CN116680728B - Privacy-preserving biometric methods, systems, devices, and media - Google Patents
Privacy-preserving biometric methods, systems, devices, and media Download PDFInfo
- Publication number
- CN116680728B CN116680728B CN202310973719.2A CN202310973719A CN116680728B CN 116680728 B CN116680728 B CN 116680728B CN 202310973719 A CN202310973719 A CN 202310973719A CN 116680728 B CN116680728 B CN 116680728B
- Authority
- CN
- China
- Prior art keywords
- biological
- identified
- encrypted
- candidate
- biological information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 99
- 239000011159 matrix material Substances 0.000 claims description 118
- 238000012545 processing Methods 0.000 claims description 68
- 239000013598 vector Substances 0.000 claims description 64
- 238000009792 diffusion process Methods 0.000 claims description 54
- 238000000605 extraction Methods 0.000 claims description 37
- 230000009466 transformation Effects 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 16
- 230000002441 reversible effect Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000001174 ascending effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 241000411851 herbal medicine Species 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Collating Specific Patterns (AREA)
Abstract
The embodiment of the invention discloses a privacy protection biological identification method, a privacy protection biological identification system, privacy protection biological identification equipment and a privacy protection biological identification medium. Wherein the method comprises the following steps: the biological library owner side encrypts the candidate biological information in the biological library based on a target encryption algorithm to obtain encrypted candidate biological information, and sends the encrypted candidate biological information to the identification service providing side; the user side encrypts the biological information to be identified provided by the user based on a target encryption algorithm to obtain encrypted biological information to be identified, and sends the encrypted biological information to be identified to the identification service providing side; the identification service providing side determines the biological identification result of the biological information to be identified according to the similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information. According to the technical scheme, the biological recognition result is determined based on information encryption and encryption information comparison, so that the user privacy can be protected and the accuracy of biological recognition can be ensured.
Description
Technical Field
The present invention relates to the field of information processing technologies, and in particular, to a privacy protection biometric method, system, device, and medium.
Background
With the development and wide application of the biometric technology, people pay more attention to the privacy and safety of biometric information from the process of unlocking a mobile phone by face to the process of scanning by a monitoring camera in various outdoor places. During collection and storage, without the owner's permission, the user's biometric information may be collected and misused by unauthorized parties, resulting in leakage or compromise of user privacy.
Taking face recognition as an example, in the related art, a PPFR method based on image processing is adopted to solve the problem of privacy disclosure. The term "Privacy-preserving face recognition" as PPFR (Privacy-Preserving Face Recognition) means that face recognition processing can be performed without revealing the identity or characteristics of a face photograph. The method replaces the original face in the video clip with the de-identified face or the deformed face, thereby ensuring the privacy of the user without changing the behavior and the action of the user.
However, the above method can well protect the visual safety of the face, but cannot avoid the leakage of the face information. For example, the attacker can still acquire the face information of the deformed face through an advanced recognition algorithm. In addition, the accuracy of face recognition may be degraded after image processing, compared to the original face recognition method without privacy protection.
Disclosure of Invention
The invention provides a privacy protection biological identification method, a privacy protection biological identification system, privacy protection biological identification equipment and a privacy protection biological identification medium, which are used for determining a biological identification result based on information encryption and information comparison after the encryption, protecting the privacy of a user from leakage or damage and ensuring the accuracy of biological identification.
According to an aspect of the present invention, there is provided a privacy preserving biometric method, the method comprising:
the method comprises the steps that a biological library owner side encrypts candidate biological information in a biological library based on a target encryption algorithm to obtain encrypted candidate biological information, and the encrypted candidate biological information is sent to an identification service providing side;
the user side encrypts the biological information to be identified provided by the user based on a target encryption algorithm to obtain encrypted biological information to be identified, and sends the encrypted biological information to be identified to the identification service providing side;
the identification service providing side determines the biological identification result of the biological information to be identified according to the similarity identification result of the biological information to be identified and the encrypted candidate biological information.
According to another aspect of the present invention, there is provided a privacy preserving biometric system comprising:
the biological library owner side is used for carrying out encryption processing on the candidate biological information in the biological library based on a target encryption algorithm to obtain encrypted candidate biological information, and sending the encrypted candidate biological information to the identification service providing side;
The user side is used for carrying out encryption processing on the biological information to be identified provided by the user based on a target encryption algorithm to obtain encrypted biological information to be identified, and sending the encrypted biological information to be identified to the identification service providing side;
and the identification service providing side is used for determining the biological identification result of the biological information to be identified according to the similarity identification result of the biological information to be identified and the encrypted candidate biological information.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the privacy preserving biometric methods of any of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to execute the privacy preserving biometric method according to any embodiment of the present invention.
According to the technical scheme, the biological library owner side encrypts candidate biological information in the biological library based on a target encryption algorithm to obtain encrypted candidate biological information, and sends the encrypted candidate biological information to the identification service providing side; the user side encrypts the biological information to be identified provided by the user based on a target encryption algorithm to obtain encrypted biological information to be identified, and sends the encrypted biological information to be identified to the identification service providing side; the identification service providing side determines the biological identification result of the biological information to be identified according to the similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information. According to the technical scheme, the biological recognition result is determined based on information encryption and information comparison after encryption, so that the privacy of a user can be protected from being revealed or damaged, and meanwhile, the accuracy of biological recognition is ensured.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a privacy preserving biometric method according to a first embodiment of the present invention;
fig. 2 is a flowchart of a privacy preserving biometric method according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a privacy preserving biometric system according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device implementing a privacy preserving biometric method according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," "target," and the like in the description and claims of the present invention and in the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a flowchart of a privacy-preserving biometric method according to a first embodiment of the present invention, where the method may be performed by a privacy-preserving biometric system, and the privacy-preserving biometric system may be implemented in hardware and/or software, and the privacy-preserving biometric system may be configured in an electronic device with data processing capability. As shown in fig. 1, the method includes:
s110, the biological library owner side encrypts the candidate biological information in the biological library based on the target encryption algorithm to obtain encrypted candidate biological information, and sends the encrypted candidate biological information to the identification service providing side.
The technical scheme of the embodiment can be suitable for application scenarios that the biological identification task is outsourced to the identification service providing side for processing the large-scale biological identification task more efficiently because the biological identification technology is limited or the biological identification efficiency is low and the like because a large amount of biological information of the user side is acquired and stored by the biological library owner side. For example, hospitals outsource biometric tasks of patients to third party services (e.g., alicloud). The identification service providing side needs to carry out biological identification on the biological information of the user, and carry out identity authentication on the user based on the biological identification result, and the user can normally provide service after the authentication is passed. In the process of performing the biometric identification through the identification service providing side, if the original user biometric information is directly transmitted to the identification service providing side, there may be a problem that the user privacy is revealed or damaged, resulting in poor security. Accordingly, in order to improve the biometric security, to protect the user privacy from disclosure or damage, it is necessary to perform corresponding processing on the original user biometric information so that the identification service providing side performs biometric identification based on the processed user biometric information.
Where the bio-pool owner side may refer to the owner side of the bio-pool. The bio-library has pre-stored therein bio-information of a plurality of users, which may be used to uniquely characterize the user identity. Specifically, the biological information may be biological image (or video) information, or biological feature information obtained by extracting features from biological image (or video) information. By way of example, the biometric information may be fingerprint information, iris information, face information, or the like. The candidate biometric information may refer to any biometric information in the biometric library, such as registered biometric information submitted by the candidate user in advance on the side of the biometric library owner.
The target encryption algorithm may refer to an algorithm capable of encrypting the biological information. Exemplary target encryption algorithms include permutation transforms, diffusion transforms, and shift transforms. Wherein the purpose of the permutation transform is to scramble the plaintext structure. The purpose of the diffusion transformation is to interact with the vector elements, meaning that a change in one element in a plaintext feature will cause a change in the other multiple features. The purpose of the shift transformation is to add a constant term to the diffusion characteristics. The permutation transformation and the diffusion transformation belong to homogeneous linear transformation, and the shift transformation belongs to non-homogeneous linear transformation, so that the security of biological information encryption can be further improved through the non-homogeneous linear transformation. The encrypted candidate biometric information may refer to information obtained by encrypting the candidate biometric information in the biometric library based on the target encryption algorithm. The identification service providing side may refer to a party capable of providing the biometric service.
In this embodiment, first, the candidate biometric information in the biometric library is encrypted by the biometric library owner side based on the target encryption algorithm to obtain encrypted candidate biometric information, and the encrypted candidate biometric information is sent to the identification service providing side. When the candidate biological information is the candidate biological characteristic information, encrypting each biological characteristic information in the biological library directly based on the target encryption algorithm; when the candidate biometric information is candidate biometric image (or video) information, it is necessary to extract candidate biometric information from the candidate biometric image (or video) information first, and then encrypt the extracted candidate biometric information.
In this embodiment, optionally, the method includes that the bio-library owner side encrypts the candidate bio-information in the bio-library based on the target encryption algorithm to obtain encrypted candidate bio-information, and sends the encrypted candidate bio-information to the identification service providing side, including: the biological library owner side generates a random key and sends the random key to the user side; the biological library owner side performs feature extraction on the candidate biological information based on a feature extraction model to obtain candidate biological features; the biological library owner side encrypts the candidate biological characteristics according to the random key and the target encryption algorithm to obtain encrypted candidate biological characteristics, and sends the encrypted candidate biological characteristics to the identification service providing side.
The feature extraction model may refer to an algorithm model capable of implementing feature extraction. For example, the feature extraction model may be MobileFaceNet, resNet-18 or ResNet-50. Specifically, mobileFaceNet, resNet-18 and ResNet-50 are three models of different sizes and accuracy, with network model sizes of 4.21M, 96.22M, 174.68M, respectively. The use of larger models tends to mean higher accuracy but also consumes more memory and time. For example, resNet-50 has the best accuracy but is also the largest model. MobileFaceNet is a lightweight model and ResNet-18 is a balanced model. Different feature extraction models do not affect the encryption process of information, and particularly, the model size and the accuracy can be balanced according to actual application scenes. The candidate biological feature may refer to information obtained after feature extraction of the candidate biological information based on a feature extraction model. The encrypted candidate biometric may refer to information obtained by encrypting the candidate biometric according to a random key and a target encryption algorithm.
Taking face recognition as an example, assume that N users' face image information is stored in a biological library, respectively I 1 、I 2 、...、I N . When the N pieces of face image information are encrypted by the biological library owner side, a random number character string is firstly generated as a random key, and the random key is sent to the user side. Then from I by a feature extraction model on the basis of the biological library owner side 1 、I 2 、...、I N Extracting characteristic omega from the Chinese herbal medicine 1 、Ω 2 、...、Ω N (i.e., candidate biological features). Then according to the random key and target encryption algorithm to omega 1 、Ω 2 、...、Ω N Encryption processing is carried out to obtain omega 1c 、Ω 2c 、...、Ω Nc (i.e., encrypt the candidate biometric) and will Ω 1c 、Ω 2c 、...、Ω Nc And transmitting the data to the identification service providing side.
According to the scheme, through the arrangement, the candidate biological characteristics obtained after the characteristic extraction are encrypted based on the random key and the target encryption algorithm, and the encrypted candidate biological characteristics obtained after the encryption processing are sent to the identification service providing side, so that the safety of the candidate biological information is improved, and the candidate biological information can be prevented from being leaked.
In this embodiment, optionally, the target encryption algorithm includes a permutation transform, a diffusion transform, and a shift transform; correspondingly, the candidate biological characteristics are encrypted according to the random key and the target encryption algorithm, and the method comprises the following steps: based on a target encryption algorithm, respectively generating a permutation matrix, a diffusion matrix and a shift interference item according to the random key; and performing matrix multiplication encryption processing of the replacement matrix and the diffusion matrix on the candidate biological characteristics and addition encryption processing of the shift interference item.
Illustratively, assuming a permutation matrix of P, a diffusion matrix of R,the shift interference term is s and the candidate biometric is x. When the candidate biological characteristics are encrypted according to the random key and the target encryption algorithm, firstly, according to a preset substitution formulaMatrix multiplication encryption processing of the replacement matrix is carried out on the candidate biological characteristics to obtain replacement characteristics x p . Then ∈10 by a preset diffusion formula>Change of characteristic x p Performing matrix multiplication encryption processing of a diffusion matrix to obtain diffusion characteristics x r . Then go through the preset shift formula->For diffusion characteristics x r Adding encryption processing of shift interference item to obtain shift characteristic x c . Thus, the encryption processing of the candidate biometric can be realized.
It should be noted that, in order to reduce the computation consumption, as long as the random key remains unchanged, the permutation matrix, the diffusion matrix and the shift interference term generated according to the random key may be saved and reused in the feature encryption process.
By means of the arrangement, the safety of the candidate biological information can be further improved through matrix multiplication encryption processing of the replacement matrix and the diffusion matrix and addition encryption processing of the shift interference item, and the candidate biological information can be prevented from being leaked.
In this embodiment, optionally, based on the target encryption algorithm, the permutation matrices are generated according to the random keys, respectively, including: generating a first random vector according to a random key based on a first pseudo-random number generator in a target encryption algorithm; wherein the dimension of the first random vector is determined according to the dimension of the candidate biological feature; sorting the values in the first random vector to obtain a second random vector; generating a third random vector according to the index position of the numerical value in the first random vector in the second random vector; and generating a permutation matrix according to the numerical information in the third random vector.
In this embodiment, when generating the permutation matrices from the random keys, the random keys are first input as parameters to the first pseudo-random number generator to generate the first random vector. Wherein the dimension of the first random vector is the same as the dimension of the candidate biometric. And then, the numerical values in the first random vector are sorted in ascending order or descending order to obtain a second random vector. And further recording the index position of each element in the first random vector in the second random vector to generate a third random vector. Finally, a permutation matrix may be generated from the numerical information in the third random vector. Illustratively, if the number of rows j of the permutation matrix is equal to the kth element in the third random vector, the element of the jth row and kth column of the permutation matrix may be determined to be 1, otherwise it is determined to be 0.
In this embodiment, optionally, the permutation matrix is generated according to the numerical information in the third random vector based on the following formula;
;
wherein P represents a permutation matrix, P [ j, k ]]Representing elements located in the jth row and kth column of the permutation matrix, v p Representing a third random vector, v p [k]Representing the kth element in the third random vector.
For example, assuming that the candidate biometric is an m×1 feature vector, when generating the permutation matrix, a random key is first input as a parameter to the first pseudo-random number generator g 1 A random vector v (i.e., a first random vector) of dimension mx 1 is generated. Then the numerical values in the random vector v are sorted in ascending order or descending order to obtain a second random vector v s . Further, for each element in the first random vector v, it is recorded in the second random vector v s Form a new vector v p (i.e., a third random vector). Finally through the formulaA permutation matrix P is generated. Wherein the dimension of the permutation matrixThe degree is m×m, and only one element of each row of the permutation matrix is 1, and the remaining elements are 0.
By the arrangement, the replacement matrix can be quickly generated based on the pseudo-random number generator.
In this embodiment, optionally, based on the target encryption algorithm, the generating the diffusion matrix according to the random key includes: based on a second pseudo-random number generator in the target encryption algorithm, generating a preset number of n-order square matrixes according to the random key; the size of the preset quantity and n is determined according to the dimension of the candidate biological characteristics, and the n-order square matrix is a reversible matrix; respectively converting a preset number of n-order square matrixes into corresponding orthogonal matrixes based on an orthogonalization algorithm; and generating a diffusion matrix according to a preset number of orthogonal matrixes according to the quasi-diagonal matrix form.
For example, assuming that the candidate biometric is an m×1 feature vector, when generating the diffusion matrix, a random key is first input as a parameter to the second pseudo-random number generator g 2 In the method, a preset number of n-order square matrixes are generated, namely q reversible matrixes A with dimension of d multiplied by d are generated 1 、A 2 、...、A q . Where n=d, the preset number is q, and d×q=m is satisfied. A is then applied based on an orthogonalization algorithm (e.g., schmidt orthogonalization) 1 、A 2 、...、A q Respectively converted into corresponding quadrature matrix Q 1 、Q 2 、...、Q q . Then according to the form of quasi-diagonal matrix, Q 1 、Q 2 、...、Q q The arrangement is performed so as to generate a diffusion matrix R, specifically denoted as:. Wherein Q is 1 、Q 2 、...、Q q Is an orthogonal matrix with the same dimension d x d.
By such arrangement, the diffusion matrix can be rapidly generated based on the pseudo-random number generator.
In this embodiment, optionally, based on the target encryption algorithm, the shift interference terms are generated according to the random key respectively, including: based on a third pseudo-random number generator in the target encryption algorithm, generating a shift interference item according to the random key; wherein the dimension of the shifted interference term is determined from the dimension of the candidate biometric.
Illustratively, assuming that the candidate biometric is an m 1 feature vector, a random key is input as a parameter to the third pseudo-random number generator g 3 A random vector s with dimension of m×1 is generated, and the generated random vector s is used as a shift interference term.
The types of the first pseudo-random number generator, the second pseudo-random number generator and the third pseudo-random number generator may be the same or different, and may be specifically set according to practical requirements, but it is required to ensure that the same pseudo-random number generator is adopted on the biological library owner side and the user side when generating a permutation matrix, a diffusion matrix or a shift interference term according to a random key.
By the arrangement, the shift interference item can be quickly generated based on the pseudo random number generator.
S120, the user side encrypts the biological information to be identified provided by the user based on the target encryption algorithm to obtain encrypted biological information to be identified, and sends the encrypted biological information to be identified to the identification service providing side.
The biometric information to be identified may be user biometric information waiting to be identified. The encryption of the biological information to be identified may refer to information obtained by performing encryption processing on the biological information to be identified provided by the user based on a target encryption algorithm.
In this embodiment, the user side encrypts the to-be-identified biological information provided by the user based on the target encryption algorithm to obtain encrypted to-be-identified biological information, and sends the encrypted to-be-identified biological information to the identification service providing side. When the biological information to be identified is the biological characteristic information, the biological information to be identified provided by the user can be directly encrypted based on a target encryption algorithm; when the biological information to be identified is the biological image (or video) information to be identified obtained after the characteristic extraction of the biological information to be identified, the biological characteristic information to be identified needs to be extracted from the biological image (or video) information to be identified, and then the extracted biological characteristic information to be identified is encrypted. It should be noted that the candidate biometric information and the biometric information to be identified need to be encrypted by the same encryption algorithm (i.e., the target encryption algorithm).
In this embodiment, optionally, the user side encrypts the to-be-identified biological information provided by the user based on the target encryption algorithm to obtain encrypted to-be-identified biological information, and sends the encrypted to-be-identified biological information to the identification service providing side, including: the user side performs feature extraction on the biological information to be identified based on the feature extraction model to obtain the biological feature to be identified; the user side encrypts the biological characteristics to be identified according to the random key and the target encryption algorithm to obtain encrypted biological characteristics to be identified, and sends the encrypted biological characteristics to be identified to the identification service providing side.
The to-be-identified biological feature may refer to information obtained after feature extraction of the to-be-identified biological information based on a feature extraction model. Encrypting the biometric feature to be identified may refer to information obtained after the biometric feature to be identified is encrypted according to a random key and a target encryption algorithm.
Illustratively, taking face recognition as an example, assume that the biometric information to be recognized provided by the user is face image information. On the user side, face image informationWhen encryption processing is performed, first, a feature extraction model is used to extract a feature from a documentExtracting features from(i.e., the biometric feature to be identified). Then based on the random key and target encryption algorithm pair sent by the biological library owner side Encryption processing is carried out to obtain(i.e. encrypt the biometric to be identified) and willAnd transmitting the data to the identification service providing side. The candidate biological information and the biological information to be identified are subjected to feature extraction by adopting the same feature extraction model, wherein the feature extraction model can be sent to the user side by the biological library owner side or can be pre-agreed by the biological library owner side and the user side. Of course, in order to reduce the data transmission pressure, it is preferable to preliminarily define which feature extraction model is specifically used by the biological library owner side and the user side.
According to the scheme, through the arrangement, the to-be-identified biological characteristics obtained after the characteristic extraction are encrypted based on the random key and the target encryption algorithm, and the encrypted to-be-identified biological characteristics obtained after the encryption processing are sent to the identification service providing side, so that the safety of the to-be-identified biological information is improved, and the to-be-identified biological information can be prevented from being leaked.
In this embodiment, optionally, the target encryption algorithm includes a permutation transform, a diffusion transform, and a shift transform; correspondingly, the method for encrypting the biological characteristics to be identified according to the random key and the target encryption algorithm comprises the following steps: based on a target encryption algorithm, respectively generating a permutation matrix, a diffusion matrix and a shift interference item according to the random key; and performing matrix multiplication encryption processing of a replacement matrix and a diffusion matrix on the biological characteristics to be identified and addition encryption processing of a shift interference item.
The implementation manner of the above-mentioned scheme may refer to detailed explanation of the encryption processing of the candidate biometric according to the random key and the target encryption algorithm, which is not described herein. It should be noted that, since the dimensions of the candidate biometric feature and the dimension of the biometric feature to be identified are the same, the dimensions of the first random vector and the shift interference term, and the preset number and the size of n may also be determined according to the dimensions of the biometric feature to be identified.
By means of the arrangement, matrix multiplication encryption processing of the replacement matrix and the diffusion matrix and addition encryption processing of the shift interference item are carried out on the biological characteristics to be identified, so that the safety of the biological information to be identified can be further improved, and the biological information to be identified can be prevented from being leaked.
It should be noted that the target encryption algorithm is executed in the bio-library owner side and the user side to generate the encryption feature to be transmitted to the identification service providing side. Since these encrypted features are to be outsourced to the identification service provider side for biometric identification, in order to protect the user privacy, the solution needs to ensure that the identification service provider side cannot recover the plaintext features from these encrypted features. Thus, the security of the target encryption algorithm is now demonstrated as follows:
The feature extraction model is assumed to extract an original feature vector x having a dimension of mx 1 from the biological information. Meanwhile, assuming that the permutation matrix is P, the diffusion matrix is R, the shift interference term is s, and the encryption characteristic is x c Wherein, the method comprises the steps of, wherein,. Is provided withThere is->Where H and s vary from random key to random key. The process of x times H can be seen as linearly combining x m times. That is to say +>The elements of (a) may be obtained by linear combinations of elements in the feature vector x. Thus, x c Can be expressed as follows: />. The formula shows that the information of the original feature x cannot be extracted from the encrypted feature x when R, P and s are unknown c Is deduced from the above. Thus, the security of the target encryption algorithm can be ensured.
S130, the identification service providing side determines the biological identification result of the biological information to be identified based on the similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information.
In this embodiment, after receiving the encrypted candidate biometric information sent by the owner side of the biometric database and the encrypted biometric information to be identified sent by the user side, the identification service provider side may determine the biometric result of the biometric information to be identified according to the similarity identification result of the encrypted biometric information to be identified and the encrypted candidate biometric information.
In this embodiment, optionally, the permutation matrix and the diffusion matrix are orthogonal matrices; accordingly, the identification service providing side determines the biological identification result of the biological information to be identified according to the similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information, and comprises the following steps: the identification service providing side takes the L2 norm between the encrypted biological feature to be identified and the encrypted candidate biological feature as a similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information; and taking the encrypted candidate biological information corresponding to the minimum L2 norm value in the similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information as the biological identification result of the biological information to be identified.
Illustratively, assume that the identification service providing side receives the encrypted candidate biometric information as Ω from the biometric library owner side 1c 、Ω 2c 、...、Ω Nc Receiving the encrypted biological information to be identified from the user side as. In determining the biological recognition result of the biological information to be recognized by the recognition service providing side, first of all +.>And omega 1c 、Ω 2c 、...、Ω Nc The L2 norms between the two are used for obtaining N Euclidean distances D 1 、D 2 、...、D N (i.e., similarity recognition results). Then D is carried out 1 、D 2 、...、D N The encrypted candidate biological information corresponding to the minimum value of the to-be-identified biological information is used as a biological identification result of the to-be-identified biological information.
The Euclidean distance D between the pair of encrypted information i The Euclidean distance comparison of the corresponding plaintext information is equal to the judgment of the corresponding plaintext information, and the proving process is as follows:
according to the target encryption algorithm in the example, it is possible to obtain:,/>. Thus, # ic The distance between and c can be calculated as: />. Since R and P are both orthogonal matrices, the orthogonal matrices have the characteristic of norm invariance, i.e.>. Where S and T represent orthogonal matrices and ω represents a vector. That is, multiplying a vector by an orthogonal matrix does not affect its L2 norm. Thus, two vectors ω can be inferred 1 And omega 2 The Euclidean distance between them can be expressed as +.>. Thus, +.>. This means that the euclidean distance between the encrypted information is equal to the distance between the corresponding plain texts. That is, encryption does not affect the calculation of euclidean distance even if the plaintext is hidden. Meanwhile, the encryption process does not depend on the feature extraction model, so that different feature extraction models can be selected to meet actual requirements, and the technical scheme of the invention has good expandability.
Through such setting, this scheme can protect user's privacy to avoid revealing or the accuracy of biological identification on the basis of damaging.
According to the technical scheme, the biological library owner side encrypts candidate biological information in the biological library based on a target encryption algorithm to obtain encrypted candidate biological information, and sends the encrypted candidate biological information to the identification service providing side; the user side encrypts the biological information to be identified provided by the user based on a target encryption algorithm to obtain encrypted biological information to be identified, and sends the encrypted biological information to be identified to the identification service providing side; the identification service providing side determines the biological identification result of the biological information to be identified according to the similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information. According to the technical scheme, the biological recognition result is determined based on information encryption and information comparison after encryption, so that the privacy of a user can be protected from being revealed or damaged, and meanwhile, the accuracy of biological recognition is ensured.
Example two
Fig. 2 is a flowchart of a privacy preserving biometric method according to a second embodiment of the present invention, which is optimized based on the above embodiment.
As shown in fig. 2, the method of this embodiment specifically includes the following steps:
s210, the biological library owner side generates a random key and sends the random key to the user side.
And S220, extracting the characteristics of the candidate biological information based on the characteristic extraction model by the side of the biological library owner to obtain candidate biological characteristics.
S230, the biological library owner side generates a replacement matrix, a diffusion matrix and a shift interference item according to the random key based on the target encryption algorithm.
The target encryption algorithm comprises permutation transformation, diffusion transformation and shift transformation, and the permutation matrix and the diffusion matrix are orthogonal matrices.
S240, the biological library owner side performs matrix multiplication encryption processing of a replacement matrix and a diffusion matrix on the candidate biological features and addition encryption processing of a shift interference item to obtain encrypted candidate biological features, and sends the encrypted candidate biological features to the identification service providing side.
S250, the user side performs feature extraction on the biological information to be identified based on the feature extraction model to obtain the biological feature to be identified.
S260, the user side generates a permutation matrix, a diffusion matrix and a shift interference item according to the random key based on the target encryption algorithm.
Wherein the permutation matrix and the diffusion matrix are orthogonal matrices.
S270, the user side performs matrix multiplication encryption processing of a replacement matrix and a diffusion matrix on the biological features to be identified and addition encryption processing of shift interference items to obtain encrypted biological features to be identified, and sends the encrypted biological features to be identified to the identification service providing side.
S280, the identification service providing side uses the L2 norm between the encrypted biometric to be identified and the encrypted candidate biometric as a similarity identification result of the encrypted biometric to be identified and the encrypted candidate biometric.
S290, the identification service providing side uses the encrypted candidate biometric information corresponding to the L2 norm minimum value in the similarity identification result of the encrypted biometric information to be identified and the encrypted candidate biometric information as the biometric identification result of the biometric information to be identified.
According to the technical scheme, based on a target encryption algorithm, candidate biological characteristics obtained after characteristic extraction are encrypted through a biological library owner side, biological characteristics to be identified obtained after characteristic extraction are encrypted through a user side, and a biological identification result of biological information to be identified is determined according to L2 norms between the encrypted biological characteristics to be identified and the encrypted candidate biological characteristics obtained after encryption through an identification service providing side. According to the technical scheme, the biological recognition result is determined based on information encryption and information comparison after encryption, so that the privacy of a user can be protected from being revealed or damaged, and meanwhile, the accuracy of biological recognition is ensured.
Example III
Fig. 3 is a schematic structural diagram of a privacy preserving biometric identification system according to a third embodiment of the present invention, where the privacy preserving biometric identification system may execute the privacy preserving biometric identification method according to any embodiment of the present invention, and has functional modules and beneficial effects corresponding to the execution method. As shown in fig. 3, the system includes:
A bio-library owner side 310, configured to encrypt candidate bio-information in a bio-library based on a target encryption algorithm to obtain encrypted candidate bio-information, and send the encrypted candidate bio-information to an identification service providing side;
the user side 320 is configured to encrypt the to-be-identified biological information provided by the user based on a target encryption algorithm to obtain encrypted to-be-identified biological information, and send the encrypted to-be-identified biological information to the identification service providing side;
the identification service providing side 330 is configured to determine a biological identification result of the biological information to be identified according to a similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information.
Optionally, the bio-pool owner side 310 includes:
a random key generating unit, configured to generate a random key and send the random key to the user side;
the candidate biological feature determining unit is used for carrying out feature extraction on the candidate biological information based on a feature extraction model to obtain candidate biological features;
the first encryption processing unit is used for carrying out encryption processing on the candidate biological characteristics according to the random key and the target encryption algorithm to obtain encrypted candidate biological characteristics, and sending the encrypted candidate biological characteristics to an identification service providing side;
The user side 320 includes:
the to-be-identified biological feature determining unit is used for extracting the characteristics of the to-be-identified biological information based on the characteristic extracting model to obtain to-be-identified biological features;
and the second encryption processing unit is used for carrying out encryption processing on the biological characteristics to be identified according to the random key and the target encryption algorithm to obtain encrypted biological characteristics to be identified, and sending the encrypted biological characteristics to be identified to the identification service providing side.
Optionally, the target encryption algorithm includes a permutation transform, a diffusion transform, and a shift transform;
correspondingly, the first encryption processing unit comprises:
a first encryption parameter generation subunit, configured to generate a permutation matrix, a diffusion matrix, and a shift interference term according to the random key based on the target encryption algorithm;
a first encryption processing subunit, configured to perform matrix multiplication encryption processing of the permutation matrix and the diffusion matrix on the candidate biometric feature and addition encryption processing of the shift interference term;
correspondingly, the second encryption processing unit comprises:
a second encryption parameter generation subunit, configured to generate a permutation matrix, a diffusion matrix, and a shift interference term according to the random key based on the target encryption algorithm;
And the second encryption processing subunit is used for performing matrix multiplication encryption processing of the permutation matrix and the diffusion matrix and addition encryption processing of the shift interference item on the biological feature to be identified.
Optionally, the first encryption parameter generation subunit and the second encryption parameter generation subunit are configured to:
generating a first random vector according to the random key based on a first pseudo-random number generator in the target encryption algorithm; wherein the dimension of the first random vector is determined according to the dimension of the candidate biological feature or the biological feature to be identified;
sorting the values in the first random vector to obtain a second random vector;
generating a third random vector according to the index position of the numerical value in the first random vector in the second random vector;
and generating the permutation matrix according to the numerical information in the third random vector.
Optionally, the first encryption parameter generation subunit and the second encryption parameter generation subunit are further configured to:
generating a preset number of n-order square matrixes according to the random key based on a second pseudo-random number generator in the target encryption algorithm; the size of the preset number and the size of n are determined according to the dimension of the candidate biological characteristics or the biological characteristics to be identified, and the n-order square matrix is a reversible matrix;
Respectively converting the preset number of n-order square matrixes into corresponding orthogonal matrixes based on an orthogonalization algorithm;
and generating the diffusion matrix according to a preset number of orthogonal matrices in the form of a quasi-diagonal matrix.
Optionally, the first encryption parameter generation subunit and the second encryption parameter generation subunit are further configured to:
generating a shift interference item according to the random key based on a third pseudo-random number generator in the target encryption algorithm; wherein the dimension of the shifted interference term is determined according to the dimension of the candidate biometric or the biometric to be identified.
Optionally, the permutation matrix and the diffusion matrix are orthogonal matrices;
accordingly, the identification service providing side 330 is specifically configured to:
taking the L2 norm between the encrypted biological feature to be identified and the encrypted candidate biological feature as a similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information;
and taking the encrypted candidate biological information corresponding to the minimum L2 norm value in the similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information as the biological identification result of the biological information to be identified.
The privacy-preserving biological recognition system provided by the embodiment of the invention can execute the privacy-preserving biological recognition method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example IV
Fig. 4 shows a schematic diagram of the structure of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as the privacy preserving biometric method.
In some embodiments, the privacy preserving biometric methods may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as the storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the privacy preserving biometric methods described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the privacy preserving biometric method in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems-on-chips (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (6)
1. A privacy preserving biometric method, the method comprising:
the method comprises the steps that a biological library owner side encrypts candidate biological information in a biological library based on a random key and a target encryption algorithm to obtain encrypted candidate biological information, and the encrypted candidate biological information is sent to an identification service providing side; wherein the random key is generated by a biological library owner side and is sent to a user side;
The user side encrypts the biological information to be identified provided by the user based on the random key and the target encryption algorithm to obtain encrypted biological information to be identified, and sends the encrypted biological information to be identified to the identification service providing side;
the identification service providing side determines the biological identification result of the biological information to be identified according to the similarity identification result of the biological information to be identified and the encrypted candidate biological information;
the method for encrypting the candidate biological information in the biological library by the biological library owner side based on the random key and the target encryption algorithm to obtain the encrypted candidate biological information, and sending the encrypted candidate biological information to the identification service providing side comprises the following steps:
the biological library owner side generates a random key and sends the random key to the user side;
the biological library owner side performs feature extraction on the candidate biological information based on a feature extraction model to obtain candidate biological features;
the biological library owner side encrypts the candidate biological characteristics according to the random key and the target encryption algorithm to obtain encrypted candidate biological characteristics, and sends the encrypted candidate biological characteristics to an identification service providing side;
Correspondingly, the user side encrypts the to-be-identified biological information provided by the user based on the random key and the target encryption algorithm to obtain encrypted to-be-identified biological information, and sends the encrypted to-be-identified biological information to the identification service providing side, which comprises the following steps:
the user side performs feature extraction on the biological information to be identified based on the feature extraction model to obtain biological features to be identified;
the user encrypts the biological characteristics to be identified according to the random key and the target encryption algorithm to obtain encrypted biological characteristics to be identified, and sends the encrypted biological characteristics to be identified to an identification service providing side;
wherein the target encryption algorithm comprises permutation transformation, diffusion transformation and shift transformation;
correspondingly, the candidate biological characteristics are encrypted according to the random key and the target encryption algorithm, and the method comprises the following steps:
based on the target encryption algorithm, respectively generating a permutation matrix, a diffusion matrix and a shift interference item according to the random key;
performing matrix multiplication encryption processing of the replacement matrix and the diffusion matrix on the candidate biological characteristics and adding encryption processing of the shift interference item;
Correspondingly, the encryption processing of the biological feature to be identified is carried out according to the random key and the target encryption algorithm, and the method comprises the following steps:
based on the target encryption algorithm, respectively generating a permutation matrix, a diffusion matrix and a shift interference item according to the random key;
performing matrix multiplication encryption processing of the replacement matrix and the diffusion matrix on the biological characteristics to be identified and addition encryption processing of the shift interference item;
wherein generating a permutation matrix from the random key based on the target encryption algorithm comprises:
generating a first random vector according to the random key based on a first pseudo-random number generator in the target encryption algorithm; wherein the dimension of the first random vector is determined according to the dimension of the candidate biological feature or the biological feature to be identified;
sorting the values in the first random vector to obtain a second random vector;
generating a third random vector according to the index position of the numerical value in the first random vector in the second random vector;
generating the permutation matrix according to the numerical information in the third random vector;
generating a diffusion matrix from the random key based on the target encryption algorithm, comprising:
Generating a preset number of n-order square matrixes according to the random key based on a second pseudo-random number generator in the target encryption algorithm; the size of the preset number and the size of n are determined according to the dimension of the candidate biological characteristics or the biological characteristics to be identified, and the n-order square matrix is a reversible matrix;
respectively converting the preset number of n-order square matrixes into corresponding orthogonal matrixes based on an orthogonalization algorithm;
and generating the diffusion matrix according to a preset number of orthogonal matrices in the form of a quasi-diagonal matrix.
2. The method of claim 1, wherein generating a shifted interference term from the random key based on the target encryption algorithm comprises:
generating a shift interference item according to the random key based on a third pseudo-random number generator in the target encryption algorithm; wherein the dimension of the shifted interference term is determined according to the dimension of the candidate biometric or the biometric to be identified.
3. The method of claim 1, wherein the permutation matrix and the diffusion matrix are orthogonal matrices;
accordingly, the identification service providing side determines the biological identification result of the biological information to be identified according to the similarity identification result of the biological information to be identified and the encryption candidate biological information, and the identification service providing side comprises the following steps:
The identification service providing side takes the L2 norm between the encrypted biological feature to be identified and the encrypted candidate biological feature as a similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information;
and taking the encrypted candidate biological information corresponding to the minimum L2 norm value in the similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information as the biological identification result of the biological information to be identified.
4. A privacy preserving biometric identification system, the system comprising:
the biological library owner side is used for carrying out encryption processing on the candidate biological information in the biological library based on the random key and the target encryption algorithm to obtain encrypted candidate biological information, and sending the encrypted candidate biological information to the identification service providing side; wherein the random key is generated by a biological library owner side and is sent to a user side;
the user side is used for carrying out encryption processing on the biological information to be identified provided by the user based on the random key and the target encryption algorithm to obtain encrypted biological information to be identified, and sending the encrypted biological information to be identified to the identification service providing side;
An identification service providing side for determining a biological identification result of the biological information to be identified according to a similarity identification result of the encrypted biological information to be identified and the encrypted candidate biological information;
wherein the bio-pool owner side comprises:
a random key generating unit, configured to generate a random key and send the random key to the user side;
the candidate biological feature determining unit is used for carrying out feature extraction on the candidate biological information based on a feature extraction model to obtain candidate biological features;
the first encryption processing unit is used for carrying out encryption processing on the candidate biological characteristics according to the random key and the target encryption algorithm to obtain encrypted candidate biological characteristics, and sending the encrypted candidate biological characteristics to an identification service providing side;
correspondingly, the user side comprises:
the to-be-identified biological feature determining unit is used for extracting the characteristics of the to-be-identified biological information based on the characteristic extracting model to obtain to-be-identified biological features;
the second encryption processing unit is used for carrying out encryption processing on the biological characteristics to be identified according to the random key and the target encryption algorithm to obtain encrypted biological characteristics to be identified, and sending the encrypted biological characteristics to be identified to an identification service providing side;
Wherein the target encryption algorithm comprises permutation transformation, diffusion transformation and shift transformation;
correspondingly, the first encryption processing unit comprises:
a first encryption parameter generation subunit, configured to generate a permutation matrix, a diffusion matrix, and a shift interference term according to the random key based on the target encryption algorithm;
a first encryption processing subunit, configured to perform matrix multiplication encryption processing of the permutation matrix and the diffusion matrix on the candidate biometric feature and addition encryption processing of the shift interference term;
correspondingly, the second encryption processing unit comprises:
a second encryption parameter generation subunit, configured to generate a permutation matrix, a diffusion matrix, and a shift interference term according to the random key based on the target encryption algorithm;
a second encryption processing subunit, configured to perform matrix multiplication encryption processing on the permutation matrix and the diffusion matrix and addition encryption processing on the shift interference term on the biological feature to be identified;
wherein the first encryption parameter generation subunit and the second encryption parameter generation subunit are configured to:
generating a first random vector according to the random key based on a first pseudo-random number generator in the target encryption algorithm; wherein the dimension of the first random vector is determined according to the dimension of the candidate biological feature or the biological feature to be identified;
Sorting the values in the first random vector to obtain a second random vector;
generating a third random vector according to the index position of the numerical value in the first random vector in the second random vector;
generating the permutation matrix according to the numerical information in the third random vector;
the first encryption parameter generation subunit and the second encryption parameter generation subunit are further configured to:
generating a preset number of n-order square matrixes according to the random key based on a second pseudo-random number generator in the target encryption algorithm; the size of the preset number and the size of n are determined according to the dimension of the candidate biological characteristics or the biological characteristics to be identified, and the n-order square matrix is a reversible matrix;
respectively converting the preset number of n-order square matrixes into corresponding orthogonal matrixes based on an orthogonalization algorithm;
and generating the diffusion matrix according to a preset number of orthogonal matrices in the form of a quasi-diagonal matrix.
5. An electronic device, the electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the privacy preserving biometric method of any of claims 1-3.
6. A computer readable storage medium storing computer instructions for causing a processor to perform the privacy preserving biometric method of any of claims 1-3 when executed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310973719.2A CN116680728B (en) | 2023-08-04 | 2023-08-04 | Privacy-preserving biometric methods, systems, devices, and media |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310973719.2A CN116680728B (en) | 2023-08-04 | 2023-08-04 | Privacy-preserving biometric methods, systems, devices, and media |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116680728A CN116680728A (en) | 2023-09-01 |
CN116680728B true CN116680728B (en) | 2023-11-24 |
Family
ID=87782322
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310973719.2A Active CN116680728B (en) | 2023-08-04 | 2023-08-04 | Privacy-preserving biometric methods, systems, devices, and media |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116680728B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101207488A (en) * | 2006-12-21 | 2008-06-25 | 冲电气工业株式会社 | Biometric authentication system and method thereof and user identification information product |
WO2015059845A1 (en) * | 2013-10-24 | 2015-04-30 | 日本電気株式会社 | Encryption process circuit, decryption process circuit and methods therefor |
CN107888370A (en) * | 2017-10-23 | 2018-04-06 | 北京邮电大学 | Image encryption method and device |
CN110119608A (en) * | 2014-03-27 | 2019-08-13 | 阿里巴巴集团控股有限公司 | A kind of biological information processing method, biological information store method and device |
CN110417539A (en) * | 2019-08-02 | 2019-11-05 | 齐齐哈尔大学 | A kind of color image encrypting method of dynamic chaos and matrix convolution operation |
CN110912674A (en) * | 2019-11-29 | 2020-03-24 | 珠海大横琴科技发展有限公司 | Image encryption method and device, electronic equipment and readable storage medium |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040120518A1 (en) * | 2002-12-20 | 2004-06-24 | Macy William W. | Matrix multiplication for cryptographic processing |
KR100826873B1 (en) * | 2006-09-07 | 2008-05-06 | 한국전자통신연구원 | Method and Apparatus for Biometrics |
JP5564434B2 (en) * | 2008-01-11 | 2014-07-30 | オランジュ | Methods and entities for probabilistic symmetric encryption |
-
2023
- 2023-08-04 CN CN202310973719.2A patent/CN116680728B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101207488A (en) * | 2006-12-21 | 2008-06-25 | 冲电气工业株式会社 | Biometric authentication system and method thereof and user identification information product |
WO2015059845A1 (en) * | 2013-10-24 | 2015-04-30 | 日本電気株式会社 | Encryption process circuit, decryption process circuit and methods therefor |
CN110119608A (en) * | 2014-03-27 | 2019-08-13 | 阿里巴巴集团控股有限公司 | A kind of biological information processing method, biological information store method and device |
CN107888370A (en) * | 2017-10-23 | 2018-04-06 | 北京邮电大学 | Image encryption method and device |
CN110417539A (en) * | 2019-08-02 | 2019-11-05 | 齐齐哈尔大学 | A kind of color image encrypting method of dynamic chaos and matrix convolution operation |
CN110912674A (en) * | 2019-11-29 | 2020-03-24 | 珠海大横琴科技发展有限公司 | Image encryption method and device, electronic equipment and readable storage medium |
Non-Patent Citations (2)
Title |
---|
An image encryption method based on random number matrix iterations;Jialiang Luo 等;《2022 15th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI)》;第1-4页 * |
基于GPGPU计算的数字图像加密技术研究;温万里;《中国优秀硕士学位论文全文数据库 信息科技辑》(第8期);第I136-190页 * |
Also Published As
Publication number | Publication date |
---|---|
CN116680728A (en) | 2023-09-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Kakkad et al. | Biometric authentication and image encryption for image security in cloud framework | |
Joseph et al. | Retracted article: a multimodal biometric authentication scheme based on feature fusion for improving security in cloud environment | |
Zheng et al. | Privacy-preserving image denoising from external cloud databases | |
US11055399B2 (en) | Data recovery through reversal of hash values using probabilistic data structures | |
Zhu et al. | A novel iris and chaos-based random number generator | |
CN111914264A (en) | Index creation method and device, and data verification method and device | |
CN103455744A (en) | Vein identification technology-based data security protection method and system | |
Tyagi et al. | Federated learning: Applications, Security hazards and Defense measures | |
Kuvonchbek | Method Authentication of Objects Information Communication | |
Ara et al. | An efficient privacy-preserving user authentication scheme using image processing and blockchain technologies | |
US20200145200A1 (en) | Attribute-based key management system | |
Verma et al. | A novel model to enhance the data security in cloud environment | |
CN116781425B (en) | Service data acquisition method, device, equipment and storage medium | |
CN116680728B (en) | Privacy-preserving biometric methods, systems, devices, and media | |
Chithra et al. | Pristine PixCaptcha as graphical password for secure eBanking using Gaussian elimination and cleaves algorithm | |
Jin et al. | Efficient blind face recognition in the cloud | |
Catak et al. | A privacy-preserving fully homomorphic encryption and parallel computation based biometric data matching | |
Maheshwari et al. | Multimodal biometrics security system for authentication | |
Roy et al. | A Novel Authentication Method for Password Encryption | |
Vachaspati et al. | A novel soft computing authentication scheme for textual and graphical passwords | |
CN115935429B (en) | Data processing method, device, medium and electronic equipment | |
CN118690412B (en) | Data access method, device, electronic equipment and computer readable medium | |
Ma et al. | Double encryption algorithm for massive personal biometric authentication images based on chaotic mapping for future smart cities | |
CN114329518B (en) | Encryption and decryption method and device for account number of software cryptographic module | |
CN118133249A (en) | Image encryption method, device, equipment and medium based on two-dimensional chaotic mapping |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |