CN115733615A

CN115733615A - Biological feature recognition method and system

Info

Publication number: CN115733615A
Application number: CN202211339293.7A
Authority: CN
Inventors: 罗曼
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd
Priority date: 2022-10-28
Filing date: 2022-10-28
Publication date: 2023-03-03

Abstract

The invention discloses a biological feature identification method, which comprises the following steps: receiving information to be identified, and extracting original biological characteristics of the information to be identified; obtaining a currently set biological feature dimension, and performing dimension processing on an original biological feature according to the biological feature dimension to obtain a target biological feature corresponding to the biological feature dimension; acquiring a currently set encryption security level, and executing homomorphic encryption operation corresponding to the encryption security level on the target biological characteristic to obtain an encrypted biological characteristic; and screening corresponding standard biological characteristics from the pre-stored standard biological characteristics according to the biological characteristic dimension and the encryption security level, and comparing and identifying the screened standard biological characteristics and the encryption biological characteristics to obtain an identification result. Accordingly, the invention discloses a biometric identification system.

Description

Biological feature recognition method and system

Technical Field

The present invention relates to computer technology, and particularly to a biometric feature recognition method and system.

Background

The biological characteristic recognition system is widely applied to the financial security fields of payment, digital identity verification, entrance guard security and the like.

At present, an FHE (Fully Homomorphic Encryption) technology is introduced into a biological characteristic identification system, the FHE technology is introduced to carry out Fully Homomorphic Encryption on original biological characteristic data and directly calculate characteristic similarity under a secret state, the 'computability invisibility' of the biological characteristic data is realized, and the data privacy security of the biological characteristic of a user is greatly protected.

However, in the prior art, only the optimal security performance is considered in the biometric identification process, that is, the system only uses the most complex and comprehensive biometric identification precision and the FHE encryption technology with the highest security level, but neglects the problems of the computational efficiency and time consumption of identification, which will result in that the waiting time of the user is prolonged and the experience feeling is reduced.

In view of this, it is desirable to obtain a new biometric identification scheme that can improve the identification efficiency while ensuring the identification accuracy and information privacy.

Disclosure of Invention

One of the objectives of the present invention is to provide a biometric feature recognition method, which can flexibly adjust and adapt a biometric recognition system in real time according to specific requirements of a service scenario on indexes such as security index, recognition accuracy and processing time consumption, and can improve biometric feature recognition efficiency while ensuring recognition accuracy and information privacy.

Based on the above object, the present invention provides a biometric feature recognition method, which comprises the steps of:

receiving information to be identified, and extracting original biological characteristics of the information to be identified;

obtaining a currently set biological feature dimension, and performing dimension processing on the original biological feature according to the biological feature dimension to obtain a target biological feature corresponding to the biological feature dimension;

acquiring a currently set encryption security level, and executing homomorphic encryption operation corresponding to the encryption security level on the target biological characteristics to obtain encrypted biological characteristics;

and screening corresponding standard biological characteristics from the pre-stored standard biological characteristics according to the biological characteristic dimension and the encryption security level, and comparing and identifying the screened standard biological characteristics and the encryption biological characteristics to obtain an identification result.

In the invention, FHE technologies with different encryption levels are introduced firstly, and reasonable encryption levels can be set to protect the security of the user biological characteristic data under the condition of comprehensively considering the security effect and the time consumption of processing; secondly, a feature dimension reduction algorithm is introduced to reduce high-dimensional biological feature vectors into low-dimensional biological feature vectors, and feature dimension reduction configuration with reasonable complexity can be set under the condition of comprehensively considering identification precision and calculation efficiency; finally, the balance relation among the three performance indexes of safety level, identification precision and calculation efficiency can be adjusted and controlled flexibly and autonomously.

Further, in some embodiments, the standard biometric is generated by:

acquiring standard biological information, and extracting original biological characteristics of the standard biological information;

performing dimension processing on the original biological features extracted from the standard biological information according to the biological feature dimension to obtain adjusted biological features corresponding to the biological feature dimension;

and aiming at each encryption security level, adopting homomorphic encryption operation corresponding to the encryption security level to perform encryption operation on the adjusted biological characteristics corresponding to the biological characteristic dimension to obtain standard biological characteristics corresponding to the biological characteristic dimension and the encryption security level, and storing the standard biological characteristics.

Further, in some embodiments, after obtaining the information to be identified, the method further includes:

performing quality detection on the information to be identified according to a quality detection model,

under the condition that the quality detection of the information to be identified is qualified, extracting the original biological characteristics of the information to be identified;

and under the condition that the quality detection of the information to be identified is unqualified, sending a distance or angle adjustment prompt, and re-acquiring the information to be identified.

Further, in some embodiments, the biometric identification method further comprises:

presetting optional biological characteristic dimensions and optional encryption security levels, and determining the set biological characteristic dimensions and the encryption security levels according to the trigger signals.

Furthermore, the face recognition client displays three selectable biometric feature dimension levels in high, medium and low and three selectable encryption security levels in high, medium and low, and selects and sets a corresponding face recognition mode according to click triggering of the user.

Further, in some embodiments, the feature vector length in the target biometric is adjusted according to the biometric dimension.

Further, in some embodiments, the dimensional processing of the raw biometric features employs a Principal Component Analysis (PCA) algorithm.

Of course, in other embodiments, dimension reduction algorithms that may be employed include, but are not limited to, unified flow Approximation and Projection (UMAP), PCA, isometry Mapping (ISOMAP), independent Component Analysis (ICA), and the like.

Further, in some embodiments, the encryption operation is a SEAL fully homomorphic encryption algorithm.

Of course, in other embodiments, other Encryption tools such as Spark full Homomorphic Encryption algorithm (Spark full Homomorphic Encryption, spark fhe), fast full Homomorphic converter (TFHE), FHEW guided Homomorphic Encryption (Bootstrapping Homomorphic Encryption), cuFHE CUDA accelerated Homomorphic Encryption (CUDA-authenticated full Homomorphic Encryption), and the like may be used.

Further, in some embodiments, the standard biometric feature and the encrypted biometric feature are identified by comparing the standard biometric feature and the encrypted biometric feature by calculating cosine similarity.

Of course, in other embodiments, the feature alignment identification may be obtained by other methods known to those skilled in the art, such as pearson correlation coefficient, modified cosine similarity, and euclidean distance method.

Another objective of the present invention is to provide a biometric identification system, which can flexibly adjust and adapt the biometric identification system in real time according to the specific requirements of the business scenario for the safety index, the identification precision, the processing time consumption, and other indicators, and can improve the identification efficiency while ensuring the identification precision and the information privacy.

Based on the above object, the present invention further provides a biometric identification module, and a client processing module in data communication with the biometric identification module:

the client processing module acquires and sends the set biological characteristic dimension and encryption security level, and acquires and sends information to be identified;

the biological characteristic identification module receives the biological characteristic dimension, the encryption security level and the information to be identified, and performs biological characteristic extraction on the information to be identified; performing dimension processing on the original biological characteristics according to the biological characteristic dimension to obtain target biological characteristics corresponding to the biological characteristic dimension; executing homomorphic encryption operation corresponding to the encryption security level on the target biological characteristic to obtain an encrypted biological characteristic;

the biological characteristic identification module screens corresponding standard biological characteristics from all pre-stored standard biological characteristics according to the biological characteristic dimension and the encryption security level, and compares and identifies the screened standard biological characteristics and the encryption biological characteristics to obtain an identification result ciphertext; sending the identification result ciphertext to the client module;

and the client module receives the identification result ciphertext and decrypts the identification result ciphertext through a preset secret key to obtain an identification result plaintext.

Further, in some embodiments, pre-storing the standard biometric comprises:

the biological feature recognition module acquires standard biological information and performs original biological feature extraction on the standard biological information;

the biological feature recognition module carries out dimension processing on the original biological features extracted from the standard biological information according to each biological feature dimension to obtain adjusted biological features corresponding to the biological feature dimension;

and the biological characteristic identification module adopts homomorphic encryption operation corresponding to the encryption security level aiming at each encryption security level, carries out encryption operation on the adjusted biological characteristic corresponding to the biological characteristic dimension to obtain the standard biological characteristic corresponding to the biological characteristic dimension and the encryption security level, and stores the standard biological characteristic.

Further, in some embodiments, since different biometric dimensions and encryption security levels may be selected during the biometric testing of the user, it is necessary to traverse the various possible biometric dimensions and encryption security levels to generate a library of biometric templates that is as comprehensive as possible.

Further, in some embodiments, the biometric feature recognition module further performs quality detection on the information to be recognized according to a quality detection model, and performs original biometric feature extraction on the information to be recognized when the quality detection of the information to be recognized is qualified; and under the condition that the quality of the information to be identified is detected unqualified, sending a distance or angle adjustment prompt to the client module, and acquiring the information to be identified again through the client module.

Further, in some embodiments, the biometric identification module adjusts a feature vector length of the target biometric according to the biometric dimension.

Further, in some embodiments, the biometric identification module compares and identifies the standard biometric characteristic and the encrypted biometric characteristic by calculating cosine similarity.

Further, in some embodiments, a selectable biometric dimension and a selectable encryption security level are preset in the biometric identification module, the preset selectable biometric dimension and the selectable encryption security level are displayed by the client module, the set biometric dimension and the encryption security level are determined according to the trigger signal, and the set biometric dimension and the encryption security level are fed back to the biometric identification module.

It is a further object of the present invention to provide a biometric identification module for biometric identification.

In view of the above object, the present invention also provides a biometric identification module for biometric identification, configured to perform the following steps:

obtaining a biological feature dimension, and performing dimension processing on the original biological feature according to the biological feature dimension to obtain a target biological feature corresponding to the biological feature dimension;

acquiring an encryption security level, and executing homomorphic encryption operation corresponding to the encryption security level on the target biological characteristics to obtain encrypted biological characteristics;

Further, in some embodiments, the biometric identification module is further configured to perform the following steps to obtain the standard biometric:

Further, in some embodiments, the biometric identification module is further configured to perform the following steps:

and under the condition that the quality of the information to be identified is detected to be unqualified, sending a distance or angle adjustment prompt, and acquiring the information to be identified again.

Further, in some embodiments, the biometric identification module adjusts a feature vector length in the target biometric according to the biometric dimension.

Further, in some embodiments, the biometric identification module compares and identifies the standard biometric characteristic and the encrypted biometric characteristic by calculating a cosine similarity.

Further, in some embodiments, the biometric identification module is further configured with an optional biometric dimension and an optional encryption security level, and the set biometric dimension and the encryption security level are determined according to the trigger signal.

It is a further object of this invention to provide a client-side processing module for biometric identification.

In view of the above object, the present invention also provides a client-side processing module for biometric identification, configured to perform the following steps:

acquiring the set biological characteristic dimension and encryption security level, and acquiring and sending information to be identified;

and receiving an identification result ciphertext, decrypting the identification result ciphertext through a preset secret key to obtain an identification result plaintext, wherein the image to be identified is subjected to dimension processing corresponding to the biological characteristic dimension, homomorphic encryption corresponding to the encryption security level is executed, and then the homomorphic encryption is compared with standard biological characteristics corresponding to the biological characteristic dimension and the encryption security level to obtain the identification result ciphertext.

Further, in some embodiments, the user-side processing module is further configured to perform the following steps to obtain the biometric dimension and the encryption security level of the obtaining setting:

and displaying preset selectable biological characteristic dimensions and selectable encryption security levels, and determining the set biological characteristic dimensions and encryption security levels according to click triggering.

Further, in some embodiments, the information to be identified and the standard biological information may be image, audio, video, and the like.

The biological characteristic identification method and the system have the following beneficial effects:

firstly, the invention introduces FHE technology with different encryption levels, and can set reasonable encryption levels to protect the security of the user biological characteristic data under the condition of comprehensively considering security effect and processing time consumption;

secondly, a biological feature dimension reduction algorithm is introduced to the balance of the encryption grade to reduce the high-dimension biological feature vector into the low-dimension biological feature vector, and feature dimension reduction configuration with reasonable complexity can be set under the condition of comprehensively considering the identification precision and the calculation efficiency;

based on the two points, the system can finally realize more flexible and autonomous regulation and control of the balance relation among the three performance indexes of the safety level, the identification precision and the calculation efficiency.

Drawings

Fig. 1 schematically shows a flow chart of a biometric method according to an embodiment of the present invention.

Fig. 2 schematically shows a flow of steps performed by the biometric system of the present invention in one embodiment.

Fig. 3 schematically shows the steps performed by the biometric module according to the present invention in one embodiment.

Fig. 4 exemplarily shows steps performed by the client-side processing module for use in biometric identification according to an embodiment of the present invention.

Fig. 5 exemplarily shows a flow performed in one embodiment of face template registration in the biometric method according to the present invention.

Fig. 6 exemplarily shows a flow performed in one embodiment of the system mode setting in the biometric method according to the present invention.

Fig. 7 exemplarily shows a flow performed by the face security detection in the biometric method according to an embodiment of the present invention.

Detailed Description

The method, system, server and user-side processing module for efficient private information retrieval according to the present invention will be described in further detail with reference to the drawings and specific embodiments, but the detailed description is not intended to limit the present invention.

Homomorphic encryption is a symmetric encryption algorithm, and for homomorphic encryption, the operation in a ciphertext domain is equivalent to the corresponding operation in a plaintext domain after being decrypted. That is, the encrypted data can still be subjected to corresponding calculations, such as addition and multiplication. Therefore, the value obtained by decrypting the ciphertext calculation result is equal to the calculation result of the corresponding plaintext data in the plaintext. Generally, homomorphic encryption can be represented by the following equation:

Enc(f(m ₁ ，m ₂ ))＝f(Enc(m ₁ )，Enc(m ₂ ) In which m is ₁ And m ₂ Represents plaintext data, enc (m) ₁ ) And Enc (m) ₂ ) Representing ciphertext data, and f represents an operation.

The equation shows: plaintext m ₁ And m ₂ Encryption first and then operation is equivalent to encryption first and then operation. The above equation represents the basic property of homomorphic encryption, i.e. homomorphism for operation, and the calculation result in the ciphertext domain is equal to the calculation result in the plaintext domain after decryption.

Homomorphic encryption includes two basic homomorphic types, namely multiplicative homomorphism and additive homomorphism. The homomorphic encryption system is divided into 3 types according to the operation type and the number supported by the homomorphic encryption algorithm: partial homomorphic encryption, hierarchical homomorphic encryption and fully homomorphic encryption. Partial Homomorphic Encryption (PHE) refers to the property that homomorphic encryption algorithms are homomorphic only to addition or multiplication (either). The hierarchical homomorphic encryption algorithm (swe) generally supports a limited number of addition and multiplication operations. Fully homomorphic encryption algorithms (FHEs) support an unlimited number of arbitrary types of computations on ciphertext.

In the field of biological characteristic identification, the FHE scheme ensures that a data processing server cannot know plaintext information of processed biological characteristics when calculating the similarity, and can directly perform corresponding calculation on ciphertext of data, so that the biological characteristic information of a user can obtain corresponding safety guarantee. And after the data processing server calculates the similarity between the encrypted biological characteristics, returning a result. In the calculation process, the data processing server only obtains the encrypted biological feature vector data, but cannot obtain the plaintext of the biological feature vector data, and biological feature information cannot be leaked. The FHE scheme has the advantages that a plurality of operators are supported, the operation times are not limited, and the universality is strong in an actual scene; but the disadvantages are high computational complexity and low efficiency, especially the multiplication operation therein.

Biometric identification includes, but is not limited to, face recognition, fingerprint recognition, iris recognition, and any other way of identifying a biometric feature by an image. In the following embodiments, face recognition is mainly taken as an example to facilitate the explanation of the scheme, but the method and system provided by the present invention are not limited to the field of face recognition, and the following embodiments are not used to limit the use scenario of the scheme.

The invention also provides a biological characteristic identification scheme based on the fully homomorphic encryption algorithm. The method increases the flexibility of the biometric identification scheme under the condition of keeping the privacy and the universality of the biometric identification of the FHE algorithm.

In one embodiment of the present invention, a method of biometric identification is presented. Fig. 1 schematically shows a flow chart of a biometric method according to an embodiment of the present invention.

As shown in fig. 1, the method for biometric identification includes the steps of:

100: and receiving an image to be identified, and extracting the original biological characteristics of the image to be identified.

The image to be recognized is usually acquired by a client device needing biometric recognition, and a server executing the biometric recognition firstly performs original high-dimensional biometric feature extraction on the acquired image to be recognized. The algorithm for extracting the biometric features is not limited herein, and for example, in the field of face recognition, algorithms that are widely used in the past or at present, such as HOG (histogram of oriented graphics), LBP (Local binary patterns), and algorithms based on deep learning or convolutional neural networks, such as FaceNet and spheerface, etc., are examples. The aim of the step is to extract high-dimensional original biological characteristics in the image for comparison and identification in the subsequent steps.

In some embodiments, after acquiring the image to be recognized, the method for biometric recognition further includes the following steps:

performing quality detection on the image to be recognized according to the quality detection model, and performing original biological feature extraction on the image to be recognized under the condition that the quality detection of the image to be recognized is qualified; and under the condition that the quality of the image to be recognized is not detected successfully, sending a distance or angle adjustment prompt to the biological recognition client, and re-acquiring the image to be recognized through the biological recognition client.

For example, in the process of face recognition, in order to reduce interference caused by factors such as background and environment, preprocessing such as face detection and face alignment is generally performed, and the acquired face image also has corresponding quality requirements. Therefore, before the face feature extraction, quality detection is performed on the acquired face recognition image, such as the integrity of the image, the angle of the image, the proportion of the face in the image, and the brightness of light, etc. The quality detection model can preset detection items and qualified threshold values corresponding to the detection items, the face feature extraction step can be executed when the face image meets the requirements of the quality detection model, otherwise, a user is prompted to re-collect the face image through a client side of the face detection, and optionally, corresponding prompting can be performed at the client side according to the detection items which do not meet the requirements, such as prompting the user to adjust the distance or the angle, so that the user can efficiently collect the face image which meets the quality requirements.

110: and acquiring the currently set biological feature dimension, and performing dimension processing on the original biological feature according to the biological feature dimension to obtain the target biological feature corresponding to the biological feature dimension.

The above-mentioned biological feature dimensions are used to perform dimension reduction processing on the high-dimensional original biological features extracted in step 100. In some embodiments, the biometric dimension may be from a user input on the biometric client, or alternatively, from a centralized setting by an administrator or system managing a particular group of biometric clients, depending on the context of use.

Biometric dimension reduction is a process that aims to reduce the number of features used in an analytical model. The performance of computer vision and machine learning based methods is improved, representing data in a more efficient manner. This step can also significantly improve the processing speed of subsequent biometric homomorphic encryption and similarity. For example, dimension reduction algorithms that may be used in the recognition process include, but are not limited to, UMAP, PCA, ISOMAP, and ICA, among others.

In some more specific embodiments, the PCA algorithm is used for biometric dimension reduction. Illustratively, there are m pieces of n-dimensional data, and the step of using PCA to reduce the n-dimensional data into k dimensions includes:

forming n rows and m columns of matrix X by the original data according to columns; zero-averaging each row of X, i.e. subtracting the average of this row; solving a covariance matrix; solving the eigenvalue of the covariance matrix and the corresponding eigenvector r; and arranging the eigenvectors into a matrix from top to bottom according to the size of the corresponding eigenvalue, and taking the first k rows to form a matrix P, namely the data after dimensionality reduction to the k dimensionality.

In the present invention, the form of the acquired biometric dimension is not limited. In a scene emphasizing the usability of the user, selectable biometric dimension reduction dimensions can be preset, even specific dimension reduction data are hidden, and only the dimension reduction strength is used for representation. For example: reducing the dimension of the high-dimensional face features with the dimension dim =1024 to the medium-dimensional face features with the dimension dim =512 or the low-dimensional face features with the dimension dim =256, displaying options of "high dimension", "medium dimension" and "low dimension" on a client for a user to select, and displaying an original dimension value and a specific dimension value after dimension reduction. The grade of dimension reduction is not limited to 3, and different grade division standards can be selected according to application scenes, so that the grade number meeting the requirement is generated. Alternatively, in a scenario where flexibility is emphasized, the dimension of dimension reduction can be freely specified by the user, that is, the specification of the dimension reduction dimension is performed by inputting a dimension reduction dimension target value. For example, the client only presents the original dimension dim =1024 to the user, and the user may indicate the dimensionality value after dimensionality reduction by inputting a numerical value.

In some embodiments, the biometric dimension indicates the length of the biometric feature vector after dimensionality reduction, and the higher the biometric dimension is, the longer the feature vector length is, that is, the more features can be extracted from the image to be recognized for biometric recognition.

The original biometric features are subjected to dimensionality reduction in step 110 to obtain target biometric features.

120: and acquiring the currently set encryption security level, and executing homomorphic encryption operation corresponding to the encryption security level on the target biological characteristics to obtain the encrypted biological characteristics.

And the encryption security level is used for indicating the security level of the homomorphic encryption performed on the target biological characteristics in the step. The higher the encryption level, the higher the security of the scheme, but the ciphertext is increased, which may result in the reduction of the computational efficiency of the homomorphic operation.

Similarly, in some embodiments, the encryption security level may be from user input at the biometric client, and optionally, may also be from centralized settings by an administrator or system managing a particular group of biometric clients, depending on the usage scenario. According to the requirement of the scene on the safety, the user can select the sacrifice identification and the comparison identification to obtain higher safety performance or reduce the safety level to obtain higher identification efficiency.

In some embodiments, the encryption operation is performed using fully homomorphic encryption. The general encryption scheme of the fully homomorphic encryption mainly comprises the following steps:

step S1: genKey (λ), generates a pair of public and private keys. Generating a public key theta p and a private key theta s according to the input security parameters;

step S2: encrypt (m, θ p), encrypt the message m using the public key θ p, and compute to generate the ciphertext c.

And step S3: add (c 0, c 1), two ciphertexts c0 and c1 are input, and the sum c0+ c1 of the two ciphertexts is calculated.

And step S4: multiply (c 0, c 1), two ciphertexts c0 and c1 are input, and the product c0 × c1 of the two ciphertexts is calculated.

Step S5: decrypt (c ', theta s), and calculating a plaintext m ' by using the private key theta s according to the ciphertext c '.

According to the principle, in the fully homomorphic encryption scheme of biometric identification, a pair of public and private keys is firstly generated: public key theta _p And a private key theta _s Then, the target biometric characteristic a is encrypted by an encryption function f:

ε(A)＝f(A；θ _p )

at the same time satisfy

A＝g(ε(A)；θ _s )

Where g is the decryption function.

In some more specific embodiments, the encryption is performed using the Microsoft SEAL library, which is an all-homomorphic encryption library. The homomorphic encryption algorithm employed by SEAL is based on a polynomial ring. Illustratively, there are 3 important parameters in the SEAL algorithm BFV scheme: polynomial modulus degree, ciphertext coefficient modulus and plaintext modulus.

The polynomial modulus is a main factor influencing the security of the homomorphic encryption scheme, namely, the polynomial modulus is set according to the encryption security level input by a user. The larger the polynomial modulus degree is, the higher the security of the scheme is, and the ciphertext is increased, which can cause the reduction of the computational efficiency of homomorphic operation. In the Seal library, the recommended times are 1024, 2048, 4096, 8192, 16384, 32768. Accordingly, the encryption security level selectable by the user can be corresponding to the polynomial modulus, so that different security levels can be realized.

Note that the homomorphic encryption is not limited to the SEAL algorithm, and other tools such as sparkhfe, tfhe, FHEW, and cuFHE may be used. The regulation and control parameters of the encryption security level can also be selected and set according to different encryption algorithms.

130: and screening corresponding standard biological characteristics from the pre-stored standard biological characteristics according to the biological characteristic dimension and the encryption security level, and comparing and identifying the screened standard biological characteristics and the encryption biological characteristics to obtain an identification result.

First, the biometric similarity calculation based on the homomorphic encryption can be regarded as the application process of step S3 and step S4 in the above-described homomorphic encryption process.

In some embodiments, the biometric similarity is calculated by fully homomorphic encryption of cosine similarities.

Under the condition that the biological characteristic vector is not encrypted, assuming that the characteristic vector of the biological characteristic template in the database is A, the target biological characteristic vector to be subjected to biological detection is B, and the cosine similarity between the characteristic vectors A and B is defined as:

because the length value of the vector does not contain specific biological feature information, the length of the biological feature vector can be directly calculated after the biological features are extracted, and the length value of the biological feature vector and the biological features are stored in the database together, so that the calculation formula of the cosine similarity of the biological features can be simplified as follows:

it can be known that the calculation of the cosine similarity of the biometric feature vector involves multiplication of n vector elements (A) _i ×B _i ) And the cumulative sum of n vector elements

The cosine similarity of the biometric feature vector is described in the fully homomorphic encrypted domain as:

c is a corresponding encrypted ciphertext named vector A, B, and it can be understood that n homomorphic multiplications and n-1 homomorphic addition operations are needed for calculating cosine similarity between features in an encrypted domain.

In the above embodiment, the cosine similarity is used to calculate the biometric distance, and the biometric identification method provided by the present invention may also use a comparative identification scheme such as pearson correlation coefficient, modified cosine similarity, euclidean distance, etc.

Secondly, in some embodiments, in the process of biometric comparison and identification, standard biometric features pre-stored in the database are required. In some embodiments, the standard biometric is generated by:

acquiring a standard biological image, and extracting original biological features of the standard biological image;

performing dimension processing on the original biological features extracted from the standard biological image according to the biological feature dimension to obtain adjusted biological features corresponding to the biological feature dimension;

In this embodiment, the standard biometric features are pre-stored for biometric comparison. And acquiring a standard biological image of the user in the user registration process, and performing dimension adjustment and encryption operation on the original biological characteristics by adopting the method. Since different biometric dimensions and encryption security levels may be selected during the user's detection process, it is necessary to traverse various possible biometric dimensions and encryption security levels to generate a standard biometric library as comprehensive as possible.

In some embodiments, in the case that the biometric dimension is divided into dimension and low dimension, and the encryption security level is divided into high encryption and low encryption, at least a high dimension + high encryption biometric library, a high dimension + low encryption biometric library, a low dimension + high encryption biometric library, and a low dimension + low encryption biometric library should be stored in the database. In the case of providing users with higher flexibility, the database is required to have a higher storage space and store more diversified biometric databases.

And finally, sending the identification result ciphertext to the user side, and decrypting the identification result ciphertext through a preset secret key to obtain an identification result plaintext.

After receiving the identification result ciphertext, the user can decrypt the ciphertext through the decryption function according to the private key,

A＝g(ε(A)；θ _s )

and obtaining the clear text of the identification result so as to indicate whether the current biological feature identification is passed or not.

The steps of the method can be seen that, the biological characteristic identification method provided by the invention firstly introduces FHE technology with different encryption levels, and can set reasonable encryption levels to protect the safety of the biological characteristic data of the user under the condition of comprehensively considering the safety effect and the processing time consumption; secondly, a biological feature dimension reduction algorithm is introduced to reduce high-dimension biological feature vectors into low-dimension biological feature vectors, and feature dimension reduction configuration with reasonable complexity can be set under the condition of comprehensively considering identification precision and calculation efficiency; based on the two points, the balance relation among the three performance indexes of safety level, identification precision and calculation efficiency can be adjusted and controlled flexibly and autonomously.

Optionally, the following steps may be performed for a client that needs biometric identification to implement the biometric identification provided by the present invention:

200: and acquiring the set biological characteristic dimension and encryption security level, and acquiring and sending the image to be identified.

The biometric identification client displays an interface for setting biometric dimensions and encryption security levels, receives setting data from a user, acquires an image to be identified under the condition of executing a biometric identification task, and transmits the biometric dimensions and the encryption security levels to a platform or equipment for executing biometric identification. The present invention does not limit the order of the steps of the above-described setup and collection.

210: and receiving the identification result ciphertext, and decrypting the identification result ciphertext through a preset secret key to obtain an identification result plaintext. The image to be identified is subjected to dimensionality processing corresponding to the biological characteristic dimensionality, homomorphic encryption corresponding to the encryption security level is executed, and then the image to be identified is compared with standard biological characteristics corresponding to the biological characteristic dimensionality and the encryption security level to obtain an identification result ciphertext.

The platform or the equipment for biological feature recognition firstly extracts original biological features of the image to be recognized according to the image to be recognized transmitted by the client.

And then, performing dimension processing on the original biological characteristics according to the biological characteristic dimensions sent by the biological characteristic identification client to obtain target biological characteristics corresponding to the biological characteristic dimensions, for example, performing biological characteristic dimension reduction through a PCA algorithm. And obtaining the target biological characteristics by the original biological characteristics through dimensionality reduction.

And then, acquiring the encryption security level sent by the biological characteristic identification client, and executing full homomorphic encryption operation corresponding to the encryption security level on the target biological characteristic to obtain the encrypted biological characteristic. And calling corresponding standard biological characteristics from a preset database according to the biological characteristic dimension and the encryption security level, and comparing and identifying the standard biological characteristics and the encryption biological characteristics to obtain an identification result ciphertext. And the encryption security level is used for indicating the security level of the homomorphic encryption performed on the target biological characteristics in the step. The higher the encryption level, the higher the security of the scheme, but the ciphertext is increased, which may result in the reduction of the computational efficiency of the homomorphic operation.

And finally, the biological characteristic identification client receives the ciphertext identification result, and can decrypt through a decryption function according to a private key corresponding to homomorphic encryption adopted by the biological characteristic identification platform or equipment, and finally, the identification result of the plaintext is displayed on the biological characteristic identification client.

In some embodiments, a platform or a device for biometric feature recognition performs quality detection on a received image to be recognized, and performs original biometric feature extraction on the image to be recognized when the quality detection of the image to be recognized is qualified; and under the condition that the quality detection of the image to be recognized is unqualified, the biological characteristic recognition client receives the distance or angle adjustment prompt and acquires the image to be recognized again.

In some embodiments, the process of obtaining the set biometric dimension and the cryptographic security level comprises: and displaying preset selectable biological characteristic dimensions and selectable encryption security levels at the biological characteristic identification client, and determining the set biological characteristic dimensions and encryption security levels according to click triggering.

In some more specific embodiments, the biometric identification client displays three selectable biometric dimension levels of high, medium and low, and three selectable encryption security levels of high, medium and low, and selects and sets a corresponding biometric identification mode according to click trigger of a user. Correspondingly, on the biological characteristic identification platform or equipment, a standard biological characteristic library which is in one-to-one correspondence with nine combination modes formed by the three biological characteristic dimensions and the three encryption security levels is also prestored.

It should be noted that, in the present invention, the form of displaying and acquiring the biometric dimension by the client is not limited. In a scene emphasizing the usability of the user, selectable biometric dimension reduction dimensions can be preset, even specific dimension reduction data are hidden, and only the dimension reduction strength is used for representation. For example: the dimension of the high-dimensional face feature with dimension dim =1024 is reduced to the medium-dimensional face feature with dimension dim =512 or the low-dimensional face feature with dimension dim =256, options of "high dimension", "medium dimension" and "low dimension" can be displayed on the client for the user to select, and an original dimension value and a specific dimension value after dimension reduction can also be displayed. The grade of dimension reduction is not limited to 3, and different grade division standards can be selected according to application scenes, so that the grade number meeting the requirement is generated. Alternatively, in a scenario where flexibility is emphasized, the dimension of dimension reduction can be freely specified by the user, that is, the specification of the dimension reduction dimension is performed by inputting a dimension reduction dimension target value. For example, the client only presents original dimension dim =1024 to the user, and the user may indicate the dimensionality value after dimensionality reduction by inputting a numerical value. In this case, the amount of data of the standard biometric library pre-stored in the biometric recognition platform or system is increased significantly, but the user enjoys a high degree of flexibility.

The biometric feature recognition algorithm provided in the above embodiment introduces FHE techniques with different encryption levels, and a user can set a reasonable encryption level to protect the security of biometric data of the user under the condition of comprehensively considering security effects and processing time consumption; and secondly, a biological feature dimension reduction algorithm is introduced to reduce the high-dimension biological feature vector into the low-dimension biological feature vector, and feature dimension reduction configuration with reasonable complexity can be set under the condition of comprehensively considering identification precision and calculation efficiency.

In another embodiment of the present invention, a biometric identification system is presented that includes a biometric identification module, and a client processing module in data communication with the biometric identification module. The number of the client processing modules connected with the biological characteristic identification module is not limited, and the client processing modules can also perform wired or wireless communication with the biological characteristic identification module.

The biometric identification module may be an electronic device such as a server, and may be directly and physically connected to the client processing module, or may communicate with the client processing module through a cloud platform installed thereon. In some embodiments, on a device supporting edge computing, the biometric identification module may also be located on the same device as the client processing module, in which case, the biometric identification module may only store the biometric features that the device will collect, the storage space requirement is small, and the identification efficiency may be further improved.

Fig. 2 is a flowchart illustrating steps performed by the biometric system provided by the present invention in one embodiment.

As shown in fig. 2, in some embodiments, the system for efficient retrieval of private information performs the following steps:

300: the client processing module acquires and sends the set biological characteristic dimension and encryption security level, and acquires and sends the image to be identified;

310: the biological feature identification module receives the biological feature dimension, the encryption security level and the image to be identified, and performs biological feature extraction on the image to be identified; performing dimension processing on the original biological characteristics according to the biological characteristic dimension to obtain target biological characteristics corresponding to the biological characteristic dimension; and executing homomorphic encryption operation corresponding to the encryption security level on the target biological characteristic to obtain the encrypted biological characteristic.

320: the biological characteristic identification module screens corresponding standard biological characteristics according to biological characteristic dimensions and various pre-stored standard biological characteristics of encryption security levels, and compares and identifies the screened standard biological characteristics and the encrypted biological characteristics to obtain an identification result ciphertext; sending the identification result ciphertext to the client module;

330: and the client processing module receives the identification result ciphertext and decrypts the identification result ciphertext through a preset secret key to obtain an identification result plaintext.

In some specific embodiments, the client module presents an interface for setting the biometric dimension and the encryption security level, receives setting data from a user, and in addition, in the case of performing a biometric identification task, acquires an image to be identified, and transmits the biometric dimension and the encryption security level to the biometric identification module.

The biometric identification module receives the biometric dimension, the encryption security level and the image to be identified.

Firstly, original biological feature extraction is carried out on an image to be recognized. The algorithm for extracting the biometric features is not limited herein, and the algorithms that are widely used in the past or now include, for example, HOG (characters of ordered grams), LBP (Local binary patterns), and algorithms based on deep learning or convolutional neural networks, such as FaceNet and spheerface. The aim of the step is to extract high-dimensional original biological characteristics in the image for comparison and identification in the subsequent steps.

And secondly, performing dimension processing on the original biological characteristics according to the biological characteristic dimension to obtain the target biological characteristics corresponding to the biological characteristic dimension. Biometric dimensionality reduction is a process that aims to reduce the number of features used in an analytical model. The performance of computer vision and machine learning based methods is improved, representing data in a more efficient manner. This step can also significantly increase the processing speed of subsequent biometric homomorphic encryption and similarity. Dimension reduction algorithms that may be employed during the identification process include, but are not limited to, UMAP, PCA, ISOMAP, and ICA, among others.

In some more specific embodiments, the PCA algorithm is used for biometric dimension reduction. Illustratively, there are m pieces of n-dimensional data, and the step of using PCA to reduce the n-dimensional data into k dimensions includes: forming n rows and m columns of matrix X by the original data according to columns; zero-averaging each row of X, i.e. subtracting the average of this row; solving a covariance matrix; solving the eigenvalue of the covariance matrix and the corresponding eigenvector r; and arranging the eigenvectors into a matrix from top to bottom according to the size of the corresponding eigenvalue, and taking the first k rows to form a matrix P, namely the data after dimensionality reduction to the k dimensionality.

In some embodiments, the biometric dimension indicates the length of the biometric vector after dimensionality reduction, and the higher the biometric dimension, the longer the length of the biometric vector, i.e., the more features in the biometric image can be extracted for biometric identification.

And thirdly, the biological characteristic identification module acquires the encryption security level transmitted by the client module, and performs homomorphic encryption operation corresponding to the encryption security level on the target biological characteristic to obtain the encrypted biological characteristic. And calling corresponding standard biological characteristics from a preset database according to the biological characteristic dimension and the encryption security level, and comparing and identifying the standard biological characteristics and the encryption biological characteristics to obtain an identification result ciphertext.

In some more specific embodiments, encryption is performed using the Microsoft SEAL library, an all-homomorphic encryption library. The homomorphic encryption algorithm employed by SEAL is based on a polynomial ring. Illustratively, there are 3 important parameters in the SEAL algorithm BFV scheme: polynomial modulus degree, ciphertext coefficient modulus and plaintext modulus. The polynomial modulus is a main factor influencing the security of the homomorphic encryption scheme, namely, the polynomial modulus is set according to the encryption security level input by a user. The larger the polynomial modulus degree is, the higher the security of the scheme is, and the ciphertext is increased, which can cause the reduction of the computational efficiency of homomorphic operation. In the Seal library, the number of recommendations is 1024, 2048, 4096, 8192, 16384, 32768. Accordingly, the encryption security level selectable by the user can be corresponding to the polynomial modulus degree, so that different security levels can be realized.

In a fully homomorphic encryption scheme for biometric identification, a pair of public and private keys is first generated: public key theta _p And a private key theta _s Then, the target biometric characteristic a is encrypted by an encryption function f:

ε(A)＝f(A；θ _p )

in some embodiments, the similarity between the encrypted biometric feature and the standard biometric feature is calculated by a fully homomorphic encryption of cosine similarities. The encrypted biological characteristic is A, the corresponding standard biological characteristic is called from a preset database to be B, and the cosine similarity of the biological characteristic vector is described in a fully homomorphic encryption domain as follows:

c is the corresponding encrypted text after encryption named vector A, B. And after the comparison is finished, the biological characteristic identification module sends the identification result ciphertext to the client module.

And the client module receives the identification result ciphertext, can decrypt according to the private key and the decryption function and displays the plaintext identification result.

In some embodiments, the pre-stored standard biometric is generated by:

the biological feature recognition module acquires a standard biological image and performs original biological feature extraction on the standard biological image;

the biological feature recognition module conducts dimension processing on original biological features extracted from the standard biological image according to the biological feature dimension to obtain adjusted biological features corresponding to the biological feature dimension, and conducts encryption operation on the adjusted biological features corresponding to the biological feature dimension by adopting homomorphic encryption operation corresponding to the encryption security level aiming at each encryption security level to obtain standard biological features corresponding to the biological feature dimension and the encryption security level.

And acquiring a standard biological image of the user in the user registration process, and performing dimension adjustment and encryption operation on the original biological characteristics by adopting the method. Since different biometric dimensions and encryption security levels may be selected during the user's detection process, it is necessary to traverse the various possible biometric dimensions and encryption security levels to generate a standard biometric library as comprehensive as possible.

the biological feature recognition module performs quality detection on the image to be recognized according to the quality detection model, and performs original biological feature extraction on the image to be recognized under the condition that the quality detection of the image to be recognized is qualified; otherwise, the user is prompted to re-acquire the biometric image through the client module for biometric detection. Optionally, the biometric identification module may also perform a corresponding prompt at the client module according to the unsatisfactory detection item, for example, prompt the user to adjust the distance or the angle, so that the user can efficiently acquire the image to be identified that meets the quality requirement.

The invention further provides a biological characteristic identification module for biological characteristic identification. Fig. 3 schematically shows the steps performed by the biometric module according to the present invention in one embodiment.

As shown in fig. 3, the biometric module is arranged to perform the following steps:

400: the biological feature recognition module receives the image to be recognized and performs original biological feature extraction on the image to be recognized.

The image to be recognized is usually acquired by a client device which needs to perform biometric recognition, and a biometric recognition module which performs biometric recognition first performs original high-dimensional biometric extraction on the acquired image to be recognized. The algorithm for extracting the biometric features is not limited herein, and the algorithms that are widely used in the past or at present include, for example, HOG (histogram of oriented gradients), LBP (Local binary patterns), and algorithms based on deep learning or convolutional neural networks, such as FaceNet and spheerface. The aim of the step is to extract high-dimensional original biological characteristics in the image for comparison and identification in the subsequent steps.

performing quality detection on the image to be recognized according to the quality detection model, and performing original biological feature extraction on the image to be recognized under the condition that the quality detection of the image to be recognized is qualified; and under the condition that the quality detection of the image to be recognized is unqualified, sending a distance or angle adjustment prompt to the biological characteristic recognition client, and re-acquiring the image to be recognized through the biological characteristic recognition client.

For example, in the process of face recognition, in order to reduce interference caused by factors such as background and environment, preprocessing such as face detection and face alignment is generally performed, and the acquired face image also has corresponding quality requirements. Therefore, before the face feature extraction, quality detection is performed on the acquired image to be recognized, such as the integrity of the image, the angle of the image, the occupation ratio of the face in the image, the brightness of the light, and the like. The quality detection model can preset detection items and qualified threshold values corresponding to the detection items, the face feature extraction step can be executed when the face image meets the requirements of the quality detection model, otherwise, a user is prompted to re-collect the face image through a client side of the face detection, and optionally, corresponding prompting can be performed at the client side according to the detection items which do not meet the requirements, such as prompting the user to adjust the distance or the angle, so that the user can efficiently collect the face image which meets the quality requirements.

410: the biological characteristic identification module acquires the currently set biological characteristic dimension, and performs dimension processing on the original biological characteristic according to the biological characteristic dimension to obtain the target biological characteristic corresponding to the biological characteristic dimension.

In some embodiments, the biometric dimension may be from a user input on the biometric detection client, or alternatively, from a centralized setting by an administrator or system that manages a particular group of biometric detection clients, depending on the context of use.

Biometric dimensionality reduction is a process that aims to reduce the number of features used in an analytical model. The performance of computer vision and machine learning based methods is improved, representing data in a more efficient manner. This step can also significantly improve the processing speed of subsequent feature homomorphic encryption and similarity. Dimension reduction algorithms that may be employed during the identification process include, but are not limited to, UMAP, PCA, ISOMAP, and ICA, among others.

In some more specific embodiments, feature dimensionality reduction is performed using a PCA algorithm. Illustratively, there are m pieces of n-dimensional data, and the step of using PCA to reduce the n-dimensional data into k dimensions includes:

forming n rows and m columns of matrix X by the original data according to columns; zero-averaging each row of X, i.e. subtracting the average of this row; solving a covariance matrix; solving an eigenvalue of the covariance matrix and a corresponding eigenvector r; and arranging the eigenvectors into a matrix from top to bottom according to the size of the corresponding eigenvalue, and taking the first k rows to form a matrix P, namely the data after the dimensionality reduction to the dimensionality k.

In the present invention, the form of the acquired biometric dimension is not limited. In a scene emphasizing the usability of the user, selectable biometric dimension reduction dimensions can be preset, even specific dimension reduction data are hidden, and only the dimension reduction strength is used for representation. For example: the dimension of the high-dimensional face feature with dimension dim =1024 is reduced to the medium-dimensional face feature with dimension dim =512 or the low-dimensional face feature with dimension dim =256, options of "high dimension", "medium dimension" and "low dimension" can be displayed on the client for the user to select, and an original dimension value and a specific dimension value after dimension reduction can also be displayed. The grade of dimension reduction is not limited to 3, and different grade division standards can be selected according to application scenes, so that the grade number meeting the requirement is generated. Alternatively, in a scenario where flexibility is emphasized, the dimension of dimension reduction can be freely specified by the user, that is, the specification of the dimension reduction dimension is performed by inputting a dimension reduction dimension target value. For example, the client only presents the original dimension dim =1024 to the user, and the user may indicate the dimensionality value after dimensionality reduction by inputting a numerical value.

In some embodiments, the biometric dimension indicates the length of the biometric vector after dimensionality reduction, and the higher the biometric dimension, the longer the length of the biometric vector, that is, the more features in the biometric image can be extracted for biometric identification.

The original biological characteristics are subjected to dimensionality reduction in step 200 to obtain target biological characteristics.

420: the biological characteristic identification module obtains the encryption security level which is currently set, and executes full homomorphic encryption operation corresponding to the encryption security level on the target biological characteristic to obtain the encrypted biological characteristic.

And the encryption security level is used for indicating the security level of the fully homomorphic encryption performed on the target biological characteristics in the step. The higher the encryption level, the higher the security of the scheme, but the ciphertext is increased, which may result in the reduction of the computational efficiency of the homomorphic operation.

Similarly, in some embodiments, the encryption security level may be from user input on the biometric detection client, and optionally, may also be from centralized settings by an administrator or system managing a particular group of biometric detection clients, depending on the usage scenario. According to the requirement of the scene on the safety, the user can select the sacrifice identification and the comparison identification to obtain higher safety performance or reduce the safety level to obtain higher identification efficiency.

According to the principle of homomorphic encryption, in a homomorphic encryption scheme of biological feature identification, a pair of public and private keys is firstly generated: public key theta _p And a private key theta _s Then, the target biometric characteristic a is encrypted by an encryption function f:

ε(A)＝f(A；θ _p )

at the same time satisfy

A＝g(ε(A)；θ _s )

Where g is the decryption function.

In some more specific embodiments, encryption is performed using the Microsoft SEAL library, an all-homomorphic encryption library. The homomorphic encryption algorithm employed by SEAL is based on a polynomial ring. Illustratively, there are 3 important parameters in the SEAL algorithm BFV scheme: polynomial modulus degree, ciphertext coefficient modulus and plaintext modulus.

The polynomial modulus is a main factor influencing the security of the homomorphic encryption scheme, namely, the polynomial modulus is set according to the encryption security level input by a user. The larger the polynomial modulus degree is, the higher the security of the scheme is, and the ciphertext is increased, which can cause the reduction of the computational efficiency of homomorphic operation. In the Seal library, the recommended times are 1024, 2048, 4096, 8192, 16384, 32768. Accordingly, the encryption security level selectable by the user can be corresponding to the polynomial modulus degree, so that different security levels can be realized.

430: and the biological characteristic identification module screens corresponding standard biological characteristics from the pre-stored standard biological characteristics according to the biological characteristic dimension and the encryption security level, and compares and identifies the screened standard biological characteristics with the encryption biological characteristics to obtain an identification result.

First, the feature similarity calculation based on the fully homomorphic encryption can be regarded as an application process of multiplication and addition operations in the fully homomorphic encryption process described above.

The biometric vector cosine similarity is described in the fully homomorphic encrypted domain as:

c is a corresponding ciphertext after encryption named vector A, B, and can be understood that n homomorphic multiplications and n-1 homomorphic addition operations are needed for calculating the cosine similarity between the biological characteristics in the encryption domain.

In the embodiment, the cosine similarity is adopted to calculate the biological characteristic distance, and a comparative identification scheme such as a pearson correlation coefficient, a modified cosine similarity and a Euclidean distance can also be adopted in the adjustable biological characteristic identification method provided by the invention.

Secondly, in the comparison and identification process, the standard biological characteristics pre-stored in the database are needed.

In some embodiments, the standard biometric is generated by: acquiring a standard biological image, and extracting original biological features of the standard biological image; performing dimension processing on the original biological features extracted from the standard biological image according to the biological feature dimension to obtain adjusted biological features corresponding to the biological feature dimension; aiming at each encryption security level, adopting homomorphic encryption operation corresponding to the encryption security level to perform encryption operation on the adjusted biological characteristics corresponding to the biological characteristic dimension to obtain and store standard biological characteristics corresponding to the biological characteristic dimension and the encryption security level;

in this embodiment, the standard biometric features are pre-stored standard biometric features used for feature matching. And acquiring a standard biological image of the user in the user registration process, and performing dimension adjustment and encryption operation on the original biological characteristics by adopting the method. Since different biometric dimensions and encryption security levels may be selected during the user's detection process, it is necessary to traverse the various possible biometric dimensions and encryption security levels to generate a standard biometric library as comprehensive as possible.

The biological characteristic identification module can also send identification result ciphertext. And decrypting the identification result ciphertext through a preset secret key to obtain an identification result plaintext.

In a specific embodiment, after receiving the identification result ciphertext, the user may decrypt the identification result ciphertext according to the private key through the following decryption function,

A＝g(ε(A)；θ _s )

and obtaining the plaintext of the identification result, thereby indicating whether the identification is passed or not.

An embodiment of the present invention further provides a client processing module for efficient retrieval of private information.

As shown in fig. 4, the client-side processing module is configured to perform the following steps:

500: the user side processing module acquires the set biological characteristic dimension and the encryption security level, and acquires and sends an image to be identified;

510: and the user side processing module receives the identification result ciphertext and decrypts the identification result ciphertext through a preset secret key to obtain an identification result plaintext. And after the image to be identified is subjected to dimension processing corresponding to the biological characteristic dimension and full homomorphic encryption corresponding to the encryption security level, comparing the image to be identified with the standard biological characteristics corresponding to the biological characteristic dimension and the encryption security level to obtain an identification result ciphertext.

In some specific embodiments, the process of obtaining the set biometric dimension and the encryption security level comprises, in some embodiments: and displaying preset selectable biological characteristic dimensions and selectable encryption security levels at the biological characteristic identification client, and determining the set biological characteristic dimensions and encryption security levels according to click triggering.

In some more specific embodiments, the biometric identification client displays three selectable biometric dimension levels of high, medium and low, and three selectable encryption security levels of high, medium and low, and selects and sets a corresponding biometric identification mode according to click trigger of a user. Correspondingly, a standard biological characteristic library corresponding to the nine combination modes formed by the three biological characteristic dimensions and the three encryption security levels one by one is also prestored on the biological characteristic identification platform or the device.

It should be noted that, in the present invention, the form of displaying and acquiring the biometric dimension by the client is not limited. In a scene emphasizing the usability of the user, selectable characteristic dimension reduction dimensions can be preset, even specific dimension reduction data are hidden, and only the dimension reduction strength is used for representing. For example: the dimension of the high-dimensional face feature with dimension dim =1024 is reduced to the medium-dimensional face feature with dimension dim =512 or the low-dimensional face feature with dimension dim =256, options of "high dimension", "medium dimension" and "low dimension" can be displayed on the client for the user to select, and an original dimension value and a specific dimension value after dimension reduction can also be displayed. The dimensionality reduction level is not limited to 3, and different level division standards can be selected according to application scenes, so that the level number meeting the requirement is generated. Alternatively, in a scenario where flexibility is emphasized, the dimension of the dimension reduction can be freely specified by the user, that is, the dimension reduction is specified by inputting a dimension reduction target value. For example, the client only presents the original dimension dim =1024 to the user, and the user may indicate the dimensionality value after dimensionality reduction by inputting a numerical value. In this case, the amount of data of the standard biometric library pre-stored in the biometric recognition platform or system is increased significantly, but the user enjoys a high degree of flexibility.

In a more specific embodiment, the biometric feature recognition method provided by the invention is applied to the field of face recognition, and the application process of the biometric feature recognition method can comprise the following three stages:

1. a face template registration stage:

fig. 5 exemplarily shows a flow performed in one embodiment of face template registration in the biometric feature recognition method according to the present invention;

as shown in fig. 5, in the face template registration stage, a local user starts a registration link at a client, and uploads a template face image. For template face images uploaded by a user, a face recognition system firstly calls a face recognition model to extract features and obtain original high-dimensional face feature vectors; then, a PCA algorithm is called to carry out face feature dimension reduction and obtain the face features of three different feature vectors, namely long, medium and short, which are also corresponding to three different dimensions, namely high, medium and low. Then, the face features of each dimension are respectively called SEAL algorithm to carry out encryption operation of high, medium and low different levels; and finally, storing the obtained face template libraries under the 9 different modes into a database of a server for later use.

2. A system mode setting stage:

FIG. 6 is a flow chart illustrating exemplary system mode settings performed in one embodiment of the biometric determination method of the present invention;

as shown in fig. 6, a user-side system configuration interface displays 3 selectable encryption levels of high, medium, and low, and 3 different feature dimensions of long, medium, and short for a user to flexibly select and regulate; the user sets reasonable security level and feature dimension according to the specific requirements of the 3 indexes of safety, precision and time consumption in the actual service scene, for example: low encryption level + medium feature dimension.

3. A face safety detection stage:

FIG. 7 is a flow chart illustrating the execution of face security detection in one embodiment of the biometric authentication method according to the present invention;

as shown in fig. 7, the process includes the following steps:

the user collects and inputs the face image to be detected through the user terminal,

the system calls a face quality model to detect whether the image is qualified or not, and if the image is not qualified, the system prompts a user to adjust the distance and the angle until the image quality is qualified; if the facial features are qualified, the step of extracting the facial features is carried out;

the system calls a face recognition model to extract face features of the qualified images;

the system calls a PCA algorithm to execute the dimensionality reduction level under the set mode on the original face feature;

the system calls the SEAL homomorphic algorithm to execute the encryption operation corresponding to the security level;

calling a face template library corresponding to the feature dimension and the safety level from a database according to the dimension reduction level and the safety level set by the user;

calculating the similarity ciphertext of the face features to be recognized and the face template library;

returning the identification result ciphertext to the user;

and the user uses the secret key for decryption to obtain a final plaintext identification result, so that the face identification safety detection is completed.

It should be noted that the above-mentioned embodiments are only specific examples of the present invention, and obviously, the present invention is not limited to the above-mentioned embodiments, and many similar variations exist. All modifications which would occur to one skilled in the art and which are, therefore, directly derived or suggested from the disclosure herein are deemed to be within the scope of the present invention.

Claims

1. A biometric identification method comprising:

acquiring a currently set encryption security level, and executing homomorphic encryption operation corresponding to the encryption security level on the target biological characteristic to obtain an encrypted biological characteristic;

2. The biometric method according to claim 1, wherein the pre-storing of the respective standard biometrics comprises:

for each biological feature dimension, performing dimension processing on the original biological feature extracted from the standard biological information according to the biological feature dimension to obtain an adjusted biological feature corresponding to the biological feature dimension;

3. The biometric method according to claim 1, after the acquiring the information to be identified, the method further comprising:

4. The biometric method as set forth in claim 1, further comprising:

presetting optional biological characteristic dimension and optional encryption security level, and determining the set biological characteristic dimension and the encryption security level according to the trigger signal.

5. The biometric method according to any one of claims 1 to 4, wherein the length of the feature vector in the target biometric is adjusted according to the biometric dimension.

6. The biometric method according to any one of claims 1 to 4, wherein the dimensional processing of the raw biometric features employs a PCA algorithm.

7. The biometric method according to any one of claims 1 to 4, wherein the cryptographic operation is a SEAL fully homomorphic cryptographic algorithm.

8. The biometric identification method according to any one of claims 1 to 4, wherein the standard biometric characteristic and the encrypted biometric characteristic are identified by comparing through calculating cosine similarity.

9. A biometric identification system comprising a biometric identification module, and a client processing module in data communication with the biometric identification module:

10. The biometric identification system of claim 9, the pre-stored standard biometric, comprising:

11. The biometric identification system according to claim 9, wherein the biometric identification module further performs quality detection on the information to be identified according to a quality detection model,

under the condition that the quality detection of the information to be identified is qualified, original biological features of the information to be identified are extracted;

and under the condition that the quality of the information to be identified is detected unqualified, sending a distance or angle adjustment prompt to the client module, and acquiring the information to be identified again through the client module.

12. The biometric identification system of claim 9, wherein the biometric identification module adjusts a feature vector length of the target biometric based on the biometric dimension.

13. The biometric identification system according to claim 9, wherein the biometric identification module compares and identifies the standard biometric characteristic and the encrypted biometric characteristic by calculating a cosine similarity.

14. The biometric system according to claim 9, wherein the biometric module is preset with an optional biometric dimension and an optional encryption security level, the client module displays the preset optional biometric dimension and the optional encryption security level, determines the set biometric dimension and the encryption security level according to the trigger signal, and feeds the set biometric dimension and the encryption security level back to the biometric module.

15. A biometric identification module for biometric identification, arranged to perform the steps of: receiving information to be identified, and extracting original biological characteristics of the information to be identified;

16. The biometric module of claim 15, further configured to perform the following steps to obtain the standard biometric:

17. The biometric module of claim 15, further configured to perform the steps of:

18. The biometric identification module of claim 15, adjusting a feature vector length in the target biometric according to the biometric dimension.

19. The biometric identification module according to claim 15 compares the standard biometric characteristic with the encrypted biometric characteristic by calculating cosine similarity.

20. The biometric module as in claim 15, further configured with a selectable biometric dimension and a selectable encryption security level, the set biometric dimension and encryption security level being determined from the trigger signal.

21. A client-side processing module for biometric identification, arranged to perform the steps of:

and receiving an identification result ciphertext, decrypting the identification result ciphertext through a preset secret key to obtain an identification result plaintext, wherein the information to be identified is subjected to dimension processing corresponding to the biological characteristic dimension, homomorphic encryption corresponding to the encryption security level is executed, and then the homomorphic encryption is compared with standard biological characteristics corresponding to the biological characteristic dimension and the encryption security level to obtain the identification result ciphertext.

22. The user-side processing module of claim 20, further configured to perform the following steps to obtain the biometric dimension and the encryption security level of the obtaining setting: