CN101984576B - Method and system for authenticating anonymous identity based on face encryption - Google Patents

Abstract

The invention discloses a method and system for authenticating an anonymous identity based on face encryption in the field of information security. The method comprises the following steps: a public key and a private key are generated according to a Paillier public key cryptosystem; the public key is allocated to a client, the private key is stored in an application server; when in user registration, the client acquires user indentify and encrypts the acquired face features; when in anonymous user entry, the client encrypts the acquired face features; a database server calculates user entry encryption information and register encryption information; and the application server utilizes the private key to decrypt and calculate so as to obtain decryption information, and if the conditions are met, the user can enter the system. In the invention, the Paillier public key cryptosystem is unidirectional and is semantically safe, the encrypted face features of anonymous users and the private key are not in the same server, so the safety of an identify authentication system can be ensured even though an advanced permission user can not acquire the information of the user.

Description

A kind of based on the anonymous identity identifying method and the system of encrypting people's face

Technical field

The present invention is a kind of based on the anonymous identity identifying method and the system of encrypting people's face, belongs to information security field.

Background technology

Along with community networkization and informationalized development, how quicker, convenient, the safe authentication of carrying out becomes the common problem that people face.The status of authentication in safety system is of crucial importance, is the most basic security service, and other security service all will depend on it.In case identity authorization system is broken, all safety measures of system will perform practically no function so.The target of assault often is exactly an identity authorization system.Therefore will accelerate the construction of information security, it is very important adding strong identity authentication research theoretical and that use.In addition, except the hacker, after super-ordinate right user (such as the keeper) login system, can revise the sensitive data of domestic consumer, and the system that declares has been subjected to assault.

Conventional cipher method is maintained secrecy to user's content through encryption key, and in order to satisfy the fail safe of encrypted content, the long Bit String that encryption key normally generates at random, such key are difficult to memory concerning the user; Simultaneously; Living things feature recognition has characteristics such as portability, uniqueness, reliability, versatility; But because traditional living creature characteristic recognition system does not adopt any encryption measures, what store in the system is the primitive characteristics value, thereby along with hardware attack and the development that cracks technology; Whole living creature characteristic recognition system just might be exposed in hacker's the firing area fully, thereby the fail safe of user identity and privacy are on the hazard.Biological characteristic can be reset after losing unlike password and key, and losing of biological characteristic is nonvolatil losing.And encrypt the advantage of the existing traditional living things feature recognition of biometric identity Verification System, can guarantee the fail safe of biological characteristic again.

Summary of the invention

The invention discloses a kind of anonymous identity identifying method and system based on encryption people face, this system can be used for based on network online identity authentication.Isomorphism according to the Paillier algorithm; The Paillier public-key cryptosystem is encrypted face characteristic; Improve the fail safe of recognition of face, and be applied to adopt in people's face identity authorization system that Euclidean distance measures, make it have good authentication performance.

Technical scheme of the present invention is achieved in that the isomorphism of this method according to the Paillier algorithm, utilizes the Paillier public-key cryptosystem face characteristic to be encrypted and is applied to adopt in people's face identity authorization system that Euclidean distance measures.

Said Paillier public-key cryptosystem the probability encryption system that to be P.Paillier etc. propose in Europe in 1999 and Asia password meeting with good homomorphism character; And provided a kind of encipherment scheme that can verify message integrity, proved under the model that this encipherment scheme can resist adaptability and attack (NM-CCA2) foretelling at random.

The homomorphism character of said Paillier algorithm is meant: make E represent encipherment scheme; M; C representes respectively expressly and the cryptogram space; Expressly space M is the crowd who is operating as

, and cryptogram space C is the crowd who is operating as

.For any one instance E of this encipherment scheme, given

and

just exist r to make:

claims that then encipherment scheme E satisfies homomorphism character about

.

It comprises two stages based on the anonymous identity identifying method of encrypting people's face: registration phase, authentication phase.

At first, right according to the key that the Paillier public-key cryptosystem generates identity authorization system by application server: PKI (n, g) and private key (λ μ), distributes to client with PKI simultaneously, and private key is stored in the application server.

Said registration phase comprises:

The individual user of a.M (M>=2) registers in client, and client is obtained user's identity information and face characteristic vector A _i: (a _I1, a _I2A _IjA _IN), i=1,2 ... M, j=1,2 ... N, A _iBe i user's face characteristic vector, a _IjBe j characteristic value of i user's face characteristic vector; N is the dimension of people's face characteristic vector;

B. using public-key, (n g) encrypts this M user's face characteristic, calculates U according to formula (1) and (2) _IjAnd V _Ij:

$U_{\mathrm{ij}}=E(a_{\mathrm{ij}}^2,r_{\mathrm{ij}}^a)=g^{a_{\mathrm{ij}}^2}\·{\left(r_{\mathrm{ij}}^a\right)}^n{\mathrm{mod}n}^2---\left(1\right)$

$V_{\mathrm{ij}}=E({2a}_{\mathrm{ij}},r_{\mathrm{ij}}^a)=g^{{2a}_{\mathrm{ij}}}\·{\left(r_{\mathrm{ij}}^a\right)}^n{\mathrm{mod}n}^2---\left(2\right)$

Wherein, U _IjAnd V _IjBe two group encryption values, Be one group with the identical random number of face characteristic vector dimension, and

1≤i≤M,

1≤j≤N.

C. the secret value of M user's identity information and the face characteristic data forwarding submodule through application server is stored in the database server;

Authentication phase comprises:

D. anonymous is logined in client, and client is obtained the face characteristic vector B of anonymous according to the method identical with said step a: (b ₁, b ₂... B _j, b _N), j=1,2 ... N, b _jBe j characteristic value of the face characteristic vector of anonymous.

E. using public-key, (n g) encrypts this user's face characteristic, calculates W according to formula (3) _j, j=1,2L N:

$W_j=E(b_j^2,r_j^b)=g^{b_j^2}\·{\left(r_j^b\right)}^n{\mathrm{mod}n}^2---\left(3\right)$

Wherein, W _jBe a group encryption value,

Be one group identical with the face characteristic number and be different from

Random number.

F. the secret value of this anonymous face characteristic data forwarding submodule through application server is outputed in the database server and with the secret value that is stored in M user's face characteristic in the database server at registration phase and calculate the encrypted domain distance P according to formula (4) _i, i=1,2L M:

$P_i=\underset{j=1}{\overset{j=N}{\mathrm{\Π}}}{U}_{\mathrm{ij}}{W}_j{V_{\mathrm{ij}}}^{n-b_j}{\mathrm{mod}n}^2---\left(4\right)$

G. the authentication sub module of application server is utilized private key (λ, μ) through formula (5), (6) apart from deciphering, is obtained M Euclidean distance d to M encrypted domain _i(A _i, B), i=1,2L M:

$D_i\left(P_i\right)=\frac{({P_i}^{\mathrm{\λ}}{\mathrm{mod}n}^2-1)*\mathrm{\μ}}{n}\mathrm{mod}n,i=\mathrm{1,2},\mathrm{LM}---\left(5\right)$

d _i(A _i，B)＝(D _i(P _i)) ^1/2 (6)

H. if minimum Eustachian distance wherein less than setting threshold, is then thought this user through authentication, allow the entering system, otherwise, think this user not through authentication, the logging in system by user failure.And whether the feedback information of successful login system to client.

Said face characteristic can be any face characteristic.

Said identity information is the user name of logging in system by user.

It is a kind of based on the anonymous identity authorization system of encrypting people's face that the present invention also provides, and comprising:

Client modules is used to obtain user's identity information and face characteristic vector, and uses public-key face characteristic is encrypted, and identity information is the user name of logging in system by user;

Said client modules specifically comprises:

The client enrollment submodule is used for when the user registers, obtaining user's identity information and face characteristic vector, and uses public-key face characteristic is encrypted;

The client logins submodule, is used for when anonymous is logined, obtaining user's face characteristic vector, and uses public-key face characteristic is encrypted.

The database server module, database server links to each other with application server.Registration phase, database server are used to store all users' that obtain identity information and the corresponding face characteristic of encrypting.User's entry stage, database server are used to receive the encryption face characteristic of login user, and calculate the encrypted domain distance between encryption face characteristic that receives and the encryption face characteristic that all have been stored.

Application server module is used to database server and sends information; Anonymous is carried out authentication, and the client that authentication result feeds back to client is logined submodule;

Said application server module specifically comprises:

Data forwarding submodule, data forwarding submodule are logined submodule with the client enrollment submodule of client with the client and are linked to each other, and are used for sending information to database server;

Authentication sub module, authentication sub module are landed submodule with the client and are linked to each other with database server, and it receives the encrypted domain distance from database server; Utilize private key that all encrypted domain distances are deciphered, obtain several Euclidean distances, establish wherein minimum Euclidean distance less than setting threshold; Think that then this anonymous through authentication, can get into system, otherwise; Think this anonymous not through authentication, the login system failure.And the feedback information of successful login system is logined submodule to the client of client.

The invention has the beneficial effects as follows:

1. fail safe, the Paillier public-key cryptosystem is unidirectional, compound rank residue class that and if only if is calculated hypothesis (CCRA) and is set up.Calculate the definition of hypothesis (CCRA) according to compound rank residue class; Under the situation that the factor of not knowing n is decomposed; Given ciphertext is calculated expressly m, finds the solution compound rank residue class exactly and calculates Class [n] problem; Otherwise; If compound rank residue class is calculated hypothesis (CCRA) and set up, then given ciphertext

can't calculate expressly m in polynomial time.

Paillier public key cryptography system is semantic safety, and and if only if, and compound rank residue judgement hypothesis (DCRA) are set up.Known two plaintext m ₀And m ₁, ciphertext c is m ₀Perhaps m ₁Encryption.If ciphertext c is plaintext m ₀Corresponding ciphertext, and if only if

Be mould n ²N rank residues.Therefore, if select the plaintext attack success, then compound rank residue judges that hypothesis is false; Vice versa.

Because cipher-text information after the face characteristic of anonymous is encrypted and private key be not in same database, so even super-ordinate right user (such as the keeper) also can't be known user's identity information.

2. correctness

Here we analyze, according to the cryptographic calculation E of the top Paillier public-key cryptosystem that provides (m, r)=c=g ^mr ⁿModn ²And decrypt operation

Can correctly recover expressly m.That is:

D(E(m，r))＝mmodn

According to:

(g ^λ(n)modn ²) ⁿ＝g ^nλ(n)modn ²＝1modn ²

${\left(c^{\mathrm{\λ}\left(n\right)}{\mathrm{mod}n}^2\right)}^n=g^{\mathrm{nm\λ}\left(n\right)}{r}^{n^2\mathrm{\λ}\left(n\right)}{\mathrm{mod}n}^2=1{\mathrm{mod}n}^2$

G is described ^{λ (n)}Modn ²And c ^{λ (n)}Modn ²All be

In n rank unit root;

Therefore:

L(c ^λ(n)modn ²)＝L((g ^mb ⁿ) ^λ(n)modn ²)＝L((g ^mλ(n)b ^nλ(n))modn ²)

Because

So b ^{N λ (n)}=1modn ²So following formula equals:

L((g ^mλ(n))modn ²)＝L((g ^λ(n)) ^mmodn ²)

Because g ^{λ (n)}Modn ²Be

In n rank unit root, the form of n rank unit root is:

(1+n) ^x＝1+xnmodn ²

So:

$L\left(g^{\mathrm{\λ}\left(n\right)}{\mathrm{mod}n}^2\right)=L\left({(1+n)}^x{\mathrm{mod}n}^2\right)=L(1+\mathrm{xn})=\frac{1+\mathrm{xn}-1}{n}=x\mathrm{mod}n;$

$L\left({\left(g^{\mathrm{\λ}\left(n\right)}\right)}^m{\mathrm{mod}n}^2\right)=L\left({(1+\mathrm{xn})}^m{\mathrm{mod}n}^2\right)$

$=L=\left((C_m^0{1}^m+C_m^1{1}^{m-1}\left(\mathrm{xn}\right)+C_m^2{1}^{m-2}{\left(\mathrm{xn}\right)}^2+K){\mathrm{mod}n}^2\right)$

$=L(1+\mathrm{mxn})=\mathrm{mx}\mathrm{mod}n=m\×L\left(g^{\mathrm{\λ}\left(n\right)}{\mathrm{mod}n}^2\right)\mathrm{mod}n$

So (E (m, r))=mmodn sets up D, and promptly correctness is set up.

3. isomorphism is supposed expressly m ₁Corresponding ciphertext is c ₁, plaintext m ₂Corresponding ciphertext is c ₂, can know according to AES,

E(m ₁，r ₁)·E(m ₂，r ₂)＝c ₁·c ₂＝E(m ₁+m ₂，r ₁r ₂)

It is thus clear that c ₁C ₂Be exactly plaintext m ₁With plaintext m ₂Sum m ₁+ m ₂Corresponding ciphertext.

Experimental result shows, among the present invention based on the anonymous identity identifying method of encrypting people's face when guaranteeing fail safe, can be good at keeping the performance of authentication.

Description of drawings

Fig. 1 is based on the anonymous identity authorization system block diagram of encrypting people's face among the embodiment.

Embodiment

To combine accompanying drawing and embodiment that technical scheme of the present invention is explained in more detail below.

Present embodiment is to the requirement of people's face identity authorization system to fail safe and authentication performance; Isomorphism according to the Paillier algorithm; Utilize the Paillier public-key cryptosystem that face characteristic is encrypted, and be applied to adopt in people's face identity authorization system that Euclidean distance measures.The present invention is applicable to most face characteristic, and the face characteristic that adopts in the present embodiment is polylith local binary (Multi-Block Local BinaryPattern, a MB-LBP) characteristic.

It comprises two stages based on the anonymous identity identifying method and the system of encrypting people's face: registration phase, authentication phase.

At first, right according to the key that the Paillier public-key cryptosystem generates identity authorization system by application server: PKI (n, g) and private key (λ, μ), n=pq wherein, g=n+1, λ=(p-1) (q-1), μ=((p-1) (q-1)) ^-1Modn, p, q select two equal in length and separate big prime number at random, and (n g) distributes to client, and (λ μ) is stored in application server with private key with PKI simultaneously.Registration phase comprises:

A.M user registers in client, and client is obtained user's identity information and face characteristic vector A _i: (a _I1, a _I2A _IjA _IN), i=1,2 ... M, j=1,2 ... N, A _iBe i user's face characteristic vector, a _IjBe j characteristic value of i user's face characteristic vector, N is the dimension of people's face characteristic vector; User's identity information is the user name of logging in system by user.

B. using public-key, (n g) encrypts this M user's face characteristic vector, calculates U according to formula (1) and (2) _IjAnd V _Ij:

$U_{\mathrm{ij}}=E(a_{\mathrm{ij}}^2,r_{\mathrm{ij}}^a)=g^{a_{\mathrm{ij}}^2}\·{\left(r_{\mathrm{ij}}^a\right)}^n{\mathrm{mod}n}^2---\left(1\right)$

$V_{\mathrm{ij}}=E({2a}_{\mathrm{ij}},r_{\mathrm{ij}}^a)=g^{{2a}_{\mathrm{ij}}}\·{\left(r_{\mathrm{ij}}^a\right)}^n{\mathrm{mod}n}^2---\left(2\right)$

Wherein, U _IjAnd V _IjBe two group encryption values,

Be one group of identical random number of dimension with face characteristic vector, and

1≤i≤M,

1≤j≤N.

C. the secret value of M user's identity information and the face characteristic data forwarding submodule through application server is stored in the database server.

Authentication phase comprises:

D. anonymous is logined in client, and client is obtained the face characteristic vector B of anonymous according to the method identical with said step a: (b ₁, b ₂... B _j, b _N), j=1,2 ... N, b _jBe j characteristic value of the face characteristic vector of anonymous.

E. using public-key, (n g) encrypts this user's face characteristic, calculates W according to formula (3) _j, j=1,2LN:

$W_j=E(b_j^2,r_j^b)=g^{b_j^2}\·{\left(r_j^b\right)}^n{\mathrm{mod}n}^2---\left(3\right)$

Wherein, W _jBe a group encryption value, Be one group identical with face characteristic vector dimension and be different from

Random number.

F. the secret value of this anonymous face characteristic data forwarding submodule through application server is outputed to database server and calculates the encrypted domain distance P with the secret value of M the user's face characteristic that is stored in database server at registration phase according to formula (4) _i, i=1,2L M:

$P_i=\underset{j=1}{\overset{j=N}{\mathrm{\Π}}}{U}_{\mathrm{ij}}{W}_j{V}_{\mathrm{ij}}^{n-b_j}{\mathrm{mod}n}^2---\left(4\right)$

G. the authentication sub module of application server is utilized private key (λ, μ) through formula (5), (6) apart from deciphering, is obtained M Euclidean distance d to M encrypted domain _i(A _i, B), i=1,2L M:

$D_i\left(P_i\right)=\frac{({P_i}^{\mathrm{\λ}}{\mathrm{mod}n}^2-1)*\mathrm{\μ}}{n}\mathrm{mod}n,i=\mathrm{1,2},\mathrm{LM}---\left(5\right)$

d _i(A _i，B)＝(D _i(P _i)) ^1/2 (6)

H. if wherein minimum Eustachian distance less than setting threshold (d _k(A _k, B)＜C _Th, C _ThBe setting threshold), think that then this user through authentication, can get into system, otherwise, think this user not through authentication, the logging in system by user failure.And the feedback information of successful login system is logined submodule to the client of client.

Claims (4)

1. one kind based on the anonymous identity identifying method of encrypting people's face; It is characterized in that; This method is according to the isomorphism of Paillier algorithm; With people's face identity identifying method that the Paillier public-key cryptosystem is encrypted and adopted Euclidean distance to measure face characteristic, this method comprises two stages: registration phase and authentication phase;

Right by application server according to the key that the Paillier public-key cryptosystem generates identity authorization system: PKI (n, g) and private key (λ, μ), (n g) distributes to client, and (λ μ) is stored in the application server with private key with PKI simultaneously;

Said registration phase comprises:

A.M user registers in client, and client is obtained user's identity information and face characteristic vector A _i: (a _I1, a _I2A _IjA _IN), i=1,2 ... M, j=1,2 ... N, A _iBe i user's face characteristic vector, a _IjBe j characteristic value of i user's face characteristic vector, N is the dimension of people's face characteristic vector;

B. using public-key, (n g) encrypts this M user's face characteristic, calculates U according to formula (1) and (2) _IjAnd V _Ij:

$U_{\mathrm{ij}}=E(a_{\mathrm{ij}}^2,r_{\mathrm{ij}}^a)=g^{a_{\mathrm{ij}}^2}\·{\left(r_{\mathrm{ij}}^a\right)}^n\mathrm{mod}{n}^2---\left(1\right)$

$V_{\mathrm{ij}}=E({2a}_{\mathrm{ij}},r_{\mathrm{ij}}^a)=g^{{2a}_{\mathrm{ij}}}\·{\left(r_{\mathrm{ij}}^a\right)}^n\mathrm{mod}{n}^2---\left(2\right)$

Wherein, U _IjAnd V _IjBe two group encryption values, Be one group with the identical random number of face characteristic vector dimension, and $\∀i,1\≤i\≤M,\∀j,1\≤j\≤N;$

C. the secret value of M user's identity information and the face characteristic data forwarding through application server is stored in the database server;

Authentication phase comprises:

D. anonymous is logined in client, and client is obtained the face characteristic vector B of anonymous according to the method identical with said step a: (b ₁, b ₂... B _j, b _N), j=1,2 ... N, b _jBe j characteristic value of the face characteristic vector of anonymous;

E. (n g) encrypts this user's face characteristic, calculates W according to formula (3) to use said PKI _j, j=1,2 ... N:

$W_j=E(b_j^2,r_j^b)=g^{b_j^2}\·{\left(r_j^b\right)}^n\mathrm{mod}{n}^2---\left(3\right)$

Wherein, W _jBe a group encryption value,

Be one group identical with the face characteristic number and be different from

Random number;

F. with the secret value of this anonymous face characteristic data forwarding submodule through application server output in the database server with the secret value that is stored in M user's face characteristic in the database server at registration phase according to formula (4) calculating encrypted domain distance P _i, i=1,2 ... M:

$P_i=\underset{j=1}{\overset{j=N}{\mathrm{\Π}}}{U}_{\mathrm{ij}}{W}_j{V_{\mathrm{ij}}}^{{n-b}_j}\mathrm{mod}{n}^2---\left(4\right)$

G. the authentication sub module of application server is utilized private key (λ, μ) through formula (5), (6) apart from deciphering, is obtained M Euclidean distance d to M encrypted domain _i(A _i, B), i=1,2 ... M:

$D_i\left(P_i\right)=\frac{({P_i}^{\mathrm{\λ}}\mathrm{mod}{n}^2-1)*\mathrm{\μ}}{n}\mathrm{mod}n,i=\mathrm{1,2}\·\·\·M---\left(5\right)$

d _i(A _i，B)＝(D _i(P _i)) ^1/2 (6)

H. if minimum Eustachian distance wherein less than setting threshold, is then thought this user through authentication, allow the entering system; Otherwise; Think this user not through authentication, logging in system by user failure, and whether the feedback information of successful login system to the login submodule of client.

2. it is characterized in that based on the anonymous identity identifying method of encrypting people's face that according to claim 1 is said what said face characteristic adopted is polylith local binary characteristic.

3. said based on the anonymous identity identifying method of encrypting people's face according to claim 1, it is characterized in that said identity information is the user name of logging in system by user.

4. the anonymous identity authorization system based on encryption people face is characterized in that, comprising:

Client modules is used to obtain user's identity information and face characteristic vector, and uses public-key face characteristic is encrypted;

Said client modules specifically comprises:

The client enrollment submodule is used for when the user registers, obtaining user's identity information and face characteristic vector; M user registers in client, M>=2 wherein, and client is obtained user's identity information and face characteristic vector A _i: (a _I1, a _I2A _IjA _IN), i=1,2 ... M, j=1,2 ... N, A _iBe i user's face characteristic vector, a _IjBe j characteristic value of i user's face characteristic vector; N is the dimension of people's face characteristic vector; And use public-key that (n g) encrypts this M user's face characteristic; Calculate U according to formula (1) and (2) _IjAnd V _Ij:

$U_{\mathrm{ij}}=E(a_{\mathrm{ij}}^2,r_{\mathrm{ij}}^a)=g^{a_{\mathrm{ij}}^a}\·{\left(r_{\mathrm{ij}}^a\right)}^n\mathrm{mod}{n}^2---\left(1\right)$

$V_{\mathrm{ij}}=E({2a}_{\mathrm{ij}},r_{\mathrm{ij}}^a)=g^{{2a}_{\mathrm{ij}}}\·{\left(r_{\mathrm{ij}}^a\right)}^n\mathrm{mod}{n}^2---\left(2\right)$

Wherein, U _IjAnd V _IjBe two group encryption values,

Be one group with the identical random number of face characteristic vector dimension, and $\∀i,1\≤i\≤M,\∀j,1\≤j\≤N;$

The client logins submodule, is used for when anonymous is logined, obtaining user's face characteristic vector; Anonymous is logined in client, and client is obtained the face characteristic vector B of anonymous: (b ₁, b ₂... B _j, b _N), j=1,2 ... N, b _jBe j characteristic value of the face characteristic vector of anonymous, and use public-key that (n g) encrypts this user's face characteristic, according to formula (3) calculating W _j, j=1,2 ... N:

$W_j=E(b_j^2,r_j^b)=g^{b_j^2}\·{\left(r_j^b\right)}^n\mathrm{mod}{n}^2---\left(3\right)$

Wherein, W _jBe a group encryption value, Be one group identical with the face characteristic number and be different from

Random number;

The database server module, database server links to each other with application server; Registration phase; Database server is used to store all users' that obtain identity information and the corresponding face characteristic of encrypting; User's entry stage; Database server is used to receive the encryption face characteristic of login user, and calculates the encrypted domain distance P between encryption face characteristic that receives and the encryption face characteristic that all have been stored according to formula (4) _i, i=1,2 ... M:

$P_i=\underset{j=1}{\overset{j=N}{\mathrm{\Π}}}{U}_{\mathrm{ij}}{W}_j{V_{\mathrm{ij}}}^{{n-b}_j}\mathrm{mod}{n}^2---\left(4\right)$

Application server module is used to database server and sends information; Anonymous is carried out authentication, and the client that authentication result feeds back to client is logined submodule;

Said application server module specifically comprises:

Data forwarding submodule, data forwarding submodule are logined submodule with the client enrollment submodule of client with the client and are linked to each other, and are used for sending information to database server;

Authentication sub module, authentication sub module are logined submodule with the client and are linked to each other with database server, and it receives the encrypted domain distance from database server, and (λ, μ) through formula (5), decipher M encrypted domain distance (6), obtains M Euclidean distance d to utilize private key _i(A _i, B), i=1,2 ... M:

$D_i\left(P_i\right)=\frac{({P_i}^{\mathrm{\λ}}\mathrm{mod}{n}^2-1)*\mathrm{\μ}}{n}\mathrm{mod}n,i=\mathrm{1,2}\·\·\·M---\left(5\right)$

d _i(A _i，B)＝(D _i(P _i)) ^1/2 (6)

If wherein minimum Euclidean distance is less than setting threshold; Think that then this anonymous is through authentication; Allow the entering system, otherwise, think that this anonymous is not through authentication; Login system failure, and the feedback information of successful login system is logined submodule to the client of client.