CN101984576A - Method and system for authenticating anonymous identity based on face encryption - Google Patents

Abstract

The invention discloses a method and system for authenticating an anonymous identity based on face encryption in the field of information security. The method comprises the following steps: a public key and a private key are generated according to a Paillier public key cryptosystem; the public key is allocated to a client, the private key is stored in an application server; when in user registration, the client acquires user indentify and encrypts the acquired face features; when in anonymous user entry, the client encrypts the acquired face features; a database server calculates user entry encryption information and register encryption information; and the application server utilizes the private key to decrypt and calculate so as to obtain decryption information, and if the conditions are met, the user can enter the system. In the invention, the Paillier public key cryptosystem is unidirectional and is semantically safe, the encrypted face features of anonymous users and the private key are not in the same server, so the safety of an identify authentication system can be ensured even though an advanced permission user can not acquire the information of the user.

Description

A kind of based on the anonymous identity identifying method and the system of encrypting people's face

Technical field

The present invention is a kind of based on the anonymous identity identifying method and the system of encrypting people's face, belongs to information security field.

Background technology

Along with community networkization and informationalized development, how quicker, convenient, the safe authentication of carrying out becomes the common problem that people face.The status of authentication in safety system is of crucial importance, is the most basic security service, and other security service all will depend on it.In case identity authorization system is broken, all safety measures of system will perform practically no function so.The target of assault often is exactly an identity authorization system.Therefore will accelerate the construction of information security, it is very important adding strong identity authentication research theoretical and that use.In addition, except the hacker, after super-ordinate right user (such as the keeper) login system, can revise the sensitive data of domestic consumer, and the system that declares has been subjected to assault.

Conventional cipher method is maintained secrecy to user's content by encryption key, and in order to satisfy the fail safe of encrypted content, the long Bit String that encryption key normally generates at random, such key are difficult to memory concerning the user; Simultaneously, living things feature recognition has characteristics such as portability, uniqueness, reliability, versatility, but because traditional living creature characteristic recognition system does not adopt any encryption measures, what store in the system is the primitive characteristics value, thereby along with hardware attack and the development that cracks technology, whole living creature characteristic recognition system just might be exposed in hacker's the firing area fully, thereby the fail safe of user identity and privacy are on the hazard.Biological characteristic can be reset after losing unlike password and key, and losing of biological characteristic is nonvolatil losing.And encrypt the advantage of the existing traditional living things feature recognition of biometric identity Verification System, can guarantee the fail safe of biological characteristic again.

Summary of the invention

The invention discloses a kind of anonymous identity identifying method and system based on encryption people face, this system can be used for based on network online identity authentication.Isomorphism according to the Paillier algorithm, the Paillier public-key cryptosystem is encrypted face characteristic, improve the fail safe of recognition of face, and be applied to adopt in people's face identity authorization system that Euclidean distance measures, make it have good authentication performance.

Technical scheme of the present invention is achieved in that the isomorphism of this method according to the Paillier algorithm, utilizes the Paillier public-key cryptosystem face characteristic to be encrypted and is applied to adopt in people's face identity authorization system that Euclidean distance measures.

Described Paillier public-key cryptosystem the probability encryption system that to be P.Paillier etc. propose in Europe in 1999 and Asia password meeting with good homomorphism character, and provided a kind of encipherment scheme that can verify message integrity, proved under the model that this encipherment scheme can resist adaptability and attack (NM-CCA2) foretelling at random.

The homomorphism character of described Paillier algorithm is meant: make E represent encipherment scheme, M, C represent respectively expressly and the cryptogram space that expressly space M is to be operating as

The group, cryptogram space C is operating as

The group.For any one example E of this encipherment scheme, given With

Just exist r to make:

Then claim encipherment scheme E about

Satisfy homomorphism character.

It comprises two stages based on the anonymous identity identifying method of encrypting people's face: registration phase, authentication phase.

At first, right according to the key that the Paillier public-key cryptosystem generates identity authorization system by application server: PKI (n, g) and private key (λ μ), distributes to client with PKI simultaneously, and private key is stored in the application server.

Described registration phase comprises:

The individual user of a.M (M 〉=2) registers in client, and client is obtained user's identity information and face characteristic vector A _i: (a _I1, a _I2A _IjA _IN), i=1,2 ... M, j=1,2 ... N, A _iBe i user's face characteristic vector, a _IjBe j characteristic value of i user's face characteristic vector; N is the dimension of people's face characteristic vector;

B. using public-key, (n g) encrypts this M user's face characteristic, calculates U according to formula (1) and (2) _IjAnd V _Ij:

$U_{\mathrm{ij}}=E(a_{\mathrm{ij}}^2,r_{\mathrm{ij}}^a)=g^{a_{\mathrm{ij}}^2}\·{\left(r_{\mathrm{ij}}^a\right)}^n{\mathrm{mod}n}^2---\left(1\right)$

$V_{\mathrm{ij}}=E({2a}_{\mathrm{ij}},r_{\mathrm{ij}}^a)=g^{{2a}_{\mathrm{ij}}}\·{\left(r_{\mathrm{ij}}^a\right)}^n{\mathrm{mod}n}^2---\left(2\right)$

Wherein, U _IjAnd V _IjBe two group encryption values,

Be one group with the identical random number of face characteristic vector dimension, and

1≤i≤M,

1≤j≤N.

C. the secret value of M user's identity information and the face characteristic data forwarding submodule by application server is stored in the database server;

Authentication phase comprises:

D. anonymous is logined in client, and client is obtained the face characteristic vector B:(b of anonymous according to the method identical with described step a ₁, b ₂... b _j, b _N), j=1,2 ... N, b _jBe j characteristic value of the face characteristic vector of anonymous.

E. using public-key, (n g) encrypts this user's face characteristic, calculates W according to formula (3) _j, j=1,2L N:

$W_j=E(b_j^2,r_j^b)=g^{b_j^2}\·{\left(r_j^b\right)}^n{\mathrm{mod}n}^2---\left(3\right)$

Wherein, W _jBe a group encryption value,

Be one group identical with the face characteristic number and be different from

Random number.

F. the secret value of this anonymous face characteristic data forwarding submodule by application server is outputed in the database server and with the secret value that is stored in M user's face characteristic in the database server at registration phase and calculate the encrypted domain distance P according to formula (4) _i, i=1,2L M:

$P_i=\underset{j=1}{\overset{j=N}{\mathrm{\Π}}}{U}_{\mathrm{ij}}{W}_j{V_{\mathrm{ij}}}^{n-b_j}{\mathrm{mod}n}^2---\left(4\right)$

G. the authentication sub module of application server is utilized private key (λ, μ) by formula (5), (6) apart from being decrypted, is obtained M Euclidean distance d to M encrypted domain _i(A _i, B), i=1,2L M:

$D_i\left(P_i\right)=\frac{({P_i}^{\mathrm{\λ}}{\mathrm{mod}n}^2-1)*\mathrm{\μ}}{n}\mathrm{mod}n,i=\mathrm{1,2},\mathrm{LM}---\left(5\right)$

d _i(A _i，B)＝(D _i(P _i)) ^1/2 (6)

H. if wherein minimum Eustachian distance less than setting threshold, thinks that then this user by authentication, allows to enter system, otherwise, think this user not by authentication, logging in system by user is failed.And whether the feedback information of successful login system to client.

Described face characteristic can be any face characteristic.

Described identity information is the user name of logging in system by user.

It is a kind of based on the anonymous identity authorization system of encrypting people's face that the present invention also provides, and comprising:

Client modules is used to obtain user's identity information and face characteristic vector, and uses public-key face characteristic is encrypted, and identity information is the user name of logging in system by user;

Described client modules specifically comprises:

The client enrollment submodule is used for obtaining user's identity information and face characteristic vector when the user registers, and uses public-key face characteristic is encrypted;

The client logins submodule, is used for obtaining when anonymous is logined user's face characteristic vector, and uses public-key face characteristic is encrypted.

The database server module, database server links to each other with application server.Registration phase, database server are used to store all users' that obtain identity information and the corresponding face characteristic of encrypting.User's entry stage, database server are used to receive the encryption face characteristic of login user, and calculate the encrypted domain distance between encryption face characteristic that receives and the encryption face characteristic that all have been stored.

Application server module is used to database server to send information; Anonymous is carried out authentication, and the client that authentication result feeds back to client is logined submodule;

Described application server module specifically comprises:

Data forwarding submodule, data forwarding submodule are logined submodule with the client enrollment submodule of client with the client and are linked to each other, and are used for sending information to database server;

Authentication sub module, authentication sub module is landed submodule with the client and is linked to each other with database server, it receives the encrypted domain distance from database server, utilizes private key that all encrypted domain distances are decrypted, and obtains several Euclidean distances, if wherein Zui Xiao Euclidean distance is less than setting threshold, think that then this anonymous by authentication, can enter system, otherwise, think this anonymous not by authentication, the login system failure.And the feedback information of successful login system is logined submodule to the client of client.

The invention has the beneficial effects as follows:

1. fail safe, the Paillier public-key cryptosystem is unidirectional, compound rank residue class that and if only if is calculated hypothesis (CCRA) and is set up.Calculate the definition of supposing (CCRA) according to compound rank residue class, under the situation that the factor of not knowing n is decomposed, given ciphertext

Calculate expressly m, find the solution compound rank residue class exactly and calculate Class[n] problem; Otherwise, set up then given ciphertext if compound rank residue class is calculated hypothesis (CCRA)

Can't in polynomial time, calculate expressly m.

Paillier public key cryptography system is semantic safety, and and if only if, and compound rank residue judgement hypothesis (DCRA) are set up.Known two plaintext m ₀And m ₁, ciphertext c is m ₀Perhaps m ₁Encryption.If ciphertext c is plaintext m ₀Corresponding ciphertext, and if only if Be mould n ²N rank residues.Therefore, if select the plaintext attack success, then compound rank residue judges that hypothesis is false; Vice versa.

Because cipher-text information after the face characteristic of anonymous is encrypted and private key be not in same database, so even super-ordinate right user (such as the keeper) also can't be known user's identity information.

2. correctness

Here we analyze, according to the cryptographic calculation E of the Paillier public-key cryptosystem that provides above (m, r)=c=g ^mr ⁿModn ²And decrypt operation Can correctly recover expressly m.That is:

D(E(m，r))＝mmodn

According to:

(g ^λ(n)modn ²) ⁿ＝g ^nλ(n)modn ²＝1modn ²

${\left(c^{\mathrm{\λ}\left(n\right)}{\mathrm{mod}n}^2\right)}^n=g^{\mathrm{nm\λ}\left(n\right)}{r}^{n^2\mathrm{\λ}\left(n\right)}{\mathrm{mod}n}^2=1{\mathrm{mod}n}^2$

G is described ^{λ (n)}Modn ²And c ^{λ (n)}Modn ²All be In n rank unit root;

Therefore:

L(c ^λ(n)modn ²)＝L((g ^mb ⁿ) ^λ(n)modn ²)＝L((g ^mλ(n)b ^nλ(n))modn ²)

Because So b ^{N λ (n)}=1modn ²So following formula equals:

L((g ^mλ(n))modn ²)＝L((g ^λ(n)) ^mmodn ²)

Because g ^{λ (n)}Modn ²Be

In n rank unit root, the form of n rank unit root is:

(1+n) ^x＝1+xnmodn ²

So:

$L\left(g^{\mathrm{\λ}\left(n\right)}{\mathrm{mod}n}^2\right)=L\left({(1+n)}^x{\mathrm{mod}n}^2\right)=L(1+\mathrm{xn})=\frac{1+\mathrm{xn}-1}{n}=x\mathrm{mod}n;$

$L\left({\left(g^{\mathrm{\λ}\left(n\right)}\right)}^m{\mathrm{mod}n}^2\right)=L\left({(1+\mathrm{xn})}^m{\mathrm{mod}n}^2\right)$

$=L=\left((C_m^0{1}^m+C_m^1{1}^{m-1}\left(\mathrm{xn}\right)+C_m^2{1}^{m-2}{\left(\mathrm{xn}\right)}^2+K){\mathrm{mod}n}^2\right)$

$=L(1+\mathrm{mxn})=\mathrm{mx}\mathrm{mod}n=m\×L\left(g^{\mathrm{\λ}\left(n\right)}{\mathrm{mod}n}^2\right)\mathrm{mod}n$

So (E (m, r))=mmodn sets up D, and promptly correctness is set up.

3. isomorphism is supposed expressly m ₁Corresponding ciphertext is c ₁, plaintext m ₂Corresponding ciphertext is c ₂, according to cryptographic algorithm as can be known,

E(m ₁，r ₁)·E(m ₂，r ₂)＝c ₁·c ₂＝E(m ₁+m ₂，r ₁r ₂)

As seen c ₁C ₂Be exactly plaintext m ₁With plaintext m ₂Sum m ₁+ m ₂Corresponding ciphertext.

Experimental result shows, among the present invention based on the anonymous identity identifying method of encrypting people's face when guaranteeing fail safe, can be good at keeping the performance that authenticates.

Description of drawings

Fig. 1 is based on the anonymous identity authorization system block diagram of encrypting people's face among the embodiment.

Embodiment

Below in conjunction with drawings and Examples technical scheme of the present invention is described in detail.

Present embodiment is at the requirement of people's face identity authorization system to fail safe and authentication performance, isomorphism according to the Paillier algorithm, utilize the Paillier public-key cryptosystem that face characteristic is encrypted, and be applied to adopt in people's face identity authorization system that Euclidean distance measures.The present invention is applicable to most face characteristic, and the face characteristic that adopts in the present embodiment is polylith local binary (Multi-Block Local BinaryPattern, a MB-LBP) feature.

It comprises two stages based on the anonymous identity identifying method and the system of encrypting people's face: registration phase, authentication phase.

At first, right according to the key that the Paillier public-key cryptosystem generates identity authorization system by application server: PKI (n, g) and private key (λ, μ), n=pq wherein, g=n+1, λ=(p-1) (q-1), μ=((p-1) (q-1)) ^-1Modn, p, q select two equal in length and separate big prime number at random, and (n g) distributes to client, and (λ μ) is stored in application server with private key with PKI simultaneously.Registration phase comprises:

A.M user registers in client, and client is obtained user's identity information and face characteristic vector A _i: (a _I1, a _I2A _IjA _IN), i=1,2 ... M, j=1,2 ... N, A _iBe i user's face characteristic vector, a _IjBe j characteristic value of i user's face characteristic vector, N is the dimension of people's face characteristic vector; User's identity information is the user name of logging in system by user.

B. using public-key, (n g) encrypts this M user's face characteristic vector, calculates U according to formula (1) and (2) _IjAnd V _Ij:

$U_{\mathrm{ij}}=E(a_{\mathrm{ij}}^2,r_{\mathrm{ij}}^a)=g^{a_{\mathrm{ij}}^2}\·{\left(r_{\mathrm{ij}}^a\right)}^n{\mathrm{mod}n}^2---\left(1\right)$

$V_{\mathrm{ij}}=E({2a}_{\mathrm{ij}},r_{\mathrm{ij}}^a)=g^{{2a}_{\mathrm{ij}}}\·{\left(r_{\mathrm{ij}}^a\right)}^n{\mathrm{mod}n}^2---\left(2\right)$

Wherein, U _IjAnd V _IjBe two group encryption values,

Be one group of random number identical with the dimension of face characteristic vector, and

1≤i≤M,

1≤j≤N.

C. the secret value of M user's identity information and the face characteristic data forwarding submodule by application server is stored in the database server.

Authentication phase comprises:

D. anonymous is logined in client, and client is obtained the face characteristic vector B:(b of anonymous according to the method identical with described step a ₁, b ₂... b _j, b _N), j=1,2 ... N, b _jBe j characteristic value of the face characteristic vector of anonymous.

E. using public-key, (n g) encrypts this user's face characteristic, calculates W according to formula (3) _j, j=1,2LN:

$W_j=E(b_j^2,r_j^b)=g^{b_j^2}\·{\left(r_j^b\right)}^n{\mathrm{mod}n}^2---\left(3\right)$

Wherein, W _jBe a group encryption value,

Be one group identical with face characteristic vector dimension and be different from

Random number.

F. the secret value of this anonymous face characteristic data forwarding submodule by application server is outputed to database server and calculate the encrypted domain distance P according to formula (4) with the secret value of M the user's face characteristic that is stored in database server at registration phase _i, i=1,2L M:

$P_i=\underset{j=1}{\overset{j=N}{\mathrm{\Π}}}{U}_{\mathrm{ij}}{W}_j{V}_{\mathrm{ij}}^{n-b_j}{\mathrm{mod}n}^2---\left(4\right)$

G. the authentication sub module of application server is utilized private key (λ, μ) by formula (5), (6) apart from being decrypted, is obtained M Euclidean distance d to M encrypted domain _i(A _i, B), i=1,2L M:

$D_i\left(P_i\right)=\frac{({P_i}^{\mathrm{\λ}}{\mathrm{mod}n}^2-1)*\mathrm{\μ}}{n}\mathrm{mod}n,i=\mathrm{1,2},\mathrm{LM}---\left(5\right)$

d _i(A _i，B)＝(D _i(P _i)) ^1/2 (6)

H. if wherein minimum Eustachian distance less than setting threshold (d _k(A _k, B)＜C _Th, C _ThBe setting threshold), think that then this user by authentication, can enter system, otherwise, think this user not by authentication, the logging in system by user failure.And the feedback information of successful login system is logined submodule to the client of client.

Claims (4)

1. one kind based on the anonymous identity identifying method of encrypting people's face, it is characterized in that, this method is according to the isomorphism of Paillier algorithm, with people's face identity identifying method that the Paillier public-key cryptosystem is encrypted and adopted Euclidean distance to measure face characteristic, this method comprises two stages: registration phase and authentication phase;

Right by application server according to the key that the Paillier public-key cryptosystem generates identity authorization system: PKI (n, g) and private key (λ, μ), (n g) distributes to client, and (λ μ) is stored in the application server with private key with PKI simultaneously;

Described registration phase comprises:

A.M user registers in client, and client is obtained user's identity information and face characteristic vector A _i: (a _I1, a _I2A _IjA _IN), i=1,2 ... M, j=1,2 ... N, A _iBe i user's face characteristic vector, a _IjBe j characteristic value of i user's face characteristic vector, N is the dimension of people's face characteristic vector;

B. using public-key, (n g) encrypts this M user's face characteristic, calculates U according to formula (1) and (2) _IjAnd V _Ij:

$U_{\mathrm{ij}}=E(a_{\mathrm{ij}}^2,r_{\mathrm{ij}}^a)=g^{a_{\mathrm{ij}}^2}\·{\left(r_{\mathrm{ij}}^a\right)}^n{\mathrm{mod}n}^2---\left(1\right)$

$V_{\mathrm{ij}}=E({2a}_{\mathrm{ij}},r_{\mathrm{ij}}^a)=g^{{2a}_{\mathrm{ij}}}\·{\left(r_{\mathrm{ij}}^a\right)}^n{\mathrm{mod}n}^2---\left(2\right)$

Wherein, U _IjAnd V _IjBe two group encryption values,

Be one group with the identical random number of face characteristic vector dimension, and

1≤i≤M,

1≤j≤N;

C. the secret value of M user's identity information and the face characteristic data forwarding by application server is stored in the database server;

Authentication phase comprises:

D. anonymous is logined in client, and client is obtained the face characteristic vector B:(b of anonymous according to the method identical with described step a ₁, b ₂... b _j, b _N), j=1,2 ... N, b _jBe j characteristic value of the face characteristic vector of anonymous;

E. (n g) encrypts this user's face characteristic, calculates W according to formula (3) to use described PKI _j, j=1,2L N:

$W_j=E(b_j^2,r_j^b)=g^{b_j^2}\·{\left(r_j^b\right)}^n{\mathrm{mod}n}^2---\left(3\right)$

Wherein, W _jBe a group encryption value,

Be one group identical with the face characteristic number and be different from

Random number;

F. the secret value of this anonymous face characteristic data forwarding submodule by application server is outputed in the database server with the secret value that is stored in M user's face characteristic in the database server at registration phase according to formula (4) calculating encrypted domain distance P _i, i=1,2L M:

$P_i=\underset{j=1}{\overset{j=N}{\mathrm{\Π}}}{U}_{\mathrm{ij}}{W}_j{V_{\mathrm{ij}}}^{n-b_j}{\mathrm{mod}n}^2---\left(4\right)$

G. the authentication sub module of application server is utilized private key (λ, μ) by formula (5), (6) is decrypted M secret value, obtain M Euclidean distance d _i(A _i, B), i=1,2L M:

$D_i\left(P_i\right)=\frac{({P_i}^{\mathrm{\λ}}{\mathrm{mod}n}^2-1)*\mathrm{\μ}}{n}\mathrm{mod}n,i=\mathrm{1,2},\mathrm{LM}---\left(5\right)$

d _i(A _i，B)＝(D _i(P _i)) ^1/2 (6)

H. if minimum Eustachian distance wherein less than setting threshold, thinks that then this user by authentication, allows to enter system, otherwise, think this user not by authentication, logging in system by user failure, and whether the feedback information of successful login system to the login submodule of client.

2. it is characterized in that based on the anonymous identity identifying method and the system of encrypting people's face that according to claim 1 is described what described face characteristic adopted is polylith local binary feature.

3. described based on the anonymous identity identifying method and the system of encrypting people's face according to claim 1, it is characterized in that described identity information is the user name of logging in system by user.

4. the anonymous identity authorization system based on encryption people face is characterized in that, comprising:

Client modules is used to obtain user's identity information and face characteristic vector, and uses public-key face characteristic is encrypted;

Described client modules specifically comprises:

The client enrollment submodule is used for obtaining user's identity information and face characteristic vector when the user registers, and uses public-key face characteristic is encrypted;

The client logins submodule, is used for obtaining when anonymous is logined user's face characteristic vector, and uses public-key face characteristic is encrypted;

The database server module, database server links to each other with application server; Registration phase, database server is used to store all users' that obtain identity information and the corresponding face characteristic of encrypting, user's entry stage, database server is used to receive the encryption face characteristic of login user, and calculates the encrypted domain distance between encryption face characteristic that receives and the encryption face characteristic that all have been stored;

Application server module is used to database server to send information; Anonymous is carried out authentication, and the client that authentication result feeds back to client is logined submodule;

Described application server module specifically comprises:

Data forwarding submodule, data forwarding submodule are logined submodule with the client enrollment submodule of client with the client and are linked to each other, and are used for sending information to database server;

Authentication sub module, authentication sub module is landed submodule with the client and is linked to each other with database server, it receives the encrypted domain distance from database server, utilize private key that all encrypted domain distances are decrypted, obtain several Euclidean distances, if wherein Zui Xiao Euclidean distance is less than setting threshold, think that then this anonymous is by authentication, allow to enter system, otherwise, think this anonymous not by authentication, login system failure, and the feedback information of successful login system is logined submodule to the client of client.