CN111598576A - Privacy-protecting image information processing method and device - Google Patents
Privacy-protecting image information processing method and device Download PDFInfo
- Publication number
- CN111598576A CN111598576A CN202010442272.2A CN202010442272A CN111598576A CN 111598576 A CN111598576 A CN 111598576A CN 202010442272 A CN202010442272 A CN 202010442272A CN 111598576 A CN111598576 A CN 111598576A
- Authority
- CN
- China
- Prior art keywords
- feature
- image
- user
- character string
- verification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 27
- 238000003672 processing method Methods 0.000 title claims abstract description 20
- 238000012795 verification Methods 0.000 claims abstract description 220
- 238000000034 method Methods 0.000 claims abstract description 72
- 239000013598 vector Substances 0.000 claims description 43
- 230000004044 response Effects 0.000 claims description 22
- 210000003462 vein Anatomy 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000010200 validation analysis Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 15
- 230000005540 biological transmission Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000001680 brushing effect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 239000011449 brick Substances 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000001815 facial effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000004570 mortar (masonry) Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N1/00—Scanning, transmission or reproduction of documents or the like, e.g. facsimile transmission; Details thereof
- H04N1/44—Secrecy systems
Abstract
The embodiment of the specification provides a privacy-protecting image information processing method and device and a privacy-protecting identity verification method and device. One embodiment of the image information processing method includes: acquiring a feature character string formed based on image features of a biometric image of a user; distributing corresponding shift numbers for the characteristic character strings; according to the shift number, performing shift operation in a preset direction on the characteristic character string to obtain effective verification information in the current period; and respectively sending the verification information and the shift number to the client. Therefore, the characteristic character string after the shift operation is used as effective verification information in the current period, so that the client stores the verification information, and the risk caused by loss of the biological characteristic data can be reduced. In addition, when the verification information is sent, the shift number is also sent, so that the client can realize the identity verification of the user according to the verification information and the shift number subsequently.
Description
Technical Field
The embodiment of the specification relates to the technical field of data security, in particular to a method and a device for processing image information for protecting privacy and a method and a device for authenticating identity for protecting privacy.
Background
With the continuous improvement of the operation capability and the storage capability of the terminal device, part of the functions of the server side can be realized at the terminal side. For example, authentication of the user may be implemented on the terminal device.
Take the terminal device supporting face-brushing payment equipped in the off-line physical store as an example. The terminal device may store biometric data of the registered user received from the backend server. When any user uses the terminal equipment to carry out face brushing payment, the terminal equipment can collect the face image of the user and carry out identity verification on the user based on the face image and the biological characteristic data stored locally.
In practice, the biometric data stored in the feature library of the server is typically a feature vector extracted from a biometric image of a registered user. The feature vector may be considered private data of the user. When the authentication of the user is implemented on the terminal side, the biometric data stored on the terminal device will face security issues. If this biometric data is captured by a lawless person, unpredictable risks are presented.
Therefore, a reasonable and reliable method is needed to process the existing biometric data to reduce the risk of losing the biometric data stored in the terminal device, and to ensure that the terminal device can normally authenticate the user.
Disclosure of Invention
The embodiment of the specification provides a privacy-protecting image information processing method and device and a privacy-protecting identity verification method and device.
In a first aspect, an embodiment of the present specification provides an image information processing method for protecting privacy, which is applied to a server, and includes: acquiring a feature character string formed based on image features of a biometric image of a user; distributing corresponding shift numbers for the characteristic character strings; according to the shift number, performing shift operation in a preset direction on the characteristic character string to obtain effective verification information in the current period; and respectively sending the verification information and the shift number to a client.
In some embodiments, the biometric image comprises any one of: face image, fingerprint image, finger vein image, iris image.
In some embodiments, the duration of one period is one day, and the current period is the current day.
In some embodiments, the step of acquiring a feature character string formed based on an image feature of a biometric image of a user is performed in any one of: detecting that the current time reaches a preset time point in the current period; and receiving a verification data acquisition request sent by the client in the current period.
In some embodiments, the obtaining a feature string formed based on image features of a biometric image of a user includes: acquiring image features extracted from the biological feature image; forming the feature string based on the image feature.
In some embodiments, the obtaining image features extracted from the biometric image comprises: extracting a feature vector from the biological feature image; determining the feature vector as the image feature.
In some embodiments, the obtaining image features extracted from the biometric image comprises: extracting a feature vector from the biological feature image; carrying out Hash operation on the feature vector to obtain Hash features; determining the hash feature as the image feature.
In some embodiments, the assigning the corresponding shift number to the feature string includes: the shift numbers are randomly generated and assigned to the feature strings.
In some embodiments, the performing a shift operation in a predetermined direction on the feature character string according to the shift number includes: and cutting the sub character strings with the number equal to the shift number along a preset direction from one end part of the characteristic character string, and splicing the sub character strings to the other end part.
In some embodiments, the predetermined direction is from left to right; and the cutting out the sub character strings with the number equal to the shift number along the preset direction from one end part of the characteristic character string, and splicing the sub character strings to the other end part, comprising: and intercepting the sub character strings from left to right from the left end part of the characteristic character string, and splicing the sub character strings to the right end part of the characteristic character string.
In some embodiments, the predetermined direction is from right to left; and the cutting out the sub character strings with the number equal to the shift number along the preset direction from one end part of the characteristic character string, and splicing the sub character strings to the other end part, comprising: and intercepting the sub character strings from right to left from the right end part of the feature character string, and splicing the sub character strings to the left end part of the feature character string.
In a second aspect, an embodiment of the present specification provides an identity authentication method for protecting privacy, which is applied to a client, and the method includes: in response to the target biological characteristic image of the user of which the identity is to be verified is obtained, determining a characteristic character string corresponding to the target biological characteristic image; obtaining valid verification data in a current period, wherein the verification data comprises a shift number and at least one piece of verification information; according to the shift number, performing shift operation in a preset direction on the feature character string to obtain a feature to be verified; comparing the feature to be verified with verification information in the verification data; and determining whether the user is a legal user or not according to the comparison result.
In some embodiments, the target biometric image comprises any one of: face image, fingerprint image, finger vein image, iris image.
In some embodiments, the duration of one period is one day, and the current period is the current day.
In some embodiments, before the determining, in response to obtaining the target biometric image of the user whose identity is to be verified, a feature string corresponding to the target biometric image, the method further includes: receiving the shift number and the at least one piece of verification information from a server respectively; storing the shift amount and the at least one piece of verification information to a local predetermined storage location; and the obtaining of valid verification data in the current period comprises: retrieving the verification data from the predetermined storage location.
In some embodiments, the obtaining verification data valid in the current period includes: responding to the situation that the verification data are not stored locally, and sending a verification data acquisition request related to the current period to a server; and receiving the shift number and the at least one piece of verification information which are respectively returned by the server side in response to the verification data acquisition request.
In some embodiments, the determining a feature string corresponding to the target biometric image comprises: determining an image feature corresponding to the target biometric image; forming the feature string based on the image feature.
In some embodiments, the determining an image feature corresponding to the target biometric image comprises: extracting a feature vector from the target biological feature image; determining the feature vector as the image feature.
In some embodiments, the determining an image feature corresponding to the target biometric image comprises: extracting a feature vector from the target biological feature image; carrying out Hash operation on the feature vector to obtain Hash features; determining the hash feature as the image feature.
In some embodiments, the performing a shift operation in a predetermined direction on the feature character string according to the shift number includes: and cutting the sub character strings with the number equal to the shift number along the preset direction from one end part of the characteristic character string, and splicing the sub character strings to the other end part.
In some embodiments, the predetermined direction is from left to right; and said cutting a number of sub-character strings equal to the shift number in the predetermined direction from one end of the feature character string, and splicing the sub-character strings to the other end, includes: and intercepting the sub character strings from left to right from the left end part of the characteristic character string, and splicing the sub character strings to the right end part of the characteristic character string.
In some embodiments, the predetermined direction is from right to left; and said cutting a number of sub-character strings equal to the shift number in the predetermined direction from one end of the feature character string, and splicing the sub-character strings to the other end, includes: and intercepting the sub character strings from right to left from the right end part of the feature character string, and splicing the sub character strings to the left end part of the feature character string.
In some embodiments, the method further comprises obtaining a user identification of the user; and comparing the feature to be verified with verification information in the verification data, including: selecting the verification information corresponding to the user identification from the verification data; and comparing the characteristic to be verified with the selected verification information.
In some embodiments, the comparing the feature to be verified with verification information in the verification data includes: and comparing the verification information in the verification data with the features to be verified in sequence until the verification information matched with the features to be verified is compared, or determining that all the verification information in the verification data is not matched with the features to be verified.
In some embodiments, the determining whether the user is a valid user according to the comparison result includes: if the comparison result shows that the feature to be verified is successfully compared with the verification information in the verification data, determining that the user is a legal user; and if the comparison result shows that the comparison between the features to be verified and the verification information in the verification data fails, determining that the user is an illegal user.
In a third aspect, an embodiment of the present specification provides an image information processing apparatus for protecting privacy, which is applied to a server, and includes: an acquisition unit configured to acquire a feature character string formed based on an image feature of a biometric image of a user; an allocation unit configured to allocate a corresponding shift number to the feature string; the shifting unit is configured to perform shifting operation in a preset direction on the characteristic character string according to the shifting number to obtain valid verification information in the current period; a sending unit configured to send the verification information and the shift amount to a client, respectively.
In a fourth aspect, an embodiment of the present specification provides an identity authentication apparatus for protecting privacy, which is applied to a client, and includes: the first determination unit is configured to determine a characteristic character string corresponding to a target biological characteristic image of a user to be authenticated in response to the target biological characteristic image being acquired; an acquisition unit configured to acquire verification data valid in a current cycle, the verification data including a shift amount and at least one piece of verification information; the shifting unit is configured to perform shifting operation in a preset direction on the characteristic character string according to the shifting number to obtain a characteristic to be verified; a comparison unit configured to compare the feature to be verified with verification information in the verification data; and the second determining unit is configured to determine whether the user is a legal user according to the comparison result.
In a fifth aspect, the present specification provides a computer-readable storage medium on which a computer program is stored, wherein when the computer program is executed in a computer, the computer is caused to execute the method described in any implementation manner of the first aspect and the second aspect.
In a sixth aspect, the present specification provides a computing device, including a memory and a processor, where the memory stores executable code, and the processor executes the executable code to implement the method described in any one of the implementation manners of the first aspect and the second aspect.
In the technical solutions provided in the above embodiments of the present specification, the verification information may be regarded as a feature after being encrypted. By attaching a validity period to the authentication information, it is possible to ensure that the authentication information in each period is not reusable. Therefore, the risk caused by the loss of the biological characteristic data can be reduced by sending the valid verification information in the current period to the client for the storage of the client. In addition, when the verification information is sent, the shift number used when the verification information is encrypted is also sent, so that the client can realize the identity verification of the user according to the verification information and the shift number subsequently. Specifically, when the client performs identity authentication on the user whose identity is to be authenticated in the period, the client may determine the feature to be authenticated according to the target biometric image of the user and the shift number, and determine whether the user is a valid user by comparing the feature to be authenticated with the authentication information. The authentication information can be compared normally without decoding, so that the accuracy and the high efficiency of the authentication can be ensured, and the client can realize the authentication of the user based on the authentication information and the shift number.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, other drawings can be obtained from the provided drawings without inventive effort, and that the present description can also be applied to other similar scenarios from the provided drawings. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
FIG. 1 is an exemplary system architecture diagram to which some embodiments of the present description may be applied;
FIG. 2 is a flow diagram of one embodiment of a privacy preserving image information processing method according to the present description;
FIG. 3a is a schematic diagram of the operational flow of a shift operation for a feature string;
FIG. 3b is another schematic diagram of the operational flow of a shift operation for a feature string;
FIG. 3c is a schematic diagram of an application scenario of a privacy preserving image information processing method according to the present description;
FIG. 4 is a flow diagram of yet another embodiment of a privacy preserving image information processing method according to the present description;
FIG. 5 is a flow diagram of one embodiment of a privacy preserving authentication method in accordance with the present description;
FIG. 6 is a schematic diagram of an application scenario of a privacy preserving authentication method according to the present description;
fig. 7 is a schematic configuration diagram of an image information processing apparatus for protecting privacy according to the present specification;
fig. 8 is a schematic structural diagram of an authentication apparatus for protecting privacy according to the present specification.
Detailed Description
The present specification will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. The described embodiments are only some embodiments and not all embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step are within the scope of the present application.
It should be noted that, for convenience of description, only the portions related to the invention are shown in the drawings. The embodiments and features of the embodiments in the present description may be combined with each other without conflict.
Currently, authentication may be applied to a number of scenarios, including but not limited to payment scenarios, account login scenarios, and the like.
In a payment scenario, before performing a payment operation on a payment account of a user, the user generally needs to be authenticated to verify the true identity of the user.
In the account login scenario, when a user is allowed to log in a corresponding account, especially an account with a high security requirement, such as a bank account, a financial product account, and a payment product account (e.g., a payment account), the user also needs to be authenticated.
As mentioned before, the authentication of the user can be implemented on the terminal side. When the authentication of the user is implemented on the terminal side, the biometric data stored on the terminal device will face security issues. If this biometric data is captured by a lawless person, unpredictable risks are presented.
Based on this, some embodiments of the present specification disclose a privacy-protecting image information processing method, a privacy-protecting authentication method, respectively. In particular, FIG. 1 illustrates an exemplary system architecture diagram suitable for use with these embodiments.
As shown in fig. 1, the interaction between a server 100, a client 101 and a user whose identity is to be verified is shown.
The server 100 may be configured to provide services such as image information processing, and the server 100 may be implemented as a cloud platform, a single server, or a server cluster.
The client 101 may be used to provide services such as authentication, and the client 101 may be implemented as a terminal device or software installed on the terminal device. The terminal equipment can be integrated with a biological characteristic acquisition device or externally connected with the biological characteristic acquisition device. The biometric acquisition device may include, but is not limited to, a camera, a fingerprint acquisition device, a finger vein information acquisition device, a microphone, and the like.
Further, if the client 101 is applied to a payment scenario, the client 101 may also be used to provide a payment service. If the client 101 is applied to an account login scenario, the client 101 may also be used to provide an account login service.
Specifically, the server 100 may generate a shift amount in real time or at regular time in any period, generate valid verification information in the period according to the shift amount and a feature character string formed based on an image feature of a biometric image of the user, and send the verification information and the shift amount to the client 101 respectively. If the client 101 detects an authentication triggering operation executed by the user in the period, the client 101 may obtain a target biometric image of the user, and execute an authentication operation for the user according to the target biometric image, the authentication information, and the shift number, so as to determine whether the user is a valid user or an invalid user.
It should be understood that the number of servers and clients shown in fig. 1 is merely illustrative. There may be any number of servers and clients, as desired for implementation.
The following describes specific implementation steps of the above method with reference to specific examples.
Referring to fig. 2, a flow 200 of one embodiment of a privacy preserving image information processing method is shown. The method is applied to the server 100 shown in fig. 1, and includes the following steps:
and step 204, respectively sending the verification information and the shift number to the client.
In this embodiment, the biometric image may include a face image, a fingerprint image, a finger vein image, an iris image, a voiceprint image, or the like. The duration of a cycle may be one day, two days, one week, etc. Assuming that the duration of one cycle is one day, the current cycle may refer to the current day.
The details of step 201 and step 204 are described below.
In step 201, a user may refer to one or more users. The user here can be understood as a registered user of the server 100.
In practice, step 201 may be performed in any of the following cases:
detecting that the current time reaches a preset time point in the current period;
an authentication data acquisition request sent by a client (such as the client 101 shown in fig. 1) in the current period is received.
The predetermined time point may be, for example, a starting time point of the current cycle. When the server executes step 201 in response to detecting that the current time reaches a predetermined time point in the current period, it may be characterized that the server may execute the above-mentioned flow 200 periodically. When the server executes step 201 in response to receiving the verification data acquisition request sent by the client in the current period, it may be characterized that the server may execute the above-mentioned flow 200 in real time.
Specifically, in step 201, the server may obtain a feature character string formed based on the image features of the biometric image of the user by various methods.
As an example, a feature character string formed based on an image feature of a biometric image of a user has been generated in advance, and the server may acquire the feature character string from a specific storage location.
As another example, the server may obtain image features extracted from a biometric image of the user and form a feature string based on the image features. Here, the server may adopt the following image feature acquisition method: the method comprises the steps of obtaining a feature vector extracted from a biological feature image of a user, and determining the image feature of the biological feature image according to the feature vector. For example, the feature vector is directly determined as an image feature. It should be noted that the feature library of the server may store feature vectors extracted from the biometric image of the user. The server can obtain the feature vector from the feature library.
In step 202, the shift number may represent the number of characters in the feature string that need to be shifted. In order to improve the security of the subsequently generated verification information, the server may randomly generate a shift number and assign the shift number to the feature string acquired in step 201.
It should be noted that, when the feature character strings corresponding to a plurality of users are obtained in step 201, the server may allocate the same shift number to the feature character strings corresponding to the plurality of users respectively, or allocate different shift numbers to the feature character strings corresponding to the plurality of users respectively, which is not limited specifically herein.
In step 203, for each obtained feature string, the server may cut the sub-strings with the number equal to the shift number in a predetermined direction from one end of the feature string, and concatenate the sub-strings to the other end. The predetermined direction may be, for example, from left to right, or from right to left, and is not particularly limited herein.
For example, when the predetermined direction is from left to right, the server may cut the substrings equal to the shift number from left to right from the left end of the feature string, and concatenate the substrings to the right end of the feature string.
For another example, when the predetermined direction is from right to left, the server may cut the sub-character strings with the number equal to the shift number from right to left from the right end of the feature character string, and concatenate the sub-character strings to the left end of the feature character string.
As shown in fig. 3a, it shows a schematic diagram of the operation flow of the shift operation for the characteristic character string. Here, fig. 3a shows a feature character string "11100000" formed based on the image feature of the biometric image of the user, and a feature character string "00000111" after the shift operation. Specifically, in the operation flow shown in fig. 3a, the predetermined direction is from left to right, and the shift number is 3. The sub-character strings "111" equal to 3 in number may be cut from left to right from the left end of the characteristic character string "11100000" and spliced to the right end of the characteristic character string, so that the characteristic character string "00000111" after the shift operation may be obtained.
As shown in fig. 3b, another schematic diagram of the operation flow of the shift operation for the characteristic character string is shown. Fig. 3b shows a feature character string "11100000" formed based on the image feature of the biometric image of the user, and a feature character string "00011100" after the shift operation. Specifically, in the operation flow shown in fig. 3b, the predetermined direction is from right to left, and the shift number is 3. A sub-string "000" whose number is equal to 3 may be cut out from the right end of the feature string "11100000" from the right to the left, and the sub-string may be spliced to the left end of the feature string, so that the feature string "00011100" after the shift operation may be obtained.
It should be understood that the feature string "11100000" formed based on the image feature of the biometric image of the user shown in fig. 3a and 3b, respectively, is only an exemplary feature string and is not intended to limit the present specification in any way.
It should be noted that the authentication information obtained in step 203 may be regarded as an encrypted feature. The encryption of the biological characteristic data of the user is realized through the shifting operation mode, and compared with the existing encryption method, such as the encryption method adopting the characteristic confusion mode, the encryption method is simpler and more efficient.
In step 204, in order to reduce the risk of stealing the verification information during transmission, the server may send the verification information and the shift number to the client in batches, for example, first sending any one of the verification information and the shift number, and then sending the other item. Therefore, even if the verification information is stolen by lawless persons in the transmission process, the shift number cannot be simultaneously stolen, so that the verification information cannot be cracked, and the risk caused by stealing the verification information in the transmission process can be reduced.
It should be noted that, if the server executes the above-mentioned process 200 regularly and the client communicatively connected to the server includes a first client for an unspecified user, such as an IOT (Internet of Things) tool or software deployed on the IOT tool, in step 204, the server may send the shift number and the obtained pieces of verification information to all or part of the connected first clients respectively.
If the server executes the process 200 periodically and the client communicatively connected to the server includes a second client used by a specific user, such as a terminal device of a smart phone, a tablet computer, a laptop computer, a desktop computer, or software deployed on the terminal device, in step 204, for each piece of acquired authentication information, the server may send the authentication information and the shift number to the second client used by the user to which the authentication information belongs.
In addition, if the server performs step 201 in response to receiving the verification data acquisition request sent by the client in the current period, in step 204, the server may send the verification information and the shift number to the client.
With continuing reference to fig. 3c, fig. 3c is a schematic diagram of an application scenario of the privacy-preserving image information processing method according to the present embodiment. In the application scenario, the server can execute the image information processing flow regularly, the biological feature image is a human face image, the client is an IOT machine supporting face brushing payment, the preset direction is from left to right, and the duration of one period is one day.
As indicated by reference numeral 301, the server may acquire feature character strings respectively formed based on image features of face images of a plurality of users in response to detecting that the current time reaches a predetermined time point of the current day. The server may then randomly generate a shift number, as indicated by reference numeral 302, and assign the shift number to the feature string. Then, as shown by reference numeral 303, for each obtained feature character string, the server may cut out the sub character strings whose number is equal to the shift number from left to right from the left end of the feature character string, splice the sub character strings to the right end of the feature character string, and use the spliced feature character strings as valid verification information in the current period. Then, the server may send the authentication information and the shift number to the client, respectively, as indicated by reference numerals 3041 and 3042.
Thereby, the client can be caused to store the authentication information and the shift amount. The verification information can be regarded as the encrypted human face features. The encrypted face features which are effective in the current period are sent to the client for storage by the client, so that the face features of the user are not fixed any more in different time. Even if the face features stored on the client are acquired by lawless persons, the face features are difficult to crack by the lawless persons, and the face features are rapidly invalid in the next period, so that the risk caused by the loss of the face features can be effectively reduced.
It should be noted that, those skilled in the art can derive other types of biometric image embodiments by analogy from the contents related to the face image shown in fig. 3c, and this specification does not list them one by one.
In the privacy protection image information processing method provided by this embodiment, a feature character string formed based on image features of a biometric image of a user is acquired, then a corresponding shift number is allocated to the feature character string, then a shift operation in a predetermined direction is performed on the feature character string according to the shift number to obtain valid verification information in a current period, and then the verification information and the shift number are respectively sent to a client, so that the client can store the verification information and the shift number. The authentication information may be regarded as an encrypted feature. By attaching a validity period to the authentication information, it is possible to ensure that the authentication information in each period is not reusable. Therefore, the risk caused by the loss of the biological characteristic data can be reduced by sending the valid verification information in the current period to the client for the storage of the client. In addition, when the verification information is sent, the shift number is also sent, so that the client can realize the identity verification of the user according to the verification information and the shift number.
With further reference to fig. 4, a flow 400 of yet another embodiment of a privacy preserving image information processing method is shown. The method is applied to the server 100 shown in fig. 1, and includes the following steps:
In this embodiment, for the explanation of steps 401, 404 and 406, refer to the related description in the embodiment corresponding to fig. 2, and are not repeated herein.
In step 402, the hash feature obtained by performing the hash operation on the feature vector may be a binary hash feature.
In step 403, by determining the hash feature as the image feature of the biometric image of the user and forming the feature character string based on the image feature, the operation speed can be increased when subsequently determining the verification information based on the feature character string. In practice, the data in the feature vector is generally floating-point data, and the shift operation on the floating-point data is usually complex and time-consuming. And the shift operation on the binary data becomes simple and efficient.
As can be seen from fig. 4, compared with the embodiment corresponding to fig. 2, the image information processing method for protecting privacy according to the embodiment highlights the steps of acquiring a feature vector extracted from a biometric image of a user, performing hash operation on the feature vector to obtain a hash feature, determining the hash feature as an image feature of the biometric image of the user, and forming a feature character string based on the image feature. Therefore, the scheme provided by the embodiment can improve the operation speed in addition to realizing the technical effect of the embodiment corresponding to fig. 2.
With further reference to fig. 5, a flow 500 of one embodiment of a privacy preserving authentication method is shown. The identity authentication method is applied to the client 101 shown in fig. 1, and comprises the following steps:
and 505, determining whether the user is a legal user according to the comparison result.
In this embodiment, the target biometric image may include a face image, a fingerprint image, a finger vein image, an iris image, a voiceprint image, or the like. The duration of a cycle may be one day, two days, one week, etc. Assuming that the duration of one cycle is one day, the current cycle may refer to the current day.
The details of steps 501-505 are described below.
Before step 501, the client may obtain a target biometric image of a user whose identity is to be verified in response to an authentication trigger operation performed by the user.
Wherein, if the client is used to provide the payment service, the authentication trigger operation may be, for example, a payment operation. If the client is used to provide account login services, the authentication trigger operation may be, for example, an account login operation. It should be understood that the authentication triggering operation is not specifically limited by the present description.
In practice, when the client is software, the client can acquire a target biological characteristic image of a user to be authenticated through the terminal equipment where the client is located. When the client is a terminal device, the client can start a corresponding biological characteristic acquisition device to acquire a target biological characteristic image of the user.
In step 501, the client may determine image features corresponding to the target biometric image, forming a feature string based on the image features. Further, the client can perform feature extraction on the target biological feature image to obtain an extracted feature vector, and then determine the image features of the target biological feature image according to the feature vector.
It should be understood that the method of determining the image features of the target biometric image by the client is similar to the method of determining the image features of the biometric image at the server side. For example, if the server side directly determines the feature vector of the biometric image as the image feature, the client side may determine the feature vector of the target biometric image as the image feature. If the server determines the hash feature obtained by performing hash operation on the feature vector of the biological feature image as the image feature, the client may perform hash operation on the feature vector of the target biological feature image to obtain the hash feature, and determine the hash feature as the image feature of the target biological feature image. It should be noted that the client and the server use the same hash algorithm.
In step 502, the client may use different obtaining methods to obtain valid verification data in the current period.
For example, if the validation data valid in the current period is stored locally in the client in advance, the client may obtain the validation data from a predetermined local storage location. For example, before step 501, the client may receive the shift amount and the at least one piece of authentication information from the server, respectively, and store the shift amount and the at least one piece of authentication information to a predetermined local storage location.
For another example, if the client does not locally store valid verification data in the current period, the client may send a verification data acquisition request related to the current period to the server, and then receive the shift number and at least one piece of verification information that are respectively returned by the server in response to the verification data acquisition request. The client may then store the shift amount and the at least one piece of authentication information to a predetermined storage location locally.
It should be noted that the shift number and the verification information may correspond to different predetermined storage locations. Therefore, the possibility that the shift number and the verification information are simultaneously acquired by lawbreakers can be reduced by storing the shift number and the verification information in different storage positions, so that the verification information can be protected in an enhanced manner, and the risk caused by the loss of the verification information is further reduced.
In step 503, the client may intercept the substrings with the number equal to the shift number in a predetermined direction from one end of the feature string, splice the substrings to the other end, and use the spliced feature string as the feature to be verified.
As an example, if the predetermined direction is from left to right, the client may cut the substrings with the number equal to the shift number from left to right from the left end of the feature string, and concatenate the substrings to the right end of the feature string. If the predetermined direction is from right to left, the client may intercept the substrings whose number is equal to the shift number from right to left from the right end of the feature string, and splice the substrings to the left end of the feature string.
It should be understood that the shifting operation performed when the client acquires the feature to be verified is similar to the shifting operation performed when the server acquires the verification information.
In step 504, the client may compare the feature to be verified with one or more pieces of verification information in the verification data.
In one scenario example, the client is a client used by a particular user, for example, a scenario in which a user uses a personal smartphone for fingerprint verification. At this time, the client may only obtain the verification information of the specific user, that is, only one piece of verification information in the verification data, and at this time, the client may directly compare the feature to be verified with the verification information.
In another example scenario, the client is a client that is not used by a particular plurality of users, such as an IoT tool in a brick and mortar store for face-brushing payments. In such a case, the verification data generally includes a plurality of pieces of verification information, and when the server sends the verification information and the shift number to the client, the server may also send the user identifier of the user to which the verification information belongs to the client together for the client to store. Correspondingly, when the client side obtains the target biological characteristic image of the user with the identity to be verified, the client side also obtains the user identification of the user, so that the client side can select verification information corresponding to the user identification from verification data, and then compares the feature to be verified with the selected verification information.
It should be noted that in some verification scenarios, the user may input the user identifier through other channels. The client may obtain the user identifier input by the user.
Optionally, if there are multiple pieces of verification information in the verification data, the client may also compare the verification information in the verification data with the features to be verified in sequence until the verification information matched with the features to be verified is compared, or it is determined that each piece of verification information in the verification data is not matched with the features to be verified.
It should be noted that, when the client compares the feature to be verified and the verification information, the client may use a similarity calculation method to calculate the similarity between the two features. And if the similarity between the two signals reaches a preset similarity threshold value, determining that the two signals are matched. And if the similarity between the two does not reach a preset similarity threshold value, determining that the two are not matched. It should be understood that if the verification information matching the feature to be verified is compared, the feature to be verified can be successfully compared with the verification information in the verification data. If the verification information matched with the to-be-verified feature is not compared, the verification information in the to-be-verified feature and the verification data can be represented to fail to be compared.
Optionally, if the feature to be verified and the verification information are binary character strings, the client may compare the characters at the positions corresponding to the feature to be verified and the verification information. Here, the feature to be authenticated and the authentication information have the same character string length L. Then, the client may count the number N of the compared consistent characters. Then, the client may determine a ratio between N and L as a similarity between the feature to be verified and the verification information.
In step 505, if the comparison result shows that the feature to be verified is successfully compared with the verification information in the verification data, it is determined that the user is a valid user. And if the comparison result shows that the comparison between the features to be verified and the verification information in the verification data fails, determining that the user is an illegal user.
With continued reference to fig. 6, fig. 6 is a schematic diagram of an application scenario of the privacy-preserving authentication method according to the present embodiment. In the application scenario, the client is an IOT tool that supports face-brushing payment. The target biometric image is a face image. The duration of a cycle is one day.
When the scheduled time point of the day comes, the server may obtain at least one piece of verification information and a shift number valid on the day by using the image information processing method for protecting privacy as described above, and send the at least one piece of verification information and the shift number to the client, respectively, as shown by reference numerals 6011 and 6012. Thereafter, the client may store the at least one piece of authentication information and the shift amount, which are respectively received, to a local predetermined storage location, as indicated by reference numeral 602.
When the user performs a face-brushing payment using the client, the user may perform a face-brushing payment operation using the client as indicated by reference numeral 603. The client may then obtain a facial image of the user in response to detecting the swipe payment operation, as indicated by reference numeral 604. Thereafter, the client may determine a characteristic character string corresponding to the face image, as indicated by reference numeral 605. Next, the client may obtain verification data valid for the current day from a predetermined local storage location, as shown at reference numeral 606, the verification data including the shift number and at least one piece of verification information. Then, as shown by reference numeral 607, the client performs a shift operation in a predetermined direction on the feature string according to the shift number to obtain the feature to be verified. The client may then compare the features to be verified with the verification information in the verification data, as indicated by reference numeral 608. Then, the client end can determine whether the user is a legal user according to the comparison result, as shown by reference numeral 609.
Therefore, when the client determines that the user is a legal user, the subsequent payment process can be continuously executed. When the client determines that the user is an illegal user, prompt information used for indicating that the user fails to pass the identity authentication can be generated and displayed.
It should be noted that, those skilled in the art can derive other types of target biometric image embodiments by analogy from the contents related to the face image shown in fig. 6, and this description does not list them one by one.
In the identity authentication method for protecting privacy provided by this embodiment, a feature character string corresponding to a target biological feature image is determined in response to the target biological feature image of a user whose identity is to be authenticated, and then valid authentication data in a current period is obtained, where the authentication data includes a shift number and at least one piece of authentication information, and then, according to the shift number, a shift operation in a predetermined direction is performed on the feature character string to obtain a feature to be authenticated, so that the feature to be authenticated is compared with the authentication information in the authentication data, and whether the user is a legitimate user is determined according to a comparison result. According to the scheme provided by the embodiment, the verification information can be normally compared without being decoded, so that the accuracy and the high efficiency of the identity verification can be ensured, and the client can realize the identity verification of the user based on the verification information and the shift number.
With further reference to fig. 7, as an implementation of the methods shown in some of the above figures, the present specification provides an embodiment of an image information processing apparatus for protecting privacy, which corresponds to the method embodiment shown in fig. 2, and which can be applied to the server 100 shown in fig. 1.
As shown in fig. 7, the privacy-preserving image-information processing apparatus 700 of the present embodiment includes: an acquisition unit 701, an allocation unit 702, a shift unit 703 and a transmission unit 704. Wherein the acquisition unit 701 is configured to acquire a feature character string formed based on an image feature of a biometric image of a user; the assigning unit 702 is configured to assign corresponding shift numbers for the feature strings; the shifting unit 703 is configured to perform a shifting operation in a predetermined direction on the feature string according to the shift number, so as to obtain valid verification information in a current period; the sending unit 704 is configured to send the verification information and the shift amount to the client, respectively.
In this embodiment, specific processing of the obtaining unit 701, the allocating unit 702, the shifting unit 703 and the sending unit 704 and technical effects brought by the processing can refer to related descriptions of step 201, step 202, step 203 and step 204 in the corresponding embodiment of fig. 2, which are not described herein again.
In some optional implementations of this embodiment, the biometric image may include any one of the following: face images, fingerprint images, finger vein images, iris images, voice print images, and the like.
In some optional implementation manners of this embodiment, the duration of one period may be one day, and the current period may be the current day.
In some optional implementations of the embodiment, the step of obtaining a feature character string formed based on an image feature of the biometric image of the user is performed in any one of: detecting that the current time reaches a preset time point in the current period; and receiving a verification data acquisition request sent by the client in the current period.
In some optional implementation manners of this embodiment, the obtaining unit 701 may include: an acquisition subunit (not shown in the figure) configured to acquire image features extracted from the biometric image; a determination subunit (not shown in the figure) configured to form a feature string based on the image feature.
In some optional implementations of this embodiment, the obtaining subunit may be further configured to: acquiring a feature vector extracted from a biological feature image; the feature vector is determined as an image feature.
In some optional implementations of this embodiment, the obtaining subunit may be further configured to: acquiring a feature vector extracted from a biological feature image; performing hash operation on the feature vector to obtain hash features; the hash feature is determined as an image feature.
In some optional implementations of this embodiment, the allocating unit 702 may be further configured to: a shift number is randomly generated and assigned to the feature string.
In some optional implementations of this embodiment, the shifting unit 703 may include: and a shift subunit (not shown in the figure) configured to cut the sub character strings of which the number is equal to the shift number in a predetermined direction from one end of the feature character string, and splice the sub character strings to the other end.
In some optional implementations of this embodiment, the predetermined direction is from left to right; and the shift subunit may be further configured to: and intercepting the sub character strings with the number equal to the shift number from left to right from the left end part of the characteristic character string, and splicing the sub character strings to the right end part of the characteristic character string.
In some optional implementations of this embodiment, the predetermined direction is from right to left; and the shift subunit may be further configured to: and intercepting the sub character strings with the number equal to the shift number from the right to the left from the right end part of the characteristic character string, and splicing the sub character strings to the left end part of the characteristic character string.
According to the privacy-protecting image information processing device provided by the embodiment, the characteristic character string formed based on the image characteristics of the biological characteristic image of the user is obtained through the obtaining unit, the corresponding shift number is distributed to the characteristic character string through the distributing unit, then the shifting operation in the preset direction is carried out on the characteristic character string through the shifting unit according to the shift number to obtain the effective verification information in the current period, and then the verification information and the shift number are respectively sent to the client through the sending unit so that the client can store the verification information and the shift number conveniently. The authentication information may be regarded as an encrypted feature. By attaching a validity period to the authentication information, it is possible to ensure that the authentication information in each period is not reusable. Therefore, the risk caused by the loss of the biological characteristic data can be reduced by sending the valid verification information in the current period to the client for the storage of the client. In addition, when the verification information is sent, the shift number is also sent, so that the client can realize the identity verification of the user according to the verification information and the shift number.
With further reference to fig. 8, as an implementation of the methods shown in some of the above figures, the present specification provides an embodiment of an authentication apparatus for protecting privacy, which corresponds to the method embodiment shown in fig. 5, and which may be applied to the client 101 shown in fig. 1.
As shown in fig. 8, the privacy protection authentication apparatus 800 of the present embodiment includes: a first determination unit 801, an acquisition unit 802, a shift unit 803, a comparison unit 804, and a second determination unit 805. The first determination unit 801 is configured to determine a feature character string corresponding to a target biological feature image in response to acquiring the target biological feature image of the user to be authenticated; the obtaining unit 802 is configured to obtain valid verification data in a current period, the verification data including a shift number and at least one piece of verification information; the shifting unit 803 is configured to perform a shifting operation in a predetermined direction on the feature character string according to the shift number to obtain a feature to be verified; the comparing unit 804 is configured to compare the feature to be verified with verification information in the verification data; the second determination unit 805 is configured to determine whether the user is a valid user according to the comparison result.
In this embodiment, specific processing of the first determining unit 801, the obtaining unit 802, the shifting unit 803, the comparing unit 804 and the second determining unit 805 and technical effects thereof may refer to related descriptions of step 501, step 502, step 503, step 504 and step 505 in the corresponding embodiment of fig. 5, which are not repeated herein.
In some optional implementations of this embodiment, the target biometric image may include any one of: face images, fingerprint images, finger vein images, iris images, voice print images, and the like.
In some optional implementation manners of this embodiment, the duration of one period is one day, and the current period is the current day.
In some optional implementations of this embodiment, the apparatus 800 may further include: a receiving unit (not shown in the figure) configured to receive the shift number and at least one piece of authentication information from the server, respectively, before the first determining unit 801 determines the feature character string corresponding to the target biometric image in response to acquiring the target biometric image of the user whose identity is to be authenticated; a storage unit (not shown in the drawings) configured to store the shift amount and the at least one piece of authentication information to a local predetermined storage location; and the obtaining unit 802 may be further configured to: authentication data is retrieved from a predetermined storage location.
In some optional implementations of this embodiment, the obtaining unit 802 may be further configured to: responding to the situation that the verification data are not stored locally, and sending a verification data acquisition request related to the current period to a server; and receiving the shift number and at least one piece of verification information which are respectively returned by the server side in response to the verification data acquisition request.
In some optional implementations of this embodiment, the determining unit 803 may include: a first determining subunit (not shown in the figure) configured to determine an image feature corresponding to the target biometric image; a second determining subunit (not shown in the figure) configured to form a feature character string based on the image feature.
In some optional implementations of this embodiment, the first determining subunit may be further configured to: extracting a feature vector from the target biological feature image; the feature vector is determined as an image feature.
In some optional implementations of this embodiment, the first determining subunit may be further configured to: extracting a feature vector from the target biological feature image; performing hash operation on the feature vector to obtain hash features; the hash feature is determined as an image feature.
In some optional implementations of this embodiment, the shifting unit 803 may include: and a shift subunit (not shown in the figure) configured to cut the sub character strings of which the number is equal to the shift number in a predetermined direction from one end of the feature character string, and splice the sub character strings to the other end.
In some optional implementations of this embodiment, the predetermined direction is from left to right; and the shift subunit may be further configured to: and intercepting the sub character strings with the number equal to the shift number from left to right from the left end part of the characteristic character string, and splicing the sub character strings to the right end part of the characteristic character string.
In some optional implementations of this embodiment, the predetermined direction is from right to left; and the shift subunit may be further configured to: and intercepting the sub character strings with the number equal to the shift number from the right to the left from the right end part of the characteristic character string, and splicing the sub character strings to the left end part of the characteristic character string.
In some optional implementations of this embodiment, the obtaining unit 802 may be further configured to obtain a user identifier of the user; and the alignment unit 804 may be further configured to: selecting verification information corresponding to the user identification from the verification data; and comparing the characteristics to be verified with the selected verification information.
In some optional implementations of this embodiment, the comparing unit 804 may be further configured to: and comparing the verification information in the verification data with the features to be verified in sequence until the verification information matched with the features to be verified is obtained through comparison, or determining that all the verification information in the verification data is not matched with the features to be verified.
In some optional implementations of this embodiment, the second determining unit 805 may be further configured to: if the comparison result shows that the feature to be verified is successfully compared with the verification information in the verification data, determining that the user is a legal user; and if the comparison result shows that the comparison between the features to be verified and the verification information in the verification data fails, determining that the user is an illegal user.
In the identity authentication device for protecting privacy provided by this embodiment, the first determining unit determines the feature character string corresponding to the target biometric image in response to the target biometric image of the user whose identity is to be authenticated, the obtaining unit obtains valid authentication data in the current period, the authentication data includes a shift number and at least one piece of authentication information, the shifting unit performs a shift operation in a predetermined direction on the feature character string according to the shift number to obtain the feature to be authenticated, so that the comparing unit compares the feature to be authenticated with the authentication information in the authentication data, and the second determining unit determines whether the user is a valid user according to the comparison result. According to the scheme provided by the embodiment, the verification information can be normally compared without being decoded, so that the accuracy and the high efficiency of the identity verification can be ensured, and the client can realize the identity verification of the user based on the verification information and the shift number.
Embodiments of the present specification further provide a computer-readable storage medium on which a computer program is stored, wherein when the computer program is executed in a computer, the computer program causes the computer to execute the privacy-protecting image information processing method or the privacy-protecting identity authentication method respectively shown in the above method embodiments.
The embodiment of the present specification further provides a computing device, which includes a memory and a processor, where the memory stores executable code, and when the processor executes the executable code, the image information processing method for protecting privacy or the identity authentication method for protecting privacy, which are respectively shown in the above method embodiments, are implemented.
The present specification also provides a computer program product, which when executed on a data processing apparatus, causes the data processing apparatus to implement the privacy-protecting image information processing method or the privacy-protecting identity authentication method respectively shown in the above method embodiments.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments disclosed herein may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, objects, technical solutions and advantages of the embodiments disclosed in the present specification are further described in detail, it should be understood that the above-mentioned embodiments are only specific embodiments of the embodiments disclosed in the present specification, and are not intended to limit the scope of the embodiments disclosed in the present specification, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the embodiments disclosed in the present specification should be included in the scope of the embodiments disclosed in the present specification.
Claims (29)
1. A privacy protection image information processing method is applied to a server and comprises the following steps:
acquiring a feature character string formed based on image features of a biometric image of a user;
distributing corresponding shift numbers for the characteristic character strings;
according to the shift number, performing shift operation in a preset direction on the characteristic character string to obtain effective verification information in the current period;
and respectively sending the verification information and the shift number to a client.
2. The method of claim 1, wherein the biometric image comprises any one of: face image, fingerprint image, finger vein image, iris image.
3. The method of claim 1, wherein the duration of a cycle is one day and the current cycle is the current day.
4. The method according to claim 1, wherein the step of acquiring a feature character string formed based on an image feature of a biometric image of a user is performed in any one of:
detecting that the current time reaches a preset time point in the current period;
and receiving a verification data acquisition request sent by the client in the current period.
5. The method of claim 1, wherein the obtaining a feature string formed based on image features of a biometric image of a user comprises:
acquiring image features extracted from the biological feature image;
forming the feature string based on the image feature.
6. The method of claim 5, wherein said obtaining image features extracted from the biometric image comprises:
acquiring a feature vector extracted from the biological feature image;
determining the feature vector as the image feature.
7. The method of claim 5, wherein said obtaining image features extracted from the biometric image comprises:
acquiring a feature vector extracted from the biological feature image;
carrying out Hash operation on the feature vector to obtain Hash features;
determining the hash feature as the image feature.
8. The method of claim 1, wherein said assigning the corresponding shift number to the feature string comprises:
the shift numbers are randomly generated and assigned to the feature strings.
9. The method according to one of claims 1 to 8, wherein the performing a shift operation in a predetermined direction on the feature character string according to the shift number comprises:
and cutting the sub character strings with the number equal to the shift number along the preset direction from one end part of the characteristic character string, and splicing the sub character strings to the other end part.
10. The method of claim 9, wherein the predetermined direction is from left to right; and
the cutting out a number of sub character strings equal to the shift number along the preset direction from one end part of the characteristic character string, and splicing the sub character strings to the other end part comprises the following steps:
and intercepting the sub character strings from left to right from the left end part of the characteristic character string, and splicing the sub character strings to the right end part of the characteristic character string.
11. The method of claim 9, wherein the predetermined direction is from right to left; and
the cutting out a number of sub character strings equal to the shift number along the preset direction from one end part of the characteristic character string, and splicing the sub character strings to the other end part comprises the following steps:
and intercepting the sub character strings from right to left from the right end part of the feature character string, and splicing the sub character strings to the left end part of the feature character string.
12. An identity authentication method for protecting privacy is applied to a client and comprises the following steps:
in response to the target biological characteristic image of the user of which the identity is to be verified is obtained, determining a characteristic character string corresponding to the target biological characteristic image;
obtaining valid verification data in a current period, wherein the verification data comprises a shift number and at least one piece of verification information;
according to the shift number, performing shift operation in a preset direction on the feature character string to obtain a feature to be verified;
comparing the feature to be verified with verification information in the verification data;
and determining whether the user is a legal user or not according to the comparison result.
13. The method of claim 12, wherein the target biometric image comprises any one of: face image, fingerprint image, finger vein image, iris image.
14. The method of claim 12, wherein the duration of a cycle is one day and the current cycle is the current day.
15. The method according to claim 12, wherein before the determining a feature character string corresponding to a target biometric image of a user whose identity is to be verified in response to acquiring the target biometric image, the method further comprises:
receiving the shift number and the at least one piece of verification information from a server respectively;
storing the shift amount and the at least one piece of verification information to a local predetermined storage location; and
the acquiring valid verification data in the current period includes:
retrieving the verification data from the predetermined storage location.
16. The method of claim 12, wherein the obtaining validation data valid for a current period comprises:
responding to the situation that the verification data are not stored locally, and sending a verification data acquisition request related to the current period to a server;
and receiving the shift number and the at least one piece of verification information which are respectively returned by the server side in response to the verification data acquisition request.
17. The method of claim 12, wherein the determining a feature string corresponding to the target biometric image comprises:
determining an image feature corresponding to the target biometric image;
forming the feature string based on the image feature.
18. The method of claim 17, wherein the determining image features corresponding to the target biometric image comprises:
extracting a feature vector from the target biological feature image;
determining the feature vector as the image feature.
19. The method of claim 17, wherein the determining image features corresponding to the target biometric image comprises:
extracting a feature vector from the target biological feature image;
carrying out Hash operation on the feature vector to obtain Hash features;
determining the hash feature as the image feature.
20. The method according to claim 12, wherein the performing a shift operation in a predetermined direction on the feature character string according to the shift number comprises:
and cutting the sub character strings with the number equal to the shift number along the preset direction from one end part of the characteristic character string, and splicing the sub character strings to the other end part.
21. The method of claim 20, wherein the predetermined direction is from left to right; and
the cutting out a number of sub character strings equal to the shift number along the preset direction from one end part of the characteristic character string, and splicing the sub character strings to the other end part comprises the following steps:
and intercepting the sub character strings from left to right from the left end part of the characteristic character string, and splicing the sub character strings to the right end part of the characteristic character string.
22. The method of claim 20, wherein the predetermined direction is from right to left; and
the cutting out a number of sub character strings equal to the shift number along the preset direction from one end part of the characteristic character string, and splicing the sub character strings to the other end part comprises the following steps:
and intercepting the sub character strings from right to left from the right end part of the feature character string, and splicing the sub character strings to the left end part of the feature character string.
23. The method of claim 12, wherein the method further comprises:
acquiring a user identifier of the user; and
the comparing the feature to be verified with the verification information in the verification data includes:
selecting the verification information corresponding to the user identification from the verification data;
and comparing the characteristic to be verified with the selected verification information.
24. The method of claim 12, wherein the comparing the feature to be verified with verification information in the verification data comprises:
and comparing the verification information in the verification data with the features to be verified in sequence until the verification information matched with the features to be verified is compared, or determining that all the verification information in the verification data is not matched with the features to be verified.
25. The method according to any of claims 12-24, wherein said determining whether said user is a legitimate user based on said comparison comprises:
if the comparison result shows that the feature to be verified is successfully compared with the verification information in the verification data, determining that the user is a legal user;
and if the comparison result shows that the comparison between the features to be verified and the verification information in the verification data fails, determining that the user is an illegal user.
26. An image information processing device for protecting privacy is applied to a server and comprises:
an acquisition unit configured to acquire a feature character string formed based on an image feature of a biometric image of a user;
an allocation unit configured to allocate a corresponding shift number to the feature string;
the shifting unit is configured to perform shifting operation in a preset direction on the characteristic character string according to the shifting number to obtain valid verification information in the current period;
a sending unit configured to send the verification information and the shift amount to a client, respectively.
27. An authentication device for protecting privacy is applied to a client and comprises:
the first determination unit is configured to determine a characteristic character string corresponding to a target biological characteristic image of a user to be authenticated in response to the target biological characteristic image being acquired;
an acquisition unit configured to acquire verification data valid in a current cycle, the verification data including a shift amount and at least one piece of verification information;
the shifting unit is configured to perform shifting operation in a preset direction on the characteristic character string according to the shifting number to obtain a characteristic to be verified;
a comparison unit configured to compare the feature to be verified with verification information in the verification data;
and the second determining unit is configured to determine whether the user is a legal user according to the comparison result.
28. A computer-readable storage medium, on which a computer program is stored, wherein the computer program, when executed in a computer, causes the computer to perform the method of any of claims 1-25.
29. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that when executed by the processor implements the method of any of claims 1-25.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010442272.2A CN111598576A (en) | 2020-05-22 | 2020-05-22 | Privacy-protecting image information processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010442272.2A CN111598576A (en) | 2020-05-22 | 2020-05-22 | Privacy-protecting image information processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111598576A true CN111598576A (en) | 2020-08-28 |
Family
ID=72192490
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010442272.2A Pending CN111598576A (en) | 2020-05-22 | 2020-05-22 | Privacy-protecting image information processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111598576A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104317823A (en) * | 2014-09-30 | 2015-01-28 | 北京合力思腾科技股份有限公司 | Method for carrying out data detection by utilizing data fingerprints |
| CN106059753A (en) * | 2016-03-10 | 2016-10-26 | 西京学院 | Novel fingerprint key generation method for digital signature |
| CN106936586A (en) * | 2016-12-07 | 2017-07-07 | 中国电子科技集团公司第三十研究所 | A kind of biological secret key extracting method based on fingerprint bit string and Error Correction of Coding |
| CN110119608A (en) * | 2014-03-27 | 2019-08-13 | 阿里巴巴集团控股有限公司 | A kind of biological information processing method, biological information store method and device |
| CN110909335A (en) * | 2019-12-03 | 2020-03-24 | 北京集联网络技术有限公司 | Binary biological characteristic identification method for privacy protection |
| CN110941730A (en) * | 2019-11-29 | 2020-03-31 | 南京甄视智能科技有限公司 | Retrieval method and device based on human face feature data migration |
-
2020
- 2020-05-22 CN CN202010442272.2A patent/CN111598576A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110119608A (en) * | 2014-03-27 | 2019-08-13 | 阿里巴巴集团控股有限公司 | A kind of biological information processing method, biological information store method and device |
| CN104317823A (en) * | 2014-09-30 | 2015-01-28 | 北京合力思腾科技股份有限公司 | Method for carrying out data detection by utilizing data fingerprints |
| CN106059753A (en) * | 2016-03-10 | 2016-10-26 | 西京学院 | Novel fingerprint key generation method for digital signature |
| CN106936586A (en) * | 2016-12-07 | 2017-07-07 | 中国电子科技集团公司第三十研究所 | A kind of biological secret key extracting method based on fingerprint bit string and Error Correction of Coding |
| CN110941730A (en) * | 2019-11-29 | 2020-03-31 | 南京甄视智能科技有限公司 | Retrieval method and device based on human face feature data migration |
| CN110909335A (en) * | 2019-12-03 | 2020-03-24 | 北京集联网络技术有限公司 | Binary biological characteristic identification method for privacy protection |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6882254B2 (en) | Safety verification methods based on biological characteristics, client terminals, and servers | |
| CN109660501B (en) | System and method for providing blockchain based multi-factor personal identity verification | |
| US9049191B2 (en) | Biometric authentication system, communication terminal device, biometric authentication device, and biometric authentication method | |
| CN111738238B (en) | Face recognition method and device | |
| US10360463B2 (en) | Method and apparatus of verifying usability of biological characteristic image | |
| CN109325342A (en) | Identity information management method, apparatus, computer equipment and storage medium | |
| EP2009568A2 (en) | Biometric authentication | |
| CN105553928B (en) | Communication method, device and system based on biological feature recognition | |
| US11477190B2 (en) | Dynamic user ID | |
| EP3525181B1 (en) | Identity validity verification method and electronic terminal | |
| CN110311895B (en) | Session permission verification method and system based on identity authentication and electronic equipment | |
| KR102274132B1 (en) | User authentication server that performs verification of electronic signature data generated based on biometric authentication in association with a plurality of verification servers and operating method thereof | |
| EP3157193A1 (en) | Remote sharing method, and vtm terminal, network side device and system | |
| WO2016022555A1 (en) | Security verification method, apparatus, server and terminal device | |
| US11663306B2 (en) | System and method for confirming a person's identity | |
| CN114547589A (en) | Privacy-protecting user registration and user authentication method and device | |
| CN111598576A (en) | Privacy-protecting image information processing method and device | |
| EP3745289A1 (en) | Apparatus and method for registering biometric information, apparatus and method for biometric authentication | |
| CN106533685B (en) | Identity authentication method, device and system | |
| KR100687725B1 (en) | Method and apparatus for secure authentication of fingerprint data | |
| TWI736280B (en) | Identity verification method based on biometrics | |
| JP5574005B2 (en) | Biometric authentication method and system | |
| CN116916310A (en) | Verification code generation and verification method and device and electronic equipment | |
| CN115459987A (en) | Data encryption method and device | |
| JP2022093401A (en) | Computer system, server, terminal, program, and information processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40035945 Country of ref document: HK |
|
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200828 |
|
| RJ01 | Rejection of invention patent application after publication |