CN117034236A - Iris data privacy protection and identification method and electronic equipment - Google Patents

Iris data privacy protection and identification method and electronic equipment Download PDF

Info

Publication number
CN117034236A
CN117034236A CN202310962989.3A CN202310962989A CN117034236A CN 117034236 A CN117034236 A CN 117034236A CN 202310962989 A CN202310962989 A CN 202310962989A CN 117034236 A CN117034236 A CN 117034236A
Authority
CN
China
Prior art keywords
data
iris data
iris
decimal
inverse
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310962989.3A
Other languages
Chinese (zh)
Inventor
赵冬冬
程文韬
余啸
廖虎成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Research Institute Of Wuhan University Of Technology
Wuhan University of Technology WUT
Original Assignee
Chongqing Research Institute Of Wuhan University Of Technology
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Research Institute Of Wuhan University Of Technology, Wuhan University of Technology WUT filed Critical Chongqing Research Institute Of Wuhan University Of Technology
Priority to CN202310962989.3A priority Critical patent/CN117034236A/en
Publication of CN117034236A publication Critical patent/CN117034236A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/18Eye characteristics, e.g. of the iris
    • G06V40/197Matching; Classification

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Ophthalmology & Optometry (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The application provides an iris data privacy protection and identification method and electronic equipment, wherein the privacy protection method realizes the primary encryption processing of original iris data by replacing and rearranging the original iris data to obtain rearranged iris data so as to improve the complexity of the iris data; further, by partitioning the rearranged iris data, the combined characteristics of all the data blocks of the rearranged iris data can be obtained, and by inverting and merging all the data blocks, the combined characteristics of all the data blocks can be represented, and the magnitude of the iris data can be reduced; finally, by grouping the combined iris data, sorting the groups respectively, determining the sorting sequence as the encrypted data of the original iris data, and standardizing the characteristics of the iris data, the characteristics of the iris data can be effectively hidden, so that the standardization degree of the iris data is improved, the data characteristics are reduced, and the iris data is prevented from being decrypted.

Description

Iris data privacy protection and identification method and electronic equipment
Technical Field
The application relates to the technical field of privacy protection and safety, in particular to an iris data privacy protection and identification method and electronic equipment.
Background
With the rapid development of technologies such as the internet, mobile communication and the internet of things, people use various devices and applications to perform daily activities, and a large amount of data generated by these activities may contain personal privacy information of users. With the continuous development and maturation of biometric technologies, various modes of biometric technologies such as iris recognition, face recognition, fingerprint recognition, etc. have been applied in financial and civil scenarios. However, in the case where the flow of data is complicated, data leakage may occur, and the risk of personal information being maliciously utilized may increase. As one of the most commonly used biometric features, the industry and academia have conducted extensive research on how to effectively perform iris recognition and protect privacy of user information.
In recent years, many iris data protection methods have been proposed, and these methods are mainly classified into two types: revocable iris biometric technology and iris biometric encryption systems. However, in the technical field of revocable iris recognition, the existing technical method has a bloom filter-based scheme, a locally sensitive hash-based scheme, a feature self-adaptive random projection-based scheme and the like, and the method does not achieve good balance among irreversibility, revocability and unlink property, so that the iris data of a user cannot be completely prevented from being decrypted, and the iris data security of the user cannot be effectively ensured.
Therefore, in the prior art, the problem that the iris data is decrypted cannot be avoided in the process of protecting the safety of the iris data.
Disclosure of Invention
In view of the foregoing, it is necessary to provide an iris data privacy protection and identification method and an electronic device, so as to solve the problem that in the prior art, the iris data cannot be decrypted in the process of protecting the iris data.
In order to solve the above problems, the present application provides an iris data privacy protection method, comprising:
acquiring original iris data;
performing replacement rearrangement on the original iris data to obtain rearranged iris data;
partitioning the rearranged iris data to obtain a plurality of data blocks, and respectively performing inverse merging on the plurality of data blocks to obtain inverse merging iris data;
grouping the inverse merging iris data to obtain a plurality of data groups, respectively sequencing the plurality of data groups to obtain a sequencing sequence of the inverse merging iris data, and determining the sequencing sequence as the encrypted data of the original iris data.
Further, the method for performing permutation rearrangement on the original iris data to obtain rearranged iris data comprises the following steps:
acquiring a random substitution string, wherein the length of the random substitution string is the same as the length of the original iris data, and the numbers in the random substitution string are not repeated;
and based on the random substitution strings, carrying out substitution rearrangement on the original iris data to obtain rearranged iris data.
Further, the method includes the steps of partitioning the rearranged iris data to obtain a plurality of data blocks, and respectively performing inversion merging on the plurality of data blocks to obtain inversion merging iris data, wherein the method comprises the following steps:
setting a block bit width, and equally dividing rearranged iris data into a plurality of data blocks according to the block bit width;
converting binary data in a plurality of data blocks into decimal data to obtain a plurality of decimal iris data;
according to the block bit width, a decimal standard value is obtained based on a decimal standard value calculation formula;
and according to the decimal standard value, performing inverse merging on the plurality of decimal iris data to obtain inverse merging iris data.
Further, the decimal standard value calculation formula is:
S=2 b-1 -1
where S is a decimal standard value and b is a block bit width.
Further, according to the decimal standard value, performing inverse merging on the plurality of decimal iris data to obtain inverse merging iris data, including:
sequentially judging the sizes of a plurality of decimal iris data and decimal standard values respectively;
when the decimal iris data is larger than the decimal standard value, determining the inverse merging iris data corresponding to the decimal iris data based on an inverse formula;
and when the decimal iris data is not greater than the decimal standard value, determining the decimal iris data to be the corresponding inverse combined iris data.
Further, the inverse formula is:
r i =2 b -1-w i
wherein r is i To take the inverse merge iris data, w i Is decimal iris data.
Further, grouping the inverse merging iris data to obtain a plurality of data sets, and respectively ordering the plurality of data sets to obtain an ordering sequence of the inverse merging iris data, and determining the ordering sequence as the encrypted data of the original iris data, including:
setting a grouping width, and dividing the inverse merging iris data into a plurality of data groups according to the grouping width;
sorting the reverse merging iris data in the plurality of data sets according to the data value, so as to obtain a plurality of sorting sequences corresponding to the plurality of data sets;
the ordered sequence is determined as encrypted data of the original iris data.
In order to solve the above problems, the present application also provides an iris data recognition method, including:
acquiring database encryption data;
acquiring encrypted data to be authenticated of iris data to be authenticated based on an iris data encryption method, wherein the iris data encryption method is the steps in the iris data encryption method;
respectively calculating the Hamming distance between the encrypted data to be authenticated and the encrypted data of the database according to a Hamming distance calculation formula to obtain the distance to be authenticated;
setting a distance threshold;
and when the distance to be authenticated is not greater than the distance threshold, judging that the iris data to be authenticated is successfully authenticated.
Further, the Hamming distance calculation formula is:
wherein Dis (t) D) is Haiming distance, t i Encrypting data t for authentication The ith block, d i Encrypting the ith block in the data d of the database, wherein the value range of i is [1, 10 multiplied by m]M is the total amount of data blocks.
In order to solve the above-mentioned problems, the present application also provides an electronic device, including a processor and a memory, where the memory stores a computer program, and when the computer program is executed by the processor, the iris data encryption method as described above, or the iris data identification method as described above is implemented.
The beneficial effects of adopting the embodiment are as follows: the application provides an iris data encryption and identification method and electronic equipment, wherein the encryption method realizes the primary encryption processing of original iris data by replacing and rearranging the original iris data to obtain rearranged iris data so as to improve the complexity of the iris data; further, by partitioning the rearranged iris data, the combined characteristics of all the data blocks of the rearranged iris data can be obtained, and by inverting and merging all the data blocks, the combined characteristics of all the data blocks can be subjected to data representation so as to reduce the magnitude of the iris data; finally, by grouping the combined iris data, sorting the groups respectively, determining the sorting sequence as the encrypted data of the original iris data, and standardizing the characteristics of the iris data, the characteristics of the iris data can be effectively hidden, so that the standardization degree of the iris data is improved, the data characteristics are reduced, and the iris data is prevented from being decrypted.
Drawings
FIG. 1 is a flowchart illustrating an embodiment of an iris data encryption method according to the present application;
FIG. 2 is a flow chart of an embodiment of obtaining rearranged iris data according to the present application;
FIG. 3 is a flow chart of an embodiment of the application for obtaining the inverse merged iris data;
FIG. 4 is a flow chart of another embodiment of the application for obtaining the inverse merged iris data;
FIG. 5 is a flowchart of an embodiment of obtaining encrypted data of original iris data according to the present application;
FIG. 6 is a flow chart illustrating an embodiment of encrypting original iris data according to the present application;
FIG. 7 is a flowchart illustrating an embodiment of iris data recognition according to the present application;
fig. 8 is a block diagram of an embodiment of an electronic device according to the present application.
Detailed Description
The following detailed description of preferred embodiments of the application is made in connection with the accompanying drawings, which form a part hereof, and together with the description of the embodiments of the application, are used to explain the principles of the application and are not intended to limit the scope of the application.
With the rapid development of technologies such as the internet, mobile communication and the internet of things, people use various devices and applications to perform daily activities, and a large amount of data generated by these activities may contain personal privacy information of users. With the continuous development and maturation of biometric technologies, various modes of biometric technologies such as iris recognition, face recognition, fingerprint recognition, etc. have been applied in financial and civil scenarios. However, in the case where the flow of data is complicated, data leakage may occur, and the risk of personal information being maliciously utilized may increase. As one of the most commonly used biometric features, the industry and academia have conducted extensive research on how to effectively perform iris recognition and protect privacy of user information.
In recent years, many iris data protection methods have been proposed, and these methods are mainly classified into two types: revocable iris biometric technology and iris biometric encryption systems. However, in the technical field of revocable iris recognition, the existing technical method has a bloom filter-based scheme, a locally sensitive hash-based scheme, a feature self-adaptive random projection-based scheme and the like, and the method does not achieve good balance among irreversibility, revocability and unlink property, so that the iris data of a user cannot be completely prevented from being decrypted, and the iris data security of the user cannot be effectively ensured.
Therefore, in the prior art, the problem that the iris data is decrypted cannot be avoided in the process of protecting the safety of the iris data.
In order to solve the above problems, the present application provides an iris data encryption and identification method and an electronic device, which are described in detail below.
Fig. 1 is a flow chart of an embodiment of an iris data encryption method provided by the present application, and as shown in fig. 1, the iris data encryption method includes:
step S101: acquiring original iris data;
step S102: performing replacement rearrangement on the original iris data to obtain rearranged iris data;
step S103: partitioning the rearranged iris data to obtain a plurality of data blocks, and respectively performing inverse merging on the plurality of data blocks to obtain inverse merging iris data;
step S104: grouping the inverse merging iris data to obtain a plurality of data groups, respectively sequencing the plurality of data groups to obtain a sequencing sequence of the inverse merging iris data, and determining the sequencing sequence as the encrypted data of the original iris data.
In this embodiment, first, original iris data is obtained, and replacement rearrangement is performed on the original iris data to obtain rearranged iris data; then, the rearranged iris data are segmented, and the data blocks are combined in a reverse way to obtain combined iris data in a reverse way; and finally, grouping the reverse merging iris data, respectively sequencing each group to obtain a sequencing sequence of the reverse merging iris data, and determining the sequencing sequence as the encrypted data of the original iris data.
In the embodiment, the primary encryption processing of the original iris data is realized by carrying out replacement rearrangement on the original iris data to obtain rearranged iris data so as to improve the complexity of the iris data; further, by partitioning the rearranged iris data, the combined characteristics of all the data blocks of the rearranged iris data can be obtained, and by inverting and merging all the data blocks, the combined characteristics of all the data blocks can be represented in data, and the magnitude of the iris data is reduced; finally, by grouping the combined iris data, sorting the groups respectively, determining the sorting sequence as the encrypted data of the original iris data, and standardizing the characteristics of the iris data, the characteristics of the iris data can be effectively hidden, so that the standardization degree of the iris data is improved, the data characteristics are reduced, and the iris data is prevented from being decrypted.
As a preferred embodiment, in step S101, the original iris data is a string of binary strings of length n.
In a specific embodiment, the iris data in the data set CASIA-IrisV3-Interval is converted into a binary string with a string length of 10240 bits after preprocessing operations such as segmentation and feature extraction, so as to obtain original iris data with a length of 10240, namely, n takes a value of 10240.
As a preferred embodiment, in step S102, in order to obtain rearranged iris data, as shown in fig. 2, fig. 2 is a flow chart of an embodiment of obtaining rearranged iris data according to the present application, including:
step S121: acquiring a random permutation string;
step S122: based on the random substitution string, carrying out substitution rearrangement on the original iris data to obtain rearranged iris data;
wherein the length of the random permutation string is the same as the length of the original iris data, and the numbers in the random permutation string are not repeated.
In this embodiment, the random substitution string is obtained to obtain a random data string sequence with the same length as the original iris data, and then the random substitution string is used as the serial number of the original iris data to perform substitution rearrangement on the original iris data, so as to obtain rearranged iris data.
It should be noted that, the random substitution string includes a plurality of natural numbers with the same length value as the original iris data, so as to realize that for any single original iris data, there is a uniquely determined random substitution string value corresponding to the random substitution string value.
In a specific embodiment, in step S121, a random permutation string K having a length of n is generated by a rand () function, which may be expressed as k=k 1 ...K n
It should be noted that each value in K is different, and each value from 1 to n is included in K.
In one embodiment, in step S122, in order to perform a permutation rearrangement on the original iris data, when K 1 When=8, it means that the data at the first position in the original iris data x is to be exchanged with the data at the 8 th position; when K is 2 When=18, it means that the data at the second position in the original iris data x is exchanged with the data at the 18 th position, and so on, and will not be described herein.
Through the random replacement, we obtain the iris template after disorder rearrangementI.e. rearrangement of the iris data.
In other embodiments, the rearrangement operation may also be performed on the original iris data according to other random substitution methods, so as to implement the primary encryption of the original iris data.
In addition, it should be noted that, for the original iris data and the iris data to be authenticated in the same system, the random substitution string K is completely identical.
As a preferred embodiment, in step S103, in order to block the rearranged iris data and perform inverting combination on each data block to obtain inverting combined iris data, as shown in fig. 3, fig. 3 is a flow chart of an embodiment of obtaining inverting combined iris data according to the present application, which includes:
step S131: setting a block bit width, and equally dividing rearranged iris data into a plurality of data blocks according to the block bit width;
step S132: converting binary data in a plurality of data blocks into decimal data to obtain a plurality of decimal iris data;
step S133: according to the block bit width, a decimal standard value is obtained based on a decimal standard value calculation formula;
step S134: and according to the decimal standard value, performing inverse merging on the plurality of decimal iris data to obtain inverse merging iris data.
In this embodiment, first, a block bit width is set, and rearranged iris data is equally divided into a plurality of data blocks according to the block bit width; then, binary data in a plurality of data blocks are converted into decimal data, and a plurality of decimal iris data are obtained; then, according to the block bit width, a decimal standard value is obtained based on a decimal standard value calculation formula; and finally, according to the decimal standard value, carrying out inverse merging on the plurality of decimal iris data to obtain inverse merging iris data.
In this embodiment, by setting the block bit width, the rearranged iris data is equally divided into a plurality of data blocks, so that the combined characteristics of each data block of the rearranged iris data can be obtained, so as to hide specific local characteristics; by converting binary data in a plurality of data blocks into decimal data, the characteristics of each part can be represented more accurately so as to facilitate the subsequent data processing; a decimal standard value is obtained through a decimal standard value calculation formula, and comparison standard data combined in a reverse mode is obtained; and the decimal iris data are subjected to inverse merging to obtain inverse merging iris data, so that unified standardized processing of the decimal iris data is realized, and the efficiency of subsequent data processing is improved.
As a preferred embodiment, in step S131, the iris template is usedDivided into m blocks, denoted asEach block contains b bits.
In a specific embodiment, the specific value of m may be adjusted according to actual needs, and may take any positive integer greater than 1.
Specifically, m preferably has a value of 4.
As a preferred embodiment, in step S132, binary values in m blocks are converted into corresponding decimal values w, and expressed as w=w 1 ...w m
Wherein after conversion of the binary values to decimal values, each block has only uniquely determined decimal value data representing its characteristics.
In the embodiment, by converting the binary value into the decimal value, the data magnitude of the iris data is reduced substantially, the subsequent processing amount is reduced, and the data characteristics are hidden.
As a preferred embodiment, in step S133, the decimal standard value calculation formula is:
S=2 b-1 -1
where S is a decimal standard value and b is a block bit width.
As a preferred embodiment, in step S134, in order to perform inverse merging on the plurality of decimal iris data according to the decimal standard value, to obtain inverse merged iris data, as shown in fig. 4, fig. 4 is a schematic flow chart of another embodiment of obtaining inverse merged iris data according to the present application, where the method includes:
step S1341: sequentially judging the sizes of a plurality of decimal iris data and decimal standard values respectively;
step S1342: when the decimal iris data is larger than the decimal standard value, determining the inverse merging iris data corresponding to the decimal iris data based on an inverse formula;
step S1343: and when the decimal iris data is not greater than the decimal standard value, determining the decimal iris data to be the corresponding inverse combined iris data.
In the embodiment, first, the sizes of a plurality of decimal iris data and decimal standard values are respectively and sequentially judged to determine the data value size relation between the decimal iris data and the decimal standard values; then, when the decimal iris data is larger than the decimal standard value, determining the inverse merging iris data corresponding to the decimal iris data based on an inverse formula; and when the decimal iris data is not greater than the decimal standard value, determining the decimal iris data to be the corresponding inverse combined iris data.
In this embodiment, by setting the decimal standard value as the standard for performing data processing on the decimal iris data, the decimal iris data is revised by combining the inverse formula only when the decimal iris data is greater than the decimal standard value, so that further unification of the decimal iris data is realized, the variability of the iris data is reduced, and the difficulty of breaking, solving and merging the iris data is increased.
In step S1342, as a preferred embodiment, the inverse formula is:
r i =2 b -1-w i
wherein r is i To take the inverse merge iris data, w i Is decimal iris data.
In a specific embodiment, the decimal value w corresponding to each block i (i=1..m) and S, if w i Is larger than S, the inverting operation is carried out on the obtained product, and the inverted value is expressed as w by r i The method comprises the steps of carrying out a first treatment on the surface of the If w i S is less than or equal to, and w is maintained i The value is unchanged, i.e. r i =w i
In this embodiment, by performing the inverting merging operation on the iris data, the numerical value of the iris data is reduced, so as to reduce the difficulty of subsequent data processing, and further hide the characteristics of the iris data.
As a preferred embodiment, in step S104, in order to group the inverse merged iris data and sort the groups respectively, a sorted sequence of the inverse merged iris data is obtained, and the sorted sequence is determined to be the encrypted data of the original iris data, as shown in fig. 5, fig. 5 is a schematic flow chart of an embodiment of obtaining the encrypted data of the original iris data according to the present application, which includes:
step S141: setting a grouping width, and dividing the inverse merging iris data into a plurality of data groups according to the grouping width;
step S142: sorting the reverse merging iris data in the plurality of data sets according to the data value, so as to obtain a plurality of sorting sequences corresponding to the plurality of data sets;
step S143: the ordered sequence is determined as encrypted data of the original iris data.
In this embodiment, first, a grouping width is set, and the inverse merging iris data is divided into a plurality of data groups according to the grouping width; then, sorting the reverse merging iris data in the plurality of data sets according to the data value, so as to obtain a plurality of sorting sequences corresponding to the plurality of data sets; finally, the ordered sequence is determined to be the encrypted data of the original iris data.
In the embodiment, the grouping width is set, and the block grouping processing is performed on the reverse merging iris data again to obtain a plurality of data sets, so that the characteristics of the iris data are blocked, and specific local characteristics are hidden; the method has the advantages that the data value is used as a comparison standard, the reverse merging iris data in the data sets are respectively sequenced, a plurality of sequencing sequences corresponding to the data sets are obtained, the encrypted data with the sequencing sequences being the original iris data is finally determined, the indiscriminate processing of the data sets is realized, the specificity of the encrypted data is effectively reduced, the specific characteristics of the encrypted data are further hidden, and the decrypting risk is reduced.
As a preferred embodiment, in step S141, the inverse-combined iris data R is divided into g groups and denoted as r=r 1 ...R g
Wherein the packet width is set to d, i.e. each group contains d blocks, and satisfies:
m=g×d。
in one embodiment, d takes a value of 3.
As a preferred embodiment, in step S142, the sorting is performed in each group according to the decimal value size corresponding to each block, and the sorting value corresponding to the inverted combined iris data in each block is recorded.
It should be noted that, when there are a plurality of blocks having the same decimal value in a group, the ranking value of the blocks is determined according to the ranking value of the blocks in the group. Say the first packet R 1 Where the decimal value of {3,1,3} the final corresponding ranking value should be {1,0,2}.
In order to better represent the above data processing procedure, fig. 6 is a schematic flow chart of an embodiment of encrypting the original iris data according to the present application.
By the method, the encryption processing of the original iris data is realized. However, the above generated protected encrypted data is reduced in length compared with the original iris data, resulting in loss of part of iris characteristic information, and ten different random substitution strings K are used in order to amplify the length of the encrypted data template and thereby improve the accuracy in the recognition process 1 ...K 10 The same piece of original iris data is subjected to the encryption operation, so that 10 pieces of corresponding encrypted data templates t are obtained 1 ...t 10
Further, 10 encrypted data templates are spliced into a long iris string t, which is expressed as t=t 1 ||...||t 10 Resulting in a final resulting protected iris template t of length 10 x m.
In other embodiments, the number of random permutation strings K may also be adjusted as desired.
By the above method, when the attacker obtains the final protected iris template t, it is actually the ordering value of each block within the group. The process of recovering the corresponding decimal values from the sorted values of the individual blocks in the protected iris template is a many-to-one mapping process due to the intra-group local sorting process in the previously generated templates. When the sorting value of the block is determined, a plurality of choices are available for the decimal value corresponding to the block, so that the difficulty of recovery is increased, and the irreversibility is enhanced. After the decimal value corresponding to the block is obtained, the original block is subjected to the operation of inverting and merging in the previous process of generating the template, so that two possibilities exist in practice for the actual decimal value corresponding to the decimal value of each block in the protected iris template, and the original value is kept or the inverting operation is performed. Since the number of blocks contained in each string of iris strings is large, all the possibilities that exist are numerous, this step greatly enhances the randomness of the scheme, making it more difficult to recover the original iris template.
Based on the iris data encryption method, the iris data can be encrypted, so that the reliability of the iris data is improved, and decryption by other people is avoided; further, the application also provides an iris data recognition method to meet the need of encrypting and authenticating by using iris data by an internal person, as shown in fig. 7, fig. 7 is a flow chart of an embodiment of iris data recognition provided by the application, including:
step S201: acquiring database encryption data;
step S202: acquiring encrypted data to be authenticated of iris data to be authenticated based on an iris data encryption method;
step S203: respectively calculating the Hamming distance between the encrypted data to be authenticated and the encrypted data of the database according to a Hamming distance calculation formula to obtain the distance to be authenticated;
step S204: setting a distance threshold;
step S205: when the distance to be authenticated is not greater than the distance threshold, judging that the iris data to be authenticated is successfully authenticated;
the iris data encryption method is the steps in the iris data encryption method according to any one of the technical schemes.
In the embodiment, firstly, encryption processing is carried out on iris data to be authenticated based on an iris data encryption method for obtaining database encryption data to obtain the encrypted data to be authenticated; then, according to a Hamming distance calculation formula, respectively calculating the Hamming distance between the encrypted data to be authenticated and the encrypted data of the database to obtain the distance to be authenticated; and finally, by setting a distance threshold, only when the distance to be authenticated is not greater than the distance threshold, judging that the iris data to be authenticated is successfully authenticated.
In the embodiment, due to complexity and uncontrollable structure of decryption, on one hand, the iris data encryption method is used as a preliminary data processing method of iris data to be authenticated, so that the process of reversely decrypting the iris data to be authenticated is effectively avoided; on the other hand, the quantitative relation between the distance to be authenticated and the distance threshold is compared with the distance threshold as a reference, thereby determining whether the iris data to be authenticated is in the iris data in the database, that is, determining whether the person corresponding to the iris data to be authenticated is the iris data of the person already registered and existing in the database.
As a preferred embodiment, in step S202, the random permutation string K used in the process of acquiring the encrypted data to be authenticated is the same as the random permutation string K used in step S201 to generate the database encrypted data.
As a preferred embodiment, in step S203, the hamming distance calculation formula is:
wherein Dis (t) D) is Haiming distance, t i Encrypting data t for authentication The ith block, d i Encrypting the ith block in the data d of the database, wherein the value range of i is [1, 10 multiplied by m]M is the total amount of data blocks.
In a specific embodiment, a user submits his or her iris data x to a server Generating a protected iris template t on a server through a designed iris template generation scheme based on inversion combination and partial ordering . Computing t on a server Haiming from iris templates in iris template databaseDistance, and comparing it with threshold C, when less than or equal to threshold C, it indicates that the identification was successful. If t If the distance between the iris template database and all iris templates in the iris template database is larger than the threshold value C, the recognition is failed. Experimental results prove that the method can have good recognition effect on the premise of effectively protecting iris characteristic data of the user.
By the method, the original iris data is subjected to replacement rearrangement, so that the primary encryption processing of the original iris data is realized, rearranged iris data is obtained, and the complexity of the iris data is improved; further, by partitioning the rearranged iris data, the combined characteristics of all the data blocks of the rearranged iris data can be obtained, and by inverting and merging all the data blocks, the combined characteristics of all the data blocks can be represented, and the magnitude of the iris data can be reduced; finally, by grouping the combined iris data, sorting the groups respectively, determining the sorting sequence as the encrypted data of the original iris data, and standardizing the characteristics of the iris data, the characteristics of the iris data can be effectively hidden, so that the standardization degree of the iris data is improved, the data characteristics are reduced, and the iris data is prevented from being decrypted.
In a specific embodiment, the iris data recognition process is combined to specify the iris data processing process, firstly, a data set is preprocessed, the used data set is commonly used iris data CASIA-IrisV3-Interval, and a USIT system is used for dividing iris images in the data set; then, an iris feature extraction operation is performed on the iris image, and a series of iris templates with a length of 20×512=10240 are obtained. For the dataset images used in the experiment, 2639 Zhang Hongmo images from 249 individuals were shared, and only images from the left eye were used.
In order to verify the performance of the proposed privacy preserving iris recognition method, four indexes of Error acceptance Rate (False Acceptance Rate, FAR), error rejection Rate (False Rejection Rate, FRR), correct acceptance Rate (Genuine Acceptance Rate, GAR) and Equal Error Rate (EER) are introduced to quantify the recognition effect of the method.
When the matching threshold C is determined, FAR represents the percentage of the number of times iris data from different categories is identified as iris data from the same category to the total number of tests; FRR represents the percentage of the total number of tests that identify iris data from the same category as iris data from a different category; GAR represents the percentage of the number of times iris data is identified as the correct category to the total number of tests; EER is the FAR value or FRR value when far=frr by shifting the threshold C, a smaller EER value representing a better recognition performance of the system.
The calculation formulas of FAR, FRR and GAR are as follows:
the method is as follows: the method utilizes the relation between the inverse merging operation and the many-to-one mapping existing in the local ordering process, so that the selection in the process of recovering by an attacker is greatly increased, and the original iris template is very difficult to recover from the generated protected template; operating the same original iris template by using a plurality of random substitution strings K to generate a plurality of protected templates, and reducing the loss of iris characteristic information in the process of generating the templates by amplifying the length of the iris templates; iris data in the database can be well identified to realize data matching.
The application also correspondingly provides electronic equipment, as shown in fig. 8, and fig. 8 is a structural block diagram of an embodiment of the electronic equipment provided by the application. The electronic device 800 may be a computing device such as a mobile terminal, desktop computer, notebook, palm top computer, server, etc. The electronic device 800 comprises a processor 801 and a memory 802, wherein the memory 802 has stored thereon an iris data encryption program 803.
Memory 802 may be an internal storage unit of a computer device, such as a hard disk or memory of a computer device, in some embodiments. The memory 802 may also be an external storage device of the computer device, such as a plug-in hard disk provided on the computer device, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), etc. in other embodiments. Further, the memory 802 may also include both internal storage units and external storage devices of the computer device. The memory 802 is used to store application software installed on the computer device and various types of data, such as program code for installing the computer device. The memory 802 may also be used to temporarily store data that has been output or is to be output. In one embodiment, the iris data encryption program 803 may be executed by the processor 801 to implement the iris data encryption method of the embodiments of the present application.
The processor 801 may in some embodiments be a central processing unit (Central Processing Unit, CPU), microprocessor or other data processing chip for executing program code or processing data stored in the memory 802, such as for executing iris data encryption programs or the like.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The present application is not limited to the above-mentioned embodiments, and any changes or substitutions that can be easily understood by those skilled in the art within the technical scope of the present application are intended to be included in the scope of the present application.

Claims (10)

1. An iris data privacy protection method, comprising:
acquiring original iris data;
performing replacement rearrangement on the original iris data to obtain rearranged iris data;
partitioning the rearranged iris data to obtain a plurality of data blocks, and respectively performing inverse merging on the plurality of data blocks to obtain inverse merging iris data;
grouping the inverse merging iris data to obtain a plurality of data groups, respectively ordering the plurality of data groups to obtain an ordering sequence of the inverse merging iris data, and determining the ordering sequence as the encrypted data of the original iris data.
2. The method for protecting the privacy of iris data according to claim 1, wherein the performing permutation rearrangement on the original iris data to obtain rearranged iris data comprises:
acquiring a random substitution string, wherein the length of the random substitution string is the same as the length of the original iris data, and the numbers in the random substitution string are not repeated;
and based on the random substitution string, carrying out substitution rearrangement on the original iris data to obtain rearranged iris data.
3. The method of claim 1, wherein the partitioning the rearranged iris data to obtain a plurality of data blocks, and respectively performing inverse merging on the plurality of data blocks to obtain inverse merged iris data, includes:
setting a block bit width, and equally dividing the rearranged iris data into a plurality of data blocks according to the block bit width;
converting binary data in the plurality of data blocks into decimal data to obtain a plurality of decimal iris data;
according to the block bit width, a decimal standard value is obtained based on a decimal standard value calculation formula;
and according to the decimal standard value, performing inverse merging on the decimal iris data to obtain inverse merging iris data.
4. The method for protecting privacy of iris data according to claim 3, wherein the decimal standard value calculation formula is:
S=2 b-1 -1
wherein S is the decimal standard value and b is the block bit width.
5. The method of claim 4, wherein the performing inverse merging on the plurality of decimal iris data according to the decimal standard value to obtain inverse merged iris data comprises:
sequentially judging the sizes of the decimal iris data and the decimal standard value respectively;
when the decimal iris data is larger than the decimal standard value, determining the inverse combined iris data corresponding to the decimal iris data based on an inverse formula;
and when the decimal iris data is not larger than the decimal standard value, determining that the decimal iris data is the corresponding inverse combined iris data.
6. The method of claim 5, wherein the inverse formula is:
r i =2 b -1-w i
wherein r is i Combining iris data for the inversion, w i And (3) the decimal iris data.
7. The method of claim 1, wherein the grouping the inverse merging iris data to obtain a plurality of data sets, and sorting the plurality of data sets respectively to obtain a sorted sequence of the inverse merging iris data, and determining the sorted sequence as the encrypted data of the original iris data, comprises:
setting a grouping width, and dividing the inverse merging iris data into a plurality of data groups according to the grouping width;
sorting the inverse merging iris data in the plurality of data sets according to the data value, so as to obtain a plurality of sorting sequences corresponding to the plurality of data sets;
and determining the ordered sequence as the encrypted data of the original iris data.
8. An iris data recognition method, comprising:
acquiring database encryption data;
obtaining encrypted data to be authenticated of iris data to be authenticated based on an iris data encryption method, wherein the iris data encryption method is the steps in the iris data encryption method according to any one of the claims 1 to 7;
respectively calculating the Hamming distance between the encrypted data to be authenticated and the encrypted data of the database according to a Hamming distance calculation formula to obtain the distance to be authenticated;
setting a distance threshold;
and when the distance to be authenticated is not greater than the distance threshold, judging that the iris data to be authenticated is successfully authenticated.
9. The iris data recognition method of claim 8, wherein the hamming distance calculation formula is:
wherein Dis (t) D) is the Haiming distance, t i Encrypting data t for the to-be-authenticated The ith block, d i The value range of i is [1, 10×m ] for the ith block in the database encryption data d]M is the total amount of data blocks.
10. An electronic device comprising a processor and a memory, the memory having stored thereon a computer program which, when executed by the processor, implements the iris data privacy protection method of any of claims 1-7 or the iris data recognition method of any of claims 8-9.
CN202310962989.3A 2023-08-01 2023-08-01 Iris data privacy protection and identification method and electronic equipment Pending CN117034236A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310962989.3A CN117034236A (en) 2023-08-01 2023-08-01 Iris data privacy protection and identification method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310962989.3A CN117034236A (en) 2023-08-01 2023-08-01 Iris data privacy protection and identification method and electronic equipment

Publications (1)

Publication Number Publication Date
CN117034236A true CN117034236A (en) 2023-11-10

Family

ID=88638385

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310962989.3A Pending CN117034236A (en) 2023-08-01 2023-08-01 Iris data privacy protection and identification method and electronic equipment

Country Status (1)

Country Link
CN (1) CN117034236A (en)

Similar Documents

Publication Publication Date Title
US11615176B2 (en) Registration and verification of biometric modalities using encryption techniques in a deep neural network
US9876646B2 (en) User identification management system and method
US8352746B2 (en) Authorized anonymous authentication
US8417960B2 (en) Method for generating an encryption key using biometrics authentication and restoring the encryption key and personal authentication system
US7840034B2 (en) Method, system and program for authenticating a user by biometric information
US11227037B2 (en) Computer system, verification method of confidential information, and computer
KR102289419B1 (en) Method and apparatus for authentification of user using biometric
CN105471575A (en) Information encryption, decryption method and device
Zhao et al. Iris template protection based on local ranking
CN110223075B (en) Identity authentication method and device, computer equipment and storage medium
US20240223377A1 (en) Method and device for privacy protection biometric authentication, and electronic device
CN111475690B (en) Character string matching method and device, data detection method and server
CN114238874A (en) Digital signature verification method and device, computer equipment and storage medium
CN114386058A (en) Model file encryption and decryption method and device
US20150039899A1 (en) Method for encrypting a plurality of data in a secure set
WO2006093238A1 (en) Authentication assisting device, authentication main device, integrated circuit, and authenticating method
CN117034236A (en) Iris data privacy protection and identification method and electronic equipment
Panwar et al. Techniques for enhancing the security of fuzzy vault: a review
US20240273173A1 (en) Registration information generation apparatus, collation information generation apparatus, collation system, registration information generation method, collation information generation method, similarity calculation method, registration information generation program, and collation information generation program
JPWO2017209228A1 (en) Encrypted information verification device, encrypted information verification method, and encrypted information verification program
Zhu et al. A performance-optimization method for reusable fuzzy extractor based on block error distribution of iris trait
KR101228362B1 (en) A fingerprint identifying apparatus and method for registrating a fingerprint and identifying user for the same
Punithavathi et al. Random projection-based cancelable template generation for sparsely distributed biometric patterns
CN114254339B (en) Leakage tracking method and device for electronic file, chip and terminal
EP4262138A1 (en) Method for securing a biometric recognition of a user

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination