CN115577336A - Biological identification processing method, device and equipment - Google Patents

Biological identification processing method, device and equipment Download PDF

Info

Publication number
CN115577336A
CN115577336A CN202210466431.1A CN202210466431A CN115577336A CN 115577336 A CN115577336 A CN 115577336A CN 202210466431 A CN202210466431 A CN 202210466431A CN 115577336 A CN115577336 A CN 115577336A
Authority
CN
China
Prior art keywords
sample data
encoder
training
privacy protection
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210466431.1A
Other languages
Chinese (zh)
Inventor
曹佳炯
丁菁汀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202210466431.1A priority Critical patent/CN115577336A/en
Publication of CN115577336A publication Critical patent/CN115577336A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Data Mining & Analysis (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

The embodiment of the specification discloses a biological identification processing method, a biological identification processing device and biological identification processing equipment, wherein the method comprises the following steps: acquiring a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user; respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and performing privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by performing model training in a first model training mode and/or performing model training in a second model training mode, the first model training mode is a mode of performing model training sequentially through training sample data containing difficult sample data and performing model training through multiple groups of countermeasure sample data, and the second model training mode is a mode of performing model training through a plurality of acquired countermeasure characteristics; and carrying out biological identification processing on the target user based on the user biological information after privacy protection.

Description

Biological identification processing method, device and equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a biometric identification method, apparatus, and device.
Background
In recent years, the biometric technology has been rapidly developed, and the application of biometric identification has entered into the work and life of people, such as face access control in a certain community, face cash registers in a certain supermarket, fingerprint unlocking of mobile phones, and the like. However, while the biometric identification system provides convenience for the user, since the biometric identification system needs to collect, transmit, process, store and the like the user's biometric information, the user's private information (i.e., the user's biometric information) is in a high-risk state, and once the user's private information is leaked, the property and information security of the user will be greatly threatened.
The privacy protection capability becomes an important capability of a biometric identification system, and in general, privacy protection processing can be performed by means of information encryption, specifically, encryption or rank confusion processing of user biometric information by using simple linear operation, but the above method is simple in operation, single in flow and easy to crack by means of brute force and the like. In addition, privacy protection processing can be performed in a deep learning manner, specifically, privacy protection processing is performed on user biological information by training and using a deep learning model (such as a neural network model, etc.), so as to obtain the user biological information after privacy protection, but since the training of the deep learning model is data-driven, the security capability of the deep learning model is seriously reduced for data types of training sample data which do not exist or are few in number in the training sample data. Based on this, it is necessary to provide a technical solution for biometric identification of a user with higher security and stronger privacy protection capability.
Disclosure of Invention
The technical scheme of the user biometric identification is higher in security and higher in privacy protection capability.
In order to implement the above technical solution, the embodiments of the present specification are implemented as follows:
an embodiment of the present specification provides a biometric processing method, including: the method comprises the steps of obtaining a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user. Respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and carrying out privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by carrying out model training through a first model training mode and/or carrying out model training through a second model training mode, the first model training mode is a mode of carrying out model training through training sample data containing difficult sample data and carrying out model training through multiple groups of confrontation sample data in sequence, and the second model training mode is a mode of carrying out model training through a plurality of confrontation features obtained in advance. And carrying out biological identification processing on the target user based on the user biological information after privacy protection.
An embodiment of the present specification provides a biometric processing apparatus, including: the request module acquires a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user. The first privacy protection module is used for respectively inputting the user biological information into an encoder used for privacy protection of the user biological information, privacy protection processing is carried out on the user biological information through the encoder, and the user biological information after privacy protection is obtained. And the biological identification module is used for carrying out biological identification processing on the target user based on the user biological information after privacy protection.
An embodiment of the present specification provides a biometric processing apparatus, including: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to: the method comprises the steps of obtaining a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user. The method comprises the steps of respectively inputting the user biological information into an encoder for carrying out privacy protection on the user biological information, carrying out privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by carrying out model training through a first model training mode and/or carrying out model training through a second model training mode, the first model training mode is a mode of carrying out model training through training sample data containing difficult sample data and carrying out model training through multiple groups of confrontation sample data in sequence, and the second model training mode is a mode of carrying out model training through a plurality of confrontation features obtained in advance. And carrying out biological identification processing on the target user based on the user biological information after privacy protection.
Embodiments of the present specification also provide a storage medium for storing computer-executable instructions, which when executed by a processor implement the following processes: the method comprises the steps of obtaining a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user. The method comprises the steps of respectively inputting the user biological information into an encoder for carrying out privacy protection on the user biological information, carrying out privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by carrying out model training through a first model training mode and/or carrying out model training through a second model training mode, the first model training mode is a mode of carrying out model training through training sample data containing difficult sample data and carrying out model training through multiple groups of confrontation sample data in sequence, and the second model training mode is a mode of carrying out model training through a plurality of confrontation features obtained in advance. And carrying out biological identification processing on the target user based on the user biological information after privacy protection.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
FIG. 1 illustrates an embodiment of a biometric determination process described herein;
FIG. 2 is another embodiment of a biometric determination process described herein;
FIG. 3 is a schematic diagram of a biometric processing system according to the present disclosure;
FIG. 4 is a diagram illustrating another embodiment of a biometric determination process;
FIG. 5 is a diagram illustrating another embodiment of a biometric determination process;
FIG. 6 illustrates an embodiment of a biometric processing device of the present disclosure;
fig. 7 illustrates an embodiment of a biometric processing device according to the present disclosure.
Detailed Description
The embodiment of the specification provides a biometric identification processing method, a biometric identification processing device and biometric identification processing equipment.
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
Example one
As shown in fig. 1, an execution subject of the method may be a terminal device or a server, where the terminal device may be a certain terminal device such as a mobile phone and a tablet computer, a computer device such as a notebook computer or a desktop computer, or an IoT device (specifically, a smart watch, a vehicle-mounted device, etc.). The server may be an independent server, or a server cluster formed by a plurality of servers, and the server may be a background server of financial service or online shopping service, or a background server of an application program. The method specifically comprises the following steps:
in step S102, a biometric request of a target user is acquired, the biometric request including user biometric information of the target user.
The target user may be any user, such as the owner of the terminal device, and the target user may initiate the biometric request through the terminal device. The user biological information may include a plurality of types, for example, fingerprint information, palm print information, facial information, iris information, or the like of the user, in practical applications, the carrier of the user biological information may include a plurality of types, for example, the various user biological information may be carried in an image manner, and may be specifically set according to practical situations, which is not limited in the embodiment of the present specification.
In implementation, in recent years, a biometric technology has been rapidly developed, and applications of biometric identification have entered into work and life of people, such as face access control in a certain cell, face cash registers in a certain supermarket, fingerprint unlocking of a mobile phone, and the like. However, while the biometric system provides convenience for the user, since the biometric system needs to collect, transmit, process, store and the like the biometric information of the user, the private information of the user (i.e. the biometric information of the user) is in a high-risk state, and once the private information of the user is leaked, the property and information security of the user are greatly threatened.
The privacy protection capability becomes an important capability of a biometric identification system, and in general, privacy protection processing can be performed by means of information encryption, specifically, encryption or rank confusion processing of user biometric information by using simple linear operation, but the above method is simple in operation, single in flow and easy to crack by means of brute force and the like. In addition, privacy protection processing can be performed in a deep learning manner, specifically, privacy protection processing is performed on user biological information by training and using a deep learning model (such as a neural network model, etc.), so as to obtain the user biological information after privacy protection, but since the training of the deep learning model is data-driven, the security capability of the deep learning model is seriously reduced for data types with no or few training sample data in the training sample data. Based on this, it is necessary to provide a technical solution for biometric identification of a user with higher security and stronger privacy protection capability. The embodiment of the present specification provides an implementable technical solution, which may specifically include the following contents:
when a user needs to execute a certain specified service (such as a payment service, a login service, etc.), an execution mechanism of the specified service may be triggered, and before executing the specified service, the identity of the user often needs to be identified, at this time, the terminal device may start a corresponding information acquisition component, such as a fingerprint acquisition component, a camera component, a palm print acquisition component, etc., and may acquire user biological information of the user through the information acquisition component, specifically, may acquire a fingerprint image, a face image, a palm print image, an iris image, etc., of the user. The terminal device may generate a biometric request based on the collected biometric information of the user, and the terminal device may acquire the biometric request.
In step S104, the user biological information is respectively input into an encoder for privacy protection of the user biological information, so as to perform privacy protection processing on the user biological information through the encoder, thereby obtaining user biological information after privacy protection, the encoder is obtained by performing model training in a first model training mode and/or performing model training in a second model training mode, the first model training mode is a mode of performing model training sequentially through training sample data containing difficult sample data and performing model training through multiple sets of countermeasure sample data, and the second model training mode is a mode of performing model training through a plurality of acquired countermeasure features.
The encoder may be a model for performing privacy protection processing on the designated data, and may be constructed by a plurality of different algorithms, for example, the encoder may be constructed by a neural network algorithm, or the encoder may be constructed by a random forest algorithm, and the like, which may be specifically set according to an actual situation, and the embodiment of the present specification does not limit this. The difficult-to-sample data can also be the difficult-to-sample data, and when the label prediction is performed on the difficult-to-sample data through the model, the obtained label information has a larger error (namely, the error is larger than the preset error threshold) with the real label information. The countermeasure sample data may be visually perceptually the same as the original sample data, but the recognition result obtained when the countermeasure sample data is recognized by the pre-trained model is different from the original sample data (or the similarity between the features of the countermeasure sample data and the features of the original sample data is less than a preset threshold, that is, the features of the countermeasure sample data are different or dissimilar from the features of the original sample data). The countermeasure characteristic may be a characteristic obtained by adding disturbance data to the original characteristic, where the disturbance data may include multiple types, for example, specified noise data, random noise data, or other specified data, which may be set according to actual situations, and this is not limited in this specification embodiment. The training sample data may be sample data used to train the encoder.
In implementation, an initial architecture of an encoder may be constructed by a preset algorithm, then, user biological information of different users may be acquired and used as training sample data, where the training sample data may include hard sample data and simple sample data, then, a corresponding loss function may be set, and the encoder may be trained by using the acquired user biological information and the loss function to obtain a trained encoder. In order to improve the generalization capability of the encoder to data, multiple sets of challenge sample data may be acquired again, the encoder after training may continue to train on the above-mentioned trained encoder, and a final encoder after training may be obtained, where multiple sets of challenge sample data may be acquired in multiple different manners, for example, multiple original sample data may be acquired, the original sample data may be input into a pre-trained challenge network model (such as a neural network model, etc.), corresponding challenge sample data may be generated by the challenge network model, a set of challenge sample data composed of the original sample data and the generated challenge sample data may be obtained by the above-mentioned manner, and by analogy, multiple sets of challenge sample data may be obtained, or multiple original sample data may be acquired, then random noise data is generated for each original sample data, and the random noise data is added into the corresponding original sample data, so as to obtain a challenge sample satisfying the property of the challenge sample (i.e., the same as the visual perception of the original sample data, but the recognition result obtained when the challenge sample data is recognized by the pre-trained model is different from the original sample data (or the similarity between the characteristics of the challenge sample data and the original sample data is not the same as the preset threshold), and a specific challenge sample data may be obtained by performing a set on the multiple sets of the original sample data, and thus, the actual challenge sample data may be performed on the set.
In addition, the encoder may be trained by using a countermeasure feature, specifically, a countermeasure feature may be obtained, where the countermeasure feature may be determined based on a feature corresponding to the specified training sample data (for example, adding perturbation data to the feature corresponding to the specified training sample data to obtain a countermeasure feature that meets the property of the countermeasure sample, or may be obtained by using a pre-trained model, and specifically, may be set according to an actual situation. The method comprises the steps of selecting a network layer from the network layers of the encoder as a feature space, inputting the confrontation features into the selected network layer, training the encoder by combining a preset loss function, and obtaining the trained encoder, so that the trained encoder has higher generalization capability on data.
When a biometric identification request is acquired, the user biometric information may be input into the trained encoder, and privacy protection processing is performed on the user biometric information through the encoder, so that sensitive information (such as information of fingerprint lines, clear outline information of a face, and the like) included in the user biometric information is removed or hidden, and finally, the user biometric information after privacy protection output by the encoder may be obtained.
In step S106, biometric recognition processing is performed on the target user based on the privacy-protected user biometric information.
In implementation, similarity calculation may be performed on the determined privacy-protected user biological information and reference user biological information (which may not include sensitive information, that is, information after desensitization) pre-stored in a local (or server), if the obtained similarity value is greater than a preset similarity threshold, the result of performing biological identification processing on the target user is a pass result, at this time, designated service processing may be continued, and if the obtained similarity value is less than the preset similarity threshold, the result of performing biological identification processing on the target user is a failure result, the designated service processing is terminated.
The embodiment of the specification provides a biometric processing method, which includes acquiring a biometric request of a target user, wherein the biometric request includes user biometric information of the target user; respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and performing privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by performing model training through a first model training mode and/or performing model training through a second model training mode, the first model training mode is a mode of performing model training sequentially through training sample data containing difficult sample data and performing model training through multiple groups of confrontation sample data, and the second model training mode is a mode of performing model training through a plurality of pre-obtained confrontation features; the biological recognition processing is carried out on the target user based on the user biological information after privacy protection, so, on one hand, the anti-noise data is added on the known sample data, the robustness and the safety capability of the encoder are enabled to be stronger, on the other hand, the anti-feature sampling processing is added in the feature space, the unknown data simulating outofdistribution is mined, the generalization capability of the encoder on the unknown data is enabled to be obviously improved, the comprehensive coverage on the data of various different types can be achieved, the problem of middle and long tails does not exist in the data any more, and the problem of algorithm discrimination is avoided.
Example two
As shown in fig. 2, an execution subject of the method may be a terminal device or a server, where the terminal device may be a certain terminal device such as a mobile phone and a tablet computer, a computer device such as a notebook computer or a desktop computer, or an IoT device (specifically, a smart watch, a vehicle-mounted device, etc.). The server may be an independent server, or a server cluster formed by a plurality of servers, and the server may be a background server of financial service or online shopping service, or a background server of an application program. The method may specifically comprise the steps of:
in step S202, training sample data including difficult sample data is acquired, where the training sample data includes user biological information of a user.
The training sample data may include a plurality of training sample data, and the plurality of training sample data may be formed by user biological information of the same user, or may be formed by user biological information of a plurality of different users, which may be specifically set according to actual conditions.
In implementation, the user biological information of the user may be obtained from a plurality of different users with the user's consent, or the user biological information of the user may be obtained from a specified database, and the like, which may be set according to actual situations. In addition, the acquired user biological information can be classified, the obtained label information and the real label information have larger error when the user biological information is subjected to label prediction through a model, the part of the user biological information can be marked as difficult sample data, the remaining user biological information can be used as simple sample data, a certain amount of difficult sample data can be selected from the difficult sample data based on the combination requirement of the difficult sample data and the simple sample data in the training sample data (if the ratio of the difficult sample data to the simple sample data is 1 or 1, and the like), and a corresponding amount of simple sample data can be selected from the simple sample data, and the selected difficult sample data with the certain amount of the simple sample data can be combined into the training sample data.
In step S204, performing joint training on the encoder, the decoder, and the difficult sample discriminator through training sample data and a preset first loss function to obtain an encoder after initial training, a decoder after initial training, and a difficult sample discriminator after initial training, where the decoder is configured to restore the training sample data after privacy protection, and the difficult sample discriminator is configured to determine whether the training sample data processed by the encoder satisfies a condition corresponding to the difficult sample data.
The first loss function may be determined in a plurality of different manners, for example, corresponding loss functions may be set based on the encoder, the decoder, and the hard sample discriminator, or a loss function corresponding to input data and final output data may be set again, or an appropriate loss function may be set for the joint training according to an actual situation, and may be specifically set according to an actual situation, which is not limited in this embodiment of the present specification. The condition corresponding to the difficult-to-sample data may refer to whether the determined object is the difficult-to-sample data, that is, the condition that needs to be satisfied when the determined object is the difficult-to-sample data, and the condition may specifically be set according to an actual situation, for example, when the tag prediction is performed on the determined object through a model, the error between the obtained tag information and the actual tag information is large, and the condition is not limited in the embodiment of the present specification.
In implementation, hard sample data and easy sample data in training sample data may be respectively input to an encoder to obtain output data (i.e., training sample data after privacy protection), a decoder may be used to perform restoration processing on the output data, and a hard sample discriminator may determine whether the training sample data processed by the encoder satisfies a condition corresponding to the hard sample data, then a corresponding loss value may be calculated through a first loss function, and may determine whether the encoder, the decoder, and the hard sample discriminator converge based on the calculated loss value, if so, the encoder after initial training, the decoder after initial training, and the hard sample discriminator after initial training may be obtained, and if not, the encoder after initial training, the decoder, and the hard sample discriminator may continue to be trained based on the training sample data until the encoder, the decoder, and the hard sample discriminator converge, thereby obtaining the encoder after initial training, the decoder after initial training, and the hard sample discriminator after initial training.
The specific processing manner of step S204 may be various, and an alternative processing manner is provided below, and may specifically include the following processing from step A2 to step A8.
In step A2, training sample data is input into the encoder, and training sample data after privacy protection is obtained.
In step A4, the training sample data after privacy protection is input to a decoder corresponding to the encoder, so that the training sample data after privacy protection is restored by the decoder to obtain reconstructed training sample data.
In step A6, the training sample data after privacy protection is input into the difficult sample discriminator, so that whether the training sample data after privacy protection meets the condition corresponding to the difficult sample data is judged by the difficult sample discriminator, and a corresponding judgment result is obtained.
In step A8, based on the training sample data, the training sample data after privacy protection, the reconstructed training sample data, the determination result, and the preset first loss function, it is determined whether the encoder, the decoder, and the hard sample discriminator are converged, and if not, the training sample data including the hard sample data is obtained, and model training is continuously performed on the encoder, the decoder, and the hard sample discriminator until the encoder, the decoder, and the hard sample discriminator are converged, so as to obtain the encoder after initial training, the decoder after initial training, and the hard sample discriminator after initial training.
Wherein, the first loss function is determined by a maximum value of similarity between the training sample data after privacy protection and the training sample data, a characteristic of whether the training sample data after privacy protection includes the identity information of the user, and a preset classification sub-loss function, specifically, lt = L 1 (I,It)+L 2 (It,Ir)+L 3 (p, y), wherein I represents training sample data, it represents training sample data after privacy protection, ir represents reconstructed training sample data, lt represents a first loss function corresponding to the training sample data, p and y respectively represent categories obtained after classification, and L 1 (I, it) ensures the effect of privacy protection, so that the training sample data after privacy protection is inconsistent with the training sample data in vision as much as possible, and L 2 (I, ir) ensures that the training sample data after privacy protection still contains the characteristics of identity information and the like, so that the original training sample data, L, can be well recovered 3 And (p, y) can be a two-classification sub-loss function and is used for distinguishing whether the training sample data after privacy protection is difficult to sample data (the privacy protection effect of the difficult-to-sample data is poor, and the difficult-to-sample data is easily broken by other people). The encoder and decoder can be constructed in many different ways, for example, it can be constructed based on U-Net, the U-Net is constructed by full-connection network, the U-Net presents a structure similar to letter "U", it is composed of compression channel (compressing Path) on left half and expansion channel (expanding Path) on right half, the compression channel can be constructed by convolution neural network, the structure of 2 convolution layers and 1 maximization layer can be adopted repeatedly, the dimension of data will increase after each pooling operation. In the expansion channel, firstly carrying out deconvolution operation for 1 time to reduce the dimension of the data by half, then splicing the data and cutting the corresponding compression channel to obtain corresponding characteristic data, reconstructing new characteristic data based on the characteristic data, and then adopting 2 convolution layersThe method comprises the steps of carrying out feature extraction, repeating the structure, mapping feature data with high dimensionality into output data with low dimensionality by using 2 convolution layers on a final output layer, wherein U-Net can be divided into an up-sampling part and a down-sampling part, the down-sampling part mainly extracts feature information in the data by using continuous convolution pooling layers and maps the feature information to the high dimensionality step by step, the feature information which is rich in the whole data exists in the highest dimensionality of the whole network, the U-Net can directly carry out pooling processing on the data and directly up-samples the data to the output data with the same size as the original data, the high dimensionality features are mapped to the low dimensionality again through deconvolution processing, data with the same dimensionality in a down-shrinking network with the same dimensionality is fused in the mapping process in order to enhance the segmentation precision, the convolution processing needs to be carried out again because the dimensionality is changed into 2 times of the original dimensionality in the fusion process, and the dimensionality is ensured to be the same as the dimensionality before the fusion operation, so that the data with the same dimensionality can be output with the original dimensionality after the deconvolution processing again, and the original data can be output data with the original dimensionality at the same time, and the original data can be output data at the same time. The structure of the encoder and the decoder in this embodiment may be formed by U-nets of a certain number of network layers, specifically, for example, may be formed by U-nets having 8 or 10 network layers, and may be specifically set according to actual situations. For another example, the MLP may be constructed by a multi-layer perceptron MLP, in which besides an input layer and an output layer, there may be a plurality of hidden layers in the middle of the MLP, the simplest MLP only includes one hidden layer, i.e. a three-layer structure, the layers of the MLP are all connected, the lowest layer of the MLP is the input layer, the middle is the hidden layer, and finally the output layer. The encoder and the decoder may be specifically constructed by a three-layer MLP, and may be specifically set according to actual situations. The hard sample discriminator can be constructed through a specified classification algorithm, such as a binary classification algorithm and the like, and a proper classification algorithm or a binary classification algorithm and the like can be selected according to actual conditions.
In implementation, training sample data can be obtained, the training sample data can be input into the encoder to obtain the training sample data after privacy protection, the training sample data after privacy protection can be input into the decoder to obtain reconstructed training sample data, meanwhile, the training sample data after privacy protection can be input into the difficult sample discriminator to obtain a judgment result of whether the training sample data after privacy protection is the difficult sample data. The decoder can also be constructed based on U-Net or MLP, input data of the decoder is training sample data after privacy protection, and output data is reconstructed original training sample data. Then, based on the judgment result of whether the training sample data, the training sample data after privacy protection, the reconstructed training sample data and the training sample data after privacy protection are the difficult sample data, whether the encoder, the decoder and the difficult sample discriminator are converged is determined through a preset first loss function, if not, the training sample data is obtained, and the encoder, the decoder and the difficult sample discriminator are continuously trained until the encoder, the decoder and the difficult sample discriminator are converged, so that the encoder after initial training, the decoder after initial training and the difficult sample discriminator after initial training are obtained.
In step S206, a set of challenge sample data is generated and marked as challenge sample data.
The specific processing mode for generating a set of challenge sample data may include multiple types, and may be specifically set according to an actual situation. An alternative processing method is provided below, and specifically, the processing method may include the following steps B2 to B6.
In step B2, first sample data is acquired.
In an implementation, the first sample data may be any acquired sample data, and in practical applications, the first sample data may include all or part of the sample data in the training sample data, or may be sample data different from the training sample data.
In step B4, the first sample data is input into the encoder after the initial training, the output data of the encoder after the initial training is respectively input into the decoder after the initial training and the hard sample discriminator after the initial training, and the countermeasure sample data corresponding to the first sample data is obtained by using a preset optimization algorithm to maximize the first loss function and minimize the preset regularization term of the multi-norm constraint.
The optimization algorithm may include multiple algorithms, such as a random gradient descent SGD algorithm, a gradient descent algorithm, and the like, and may be specifically set according to an actual situation.
In implementation, the mining of the countermeasure sample data may be performed based on a multi-norm constraint that maximizes the first loss function, and specifically, an optimization objective may be set in advance: the first loss function is maximized, i.e. mining can make the existing encoder, decoder and hard sample discriminator perform worse, and the corresponding optimization constraint can be: in the process of maximizing the first loss function, the first sample data may collapse or generate abnormal sample data, and in order to avoid the above situation, the optimization constraint may be set by adopting a regularization term of a multi-norm constraint, wherein the regularization term is used for counteracting the noise mask adv For example, the regularization term of the 1-norm constraint requires sparse anti-noise, the regularization term of the 2-norm constraint requires smooth anti-noise, and the like, and the regularization terms of the multiple-norm constraints require noise to have multiple excellent characteristics (such as sparse anti-noise and smooth anti-noise at the same time), which can be specifically referred to the following regularization terms of the multiple-norm constraint:
Figure BDA0003624387900000091
specifically, the first sample data may be input to the encoder after the initial training, the output data of the encoder after the initial training is respectively input to the decoder after the initial training and the hard sample discriminator after the initial training, and the obtained gradient information may be transmitted back to the first sample data by using a regularization term that maximizes the first loss function and minimizes the multi-norm constraint, such as a random gradient descent algorithm, to obtain a mask adv And finally obtainedThe challenge sample data may be as follows:
I adv =I+mask adv
wherein, I adv Representing challenge sample data, I represents first sample data.
In step B6, a set of challenge sample data is generated based on the challenge sample data corresponding to the first sample data and the first sample data.
In step S208, the antagonistic sample data is used to continue model training of the encoder, the decoder, and the difficult sample discriminator, and it is determined whether the determination result output by the difficult sample discriminator meets the preset stability condition, if not, a set of antagonistic sample data is regenerated, and the antagonistic sample data generated again is used to continue model training of the encoder, the decoder, and the difficult sample discriminator until the accuracy of the determination result output by the difficult sample discriminator meets the preset stability condition, so as to obtain a retrained encoder.
The stability condition may include a plurality of conditions, for example, the accuracy of the determination result output by the sample-difficult discriminator changes within a preset accuracy range, or the accuracy of the determination result output by the sample-difficult discriminator tends to a stable value, and the like, which may be specifically set according to an actual situation.
In implementation, the confrontation sample data can be used, through the training process of the step A2 to the step A8, the encoder, the decoder and the difficult sample discriminator are continuously trained, whether the accuracy of the judgment result output by the difficult sample discriminator meets the preset stability condition is judged, if yes, the retrained encoder can be obtained, if not, the treatment of the step B2 to the step B6 can be adopted to generate a group of confrontation sample data again, the mode training can be continuously carried out on the encoder, the decoder and the difficult sample discriminator by using the generated confrontation sample data until the accuracy of the judgment result output by the difficult sample discriminator meets the preset stability condition, and the retrained encoder is obtained.
In practical application, disturbance data can be made in the dimension of sample data so as to mine corresponding countermeasure sample data, the mode is simple and easy to operate, but the generated countermeasure sample data source has higher similarity to the original sample data, so that the promotion of the encoder on the data generalization capability is very limited, and for this purpose, a countermeasure characteristic mining mode for performing countermeasure sampling in a characteristic space is provided, so that models such as the encoder have better generalization coverage on the whole characteristic space, thereby fundamentally solving the generalization problem, and the following related contents can be specifically referred to.
In step S210, a countermeasure feature corresponding to the feature included in the second sample data is acquired, where the countermeasure feature is a feature determined based on the feature included in the second sample data and the first loss function.
In practical applications, the second sample data may include all or part of the training sample data or the first sample data, or may be sample data different from the training sample data or the first sample data.
In an implementation, a feature extraction algorithm may be set in advance, and features included in the second sample data may be obtained by performing feature extraction on the acquired second sample data based on the feature extraction algorithm, or the acquired second sample data may be input to the trained encoder, and features included in the second sample data may be obtained by performing feature extraction on the acquired second sample data by a feature extraction portion in the trained encoder. The noise data can be acquired, the noise data can be added into the features contained in the second sample data to obtain the processed features, the processed features can be input into the encoder, and the decoder and the hard sample discriminator are combined to perform joint training through the first loss function, so that the countermeasure features corresponding to the features contained in the second sample data meeting the preset requirement are selected.
The specific processing manner of step S210 may be various, and an alternative processing manner is provided below, and may specifically include the following processing from step C2 to step C8.
In step C2, second sample data is acquired.
In step C4, target noise data is collected from the noise data satisfying the preset distribution, and the target noise data is added to the features included in the second sample data to obtain the noisy features.
The preset distribution may include multiple kinds, specifically, gaussian distribution and the like, and may be set according to an actual situation, which is not limited in the embodiments of the present specification.
In an implementation, the feature space of the countermeasure feature may be selected from an intermediate network layer of the encoder, the intermediate network layer may be any network layer in the encoder, and the resolution of the intermediate network layer may be [ C, H, W ], where C, H, and W are resolution values of three dimensions of the resolution, respectively. The mean vector may be 0, the covariance matrix may be a diagonal matrix, and gaussian distribution having the same dimension as the feature (or countermeasure feature) included in the second sample data may be selected as the preset distribution, the noise data may be randomly sampled in the noise data of the gaussian distribution to obtain target noise data, and the target noise data may be superimposed on the feature included in the second sample data to obtain a noisy feature.
In step C6, the noisy features are input into the encoder, and the data output from the encoder is input into the decoder and the hard sample discriminator, respectively, to obtain the output data of the decoder and the output data of the hard sample discriminator, and the corresponding loss value is calculated by the first loss function based on the output data of the decoder and the output data of the hard sample discriminator.
In implementation, the network formed by the encoder, the decoder and the hard sample discriminator may be propagated in a forward direction by using the noisy features, that is, the noisy features are input into the encoder, data output by the encoder is input into the decoder and the hard sample discriminator, respectively, output data of the decoder and output data of the hard sample discriminator are obtained, and corresponding loss values are calculated through the first loss function based on the output data of the decoder and the output data of the hard sample discriminator.
In step C8, the countermeasure feature corresponding to the feature included in the second sample data is determined based on the calculated loss value corresponding to the feature included in the second sample data.
In an implementation, a threshold may be set in advance, a difference between the obtained loss value and the loss value corresponding to the feature included in the second sample data (i.e., a difference between the loss function before and after adding the noise data) may be calculated, if the difference is greater than the threshold, the noisy feature may be authenticated as the countermeasure feature corresponding to the feature included in the second sample data, and the process may be performed on each second sample data in the above manner to obtain the countermeasure feature corresponding to the feature included in each second sample data.
In step S212, the second sample data is input into the encoder or the retrained encoder, so as to obtain the features of the preset network layer in the encoder or the retrained encoder.
The preset network layer may be a network layer corresponding to the selected feature space.
In step S214, the countermeasure feature is input into the preset network layer in the encoder or the retrained encoder, so as to obtain the second sample data after privacy protection.
In step S216, the features corresponding to the second sample data after privacy protection are input into the decoder or the decoder after retraining, so as to obtain the reconstructed features of the preset network layer in the encoder or the encoder after retraining.
In step S218, the second sample data after privacy protection is input into a hard sample discriminator to obtain a corresponding determination result.
In step S220, based on the second sample data, the second sample data after privacy protection, the feature of the preset network layer in the encoder or the encoder after retraining, the feature of the reconstruction of the preset network layer in the encoder or the encoder after retraining, the determination result, and the preset second loss function, it is determined whether the encoder, the decoder, and the hard sample discriminator converge, and if not, the antagonistic feature corresponding to the feature included in the third sample data continues model training on the encoder, the decoder, and the hard sample discriminator until the encoder, the decoder, and the hard sample discriminator converge, so as to obtain the encoder after continuing training.
For the specific processing of the steps S212 to S220, reference may be made to the relevant contents of the model training, and details are not repeated here.
Since the challenge features are sampled instead of sample data, the corresponding loss function needs to be redesigned, so that the privacy protection can be trained at the challenge feature level, and for this purpose, the second loss function may be as follows: the second loss function is determined by the maximum value of the similarity between the second sample data after privacy protection and the second sample data, whether the features corresponding to the second sample data after privacy protection include the features of a preset network layer in the encoder or the encoder after retraining, and a preset classification sub-loss function.
Specifically, ls = L 4 (I,It)+L 5 (ft,fr)+L 6 (p, y), where ft represents the feature corresponding to the second sample data after privacy protection, fr represents the reconstructed feature, ls represents the second loss function, p and y represent the classified class, respectively, and L 4 (I, it) ensures the effect of privacy protection, so that the training sample data after privacy protection is inconsistent with the training sample data in vision as much as possible, and L 5 (ft, fr) ensures that the features corresponding to the second sample data after privacy protection still contain the features of the preset network layer in the encoder or the encoder after retraining, so that the features, L, of the preset network layer in the encoder or the encoder after retraining can be well recovered 6 And (p, y) can be a two-classification sub-loss function used for distinguishing whether the second sample data after privacy protection is difficult to sample.
The processing of steps S202 to S220 may be performed by a server, or may be performed by a terminal device, and may be set according to actual conditions.
In step S222, a biometric request of the target user is acquired, the biometric request including user biometric information of the target user.
In implementation, the server may obtain the biometric request of the target user from the terminal device of the target user, please refer to the system architecture diagram shown in fig. 3, or the terminal device of the target user may directly obtain the biometric request triggered by the target user, or the server may directly obtain the biometric request triggered by the target user, and the like, which may be specifically set according to actual situations.
In step S224, the user biological information is respectively input into an encoder for performing privacy protection on the user biological information, so as to perform privacy protection processing on the user biological information through the encoder, and obtain the user biological information after privacy protection.
In step S226, a biometric process is performed on the target user based on the pre-stored reference user biometric information and the privacy-protected user biometric information, and a biometric result of the biometric process performed on the target user is obtained.
In practical applications, besides the above-mentioned method for performing biometric identification processing on a target user based on user biometric information after privacy protection, the method can also be implemented in other various ways, and two alternative processing methods are provided below, which may specifically include a first method and a second method:
the first method is as follows: in the case where the server acquires the biometric request of the target user from the terminal device of the target user, as shown in fig. 4, the processing of steps S202 to S220 may be performed by the server, and then the server acquires the biometric request of the target user from the terminal device of the target user, and the server may perform the processing of steps S222 to S226 to obtain a biometric result of the biometric processing performed on the target user, and may transmit the biometric result to the terminal device of the target user.
The second method comprises the following steps: as shown in fig. 5, the processing of the above steps S202 to S220 may be completed by the server, then the server may send the trained encoder to the terminal device, and after the terminal device receives the encoder, the processing of the above steps S222 to S224 may be executed to obtain the user biological information after privacy protection, and then, the terminal device may execute the following processing of steps D2 and D4 instead of executing the processing of the above step S226:
in step D2, the privacy-protected user biological information is sent to the server, and the privacy-protected user biological information is used to trigger the server to perform biological identification processing on the target user based on the pre-stored reference user biological information and the privacy-protected user biological information.
In step D4, the server receives the biometric result of the biometric process performed on the target user.
Alternatively, the server may complete the processing of steps S202 to S220, and then the server may transmit the trained encoder to the terminal device, and the terminal device may execute the processing of steps S222 to S226 after receiving the encoder.
The embodiment of the specification provides a biometric processing method, which includes acquiring a biometric request of a target user, wherein the biometric request includes user biometric information of the target user; respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and performing privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by performing model training through a first model training mode and/or performing model training through a second model training mode, the first model training mode is a mode of performing model training sequentially through training sample data containing difficult sample data and performing model training through multiple groups of confrontation sample data, and the second model training mode is a mode of performing model training through a plurality of pre-obtained confrontation features; the biological identification processing is carried out to the target user based on user biological information after privacy protection, so, on the one hand, add the anti-noise data on known sample data, make the robustness and the security ability of encoder itself stronger, on the other hand, increase anti-feature sampling processing in the feature space, excavate the unknown data of analog outofdistribution, make the encoder obviously promote to the generalization ability of unknown data, thereby can realize the comprehensive coverage to the data of various different grade types, make the long tail problem no longer exist in the data, the emergence of algorithm discrimination problem has been avoided.
EXAMPLE III
Based on the same idea, embodiments of the present specification further provide a biometric processing apparatus, as shown in fig. 6.
The biometric processing device includes: a request module 601, a first privacy protection module 602, and a biometric module 603, wherein:
a request module 601, configured to obtain a biometric request of a target user, where the biometric request includes user biometric information of the target user;
the first privacy protection module 602 is configured to input the user biological information into an encoder for privacy protection of the user biological information, and perform privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, where the encoder is obtained by performing model training in a first model training mode and/or performing model training in a second model training mode, the first model training mode is a mode in which model training is performed sequentially by training sample data including difficult-to-sample data and by multiple sets of countermeasure sample data, and the second model training mode is a mode in which model training is performed by a plurality of acquired countermeasure features;
and the biometric identification module 603 is configured to perform biometric identification processing on the target user based on the user biometric information after privacy protection.
In this embodiment, the biometric module 603 includes:
the information sending unit is used for sending the privacy-protected user biological information to a server, and the privacy-protected user biological information is used for triggering the server to perform biological identification processing on the target user based on pre-stored reference user biological information and the privacy-protected user biological information;
and the result receiving module is used for receiving the biological identification result which is sent by the server and used for carrying out biological identification processing on the target user.
In this embodiment, the biometric module 603 includes:
the biometric identification unit is used for carrying out biometric identification processing on the target user based on pre-stored reference user biometric information and the user biometric information after privacy protection to obtain a biometric identification result for carrying out biometric identification processing on the target user;
and a result transmitting unit that transmits the biometric result to the terminal device of the target user.
In an embodiment of this specification, the apparatus further includes:
the training sample acquisition module is used for acquiring training sample data containing difficult sample data, wherein the training sample data comprises user biological information of a user;
the primary training module is used for performing combined training on the encoder, the decoder and the difficult sample discriminator through the training sample data and a preset first loss function to obtain the encoder after primary training, the decoder after primary training and the difficult sample discriminator after primary training, the decoder is used for restoring the training sample data after privacy protection, and the difficult sample discriminator is used for judging whether the training sample data processed by the encoder meets the condition corresponding to the difficult sample data;
the challenge sample generation module generates a group of challenge sample data and marks the challenge sample data as difficult sample data;
and the retraining module is used for continuing model training on the encoder, the decoder and the difficult sample discriminator by using the confrontation sample data, judging whether the accuracy of the judgment result output by the difficult sample discriminator meets a preset stability condition, if not, regenerating a group of confrontation sample data, and continuing model training on the encoder, the decoder and the difficult sample discriminator by using the regenerated confrontation sample data until the accuracy of the judgment result output by the difficult sample discriminator meets the stability condition, so as to obtain the retrained encoder.
In an embodiment of this specification, the primary training module includes:
the coding unit is used for inputting the training sample data into the coder to obtain the training sample data after privacy protection;
the decoding unit is used for inputting the training sample data after the privacy protection into a decoder corresponding to the encoder so as to restore the training sample data after the privacy protection through the decoder to obtain reconstructed training sample data;
the difficult sample distinguishing unit is used for inputting the training sample data after privacy protection into a difficult sample distinguisher so as to judge whether the training sample data after privacy protection meets the condition corresponding to the difficult sample data through the difficult sample distinguisher and obtain a corresponding judgment result;
and the primary training unit is used for determining whether the encoder, the decoder and the difficult sample discriminator are converged or not based on the training sample data, the training sample data after privacy protection, the reconstructed training sample data, the judgment result and a preset first loss function, if not, acquiring the training sample data containing the difficult sample data, and continuing to perform model training on the encoder, the decoder and the difficult sample discriminator until the encoder, the decoder and the difficult sample discriminator are converged to obtain the encoder after the primary training, the decoder after the primary training and the difficult sample discriminator after the primary training.
In an embodiment of the present specification, the first loss function is determined by a maximum value of a similarity between the training sample data after privacy protection and the training sample data, a feature of whether the training sample data after privacy protection includes identity information of a user, and a preset classification sub-loss function.
In an embodiment of the present specification, the confrontation sample generation module includes:
a first sample acquisition unit that acquires first sample data;
a countermeasure sample determination unit, configured to input the first sample data into an encoder after initial training, input output data of the encoder after initial training into a decoder after initial training and a hard sample discriminator after initial training, and obtain countermeasure sample data corresponding to the first sample data by using a preset optimization algorithm to maximize the first loss function and minimize a preset regularization term of multi-norm constraint;
and the countermeasure sample generation unit generates a group of countermeasure sample data based on the countermeasure sample data corresponding to the first sample data and the first sample data.
In the embodiment of this specification, the method further includes:
the countermeasure characteristic acquisition module is used for acquiring countermeasure characteristics corresponding to the characteristics contained in the second sample data, wherein the countermeasure characteristics are determined based on the characteristics contained in the second sample data and the first loss function;
the characteristic extraction module is used for inputting the second sample data into the encoder or the retrained encoder to obtain the characteristics of a preset network layer in the encoder or the retrained encoder;
the encoding module is used for inputting the confrontation characteristics into a preset network layer in the encoder or the retrained encoder to obtain second sample data after privacy protection;
the decoding module is used for inputting the second sample data after the privacy protection into a decoder or the decoder after retraining to obtain the reconstruction characteristics of a preset network layer in the encoder or the encoder after retraining;
the distinguishing module is used for inputting the second sample data after the privacy protection into a difficult sample distinguishing device to obtain a corresponding judgment result;
and the continuous training module is used for determining whether the encoder, the decoder and the difficult sample discriminator are converged or not based on the second sample data, the second sample data after privacy protection, the characteristic corresponding to the second sample data after privacy protection, the reconstruction characteristic of a preset network layer in the encoder or the encoder after retraining, the judgment result and a preset second loss function, and if not, the antagonistic characteristic corresponding to the characteristic contained in the third sample data continues to perform model training on the encoder, the decoder and the difficult sample discriminator until the encoder, the decoder and the difficult sample discriminator are converged to obtain the encoder after continuous training.
In an embodiment of this specification, the second loss function is determined by a maximum value of a similarity between the second sample data after privacy protection and the second sample data, whether a feature corresponding to the second sample data after privacy protection includes a feature of a preset network layer in the encoder or the encoder after retraining, and a preset classification sub-loss function.
In an embodiment of the present specification, the countermeasure characteristic acquisition module includes:
a second sample acquiring unit that acquires second sample data;
the noise adding unit is used for acquiring target noise data from the noise data meeting the preset distribution and adding the target noise data into the characteristics contained in the second sample data to obtain noisy characteristics;
a loss determining unit, configured to input the noisy features into the encoder, input data output by the encoder into the decoder and the hard sample discriminator, respectively, obtain output data of the decoder and output data of the hard sample discriminator, and calculate corresponding loss values through the first loss function based on the output data of the decoder and the output data of the hard sample discriminator;
and the confrontation feature acquisition unit is used for determining the confrontation features corresponding to the features contained in the second sample data based on the calculated loss value and the loss value corresponding to the features contained in the second sample data.
The embodiment of the specification provides a biometric processing device, which obtains a biometric request of a target user, wherein the biometric request comprises user biometric information of the target user; respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and performing privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by performing model training in a first model training mode and/or performing model training in a second model training mode, the first model training mode is a mode of performing model training sequentially through training sample data containing difficult sample data and performing model training through multiple groups of countermeasure sample data, and the second model training mode is a mode of performing model training through a plurality of acquired countermeasure characteristics; the biological identification processing is carried out to the target user based on user biological information after privacy protection, so, on the one hand, add the anti-noise data on known sample data, make the robustness and the security ability of encoder itself stronger, on the other hand, increase anti-feature sampling processing in the feature space, excavate the unknown data of analog outofdistribution, make the encoder obviously promote to the generalization ability of unknown data, thereby can realize the comprehensive coverage to the data of various different grade types, make the long tail problem no longer exist in the data, the emergence of algorithm discrimination problem has been avoided.
Example four
Based on the same idea, the biometric processing device provided in the embodiment of the present specification further provides a biometric processing apparatus, as shown in fig. 7.
The biometric processing device may provide a terminal device or a server or the like for the above-described embodiments.
The biometric processing device may vary significantly depending on configuration or performance, and may include one or more processors 701 and memory 702, where one or more stored applications or data may be stored in memory 702. Memory 702 may be, among other things, transient storage or persistent storage. The application program stored in memory 702 may include one or more modules (not shown), each of which may include a series of computer-executable instructions for the biometric processing device. Still further, the processor 701 may be configured to communicate with the memory 702 to execute a series of computer-executable instructions in the memory 702 on the biometric processing device. The biometric processing device may also include one or more power sources 703, one or more wired or wireless network interfaces 704, one or more input-output interfaces 705, and one or more keyboards 706.
In particular, in this embodiment, the biometric processing device includes a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions for the biometric processing device, and the one or more programs configured to be executed by the one or more processors include computer-executable instructions for:
acquiring a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user;
respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and performing privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by performing model training in a first model training mode and/or performing model training in a second model training mode, the first model training mode is a mode of performing model training sequentially through training sample data containing difficult sample data and performing model training through multiple sets of countermeasure sample data, and the second model training mode is a mode of performing model training through a plurality of acquired countermeasure characteristics;
and carrying out biological identification processing on the target user based on the user biological information after privacy protection.
In an embodiment of this specification, the performing, by the target user, biometric identification processing based on the user biometric information after privacy protection includes:
sending the user biological information after privacy protection to a server, wherein the user biological information after privacy protection is used for triggering the server to perform biological identification processing on the target user based on pre-stored reference user biological information and the user biological information after privacy protection;
and receiving a biological identification result which is sent by the server and used for carrying out biological identification processing on the target user.
In an embodiment of this specification, the performing, by the target user, biometric identification processing based on the user biometric information after privacy protection includes:
performing biometric identification processing on the target user based on pre-stored reference user biometric information and the user biometric information after privacy protection to obtain a biometric identification result of performing biometric identification processing on the target user;
and sending the biological identification result to the terminal equipment of the target user.
In the embodiment of this specification, the method further includes:
acquiring training sample data containing difficult sample data, wherein the training sample data comprises user biological information of a user;
performing joint training on the encoder, the decoder and the difficult sample discriminator through the training sample data and a preset first loss function to obtain the encoder after initial training, the decoder after initial training and the difficult sample discriminator after initial training, wherein the decoder is used for restoring the training sample data after privacy protection, and the difficult sample discriminator is used for judging whether the training sample data after being processed by the encoder meets the condition corresponding to the difficult sample data;
generating a group of challenge sample data, and marking the challenge sample data as difficult sample data;
and continuing model training on the encoder, the decoder and the difficult sample discriminator by using the confrontation sample data, judging whether the accuracy of a judgment result output by the difficult sample discriminator meets a preset stability condition, if not, regenerating a group of confrontation sample data, continuing model training on the encoder, the decoder and the difficult sample discriminator by using the regenerated confrontation sample data until the accuracy of the judgment result output by the difficult sample discriminator meets the stability condition, and obtaining the retrained encoder.
In an embodiment of this specification, the jointly training the encoder, the decoder, and the hard sample discriminator through the training sample data and a preset first loss function to obtain the encoder after the initial training, the decoder after the initial training, and the hard sample discriminator after the initial training includes:
inputting the training sample data into the encoder to obtain training sample data after privacy protection;
inputting the training sample data after privacy protection to a decoder corresponding to the encoder, and restoring the training sample data after privacy protection through the decoder to obtain reconstructed training sample data;
inputting the training sample data after privacy protection into a difficult sample discriminator, and judging whether the training sample data after privacy protection meets the condition corresponding to the difficult sample data through the difficult sample discriminator to obtain a corresponding judgment result;
and determining whether the encoder, the decoder and the hard sample discriminator are converged or not based on the training sample data, the training sample data after privacy protection, the reconstructed training sample data, the judgment result and a preset first loss function, if not, acquiring the training sample data containing the hard sample data, and continuing to perform model training on the encoder, the decoder and the hard sample discriminator until the encoder, the decoder and the hard sample discriminator are converged to obtain an encoder after initial training, a decoder after initial training and a hard sample discriminator after initial training.
In an embodiment of this specification, the first loss function is determined by a maximum value of a similarity between the training sample data after privacy protection and the training sample data, a characteristic of whether the training sample data after privacy protection includes the identity information of the user, and a preset classification sub-loss function.
In an embodiment of the present specification, the generating a set of countermeasure sample data includes:
acquiring first sample data;
inputting the first sample data into an encoder after primary training, respectively inputting output data of the encoder after primary training into a decoder after primary training and a hard sample discriminator after primary training, and maximizing the first loss function and minimizing a regularization term of preset multi-norm constraint by using a preset optimization algorithm to obtain countermeasure sample data corresponding to the first sample data;
generating a set of challenge sample data based on the challenge sample data corresponding to the first sample data and the first sample data.
In the embodiment of this specification, the method further includes:
acquiring countermeasure characteristics corresponding to characteristics contained in second sample data, wherein the countermeasure characteristics are characteristics determined based on the characteristics contained in the second sample data and the first loss function;
inputting the second sample data into the encoder or the retrained encoder to obtain the characteristics of a preset network layer in the encoder or the retrained encoder;
inputting the confrontation characteristic into a preset network layer in the encoder or the retrained encoder to obtain second sample data after privacy protection;
inputting the second sample data after privacy protection into a decoder or the decoder after retraining to obtain the reconstruction characteristics of a preset network layer in the encoder or the encoder after retraining;
inputting the second sample data after privacy protection into a difficult sample discriminator to obtain a corresponding judgment result;
determining whether the encoder, the decoder and the difficult sample discriminator are converged or not based on the second sample data, the second sample data after privacy protection, the features corresponding to the second sample data after privacy protection, the reconstructed features of a preset network layer in the encoder or the encoder after retraining, the judgment result and a preset second loss function, if not, continuing model training on the encoder, the decoder and the difficult sample discriminator by using confrontation features corresponding to the features contained in the third sample data until the encoder, the decoder and the difficult sample discriminator are converged, and obtaining the encoder after continuous training.
In an embodiment of this specification, the second loss function is determined by a maximum value of a similarity between the second sample data after privacy protection and the second sample data, whether a feature corresponding to the second sample data after privacy protection includes a feature of a preset network layer in the encoder or the encoder after retraining, and a preset classification sub-loss function.
In an embodiment of this specification, the obtaining countermeasure features corresponding to features included in the second sample data includes:
acquiring second sample data;
acquiring target noise data from the noise data meeting the preset distribution, and adding the target noise data into the features contained in the second sample data to obtain the noisy features;
inputting the noisy features into the encoder, and inputting data output by the encoder into the decoder and the hard sample discriminator respectively to obtain output data of the decoder and output data of the hard sample discriminator, and calculating corresponding loss values through the first loss function based on the output data of the decoder and the output data of the hard sample discriminator;
determining countermeasure features corresponding to features included in the second sample data based on the calculated loss values corresponding to the features included in the second sample data.
The embodiment of the specification provides a biometric processing device, which obtains a biometric request of a target user, wherein the biometric request comprises user biological information of the target user; respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and performing privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by performing model training through a first model training mode and/or performing model training through a second model training mode, the first model training mode is a mode of performing model training sequentially through training sample data containing difficult sample data and performing model training through multiple groups of confrontation sample data, and the second model training mode is a mode of performing model training through a plurality of pre-obtained confrontation features; the biological identification processing is carried out to the target user based on user biological information after privacy protection, so, on the one hand, add the anti-noise data on known sample data, make the robustness and the security ability of encoder itself stronger, on the other hand, increase anti-feature sampling processing in the feature space, excavate the unknown data of analog outofdistribution, make the encoder obviously promote to the generalization ability of unknown data, thereby can realize the comprehensive coverage to the data of various different grade types, make the long tail problem no longer exist in the data, the emergence of algorithm discrimination problem has been avoided.
EXAMPLE five
Further, based on the methods shown in fig. 1 to fig. 5, one or more embodiments of the present specification further provide a storage medium for storing computer-executable instruction information, in a specific embodiment, the storage medium may be a usb disk, an optical disk, a hard disk, or the like, and when the storage medium stores the computer-executable instruction information, the storage medium implements the following processes:
acquiring a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user;
respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and performing privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by performing model training through a first model training mode and/or performing model training through a second model training mode, the first model training mode is a mode of performing model training through training sample data containing difficult sample data and performing model training through multiple groups of confrontation sample data in sequence, and the second model training mode is a mode of performing model training through a plurality of pre-obtained confrontation features;
and carrying out biological identification processing on the target user based on the user biological information after privacy protection.
In an embodiment of this specification, the performing, by the target user, biometric identification processing based on the user biometric information after privacy protection includes:
sending the user biological information after privacy protection to a server, wherein the user biological information after privacy protection is used for triggering the server to perform biological identification processing on the target user based on pre-stored reference user biological information and the user biological information after privacy protection;
and receiving a biological identification result which is sent by the server and used for carrying out biological identification processing on the target user.
In an embodiment of this specification, the performing, by the target user, biometric identification processing based on the user biometric information after privacy protection includes:
performing biometric recognition processing on the target user based on pre-stored reference user biometric information and the user biometric information after privacy protection to obtain a biometric recognition result for performing biometric recognition processing on the target user;
and sending the biological recognition result to the terminal equipment of the target user.
In the embodiment of this specification, the method further includes:
acquiring training sample data containing difficult sample data, wherein the training sample data comprises user biological information of a user;
performing joint training on the encoder, the decoder and the difficult sample discriminator through the training sample data and a preset first loss function to obtain an encoder after initial training, a decoder after initial training and a difficult sample discriminator after initial training, wherein the decoder is used for restoring the training sample data after privacy protection, and the difficult sample discriminator is used for judging whether the training sample data processed by the encoder meets the condition corresponding to the difficult sample data;
generating a group of challenge sample data, and marking the challenge sample data as difficult sample data;
and continuing to perform model training on the encoder, the decoder and the difficult sample discriminator by using the antagonistic sample data, judging whether the accuracy of the judgment result output by the difficult sample discriminator meets a preset stability condition, if not, regenerating a group of antagonistic sample data, and continuing to perform model training on the encoder, the decoder and the difficult sample discriminator by using the regenerated antagonistic sample data until the accuracy of the judgment result output by the difficult sample discriminator meets the stability condition to obtain a retrained encoder.
In an embodiment of this specification, the jointly training the encoder, the decoder, and the hard sample discriminator through the training sample data and a preset first loss function to obtain the encoder after the initial training, the decoder after the initial training, and the hard sample discriminator after the initial training includes:
inputting the training sample data into the encoder to obtain training sample data after privacy protection;
inputting the training sample data after privacy protection to a decoder corresponding to the encoder, and restoring the training sample data after privacy protection through the decoder to obtain reconstructed training sample data;
inputting the training sample data after privacy protection into a difficult sample distinguisher, and judging whether the training sample data after privacy protection meets the conditions corresponding to the difficult sample data through the difficult sample distinguisher to obtain a corresponding judgment result;
and determining whether the encoder, the decoder and the hard sample discriminator are converged or not based on the training sample data, the training sample data after privacy protection, the reconstructed training sample data, the judgment result and a preset first loss function, if not, acquiring the training sample data containing the hard sample data, and continuing to perform model training on the encoder, the decoder and the hard sample discriminator until the encoder, the decoder and the hard sample discriminator are converged to obtain an encoder after initial training, a decoder after initial training and a hard sample discriminator after initial training.
In an embodiment of this specification, the first loss function is determined by a maximum value of a similarity between the training sample data after privacy protection and the training sample data, a characteristic of whether the training sample data after privacy protection includes the identity information of the user, and a preset classification sub-loss function.
In an embodiment of the present specification, the generating a set of countermeasure sample data includes:
acquiring first sample data;
inputting the first sample data into an encoder after primary training, respectively inputting output data of the encoder after primary training into a decoder after primary training and a hard sample discriminator after primary training, and maximizing the first loss function and minimizing a regularization term of preset multi-norm constraint by using a preset optimization algorithm to obtain countermeasure sample data corresponding to the first sample data;
generating a set of challenge sample data based on the challenge sample data corresponding to the first sample data and the first sample data.
In the embodiment of this specification, the method further includes:
acquiring countermeasure characteristics corresponding to characteristics contained in second sample data, wherein the countermeasure characteristics are characteristics determined based on the characteristics contained in the second sample data and the first loss function;
inputting the second sample data into the encoder or the retrained encoder to obtain the characteristics of a preset network layer in the encoder or the retrained encoder;
inputting the confrontation features into a preset network layer in the encoder or the retrained encoder to obtain second sample data after privacy protection;
inputting the second sample data after privacy protection into a decoder or the decoder after retraining to obtain the reconstruction characteristics of a preset network layer in the encoder or the encoder after retraining;
inputting the second sample data after privacy protection into a difficult sample discriminator to obtain a corresponding judgment result;
determining whether the encoder, the decoder and the difficult sample discriminator are converged or not based on the second sample data, the second sample data after privacy protection, the features corresponding to the second sample data after privacy protection, the reconstructed features of a preset network layer in the encoder or the encoder after retraining, the judgment result and a preset second loss function, if not, continuing model training on the encoder, the decoder and the difficult sample discriminator by using confrontation features corresponding to the features contained in the third sample data until the encoder, the decoder and the difficult sample discriminator are converged, and obtaining the encoder after continuous training.
In an embodiment of this specification, the second loss function is determined by a maximum value of a similarity between the second sample data after privacy protection and the second sample data, whether a feature corresponding to the second sample data after privacy protection includes a feature of a preset network layer in the encoder or the encoder after retraining, and a preset classification sub-loss function.
In an embodiment of this specification, the obtaining of countermeasure features corresponding to features included in second sample data includes:
acquiring second sample data;
acquiring target noise data from the noise data meeting the preset distribution, and adding the target noise data into the features contained in the second sample data to obtain the noisy features;
inputting the noisy features into the encoder, and inputting data output by the encoder into the decoder and the hard sample discriminator respectively to obtain output data of the decoder and output data of the hard sample discriminator, and calculating corresponding loss values through the first loss function based on the output data of the decoder and the output data of the hard sample discriminator;
and determining the confrontation features corresponding to the features contained in the second sample data based on the loss values obtained by calculation and the loss values corresponding to the features contained in the second sample data.
The embodiment of the specification provides a storage medium, which is used for acquiring a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user; respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and performing privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by performing model training through a first model training mode and/or performing model training through a second model training mode, the first model training mode is a mode of performing model training sequentially through training sample data containing difficult sample data and performing model training through multiple groups of confrontation sample data, and the second model training mode is a mode of performing model training through a plurality of pre-obtained confrontation features; the biological identification processing is carried out to the target user based on user biological information after privacy protection, so, on the one hand, add the anti-noise data on known sample data, make the robustness and the security ability of encoder itself stronger, on the other hand, increase anti-feature sampling processing in the feature space, excavate the unknown data of analog outofdistribution, make the encoder obviously promote to the generalization ability of unknown data, thereby can realize the comprehensive coverage to the data of various different grade types, make the long tail problem no longer exist in the data, the emergence of algorithm discrimination problem has been avoided.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as ABEL (Advanced Boolean Expression Language), AHDL (alternate Hardware Description Language), traffic, CUPL (core universal Programming Language), HDCal, jhddl (Java Hardware Description Language), lava, lola, HDL, PALASM, rhyd (Hardware Description Language), and vhigh-Language (Hardware Description Language), which is currently used in most popular applications. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium that stores computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in purely computer readable program code means, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, apparatuses, modules or units described in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present description are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable fraud case serial-parallel apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable fraud case serial-parallel apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable fraud case to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable fraud case series of parallel devices to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or apparatus comprising the element.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present disclosure, and is not intended to limit the present disclosure. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.

Claims (13)

1. A biometric processing method, the method comprising:
acquiring a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user;
respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and performing privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by performing model training through a first model training mode and/or performing model training through a second model training mode, the first model training mode is a mode of performing model training through training sample data containing difficult sample data and performing model training through multiple groups of confrontation sample data in sequence, and the second model training mode is a mode of performing model training through a plurality of pre-obtained confrontation features;
and carrying out biological identification processing on the target user based on the user biological information after privacy protection.
2. The method of claim 1, wherein the biometric identification of the target user based on the privacy-protected user biometric information comprises:
sending the user biological information after privacy protection to a server, wherein the user biological information after privacy protection is used for triggering the server to perform biological identification processing on the target user based on pre-stored reference user biological information and the user biological information after privacy protection;
and receiving a biological identification result which is sent by the server and used for carrying out biological identification processing on the target user.
3. The method of claim 1, wherein the biometric identification of the target user based on the privacy-protected user biometric information comprises:
performing biometric identification processing on the target user based on pre-stored reference user biometric information and the user biometric information after privacy protection to obtain a biometric identification result of performing biometric identification processing on the target user;
and sending the biological recognition result to the terminal equipment of the target user.
4. The method of claim 1, further comprising:
acquiring training sample data containing difficult sample data, wherein the training sample data comprises user biological information of a user;
performing joint training on the encoder, the decoder and the difficult sample discriminator through the training sample data and a preset first loss function to obtain an encoder after initial training, a decoder after initial training and a difficult sample discriminator after initial training, wherein the decoder is used for restoring the training sample data after privacy protection, and the difficult sample discriminator is used for judging whether the training sample data processed by the encoder meets the condition corresponding to the difficult sample data;
generating a group of challenge sample data, and marking the challenge sample data as difficult sample data;
and continuing model training on the encoder, the decoder and the difficult sample discriminator by using the confrontation sample data, judging whether the accuracy of a judgment result output by the difficult sample discriminator meets a preset stability condition, if not, regenerating a group of confrontation sample data, continuing model training on the encoder, the decoder and the difficult sample discriminator by using the regenerated confrontation sample data until the accuracy of the judgment result output by the difficult sample discriminator meets the stability condition, and obtaining the retrained encoder.
5. The method according to claim 4, wherein jointly training the encoder, the decoder and the hard sample discriminator through the training sample data and a preset first loss function to obtain an initially trained encoder, an initially trained decoder and an initially trained hard sample discriminator, comprises:
inputting the training sample data into the encoder to obtain training sample data after privacy protection;
inputting the training sample data after privacy protection to a decoder corresponding to the encoder, and restoring the training sample data after privacy protection through the decoder to obtain reconstructed training sample data;
inputting the training sample data after privacy protection into a difficult sample discriminator, and judging whether the training sample data after privacy protection meets the condition corresponding to the difficult sample data through the difficult sample discriminator to obtain a corresponding judgment result;
determining whether the encoder, the decoder and the hard sample discriminator are converged or not based on the training sample data, the training sample data after privacy protection, the reconstructed training sample data, the judgment result and a preset first loss function, if not, obtaining the training sample data containing the hard sample data, and continuing to perform model training on the encoder, the decoder and the hard sample discriminator until the encoder, the decoder and the hard sample discriminator are converged, so as to obtain the encoder after initial training, the decoder after initial training and the hard sample discriminator after initial training.
6. The method according to claim 4 or 5, wherein the first loss function is determined by a maximum value of similarity between the privacy-protected training sample data and the training sample data, a feature of whether identity information of a user is included in the privacy-protected training sample data, and a preset classification sub-loss function.
7. The method of claim 4, the generating a set of challenge sample data, comprising:
acquiring first sample data;
inputting the first sample data into an encoder after primary training, respectively inputting output data of the encoder after primary training into a decoder after primary training and a hard sample discriminator after primary training, and maximizing the first loss function and minimizing a regularization term of preset multi-norm constraint by using a preset optimization algorithm to obtain countermeasure sample data corresponding to the first sample data;
generating a set of challenge sample data based on the challenge sample data corresponding to the first sample data and the first sample data.
8. The method of claim 4, further comprising:
acquiring countermeasure characteristics corresponding to characteristics contained in second sample data, wherein the countermeasure characteristics are characteristics determined based on the characteristics contained in the second sample data and the first loss function;
inputting the second sample data into the encoder or the retrained encoder to obtain the characteristics of a preset network layer in the encoder or the retrained encoder;
inputting the confrontation characteristic into a preset network layer in the encoder or the retrained encoder to obtain second sample data after privacy protection;
inputting the second sample data after privacy protection into a decoder or a retrained decoder to obtain the reconstructed characteristics of a preset network layer in the encoder or the retrained encoder;
inputting the second sample data after privacy protection into a difficult sample discriminator to obtain a corresponding judgment result;
determining whether the encoder, the decoder and the difficult sample discriminator are converged or not based on the second sample data, the second sample data after privacy protection, the features corresponding to the second sample data after privacy protection, the reconstructed features of a preset network layer in the encoder or the encoder after retraining, the judgment result and a preset second loss function, if not, continuing model training on the encoder, the decoder and the difficult sample discriminator by using confrontation features corresponding to the features contained in the third sample data until the encoder, the decoder and the difficult sample discriminator are converged, and obtaining the encoder after continuous training.
9. The method according to claim 8, wherein the second loss function is determined by a maximum value of similarity between the privacy-protected second sample data and the second sample data, whether features corresponding to the privacy-protected second sample data include features of a preset network layer in the encoder or the retrained encoder, and a preset classification sub-loss function.
10. The method of claim 8 or 9, said obtaining countermeasure features corresponding to features contained in second sample data, comprising:
acquiring second sample data;
acquiring target noise data from the noise data meeting the preset distribution, and adding the target noise data into the features contained in the second sample data to obtain the noisy features;
inputting the noisy features into the encoder, and inputting data output by the encoder into the decoder and the hard sample discriminator respectively to obtain output data of the decoder and output data of the hard sample discriminator, and calculating corresponding loss values through the first loss function based on the output data of the decoder and the output data of the hard sample discriminator;
determining countermeasure features corresponding to features included in the second sample data based on the calculated loss values corresponding to the features included in the second sample data.
11. A biometric processing apparatus, the apparatus comprising:
the request module is used for acquiring a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user;
the first privacy protection module is used for respectively inputting the user biological information into an encoder used for privacy protection of the user biological information, so that privacy protection processing is carried out on the user biological information through the encoder to obtain the user biological information after privacy protection, the encoder is obtained through model training in a first model training mode and/or model training in a second model training mode, the first model training mode is a mode of sequentially carrying out model training on training sample data containing difficult sample data and carrying out model training on multiple groups of confrontation sample data, and the second model training mode is a mode of carrying out model training through a plurality of confrontation features acquired in advance;
and the biological identification module is used for carrying out biological identification processing on the target user based on the user biological information after privacy protection.
12. A biometric processing device, the biometric processing device comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
acquiring a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user;
respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and performing privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by performing model training in a first model training mode and/or performing model training in a second model training mode, the first model training mode is a mode of performing model training sequentially through training sample data containing difficult sample data and performing model training through multiple sets of countermeasure sample data, and the second model training mode is a mode of performing model training through a plurality of acquired countermeasure characteristics;
and carrying out biological identification processing on the target user based on the user biological information after privacy protection.
13. A storage medium for storing computer-executable instructions, which when executed by a processor implement the following:
acquiring a biological identification request of a target user, wherein the biological identification request comprises user biological information of the target user;
respectively inputting the user biological information into an encoder for privacy protection of the user biological information, and performing privacy protection processing on the user biological information through the encoder to obtain the user biological information after privacy protection, wherein the encoder is obtained by performing model training through a first model training mode and/or performing model training through a second model training mode, the first model training mode is a mode of performing model training through training sample data containing difficult sample data and performing model training through multiple groups of confrontation sample data in sequence, and the second model training mode is a mode of performing model training through a plurality of pre-obtained confrontation features;
and carrying out biological identification processing on the target user based on the user biological information after privacy protection.
CN202210466431.1A 2022-04-29 2022-04-29 Biological identification processing method, device and equipment Pending CN115577336A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210466431.1A CN115577336A (en) 2022-04-29 2022-04-29 Biological identification processing method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210466431.1A CN115577336A (en) 2022-04-29 2022-04-29 Biological identification processing method, device and equipment

Publications (1)

Publication Number Publication Date
CN115577336A true CN115577336A (en) 2023-01-06

Family

ID=84579048

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210466431.1A Pending CN115577336A (en) 2022-04-29 2022-04-29 Biological identification processing method, device and equipment

Country Status (1)

Country Link
CN (1) CN115577336A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170581A (en) * 2023-02-17 2023-05-26 厦门瑞为信息技术有限公司 Video information encoding and decoding method based on target perception and electronic equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170581A (en) * 2023-02-17 2023-05-26 厦门瑞为信息技术有限公司 Video information encoding and decoding method based on target perception and electronic equipment
CN116170581B (en) * 2023-02-17 2024-01-23 厦门瑞为信息技术有限公司 Video information encoding and decoding method based on target perception and electronic equipment

Similar Documents

Publication Publication Date Title
CN111401272B (en) Face feature extraction method, device and equipment
CN111401273B (en) User feature extraction system and device for privacy protection
CN112200796B (en) Image processing method, device and equipment based on privacy protection
CN113221747B (en) Privacy data processing method, device and equipment based on privacy protection
CN112035881B (en) Privacy protection-based application program identification method, device and equipment
CN116978011B (en) Image semantic communication method and system for intelligent target recognition
CN112398838A (en) Authentication method, device and equipment based on privacy protection
CN112800468A (en) Data processing method, device and equipment based on privacy protection
CN114880706A (en) Information processing method, device and equipment
CN113435585A (en) Service processing method, device and equipment
CN111368795B (en) Face feature extraction method, device and equipment
CN115577336A (en) Biological identification processing method, device and equipment
CN113221717B (en) Model construction method, device and equipment based on privacy protection
CN111353514A (en) Model training method, image recognition method, device and terminal equipment
CN115048661A (en) Model processing method, device and equipment
CN114662144A (en) Biological detection method, device and equipment
CN113239852B (en) Privacy image processing method, device and equipment based on privacy protection
CN115499635A (en) Data compression processing method and device
CN115204395A (en) Data processing method, device and equipment
CN112765377A (en) Time slot positioning in media streams
CN114863481A (en) Biological identification processing method, device and equipment
CN114758423A (en) Biological identification method, device and equipment
CN114840880A (en) Image processing method, device and equipment
KR102500252B1 (en) Machine learning database construction system using face privacy protection technology
CN115204264A (en) Model processing method, device and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination