to claim 2, wherein the determining a standardized image from the finger vein image to be recognized comprises:
standardizing the finger vein image to be identified to obtain a standardized image,
wherein the normalization process comprises at least one of:
median filtering and denoising, edge detection image region cutting, size and gray level normalization, histogram equalization image enhancement, gray level threshold value image segmentation and feature refinement.
4. The method of claim 1, wherein the plurality of sliced data comprises a first sliced data and a second sliced data; the determining the plurality of sliced data according to the finger vein feature data includes:
generating first sliced data with the same dimension as the finger vein feature data based on the finger vein feature data according to a random generation algorithm; and
and executing preset operation aiming at the finger vein feature data and the first fragment data to obtain second fragment data with the same dimension as the finger vein feature data.
5. The method of claim 4, wherein the generating first sliced data having the same dimensionality as the finger vein feature data based on the finger vein feature data according to a random generation algorithm comprises:
randomly determining target operation according to a random generation algorithm; and
and respectively executing the target operation aiming at each element in the finger vein characteristic data to obtain an operation result with the same dimensionality as the finger vein characteristic data, wherein the operation result is used as the first fragment data.
6. The method of claim 4, wherein the preset operation is a difference operation; the performing a preset operation on the finger vein feature data and the first fragment data to obtain second fragment data having the same dimension as the finger vein feature data includes:
and calculating the difference between each element in the finger vein feature data and the element corresponding to the element in the first fragment data to obtain a plurality of difference values, wherein the difference values are used as the second fragment data.
7. The method of claim 4, wherein the plurality of ciphertext fragments data comprises a first ciphertext fragment data and a second ciphertext fragment data; the encrypting the plurality of fragment data to obtain a plurality of ciphertext fragment data includes:
and according to a second encryption algorithm, encrypting the second fragment data to obtain second ciphertext fragment data.
8. The method of claim 1, wherein the acquiring the finger vein image to be identified comprises:
collecting an original finger vein image;
performing living finger vein detection and/or image quality detection on the original finger vein image; and
and determining an original finger vein image detected by the living finger vein detection and/or the image quality detection as the finger vein image to be identified.
9. The method of any one of claims 1 to 8, wherein the method is applied to a client device.
10. A method of identifying images of finger veins, comprising:
receiving a plurality of ciphertext fragment data from client equipment, wherein each ciphertext fragment data in the ciphertext fragment data comprises feature information of a finger vein image to be identified;
decrypting the plurality of ciphertext fragment data to obtain a plurality of fragment data;
distributing the plurality of fragment data to a plurality of computing nodes so as to identify the plurality of fragment data through the plurality of computing nodes and obtain an identification result aiming at the finger vein image to be identified; and
and sending the identification result to the client equipment.
11. The method of claim 10, wherein the plurality of ciphertext fragments data comprises a first ciphertext fragment data and a second ciphertext fragment data; the decrypting the plurality of ciphertext fragment data to obtain a plurality of fragment data includes:
and according to the second encryption algorithm, decrypting the second ciphertext fragment data to obtain second fragment data.
12. The method of claim 11, wherein the distributing the plurality of sliced data to a plurality of computing nodes to identify the plurality of sliced data by the plurality of computing nodes to obtain an identification result for the finger vein image to be identified comprises:
allocating a first compute node to the first sliced data and a second compute node to the second sliced data;
acquiring the first fragment data through the first computing node, and computing a first similarity between the first fragment data and pre-stored finger vein features;
acquiring the second fragment data through the second computing node, and computing a second similarity between the second fragment data and pre-stored finger vein features; and
and determining the recognition result according to the first similarity and the second similarity.
13. The method of claim 12, further comprising: storing the first fragment data into a first data cache space and storing the second fragment data into a second data cache space, wherein the first data cache space and the second data cache space belong to different management domains;
wherein the obtaining, by the first computing node, the first sliced data comprises: reading first fragment data in the first data cache space through the first computing node;
the obtaining, by the second computing node, the second tile data comprises: and reading second fragment data in the second data cache space through the second computing node.
14. The method according to any one of claims 10 to 13, wherein the method is applied to a server device.
15. An apparatus for recognizing a finger vein image, comprising:
the acquisition module is used for acquiring a finger vein image to be identified;
the extraction module is used for extracting finger vein feature data from the finger vein image to be identified through a finger vein feature extraction algorithm;
the fragmentation module is used for determining a plurality of fragmentation data according to the finger vein feature data;
the encryption module is used for encrypting the plurality of fragment data to obtain a plurality of ciphertext fragment data;
the sending module is used for sending the plurality of ciphertext fragment data to the server side equipment so that the server side equipment generates an identification result aiming at the finger vein image to be identified according to the plurality of ciphertext fragment data; and
and the first receiving module is used for receiving the identification result from the server-side equipment.
16. An apparatus for recognizing a finger vein image, comprising:
the second receiving module is used for receiving a plurality of ciphertext fragment data from the client device, wherein each ciphertext fragment data in the ciphertext fragment data comprises the characteristic information of the finger vein image to be identified;
the decryption module is used for decrypting the ciphertext fragment data to obtain fragment data;
the identification module is used for distributing the fragment data to a plurality of computing nodes so as to identify the fragment data through the computing nodes and obtain an identification result aiming at the finger vein image to be identified; and
and the sending module is used for sending the identification result to the client equipment.
17. A computing device, comprising:
one or more processors;
a memory for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-14.
18. A computer-readable storage medium storing computer-executable instructions for implementing the method of any one of claims 1 to 14 when executed.
19. A computer program product comprising computer executable instructions for implementing the method of any one of claims 1 to 14 when executed.
CN202110288238.9A 2021-03-17 2021-03-17 Method, apparatus, computing device and medium for identifying finger vein image Active CN113052045B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110288238.9A CN113052045B (en) 2021-03-17 2021-03-17 Method, apparatus, computing device and medium for identifying finger vein image

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110288238.9A CN113052045B (en) 2021-03-17 2021-03-17 Method, apparatus, computing device and medium for identifying finger vein image

Publications (2)

Publication Number Publication Date
CN113052045A true CN113052045A (en) 2021-06-29
CN113052045B CN113052045B (en) 2023-04-28

Family

ID=76513236

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110288238.9A Active CN113052045B (en) 2021-03-17 2021-03-17 Method, apparatus, computing device and medium for identifying finger vein image

Country Status (1)

Country Link
CN (1) CN113052045B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114760068A (en) * 2022-04-08 2022-07-15 中国银行股份有限公司 User identity authentication method, system, electronic device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106658490A (en) * 2016-11-08 2017-05-10 南京邮电大学 Wireless sensor network homomorphic encryption privacy protection method
US9749299B1 (en) * 2015-03-09 2017-08-29 Symantec Corporation Systems and methods for image-based encryption of cloud data
CN107862282A (en) * 2017-11-07 2018-03-30 深圳市金城保密技术有限公司 A kind of finger vena identification and safety certifying method and its terminal and system
CN109598247A (en) * 2018-12-07 2019-04-09 黑龙江大学 Two dimensional code identity identifying method based on vein image minutiae point and patterned feature
US10541983B1 (en) * 2017-07-19 2020-01-21 Amazon Technologies, Inc. Secure storage and searching of information maintained on search systems

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9749299B1 (en) * 2015-03-09 2017-08-29 Symantec Corporation Systems and methods for image-based encryption of cloud data
CN106658490A (en) * 2016-11-08 2017-05-10 南京邮电大学 Wireless sensor network homomorphic encryption privacy protection method
US10541983B1 (en) * 2017-07-19 2020-01-21 Amazon Technologies, Inc. Secure storage and searching of information maintained on search systems
CN107862282A (en) * 2017-11-07 2018-03-30 深圳市金城保密技术有限公司 A kind of finger vena identification and safety certifying method and its terminal and system
CN109598247A (en) * 2018-12-07 2019-04-09 黑龙江大学 Two dimensional code identity identifying method based on vein image minutiae point and patterned feature

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
AYHAN OZAN YILMAZ: "An Infrastructure for efficient reporting workflow in grid based teleradiology applications" *
傅超仪: "面向动态数据的隐私保护方法研究" *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114760068A (en) * 2022-04-08 2022-07-15 中国银行股份有限公司 User identity authentication method, system, electronic device and storage medium

Also Published As

Publication number Publication date
CN113052045B (en) 2023-04-28

Similar Documents

Publication Publication Date Title
CN112949545B (en) Method, apparatus, computing device and medium for recognizing face image
US10607035B2 (en) Method of displaying content on a screen of an electronic processing device
US8712047B2 (en) Visual universal decryption apparatus and methods
US20230106584A1 (en) Securing User-Entered Text In-Transit
US11599669B2 (en) Image distribution using composite re-encrypted images
CN111741020B (en) Public data set determination method, device and system based on data privacy protection
Jang et al. Partial image encryption using format-preserving encryption in image processing systems for Internet of things environment
CN116383793B (en) Face data processing method, device, electronic equipment and computer readable medium
US20200136818A1 (en) System for generating personalized service content
CN110647641A (en) Identity authentication method, identity authentication device, computer equipment and storage medium
Mohanty et al. PANDORA: Preserving privacy in PRNU-based source camera attribution
JP7236042B2 (en) Face Recognition Application Using Homomorphic Encryption
CN111177748A (en) Fingerprint storage encryption method, device and system
CN113052045B (en) Method, apparatus, computing device and medium for identifying finger vein image
CN113052044A (en) Method, apparatus, computing device, and medium for recognizing iris image
CN115114667A (en) Privacy information processing and classifying method and device for security chip
GB2566043A (en) A method of displaying content on a screen of an electronic processing device
CN116456127B (en) Video processing system, method, device, electronic equipment and storage medium
through an Encrypted Implementation of a Security System in IaaS Cloud Server through an Encrypted Blockchain
Christy Data Prevention Technique For Securing The Data
CN117992934A (en) Data security sharing method, data security analysis method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant