CN117058733A - Safe face recognition method, system, equipment and storage medium - Google Patents

Safe face recognition method, system, equipment and storage medium Download PDF

Info

Publication number
CN117058733A
CN117058733A CN202310823116.4A CN202310823116A CN117058733A CN 117058733 A CN117058733 A CN 117058733A CN 202310823116 A CN202310823116 A CN 202310823116A CN 117058733 A CN117058733 A CN 117058733A
Authority
CN
China
Prior art keywords
user
face
database
key
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310823116.4A
Other languages
Chinese (zh)
Inventor
姚锋
张忠山
王涛
沈大勇
何磊
陈宇宁
陈盈果
刘晓路
杜永浩
闫俊刚
王沛
陈英武
吕济民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN202310823116.4A priority Critical patent/CN117058733A/en
Publication of CN117058733A publication Critical patent/CN117058733A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/168Feature extraction; Face representation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Bioethics (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The application discloses a method, a system, equipment and a storage medium for safe face recognition, which comprise the steps of carrying out key matching according to a key index of a thematic library to obtain a corresponding symmetric key, increasing the security of private data through a 1-to-1 key pair, decrypting a face feature ciphertext of a database according to the symmetric key, and obtaining a face feature plaintext of the database; performing key matching according to the user ID to obtain a user public key corresponding to the user private key, and decrypting the user face feature data ciphertext according to the user public key to obtain the user face feature data plaintext; and comparing the plain text of the face feature data of the user with the face feature text of the database to obtain a face recognition result, and sending the face recognition result to the authentication server, so that the authentication server sends the face recognition result to the terminal according to the user ID, and the risk of information leakage in the face recognition using process is reduced by only decrypting the data when the face feature data is compared, and the security of the privacy data is improved.

Description

Safe face recognition method, system, equipment and storage medium
Technical Field
The present application relates to the field of face recognition technologies, and in particular, to a method, system, device, and storage medium for secure face recognition.
Background
Face recognition is a biological recognition technology for performing identity recognition based on facial feature information of a person, and a camera or a camera is used for collecting images or video streams containing the face, automatically detecting the face in the images, and further performing a series of related technologies for performing face recognition on the detected face.
The face recognition is mainly used for identity recognition, and the face recognition technology is adopted to extract the biological characteristic information of the face from the image or video stream and compare the biological characteristic information with a face characteristic database in real time, so that the rapid identity recognition is realized. Face recognition technology has been widely used in government, military, public security, finance, e-commerce, social management, public service, security protection, and other fields.
The human face is taken as individual characteristics of human, belongs to personal privacy data, is closely related to personal rights and interests, and can cause great loss on personal information security if the human face information is revealed, so that how to prevent information from being revealed in the use process of human face identification and protect the personal face privacy information is a technical problem to be solved in identity authentication.
Disclosure of Invention
The present application aims to at least solve the technical problems existing in the prior art. Therefore, the application provides a safe face recognition method, a system, equipment and a storage medium, which can prevent information leakage in the face recognition using process and improve the security of private data.
The first aspect of the present application provides a secure face recognition method for comparing servers, comprising the steps of:
receiving a user ID, a user face feature data ciphertext, a face feature ciphertext of a database and a thematic library key index from an authentication server, wherein the user ID and the user face feature data ciphertext are sent to the authentication server by a terminal, and the user face feature data ciphertext is obtained by encrypting user face feature data by a pre-stored user private key; the key index of the thematic database and the face characteristic ciphertext of the database are sent to the authentication server by the database, and the key index of the thematic database and the face characteristic ciphertext of the database correspond to the user ID;
performing key matching according to the key index of the thematic library to obtain a corresponding symmetric key;
decrypting the face feature ciphertext of the database according to the symmetric key to obtain a face feature plaintext of the database;
performing key matching according to the user ID to obtain a user public key corresponding to the user private key;
decrypting the user face characteristic data ciphertext according to the user public key to obtain user face characteristic data plaintext;
and comparing the face feature data plaintext of the user with the face feature plaintext of the database to obtain a face recognition result.
And sending the face recognition result to the authentication server, so that the authentication server sends the face recognition result to the terminal according to the user ID.
The control method according to the embodiment of the application has at least the following beneficial effects:
the method comprises the steps of receiving a user ID, a user face characteristic data ciphertext, a face characteristic ciphertext of a database and a thematic database key index from an authentication server, wherein the thematic database key index and the face characteristic ciphertext of the database correspond to the user ID; performing key matching according to the key index of the thematic library to obtain a corresponding symmetric key; the security of the privacy data is increased through the key pair of 1 to 1, and the face feature ciphertext of the database is decrypted according to the symmetric key to obtain the face feature plaintext of the database; performing key matching according to the user ID to obtain a user public key corresponding to the user private key; decrypting the user face characteristic data ciphertext according to the user public key to obtain the user face characteristic data plaintext; and comparing the plain text of the face feature data of the user with the face feature text of the database to obtain a face recognition result, and sending the face recognition result to the authentication server, so that the authentication server sends the face recognition result to the terminal according to the user ID, and the risk of information leakage in the face recognition using process is reduced by only decrypting the data when the face feature data is compared, and the security of the privacy data is improved.
According to some embodiments of the application, before the database sends the face feature ciphertext of the database to the authentication server, the method comprises:
receiving the user ID and the user registration face data ciphertext from the authentication server, wherein the user registration face data ciphertext is obtained by encrypting user registration face data by a pre-stored user private key;
performing key matching according to the user ID to obtain a user public key corresponding to the user private key;
decrypting the user registration face data ciphertext according to the user public key to obtain a user registration face data plaintext, and extracting user registration face feature data from the user registration face data plaintext;
performing feature data symmetric encryption on the user registration face feature data through KMS according to the encryption index to obtain a face feature ciphertext of a database;
and sending the encryption index, the user ID and the facial feature ciphertext of the database to the database so that the database stores the encryption index, the user ID and the facial feature ciphertext of the database.
According to some embodiments of the present application, the terminal obtains the user face feature data ciphertext by the following method, including:
receiving a user private key sent by the comparison server;
collecting a user face image, and extracting the user face characteristic data from the user face image;
and encrypting the user face characteristic data by adopting the user private key to obtain the user face characteristic data ciphertext.
According to some embodiments of the application, the database obtains the thematic repository key index by:
receiving a thematic library key index acquisition request and the user ID sent by the authentication server;
and acquiring the key index of the thematic database according to the key index acquisition request of the thematic database and the user ID.
According to some embodiments of the application, the database obtains the face feature ciphertext of the database by:
receiving the user ID transmitted by the authentication server;
and carrying out data matching according to the user ID to obtain the face characteristic ciphertext of the database.
According to some embodiments of the application, the performing key matching according to the key index of the thematic library to obtain a corresponding symmetric key includes:
and performing key matching according to the key index of the thematic library, and generating a corresponding symmetric key through the KMS.
According to some embodiments of the application, before the performing the key matching according to the user ID to obtain a user public key corresponding to the user private key, the method further includes:
and generating the user private key and a user public key corresponding to the user private key through an asymmetric encryption algorithm.
In a second aspect of the present application, there is provided a secure face recognition system for comparing servers, the secure face recognition system comprising:
the face data acquisition module is used for receiving a user ID, a user face characteristic data ciphertext, a face characteristic ciphertext of a database and a thematic database key index from an authentication server, wherein the user ID and the user face characteristic data ciphertext are sent to the authentication server by a terminal, and the user face characteristic data ciphertext is obtained by encrypting user face characteristic data by a pre-stored user private key; the key index of the thematic database and the face characteristic ciphertext of the database are sent to the authentication server by the database, and the key index of the thematic database and the face characteristic ciphertext of the database correspond to the user ID;
the symmetric key matching module is used for carrying out key matching according to the key index of the thematic library to obtain a corresponding symmetric key;
the database ciphertext decrypting module is used for decrypting the face feature ciphertext of the database according to the symmetric key to obtain the face feature plaintext of the database;
the key matching module is used for carrying out key matching according to the user ID to obtain a user public key corresponding to the user private key;
the user data decryption module is used for decrypting the user face characteristic data ciphertext according to the user public key to obtain user face characteristic data plaintext;
the face recognition module is used for comparing the face feature data plaintext of the user with the face feature plaintext of the database to obtain a face recognition result;
and the result sending module is used for sending the face recognition result to the authentication server so that the authentication server can send the face recognition result to the terminal according to the user ID.
The system receives a user ID, a user face characteristic data ciphertext, a face characteristic ciphertext of a database and a thematic database key index from an authentication server, wherein the thematic database key index and the face characteristic ciphertext of the database correspond to the user ID; performing key matching according to the key index of the thematic library to obtain a corresponding symmetric key; the security of the privacy data is increased through the key pair of 1 to 1, and the face feature ciphertext of the database is decrypted according to the symmetric key to obtain the face feature plaintext of the database; performing key matching according to the user ID to obtain a user public key corresponding to the user private key; decrypting the user face characteristic data ciphertext according to the user public key to obtain the user face characteristic data plaintext; and comparing the plain text of the face feature data of the user with the face feature text of the database to obtain a face recognition result, and sending the face recognition result to the authentication server, so that the authentication server sends the face recognition result to the terminal according to the user ID, and the risk of information leakage in the face recognition using process is reduced by only decrypting the data when the face feature data is compared, and the security of the privacy data is improved.
In a third aspect of the application, a secure face recognition electronic device is provided, comprising at least one control processor and a memory for communication connection with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform the secure face recognition method described above.
In a fourth aspect of the present application, there is provided a computer-readable storage medium storing computer-executable instructions for causing a computer to perform the above-described secure face recognition method.
It should be noted that the advantages of the second to fourth aspects of the present application and the prior art are the same as those of a secure face recognition system described above and are not described in detail herein.
Additional aspects and advantages of the application will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application.
Drawings
The foregoing and/or additional aspects and advantages of the application will become apparent and may be better understood from the following description of embodiments taken in conjunction with the accompanying drawings in which:
FIG. 1 is a flow chart of a method of secure face recognition according to an embodiment of the present application;
fig. 2 is a registration flow chart of a method for secure face recognition according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a secure face recognition system according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the application.
In the description of the present application, the description of first, second, etc. is for the purpose of distinguishing between technical features only and should not be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
In the description of the present application, it should be understood that the direction or positional relationship indicated with respect to the description of the orientation, such as up, down, etc., is based on the direction or positional relationship shown in the drawings, is merely for convenience of describing the present application and simplifying the description, and does not indicate or imply that the apparatus or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present application.
In the description of the present application, unless explicitly defined otherwise, terms such as arrangement, installation, connection, etc. should be construed broadly and the specific meaning of the terms in the present application can be determined reasonably by a person skilled in the art in combination with the specific content of the technical solution.
The face recognition is mainly used for identity recognition, and the face recognition technology is adopted to extract the biological characteristic information of the face from the image or video stream and compare the biological characteristic information with a face characteristic database in real time, so that the rapid identity recognition is realized. Face recognition technology has been widely used in government, military, public security, finance, e-commerce, social management, public service, security protection, and other fields.
The human face is taken as individual characteristics of human, belongs to personal privacy data, is closely related to personal rights and interests, and can cause great loss on personal information security if the human face information is revealed, so that how to prevent information from being revealed in the use process of human face identification and protect the personal face privacy information is a technical problem to be solved in identity authentication.
In order to solve the above technical drawbacks, referring to fig. 1, the present application provides a secure face recognition method for comparing servers, including:
step S101, receiving a user ID, a user face characteristic data ciphertext, a face characteristic ciphertext of a database and a thematic library key index from an authentication server, wherein the user ID and the user face characteristic data ciphertext are sent to the authentication server by a terminal, and the user face characteristic data ciphertext is obtained by encrypting user face characteristic data by a pre-stored user private key; the key index of the thematic database and the face characteristic ciphertext of the database are sent to the authentication server by the database, and the key index of the thematic database and the face characteristic ciphertext of the database correspond to the user ID;
step S102, performing key matching according to the key index of the thematic library to obtain a corresponding symmetric key;
step S103, decrypting the face feature ciphertext of the database according to the symmetric key to obtain a face feature plaintext of the database;
step S104, carrying out key matching according to the user ID to obtain a user public key corresponding to the user private key;
step S105, decrypting the user face feature data ciphertext according to the user public key to obtain the user face feature data plaintext;
step S106, comparing the plain text of the face feature data of the user with the plain text of the face feature of the database to obtain a face recognition result;
step S107, the face recognition result is sent to the authentication server, so that the authentication server sends the face recognition result to the terminal according to the user ID.
The method comprises the steps of receiving a user ID, a user face characteristic data ciphertext, a face characteristic ciphertext of a database and a thematic database key index from an authentication server, wherein the thematic database key index and the face characteristic ciphertext of the database correspond to the user ID; performing key matching according to the key index of the thematic library to obtain a corresponding symmetric key; the security of the privacy data is increased through the key pair of 1 to 1, and the face feature ciphertext of the database is decrypted according to the symmetric key to obtain the face feature plaintext of the database; performing key matching according to the user ID to obtain a user public key corresponding to the user private key; decrypting the user face characteristic data ciphertext according to the user public key to obtain the user face characteristic data plaintext; and comparing the plain text of the face feature data of the user with the face feature text of the database to obtain a face recognition result, and sending the face recognition result to the authentication server, so that the authentication server sends the face recognition result to the terminal according to the user ID, and the risk of information leakage in the face recognition using process is reduced by only decrypting the data when the face feature data is compared, and the security of the privacy data is improved.
Specifically, in some embodiments, each of the face feature comparison ciphertext data is assigned a unique index, where the indexes simultaneously correspond to the symmetric key.
Referring to fig. 2, in some embodiments, before the database sends the face feature ciphertext of the database to the authentication server, it includes:
step S201, receiving a user ID and a user registration face data ciphertext from an authentication server, wherein the user registration face data ciphertext is obtained by encrypting user registration face data by a pre-stored user private key;
step S202, carrying out key matching according to the user ID to obtain a user public key corresponding to the user private key;
step S203, decrypting the ciphertext of the user registration face data according to the user public key to obtain a plaintext of the user registration face data, and extracting the characteristic data of the user registration face from the plaintext of the user registration face data;
step S204, carrying out characteristic data symmetric encryption on the face characteristic data registered by the user through the KMS according to the encryption index to obtain a face characteristic ciphertext of the database;
step S205, the encryption index, the user ID and the face characteristic ciphertext of the database are sent to the database, so that the database stores the encryption index, the user ID and the face characteristic ciphertext of the database.
In some embodiments, the terminal obtains the user face feature data ciphertext by:
receiving a user private key sent by a comparison server;
collecting a user face image, and extracting user face feature data from the user face image;
and encrypting the user face characteristic data by using the user private key to obtain a user face characteristic data ciphertext.
In some embodiments, the database obtains the thematic library key index by:
receiving a thematic library key index acquisition request and a user ID sent by an authentication server;
and acquiring the key index of the thematic database according to the key index acquisition request of the thematic database and the user ID.
In some embodiments, the database obtains the face feature ciphertext of the database by:
receiving a user ID transmitted by an authentication server;
and carrying out data matching according to the user ID to obtain the face characteristic ciphertext of the database.
In some embodiments, performing key matching according to the key index of the thematic library to obtain a corresponding symmetric key, including:
and performing key matching according to the key index of the thematic library, and generating a corresponding symmetric key through the KMS.
In some embodiments, before performing key matching according to the user ID to obtain the user public key corresponding to the user private key, the method further includes:
and generating a user private key and a user public key corresponding to the user private key through an asymmetric encryption algorithm.
In particular, in some embodiments, the asymmetric cryptographic algorithm employs, for example, the international cryptographic algorithm standard RSA and the domestic cryptographic algorithm standard SM2, etc. In addition, the face feature database encrypts and stores the face feature comparison data set with a symmetric cryptographic algorithm, which may employ, for example, the international cryptographic algorithm standard 3DES, the domestic cryptographic algorithm standard SM4, and the like.
The method can provide one-to-one comparison and identification, and can also provide one-to-many comparison and identification service.
The comparison server of the method comprises a key management module, wherein the key management module is used for providing management of symmetric cipher algorithm keys and asymmetric cipher algorithm keys, and the key management module comprises functions of creating keys, disabling keys, deleting keys, importing keys, distributing keys and the like. The key management module is connected with the password service module through the key management interface unit. The key management module provides a user public key according to the user ID; and providing a symmetric cipher algorithm key according to the index of the face characteristic database.
In addition, referring to fig. 3, an embodiment of the present application provides a secure face recognition system, which is used for comparing with a server, and includes a face data acquisition module 1100, a symmetric key matching module 1200, a database ciphertext decryption module 1300, a key matching module 1400, a user data decryption module 1500, a face recognition module 1600, and a result sending module 1700, wherein:
the face data obtaining module 1100 is configured to receive a user ID, a user face feature data ciphertext, a face feature ciphertext of a database, and a key index of a thematic library from an authentication server, where the user ID and the user face feature data ciphertext are sent to the authentication server by a terminal, and the user face feature data ciphertext is obtained by encrypting user face feature data by a pre-stored user private key; the key index of the thematic database and the face characteristic ciphertext of the database are sent to the authentication server by the database, and the key index of the thematic database and the face characteristic ciphertext of the database correspond to the user ID;
the symmetric key matching module 1200 is configured to perform key matching according to the key index of the thematic library to obtain a corresponding symmetric key;
the database ciphertext decrypting module 1300 is configured to decrypt the face feature ciphertext of the database according to the symmetric key to obtain a face feature plaintext of the database;
the key matching module 1400 is configured to perform key matching according to the user ID to obtain a user public key corresponding to the user private key;
the user data decryption module 1500 is configured to decrypt the ciphertext of the user face feature data according to the user public key to obtain the plaintext of the user face feature data;
the face recognition module 1600 is configured to compare a face feature data plaintext of a user with a face feature plaintext of a database to obtain a face recognition result;
the result transmitting module 1700 is configured to transmit the face recognition result to the authentication server, so that the authentication server transmits the face recognition result to the terminal according to the user ID.
The system receives a user ID, a user face characteristic data ciphertext, a face characteristic ciphertext of a database and a thematic database key index from an authentication server, wherein the thematic database key index and the face characteristic ciphertext of the database correspond to the user ID; performing key matching according to the key index of the thematic library to obtain a corresponding symmetric key; the security of the privacy data is increased through the key pair of 1 to 1, and the face feature ciphertext of the database is decrypted according to the symmetric key to obtain the face feature plaintext of the database; performing key matching according to the user ID to obtain a user public key corresponding to the user private key; decrypting the user face characteristic data ciphertext according to the user public key to obtain the user face characteristic data plaintext; and comparing the plain text of the face feature data of the user with the face feature text of the database to obtain a face recognition result, and sending the face recognition result to the authentication server, so that the authentication server sends the face recognition result to the terminal according to the user ID, and the risk of information leakage in the face recognition using process is reduced by only decrypting the data when the face feature data is compared, and the security of the privacy data is improved.
It should be noted that, the system embodiment and the above-mentioned system embodiment are based on the same inventive concept, so that the relevant content of the above-mentioned method embodiment is also applicable to the system embodiment, and is not repeated here.
The application also provides a safe face recognition electronic device, comprising: memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing when executing the computer program: the safety face recognition method is as above.
The processor and the memory may be connected by a bus or other means.
The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory remotely located relative to the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The non-transitory software program and instructions required to implement the secure face recognition method of the above-described embodiment are stored in the memory, and when executed by the processor, perform the secure face recognition method of the above-described embodiment, for example, perform the method steps S101 to S107 of fig. 1 described above.
The present application also provides a computer-readable storage medium storing computer-executable instructions for performing: the safety face recognition method is as above.
The computer-readable storage medium stores computer-executable instructions that are executed by a processor or controller, for example, by a processor in the above-described electronic device embodiment, which may cause the processor to perform the secure face recognition method in the above-described embodiment, for example, to perform the method steps S101 to S107 in fig. 1 described above.
Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program elements or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program elements or other data in a modulated data signal such as a carrier wave or other transport mechanism and may include any information delivery media.
The embodiments of the present application have been described in detail with reference to the accompanying drawings, but the present application is not limited to the above embodiments, and various changes can be made within the knowledge of one of ordinary skill in the art without departing from the spirit of the present application.

Claims (10)

1. A secure face recognition method, characterized by being used for comparing a server, the secure face recognition method comprising:
receiving a user ID, a user face feature data ciphertext, a face feature ciphertext of a database and a thematic library key index from an authentication server, wherein the user ID and the user face feature data ciphertext are sent to the authentication server by a terminal, and the user face feature data ciphertext is obtained by encrypting user face feature data by a pre-stored user private key; the key index of the thematic database and the face characteristic ciphertext of the database are sent to the authentication server by the database, and the key index of the thematic database and the face characteristic ciphertext of the database correspond to the user ID;
performing key matching according to the key index of the thematic library to obtain a corresponding symmetric key;
decrypting the face feature ciphertext of the database according to the symmetric key to obtain a face feature plaintext of the database;
performing key matching according to the user ID to obtain a user public key corresponding to the user private key;
decrypting the user face characteristic data ciphertext according to the user public key to obtain user face characteristic data plaintext;
comparing the face feature data plaintext of the user with the face feature plaintext of the database to obtain a face recognition result;
and sending the face recognition result to the authentication server, so that the authentication server sends the face recognition result to the terminal according to the user ID.
2. The method of claim 1, wherein before the database sends the face feature ciphertext of the database to the authentication server, the method comprises:
receiving the user ID and the user registration face data ciphertext from the authentication server, wherein the user registration face data ciphertext is obtained by encrypting user registration face data by a pre-stored user private key;
performing key matching according to the user ID to obtain a user public key corresponding to the user private key;
decrypting the user registration face data ciphertext according to the user public key to obtain a user registration face data plaintext, and extracting user registration face feature data from the user registration face data plaintext;
performing feature data symmetric encryption on the user registration face feature data through KMS according to the encryption index to obtain a face feature ciphertext of a database;
and sending the encryption index, the user ID and the facial feature ciphertext of the database to the database so that the database stores the encryption index, the user ID and the facial feature ciphertext of the database.
3. The method for recognizing human face safely according to claim 1, wherein the terminal obtains the ciphertext of the characteristic data of the human face of the user by:
receiving a user private key sent by the comparison server;
collecting a user face image, and extracting the user face characteristic data from the user face image;
and encrypting the user face characteristic data by adopting the user private key to obtain the user face characteristic data ciphertext.
4. The method for secure face recognition according to claim 1, wherein the database obtains the key index of the thematic library by:
receiving a thematic library key index acquisition request and the user ID sent by the authentication server;
and acquiring the key index of the thematic database according to the key index acquisition request of the thematic database and the user ID.
5. The method for secure face recognition according to claim 1, wherein the database obtains the face feature ciphertext of the database by:
receiving the user ID transmitted by the authentication server;
and carrying out data matching according to the user ID to obtain the face characteristic ciphertext of the database.
6. The method for secure face recognition according to claim 1, wherein the performing key matching according to the key index of the thematic library to obtain a corresponding symmetric key comprises:
and performing key matching according to the key index of the thematic library, and generating a corresponding symmetric key through the KMS.
7. The method for secure face recognition according to claim 1, further comprising, before said performing key matching according to said user ID to obtain a user public key corresponding to said user private key:
and generating the user private key and a user public key corresponding to the user private key through an asymmetric encryption algorithm.
8. A secure face recognition system for use with an alignment server, the secure face recognition system comprising:
the face data acquisition module is used for receiving a user ID, a user face characteristic data ciphertext, a face characteristic ciphertext of a database and a thematic database key index from an authentication server, wherein the user ID and the user face characteristic data ciphertext are sent to the authentication server by a terminal, and the user face characteristic data ciphertext is obtained by encrypting user face characteristic data by a pre-stored user private key; the key index of the thematic database and the face characteristic ciphertext of the database are sent to the authentication server by the database, and the key index of the thematic database and the face characteristic ciphertext of the database correspond to the user ID;
the symmetric key matching module is used for carrying out key matching according to the key index of the thematic library to obtain a corresponding symmetric key;
the database ciphertext decrypting module is used for decrypting the face feature ciphertext of the database according to the symmetric key to obtain the face feature plaintext of the database;
the key matching module is used for carrying out key matching according to the user ID to obtain a user public key corresponding to the user private key;
the user data decryption module is used for decrypting the user face characteristic data ciphertext according to the user public key to obtain user face characteristic data plaintext;
the face recognition module is used for comparing the face feature data plaintext of the user with the face feature plaintext of the database to obtain a face recognition result;
and the result sending module is used for sending the face recognition result to the authentication server so that the authentication server can send the face recognition result to the terminal according to the user ID.
9. A secure face recognition device comprising at least one control processor and a memory for communication with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform a secure face recognition method as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium, characterized by: the computer-readable storage medium stores computer-executable instructions for causing a computer to perform a secure face recognition method according to any one of claims 1 to 7.
CN202310823116.4A 2023-07-05 2023-07-05 Safe face recognition method, system, equipment and storage medium Pending CN117058733A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310823116.4A CN117058733A (en) 2023-07-05 2023-07-05 Safe face recognition method, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310823116.4A CN117058733A (en) 2023-07-05 2023-07-05 Safe face recognition method, system, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117058733A true CN117058733A (en) 2023-11-14

Family

ID=88668162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310823116.4A Pending CN117058733A (en) 2023-07-05 2023-07-05 Safe face recognition method, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117058733A (en)

Similar Documents

Publication Publication Date Title
CN109218825B (en) Video encryption system
CN101958892B (en) Electronic data protection method, device and system based on face recognition
CN109151508B (en) Video encryption method
CN106464488A (en) Information transmission method and mobile device
CN110086634B (en) System and method for security authentication and access of intelligent camera
CN105099690A (en) OTP and user behavior-based certification and authorization method in mobile cloud computing environment
US20150304321A1 (en) An image management system and an image management method based on fingerprint authentication
KR20150079489A (en) Instant messaging method and system
CN112565265B (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
CN113472793A (en) Personal data protection system based on hardware password equipment
CN113114668A (en) Information transmission method, mobile terminal, storage medium and electronic equipment
CN111583482A (en) Access control system based on two-dimensional code and control method thereof
CN103152326A (en) Distributed authentication method and authentication system
CN105812338B (en) Data access control method and network management equipment
CN116709325B (en) Mobile equipment security authentication method based on high-speed encryption algorithm
US11431514B1 (en) Systems for determining authenticated transmissions of encrypted payloads
KR101745482B1 (en) Communication method and apparatus in smart-home system
US20150156173A1 (en) Communication system utilizing fingerprint information and use thereof
JP7208383B2 (en) Video data transmission system, method and apparatus
KR20140033824A (en) Encryption systems and methods using hash value as symmetric key in the smart device
CN106603486B (en) Method and system for security authorization of mobile terminal
CN112769783B (en) Data transmission method, cloud server, receiving end and sending end
KR102131871B1 (en) Authentication system including apparatus for recoding image and control server and method thereof
CN117058733A (en) Safe face recognition method, system, equipment and storage medium
CN113032802A (en) Data security storage method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination