CN117034236A - Iris data privacy protection and identification method and electronic equipment - Google Patents
Iris data privacy protection and identification method and electronic equipment Download PDFInfo
- Publication number
- CN117034236A CN117034236A CN202310962989.3A CN202310962989A CN117034236A CN 117034236 A CN117034236 A CN 117034236A CN 202310962989 A CN202310962989 A CN 202310962989A CN 117034236 A CN117034236 A CN 117034236A
- Authority
- CN
- China
- Prior art keywords
- data
- iris data
- iris
- decimal
- inverse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000000638 solvent extraction Methods 0.000 claims abstract 3
- 238000004364 calculation method Methods 0.000 claims description 16
- 230000008707 rearrangement Effects 0.000 claims description 9
- 238000006467 substitution reaction Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 abstract description 16
- 238000005516 engineering process Methods 0.000 description 11
- 230000000694 effects Effects 0.000 description 5
- 230000000903 blocking effect Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 4
- 230000018109 developmental process Effects 0.000 description 4
- 230000002441 reversible effect Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 230000003044 adaptive effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000002427 irreversible effect Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 238000003672 processing method Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/18—Eye characteristics, e.g. of the iris
- G06V40/197—Matching; Classification
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Ophthalmology & Optometry (AREA)
- Human Computer Interaction (AREA)
- Multimedia (AREA)
- Collating Specific Patterns (AREA)
Abstract
Description
技术领域Technical field
本发明涉及隐私保护与安全技术领域,具体涉及一种虹膜数据隐私保护、识别方法及电子设备。The invention relates to the technical field of privacy protection and security, and specifically relates to an iris data privacy protection, identification method and electronic device.
背景技术Background technique
随着互联网、移动通讯和物联网等技术的快速发展,人们使用各种设备和应用程序进行日常活动,这些活动产生的大量数据都可能包含用户个人隐私信息。随着生物识别技术的不断发展和成熟,各种模式的生物识别技术,如虹膜识别、人脸识别、指纹识别等,已经在金融和民生场景中得到应用。然而,在数据流向复杂的情况下,可能会出现数据泄露,个人信息被恶意利用的风险会增加。作为最常用的生物识别特征之一,工业界和学术界对如何有效地进行虹膜识别并保护用户信息的隐私进行了广泛的研究。With the rapid development of technologies such as the Internet, mobile communications and the Internet of Things, people use various devices and applications to carry out daily activities, and the large amounts of data generated by these activities may contain users' personal privacy information. With the continuous development and maturity of biometric technology, various modes of biometric technology, such as iris recognition, face recognition, fingerprint recognition, etc., have been applied in financial and people's livelihood scenarios. However, when data flows are complex, data leaks may occur and the risk of personal information being used maliciously increases. As one of the most commonly used biometric features, industry and academia have conducted extensive research on how to effectively perform iris recognition and protect the privacy of user information.
近些年来,许多虹膜数据保护方法被提出,这些方法主要分为两类:可撤销的虹膜生物识别技术和虹膜生物识别加密系统。然而,在可撤销的虹膜识别技术领域,现有的技术方法有基于布隆过滤器的方案,基于局部敏感哈希的方案以及基于特征自适应随机投影等方案,由于上述方法在不可逆性、可撤销性和不可链接性之间没有达到很好的平衡,无法完全避免用户的虹膜数据被解密,从而导致无法有效保证用户的虹膜数据安全。In recent years, many iris data protection methods have been proposed, which are mainly divided into two categories: revocable iris biometric technology and iris biometric encryption system. However, in the field of revocable iris recognition technology, existing technical methods include solutions based on Bloom filters, solutions based on local sensitive hashing, and solutions based on feature adaptive random projection. Since the above methods are irreversible and reversible, There is no good balance between revocability and unlinkability, and it is impossible to completely prevent the user's iris data from being decrypted, resulting in the inability to effectively guarantee the security of the user's iris data.
因此,现有技术中保护虹膜数据安全的过程中,存在无法避免虹膜数据被解密的问题。Therefore, in the process of protecting the security of iris data in the prior art, there is a problem that the iris data cannot be avoided from being decrypted.
发明内容Contents of the invention
有鉴于此,有必要提供一种虹膜数据隐私保护、识别方法及电子设备,用以解决现有技术中保护虹膜数据安全的过程中,存在的无法避免虹膜数据被解密的问题。In view of this, it is necessary to provide an iris data privacy protection, identification method and electronic device to solve the problem of unavoidable decryption of iris data in the process of protecting iris data security in the existing technology.
为了解决上述问题,本发明提供一种虹膜数据隐私保护方法,包括:In order to solve the above problems, the present invention provides an iris data privacy protection method, including:
获取原始虹膜数据;Get raw iris data;
对原始虹膜数据进行置换重排,得到重排虹膜数据;Perform replacement and rearrangement of the original iris data to obtain rearranged iris data;
对重排虹膜数据进行分块,得到多个数据块,并分别对多个数据块进行取反合并,得到取反合并虹膜数据;Divide the rearranged iris data into blocks to obtain multiple data blocks, and perform inversion and merging of the multiple data blocks respectively to obtain the inversion and merged iris data;
对取反合并虹膜数据进行分组,得到多个数据组,并分别对多个数据组进行排序,得到取反合并虹膜数据的排序序列,并确定排序序列为原始虹膜数据的加密数据。Group the reversed and merged iris data to obtain multiple data groups, and sort the multiple data groups respectively to obtain a sorting sequence of the reversed and merged iris data, and determine that the sorting sequence is the encrypted data of the original iris data.
进一步地,对原始虹膜数据进行置换重排,得到重排虹膜数据,包括:Further, the original iris data is replaced and rearranged to obtain rearranged iris data, including:
获取随机置换串,其中,随机置换串的长度与原始虹膜数据的长度相同,且随机置换串中的数字不重复;Obtain a random permutation string, where the length of the random permutation string is the same as the length of the original iris data, and the numbers in the random permutation string do not repeat;
基于随机置换串,对原始虹膜数据进行置换重排,得到重排虹膜数据。Based on the random permutation string, the original iris data is permuted and rearranged to obtain the rearranged iris data.
进一步地,对重排虹膜数据进行分块,得到多个数据块,并分别对多个数据块进行取反合并,得到取反合并虹膜数据,包括:Further, the rearranged iris data is divided into blocks to obtain multiple data blocks, and the multiple data blocks are inverted and merged respectively to obtain the inverted and merged iris data, including:
设置分块比特宽度,并根据分块比特宽度将重排虹膜数据等分为多个数据块;Set the blocking bit width, and divide the rearranged iris data into multiple data blocks according to the blocking bit width;
将多个数据块中的二进制数据转化为十进制数据,得到多个十进制虹膜数据;Convert binary data in multiple data blocks into decimal data to obtain multiple decimal iris data;
根据分块比特宽度,基于十进制标准值计算公式,得到十进制标准值;According to the block bit width and based on the decimal standard value calculation formula, the decimal standard value is obtained;
根据十进制标准值,对多个十进制虹膜数据进行取反合并,得到取反合并虹膜数据。According to the standard decimal value, multiple decimal iris data are inverted and merged to obtain the inverted and merged iris data.
进一步地,十进制标准值计算公式为:Furthermore, the decimal standard value calculation formula is:
S=2b-1-1S=2 b-1 -1
其中,S为十进制标准值,b为分块比特宽度。Among them, S is the decimal standard value, and b is the block bit width.
进一步地,根据十进制标准值,对多个十进制虹膜数据进行取反合并,得到取反合并虹膜数据,包括:Further, according to the decimal standard value, multiple decimal iris data are inverted and merged to obtain inverted and merged iris data, including:
分别依次判断多个十进制虹膜数据与十进制标准值的大小;Judge the size of multiple decimal iris data and decimal standard values in sequence;
当十进制虹膜数据大于十进制标准值时,基于取反公式,确定十进制虹膜数据对应的取反合并虹膜数据;When the decimal iris data is greater than the decimal standard value, based on the inversion formula, determine the inverted combined iris data corresponding to the decimal iris data;
当十进制虹膜数据不大于十进制标准值时,确定十进制虹膜数据即为其对应的取反合并虹膜数据。When the decimal iris data is not greater than the decimal standard value, it is determined that the decimal iris data is its corresponding inverted merged iris data.
进一步地,取反公式为:Furthermore, the inverse formula is:
ri=2b-1-wi r i =2 b -1-w i
其中,ri为取反合并虹膜数据,wi为十进制虹膜数据。Among them, r i is the inverted merged iris data, and w i is the decimal iris data.
进一步地,对取反合并虹膜数据进行分组,得到多个数据组,并分别对多个数据组进行排序,得到取反合并虹膜数据的排序序列,并确定排序序列为原始虹膜数据的加密数据,包括:Further, group the reversed and merged iris data to obtain multiple data groups, and sort the multiple data groups respectively to obtain a sorting sequence of the reversed and merged iris data, and determine that the sorting sequence is the encrypted data of the original iris data, include:
设置分组宽度,并根据分组宽度将取反合并虹膜数据划分为多个数据组;Set the grouping width and divide the inverted merged iris data into multiple data groups according to the grouping width;
按照数据值大小,分别对多个数据组中的取反合并虹膜数据进行排序,得到多个数据组对应的多个排序序列;Sort the inverted and merged iris data in multiple data groups according to the size of the data values, and obtain multiple sorting sequences corresponding to the multiple data groups;
确定排序序列为原始虹膜数据的加密数据。The sorted sequence is determined to be the encrypted data of the original iris data.
为了解决上述问题,本发明还提供一种虹膜数据识别方法,包括:In order to solve the above problems, the present invention also provides an iris data recognition method, including:
获取数据库加密数据;Get database encrypted data;
基于虹膜数据加密方法获取待认证虹膜数据的待认证加密数据,其中,虹膜数据加密方法为上文所述的虹膜数据加密方法中的步骤;Obtain the encrypted data of the iris data to be authenticated based on the iris data encryption method, where the iris data encryption method is the steps in the iris data encryption method described above;
根据海明距离计算公式,分别计算待认证加密数据与数据库加密数据的海明距离,得到待认证距离;According to the Hamming distance calculation formula, calculate the Hamming distance of the encrypted data to be authenticated and the encrypted data of the database respectively to obtain the distance to be authenticated;
设置距离阈值;Set distance threshold;
当待认证距离不大于距离阈值时,判定待认证虹膜数据认证成功。When the distance to be authenticated is not greater than the distance threshold, it is determined that the iris data to be authenticated is successfully authenticated.
进一步地,海明距离计算公式为:Furthermore, the calculation formula of Hamming distance is:
其中,Dis(t′,d)为海明距离,ti ′为待认证加密数据t′中的第i块,di为数据库加密数据d中的第i块,i的取值范围为[1,10×m],m为数据块总量。Among them, Dis(t ′ , d) is the Hamming distance, t i ′ is the i-th block in the encrypted data t ′ to be authenticated, d i is the i-th block in the database encrypted data d, and the value range of i is [ 1, 10×m], m is the total amount of data blocks.
为了解决上述问题,本发明还提供一种电子设备,包括处理器以及存储器,存储器上存储有计算机程序,计算机程序被处理器执行时,实现如上文所述的虹膜数据加密方法,或,如上文所述的虹膜数据识别方法。In order to solve the above problems, the present invention also provides an electronic device, including a processor and a memory. A computer program is stored on the memory. When the computer program is executed by the processor, the iris data encryption method as described above is implemented, or, as above The iris data recognition method.
采用上述实施例的有益效果是:本发明提供一种虹膜数据加密、识别方法及电子设备,该加密方法通过对原始虹膜数据进行置换重排,实现对原始虹膜数据的初步加密处理,得到重排虹膜数据,以提高虹膜数据的复杂度;进一步地,通过对重排虹膜数据进行分块,能够获取到重排虹膜数据各数据块的组合特征,并通过对各数据块进行取反合并,能够将各数据块的组合特征进行数据表示,以降低虹膜数据的量级;最后,通过对取反合并虹膜数据进行分组,并分别对各组进行排序,并确定排序序列为原始虹膜数据的加密数据,标准化处理虹膜数据的特征,能够有效隐藏虹膜数据的特征,以提高虹膜数据的标准化程度,减少数据特性,从而避免虹膜数据被解密。The beneficial effects of adopting the above embodiments are: the present invention provides an iris data encryption and identification method and electronic equipment. The encryption method realizes preliminary encryption processing of the original iris data by replacing and rearranging the original iris data, and obtains rearrangement. iris data to improve the complexity of the iris data; further, by dividing the rearranged iris data into blocks, the combined characteristics of each data block of the rearranged iris data can be obtained, and by inverting and merging each data block, the The combined features of each data block are represented as data to reduce the magnitude of the iris data; finally, the iris data is grouped by inverting and merging, and each group is sorted separately, and the sorting sequence is determined to be the encrypted data of the original iris data , Standardizing the characteristics of iris data can effectively hide the characteristics of iris data to improve the standardization of iris data and reduce data characteristics, thereby avoiding the decryption of iris data.
附图说明Description of the drawings
图1为本发明提供的虹膜数据加密方法一实施例的流程示意图;Figure 1 is a schematic flow chart of an embodiment of an iris data encryption method provided by the present invention;
图2为本发明提供的得到重排虹膜数据一实施例的流程示意图;Figure 2 is a schematic flow chart of obtaining rearranged iris data according to an embodiment of the present invention;
图3为本发明提供的得到取反合并虹膜数据一实施例的流程示意图;Figure 3 is a schematic flowchart of an embodiment of obtaining inverted and merged iris data provided by the present invention;
图4为本发明提供的得到取反合并虹膜数据另一实施例的流程示意图;Figure 4 is a schematic flow chart of another embodiment of obtaining inverted and merged iris data provided by the present invention;
图5为本发明提供的得到原始虹膜数据的加密数据一实施例的流程示意图;Figure 5 is a schematic flow chart of an embodiment of obtaining encrypted data of original iris data provided by the present invention;
图6为本发明提供的对原始虹膜数据进行加密一实施例的流程示意图;Figure 6 is a schematic flow chart of an embodiment of encrypting original iris data provided by the present invention;
图7为本发明提供的虹膜数据识别一实施例的流程示意图;Figure 7 is a schematic flow chart of an embodiment of iris data recognition provided by the present invention;
图8为本发明提供的电子设备一实施例的结构框图。FIG. 8 is a structural block diagram of an embodiment of the electronic device provided by the present invention.
具体实施方式Detailed ways
下面结合附图来具体描述本发明的优选实施例,其中,附图构成本申请一部分,并与本发明的实施例一起用于阐释本发明的原理,并非用于限定本发明的范围。The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings. The drawings constitute a part of this application and are used together with the embodiments of the present invention to illustrate the principles of the present invention, but are not intended to limit the scope of the present invention.
随着互联网、移动通讯和物联网等技术的快速发展,人们使用各种设备和应用程序进行日常活动,这些活动产生的大量数据都可能包含用户个人隐私信息。随着生物识别技术的不断发展和成熟,各种模式的生物识别技术,如虹膜识别、人脸识别、指纹识别等,已经在金融和民生场景中得到应用。然而,在数据流向复杂的情况下,可能会出现数据泄露,个人信息被恶意利用的风险会增加。作为最常用的生物识别特征之一,工业界和学术界对如何有效地进行虹膜识别并保护用户信息的隐私进行了广泛的研究。With the rapid development of technologies such as the Internet, mobile communications and the Internet of Things, people use various devices and applications to carry out daily activities, and the large amounts of data generated by these activities may contain users' personal privacy information. With the continuous development and maturity of biometric technology, various modes of biometric technology, such as iris recognition, face recognition, fingerprint recognition, etc., have been applied in financial and people's livelihood scenarios. However, when data flows are complex, data leaks may occur and the risk of personal information being used maliciously increases. As one of the most commonly used biometric features, industry and academia have conducted extensive research on how to effectively perform iris recognition and protect the privacy of user information.
近些年来,许多虹膜数据保护方法被提出,这些方法主要分为两类:可撤销的虹膜生物识别技术和虹膜生物识别加密系统。然而,在可撤销的虹膜识别技术领域,现有的技术方法有基于布隆过滤器的方案,基于局部敏感哈希的方案以及基于特征自适应随机投影等方案,由于上述方法在不可逆性、可撤销性和不可链接性之间没有达到很好的平衡,无法完全避免用户的虹膜数据被解密,从而导致无法有效保证用户的虹膜数据安全。In recent years, many iris data protection methods have been proposed, which are mainly divided into two categories: revocable iris biometric technology and iris biometric encryption system. However, in the field of revocable iris recognition technology, existing technical methods include solutions based on Bloom filters, solutions based on local sensitive hashing, and solutions based on feature adaptive random projection. Since the above methods are irreversible and reversible, There is no good balance between revocability and unlinkability, and it is impossible to completely prevent the user's iris data from being decrypted, resulting in the inability to effectively guarantee the security of the user's iris data.
因此,现有技术中保护虹膜数据安全的过程中,存在无法避免虹膜数据被解密的问题。Therefore, in the process of protecting the security of iris data in the prior art, there is a problem that the iris data cannot be avoided from being decrypted.
为了解决上述问题,本发明提供了一种虹膜数据加密、识别方法及电子设备,以下分别进行详细说明。In order to solve the above problems, the present invention provides an iris data encryption and identification method and electronic device, which will be described in detail below.
图1为本发明提供的虹膜数据加密方法一实施例的流程示意图,如图1所示,虹膜数据加密方法包括:Figure 1 is a schematic flow chart of an embodiment of an iris data encryption method provided by the present invention. As shown in Figure 1, the iris data encryption method includes:
步骤S101:获取原始虹膜数据;Step S101: Obtain original iris data;
步骤S102:对原始虹膜数据进行置换重排,得到重排虹膜数据;Step S102: Perform replacement and rearrangement on the original iris data to obtain rearranged iris data;
步骤S103:对重排虹膜数据进行分块,得到多个数据块,并分别对多个数据块进行取反合并,得到取反合并虹膜数据;Step S103: Divide the rearranged iris data into blocks to obtain multiple data blocks, and perform inversion and merge on the multiple data blocks respectively to obtain inversion and merged iris data;
步骤S104:对取反合并虹膜数据进行分组,得到多个数据组,并分别对多个数据组进行排序,得到取反合并虹膜数据的排序序列,并确定排序序列为原始虹膜数据的加密数据。Step S104: Group the reversed and merged iris data to obtain multiple data groups, and sort the multiple data groups respectively to obtain a sorting sequence of the reversed and merged iris data, and determine that the sorting sequence is the encrypted data of the original iris data.
本实施例中,首先,获取原始虹膜数据,并对原始虹膜数据进行置换重排,得到重排虹膜数据;然后,对重排虹膜数据进行分块,并对各数据块进行取反合并,得到取反合并虹膜数据;最后,对取反合并虹膜数据进行分组,并分别对各组进行排序,得到取反合并虹膜数据的排序序列,并确定排序序列为原始虹膜数据的加密数据。In this embodiment, first, the original iris data is obtained, and the original iris data is replaced and rearranged to obtain the rearranged iris data; then, the rearranged iris data is divided into blocks, and each data block is inverted and merged to obtain Invert and merge the iris data; finally, group the inverse and merged iris data, and sort each group respectively to obtain the sorting sequence of the inverse and merged iris data, and determine that the sorting sequence is the encrypted data of the original iris data.
本实施例中,通过对原始虹膜数据进行置换重排,实现对原始虹膜数据的初步加密处理,得到重排虹膜数据,以提高虹膜数据的复杂度;进一步地,通过对重排虹膜数据进行分块,能够获取到重排虹膜数据的各数据块的组合特征,并通过对各数据块进行取反合并,能够将各数据块的组合特征进行数据表示,并降低虹膜数据的量级;最后,通过对取反合并虹膜数据进行分组,并分别对各组进行排序,并确定排序序列为原始虹膜数据的加密数据,标准化处理虹膜数据的特征,能够有效隐藏虹膜数据的特征,以提高虹膜数据的标准化程度,减少数据特性,从而避免虹膜数据被解密。In this embodiment, by performing replacement and rearrangement of the original iris data, preliminary encryption processing of the original iris data is achieved, and the rearranged iris data is obtained to improve the complexity of the iris data; further, by analyzing the rearranged iris data, block, the combined characteristics of each data block of rearranged iris data can be obtained, and by inverting and merging each data block, the combined characteristics of each data block can be represented as data, and the magnitude of the iris data can be reduced; finally, By grouping the inverted and merged iris data, sorting each group separately, and determining that the sorting sequence is the encrypted data of the original iris data, and standardizing the characteristics of the iris data, the characteristics of the iris data can be effectively hidden to improve the quality of the iris data. The degree of standardization reduces data characteristics to prevent iris data from being decrypted.
作为优选的实施例,在步骤S101中,原始虹膜数据是一串长度为n的二进制串。As a preferred embodiment, in step S101, the original iris data is a binary string of length n.
在一具体实施例中,对于数据集CASIA-IrisV3-Interval中的虹膜数据,经过分割和特征提取等预处理操作之后转化为串长为10240位的二进制串,从而得到长度为10240的原始虹膜数据,即,n取值为10240。In a specific embodiment, the iris data in the data set CASIA-IrisV3-Interval is converted into a binary string with a length of 10240 bits after preprocessing operations such as segmentation and feature extraction, thereby obtaining original iris data with a length of 10240 bits. , that is, the value of n is 10240.
作为优选的实施例,在步骤S102中,为了得到重排虹膜数据,如图2所示,图2为本发明提供的得到重排虹膜数据一实施例的流程示意图,包括:As a preferred embodiment, in step S102, in order to obtain rearranged iris data, as shown in Figure 2, Figure 2 is a schematic flow chart of obtaining rearranged iris data according to an embodiment of the present invention, including:
步骤S121:获取随机置换串;Step S121: Obtain a random replacement string;
步骤S122:基于随机置换串,对原始虹膜数据进行置换重排,得到重排虹膜数据;Step S122: Based on the random replacement string, perform replacement and rearrangement of the original iris data to obtain rearranged iris data;
其中,随机置换串的长度与原始虹膜数据的长度相同,且随机置换串中的数字不重复。Among them, the length of the random replacement string is the same as the length of the original iris data, and the numbers in the random replacement string do not repeat.
本实施例中,通过获取随机置换串,以实现获取与原始虹膜数据的长度相同的随机数据串序列,然后将随机置换串作为原始虹膜数据的序列号,对原始虹膜数据进行置换重排,得到重排虹膜数据。In this embodiment, a random permutation string is obtained to obtain a random data string sequence with the same length as the original iris data, and then the random permutation string is used as the sequence number of the original iris data, and the original iris data is permuted and rearranged to obtain Rearrange iris data.
需要说明的是,随机置换串中包括与原始虹膜数据的长度数值相同的多个自然数,从而实现对于任一单个原始虹膜数据,都有唯一确定的随机置换串数值与其对应。It should be noted that the random permutation string includes multiple natural numbers with the same length value as the original iris data, so that for any single original iris data, there is a unique random permutation string value corresponding to it.
在一具体实施例中,在步骤S121中,通过rand()函数生成长度同样是n的随机置换串K,可以表示为K=K1...Kn。In a specific embodiment, in step S121, a random permutation string K of the same length n is generated through the rand() function, which can be expressed as K=K 1 ...K n .
需要说明的是,K中的每个数值都不相同,且K中包括1至n中的每个数值。It should be noted that each value in K is different, and K includes each value from 1 to n.
在一具体实施例中,在步骤S122中,为了对原始虹膜数据进行置换重排,当K1=8时,就意味着原始虹膜数据x中的第一个位置的数据要和第8个位置上的数据进行交换;当K2=18时,就意味着原始虹膜数据x中的第二个位置的数据要和第18个位置上的数据进行交换,以此类推,在此不作赘述。In a specific embodiment, in step S122, in order to perform replacement and rearrangement of the original iris data, when K 1 =8, it means that the data at the first position in the original iris data x must be the same as the data at the 8th position. The data on is exchanged; when K 2 =18, it means that the data at the second position in the original iris data x needs to be exchanged with the data at the 18th position, and so on, which will not be described in detail here.
经过这一步随机置换,我们得到了打乱重排后的虹膜模板即重排虹膜数据。After this step of random replacement, we get the disrupted and rearranged iris template. That is, rearrange the iris data.
在其他实施例中,还可以根据其他随机置换方法对原始虹膜数据进行重排操作,以实现对原始虹膜数据的初步加密。In other embodiments, the original iris data can also be rearranged according to other random replacement methods to achieve preliminary encryption of the original iris data.
另外,需要说明的是,针对同一系统中的原始虹膜数据和待认证虹膜数据,随机置换串K是完全一致的。In addition, it should be noted that for the original iris data and the iris data to be authenticated in the same system, the random replacement string K is completely consistent.
作为优选的实施例,在步骤S103中,为了对重排虹膜数据进行分块,并对各数据块进行取反合并,得到取反合并虹膜数据,如图3所示,图3为本发明提供的得到取反合并虹膜数据一实施例的流程示意图,包括:As a preferred embodiment, in step S103, in order to divide the rearranged iris data into blocks, perform inverse merging of each data block to obtain the inverse combined iris data, as shown in Figure 3, which is provided by the present invention. A schematic flowchart of an embodiment of obtaining inverted and merged iris data, including:
步骤S131:设置分块比特宽度,并根据分块比特宽度将重排虹膜数据等分为多个数据块;Step S131: Set the blocking bit width, and divide the rearranged iris data into multiple data blocks according to the blocking bit width;
步骤S132:将多个数据块中的二进制数据转化为十进制数据,得到多个十进制虹膜数据;Step S132: Convert binary data in multiple data blocks into decimal data to obtain multiple decimal iris data;
步骤S133:根据分块比特宽度,基于十进制标准值计算公式,得到十进制标准值;Step S133: According to the block bit width and the decimal standard value calculation formula, obtain the decimal standard value;
步骤S134:根据十进制标准值,对多个十进制虹膜数据进行取反合并,得到取反合并虹膜数据。Step S134: Invert and merge multiple decimal iris data according to the decimal standard value to obtain the inverted and merged iris data.
本实施例中,首先,设置分块比特宽度,并根据分块比特宽度将重排虹膜数据等分为多个数据块;接下来,将多个数据块中的二进制数据转化为十进制数据,得到多个十进制虹膜数据;然后,根据分块比特宽度,基于十进制标准值计算公式,得到十进制标准值;最后,根据十进制标准值,对多个十进制虹膜数据进行取反合并,得到取反合并虹膜数据。In this embodiment, first, set the block bit width, and divide the rearranged iris data into multiple data blocks according to the block bit width; next, convert the binary data in the multiple data blocks into decimal data, and obtain Multiple decimal iris data; then, according to the block bit width, based on the decimal standard value calculation formula, the decimal standard value is obtained; finally, based on the decimal standard value, multiple decimal iris data are inverted and merged to obtain the inverted and merged iris data .
本实施例中,通过设置分块比特宽度,将重排虹膜数据等分为多个数据块,能够获取到重排虹膜数据各数据块的组合特征,以隐藏具体的局部特征;通过将多个数据块中的二进制数据转化为十进制数据,能够更加精炼地表示各个部分的特征,以便于后续进行数据处理;通过十进制标准值计算公式,得到十进制标准值,得到取反合并的比对标准数据;通过对多个十进制虹膜数据进行取反合并,得到取反合并虹膜数据,实现对十进制虹膜数据的统一标准化处理,以提高后续数据处理的效率。In this embodiment, by setting the block bit width and dividing the rearranged iris data into multiple data blocks, the combined characteristics of each data block of the rearranged iris data can be obtained to hide specific local features; by dividing multiple data blocks into The binary data in the data block is converted into decimal data, which can more accurately represent the characteristics of each part to facilitate subsequent data processing; through the decimal standard value calculation formula, the decimal standard value is obtained, and the inverted and merged comparison standard data is obtained; By inverting and merging multiple decimal iris data, the inverted and merged iris data is obtained, thereby achieving unified and standardized processing of decimal iris data to improve the efficiency of subsequent data processing.
作为优选的实施例,在步骤S131中,将虹膜模板分成m个块,表示为每个块中包含b个比特。As a preferred embodiment, in step S131, the iris template Divided into m blocks, expressed as Each block contains b bits.
在一具体实施例中,m的具体值可以根据实际需要进行调整,可以取值为大于1的任一正整数。In a specific embodiment, the specific value of m can be adjusted according to actual needs, and can be any positive integer greater than 1.
具体地,m优选取值为4。Specifically, m preferably takes a value of 4.
作为优选的实施例,在步骤S132中,将m个块中的二进制值转换为对应的十进制值w,并表示为w=w1...wm。As a preferred embodiment, in step S132, the binary values in m blocks are converted into corresponding decimal values w, and expressed as w=w 1 ...w m .
其中,二进制值转换为十进制值后,每个块中仅有唯一确定的十进制值数据来表示其特征。Among them, after the binary value is converted into a decimal value, each block has only unique decimal value data to represent its characteristics.
本实施例中,通过将二进制值转换为十进制值,实现了实质性降低虹膜数据的数据量级,减少了后续处理量,还隐藏了数据特征。In this embodiment, by converting the binary value into a decimal value, the data level of the iris data is substantially reduced, the amount of subsequent processing is reduced, and the data characteristics are hidden.
作为优选的实施例,在步骤S133中,十进制标准值计算公式为:As a preferred embodiment, in step S133, the decimal standard value calculation formula is:
S=2b-1-1S=2 b-1 -1
其中,S为十进制标准值,b为分块比特宽度。Among them, S is the decimal standard value, and b is the block bit width.
作为优选的实施例,在步骤S134中,为了根据十进制标准值,对多个十进制虹膜数据进行取反合并,得到取反合并虹膜数据,如图4所示,图4为本发明提供的得到取反合并虹膜数据另一实施例的流程示意图,包括:As a preferred embodiment, in step S134, in order to perform inversion and merge on multiple decimal iris data according to the decimal standard value, the inversion and merged iris data are obtained, as shown in Figure 4. Figure 4 is the obtained inversion and merged iris data provided by the present invention. A schematic flowchart of another embodiment of demerging iris data, including:
步骤S1341:分别依次判断多个十进制虹膜数据与十进制标准值的大小;Step S1341: Determine the sizes of multiple decimal iris data and decimal standard values in sequence;
步骤S1342:当十进制虹膜数据大于十进制标准值时,基于取反公式,确定十进制虹膜数据对应的取反合并虹膜数据;Step S1342: When the decimal iris data is greater than the decimal standard value, based on the inversion formula, determine the inverted combined iris data corresponding to the decimal iris data;
步骤S1343:当十进制虹膜数据不大于十进制标准值时,确定十进制虹膜数据即为其对应的取反合并虹膜数据。Step S1343: When the decimal iris data is not greater than the decimal standard value, determine that the decimal iris data is its corresponding inverted merged iris data.
本实施例中,首先,分别依次判断多个十进制虹膜数据与十进制标准值的大小,以确定十进制虹膜数据与十进制标准值之间的数据值大小关系;然后,当十进制虹膜数据大于十进制标准值时,基于取反公式,确定十进制虹膜数据对应的取反合并虹膜数据;当十进制虹膜数据不大于十进制标准值时,确定十进制虹膜数据即为其对应的取反合并虹膜数据。In this embodiment, first, the sizes of multiple decimal iris data and decimal standard values are sequentially determined to determine the data value size relationship between the decimal iris data and the decimal standard value; then, when the decimal iris data is greater than the decimal standard value , based on the inversion formula, determine the inverted combined iris data corresponding to the decimal iris data; when the decimal iris data is not greater than the decimal standard value, determine that the decimal iris data is the corresponding inverted combined iris data.
本实施例中,通过设置十进制标准值作为对十进制虹膜数据进行数据处理的标准,仅当十进制虹膜数据大于十进制标准值时,结合取反公式对十进制虹膜数据进行数据修订,实现了对十进制虹膜数据的进一步统一,减少了虹膜数据的差异性,加大了破解取反合并虹膜数据的难度。In this embodiment, by setting the decimal standard value as the standard for data processing of decimal iris data, only when the decimal iris data is greater than the decimal standard value, the decimal iris data is revised by combining the inversion formula, thereby realizing the decimal iris data The further unification reduces the difference of iris data and increases the difficulty of cracking and inverting the merged iris data.
作为优选的实施例,在步骤S1342中,取反公式为:As a preferred embodiment, in step S1342, the inverse formula is:
ri=2b-1-wi r i =2 b -1-w i
其中,ri为取反合并虹膜数据,wi为十进制虹膜数据。Among them, r i is the inverted merged iris data, and w i is the decimal iris data.
在一具体实施例中,将每个块对应的十进制值wi(i=1...m)和S进行比较,如果wi比S大,对其进行取反操作,并将取反后的值用r表示wi;如果wi小于等于S,保持wi值不变,即ri=wi。In a specific embodiment, the decimal value w i (i=1...m) corresponding to each block is compared with S. If w i is larger than S, an inversion operation is performed on it, and the inverted value is The value of w is represented by r; if w i is less than or equal to S, the value of w i remains unchanged, that is, r i = wi .
本实施例中,通过对虹膜数据进行取反合并操作,实现了减少虹膜数据的数值,以降低后续数据处理的难度,还进一步隐藏了虹膜数据的特征。In this embodiment, by performing an inversion and merging operation on the iris data, the value of the iris data is reduced, thereby reducing the difficulty of subsequent data processing and further hiding the characteristics of the iris data.
作为优选的实施例,在步骤S104中,为了对取反合并虹膜数据进行分组,并分别对各组进行排序,得到取反合并虹膜数据的排序序列,并确定排序序列为原始虹膜数据的加密数据,如图5所示,图5为本发明提供的得到原始虹膜数据的加密数据一实施例的流程示意图,包括:As a preferred embodiment, in step S104, in order to group the reversed merged iris data and sort each group respectively, obtain a sorting sequence of the reversed merged iris data, and determine that the sorting sequence is the encrypted data of the original iris data , as shown in Figure 5, Figure 5 is a schematic flow chart of an embodiment of obtaining encrypted data of original iris data provided by the present invention, including:
步骤S141:设置分组宽度,并根据分组宽度将取反合并虹膜数据划分为多个数据组;Step S141: Set the grouping width, and divide the inverted merged iris data into multiple data groups according to the grouping width;
步骤S142:按照数据值大小,分别对多个数据组中的取反合并虹膜数据进行排序,得到多个数据组对应的多个排序序列;Step S142: Sort the inverted and merged iris data in multiple data groups according to the size of the data values, and obtain multiple sorting sequences corresponding to the multiple data groups;
步骤S143:确定排序序列为原始虹膜数据的加密数据。Step S143: Determine the sorting sequence to be the encrypted data of the original iris data.
本实施例中,首先,设置分组宽度,并根据分组宽度将取反合并虹膜数据划分为多个数据组;然后,按照数据值大小,分别对多个数据组中的取反合并虹膜数据进行排序,得到多个数据组对应的多个排序序列;最后,确定排序序列为原始虹膜数据的加密数据。In this embodiment, first, set the grouping width, and divide the reversed merged iris data into multiple data groups according to the grouping width; then, sort the reversed merged iris data in the multiple data groups according to the size of the data value. , multiple sorting sequences corresponding to multiple data groups are obtained; finally, the sorting sequence is determined to be the encrypted data of the original iris data.
本实施例中,通过设置分组宽度,再一次对取反合并虹膜数据进行分块分组处理,以得到多个数据组,实现将虹膜数据的特点分块化,隐藏具体的局部特征;通过以数据值大小为比较基准,分别对多个数据组中的取反合并虹膜数据进行排序,得到多个数据组对应的多个排序序列,并最终确定排序序列为原始虹膜数据的加密数据,实现了对多个数据组的无差别处理,有效降低了加密数据的特殊性,以进一步隐藏了加密数据的具体特征,降低被解密的风险。In this embodiment, by setting the grouping width, the inverted and merged iris data is once again divided into groups to obtain multiple data groups, thereby dividing the characteristics of the iris data into blocks and hiding specific local features; by using data The size of the value is used as a comparison benchmark. The reversed and merged iris data in multiple data groups are sorted respectively to obtain multiple sorting sequences corresponding to multiple data groups, and finally the sorting sequence is determined to be the encrypted data of the original iris data, realizing the The indiscriminate processing of multiple data groups effectively reduces the particularity of the encrypted data, further hiding the specific characteristics of the encrypted data and reducing the risk of being decrypted.
作为优选的实施例,在步骤S141中,将取反合并虹膜数据r划分为g个组,并表示为R=R1...Rg。As a preferred embodiment, in step S141, the inverted merged iris data r is divided into g groups, and expressed as R=R 1 ...R g .
其中,分组宽度设置为d,即每一组包含d个块,并且满足:Among them, the group width is set to d, that is, each group contains d blocks, and satisfies:
m=g×d。m=g×d.
在一具体实施例中,d取值为3。In a specific embodiment, d takes a value of 3.
作为优选的实施例,在步骤S142中,在每一组中根据每个块对应的十进制值大小进行排序,并记录每个块中的取反合并虹膜数据对应的排序值。As a preferred embodiment, in step S142, sorting is performed in each group according to the decimal value size corresponding to each block, and the sorting value corresponding to the inverted merged iris data in each block is recorded.
需要说明的是,当一个组内存在有多个对应的十进制值相同的块时,这些块的排序值将根据它们在组内的排列顺序值来确定。比如说第一个分组R1中的十进制值为{3,1,3}时,最终对应的排序值应该为{1,0,2}。It should be noted that when there are multiple blocks with the same corresponding decimal value in a group, the sorting values of these blocks will be determined based on their arrangement order value within the group. For example, when the decimal value in the first group R 1 is {3, 1, 3}, the final corresponding sorting value should be {1, 0, 2}.
为了较好地表示上述数据处理过程,如图6所示,图6为本发明提供的对原始虹膜数据进行加密一实施例的流程示意图。In order to better represent the above data processing process, as shown in Figure 6, Figure 6 is a schematic flow chart of an embodiment of encrypting original iris data provided by the present invention.
通过上述方法,实现了对原始虹膜数据的加密处理。然而,上述生成的受保护的加密数据相比原始虹膜数据的长度会减小,从而导致部分虹膜特征信息的丢失,为了扩增加密数据模板的长度,从而提高识别过程中的精度,使用十条不同的随机置换串K1...K10对同一条原始虹膜数据进行上述的加密操作,从而得到10条对应的加密数据模板t1...t10。Through the above method, the encryption processing of the original iris data is realized. However, the length of the protected encrypted data generated above will be reduced compared with the original iris data, resulting in the loss of part of the iris feature information. In order to expand the length of the encrypted data template and thereby improve the accuracy in the recognition process, ten different The random permutation strings K 1 ...K 10 perform the above encryption operation on the same piece of original iris data, thereby obtaining 10 corresponding encrypted data templates t 1 ...t 10 .
进一步地,将10条加密数据模板拼接成一条长的虹膜串t,将其表示为t=t1||...||t10,从而得到最终生成的受保护虹膜模板t,其长度为10×m。Further, the 10 encrypted data templates are spliced into a long iris string t, which is expressed as t=t 1 ||...||t 10 , thereby obtaining the finally generated protected iris template t, whose length is 10×m.
在其他实施例中,还可以根据需要对随机置换串K的条数进行调整。In other embodiments, the number of random permutation strings K can also be adjusted as needed.
通过上述方法,当攻击者获取到最终的受保护虹膜模板t时,实际上得到是每个块在组内的排序值。由于之前生成模板中的组内局部排序过程,从受保护的虹膜模板中各个块的排序值恢复对应的十进制值的过程是一个多对一的映射过程。当块的排序值确定时,块对应的十进制值会有多个选择,从而增大了恢复的难度,增强了不可逆性。当得到块对应的十进制值后,由于之前的生成模板的过程中对原始块进行过取反合并的操作,所以这里受保护虹膜模板中每一个块的十进制值所对应的真实十进制值实际上有两种可能,保持原值或是进行取反操作。由于每一串虹膜串包含块的数目是较大的,所以存在的所有可能性是很多的,这一步骤大大增强了方案的随机性,使得更加难以恢复出原始的虹膜模板。Through the above method, when the attacker obtains the final protected iris template t, he actually obtains the ranking value of each block within the group. Due to the intra-group local sorting process in the previously generated template, the process of recovering the corresponding decimal values from the sorted values of individual blocks in the protected iris template is a many-to-one mapping process. When the sorting value of a block is determined, there will be multiple choices for the decimal value corresponding to the block, thereby increasing the difficulty of recovery and enhancing irreversibility. When the decimal value corresponding to the block is obtained, since the original block was inverted and merged in the previous process of generating the template, the real decimal value corresponding to the decimal value of each block in the protected iris template here is actually There are two possibilities, keep the original value or perform an inversion operation. Since each iris string contains a large number of blocks, there are many possibilities. This step greatly enhances the randomness of the scheme, making it more difficult to recover the original iris template.
基于上述虹膜数据加密方法,能够实现对虹膜数据进行加密,以提高虹膜数据的可靠性,避免被他人解密;进一步地,本申请还提供了一种虹膜数据识别方法,以满足内部人员利用虹膜数据进行加密认证的需要,如图7所示,图7为本发明提供的虹膜数据识别一实施例的流程示意图,包括:Based on the above iris data encryption method, iris data can be encrypted to improve the reliability of iris data and avoid being decrypted by others; further, this application also provides an iris data identification method to satisfy internal personnel's use of iris data The need for encryption authentication is as shown in Figure 7. Figure 7 is a schematic flow chart of an embodiment of iris data recognition provided by the present invention, including:
步骤S201:获取数据库加密数据;Step S201: Obtain database encrypted data;
步骤S202:基于虹膜数据加密方法获取待认证虹膜数据的待认证加密数据;Step S202: Obtain the encrypted data of the iris data to be authenticated based on the iris data encryption method;
步骤S203:根据海明距离计算公式,分别计算待认证加密数据与数据库加密数据的海明距离,得到待认证距离;Step S203: According to the Hamming distance calculation formula, calculate the Hamming distance of the encrypted data to be authenticated and the encrypted data of the database respectively to obtain the distance to be authenticated;
步骤S204:设置距离阈值;Step S204: Set distance threshold;
步骤S205:当待认证距离不大于距离阈值时,判定待认证虹膜数据认证成功;Step S205: When the distance to be authenticated is not greater than the distance threshold, determine that the iris data to be authenticated is successfully authenticated;
其中,虹膜数据加密方法为上述任一技术方案所述的虹膜数据加密方法中的步骤。Wherein, the iris data encryption method is a step in the iris data encryption method described in any of the above technical solutions.
本实施例中,首先,基于获取数据库加密数据的虹膜数据加密方法,对待认证虹膜数据进行加密处理,得到待认证加密数据;然后,根据海明距离计算公式,分别计算待认证加密数据与数据库加密数据的海明距离,得到待认证距离;最后,通过设置距离阈值,只有当待认证距离不大于距离阈值时,判定待认证虹膜数据认证成功。In this embodiment, first, based on the iris data encryption method for obtaining database encrypted data, the iris data to be authenticated is encrypted to obtain the encrypted data to be authenticated; then, according to the Hamming distance calculation formula, the encrypted data to be authenticated and the database encryption are calculated respectively. The Hamming distance of the data is used to obtain the distance to be authenticated; finally, by setting the distance threshold, only when the distance to be authenticated is not greater than the distance threshold, the authentication of the iris data to be authenticated is determined to be successful.
本实施例中,由于解密的复杂性和结构不可控性,一方面,以虹膜数据加密方法为待认证虹膜数据的初步数据处理方法,有效避免了对待认证虹膜数据进行反向解密的过程;另一方面,以距离阈值为基准,比较待认证距离与距离阈值之间的数量关系,从而确定待认证虹膜数据是否处于数据库中的虹膜数据,即,确定待认证虹膜数据对应的人员是否为已经注册且存在于数据库中的人员的虹膜数据。In this embodiment, due to the complexity and uncontrollable structure of decryption, on the one hand, the iris data encryption method is used as the preliminary data processing method for the iris data to be authenticated, which effectively avoids the process of reverse decryption of the iris data to be authenticated; on the other hand, the iris data encryption method is used as the preliminary data processing method for the iris data to be authenticated. On the one hand, the distance threshold is used as a benchmark to compare the quantitative relationship between the distance to be authenticated and the distance threshold, thereby determining whether the iris data to be authenticated is iris data in the database, that is, determining whether the person corresponding to the iris data to be authenticated is already registered. And the iris data of the person exists in the database.
作为优选的实施例,在步骤S202中,获取待认证加密数据的过程中用到的随机置换串K与步骤S201中生成数据库加密数据的随机置换串K是相同的。As a preferred embodiment, in step S202, the random substitution string K used in the process of obtaining the encrypted data to be authenticated is the same as the random substitution string K used to generate the database encrypted data in step S201.
作为优选的实施例,在步骤S203中,海明距离计算公式为:As a preferred embodiment, in step S203, the Hamming distance calculation formula is:
其中,Dis(t′,d)为海明距离,ti ′为待认证加密数据t′中的第i块,di为数据库加密数据d中的第i块,i的取值范围为[1,10×m],m为数据块总量。Among them, Dis(t ′ , d) is the Hamming distance, t i ′ is the i-th block in the encrypted data t ′ to be authenticated, d i is the i-th block in the database encrypted data d, and the value range of i is [ 1, 10×m], m is the total amount of data blocks.
在一具体实施例中,用户向服务器提交自己的虹膜数据x′,在服务器上通过设计的基于取反合并与局部排序的虹膜模板生成方案来生成受保护的虹膜模板t′。在服务器上计算t′与虹膜模板数据库中虹膜模板之间的海明距离,并将其与阈值C进行比较,当小于等于阈值C时表明识别成功。若t′与虹膜模板数据库中的所有虹膜模板之间的距离都大于阈值C的话,则代表识别失败。实验结果证明,此方法可以在有效保护用户虹膜特征数据的前提下,同时具有很好的识别效果。In a specific embodiment, the user submits his or her own iris data x ′ to the server, and the protected iris template t ′ is generated on the server through a designed iris template generation scheme based on inverse merging and local sorting. The Hamming distance between t ′ and the iris template in the iris template database is calculated on the server and compared with the threshold C. When it is less than or equal to the threshold C, it indicates that the recognition is successful. If the distance between t ′ and all iris templates in the iris template database is greater than the threshold C, it means that the recognition fails. Experimental results prove that this method can effectively protect the user's iris feature data while achieving good recognition results.
通过上述方法,通过对原始虹膜数据进行置换重排,实现对原始虹膜数据的初步加密处理,得到重排虹膜数据,以提高虹膜数据的复杂度;进一步地,通过对重排虹膜数据进行分块,能够获取到重排虹膜数据各数据块的组合特征,并通过对各数据块进行取反合并,能够将各数据块的组合特征进行数据表示,并降低虹膜数据的量级;最后,通过对取反合并虹膜数据进行分组,并分别对各组进行排序,并确定排序序列为原始虹膜数据的加密数据,标准化处理虹膜数据的特征,能够有效隐藏虹膜数据的特征,以提高虹膜数据的标准化程度,减少数据特性,从而避免虹膜数据被解密。Through the above method, the original iris data is replaced and rearranged to achieve preliminary encryption processing of the original iris data, and the rearranged iris data is obtained to improve the complexity of the iris data; further, by dividing the rearranged iris data into blocks , the combined features of each data block of the rearranged iris data can be obtained, and by inverting and merging each data block, the combined features of each data block can be represented as data, and the magnitude of the iris data can be reduced; finally, by Invert and merge the iris data into groups, sort each group separately, and determine the sorting sequence as the encrypted data of the original iris data. Standardize the characteristics of the iris data, which can effectively hide the characteristics of the iris data to improve the standardization of the iris data. , reduce data characteristics to avoid iris data from being decrypted.
在一具体实施例中,结合虹膜数据识别过程,详细说明对虹膜数据的处理过程,首先,对数据集进行预处理,使用的数据集为常用的虹膜数据CASIA-IrisV3-Interval,使用USIT系统对数据集中的虹膜图像进行分割;然后,对虹膜图像进行虹膜特征提取操作,并获得一串长度为20×512=10240虹膜模板。对于实验中使用的数据集图像,共有来自249个个体的2639张虹膜图像,并且只使用了来自左眼的图像。In a specific embodiment, combined with the iris data recognition process, the processing of iris data is described in detail. First, the data set is preprocessed. The data set used is the commonly used iris data CASIA-IrisV3-Interval. The USIT system is used to The iris images in the data set are segmented; then, the iris features are extracted from the iris images, and a string of iris templates with a length of 20×512=10240 is obtained. For the dataset images used in the experiments, there were a total of 2639 iris images from 249 individuals, and only images from the left eye were used.
为了验证提出的隐私保护虹膜识别方法的性能,引入错误接受率(FalseAcceptance Rate,FAR)、错误拒绝率(False Rejection Rate,FRR)、正确接受率(GenuineAcceptance Rate,GAR)和等误率(Equal Error Rate,EER)四个指标,来量化此方法的识别效果。In order to verify the performance of the proposed privacy-preserving iris recognition method, the false acceptance rate (FalseAcceptance Rate, FAR), false rejection rate (False Rejection Rate, FRR), correct acceptance rate (GenuineAcceptance Rate, GAR) and equal error rate (Equal Error Rate, EER) four indicators to quantify the recognition effect of this method.
在匹配阈值C确定时,FAR表示将来自不同类别的虹膜数据识别为来自相同类别的虹膜数据的次数占测试总次数的百分比;FRR表示将来自相同类别的虹膜数据识别为来自不同类别的虹膜数据的次数占测试总次数的百分比;GAR表示将虹膜数据识别为正确的类别的次数占测试总次数的百分比;EER则是通过变换阈值C,当FAR=FRR时的FAR值或FRR值,EER值越小代表着系统的识别性能越好。When the matching threshold C is determined, FAR indicates the number of times that iris data from different categories are recognized as iris data from the same category as a percentage of the total number of tests; FRR indicates that iris data from the same category is recognized as iris data from different categories. The number of times accounts for the percentage of the total number of tests; GAR represents the number of times the iris data is recognized as the correct category as a percentage of the total number of tests; EER represents the FAR value or FRR value, EER value when FAR=FRR by transforming the threshold C The smaller the value, the better the recognition performance of the system.
其中,FAR,FRR,GAR的计算公式如下所示:Among them, the calculation formulas of FAR, FRR and GAR are as follows:
通过上述方式发现:利用了取反合并操作与局部排序过程中存在的多对一映射的关系,使得攻击者恢复的过程中的选择大大增加,从生成的受保护模板恢复出原始的虹膜模板是十分困难的;使用多个随机置换串K对于同一原始虹膜模板进行操作生成多个受保护的模板,通过扩增虹膜模板长度减少了生成模板过程中的虹膜特征信息的丢失;能够较好地识别出数据库中的虹膜数据,以实现数据匹配。Through the above method, it was found that the many-to-one mapping relationship between the inversion merge operation and the local sorting process is used, which greatly increases the attacker's options in the recovery process. The original iris template is recovered from the generated protected template. It is very difficult; use multiple random substitution strings K to operate on the same original iris template to generate multiple protected templates. By amplifying the length of the iris template, the loss of iris feature information during the template generation process is reduced; it can be better identified Extract the iris data from the database to achieve data matching.
本发明还相应提供了一种电子设备,如图8所示,图8为本发明提供的电子设备一实施例的结构框图。电子设备800可以是移动终端、桌上型计算机、笔记本、掌上电脑及服务器等计算设备。电子设备800包括处理器801以及存储器802,其中,存储器802上存储有虹膜数据加密程序803。The present invention also provides an electronic device, as shown in Figure 8. Figure 8 is a structural block diagram of an embodiment of the electronic device provided by the present invention. The electronic device 800 may be a mobile terminal, a desktop computer, a notebook, a PDA, a server and other computing devices. The electronic device 800 includes a processor 801 and a memory 802, where an iris data encryption program 803 is stored on the memory 802.
存储器802在一些实施例中可以是计算机设备的内部存储单元,例如计算机设备的硬盘或内存。存储器802在另一些实施例中也可以是计算机设备的外部存储设备,例如计算机设备上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(SecureDigital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器802还可以既包括计算机设备的内部存储单元也包括外部存储设备。存储器802用于存储安装于计算机设备的应用软件及各类数据,例如安装计算机设备的程序代码等。存储器802还可以用于暂时地存储已经输出或者将要输出的数据。在一实施例中,虹膜数据加密程序803可被处理器801所执行,从而实现本发明各实施例的虹膜数据加密方法。Memory 802 may, in some embodiments, be an internal storage unit of the computer device, such as a hard drive or memory of the computer device. In other embodiments, the memory 802 may also be an external storage device of the computer device, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card, or a flash memory equipped on the computer device. Flash Card, etc. Further, the memory 802 may also include both an internal storage unit of the computer device and an external storage device. The memory 802 is used to store application software and various types of data installed on the computer device, such as program codes installed on the computer device. The memory 802 may also be used to temporarily store data that has been output or is to be output. In one embodiment, the iris data encryption program 803 can be executed by the processor 801, thereby implementing the iris data encryption methods of various embodiments of the present invention.
处理器801在一些实施例中可以是一中央处理器(Central Processing Unit,CPU),微处理器或其他数据处理芯片,用于运行存储器802中存储的程序代码或处理数据,例如执行虹膜数据加密程序等。In some embodiments, the processor 801 may be a central processing unit (CPU), a microprocessor or other data processing chip, used to run program codes stored in the memory 802 or process data, such as performing iris data encryption. Programs etc.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM),以及存储器总线动态RAM(RDRAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be completed by instructing relevant hardware through a computer program. The computer program can be stored in a non-volatile computer-readable storage. In the media, when executed, the computer program may include the processes of the above method embodiments. Any reference to memory, storage, databases, or other media used in the various embodiments provided herein may include non-volatile and/or volatile memory. Non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Synchlink DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。The above are only preferred specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person familiar with the technical field can easily think of changes or modifications within the technical scope disclosed in the present invention. All substitutions are within the scope of the present invention.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310962989.3A CN117034236A (en) | 2023-08-01 | 2023-08-01 | Iris data privacy protection and identification method and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310962989.3A CN117034236A (en) | 2023-08-01 | 2023-08-01 | Iris data privacy protection and identification method and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117034236A true CN117034236A (en) | 2023-11-10 |
Family
ID=88638385
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310962989.3A Pending CN117034236A (en) | 2023-08-01 | 2023-08-01 | Iris data privacy protection and identification method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117034236A (en) |
-
2023
- 2023-08-01 CN CN202310962989.3A patent/CN117034236A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Joseph et al. | Retracted article: a multimodal biometric authentication scheme based on feature fusion for improving security in cloud environment | |
| US11615176B2 (en) | Registration and verification of biometric modalities using encryption techniques in a deep neural network | |
| US11444772B2 (en) | Fuzzy dataset processing and biometric identity technology leveraging blockchain ledger technology | |
| Kumar et al. | Privacy preserving security using biometrics in cloud computing | |
| US20180152304A1 (en) | User Identification Management System and Method | |
| WO2021121129A1 (en) | Method and apparatus for similar case detection, device, and storage medium | |
| US11227037B2 (en) | Computer system, verification method of confidential information, and computer | |
| TW201610742A (en) | Encrypting and decrypting information | |
| Lozhnikov et al. | Generation of a biometrically activated digital signature based on hybrid neural network algorithms | |
| CN111274571A (en) | Iris template protection method and system combining local sorting and negative database | |
| CN117171817B (en) | Electronic signature safety management method based on block chain | |
| CN110223075B (en) | Identity authentication method and device, computer equipment and storage medium | |
| CN112088378A (en) | Image hidden information detector | |
| WO2020147439A1 (en) | Image processing method, image verification method, apparatus, device and medium | |
| US11501580B1 (en) | Methods and systems for implementing secure biometric recognition | |
| US20230291731A1 (en) | Systems and methods for monitoring decentralized data storage | |
| CN117034236A (en) | Iris data privacy protection and identification method and electronic equipment | |
| WO2023066374A1 (en) | Privacy protection based image processing method, identity registration method, and identity authentication method | |
| US11343092B2 (en) | Biometric authentication method | |
| CN115658976A (en) | Equipment fingerprint analysis method and system based on locality sensitive hashing | |
| CN113987446A (en) | An authentication method and device | |
| KR102566991B1 (en) | System for providing countersign service using fingerprint | |
| US12079699B1 (en) | Verifying the provenance of a machine learning system | |
| CN118134487B (en) | Online payment identity intelligent authentication method based on digital signature | |
| Zhu et al. | A performance-optimization method for reusable fuzzy extractor based on block error distribution of iris trait |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |