CN112418863A - Client, cloud server, identity recognition method and system thereof, and computer storage medium - Google Patents

Client, cloud server, identity recognition method and system thereof, and computer storage medium Download PDF

Info

Publication number
CN112418863A
CN112418863A CN202010766784.4A CN202010766784A CN112418863A CN 112418863 A CN112418863 A CN 112418863A CN 202010766784 A CN202010766784 A CN 202010766784A CN 112418863 A CN112418863 A CN 112418863A
Authority
CN
China
Prior art keywords
extraction algorithm
feature value
client
cloud server
library
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010766784.4A
Other languages
Chinese (zh)
Other versions
CN112418863B (en
Inventor
周雍恺
于文海
钱进
乔萧雅
刘国宝
孙权
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN202010766784.4A priority Critical patent/CN112418863B/en
Priority to PCT/CN2021/075547 priority patent/WO2022027948A1/en
Publication of CN112418863A publication Critical patent/CN112418863A/en
Priority to TW110107872A priority patent/TWI781546B/en
Application granted granted Critical
Publication of CN112418863B publication Critical patent/CN112418863B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1365Matching; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/172Classification, e.g. identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/50Maintenance of biometric data or enrolment thereof
    • G06V40/53Measures to keep reference information secret, e.g. cancellable biometrics

Landscapes

  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Business, Economics & Management (AREA)
  • Human Computer Interaction (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Collating Specific Patterns (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to an identity recognition method executed by a client, which comprises the following steps: collecting biological characteristic information of a user; extracting a first characteristic value from the biological characteristic information by using a first extraction algorithm prestored in the client; sending a first comparison request message containing the first characteristic value to a cloud server; after the comparison is passed, receiving a second extraction algorithm from the cloud server, wherein the second extraction algorithm is an updated version of the first extraction algorithm; extracting a second feature value from the biological feature information by using the second extraction algorithm; and sending a registration message containing the second characteristic value to the cloud server so as to store the second characteristic value. The invention also relates to an identity recognition method executed by the client, the cloud server, a computer storage medium and an identity recognition system.

Description

Client, cloud server, identity recognition method and system thereof, and computer storage medium
Technical Field
The present invention relates to an identity recognition scheme, and more particularly, to a client, a cloud server, an identity recognition method thereof, a computer storage medium, and an identity recognition system.
Background
In recent years, biometric features (such as human faces and fingerprints) are becoming the mainstream identification method due to the close relationship between the biometric features and individual identities, and important financial scenes such as money withdrawal, payment and mobile banking login are being used in many ways. Most present biological characteristic identification system is the plain text original image of direct acquisition and storage biological characteristic (for example the original image of people's face, fingerprint), and good biological characteristic matching can be realized to this kind of scheme, but also has huge potential safety hazard and privacy compliance problem simultaneously, because biological characteristic data in case reveal, will unable change or destroy to biological characteristic incident user privacy, direct acquisition and storage plain text original image can have the compliance risk.
Accordingly, an improved identification scheme is desired.
Disclosure of Invention
According to an aspect of the present invention, there is provided an identity recognition method performed by a client, the method including: collecting biological characteristic information of a user; extracting a first characteristic value from the biological characteristic information by using a first extraction algorithm prestored in the client; sending a first comparison request message containing the first characteristic value to a cloud server; receiving a second extraction algorithm from the cloud server, the second extraction algorithm being an updated version of the first extraction algorithm; extracting a second feature value from the biological feature information by using the second extraction algorithm; and sending a registration message containing the second characteristic value to the cloud server so as to store the second characteristic value.
In addition or as an alternative to the above, the above identity recognition method may further include deleting the first extraction algorithm.
Additionally or alternatively to the above, in the above identity recognition method, the first comparison request message and the registration message are both transmitted by encryption.
Additionally or alternatively to the above, in the above identity recognition method, the first comparison request message further includes an identification number of a first extraction algorithm, and the registration message further includes an identification number of a second extraction algorithm.
Additionally or alternatively to the above, in the above identity recognition method, after the comparison is passed and when a second extraction algorithm that is newer than the first extraction algorithm exists, the second extraction algorithm is received from the cloud server.
In addition or alternatively to the above, the above identity recognition method may further include: collecting second biological characteristic information of the user; extracting a third feature value from the second biometric information by using the second extraction algorithm in the client; and sending a second comparison request message containing the third characteristic value and the identification number of the second extraction algorithm to the cloud server.
According to another aspect of the present invention, there is provided a client for identity recognition, the client comprising: the acquisition device is used for acquiring the biological characteristic information of the user; the extraction device is used for extracting a first characteristic value from the biological characteristic information by utilizing a first extraction algorithm prestored in the client; the sending device is used for sending a first comparison request message containing the first characteristic value to a cloud server; and a receiving device for receiving a second extraction algorithm from the cloud server after the comparison is passed, the second extraction algorithm being an updated version of the first extraction algorithm, wherein the extracting device is further configured to extract a second feature value from the biometric information using the second extraction algorithm, and the sending device is further configured to send a registration message including the second feature value to the cloud server so as to store the second feature value.
In addition or alternatively to the above, the client may further include a deleting device configured to delete the first extraction algorithm.
Additionally or alternatively to the above, in the above client, the sending device is configured to transmit the first comparison request message and the registration message encrypted.
Additionally or alternatively to the above, in the client, the first comparison request message further includes an identifier of a first extraction algorithm, and the registration message further includes an identifier of a second extraction algorithm.
Additionally or alternatively, in the client, the receiving device is configured to receive a second extraction algorithm from the cloud server after the comparison passes and when the second extraction algorithm exists in a version that is newer than the first extraction algorithm.
Additionally or alternatively to the above, in the client, the acquiring device is further configured to acquire second biometric information of the user; the extracting means is further configured to extract a third feature value from the second biometric information using the second extraction algorithm in the client; and the sending device is further configured to send a second comparison request message containing the third feature value and the identification number of the second extraction algorithm to the cloud server.
According to another aspect of the present invention, there is provided an identity recognition method performed by a cloud server, the method including: receiving a first comparison request message containing a first characteristic value from a client, wherein the first characteristic value is extracted from the collected biological characteristic information of the user by using a first extraction algorithm prestored in the client; comparing the first characteristic value with a characteristic value library in the cloud server; after the comparison is passed and a second extraction algorithm which is more updated than the first extraction algorithm exists, sending the second extraction algorithm to the client; receiving a registration message from the client containing a second feature value extracted from the previously acquired biometric information using the second extraction algorithm; and storing the second feature value in the feature value library.
Additionally or alternatively to the above, in the above identity recognition method, the first comparison request message and the registration message are both transmitted by encryption.
Additionally or alternatively to the above, in the above identity recognition method, the first comparison request message further includes an identification number of a first extraction algorithm, and the registration message further includes an identification number of a second extraction algorithm.
In addition or alternatively to the above, the above identity recognition method may further include: after storing the second feature value in the feature value library, removing a record corresponding to the first feature value from the feature value library.
In addition to or as an alternative to the above, in the above identity recognition method, the feature value library includes a first sub-feature value library corresponding to the first extraction algorithm and a second sub-feature value library corresponding to the second extraction algorithm, wherein a record corresponding to the first feature value is stored in the first sub-feature value library, and a record corresponding to the second feature value is stored in the second sub-feature value library.
As an addition or an alternative to the above scheme, in the above identity recognition method, when the number of records in the first sub-feature value library is reduced to 0, the association module corresponding to the first extraction algorithm is deleted.
According to still another aspect of the present invention, there is provided a cloud server, including: receiving means for receiving a first comparison request message including a first feature value from a client, where the first feature value is extracted from the collected biometric information of the user by using a first extraction algorithm pre-stored in the client; the comparison device is used for comparing the first characteristic value with a characteristic value library in the cloud server; the sending device is used for sending a second extraction algorithm which is updated in version compared with the first extraction algorithm to the client side after the comparison is passed; and a storage device for storing a second feature value in the feature value library, wherein the receiving device is further configured to receive a registration message containing the second feature value from the client, the second feature value being extracted from the previously acquired biometric information using the second extraction algorithm.
In addition to or as an alternative to the foregoing, in the cloud server, the first comparison request message and the registration message are both transmitted in an encrypted manner.
Additionally or alternatively to the above, in the cloud server, the first comparison request message further includes an identification number of a first extraction algorithm, and the registration message further includes an identification number of a second extraction algorithm.
In addition to or instead of the foregoing solution, the cloud server may further include: removing means for removing a record corresponding to the first feature value from the feature value library after storing the second feature value in the feature value library.
In addition or alternatively to the above, in the cloud server, the feature value library includes a first sub-feature value library corresponding to the first extraction algorithm and a second sub-feature value library corresponding to the second extraction algorithm, wherein a record corresponding to the first feature value is stored in the first sub-feature value library, and a record corresponding to the second feature value is stored in the second sub-feature value library.
In addition to or as an alternative to the foregoing, in the cloud server, the removing device is further configured to delete the association module corresponding to the first extraction algorithm when the number of records in the first sub-feature value library is reduced to 0.
According to yet another aspect of the present invention, there is provided a computer storage medium comprising instructions which, when executed, perform the identification method as described above.
According to another aspect of the present invention, an identity recognition system is provided, which includes the client and the cloud server as described above.
In contrast to the existing identification schemes, the identification scheme according to one or more embodiments of the present invention does not directly store the plaintext or original image of the biometric information (e.g., original image of human face or fingerprint), but adopts a method of transmitting and storing the characteristic value of the biometric information, thereby protecting the original biometric information from leakage. In addition, the identity can be judged to be true or false through the comparison of the characteristic values. Compared with a plain text picture, the characteristic value obviously has much reduced identifiability with naked eyes, so that the biological privacy of an individual can be protected to a certain extent.
In addition, the identity recognition scheme of one or more embodiments of the invention can be used for upgrading the extraction algorithm without requiring the user to acquire the biological feature information again, so that the user is not sensitive. Moreover, the client does not need to maintain and store a plurality of sets of biometric extraction algorithms, and the burden of processing and storing is hardly added to the client, so that the identity recognition scheme of one or more embodiments of the invention can ensure the privacy of the biometric features and can realize the availability and the easiness of algorithm upgrading.
Drawings
The above and other objects and advantages of the present invention will become more apparent from the following detailed description when taken in conjunction with the accompanying drawings, in which like or similar elements are designated by like reference numerals.
Fig. 1 shows a schematic flow diagram of an identification method performed by a client according to an embodiment of the invention;
FIG. 2 shows a schematic structural diagram of a client for identity recognition according to one embodiment of the present invention;
fig. 3 is a flowchart illustrating an identity recognition method performed by the cloud server according to an embodiment of the present invention; and
fig. 4 is a schematic structural diagram of a cloud server for identity recognition according to an embodiment of the present invention;
FIG. 5 illustrates a smooth upgrade scheme for an identity recognition system in an algorithm update scenario, according to an embodiment of the present invention; and
FIG. 6 illustrates an identification process of an identification system according to one embodiment of the invention.
Detailed Description
The embodiments of the present invention will be described in further detail with reference to the drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of an embodiment of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Fig. 1 shows a flow diagram of an identification method 1000 performed by a client according to an embodiment of the invention. As shown in fig. 1, the method 1000 includes the steps of:
in step S110, biometric information of the user is collected;
in step S120, extracting a first feature value from the biometric information by using a first extraction algorithm pre-stored in the client;
in step S130, sending a first comparison request message including the first feature value to a cloud server;
receiving a second extraction algorithm from the cloud server in step S140, the second extraction algorithm being an updated version of the first extraction algorithm;
in step S150, extracting a second feature value from the biometric information by using the second extraction algorithm; and
in step S160, a registration message including the second feature value is sent to the cloud server so as to store the second feature value.
In the context of the present invention, the term "client", also referred to as user side, refers to a device or apparatus corresponding to the cloud server that provides local services to the client. In one or more embodiments, the client has some basic functions, including a collection function of collecting biometric information of a user, a data processing function of extracting feature values from the collected biometric information by using an extraction algorithm pre-stored in the client, and the like. The client may be a user's smart device including, but not limited to, a user's cell phone, laptop, and head-mounted device.
The term "cloud server", also referred to as a remote server, refers to a device or apparatus corresponding to a "client" that provides remote services to the client. In one or more embodiments, the cloud server may provide the client with an online comparison function, i.e., compare the eigenvalue received from the client with the eigenvalue library in the cloud server. And the cloud server can also send the updated extraction algorithm to the client side after the comparison is passed and when the extraction algorithm with the updated version exists.
In the context of the present invention, the term "biometric information" refers to any information inherent to the human body that can be used for personal identification, including, but not limited to, physiological characteristics (e.g., fingerprint, iris, facial facies, DNA, etc.) and behavioral characteristics (gait, keystroke habits, etc.). The term "feature value" refers to an attribute extracted or calculated from biometric information by a particular algorithm (e.g., an extraction algorithm).
The term "extraction algorithm", also referred to as "biometric algorithm", refers to an algorithm capable of extracting or calculating a feature value from biometric information. The extraction algorithm may be updated as appropriate, and thus in one or more embodiments the extraction algorithm may have different versions, for example distinguished by an identification number.
In step S110, the client may collect the biometric information of the user in various ways. For example, the client may collect fingerprint information of the user through a pre-installed fingerprint identification module. For another example, the client may capture facial information of the user through a camera. As another example, the client may obtain biometric information of the user with the assistance of a third party device, such as by illuminating infrared light into a small patch of skin via a light reflecting diode and obtaining biometric information of the user (e.g., skin thickness, cortical structure, etc.) via the measured wavelength of the reflected light, and thereby confirming the identity of the person.
In step S120, a first feature value is extracted from the biometric information by using a first extraction algorithm pre-stored in the client. The terms "first," "second," and "third" herein are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. It is understood that the "first extraction algorithm" and the "second extraction algorithm", although both are extraction algorithms, are different from each other and are thus distinguished by the terms "first" and "second". The same may be true for "first feature value", "second feature value", "third feature value", and so on.
In one or more embodiments of the invention, the client need only store one version of the extraction algorithm. When a new version of the extraction algorithm is received from the cloud server, for example, when a second extraction algorithm is received, the client can replace the first extraction algorithm with the second extraction algorithm, so that multiple sets of different versions of biological feature identification algorithms or extraction algorithms are prevented from being maintained at the same time, and complexity and storage burden of the client are reduced.
In step S130, a first comparison request message including the first feature value is sent to the cloud server. In one embodiment, the first characteristic value is encrypted and distributed, and then transmitted to the cloud server over a secure channel. In one embodiment, the first comparison request message includes an identification number or version number of the first extraction algorithm in addition to the first feature value. This is particularly advantageous when there are multiple versions of the extraction algorithm, and through the identification number of the extraction algorithm in the first comparison request message, the cloud server can know which version of the extraction algorithm the feature value included in the comparison request message is calculated with, and thereby select an appropriate feature value library for comparison. Specifically, after the eigenvalue is transmitted to the cloud server, the eigenvalue comparison algorithm of the cloud server performs 1 on the eigenvalue and the eigenvalue library: 1 or 1: and N, thereby verifying and judging whether the distance between the verification value of the time and the registered characteristic value is within a threshold interval.
It should be noted that the feature value is transmitted in the comparison request message, rather than directly transmitting the biometric information or the artwork, which can protect the privacy of the individual to some extent.
When the biometric algorithm or the extraction algorithm of the system is updated, the client needs to maintain a plurality of sets of biometric algorithms with different versions in one implementation scheme, so that the complexity of the system is improved, and the storage burden of the client is increased. In addition, in order to calculate the feature value under the new algorithm, the client has to acquire the biometric information of the entity again, thereby bringing unfriendly user experience.
Thus, in one embodiment of the present invention, referring to step S140, a second extraction algorithm is received from the cloud server, the second extraction algorithm being an updated version of the first extraction algorithm. That is to say, when there are multiple sets of biometric algorithms of different versions, the client does not need to maintain the multiple sets of algorithms locally, but only needs to receive the biometric algorithms from the cloud server, thereby reducing the overhead of updating and upgrading the algorithms. In addition, the upgrading of the extraction algorithm is carried out at the moment when the client initiates a new verification comparison. That is, after receiving the comparison request message, the cloud server determines whether the biometric extraction algorithm used by the client has an updated version, and if the updated version exists and the feature values in the comparison request message are successfully matched, the cloud server sends the new version of the algorithm to the client.
Next, in step S150, the client extracts a second feature value from the biometric information by using a second extraction algorithm. It is noted that the client here still performs the calculation of the second feature value using the biometric information of the user collected in step S110 (instead of re-collecting the biometric information of the user) as a basis for the second extraction algorithm. In other words, the client performs the calculation of the new version feature value (for example, the second feature value) by comparing the old version with the passed biometric information as the biometric information registered as the new version, and can realize the "nonsensical" upgrade.
In step S160, a registration message including the second feature value is sent to the cloud server so as to store the second feature value. In one embodiment, the first comparison request message and the registration message are both transmitted encrypted. In one embodiment, the registration message may also include an identification number or version number of the second extraction algorithm. This is particularly advantageous when there are multiple versions of the extraction algorithm, and the cloud server can register the second feature value in the feature value library (sub-library) corresponding to the version through the identification number or version number of the extraction algorithm in the registration message, so as to facilitate appropriate comparison in the future.
Although not shown in fig. 1, in one embodiment, the client-executed identity recognition method 1000 further comprises deleting the first extraction algorithm. In this way, the client deletes the first extraction algorithm and only retains the second extraction algorithm, which has the effect that the client only maintains one version of algorithm, so that the complexity is reduced.
In one embodiment, the client-executed identity recognition method 1000 may further include: collecting second biological characteristic information of the user; extracting a third feature value from the second biometric information by using the second extraction algorithm in the client; and sending a second comparison request message containing the third characteristic value and the identification number of the second extraction algorithm to the cloud server.
Therefore, through the identification number of the second extraction algorithm, the cloud server can select a proper characteristic value (sub) library to compare with the third characteristic value, and the comparison complexity is reduced.
In one embodiment, when storing the feature value, a Secure Multi-Party computing (MPC or SMPC) method is used for secret storage and identification, and such a security protection level may be higher. The safe multi-party calculation solves the cooperative calculation problem of protecting privacy among a group of distrusted parties, and ensures the characteristics of input independence, calculation correctness, decentralization and the like without revealing input values to other members participating in calculation. The safe multiparty computing participation nodes have the same position, can initiate a cooperative computing task, and can also selectively participate in computing tasks initiated by other parties. Routing addressing and computation logic transfer are controlled by the hub node, looking for relevant data while transferring computation logic. Each safe multi-party computing node finishes data extraction and computation in a local database according to the computation logic and routes an output computation result to a designated node, so that the multi-party nodes finish a collaborative computation task and output a unique result. All data of all parties in the whole process are local and not provided for other nodes, and under the condition that data privacy is guaranteed, calculation results are fed back to the whole calculation task system, so that all parties obtain correct data feedback.
Therefore, the identity recognition method 1000 executed by the client can realize that the user is not infected when the extraction algorithm is updated without storing the biological feature plaintext, and almost no additional processing and storage burden is imposed on the client, so that the biological recognition system based on the feature value can ensure the biological feature privacy and can realize the availability and the easiness of algorithm upgrading.
Fig. 2 shows a schematic structural diagram of a client 2000 for identity recognition according to an embodiment of the present invention. As shown in fig. 2, the client 2000 includes a collecting device 210, an extracting device 220, a sending device 230, and a receiving device 240. The acquisition device 210 is configured to acquire biometric information of a user; the extracting device 220 is configured to extract a first feature value from the biometric information by using a first extraction algorithm pre-stored in the client; the sending device 230 is configured to send a first comparison request message containing the first feature value to the cloud server; and the receiving means 240 is configured to receive a second extraction algorithm from the cloud server, the second extraction algorithm being an updated version of the first extraction algorithm, wherein the extracting means 220 is further configured to extract a second feature value from the biometric information using the second extraction algorithm, and the sending means 230 is further configured to send a registration message containing the second feature value to the cloud server so as to store the second feature value.
In the context of the present invention, the term "client", also referred to as user side, refers to a device or apparatus corresponding to the cloud server that provides local services to the client. In one or more embodiments, the client has some basic functions, including a collection function of collecting biometric information of a user, a data processing function of extracting feature values from the collected biometric information by using an extraction algorithm pre-stored in the client, and the like. The client may be a user's smart device including, but not limited to, a user's cell phone, laptop, and head-mounted device.
The term "cloud server", also referred to as a remote server, refers to a device or apparatus corresponding to a "client" that provides remote services to the client. In one or more embodiments, the cloud server may provide the client with an online comparison function, i.e., compare the eigenvalue received from the client with the eigenvalue library in the cloud server. And the cloud server can also send the updated extraction algorithm to the client side after the comparison is passed and when the extraction algorithm with the updated version exists.
In the context of the present invention, the term "biometric information" refers to any information inherent to the human body that can be used for personal identification, including, but not limited to, physiological characteristics (e.g., fingerprint, iris, facial facies, DNA, etc.) and behavioral characteristics (gait, keystroke habits, etc.). The term "feature value" refers to an attribute extracted or calculated from biometric information by a particular algorithm (e.g., an extraction algorithm).
The term "extraction algorithm", also referred to as "biometric algorithm", refers to an algorithm capable of extracting or calculating a feature value from biometric information. The extraction algorithm may be updated as appropriate, and thus in one or more embodiments the extraction algorithm may have different versions, for example distinguished by an identification number.
The collection device 210 may collect the biometric information of the user in various ways. For example, the capture device 210 may capture fingerprint information of the user through a pre-installed fingerprint identification module. For another example, the collecting device 210 may collect facial information of the user through a camera. As another example, the capture device 210 may obtain biometric information of the user with the assistance of a third party device, such as by illuminating infrared light through a small patch of skin with a light reflecting diode and obtaining biometric information of the user with the measured wavelength of the reflected light, thereby confirming the identity of the person.
The extracting means 220 extracts the first feature value from the biometric information by using a first extraction algorithm pre-stored in the client 2000. The terms "first," "second," and "third" herein are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. It is understood that the "first extraction algorithm" and the "second extraction algorithm", although both are extraction algorithms, are different from each other and are thus distinguished by the terms "first" and "second". The same may be true for "first feature value", "second feature value", "third feature value", and so on.
In one or more embodiments of the invention, the client 2000 need only store one version of the extraction algorithm. When a new version of the extraction algorithm is received from the cloud server, for example, when a second extraction algorithm is received, the client 2000 may replace the first extraction algorithm with the second extraction algorithm, thereby avoiding maintaining multiple sets of different versions of biometric identification algorithms or extraction algorithms at the same time, and reducing complexity and storage burden of the client 2000.
The sending device 230 sends a first comparison request message containing the first characteristic value to the cloud server. In one embodiment, the first characteristic value is encrypted and distributed, and then transmitted to the cloud server over a secure channel. In one embodiment, the first comparison request message includes an identification number or version number of the first extraction algorithm in addition to the first feature value. This is particularly advantageous when there are multiple versions of the extraction algorithm, and through the identification number of the extraction algorithm in the first comparison request message, the cloud server can know which version of the extraction algorithm the feature value included in the comparison request message is calculated with, and thereby select an appropriate feature value library for comparison. Specifically, after the eigenvalue is transmitted to the cloud server, the eigenvalue comparison algorithm of the cloud server performs 1 on the eigenvalue and the eigenvalue library: 1 or 1: and N, thereby verifying and judging whether the distance between the verification value of the time and the registered characteristic value is within a threshold interval. For example, the face verification is a 1:1 comparison, and the identity verification mode is essentially a process of performing fast face comparison on the current face and a human database and obtaining whether to match, which can be simply understood as proving that you are you. That is, we tell the face recognition system first, that i am Zhang three, and then use it to verify that "i am" standing in front of the machine is Zhang three or not. The most common application scenario of the mode is face unlocking, and the terminal equipment only needs to compare a photo registered by a user in advance with a photo collected in the field and judge whether the photo is the same person or not, so that identity authentication can be completed. That is, in the case of 1:1, the cloud server already knows who the user is, for example, the user can be locked by the mobile phone number, so that the 1:1 comparison is performed. For another example, the face recognition is performed by 1: N comparison, that is, after the system collects a picture of me, an image corresponding to the face data of the current user is found from a massive human database and is matched to find out me who, which is particularly suitable for the situation that the user is unknown or only the range of a user group is known.
It should be noted that the sending device 230 sends the feature value in the comparison request message instead of directly sending the biometric information or the artwork, which can protect the privacy of the individual's living beings to some extent.
When the biometric algorithm or the extraction algorithm of the system is updated, the client needs to maintain a plurality of sets of biometric algorithms with different versions in one implementation scheme, so that the complexity of the system is improved, and the storage burden of the client is increased. In addition, in order to calculate the feature value under the new algorithm, the client has to acquire the biometric information of the entity again, thereby bringing unfriendly user experience.
Thus, in an embodiment of the invention, the receiving means 240 is configured to receive a second extraction algorithm from the cloud server, the second extraction algorithm being an updated version of the first extraction algorithm. That is, when there are multiple sets of biometric algorithms of different versions, the client 2000 does not need to maintain the multiple sets of algorithms locally, but only needs to receive the sets of algorithms from the cloud server, thereby reducing the overhead of updating and upgrading the algorithms. In addition, the upgrade of the extraction algorithm is performed at the time when the client 2000 initiates a new verification comparison. That is, after the sending device 230 sends the comparison request message to the cloud server, the cloud server may determine whether the biometric extraction algorithm used by the client 2000 has an updated version, and if the updated version exists and the feature values in the comparison request message are successfully matched, the cloud server may send the new version of the algorithm to the client 2000, that is, after the comparison is passed and a second extraction algorithm that is updated compared with the first extraction algorithm exists, the receiving device 240 receives the second extraction algorithm from the cloud server.
In addition, the extracting means 220 is further configured to extract a second feature value from the biometric information using the second extraction algorithm. It is noted that the extracting means 220 here still uses the biometric information of the user acquired before the acquiring means 210 (instead of re-acquiring the biometric information of the user) as a basis for the second extraction algorithm to perform the calculation of the second feature value. In other words, the extracting means 220 here can achieve "nonsense" upgrade by performing calculation of a new version feature value (for example, the second feature value) by comparing the old version with the passed biometric information as biometric information registered as a new version.
In one embodiment, the sending device 230 is further configured to send a registration message containing the second characteristic value to the cloud server for storing the second characteristic value. In one embodiment, the sending device 230 is configured to encrypt the first comparison request message and the registration message for transmission. In one embodiment, the registration message may also include an identification number or version number of the second extraction algorithm. This is particularly advantageous when there are multiple versions of the extraction algorithm, and the cloud server can register the second feature value in the feature value library (sub-library) corresponding to the version through the identification number or version number of the extraction algorithm in the registration message, so as to facilitate appropriate comparison in the future.
In one embodiment, the collecting means 210 is further configured to collect second biometric information of the user when the user initiates identity authentication again; the extracting means 220 is further configured to extract a third feature value from the second biometric information by using the second extraction algorithm in the client 2000; and the sending device 230 is further configured to send a second comparison request message including the third feature value and the identification number of the second extraction algorithm to the cloud server.
Therefore, through the identification number of the second extraction algorithm, the cloud server can select a proper characteristic value (sub) library to compare with the third characteristic value, and the comparison complexity is reduced.
In one embodiment, the sending device 230 employs Secure Multi-Party computing (MPC or SMPC) for secret storage and identification, and such a security level may be higher. The safe multi-party calculation solves the cooperative calculation problem of protecting privacy among a group of distrusted parties, and ensures the characteristics of input independence, calculation correctness, decentralization and the like without revealing input values to other members participating in calculation. The safe multiparty computing participation nodes have the same position, can initiate a cooperative computing task, and can also selectively participate in computing tasks initiated by other parties. Routing addressing and computation logic transfer are controlled by the hub node, looking for relevant data while transferring computation logic. Each safe multi-party computing node finishes data extraction and computation in a local database according to the computation logic and routes an output computation result to a designated node, so that the multi-party nodes finish a collaborative computation task and output a unique result. All data of all parties in the whole process are local and not provided for other nodes, and under the condition that data privacy is guaranteed, calculation results are fed back to the whole calculation task system, so that all parties obtain correct data feedback.
Therefore, the client 2000 performs calculation of the new version feature value by using the biometric information that has passed the comparison of the old version as the biometric information registered in the new version, and automatically replaces the algorithm version of the client 2000, thereby realizing the update of the imperceptible feature value. In addition, when the client 2000 compares the version information with the background (for example, a cloud server) each time, the processing procedure of the version matching is moved to the background, so that the client 2000 only needs to maintain an algorithm module of one version. In one embodiment, the client 2000 may comprise a deletion means for deleting the first extraction algorithm after receiving the second extraction algorithm, which may reduce processing and storage overhead of the client 2000, thereby enabling the client 2000 to make the algorithm upgrade available and easy to use while guaranteeing the biometric privacy.
Fig. 3 is a flowchart illustrating an identity recognition method 3000 performed by the cloud server according to an embodiment of the present invention. As shown in fig. 3, method 3000 includes the steps of:
in step S310, receiving a first comparison request message including a first feature value from a client, where the first feature value is extracted from the collected biometric information of the user by using a first extraction algorithm pre-stored in the client;
in step S320, comparing the first feature value with a feature value library in the cloud server;
in step S330, after the comparison is passed and a second extraction algorithm updated in version compared with the first extraction algorithm exists, sending the second extraction algorithm to the client;
receiving a registration message including a second feature value extracted from the biometric information previously acquired using the second extraction algorithm from the client in step S340; and
in step S350, the second feature value is stored in the feature value library.
In the context of the present invention, the term "client", also referred to as user side, refers to a device or apparatus corresponding to the cloud server that provides local services to the client. In one or more embodiments, the client has some basic functions, including a collection function of collecting biometric information of a user, a data processing function of extracting feature values from the collected biometric information by using an extraction algorithm pre-stored in the client, and the like. The client may be a user's smart device including, but not limited to, a user's cell phone, laptop, and head-mounted device.
The term "cloud server", also referred to as a remote server, refers to a device or apparatus corresponding to a "client" that provides remote services to the client. In one or more embodiments, the cloud server may provide the client with an online comparison function, i.e., compare the eigenvalue received from the client with the eigenvalue library in the cloud server. And the cloud server can also send the updated extraction algorithm to the client side after the comparison is passed and when the extraction algorithm with the updated version exists.
In the context of the present invention, the term "biometric information" refers to any information inherent to the human body that can be used for personal identification, including, but not limited to, physiological characteristics (e.g., fingerprint, iris, facial facies, DNA, etc.) and behavioral characteristics (gait, keystroke habits, etc.). The term "feature value" refers to an attribute extracted or calculated from biometric information by a particular algorithm (e.g., an extraction algorithm).
The term "extraction algorithm", also referred to as "biometric algorithm", refers to an algorithm capable of extracting or calculating a feature value from biometric information. The extraction algorithm may be updated as appropriate, and thus in one or more embodiments the extraction algorithm may have different versions, for example distinguished by an identification number.
In step S310, a first comparison request message containing a first feature value is received from the client. In one embodiment, the first comparison request message may be transmitted in an encrypted manner, which may effectively improve the security of data transmission. In one embodiment, the first comparison request message may further include an identification number of the first extraction algorithm. This is particularly advantageous when there are multiple versions of the extraction algorithm, and through the identification number of the extraction algorithm in the first comparison request message, the cloud server can know which version of the extraction algorithm the feature value included in the comparison request message is calculated with, and thereby select an appropriate feature value library for comparison. Specifically, after the eigenvalue is transmitted to the cloud server, the eigenvalue comparison algorithm of the cloud server performs 1 on the eigenvalue and the eigenvalue library: 1 or 1: and N, thereby verifying and judging whether the distance between the verification value of the time and the registered characteristic value is within a threshold interval.
In step S330, after the comparison is passed and a second extraction algorithm with a version updated from the first extraction algorithm exists, the cloud server sends the second extraction algorithm to the client. That is to say, when there are multiple sets of biometric algorithms of different versions, the client does not need to maintain the multiple sets of algorithms locally, but only needs to receive the biometric algorithms from the cloud server, thereby reducing the overhead of updating and upgrading the algorithms.
In step S340, a registration message containing a second feature value extracted from the biometric information acquired previously using the second extraction algorithm is received from the client, and in step S350, the second feature value is stored in the feature value library. Through the steps of S340 and S350, the cloud server completes the registration and storage of the biometric information, and the whole process is noninductive to the user.
In one embodiment, the registration message is transmitted encrypted, thereby ensuring the security of the transmission. In one embodiment, the registration message further comprises an identification number of the second extraction algorithm. Thus, with the identification number of the second extraction algorithm, the cloud server can select an appropriate feature value (sub) library to store the second feature value.
Although not shown in fig. 3, in one embodiment, the identification method 3000 performed by the cloud server further includes: after storing the second feature value in the feature value library, removing a record corresponding to the first feature value from the feature value library. In one embodiment, the feature value library may include a first sub-feature value library corresponding to the first extraction algorithm and a second sub-feature value library corresponding to the second extraction algorithm, wherein a record corresponding to the first feature value is stored in the first sub-feature value library, and a record corresponding to the second feature value is stored in the second sub-feature value library. In one embodiment, when the number of records in the first sub-feature value library is reduced to 0, the association module corresponding to the first extraction algorithm is deleted, so that the space of a cloud server is saved.
Referring to fig. 4, fig. 4 is a schematic structural diagram illustrating a cloud server 4000 for identity recognition according to an embodiment of the present invention. As shown in fig. 4, the cloud server 4000 includes: receiving device 410, comparing device 420, transmitting device 430 and storage device 440. The receiving device 410 is configured to receive a first comparison request message including a first feature value from a client, where the first feature value is extracted from the collected biometric information of the user by using a first extraction algorithm pre-stored in the client; the comparison device 420 is configured to compare the first characteristic value with a characteristic value library in the cloud server; the sending device 430 is configured to send a second extraction algorithm updated in version compared with the first extraction algorithm to the client after the comparison is passed and when the second extraction algorithm exists; and a storage 440 for storing a second feature value in the feature value library, wherein the receiving device 410 is further configured to receive a registration message from the client containing the second feature value extracted from the previously acquired biometric information using the second extraction algorithm.
In the context of the present invention, the term "client", also referred to as user side, refers to a device or apparatus corresponding to the cloud server that provides local services to the client. In one or more embodiments, the client has some basic functions, including a collection function of collecting biometric information of a user, a data processing function of extracting feature values from the collected biometric information by using an extraction algorithm pre-stored in the client, and the like. The client may be a user's smart device including, but not limited to, a user's cell phone, laptop, and head-mounted device.
The term "cloud server", also referred to as a remote server, refers to a device or apparatus corresponding to a "client" that provides remote services to the client. In one or more embodiments, the cloud server may provide the client with an online comparison function, i.e., compare the eigenvalue received from the client with the eigenvalue library in the cloud server. And the cloud server can also send the updated extraction algorithm to the client side after the comparison is passed and when the extraction algorithm with the updated version exists.
In the context of the present invention, the term "biometric information" refers to any information inherent to the human body that can be used for personal identification, including, but not limited to, physiological characteristics (e.g., fingerprint, iris, facial facies, DNA, etc.) and behavioral characteristics (gait, keystroke habits, etc.). The term "feature value" refers to an attribute extracted or calculated from biometric information by a particular algorithm (e.g., an extraction algorithm).
The term "extraction algorithm", also referred to as "biometric algorithm", refers to an algorithm capable of extracting or calculating a feature value from biometric information. The extraction algorithm may be updated as appropriate, and thus in one or more embodiments the extraction algorithm may have different versions, for example distinguished by an identification number.
In one embodiment, the first comparison request message and the registration message are both transmitted in an encrypted manner, so that the security of data or message transmission can be ensured. In one embodiment, the first comparison request message further comprises an identifier of a first extraction algorithm and the registration message further comprises an identifier of a second extraction algorithm. Thus, by extracting the identification number of the algorithm, the cloud server may select an appropriate eigenvalue (sub) library to store the eigenvalues or select an appropriate eigenvalue (sub) library to compare with the eigenvalues.
Although not shown in fig. 4, in one embodiment, the cloud server 4000 may further include: removing means for removing a record corresponding to the first feature value from the feature value library after storing the second feature value in the feature value library. In one embodiment, the feature value library includes a first sub-feature value library corresponding to the first extraction algorithm and a second sub-feature value library corresponding to the second extraction algorithm, wherein a record corresponding to the first feature value is stored in the first sub-feature value library, and a record corresponding to the second feature value is stored in the second sub-feature value library. In this embodiment, the removing device may be configured to delete the association module corresponding to the first extraction algorithm when the number of records in the first sub-feature value library is reduced to 0.
Generally, if the upgrade of the extraction algorithm is not considered, the biometric system (including the client and the cloud server) based on the feature value can be divided into two stages, namely, pre-registration and online comparison. The early-stage registration refers to that a user registers own biological characteristics in a system for the first time, after collecting biological characteristic information or original images at a client, characteristic values are directly extracted at the client, and then the characteristic values are transmitted to a cloud end to be stored and put in storage. The online comparison is a verification link later, when a user initiates authentication, the client can collect biological characteristic information or original images and extract a characteristic value, and after the characteristic value is transmitted to the cloud, the characteristic value comparison algorithm of the cloud server can perform 1:1 or 1: and N, thereby verifying and judging whether the distance between the verification value of the time and the registered characteristic value is within a threshold interval.
FIG. 5 illustrates a smooth upgrade scheme for an identity recognition system in an algorithm update scenario, according to an embodiment of the present invention. As shown in fig. 5, the upgrade process does not notify all users to complete the unified upgrade within a specified time period, but is performed at the moment when the user initiates a new verification comparison. When a user initiates identification comparison, the client still extracts the characteristic value by using the characteristic value extraction algorithm of the existing version (N version), and then transmits the characteristic value to the cloud server, and the cloud server performs judgment and comparison by using the characteristic value comparison algorithm of the N version. And if the comparison fails, the cloud server returns that the comparison fails. Once the comparison is passed, the cloud service program finds that a new version (N +1 version) algorithm exists, the N +1 version eigenvalue algorithm is directly pushed to the client, the client updates the eigenvalue algorithm from the N version to the N +1 version, meanwhile, the N +1 version eigenvalue extraction is performed on the original image acquired this time, the original image is transmitted to the cloud server, and the N +1 version eigenvalue registration is performed and put in storage, so that the comparison of the N version and the registration of the N +1 version eigenvalue are completed, and the whole process is completely unaware to the user (the process of acquiring the characteristics is only once, and other processes are automatically completed by the client and the cloud service end).
With further reference to FIG. 6, an identification process of the identification system is illustrated in accordance with one embodiment of the present invention. Corresponding to the process shown in fig. 5, in the process of initiating the identification each time in the following, that is, in the step of extracting the feature value, the version number of the identification algorithm (updated to be N +1 version) is incidentally added, so that after the feature value is encrypted and transmitted to the cloud server, the cloud server matches the corresponding back-end feature value comparison program according to the version number, thereby realizing correct comparison and identification. And at the cloud server side, inserting a record into the new characteristic value library when a new comparison request relates to the updating comparison algorithm each time. An optimization method is that when a record is inserted into the new characteristic value library, the corresponding record in the old version characteristic value library can be deleted. When the number of entries in the feature value library of the old version is reduced to 0, which indicates that the version has been completely replaced, the feature value library of the version can be deleted, and simultaneously, the associated modules such as the feature comparison algorithm and the like corresponding to the version can also be deleted, so that the space of the system is saved.
The above described embodiments of the apparatus are merely illustrative, wherein the modules illustrated as separate components may not be physically separate, may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of various embodiments, those skilled in the art will clearly understand that various embodiments can be implemented by software plus a necessary general hardware platform, and certainly, may also be implemented by hardware. With this understanding in mind, the above-described technical solutions and/or portions thereof that contribute to the prior art may be embodied in the form of a software product that can be stored on a computer-readable storage medium including any mechanism for storing or transmitting information in a form readable by a computer (e.g., a computer). For example, a machine-readable medium includes Read Only Memory (ROM), Random Access Memory (RAM), magnetic disk storage media, optical storage media, flash memory storage media, electrical, optical, acoustical or other form of propagated signals (e.g., carrier waves, infrared signals, digital signals, etc.), and others, and the computer software product includes instructions for causing a computing device (which may be a personal computer, server, or network device, etc.) to perform the methods described in the various embodiments or portions of the embodiments.
To sum up, the technical scheme of the application can realize that:
1) the user feels nothing: when the algorithm is upgraded, the user does not need to acquire the biological characteristic information again, and the user can be unaware;
2) the client keeps low processing complexity and storage overhead: the client does not need to maintain and store a plurality of sets of biometric algorithm identification versions, and the burden of processing and storing is hardly added to the client.
The final effect is that the identity recognition system based on the characteristic value can ensure the privacy of the biological characteristics and can realize the availability and the easy use of the algorithm upgrading.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (26)

1. An identity recognition method performed by a client, the method comprising:
collecting biological characteristic information of a user;
extracting a first characteristic value from the biological characteristic information by using a first extraction algorithm prestored in the client;
sending a first comparison request message containing the first characteristic value to a cloud server;
receiving a second extraction algorithm from the cloud server, the second extraction algorithm being an updated version of the first extraction algorithm;
extracting a second feature value from the biological feature information by using the second extraction algorithm; and
sending a registration message containing the second characteristic value to the cloud server so as to store the second characteristic value.
2. The identity recognition method of claim 1, further comprising:
deleting the first extraction algorithm.
3. The identification method of claim 1, wherein the first comparison request message and the registration message are both transmitted encrypted.
4. The identity recognition method of claim 1, wherein the first comparison request message further comprises an identification number of a first extraction algorithm, and the registration message further comprises an identification number of a second extraction algorithm.
5. The identification method of claim 1, wherein the second extraction algorithm is received from the cloud server after the comparison passes and when there is a second extraction algorithm that is an updated version of the first extraction algorithm.
6. The identity recognition method of claim 1 or 5, further comprising:
collecting second biological characteristic information of the user;
extracting a third feature value from the second biometric information by using the second extraction algorithm in the client; and
and sending a second comparison request message containing the third characteristic value and the identification number of the second extraction algorithm to the cloud server.
7. A client for identity recognition, the client comprising:
the acquisition device is used for acquiring the biological characteristic information of the user;
the extraction device is used for extracting a first characteristic value from the biological characteristic information by utilizing a first extraction algorithm prestored in the client;
the sending device is used for sending a first comparison request message containing the first characteristic value to a cloud server; and
receiving means for receiving a second extraction algorithm from the cloud server, the second extraction algorithm being an updated version of the first extraction algorithm,
wherein the extracting means is further configured to extract a second feature value from the biometric information using the second extraction algorithm, and the sending means is further configured to send a registration message containing the second feature value to the cloud server so as to store the second feature value.
8. The client of claim 7, further comprising:
and the deleting device is used for deleting the first extraction algorithm.
9. The client of claim 7, wherein the sending device is configured to transmit the first comparison request message and the registration message encrypted.
10. The client of claim 7, wherein the first comparison request message further includes an identifier of a first extraction algorithm and the registration message further includes an identifier of a second extraction algorithm.
11. The client of claim 7, wherein the receiving device is configured to receive a second extraction algorithm from the cloud server after the comparison passes and when the second extraction algorithm is in an updated version of the first extraction algorithm.
12. The client according to claim 7 or 11, wherein the collecting means is further configured to collect second biometric information of the user; the extracting means is further configured to extract a third feature value from the second biometric information using the second extraction algorithm in the client; and the sending device is further configured to send a second comparison request message containing the third feature value and the identification number of the second extraction algorithm to the cloud server.
13. An identity recognition method executed by a cloud server, the method comprising:
receiving a first comparison request message containing a first characteristic value from a client, wherein the first characteristic value is extracted from the collected biological characteristic information of the user by using a first extraction algorithm prestored in the client;
comparing the first characteristic value with a characteristic value library in the cloud server;
after the comparison is passed and a second extraction algorithm which is more updated than the first extraction algorithm exists, sending the second extraction algorithm to the client;
receiving a registration message from the client containing a second feature value extracted from the previously acquired biometric information using the second extraction algorithm; and
storing the second feature value in the feature value library.
14. A method of identity recognition in accordance with claim 13, wherein the first comparison request message and the registration message are both transmitted encrypted.
15. The identity recognition method of claim 13, wherein the first comparison request message further includes an identification number of a first extraction algorithm, and the registration message further includes an identification number of a second extraction algorithm.
16. The identification method of claim 13, further comprising:
after storing the second feature value in the feature value library, removing a record corresponding to the first feature value from the feature value library.
17. The identification method of claim 16, wherein the feature value library comprises a first sub-feature value library corresponding to the first extraction algorithm and a second sub-feature value library corresponding to the second extraction algorithm, wherein a record corresponding to the first feature value is stored in the first sub-feature value library and a record corresponding to the second feature value is stored in the second sub-feature value library.
18. The identification method according to claim 17, wherein when the number of records in the first sub-feature value library is reduced to 0, the association module corresponding to the first extraction algorithm is deleted.
19. A cloud server, the cloud server comprising:
receiving means for receiving a first comparison request message including a first feature value from a client, where the first feature value is extracted from the collected biometric information of the user by using a first extraction algorithm pre-stored in the client;
the comparison device is used for comparing the first characteristic value with a characteristic value library in the cloud server;
the sending device is used for sending a second extraction algorithm which is updated in version compared with the first extraction algorithm to the client side after the comparison is passed; and
a storage means for storing the second feature value in the feature value library,
wherein the receiving means is further configured to receive a registration message from the client containing the second feature value extracted from the previously acquired biometric information using the second extraction algorithm.
20. The cloud server of claim 19, wherein the first comparison request message and the registration message are each transmitted encrypted.
21. The cloud server of claim 19, wherein the first comparison request message further includes an identification number of a first extraction algorithm, and the registration message further includes an identification number of a second extraction algorithm.
22. The cloud server of claim 19, further comprising:
removing means for removing a record corresponding to the first feature value from the feature value library after storing the second feature value in the feature value library.
23. The cloud server of claim 22, wherein the library of feature values comprises a first library of sub-feature values corresponding to the first extraction algorithm and a second library of sub-feature values corresponding to the second extraction algorithm, wherein records corresponding to the first feature values are stored in the first library of sub-feature values and records corresponding to the second feature values are stored in the second library of sub-feature values.
24. A cloud server as claimed in claim 23, wherein said removing means is further configured to delete said first sub-feature value store and the associated module corresponding to said first extraction algorithm when the number of records in said first sub-feature value store falls to 0.
25. A computer storage medium, characterized in that the medium comprises instructions which, when executed, perform the identification method of any of claims 1 to 6, 13 to 18.
26. An identification system comprising a client as claimed in any one of claims 7 to 12 and a cloud server as claimed in any one of claims 19 to 24.
CN202010766784.4A 2020-08-03 2020-08-03 Client, cloud server, and identity recognition method, system and computer storage medium thereof Active CN112418863B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN202010766784.4A CN112418863B (en) 2020-08-03 2020-08-03 Client, cloud server, and identity recognition method, system and computer storage medium thereof
PCT/CN2021/075547 WO2022027948A1 (en) 2020-08-03 2021-02-05 Client, cloud server and identity recognition method therefor, system, and computer storage medium
TW110107872A TWI781546B (en) 2020-08-03 2021-03-05 Client, cloud server and identification method thereof, identification system and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010766784.4A CN112418863B (en) 2020-08-03 2020-08-03 Client, cloud server, and identity recognition method, system and computer storage medium thereof

Publications (2)

Publication Number Publication Date
CN112418863A true CN112418863A (en) 2021-02-26
CN112418863B CN112418863B (en) 2023-09-01

Family

ID=74844129

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010766784.4A Active CN112418863B (en) 2020-08-03 2020-08-03 Client, cloud server, and identity recognition method, system and computer storage medium thereof

Country Status (3)

Country Link
CN (1) CN112418863B (en)
TW (1) TWI781546B (en)
WO (1) WO2022027948A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113095430A (en) * 2021-04-26 2021-07-09 北京瑞莱智慧科技有限公司 Model updating method capable of protecting privacy, object identification method, system, device, medium and equipment
CN116992422A (en) * 2023-09-05 2023-11-03 腾讯科技(深圳)有限公司 Biological data processing method, apparatus, device and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420301A (en) * 2008-04-21 2009-04-29 林格灵 Human face recognizing identity authentication system
CN101714918A (en) * 2009-10-23 2010-05-26 浙江维尔生物识别技术股份有限公司 Safety system for logging in VPN and safety method for logging in VPN
CN102223233A (en) * 2011-06-15 2011-10-19 刘洪利 Biological code authentication system and biological code authentication method
CN105160302A (en) * 2015-08-10 2015-12-16 西安凯虹电子科技有限公司 Multi-model biological recognition general platform and multi-model biological recognition identity authentication method
US20160217277A1 (en) * 2015-01-27 2016-07-28 John Fitzgerald Johnston One touch two factor biometric system and method for identification of a user utilizing a portion of the person's fingerprint and a vein map of the ub-surface of the finger

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436247B (en) * 2007-11-12 2012-04-11 中国长城计算机深圳股份有限公司 Biological personal identification method and system based on UEFI
TWI416366B (en) * 2009-10-12 2013-11-21 Htc Corp Method, electronic apparatus and computer program product for creating biologic feature data
US9084411B1 (en) * 2014-04-10 2015-07-21 Animal Biotech Llc Livestock identification system and method
CN104980278B (en) * 2014-04-14 2018-11-16 阿里巴巴集团控股有限公司 The method and apparatus for verifying the availability of biometric image
CN109583165A (en) * 2018-10-12 2019-04-05 阿里巴巴集团控股有限公司 A kind of biological information processing method, device, equipment and system
CN110674695B (en) * 2019-08-27 2023-12-15 腾讯科技(深圳)有限公司 Service providing method, device, equipment and medium based on identity information identification

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101420301A (en) * 2008-04-21 2009-04-29 林格灵 Human face recognizing identity authentication system
CN101714918A (en) * 2009-10-23 2010-05-26 浙江维尔生物识别技术股份有限公司 Safety system for logging in VPN and safety method for logging in VPN
CN102223233A (en) * 2011-06-15 2011-10-19 刘洪利 Biological code authentication system and biological code authentication method
US20160217277A1 (en) * 2015-01-27 2016-07-28 John Fitzgerald Johnston One touch two factor biometric system and method for identification of a user utilizing a portion of the person's fingerprint and a vein map of the ub-surface of the finger
CN105160302A (en) * 2015-08-10 2015-12-16 西安凯虹电子科技有限公司 Multi-model biological recognition general platform and multi-model biological recognition identity authentication method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113095430A (en) * 2021-04-26 2021-07-09 北京瑞莱智慧科技有限公司 Model updating method capable of protecting privacy, object identification method, system, device, medium and equipment
CN116992422A (en) * 2023-09-05 2023-11-03 腾讯科技(深圳)有限公司 Biological data processing method, apparatus, device and computer readable storage medium
CN116992422B (en) * 2023-09-05 2024-01-09 腾讯科技(深圳)有限公司 Biological data processing method, apparatus, device and computer readable storage medium

Also Published As

Publication number Publication date
WO2022027948A1 (en) 2022-02-10
TWI781546B (en) 2022-10-21
TW202207130A (en) 2022-02-16
CN112418863B (en) 2023-09-01

Similar Documents

Publication Publication Date Title
AU2021201911B2 (en) Methods and devices for acquiring and recording tracking information on blockchain
CN109660501B (en) System and method for providing blockchain based multi-factor personal identity verification
US9049191B2 (en) Biometric authentication system, communication terminal device, biometric authentication device, and biometric authentication method
US11811754B2 (en) Authenticating devices via tokens and verification computing devices
US10963552B2 (en) Method and electronic device for authenticating a user
CN112418863B (en) Client, cloud server, and identity recognition method, system and computer storage medium thereof
JP2020064483A (en) Individual identification assisting device and individual identification assisting method
AU2023201756A1 (en) Biometric digital signature generation for identity verification
JP7364057B2 (en) Information processing device, system, face image update method and program
EP3239902B1 (en) Method for verifying an authentication or biometric identification
US20230164142A1 (en) Authentication server, authentication system, control method of authentication server, and storage medium
US10990978B2 (en) Method of transaction without physical support of a security identifier and without token, secured by the structural decoupling of the personal and service identifiers
JP6841781B2 (en) Authentication server device, authentication system and authentication method
US20230156003A1 (en) Authentication server, authentication system, control method of authentication server, and storage medium
US20200028847A1 (en) Authentication method and authentication device
US20230153411A1 (en) Authentication server, authentication system, control method of authenticationserver, and storage medium
US20230112458A1 (en) Multi-Biometric Authentication System
CN113449621A (en) Biological feature recognition method, system and application thereof
CN116074015A (en) Bank terminal transaction method and device based on blockchain
CN111598576A (en) Privacy-protecting image information processing method and device
OA18670A (en) Systems and methods for providing block chain-based multifactor personal identity verification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40046907

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant