CN113052045B - Method, apparatus, computing device and medium for identifying finger vein image - Google Patents
Method, apparatus, computing device and medium for identifying finger vein image Download PDFInfo
- Publication number
- CN113052045B CN113052045B CN202110288238.9A CN202110288238A CN113052045B CN 113052045 B CN113052045 B CN 113052045B CN 202110288238 A CN202110288238 A CN 202110288238A CN 113052045 B CN113052045 B CN 113052045B
- Authority
- CN
- China
- Prior art keywords
- data
- finger vein
- image
- fragment data
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/40—Spoof detection, e.g. liveness detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/14—Vascular patterns
Abstract
The present disclosure provides a method of identifying images of a finger vein that may be used in the field of information security or other. The method comprises the following steps: acquiring a finger vein image to be identified; extracting finger vein feature data from a finger vein image to be identified through a finger vein feature extraction algorithm; determining a plurality of fragment data according to the finger vein feature data; encrypting the plurality of pieces of data to obtain a plurality of pieces of ciphertext pieces of data; the method comprises the steps of sending a plurality of ciphertext fragment data to a server side device, so that the server side device generates a recognition result aiming at a finger vein image to be recognized according to the ciphertext fragment data; and receiving the identification result from the server device. The present disclosure also provides an apparatus for identifying a finger vein image, another method of identifying a finger vein image, another apparatus for identifying a finger vein image, a computing device, a computer storage medium, and a computer program product.
Description
Technical Field
The present disclosure relates to the field of information security, and more particularly, to a method, apparatus, a computing device, a computer storage medium, and a computer program product for identifying a finger vein image.
Background
The finger vein identification has the characteristics of high anti-counterfeiting performance, simplicity, convenience, easiness in use, rapid identification and high accuracy, and is one of internationally recognized biological characteristics. Over decades, finger vein recognition technology has matured and has found application in an increasing number of industries. However, with the expansion of the application range of the finger vein recognition technology, the recognized and collected finger vein feature data is continuously increased, and under the big trend of increasingly strict monitoring requirements, how to guarantee the privacy and the security of the biological feature data is a big problem. Particularly in industries with extremely high data privacy such as finance and insurance, once the finger vein recognition technology is used across institutions, events such as finger vein feature data loss, leakage and even malicious use occur, and the loss influence which is difficult to measure can be caused.
Disclosure of Invention
One aspect of the present disclosure provides a method of identifying a finger vein image, comprising: acquiring a finger vein image to be identified; extracting finger vein feature data from the finger vein image to be identified through a finger vein feature extraction algorithm; determining a plurality of fragment data according to the finger vein feature data; encrypting the plurality of fragment data to obtain a plurality of ciphertext fragment data; the plurality of ciphertext fragment data are sent to a server side device, so that the server side device generates an identification result aiming at the finger vein image to be identified according to the plurality of ciphertext fragment data; and receiving the identification result from the server-side equipment.
Optionally, the extracting the finger vein feature data from the finger vein image to be identified by a finger vein feature extraction algorithm includes: determining a standardized image according to the finger vein image to be identified; and extracting minutiae data in the standardized image according to a minutiae feature extraction algorithm as the finger vein feature data.
Optionally, the determining a standardized image according to the finger vein image to be identified includes: performing standardization processing on the finger vein image to be identified to obtain the standardized image, wherein the standardization processing comprises at least one of the following operations: median filtering denoising processing, edge detection image region clipping, size and gray scale normalization, histogram equalization image enhancement, gray scale threshold image segmentation and feature refinement.
Optionally, the plurality of slice data includes first slice data and second slice data; the determining a plurality of slice data according to the finger vein feature data comprises: generating first fragment data with the same dimension as the finger vein feature data based on the finger vein feature data according to a random generation algorithm; and executing preset operation on the finger vein feature data and the first fragment data to obtain second fragment data with the same dimension as the finger vein feature data.
Optionally, the generating, according to a random generation algorithm, first patch data having the same dimension as the finger vein feature data based on the finger vein feature data includes: randomly determining target operation according to a random generation algorithm; and for each element in the finger vein feature data, respectively executing the target operation to obtain an operation result with the same dimension as the finger vein feature data as the first slice data.
Optionally, the preset operation is a difference operation; the performing a preset operation on the finger vein feature data and the first slice data to obtain second slice data with the same dimension as the finger vein feature data, including: and calculating the difference between each element in the finger vein feature data and the element corresponding to the element in the first sliced data to obtain a plurality of difference values as the second sliced data.
Optionally, the plurality of ciphertext fragment data includes first ciphertext fragment data and second ciphertext fragment data; the encrypting the plurality of pieces of ciphertext fragment data to obtain a plurality of pieces of ciphertext fragment data includes: and according to a first encryption algorithm, carrying out encryption processing on the first piece of data to obtain first ciphertext piece of data, and according to a second encryption algorithm, carrying out encryption processing on the second piece of data to obtain second ciphertext piece of data.
Optionally, the acquiring the finger vein image to be identified includes: collecting an original finger vein image; performing a finger vein living body detection and/or an image quality detection with respect to the original finger vein image; and determining an original finger vein image detected by the finger vein living body detection and/or image quality detection as the finger vein image to be identified.
Optionally, the method is applied to a client device.
Another aspect of the present disclosure provides a method of identifying a finger vein image, comprising: receiving a plurality of ciphertext fragment data from a client device, wherein each ciphertext fragment data of the plurality of ciphertext fragment data comprises characteristic information of a finger vein image to be identified; decrypting the plurality of ciphertext fragment data to obtain a plurality of fragment data; distributing the plurality of pieces of data to a plurality of computing nodes so as to identify the plurality of pieces of data through the plurality of computing nodes and obtain an identification result aiming at the finger vein image to be identified; and sending the identification result to the client device.
Optionally, the plurality of ciphertext fragment data includes first ciphertext fragment data and second ciphertext fragment data; the decrypting the plurality of ciphertext fragment data to obtain a plurality of fragment data includes: and decrypting the first ciphertext fragment data according to the first encryption algorithm to obtain first fragment data, and decrypting the second ciphertext fragment data according to the second encryption algorithm to obtain second fragment data.
Optionally, the distributing the plurality of slice data to a plurality of computing nodes to identify the plurality of slice data by the plurality of computing nodes, to obtain an identification result for the finger vein image to be identified, includes: distributing a first computing node for the first piece of data and a second computing node for the second piece of data; acquiring the first fragment data through the first computing node, and computing a first similarity between the first fragment data and pre-stored finger vein features; acquiring the second fragment data through the second computing node, and computing a second similarity between the second fragment data and pre-stored finger vein features; and determining the identification result according to the first similarity and the second similarity.
Optionally, the method further comprises: storing the first fragment data into a first data cache space and storing the second fragment data into a second data cache space, wherein the first data cache space and the second data cache space belong to different management domains; wherein the obtaining, by the first computing node, the first shard data includes: reading, by the first computing node, first sharded data in the first data cache space; the obtaining, by the second computing node, the second shard data includes: and reading second fragment data in the second data cache space through the second computing node.
Optionally, the method is applied to the server device.
Another aspect of the present disclosure provides an apparatus for recognizing a finger vein image, including: the acquisition module is used for acquiring a finger vein image to be identified; the extraction module is used for extracting finger vein feature data from the finger vein image to be identified through a finger vein feature extraction algorithm; the slicing module is used for determining a plurality of slicing data according to the finger vein characteristic data; the encryption module is used for encrypting the plurality of pieces of fragment data to obtain a plurality of pieces of ciphertext fragment data; the sending module is used for sending the plurality of ciphertext fragment data to a server side device so that the server side device generates an identification result aiming at the finger vein image to be identified according to the plurality of ciphertext fragment data; and the first receiving module is used for receiving the identification result from the server-side equipment.
Another aspect of the present disclosure provides an apparatus for recognizing a finger vein image, including: the second receiving module is used for receiving a plurality of ciphertext fragment data from the client device, wherein each ciphertext fragment data in the plurality of ciphertext fragment data contains characteristic information of a finger vein image to be identified; the decryption module is used for decrypting the plurality of ciphertext fragment data to obtain a plurality of fragment data; the identification module is used for distributing the plurality of pieces of data to a plurality of computing nodes so as to identify the plurality of pieces of data through the plurality of computing nodes and obtain an identification result aiming at the finger vein image to be identified; and the sending module is used for sending the identification result to the client equipment.
Another aspect of the present disclosure provides a computing device comprising: one or more processors; and a storage means for storing one or more programs, which when executed by the one or more processors cause the one or more processors to implement the methods as described above.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions that, when executed, are configured to implement a method as described above.
Another aspect of the present disclosure provides a computer program comprising computer executable instructions which when executed are for implementing a method as described above.
According to the embodiment of the disclosure, the client device segments the finger vein feature data of the finger vein image to be identified to obtain a plurality of segment data, then encrypts the plurality of segment data, and sends the encrypted plurality of ciphertext segment data to the server device, so that the server device generates an identification result aiming at the finger vein image to be identified according to the plurality of ciphertext segment data, and the finger vein image is not leaked even if the ciphertext segment data is stolen after decryption, thereby realizing privacy protection of inter-mechanism finger vein identification technology application and technically improving safety and compliance of the finger vein feature data.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
fig. 1 schematically illustrates a system architecture of a method of recognizing a finger vein image and an apparatus of recognizing a finger vein image according to an embodiment of the present disclosure;
fig. 2 schematically illustrates a flowchart of a method of identifying a finger vein image according to an embodiment of the present disclosure;
fig. 3 schematically illustrates a flowchart of a method of identifying a finger vein image according to an embodiment of the present disclosure;
fig. 4 schematically illustrates a flow chart of a method of identifying a finger vein image according to another embodiment of the present disclosure;
fig. 5 schematically illustrates a block diagram of an apparatus for identifying a finger vein image according to an embodiment of the present disclosure;
fig. 6 schematically illustrates a block diagram of an apparatus for identifying a finger vein image according to another embodiment of the present disclosure;
FIG. 7 schematically illustrates a block diagram of an identification module according to an embodiment of the disclosure; and
fig. 8 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Some of the block diagrams and/or flowchart illustrations are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, when executed by the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart. The techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). Additionally, the techniques of this disclosure may take the form of a computer program product on a computer-readable storage medium having instructions stored thereon, the computer program product being for use by or in connection with an instruction execution system.
The disclosure provides a method and a device for identifying finger vein images, which can realize privacy protection of application of inter-institution finger vein identification technology and technically improve the safety and compliance of finger vein characteristic data.
Embodiments of the present disclosure provide a method of recognizing a finger vein image and an apparatus for recognizing a finger vein image capable of applying the method. The method comprises the steps of obtaining a finger vein image to be identified; extracting finger vein feature data from a finger vein image to be identified through a finger vein feature extraction algorithm; determining a plurality of fragment data according to the finger vein feature data; encrypting the plurality of pieces of data to obtain a plurality of pieces of ciphertext pieces of data; the method comprises the steps of sending a plurality of ciphertext fragment data to a server side device, so that the server side device generates a recognition result aiming at a finger vein image to be recognized according to the ciphertext fragment data; and receiving the identification result from the server device.
It should be noted that, the method and the device for identifying a finger vein image according to the embodiments of the present disclosure may be used in the field of information security, and may also be used in any field other than information security, and the application field of the method and the device for identifying a finger vein image is not limited in the present disclosure.
Fig. 1 schematically illustrates a system architecture of a method of recognizing a finger vein image and an apparatus of recognizing a finger vein image according to an embodiment of the present disclosure. It should be noted that fig. 1 is merely an example of a scenario in which embodiments of the present disclosure may be applied to assist those skilled in the art in understanding the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios.
As shown in fig. 1, a system architecture 100 according to this embodiment may include a server device 110, a client device 120, and a network 130. The network 130 is the medium used to provide communication links between the client devices 120 and the server devices 110. The network 130 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server device 110 over the network 130 using the client device 120 to receive or send messages, etc. Client device 120 may have installed thereon client applications such as, for example, an online banking client, shopping class application, web browser application, search class application, instant messaging tool, mailbox client, social platform software, and the like (just examples).
Client device 120 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server device 110 may be a server that provides various services, such as a background management server (by way of example only) that provides support for websites that users browse with the client device 120. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device. The server device 110 may schedule a plurality of computing nodes, each of which may be used to identify feature information in the finger vein image. It should be noted that the computing node may be disposed in the server device 110, or may be disposed in other devices other than the server device 110 and may interact with the server device 110, which is not specifically limited in this disclosure. Illustratively, in the embodiments of the present disclosure, the server device 110 may be a server deployed at the cloud.
In the disclosed embodiment, the client device 120 has, for example, a finger vein acquisition device 121, such as a near infrared imaging device, for acquiring finger vein images. The client device 120 may drive the near infrared imaging device 121 through a preloaded SDK (software development kit) to complete finger vein image acquisition, complete random slicing and encryption of finger vein feature data through SDK integrated finger vein feature extraction, data slicing and encryption functions, obtain a plurality of encrypted sliced data, and send the encrypted sliced data to the server device 110. After the server device 110 decrypts the received encrypted fragment data, the fragment data obtained after decryption is distributed to different computing nodes for recognition, so as to obtain a recognition result. The server device 110 then returns the recognition result to the client device 120.
According to embodiments of the present disclosure, client device 120 may act as a data owner and server device 110 may act as a technical service provider. A finger vein recognition privacy computing service may be deployed in the server device 110 for invocation by a client program in the client device 120. The client program in the client device 120 may drive the video stream data collected by the image capturing device to obtain the finger vein image for feature extraction, segmentation and encryption, and then invoke the finger vein recognition privacy calculation service of the server device 110 to complete decryption and segmentation comparison, so as to implement the whole finger vein recognition procedure, and ensure the privacy security of the finger vein information of the data owner.
It should be understood that the number of client devices, networks, and server devices in fig. 1 is merely illustrative. There may be any number of client devices, networks, and server devices, as desired for implementation.
Fig. 2 schematically illustrates a flowchart of a method of identifying a finger vein image according to an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S210 to S260. The method of the embodiments of the present disclosure may be performed, for example, by a client device, such as client device 120 shown in fig. 1.
In operation S210, a finger vein image to be identified is acquired.
According to an embodiment of the present disclosure, a client device has an imaging device, such as a near infrared imaging device. A finger vein image of the object to be identified is acquired by an imaging device.
According to the embodiment of the disclosure, in order to improve the accuracy of identification, the collected finger vein image can be subjected to finger vein living body detection and/or image quality detection, and the finger vein image with poor screening effect is screened according to the detection result, so that the original finger vein image detected by the finger vein living body detection and/or the image quality detection is determined as the finger vein image to be identified. The finger vein living body detection is used for detecting whether the finger vein image is acquired from a living body object, if the finger vein image is detected to be acquired from the living body object, the finger vein image passes through, and otherwise, the finger vein image does not pass through. The image quality detection is used for detecting the imaging effect of the finger vein image, if the imaging effect meets the preset requirement, the image passes, otherwise, the image does not pass, and therefore the image with poor imaging effect is screened out. More specifically, the preset requirements may include, for example, that the degree of shake, angle, size, brightness, etc. of the finger vein image are within a preset range.
In operation S220, finger vein feature data is extracted from the finger vein image to be identified by a finger vein feature extraction algorithm.
According to an embodiment of the present disclosure, the finger vein feature extraction algorithm may be, for example, a minutiae feature extraction algorithm (CN). And extracting minutiae data in the standardized image of the finger vein image to be identified according to the minutiae feature extraction algorithm to serve as finger vein feature data.
According to an embodiment of the present disclosure, in order to improve the effect of feature extraction, a normalization process may be performed on a finger vein image to be identified before feature extraction to transform and divide the finger vein image into normalized images having finger vein features. The normalization process may include, for example, median filtering denoising, edge detection image region clipping, size and gray scale normalization, histogram equalization image enhancement, gray scale threshold image segmentation, feature refinement, and the like.
In operation S230, a plurality of slice data are determined according to the finger vein feature data.
According to embodiments of the present disclosure, the patch data may be generated based on the finger vein feature data according to a random generation algorithm. Wherein the number of fragmented data is at least two.
Illustratively, in the present embodiment, the slice data may include first slice data and second slice data. The first sliced data may be generated based on the finger vein feature data according to a random generation algorithm, and then a preset operation may be performed on the finger vein feature data and the first sliced data to obtain the second sliced data. Wherein the finger vein feature data, the first patch data, and the second patch data have the same dimension. The preset operation may be, for example, a difference operation. According to other embodiments of the present disclosure, the preset operation may be an add operation, a multiply operation, a divide operation, or the like.
More specifically, an operation may be randomly determined as a target operation according to a random generation algorithm, and then the target operation is respectively performed for each element in the finger vein feature data, resulting in an operation result having the same dimension as the finger vein feature data as the first slice data. And then calculating the difference between each element in the finger vein feature data and the element corresponding to the element in the first sliced data to obtain a plurality of difference values as the second sliced data.
For example, the finger vein feature data is as follows:
the target operation randomly determined according to the random generation algorithm is multiplied by 2 and then subtracted by 1, and then the target operation is respectively compared with a 1 、a 2 、a 3 And a 4 The operation of multiplying 2 by 1 is performed to obtain first slice data as follows:
then, calculate the sum of each element in the finger vein feature data and the first slice dataThe difference between the corresponding elements, i.e. (2 a) 1 -1)-a 1 =a 1 -1,(2a 2 -1)-a 2 =a 2 -1 … … and so on, resulting in second slice data as follows:
those skilled in the art will appreciate that the above-described example embodiments are merely for the understanding of the present disclosure, and the present disclosure is not limited thereto.
According to the embodiment of the disclosure, the slicing data are randomly generated based on the finger vein feature data, so that the finger vein feature data can be hidden while the data features of the finger vein feature data are maintained, and the safety of the data is further improved.
In operation S240, the plurality of pieces of ciphertext fragment data are encrypted to obtain a plurality of pieces of ciphertext fragment data.
According to the embodiment of the disclosure, according to a first encryption algorithm, encryption processing is performed on first sliced data to obtain first ciphertext sliced data, and according to a second encryption algorithm, encryption processing is performed on second sliced data to obtain second ciphertext sliced data. The first encryption algorithm and the second encryption algorithm can be symmetric encryption algorithm or asymmetric encryption algorithm. The first encryption algorithm and the second encryption algorithm may be the same algorithm or different algorithms. In this embodiment, the first encryption algorithm and the second encryption algorithm are the same symmetric encryption algorithm, and the symmetric encryption algorithm may be, for example, a zu algorithm (ZUC algorithm) conforming to the national cryptographic standard.
In operation S250, the plurality of ciphertext fragment data is sent to the server device, so that the server device generates a recognition result for the finger vein image to be recognized according to the plurality of ciphertext fragment data.
According to the embodiment of the disclosure, the client device may send a plurality of ciphertext fragment data to the server device, and the server device generates an identification result for the finger vein image to be identified according to the plurality of ciphertext fragment data.
In operation S260, the identification result from the server device is received.
According to the embodiment of the disclosure, after the identification result generated by the server device, the generated identification result may be sent from the server device to the client device, and accordingly, the identification result from the server device may be received by the client device.
According to the embodiment of the disclosure, the client device segments the finger vein feature data of the finger vein image to be identified to obtain a plurality of segment data, then encrypts the plurality of segment data, and sends the encrypted plurality of ciphertext segment data to the server device, so that the server device generates an identification result for the finger vein image to be identified according to the plurality of ciphertext segment data, and even if the ciphertext segment data is stolen after decryption, the finger vein image is not leaked, thereby realizing privacy protection of inter-mechanism finger vein identification technology application and technically improving the safety and compliance of the finger vein feature data.
Fig. 3 schematically illustrates a flowchart of a method of identifying a finger vein image according to an embodiment of the present disclosure.
As shown in FIG. 3, the method includes operations S310-S340. The method of the embodiment of the present disclosure may be performed by a server device, for example, which may be the server device 110 shown in fig. 1.
In operation S310, a plurality of ciphertext fragment data from a client device is received.
According to an embodiment of the present disclosure, each ciphertext fragment data of the received plurality of ciphertext fragment data contains characteristic information of a finger vein image to be identified.
In operation S320, the plurality of ciphertext fragment data are decrypted, resulting in a plurality of fragment data.
According to the embodiment of the disclosure, the first ciphertext fragment data may be decrypted according to a first encryption algorithm to obtain first fragment data, and the second ciphertext fragment data may be decrypted according to a second encryption algorithm to obtain second fragment data.
In operation S330, the plurality of pieces of data are distributed to the plurality of computing nodes, so that the plurality of pieces of data are identified by the plurality of computing nodes, and an identification result for the finger vein image to be identified is obtained.
According to embodiments of the present disclosure, a first computing node may be allocated for a first piece of data and a second computing node may be allocated for a second piece of data. And then the first piece of data can be acquired through the first computing node, and the first similarity between the first piece of data and the pre-stored finger vein features is calculated. And acquiring second fragment data through a second computing node, and computing a second similarity between the second fragment data and the pre-stored finger vein features. Next, the recognition result is determined based on the first similarity and the second similarity.
According to an embodiment of the present disclosure, the pre-stored finger vein features are pre-recorded finger vein features of the user. Illustratively, in this embodiment, pre-stored finger vein features extracted from finger vein images entered by the user at the time of registration may be stored in the database in advance.
In this embodiment, the recognition result is determined to be the feature match when the first similarity and the second similarity are both greater than the similarity threshold, and the recognition result is determined to be the feature non-match when either one of the first similarity and the second similarity is less than or equal to the similarity threshold. The similarity threshold may be determined according to actual needs, which is not specifically limited in this disclosure.
According to the embodiment of the disclosure, the first fragment data can be stored into a first data cache space, and the second fragment data can be stored into a second data cache space, wherein the first data cache space and the second data cache space belong to different management domains. Because the first sliced data and the second sliced data are stored in different management domains, even if the data in a certain management domain are stolen by others, the original data cannot be recovered by the thief because only a single sliced data exists in the management domain, and the security is higher.
Based on this, the first sliced data may be obtained by the first computing node reading the first sliced data in the first data cache space, and the second sliced data may be obtained by the second computing node reading the second sliced data in the second data cache space.
In operation S340, the recognition result is transmitted to the client device.
The related technology adopts a method for transforming an original plaintext image and a method for implementing full encryption on a finger vein image to realize privacy protection of finger vein identification in a cross-mechanism application scene. For the method for transforming the original plaintext image, the original characteristics of the image are changed in the process of transforming the original plaintext image, so that the biological characteristic value extracted by the finger vein recognition algorithm is influenced, the recognition precision is influenced, and even the extracted characteristics cannot be used for finger vein recognition. For the method for implementing full encryption on the finger vein image, although the method improves the security of transmitting the finger vein feature image, the finger vein image needs to be decrypted before the finger vein recognition algorithm is executed to finish finger vein recognition feature extraction, and under the condition of external attack, the decrypted finger vein image still has the risk of being leaked.
According to the embodiment of the disclosure, the server device decrypts the received ciphertext fragment data to obtain fragment data, then distributes the fragment data to a plurality of computing nodes, and identifies the fragment data through the computing nodes to obtain an identification result aiming at the finger vein image to be identified. In the process, the fragmented data are isolated from each other, and as the fragmented data conceal the finger vein feature data, even if the decrypted fragmented data is lost, the finger vein feature is not leaked, so that the safety of the finger vein feature data is improved, and the privacy data of a user is protected.
The method illustrated in fig. 2 is further described below with reference to fig. 4 in conjunction with an exemplary embodiment.
Those skilled in the art will appreciate that the following example embodiments are merely for the understanding of the present disclosure, and the present disclosure is not limited thereto.
Fig. 4 schematically illustrates a flow chart of a method of identifying a finger vein image according to another embodiment of the present disclosure.
As shown in fig. 4, the method may include, for example, the following steps S401 to S411.
In step S401, the client device acquires a finger vein image.
According to the embodiment of the disclosure, the client device can acquire and generate a complete finger vein original image meeting the standard after passing finger vein living body detection and picture quality detection by driving the near infrared imaging device. The acquisition function can be compatible with finger vein near infrared imaging equipment of different manufacturers.
In step S402, the client device completes extraction of the finger vein feature data from the finger vein original image acquired in step S401 through a finger vein feature extraction algorithm.
According to embodiments of the present disclosure, a normalized image with refined finger vein features may be segmented by median filtering denoising, edge detection image region clipping, size and gray scale normalization, histogram equalization image enhancement, gray scale threshold image segmentation, feature refinement, and the like. Then, a minutiae feature extraction algorithm Cross Number (CN) is applied to extract minutiae information of the finger vein image, and the minutiae information is output as a 256-dimensional vector space, which is called a feature vector A for convenience of description.
In step S403, the client device divides the finger vein feature data into random piece data by a piece-wise algorithm.
According to the embodiment of the disclosure, 256-dimensional feature vectors extracted from the original plaintext image of the finger vein can be subjected to slicing processing, so that finger vein feature random slicing data can be generated. Illustratively, in this embodiment, the feature vector element random difference processing is adopted to generate a finger vein feature random sequence, more specifically, a random vector B corresponding to 256-dimensional length can be generated by a random function according to the number of dimensions of the feature vector a, and difference operation is performed on each element of the two to obtain a 256-dimensional vector C. Because the generation of the random vector B is random, the numerical values are different every time, even if the finger vein characteristic data of the same person are, the characteristic values of the vector C are different under different use scenes. Thus, two finger vein feature random fragment data of the feature vector B and the feature vector C can be generated according to the feature vector A extracted from the original image.
In step S404, the client device encrypts the data fragments by an encryption algorithm to obtain ciphertext fragment data.
According to the embodiment of the disclosure, the random fragmented data of the finger vein features are encrypted, so that confidentiality protection transmission of the fragmented data of the finger vein features is realized. Illustratively, in this embodiment, a symmetric encryption algorithm is used to encrypt the fragmented data into ciphertext, and the symmetric encryption algorithm uses a ZUC algorithm that meets the national cryptographic standard.
In step S405, the client device uploads the ciphertext fragment data to the server device of the cloud.
In step S406, the server device receives the finger vein feature ciphertext fragment data sent by the client device.
In step S407, the server device invokes the symmetric encryption key, decrypts the received ciphertext fragment data, and reverts to the finger vein feature random fragment data.
According to the embodiment of the disclosure, the server device adopts a symmetric encryption algorithm corresponding to the client device to decrypt the ciphertext fragment and restore the ciphertext fragment to finger vein feature random fragment data.
According to the embodiment of the disclosure, the server device can respectively send the encrypted fragment data to the partner databases belonging to different management domains. Because the same management domain only holds partial fragments, any party cannot restore the finger vein characteristic value under the condition that the fragment data of other parties are not acquired, thereby enhancing the data security.
In step S408, the server device routes the fragmented data to the corresponding computing node.
According to the embodiment of the disclosure, after decrypted finger vein feature random fragment data are respectively sent to data cache spaces belonging to different management domains, the decrypted finger vein feature random fragment data can be forwarded to algorithm computing nodes for finger vein recognition comparison according to a route designated by task scheduling, and registered and recognized finger vein feature random fragment data are respectively used as data input of the respective computing nodes.
In step S409, the server device starts a finger vein recognition comparison algorithm operation through the cloud computing node, and respectively inputs the registered finger vein feature fragment data and the received field finger vein feature fragment data as data of the respective computing nodes, so as to cooperatively complete the comparison calculation of the finger vein features, and obtain a recognition result.
According to the embodiment of the disclosure, a plurality of finger vein recognition computing nodes of different management domains can be comprehensively scheduled to start a collaborative computing task according to the requirements of the finger vein recognition computing task, cosine distances are used for judging two groups of feature similarities, the operation of random fragmentation data of finger vein feature vectors of on-site finger veins (finger vein images to be recognized collected on site) and random fragmentation data of finger vein feature vectors of registered finger veins (finger vein images collected during registration) is completed, and when the similarity of the two is greater than a set threshold value, the on-site finger veins and the registered finger veins are considered to belong to the same person, and a final finger vein feature comparison operation result is returned after the calculation is completed.
In step S410, the server device returns the identification result to the client device in real time.
In step S411, the client device receives the identification result.
According to the embodiment of the disclosure, the client device drives the near infrared imaging device to complete finger vein image acquisition through the SDK of the client software, and random slicing and encryption of finger vein feature data are completed through finger vein feature extraction, data slicing and encryption functions integrated by the client SDK, so that finger vein recognition service with privacy protection function is realized in cooperation with finger vein recognition privacy calculation service of the cloud.
The method for identifying the finger vein image can realize privacy protection of application of inter-institution finger vein identification technology. Based on the method, under the premise of no trust of third party management and no dependence on specific hardware equipment, the data owner can technically ensure that the privacy of the finger vein information of the user is protected and prevent the leakage of the finger vein information data in the process of circulating across institutions when using the finger vein identification service of an external technical service provider. More specifically, the method is advantageous at least in the following ways.
Firstly, the legal rights and interests of the user can be ensured. According to the embodiment of the disclosure, the finger vein information of the user is converted into the finger vein feature random fragment data or the ciphertext data in the registration, transmission and identification processes, and the finger vein feature random fragment data or the ciphertext data are dispersed in different management nodes to be stored and cooperatively calculated, so that the user can be ensured not to be infringed while obtaining the convenient finger vein identification authentication service.
And secondly, the operation benefit of the data owner can be improved. According to the embodiment of the disclosure, the data owner is used as a personal biological information collecting main body, so that the data use purpose and range of the personal finger vein information of the user can be effectively managed, convenient and safe intelligent service is provided for the user, the capability of acquiring passengers and living passengers is enhanced, the business performance is improved, meanwhile, the personal information safety protection responsibility is realized, and the supervision compliance requirement is met.
And thirdly, the service boundary of the technical service provider can be expanded. According to the method for identifying the finger vein image, the finger vein identification privacy protection technical means is improved, the concern that the collected finger veins are leaked by a user is eliminated, the finger vein identification technology can be promoted to provide more cooperators for scene popularization, more enterprises are driven to intelligently upgrade, and the service output range and quality are improved.
Fig. 5 schematically illustrates a block diagram of an apparatus for identifying a finger vein image according to an embodiment of the present disclosure.
As shown in fig. 5, the apparatus 500 for recognizing a finger vein image includes an acquisition module 510, an extraction module 520, a segmentation module 530, an encryption module 540, a transmission module 550, and a first reception module 560. The apparatus 500 for identifying a finger vein image may perform the method described above with reference to fig. 2.
Specifically, the obtaining module 510 may be configured to obtain an image of a finger vein to be identified.
The extracting module 520 may be configured to extract the finger vein feature data from the finger vein image to be identified through a finger vein feature extracting algorithm.
The slicing module 530 may be configured to determine a plurality of slicing data based on the finger vein feature data.
The encryption module 540 may be configured to encrypt the plurality of pieces of ciphertext fragment data to obtain a plurality of pieces of ciphertext fragment data.
The sending module 550 may be configured to send the plurality of ciphertext fragment data to the server device, so that the server device generates the recognition result for the finger vein image to be recognized according to the plurality of ciphertext fragment data.
The first receiving module 560 may be configured to receive the identification result from the server device.
Illustratively, in this embodiment, the obtaining module 510 may be specifically configured to collect an original plaintext image of the finger vein. Packaging the finger vein collection SDK, driving the near infrared imaging device, obtaining finger vein images of a user, obtaining front images meeting finger vein recognition requirements after finger vein living body detection and picture quality detection, and generating a whole finger vein plaintext image.
Illustratively, in this embodiment, the extraction module 520 may be specifically configured to extract the finger vein feature vector value from the input finger vein original image through a finger vein feature extraction algorithm. The method comprises the following steps: the standardized image with the thinned finger vein features is segmented through the steps of median filtering denoising treatment, edge detection image region clipping, size and gray scale normalization, histogram equalization image enhancement, gray scale threshold image segmentation, feature refinement and the like. And then, extracting the minutiae information of the finger vein image by applying a minutiae feature extraction algorithm Cross Number (CN), and outputting the minutiae information into a 256-dimensional vector space.
Illustratively, in this embodiment, the slicing module 530 may be specifically configured to perform slicing processing on 256-dimensional feature vectors extracted from an original plaintext image of a finger vein, so as to generate random slicing data of the finger vein feature. The method adopts the random difference processing of the characteristic vector elements to generate a finger vein characteristic random sequence, and specifically comprises the following steps: according to the number of dimensions of the feature vector A generated by the finger vein feature extraction unit, generating a random vector B corresponding to 256 dimensions by a random function, and performing difference operation on each element of the random vector B and the random vector B to obtain a 256-dimensional vector C. Because the generation of B is random, the numerical values are different every time, even if the finger vein characteristic data of the same person are different, the characteristic values of the vector C are different under different use scenes. Thus, two finger vein feature random fragment data of the feature vector B and the feature vector C can be generated according to the feature vector A extracted from the original image.
In this embodiment, the extracting module 520 may be specifically configured to encrypt the random slice data of the finger vein feature, so as to implement confidentiality protection transmission of the slice data of the finger vein feature. And encrypting the sliced data into ciphertext by adopting a symmetric encryption algorithm, wherein the symmetric encryption algorithm adopts a ZUC algorithm conforming to the national encryption standard.
Fig. 6 schematically illustrates a block diagram of an apparatus for identifying images of a finger vein according to another embodiment of the present disclosure.
As shown in fig. 6, the apparatus 600 for recognizing a finger vein image includes a second receiving module 610, a decrypting module 620, a recognizing module 630, and a transmitting module 640. The apparatus 600 for recognizing a finger vein image may perform the method described above with reference to fig. 3.
Specifically, the second receiving module 610 may be configured to receive a plurality of ciphertext fragment data from the client device, where each ciphertext fragment data of the plurality of ciphertext fragment data includes feature information of the finger vein image to be identified.
The decryption module 620 may be configured to decrypt the plurality of ciphertext fragment data to obtain a plurality of fragment data.
The identifying module 630 may be configured to distribute the plurality of slice data to a plurality of computing nodes, so as to identify the plurality of slice data by the plurality of computing nodes, and obtain an identification result for the finger vein image to be identified.
The sending module 640 may be configured to send the identification result to the client device.
Illustratively, in this embodiment, the decryption module 620 may be specifically configured to restore the ciphertext fragment of the finger vein feature to plaintext random fragment data. Specifically, a symmetric encryption algorithm corresponding to the client can be adopted to decrypt the ciphertext fragment to restore the ciphertext fragment to the finger vein feature random fragment data.
Fig. 7 schematically illustrates a block diagram of an identification module according to an embodiment of the disclosure.
As shown in fig. 7, the identification module 630 may include, for example, a data access unit 731, a multiparty security calculation unit 732, and a task scheduling unit 733.
The data access unit 731 may be configured to receive and route the finger vein feature random fragment data restored by the decryption module 620, and distribute the required feature data of the finger vein recognition operation to the corresponding computing node. The decrypted finger vein feature random fragment data are respectively sent to data cache spaces of different management domains, then are forwarded to algorithm computing nodes for finger vein recognition comparison according to routes appointed by task scheduling, and the registered and recognized finger vein feature random fragment data are respectively used as data input of the respective computing nodes.
The multiparty security calculation unit 732 may be configured to complete a comparison operation of random segment data of the finger vein feature, and ensure that the computed result of the segment data is consistent with the computed result of the complete feature data, or that the accuracy of the result loss is within an acceptable range. Specifically, the multiparty security computing unit can be divided into two parts of computing support and business computing logic. The computing support realizes basic multiparty secure computing protocols such as secret sharing, homomorphic encryption, garbled circuits and the like, and encapsulates basic computing functions such as addition, subtraction, multiplication, division, comparison and the like and other complex computing functions derived from the basic computing functions. The service calculation logic part comprises calculation steps required for supporting the finger vein recognition service scene, and each step is used for completing calculation of finger vein feature data by calling a basic calculation function and a derivative calculation function.
The task scheduling unit 733 may be configured to implement task scheduling management between different computing nodes. According to the requirements of the finger vein recognition calculation tasks, a plurality of finger vein recognition calculation nodes of different management domains are comprehensively scheduled to start a collaborative calculation task, cosine distances are used for judging two groups of feature similarities, the operation of finger vein feature vector random slicing data of the on-site finger vein photo and finger vein feature vector random slicing data of the registered finger vein photo is completed, when the similarity of the two is larger than a set threshold value, the on-site finger vein photo and the registered finger vein photo are considered to belong to the same person, and a final finger vein feature comparison operation result is returned after the calculation is completed.
Any number of modules, sub-modules, units, sub-units, or at least some of the functionality of any number of the sub-units according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented as split into multiple modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or in any other reasonable manner of hardware or firmware that integrates or encapsulates the circuit, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be at least partially implemented as computer program modules, which when executed, may perform the corresponding functions.
For example, any of the acquisition module 510, the extraction module 520, the fragmentation module 530, the encryption module 540, the transmission module 550, the first reception module 560, the second reception module 610, the decryption module 620, the identification module 630, and the transmission module 640 may be combined in one module to be implemented, or any one of the modules may be split into a plurality of modules. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the acquisition module 510, the extraction module 520, the fragmentation module 530, the encryption module 540, the transmission module 550, the first receiving module 560, the second receiving module 610, the decryption module 620, the identification module 630, and the transmission module 640 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging circuitry, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the acquisition module 510, the extraction module 520, the fragmentation module 530, the encryption module 540, the transmission module 550, the first reception module 560, the second reception module 610, the decryption module 620, the identification module 630, and the transmission module 640 may be at least partially implemented as a computer program module, which may perform the corresponding functions when being executed.
Fig. 8 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method according to an embodiment of the present disclosure. The computer system illustrated in fig. 8 is merely an example, and should not be construed as limiting the functionality and scope of use of the embodiments of the present disclosure.
As shown in fig. 8, a computer system 800 according to an embodiment of the present disclosure includes a processor 801 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 802 or a program loaded from a storage section 808 into a Random Access Memory (RAM) 803. The processor 801 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 801 may also include on-board memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the disclosure.
In the RAM 803, various programs and data required for the operation of the system 800 are stored. The processor 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. The processor 801 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 802 and/or the RAM 803. Note that the program may be stored in one or more memories other than the ROM 802 and the RAM 803. The processor 801 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in one or more memories.
According to an embodiment of the present disclosure, the system 800 may further include an input/output (I/O) interface 805, the input/output (I/O) interface 805 also being connected to the bus 804. The system 800 may also include one or more of the following components connected to the I/O interface 805: an input portion 806 including a keyboard, mouse, etc.; an output portion 807 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 808 including a hard disk or the like; and a communication section 809 including a network interface card such as a LAN card, a modem, or the like. The communication section 809 performs communication processing via a network such as the internet. The drive 810 is also connected to the I/O interface 805 as needed. A removable medium 811 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 810 as needed so that a computer program read out therefrom is mounted into the storage section 808 as needed.
Embodiments of the present disclosure also include a computer program product comprising a computer program comprising program code for performing the methods provided by the embodiments of the present disclosure, the program code for causing an electronic device to implement the methods of identifying images of finger veins provided by the embodiments of the present disclosure when the computer program product is run on an electronic device.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 801. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure. In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, and/or from a removable medium 811 via a communication portion 809. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 802 and/or RAM 803 and/or one or more memories other than ROM 802 and RAM 803 described above.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.
Claims (11)
1. A method of identifying a finger vein image, comprising:
acquiring a finger vein image to be identified;
extracting finger vein feature data from the finger vein image to be identified through a finger vein feature extraction algorithm;
determining a plurality of fragment data according to the finger vein feature data;
encrypting the plurality of fragment data to obtain a plurality of ciphertext fragment data;
the plurality of ciphertext fragment data are sent to a server side device, so that the server side device generates an identification result aiming at the finger vein image to be identified according to the plurality of ciphertext fragment data; and
receiving an identification result from the server device;
Wherein the plurality of sliced data includes first sliced data and second sliced data; the determining a plurality of slice data according to the finger vein feature data comprises:
generating first fragment data with the same dimension as the finger vein feature data based on the finger vein feature data according to a random generation algorithm; and
performing preset operation on the finger vein feature data and the first fragment data to obtain second fragment data with the same dimension as the finger vein feature data;
the generating, according to a random generation algorithm, first patch data having the same dimension as the finger vein feature data based on the finger vein feature data includes:
randomly determining target operation according to a random generation algorithm; and
respectively executing the target operation aiming at each element in the finger vein feature data to obtain an operation result with the same dimension as the finger vein feature data as the first fragment data;
the preset operation is a difference operation; the performing a preset operation on the finger vein feature data and the first slice data to obtain second slice data with the same dimension as the finger vein feature data, including:
Calculating the difference between each element in the finger vein feature data and the element corresponding to the element in the first sliced data to obtain a plurality of difference values as the second sliced data;
the plurality of ciphertext fragment data includes first ciphertext fragment data and second ciphertext fragment data; the encrypting the plurality of pieces of ciphertext fragment data to obtain a plurality of pieces of ciphertext fragment data includes:
and according to a first encryption algorithm, carrying out encryption processing on the first piece of data to obtain first ciphertext piece of data, and according to a second encryption algorithm, carrying out encryption processing on the second piece of data to obtain second ciphertext piece of data.
2. The method of claim 1, wherein the extracting finger vein feature data from the finger vein image to be identified by a finger vein feature extraction algorithm comprises:
determining a standardized image according to the finger vein image to be identified; and
and extracting minutiae data in the standardized image according to a minutiae feature extraction algorithm to serve as the finger vein feature data.
3. The method of claim 2, wherein the determining a standardized image from the image of the finger vein to be identified comprises:
Performing standardization processing on the finger vein image to be identified to obtain the standardization image,
wherein the normalization process includes at least one of:
median filtering denoising processing, edge detection image region clipping, size and gray scale normalization, histogram equalization image enhancement, gray scale threshold image segmentation and feature refinement.
4. The method of claim 1, wherein the acquiring the image of the finger vein to be identified comprises:
collecting an original finger vein image;
performing a finger vein living body detection and/or an image quality detection with respect to the original finger vein image; and
and determining an original finger vein image detected through the finger vein living body detection and/or image quality detection as the finger vein image to be identified.
5. The method of claim 1, further comprising:
receiving a plurality of ciphertext fragment data from a client device, wherein each ciphertext fragment data of the plurality of ciphertext fragment data comprises characteristic information of a finger vein image to be identified;
decrypting the plurality of ciphertext fragment data to obtain a plurality of fragment data;
distributing the plurality of pieces of data to a plurality of computing nodes so as to identify the plurality of pieces of data through the plurality of computing nodes and obtain an identification result aiming at the finger vein image to be identified; and
Transmitting the identification result to the client device;
wherein the plurality of ciphertext fragment data includes first ciphertext fragment data and second ciphertext fragment data; the decrypting the plurality of ciphertext fragment data to obtain a plurality of fragment data includes:
and decrypting the first ciphertext fragment data according to the first encryption algorithm to obtain first fragment data, and decrypting the second ciphertext fragment data according to the second encryption algorithm to obtain second fragment data.
6. The method of claim 5, wherein the distributing the plurality of sliced data to a plurality of computing nodes to identify the plurality of sliced data by the plurality of computing nodes to obtain the identification result for the finger vein image to be identified comprises:
distributing a first computing node for the first piece of data and a second computing node for the second piece of data;
acquiring the first fragment data through the first computing node, and computing a first similarity between the first fragment data and pre-stored finger vein features;
acquiring the second fragment data through the second computing node, and computing a second similarity between the second fragment data and pre-stored finger vein features; and
And determining the identification result according to the first similarity and the second similarity.
7. The method of claim 6, further comprising: storing the first fragment data into a first data cache space and storing the second fragment data into a second data cache space, wherein the first data cache space and the second data cache space belong to different management domains;
wherein the obtaining, by the first computing node, the first shard data includes: reading, by the first computing node, first sharded data in the first data cache space;
the obtaining, by the second computing node, the second shard data includes: and reading second fragment data in the second data cache space through the second computing node.
8. An apparatus for identifying a finger vein image, comprising:
the acquisition module is used for acquiring a finger vein image to be identified;
the extraction module is used for extracting finger vein feature data from the finger vein image to be identified through a finger vein feature extraction algorithm;
the slicing module is used for determining a plurality of slicing data according to the finger vein characteristic data; the plurality of slice data includes first slice data and second slice data, and the determining the plurality of slice data according to the finger vein feature data includes:
Generating first fragment data with the same dimension as the finger vein feature data based on the finger vein feature data according to a random generation algorithm; and
performing preset operation on the finger vein feature data and the first fragment data to obtain second fragment data with the same dimension as the finger vein feature data;
the generating, according to a random generation algorithm, first patch data having the same dimension as the finger vein feature data based on the finger vein feature data includes:
randomly determining target operation according to a random generation algorithm; and
respectively executing the target operation aiming at each element in the finger vein feature data to obtain an operation result with the same dimension as the finger vein feature data as the first fragment data;
the preset operation is a difference operation; the performing a preset operation on the finger vein feature data and the first slice data to obtain second slice data with the same dimension as the finger vein feature data, including:
calculating the difference between each element in the finger vein feature data and the element corresponding to the element in the first sliced data to obtain a plurality of difference values as the second sliced data;
The encryption module is used for encrypting the plurality of pieces of data to obtain a plurality of pieces of ciphertext fragment data, wherein the plurality of pieces of ciphertext fragment data comprise first ciphertext fragment data and second ciphertext fragment data; the encrypting the plurality of pieces of ciphertext fragment data to obtain a plurality of pieces of ciphertext fragment data includes:
encrypting the first sliced data according to a first encryption algorithm to obtain first ciphertext sliced data, and encrypting the second sliced data according to a second encryption algorithm to obtain second ciphertext sliced data;
the sending module is used for sending the plurality of ciphertext fragment data to a server side device so that the server side device generates an identification result aiming at the finger vein image to be identified according to the plurality of ciphertext fragment data; and
and the first receiving module is used for receiving the identification result from the server-side equipment.
9. The apparatus of claim 8, further comprising:
the second receiving module is used for receiving a plurality of ciphertext fragment data from the client device, wherein each ciphertext fragment data in the plurality of ciphertext fragment data contains characteristic information of a finger vein image to be identified;
The decryption module is used for decrypting the plurality of ciphertext fragment data to obtain a plurality of fragment data;
the identification module is used for distributing the plurality of pieces of data to a plurality of computing nodes so as to identify the plurality of pieces of data through the plurality of computing nodes and obtain an identification result aiming at the finger vein image to be identified; and
and the sending module is used for sending the identification result to the client equipment.
10. A computing device, comprising:
one or more processors;
a memory for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1 to 7.
11. A computer readable storage medium storing computer executable instructions which, when executed, are adapted to carry out the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110288238.9A CN113052045B (en) | 2021-03-17 | 2021-03-17 | Method, apparatus, computing device and medium for identifying finger vein image |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110288238.9A CN113052045B (en) | 2021-03-17 | 2021-03-17 | Method, apparatus, computing device and medium for identifying finger vein image |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113052045A CN113052045A (en) | 2021-06-29 |
| CN113052045B true CN113052045B (en) | 2023-04-28 |
Family
ID=76513236
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110288238.9A Active CN113052045B (en) | 2021-03-17 | 2021-03-17 | Method, apparatus, computing device and medium for identifying finger vein image |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113052045B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760068A (en) * | 2022-04-08 | 2022-07-15 | 中国银行股份有限公司 | User identity authentication method, system, electronic device and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9749299B1 (en) * | 2015-03-09 | 2017-08-29 | Symantec Corporation | Systems and methods for image-based encryption of cloud data |
| US10541983B1 (en) * | 2017-07-19 | 2020-01-21 | Amazon Technologies, Inc. | Secure storage and searching of information maintained on search systems |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106658490B (en) * | 2016-11-08 | 2019-11-12 | 南京邮电大学 | A kind of wireless sensor network homomorphic cryptography method for secret protection |
| CN107862282B (en) * | 2017-11-07 | 2020-06-16 | 深圳市金城保密技术有限公司 | Finger vein identification and security authentication method, terminal and system |
| CN109598247B (en) * | 2018-12-07 | 2022-09-06 | 黑龙江大学 | Two-dimensional code identity authentication method based on vein image detail point and grain characteristics |
-
2021
- 2021-03-17 CN CN202110288238.9A patent/CN113052045B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9749299B1 (en) * | 2015-03-09 | 2017-08-29 | Symantec Corporation | Systems and methods for image-based encryption of cloud data |
| US10541983B1 (en) * | 2017-07-19 | 2020-01-21 | Amazon Technologies, Inc. | Secure storage and searching of information maintained on search systems |
Non-Patent Citations (2)
| Title |
|---|
| AYHAN OZAN YILMAZ.An Infrastructure for efficient reporting workflow in grid based teleradiology applications.《MIDDLE EAST TECHNICAL UNIVERSITY》.2015,全文. * |
| 傅超仪.面向动态数据的隐私保护方法研究.《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑》.2020,全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113052045A (en) | 2021-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112949545B (en) | Method, apparatus, computing device and medium for recognizing face image | |
| Joseph et al. | RETRACTED ARTICLE: A multimodal biometric authentication scheme based on feature fusion for improving security in cloud environment | |
| US8712047B2 (en) | Visual universal decryption apparatus and methods | |
| US11599669B2 (en) | Image distribution using composite re-encrypted images | |
| CN111741020B (en) | Public data set determination method, device and system based on data privacy protection | |
| Jang et al. | Partial image encryption using format-preserving encryption in image processing systems for Internet of things environment | |
| US20200136818A1 (en) | System for generating personalized service content | |
| CN110647641A (en) | Identity authentication method, identity authentication device, computer equipment and storage medium | |
| Mohanty et al. | PANDORA: Preserving privacy in PRNU-based source camera attribution | |
| CN113052045B (en) | Method, apparatus, computing device and medium for identifying finger vein image | |
| CN116383793B (en) | Face data processing method, device, electronic equipment and computer readable medium | |
| CN113052044A (en) | Method, apparatus, computing device, and medium for recognizing iris image | |
| Jasmine et al. | A privacy preserving based multi-biometric system for secure identification in cloud environment | |
| CN116456127B (en) | Video processing system, method, device, electronic equipment and storage medium | |
| EP4296996A1 (en) | Secure search method, secure search system, secure search device, encryption device, searcher terminal, and program | |
| Prakash et al. | Cloud and Edge Computing-Based Computer Forensics: Challenges and Open Problems. Electronics 2021, 10, 1229 | |
| Christy | Data Prevention Technique For Securing The Data | |
| through an Encrypted | Implementation of a Security System in IaaS Cloud Server through an Encrypted Blockchain | |
| Keserwani et al. | Evidence Building for Ad Click or Web Access on Cloud | |
| CN117275079A (en) | Iris-based identity recognition method and device | |
| CN114826689A (en) | Information entry method, security authentication method and electronic equipment | |
| CN112149104A (en) | Screen capture control method and device, computer readable medium and electronic equipment | |
| CN114580028A (en) | Case and field wind control method, device, equipment and system based on monitoring and reviewing | |
| Karthika et al. | Authorization of Aadhar data using Diffie Helman key with enhanced security concerns |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |